Go to page of
Similar user manuals
-
Switch
SMC Networks EZNET-16SW
2 pages 0.45 mb -
Switch
SMC Networks Edge-core ES4710BD
2 pages 0.15 mb -
Switch
SMC Networks SMC-EZ1016DT
2 pages 0.37 mb -
Switch
SMC Networks TIGERSWITCH 10/100
318 pages 3.03 mb -
Switch
SMC Networks D-F8P Series
2 pages 0.56 mb -
Switch
SMC Networks SMC6709GL2
2 pages 0.05 mb -
Switch
SMC Networks EX9-AC020EN-PSRJ
19 pages 2.35 mb -
Switch
SMC Networks SMC8505T
2 pages 0.54 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of SMC Networks SMC8150L2, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of SMC Networks SMC8150L2 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of SMC Networks SMC8150L2. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of SMC Networks SMC8150L2 should contain:
- informations concerning technical data of SMC Networks SMC8150L2
- name of the manufacturer and a year of construction of the SMC Networks SMC8150L2 item
- rules of operation, control and maintenance of the SMC Networks SMC8150L2 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of SMC Networks SMC8150L2 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of SMC Networks SMC8150L2, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the SMC Networks service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of SMC Networks SMC8150L2.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the SMC Networks SMC8150L2 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
MANA GEMENT GUIDE Tige rSwitch TM 10 /100 /1000 2 6-Port Gigabit Managed Swit ch 50-Port Gigabit Managed S witch SMC812 6L2 SMC8150L2 ta[...]
-
Page 2
[...]
-
Page 3
20 Mason Ir vine, CA 92618 Phone: (949) 67 9-8000 Tige rSwitch 10/100/1000 Management Guide F rom SMC’ s Tiger line of f eature-rich wor kgroup LAN solutions September 2 007 Pub. # 149100 036100A E092007-AP- R01[...]
-
Page 4
Information furnished by SMC Networ ks, Inc. (SMC) is believed to be accurate and reliable. However , no re sponsibility is as sumed by SMC for its use, nor for any infringements of patents or other rights of third p arties w hich may result from its use. No license is granted by im plication or otherwise under any patent or patent rights of SMC. S[...]
-
Page 5
i Contents Chapter 1: Intr oductio n 1-1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-6 Chapter 2: Initial Configuratio n 2-1 Connecting to the Switch 2-1 Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3 Basic Configuration 2-3 Console Connection 2-3 Setting Passwords 2-4 Setting an IP Address 2-4[...]
-
Page 6
Contents ii Saving or Restoring Configuration Settings 3-19 Downloading Configuration Setti ngs from a Server 3-20 Console Port Setti ngs 3-21 Telnet Settings 3-23 Configuring Event Logging 3-25 Displaying Log Message s 3-25 System Log Configuration 3-26 Remote Log Configuration 3-27 Simple Mail Transfer Protocol 3-28 Renumbering the System 3-30 Re[...]
-
Page 7
Contents iii Binding a Port to an Access Control List 3-73 Filtering IP Addresses for Managemen t Access 3-74 Port Configuration 3-76 Displaying Connectio n Status 3-76 Configuring Interface Connection s 3-78 Creating Trunk Groups 3-80 Statically Confi guring a Trun k 3-81 Enabling LACP on Selected Ports 3-82 Configuring LACP Parameters 3-84 Displa[...]
-
Page 8
Contents iv Protocol VLAN Group Configuration 3-142 Configuring Protocol VLAN Interfaces 3-143 Class of Service C onfiguration 3-144 Layer 2 Queue Settings 3-144 Setting the Default Priority for Interfaces 3-144 Mapping CoS Values to Egress Queues 3-145 Enabling CoS 3-147 Selecting the Queue Mode 3-147 Setting the Service Weight for Traffic Classes[...]
-
Page 9
Contents v DHCP Snooping Information Option Configuration 3-188 DHCP Snooping Port Configuration 3-189 DHCP Snooping Binding Information 3-190 IP Source Guard 3-191 IP Source Guard Port Configuration 3-191 Static IP Source Guard Bi nding Configuration 3-192 Dynamic IP Sourc e Guard Binding In formation 3-193 Switch Clustering 3-194 Cluster Configur[...]
-
Page 10
Contents vi disconnect 4-18 show line 4-18 General Commands 4-19 enable 4-19 disable 4-20 configure 4-21 show history 4-21 reload 4-22 end 4-22 exit 4-23 quit 4-23 System Management Commands 4-24 Device Designation Commands 4-24 prompt 4-24 hostnam e 4-25 User Access Commands 4-25 username 4-25 enable password 4-26 IP Filter Command s 4-27 manageme[...]
-
Page 11
Contents vii logging facility 4-45 logging trap 4-46 clear logging 4-46 show logging 4-47 show log 4-48 SMTP Alert Commands 4-49 logging sendmail host 4-49 logging sendmail leve l 4-50 logging sendmail source-e mail 4-51 logging sendmail destin ation-email 4-51 logging sendma il 4-52 show logging sendmail 4-52 Time Comma nds 4-53 sntp client 4-53 s[...]
-
Page 12
Contents viii TACACS+ Client 4-77 tacacs-server host 4-77 tacacs-server port 4-77 tacacs-server key 4-78 show tacacs-server 4-78 Port Security Commands 4-79 port security 4-79 802.1X Port Authentication 4 -81 dot1x system-auth-control 4-81 dot1x default 4-82 dot1x max-req 4-82 dot1x port-control 4-82 dot1x operation-mode 4-83 dot1x re-authenticate [...]
-
Page 13
Contents ix show snmp engine-id 4-108 snmp-server view 4-109 show snmp view 4-110 snmp-server group 4-110 show snmp group 4-112 snmp-server user 4-113 show snmp user 4-115 Interface Commands 4-116 interface 4-116 description 4-117 speed-duplex 4-117 negotiation 4-118 capabilities 4-119 flowcontrol 4-120 shutdown 4-121 switchport broadcast packet-ra[...]
-
Page 14
Contents x spanning-tree priority 4-148 spanning-tree pathcost method 4-149 spanning-tree transmission-limit 4-150 spanning-tree mst-configuration 4-150 mst vlan 4-151 mst priority 4-151 name 4-152 revision 4-153 max-hops 4-153 spanning-tree spanning-disab led 4-154 spanning-tree cost 4-154 spanning-tree port-priority 4-155 spanning-tree edge-port [...]
-
Page 15
Contents xi Related Commands 4-178 show dot1q-tunnel 4-178 Configuring Private VLANs 4-179 pvlan 4-179 show pvlan 4-180 Configuring Protocol-based VL ANs 4-181 protocol-vlan proto col-group (Configuring Groups) 4-181 protocol-vlan protocol-gro up (Configuring Interfaces) 4-182 show protocol-vlan protocol-group 4-183 show interfaces protocol -vlan p[...]
-
Page 16
Contents xii ip igmp snooping querier 4-206 ip igmp snooping query-cou nt 4-206 ip igmp snooping query-i nterval 4-207 ip igmp snooping query-max-resp onse-time 4-208 ip igmp snooping router-port-expire-ti me 4-208 Static Multicast Routing Commands 4-209 ip igmp snooping vlan mrouter 4-209 show ip igmp snooping mrouter 4-210 IGMP Filtering and Thro[...]
-
Page 17
Contents xiii cluster 4-238 cluster commander 4-239 cluster ip-pool 4-239 cluster member 4-240 rcommand 4-240 show cluster 4-241 show cluster members 4-241 show cluster candidates 4-242 Appendix A: Software Specifications A -1 Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3 Appendix B: Trouble shooting B[...]
-
Page 18
Contents xiv[...]
-
Page 19
xv Tables Table 1-1 Key Featur es 1-1 Table 1-2 System Defau lts 1-6 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-26 Table 3-4 Supported Notification Messages 3-41 Table 3-5 HTTPS System Support 3-52 Table 3-6 802.1X Statistics 3-66 Table 3-7 LACP Port Counters 3-86 Table 3-8 LACP Internal Configuration Inf[...]
-
Page 20
T ables xvi Table 4-27 Authentication Comma nds 4-70 Table 4-28 Authentication Seq uence 4-70 Table 4-29 RADIUS Client Commands 4-73 Table 4-30 TACACS Commands 4-77 Table 4-31 Port Security Commands 4-79 Table 4-32 802.1X Port Authentication 4-81 Table 4-33 Access Control Lists 4-89 Table 4-34 IP ACLs 4-90 Table 4-35 MAC ACL Commands 4-95 Table 4-3[...]
-
Page 21
Ta b l e s xvii Table 4-69 IGMP Query Commands (Layer 2) 4-206 Table 4-70 Static Multicast Routing Commands 4-209 Table 4-71 IGMP Filtering and T hrottling Commands 4-211 Table 4-72 Multicast VLAN Registration Co mmands 4-217 Table 4-73 show mvr - display description 4-221 Table 4-74 show mvr interface - display description 4-222 Table 4-75 show mv[...]
-
Page 22
T ables xviii[...]
-
Page 23
xix Figures Figure 3-1 Home Page 3-2 Figure 3-2 Panel Display 3-3 Figure 3-3 System Information 3-10 Figure 3-4 Switch Information 3-12 Figure 3-5 Bridge Extension Configuration 3-13 Figure 3-6 Manual IP C onfiguration 3-15 Figure 3-7 DHCP IP Configuration 3-1 6 Figure 3-8 Bridge Extension Configuration 3-17 Figure 3-9 Copy Firmwa re 3-18 Figure 3-[...]
-
Page 24
Figures xx Figure 3-43 Selecting ACL Type 3-68 Figure 3-44 Configuring Standard IP ACLs 3-69 Figure 3-45 Configuring Extended IP ACLs 3-71 Figure 3-46 Configuring MAC ACLs 3-73 Figure 3-47 Configuring ACL Port Binding 3-74 Figure 3- 48 Creatin g an IP Filter List 3-75 Figure 3-49 Displaying Po rt/Trunk Information 3-77 Figure 3- 50 Port/T runk Conf[...]
-
Page 25
Figures xxi Figure 3-88 Configuring Queue Scheduli ng 3-14 8 Figure 3-89 IP Precedence/DSCP Priority Status 3-150 Figure 3-90 Mapping IP Precedence Priority Values 3-151 Figure 3-91 Mapping IP DSCP Priority Values 3-152 Figure 3-92 IP Port Priority Status 3-15 3 Figure 3-93 IP Port Priority 3-154 Figure 3-94 Configuring Class Maps 3-157 Figure 3-95[...]
-
Page 26
Figures xxii[...]
-
Page 27
1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching . It includes a management agent that allows you to configure t he features l isted in this manual. The default configurati on can be used for most of the featu res provided by this switch. However , there are many options that you should configure to m[...]
-
Page 28
Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced perf ormance enhancing features. Flow control eliminates the l oss of packet s due to bottlenecks caused by port saturation. Broadcast storm supp ression prevents broa dcast traf fic storms from engulfing the network. Port-ba sed, private VLANs and prot[...]
-
Page 29
Description of Softwa re Features 1-3 1 Rate Limiting – This feature controls the maximum rate fo r traff ic transmitted or received on an interface. Rate limiting i s configured on interfaces at the edge of a network to limit traf fic into the network. T raffic that fall s within the rate l imit is transmitted while p ackets that exceed the acce[...]
-
Page 30
Introduction 1-4 1 seconds or more for the older IEEE 8 02.1D STP stan dard. It is inten ded as a complete replacement for STP , but can still interop erate with switches running th e older st andard by auto matically reconf iguring port s to STP-compliant mod e if they detect STP protocol messa ges from attache d devices. Multiple Sp anning T ree [...]
-
Page 31
Description of Softwa re Features 1-5 1 Multicast Filtering – S pecific multicast traf fic can be assigned to it s own VLAN to ensure that i t does not i nterfere with normal network t raff ic and to gua rantee real-time delive ry by setting the required priorit y level for the designated VLAN. The switch uses IGMP Snoo ping and Query to manage m[...]
-
Page 32
Introduction 1-6 1 System Defaults The switch’s system default s are provided in the configurat ion file “Factory_Default_Config. cfg.” To reset the swi tch defaults, this f ile should be set as the startup config uration file (page 3-19). The following t able list s some of the basic system defaults. T able 1-2 System Defaults Function Param[...]
-
Page 33
System Defaults 1-7 1 Port Config uration Admin Status Enabled Auto-negotiation Enabled Flow Cont rol Disabled Rate Limiting Input and output limits Disabled Port T runking Static T runks None LACP (all ports) Disabled Broadcast Storm Protection Status Ena bled (all ports) Broadcast Limit Rate 50 0 packets per second Spanning T ree Algorithm Status[...]
-
Page 34
Introduction 1-8 1 System Log Status Ena bled Messages Logged Levels 0-7 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler En abled (but no serv er defined) SNTP Clock Synchronization Disabled DHCP Snooping Status Disabled IP Source Guard Status Disabled (all ports) Switch Clustering Status Enabled Commander Disabled T able [...]
-
Page 35
2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in net work management agent. The agent of fers a variety of management options, including SNMP , RMON (Groups 1, 2, 3, 9) and a web-based interface . A PC may also be connected directly t o the switch for configuration and monitoring via[...]
-
Page 36
Initial Configuration 2-2 2 • Configure up to 32 stati c or LACP trunks • Enable port mirroring • Set broadcast storm cont rol on any port • Display syst em information a nd statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and co nfiguring the swit ch. A n[...]
-
Page 37
Basic Configuration 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a network connection, you must first config ure it with a valid IP ad dress, subnet mask, and default gateway usin g a console connection, DHCP or BOOTP protocol . The IP address for this switch is obtaine d via DHCP by d efault. T o manually configure[...]
-
Page 38
Initial Configuration 2-4 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names us ing the “usern ame” command, record them and put them in a safe place. Passwords can consist of up to 8 alphanumeric charact ers and are case sensitive. T o pre vent unauthori[...]
-
Page 39
Basic Configuration 2-5 2 Before you can assign an IP address to the swit ch, you must obt ain the following information fr om your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this ne twork T o assig n an IP address to the switch, comp lete the following steps: 1. From the Privileged[...]
-
Page 40
Initial Configuration 2-6 2 5. W ait a few minutes, and then check the IP configurati on settings by typing the “show ip interface” command. Pre ss <Enter>. 6. Then save your conf iguration change s by typing “copy running-config startup-con fig.” Enter the startu p file name and press <Enter>. Enabling SNMP Management Access Th[...]
-
Page 41
Basic Configuration 2-7 2 The default strings are: • public - with read-only access. Authorized management st ations are only able to retrieve MIB objects . • private - with read-write access. Authoriz ed management station s are able to both retrieve and modify MIB ob jects. T o prevent un authorized access to the switch from SNMP version 1 or[...]
-
Page 42
Initial Configuration 2-8 2 Configuring Access for SNMP Version 3 Clients T o configu re management access for SNMPv3 client s, you need to first create a view that defines the portions of MIB that the cl ient can read or write, assign the view to a group, and then assi gn the user to a group. The fol l owing example create s one view called “mi [...]
-
Page 43
Managing System Fi les 2-9 2 Managing System Files The switch’s flash memory suppo rts thre e types of system files that can be managed by the CLI program, web interface, or SNMP . The switch’s file system allows files to be uploaded an d downloaded, copied, delet ed, and set a s a st art-up file. The three types of fil es are: • Configuratio[...]
-
Page 44
Initial Configuration 2-10 2[...]
-
Page 45
3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP web ag ent. Using a web browser you can configure the switch and view statistics to monitor network activity . The web agent can be accessed by any computer on th e network using a st andard web browser (Internet Explorer 5.0 or above, or Net scape 6[...]
-
Page 46
Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access the we b-browser interface you must first enter a user name and password. The administra tor has Read/Write acce ss to all configurati on parameters and stat istics. The defau lt user name and password for the administrator is “ad min.” Home Page When your web browser [...]
-
Page 47
Navigating the Web Browser Inte rface 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down li st. Once a configuration change has been made on a page, be sure to click o n the Apply button to confi rm the new setting. The followi ng table summarize s the web page config uration buttons. Notes: 1. To ensure prope r s[...]
-
Page 48
Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent , you can def ine system p arameters, manage and control the s witch, and all its p orts, or mo nitor network conditi ons. The fol lowing table brie fly describes the selection s available from this program. T able 3-2 Main Menu Menu Description Page System 3-10 System Information [...]
-
Page 49
Navigating the Web Browser Inte rface 3-5 3 Engine ID Sets the SNMP v3 engine ID on th is switch 3-36 Remote Engine ID Sets the SNMP v3 engine ID fo r a remote device 3-37 Users Configures SNMP v 3 users on this switch 3-37 Remote Users Configures SN MP v3 users from a re mote device 3-40 Groups Configures SNMP v3 g roups 3-41 Views Configures SNMP[...]
-
Page 50
Configuring the Switch 3-6 3 Aggregation Port Configures para meters for link aggre gation group members 3-84 Port Counters Information Displays stat is tics for LACP protocol messages 3-86 Port Interna l Information Displays settings and operational state for the lo cal side 3-88 Port Neighbors Info rmation Displays settings and operational state [...]
-
Page 51
Navigating the Web Browser Inte rface 3-7 3 VLAN 3-122 802.1Q VLAN 3-122 GVRP Status Enables GVRP VL AN registrati on protocol 3-125 802.1Q Tunnel Configuration Enables QinQ T unneling on the switch 3-126 Basic Information Displays information on the VLAN type supported by this switch 3-126 Current Table Shows the current port members of each VLAN [...]
-
Page 52
Configuring the Switch 3-8 3 IP DSCP Priority Sets IP Dif f erentiated Services Code Point priority , mapping a DSCP tag to a class-of-s ervice value 3-152 IP Port Prioriey Status Globally enables or dis ables IP Port Priority 3-153 IP Port Priority Sets TCP/UDP port priority , defining the socket number and associated c lass-of-servi ce value 3-15[...]
-
Page 53
Navigating the Web Browser Inte rface 3-9 3 Port Configura tion Configures MVR interface type and immediate leave status 3-179 Trunk Configuration Configures MVR inte rface ty pe and immediate leave status 3-179 Group Member Configuration Statically assigns MVR multicast streams to an interface 3-180 DNS General Configuration Enables DNS; configure[...]
-
Page 54
Configuring the Switch 3-10 3 Basic Configuration Displaying System Information Y ou can easily identif y the system by displayi ng the device name, locatio n and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switc h’s network management subsyst em. • Locatio[...]
-
Page 55
Basic Configuration 3-11 3 CLI – S pecify the hostname, loca tion and cont act information. Displaying Switch Hardware/Software Versions Use the Switch Information p age to display hardware/f irmware version numbers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Number[...]
-
Page 56
Configuring the Switch 3-12 3 Web – Click System, Switch Information. Figure 3-4 Switch Info rmation CLI – Use the following command to di splay version informatio n. Console#show version 4-62 Unit 1 Serial number: Hardware version: EPLD Version: 4.04 Number of ports: 26 Main power status: Up Redundant power status: Not present Agent (master) U[...]
-
Page 57
Basic Configuration 3-13 3 Displaying Bridge Extension Capabilities The Bridge MIB includes ext ensions for managed devices that support Multicast Filtering, T raffic Cl asses, and V irtual LANs. Y ou can access these extens ions to display default sett ings for the key variables. Field Attributes • Extended Multicast Filtering Services – This [...]
-
Page 58
Configuring the Switch 3-14 3 CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to con figure an IP interface for management access over the network. T he IP addres s for the stack is obt ained via DHCP by default. T o manually configure an address, you need to change the swi tch’s def ault settings[...]
-
Page 59
Basic Configuration 3-15 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN thro ugh which the management st ation is attac hed, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gat eway , then click Apply . Figure 3-6 Manual IP Conf iguration CLI – S pecify the management interf ace, I[...]
-
Page 60
Configuring the Switch 3-16 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP serv ices, you can configure the switch to be dynamically con figured by these services. Web – Click Syste m, IP Configu r ation. S pecify the VLAN to which the management statio n is attached, set the IP Address Mode to DHCP or BOOTP . Click Apply to save your cha[...]
-
Page 61
Basic Configuration 3-17 3 Web – If the address assigned by DHCP is no longer funct ioning, you will not be able to renew the IP settings via the w e b interface. Y ou can only restart DHCP service via the web interface if the current address is still av ailable. CLI – Enter the following command to rest art DHCP service. Enabling Jumbo Frames [...]
-
Page 62
Configuring the Switch 3-18 3 • File Name – The file name should not contain slashes ( or /), the leading lett er of the file name should not be a period (.), and t he maximum length for file names on the TFTP server is 127 characters or 31 characters for fil es on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) Note: [...]
-
Page 63
Basic Configuration 3-19 3 T o del ete a file selec t System, File, Dele te. Select the file name from t he given list b y checking the tick box and click Apply . Note that t he file currently designated as the startup code cannot be deleted. Figure 3-11 Dele ting Files CLI – T o download new fi rmware form a TFTP server , enter the IP address of[...]
-
Page 64
Configuring the Switch 3-20 3 - tf tp to file – Copies a file from a TFTP server to the switch. - tftp to running-config – Copies a f ile from a TFTP server to the running config . - tftp to startup-config – Copie s a file from a TFTP server to the startu p config. • TFTP Server IP Address – The IP address of a TFTP server. • File Type [...]
-
Page 65
Basic Configuration 3-21 3 Note: You can also select any configuration file as the start-up configuration by using the System/File/Set Start-Up page. Figure 3-13 Setting the Startup Configur ation Setti ngs CLI – Enter the IP address of the TFTP server , specify the source file on the server , set the sta rtup file name on the switch, and t hen r[...]
-
Page 66
Configuring the Switch 3-22 3 system interfa ce becomes silent for a specif ied amount of t ime (set by the Silent Time parameter) before al lowing the next log on attempt. (Range: 0-120; Default: 3 attem pt s) • Silent Time – Sets t he amount of time the manageme nt console is inaccessib le after the nu mber of unsuccessful logon at tempts has[...]
-
Page 67
Basic Configuration 3-23 3 CLI – Enter Line Configuration mode for the con sole, then specify th e connection parameters a s required. T o display the current console port s ettings, use the show line comm and from the Norm al Exec level. Telnet Settings Y ou can access the onboard config uration pr ogram o ver the network usi ng T elnet (i.e., a[...]
-
Page 68
Configuring the Switch 3-24 3 system interfa ce becomes silent for a specif ied amount of t ime (set by the Silent Time parameter) before al lowing the next log on attempt. (Range: 0-120; Default: 3 attem pt s) • Password 2 – S pecifies a password for the li ne connection. When a connecti on is started on a line with password protect ion, the s[...]
-
Page 69
Basic Configuration 3-25 3 CLI – Enter Line Configuration mode for a virtu al terminal, then specify the connection p arameters as required. T o display the curre nt virtual termina l settings, use the show li ne command fro m the Normal Exec le vel. Configuring Event Logging The switch allows yo u to control t he logging of error messages, inclu[...]
-
Page 70
Configuring the Switch 3-26 3 CLI – This example shows the event message st ored in RAM. System Log Configuration The system allows you to enable or disable event logging, an d specify which levels are logged to RAM or flash memory . Severe error messages that are logged to flash memory are permanently stored in the switch to assist in troubles h[...]
-
Page 71
Basic Configuration 3-27 3 Web – Click System, Log, System Logs. S pecify System Log S tatus, set the level of event messages to be logged to RAM and flash memory , then click Apply . Figure 3-17 System Logs CLI – Enable system l ogging and then sp ecify the level of messages to be logged to RAM and flash memory . Use the show logging command t[...]
-
Page 72
Configuring the Switch 3-28 3 • Host IP Ad dress – S pecifies a new server IP addre ss to add to the Host IP List. Web – Click System, Log, Remote Logs. T o add an IP address to the Host IP List, type the new IP address in the Host IP Addr ess box, and the n click Add. T o delete an IP address, cli ck the entry in the Host IP List, and the n [...]
-
Page 73
Basic Configuration 3-29 3 • Severity – Specifie s the degree of urg ency that the message carries. • Debugging – Sends a debugging notifica tion. (Level 7 ) • Infor mation – Sends informa t ative notif ication only. (L evel 6) • Notice – Sends not ification of a normal but significant cond ition, such as a cold start. (Level 5) •[...]
-
Page 74
Configuring the Switch 3-30 3 CLI – Enter the host ip address, foll owed by the mail severity level, source and destination emai l addresses and enter the sendmail comman d to complete the action. Use the sho w logging command to displ ay SMTP information. Renumbering the System Web – Click System, Renumber . Click the Renu mber button to renum[...]
-
Page 75
Basic Configuration 3-31 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allo ws the switch to set its internal clo ck based on periodic upda tes from a time server (SNTP or NTP). Mainta ining an accurate time on the switch enables the system lo g to record meaningful dates and times for event entries . Y ou can also manually set th[...]
-
Page 76
Configuring the Switch 3-32 3 CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current ti me and settings. Setting the Time Zone SNTP uses Coordinated Universal T ime (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Eart h’s prime merid ian, zero degrees longit ude. T o [...]
-
Page 77
Simple Network Manag ement Protocol 3-33 3 Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication proto col designed specifi cally for managing devices on a network. Equipment commonly managed with SNMP i ncludes switches, routers a nd host computers. SNMP is typically used to con figure these devices for p[...]
-
Page 78
Configuring the Switch 3-34 3 Web – Click SNMP , Configuratio n. Add new communi ty strings as required, select the access right s from the Access Mode drop-down list , then click Add. Figure 3-24 Configuring S NMP Community St rings CLI – The following example adds the strin g “spiderman” with read/write acce ss. Specifying Trap Managers a[...]
-
Page 79
Simple Network Manag ement Protocol 3-35 3 Web – Click SNMP , Configuration. Fill in the IP addres s and community string for each trap manager that will receive trap messages, and then click Add. Select the trap types required using t he check boxes for Authenticati on and Link-up/down traps, and th en click Apply . Figure 3-25 Config uring IP T[...]
-
Page 80
Configuring the Switch 3-36 3 Configuring SNMPv3 Management Access T o configu re SNMPv3 management access to the switch, follow these step s: 1. If you want to change the defau lt engine ID, it must be changed f irst before configuring other p arameters. 2. S pecify read and write access views for th e switch MIB tree. 3. Configure SNMP user group[...]
-
Page 81
Simple Network Manag ement Protocol 3-37 3 Specifying a Remote Engi ne ID T o se nd inform messa ges to an SN MPv3 user on a remote device , you must first specify the engine ident ifier for the SNMP agent on the remote devi ce where the user resides. The remote engine ID is used to compute the security digest for authenticati ng and encrypting p a[...]
-
Page 82
Configuring the Switch 3-38 3 • Level – The security level used for the user: - noAuthNoPriv – There is no authentication or encrypti on used in SNMP communications. (Th is is the default for SNMPv3.) - AuthNoPriv – SNMP communications use authent ication, but the data i s not encrypted (only available f or the SNMPv3 security model). - Aut[...]
-
Page 83
Simple Network Manag ement Protocol 3-39 3 Web – Click SNMP , SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group , then click Add to save the configurati on and return to the User Name list. T o delete a user , check the box next to the user name, then cli ck Delete. T o change the as s[...]
-
Page 84
Configuring the Switch 3-40 3 Configuring Remote SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security l e vel and assign ed to a group. The SNMPv3 group restrict s users to a specific rea d, write, and notify view . T o send inform messages to an SNMPv3 user o n a remote device, you must first[...]
-
Page 85
Simple Network Manag ement Protocol 3-41 3 CLI – Use the snmp-server user command to confi gure a new user name and assign it t o a group. Configuring SNMPv3 Groups An SNMPv3 group sets the access policy for it s assigned users, restricting them to specific read, write, and notify views. Y ou can use the pre-de fined default group s or create new[...]
-
Page 86
Configuring the Switch 3-42 3 topologyChange 1.3.6.1.2.1.17.0.2 A top ologyChange trap is sent by a bridge when any of its configured ports trans itions from the Learning state to t he Forwarding stat e, or from the Forwarding state to the Discard ing state. The trap is not sent if a newRoot trap is sent for the same transition. SNMPv2 T raps coldS[...]
-
Page 87
Simple Network Manag ement Protocol 3-43 3 Private T raps swPowerStatus ChangeT rap 1.3.6.1.4.1.20 2.20.68.2.1.0.1 This trap is sent when the power state changes. swIpFilterRejectT rap 1.3.6.1.4.1.202.2 0.68.2.1.0.1 This trap is sent when an in correct IP address is rejected by the I P Filter . pethPsePortOnOf f Notificati on 1.3.6.1.4.1.202.20.68.[...]
-
Page 88
Configuring the Switch 3-44 3 Web – Click SNMP , SNMPv3, Groups. Click New to configure a new group. In the New Group page, d efine a name, assi gn a security model and level, and then select read and write views. Click Ad d to save the new group and return t o the Groups li st. T o dele te a group, check the box next to the group name , then cli[...]
-
Page 89
Simple Network Manag ement Protocol 3-45 3 Setting SNMPv3 Views SNMPv3 views are used to restrict user access to specified p ortions of the MIB tree. The predefined view “default view” includes access to the entire MIB tree. Command Attributes • View Name – The name of the SNMP view. (Range: 1-64 characters) • View OID Subtrees – Shows [...]
-
Page 90
Configuring the Switch 3-46 3 CLI – Use the snmp-server view command to confi gure a new view . This example view includes the MIB-2 i nterfaces tab le, and the wildcard mask select s all index entries.. User Authentication Y ou can restrict management acces s to this switch using the foll owing options: • User Accounts – Manually configure a[...]
-
Page 91
User Authentication 3-47 3 • New Account – Displays configuratio n settings for a new account. - User Name – The name of the user. (Maximum length: 8 charact ers; maximum number of users: 16) - Access Level – Specifies the user level. (Options: Normal and Privil eged) - Password – Specifies the user password. (Range: 0-8 characters plain [...]
-
Page 92
Configuring the Switch 3-48 3 Configuring Local/Remote Logon Authentic a tion Use the Authenticati on Settings menu to restrict management access based on specified user name s and password s. Y ou can manually configure access right s on the switch, or you can use a remote access aut hentication server based on RADIUS or T ACACS+ protocols. Remote[...]
-
Page 93
User Authentication 3-49 3 Command Attributes • Authentication – Select the authenticatio n, or authenticatio n sequence required: - Local – User authentica t ion is pe rformed only l ocally by the switch. - Radius – User authentication is performed using a RADIUS server onl y. - TACACS – User authentication is perf ormed using a TACACS+ [...]
-
Page 94
Configuring the Switch 3-50 3 Web – Click Securi ty , Authentication Sett ings. T o configure local or remote authenticati on preferences, specify the authent ication sequence (i. e., one to three methods), fill in the parameters for RADIUS or T ACAC S+ authentication if selected, and click Apply . Figure 3-34 Authenticati on Settings[...]
-
Page 95
User Authentication 3-51 3 CLI – S pecify all the required p arameters to enable logon authentica tion. Console(config)#authentication login ra dius 4-71 Console(config)#radius-server port 181 4-7 4 Console(config)#radius-server key green 4-75 Console(config)#radius-server retransmit 5 4-75 Console(config)#radius-server timeout 10 4-76 Console(co[...]
-
Page 96
Configuring the Switch 3-52 3 Configuring HTTPS Y ou can configure the switch t o enable the Secure Hypertext T ransfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to th e switch’s we b interface. Command Usage • Both the HTTP and HTTPS service can be enabled inde pendently on t h[...]
-
Page 97
User Authentication 3-53 3 CLI – This example enables the HTTP secu re server and modifies the port number . Replacing the Default Secure-site Certificate When you log onto the web int erface using HTTPS (for secure access ), a Secure Sockets Laye r (SSL) certificat e appears for the switch. By default, the certifica te that Netscape and In terne[...]
-
Page 98
Configuring the Switch 3-54 3 Configuring the Secure Shell The Berkley-st andard includes remote acces s tools originally desi gned for Unix systems. Some of these tool s have also been implemented for Microsoft Windows and other envi ronments. These tools, incl uding commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy)[...]
-
Page 99
User Authentication 3-55 3 3. Import Client’ s Public Key to the Switch – Use the copy t ftp public-key command (4-64) to copy a file cont aining the public key for all the SSH clien t’s granted management access to the switch. (Note that th ese clients must be configured loca lly on the switch via the Us er Accounts pa ge as described on 3-4[...]
-
Page 100
Configuring the Switch 3-56 3 Configuring the SSH Server The SSH server incl udes basic se ttings for authenticati on. Field Attributes • SSH Server St atus – Allows you to enable/disable the SSH serve r on the switch. (Default: Disabl ed) • Version – The Secure Shell vers ion number. Version 2.0 is displa yed, but the switch supports manag[...]
-
Page 101
User Authentication 3-57 3 CLI – This exampl e enables SSH, se ts the authentication p arameters, and displays the current configuration. It shows that the administrator has made a conne ction via SHH, and then disables th is connection. Generating the Host Key Pair A host public/pri vate key pai r is used to provide secure communications between[...]
-
Page 102
Configuring the Switch 3-58 3 Web – Click Security , SSH, Host-Key Settings. Select the host-k ey type from the drop-down box, select the opti on to save the host key from memory to flash (if required) prior t o generating the key , and then click Generat e. Figure 3-37 SS H Host-Key Settings CLI – This example generates a host -key pair using [...]
-
Page 103
User Authentication 3-59 3 Configuring Port Security Port security is a feature th at allows you to configure a switch port with one or more device MAC addresses that are authorized t o access the network through that port . When port security is enabled on a port , the switch stops le arning new MAC addresses on the specified port whe n it has rea[...]
-
Page 104
Configuring the Switch 3-60 3 Web – Click Sec urity , Port Security . Set the action to t ake when an invalid address is detected on a port, mark the c heckbox in the S tatus col umn to enabl e security for a port, set the maximu m number of MAC addresses all owed on a port, and click Apply . Figure 3-38 Configur ing Port Security CLI – This ex[...]
-
Page 105
User Authentication 3-61 3 This switch uses the Extensible Authenti cation Protocol over LANs (EAPOL) to exchange authent ication protocol messages with th e client, and a remote RADIUS authenticati on server to verify user identity and access rights. Wh en a client (i.e., Supplicant) connect s to a switch port, the switch (i .e., Authenticator) re[...]
-
Page 106
Configuring the Switch 3-62 3 Web – Click Security , 802.1X, Information. Figure 3-39 802.1X Global Information CLI – This example shows the default globa l setting for 802.1X. Configuring 802.1X Global Settin gs The 802.1X protocol provides port au thentication. The 802.1X protocol must be enabled global ly for the switch system b efore port s[...]
-
Page 107
User Authentication 3-63 3 Configuring Port Setting s for 802.1X When 802.1X is enabled, yo u need to configur e the paramete rs for the authenticati on process that runs between the clien t and the switch (i.e., authenticator), as well as t he client identity loo kup process that runs between the switch and authenticat ion server . These parameter[...]
-
Page 108
Configuring the Switch 3-64 3 Figure 3-41 802.1X Port Configurati on[...]
-
Page 109
User Authentication 3-65 3 CLI – This example set s the 802.1X para meters on port 2. For a description of the additional fields displa yed in this e xample, see “show d ot1x” on page 4-86. Console(config)#interface ethernet 1/2 4-116 Console(config-if)#dot1x port-control a uto 4-82 Console(config-if)#dot1x re-authenticat ion 4-84 Console(con[...]
-
Page 110
Configuring the Switch 3-66 3 Displaying 802.1X Statistics This switch can display st atistics fo r dot1x protoc ol exchanges for any port. Web – Select Security , 802.1X, S tatistics. Select the require d port and then click Query . Click Refresh to update the st atistics. Figure 3-42 Displayin g 802.1X Port Statistics T able 3-6 802.1X Statisti[...]
-
Page 111
Access Control Li sts 3-67 3 CLI – This example displays the 802. 1X statisti cs for port 4. Access Control Lists Access Control List s (ACL) provide packet fi ltering for IP fr ames (based on add ress, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). T o filter incoming packet s,[...]
-
Page 112
Configuring the Switch 3-68 3 3. Explicit defa ult rule (permi t any any) in the ingress IP ACL for ingress ports. 4. If no explicit rule is matched, the implici t default is permit al l. Setting the ACL Name and Type Use the ACL Configuration p age to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum [...]
-
Page 113
Access Control Li sts 3-69 3 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain any combination of permit or de ny rules. • Address Type – Specifies the so urce IP address. Use “Any” to inc lude all possibl e addresses, “Host” to speci f y a specific hos t address in the Address f ield, or “IP” to spe[...]
-
Page 114
Configuring the Switch 3-70 3 host address in the Address fiel d, or “IP” to specify a range of addresses with the Address and SubMask fields. (Optio ns: Any, Host, IP; Default: Any) • Source/Destinatio n I P Address – Source or destinatio n IP address. • Source/Destinatio n Subnet Mask – Subnet mask for source or destinat ion address. [...]
-
Page 115
Access Control Li sts 3-71 3 Figure 3-45 Config uring Extended IP ACLs CLI – This example adds two rules : (1) Accept any incoming p ackets if the source address is in subnet 10.7.1. x. For example, if the ru le is matched; i.e., th e rule (10.7.1.0 & 255.255.25 5.0) equals the masked address (10.7.1.2 & 255 .255.255.0), the p acket passe[...]
-
Page 116
Configuring the Switch 3-72 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain any combination of permit or de ny rules. • Source/Destinatio n Address Ty pe – Use “Any” to include all pos sible addresses, “Host” to indica te a specifi c MAC address, or “MAC” to specify an address range with the Address and [...]
-
Page 117
Access Control Li sts 3-73 3 Figure 3-46 Configuri ng MAC ACLs Binding a Port to an Access Control List After configuring the Access Control List s (ACL), you can bind the ports that need to filter traf fic to the appropriate ACLs. Y ou can assign o ne IP access list to any p ort. Command Usage This switch support s ACLs for ingress filtering o nly[...]
-
Page 118
Configuring the Switch 3-74 3 Figure 3-47 Configuri ng ACL Port Binding CLI – This example assigns an IP access list to port 1, and an IP access list to port 3. Filtering IP Addresses for Management Access Y ou create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web i nterface, [...]
-
Page 119
Access Control Li sts 3-75 3 • You cannot delete an i ndividual address from a specif ied range. You must delet e the entire ran ge, and reent er the addresses. • You can delete an addre ss range just by specifyi ng the start address, or by specifying both the sta rt address and end address. Command Attributes • Web IP Filter – Configures I[...]
-
Page 120
Configuring the Switch 3-76 3 CLI – This example allows SNMP access for a specific cli ent. Port Configuration Displaying Connection Status Y ou can use the Port Information or T runk Information p ages to display the curren t connection st atus, including link state , speed/duplex mode , flow control, and auto-negot iation. Field Attributes (Web[...]
-
Page 121
Port Configuration 3-77 3 Web – Click Port, Port Info rmation or Trunk Informatio n. Figure 3-49 Displayi ng Port/Trunk Inform ation Field Attributes (CLI ) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physical layer address for this port. (To access t his item on the web, [...]
-
Page 122
Configuring the Switch 3-78 3 • Port Security – Shows if port security is enabled or disabled. • Max MAC count – Shows the maximum number of MAC address th at can be learned by a p ort. (0 - 1024 addresse s) • Port security action – Shows the response to take when a security violation is detected. (shutdo wn, trap, trap-and-shutdown, or[...]
-
Page 123
Port Configuration 3-79 3 • Speed/Duplex – Al lows you to manual ly set the port speed and duplex mode. (i.e., with auto-negot iation disabled) • Flow Control – Allows automatic or manual selection of fl ow control. • Autonegotiation (Port Capabili ties) – Allows au to-negotiation t o be enabled/ disabled. When auto -negotiation is enab[...]
-
Page 124
Configuring the Switch 3-80 3 CLI – Select the interface, and t hen enter the requi red settings. Creating Trunk Groups Y ou can create multiple li nks between devices that work as one vi rtual, aggregate link. A port trun k offe rs a dramatic increase in bandwid th for network segment s where bottlenecks exist , as well as providing a fault -tol[...]
-
Page 125
Port Configuration 3-81 3 • The ports at both ends of a trunk must be configured in an identic al manner, including communi cation mode (i.e ., speed, duplex mo de and flow con trol), VLAN assignments, and Co S settings. • All the ports in a trun k have to be treated as a whole wh en moved from/to, added or deleted from a VLAN. • STP, VLAN, a[...]
-
Page 126
Configuring the Switch 3-82 3 CLI – This example creates trunk 2 wi th ports 1 and 2. Just connect these port s to two stati c trunk port s on another switch to fo rm a trunk. Enabling LACP on Selected Port s Command Usage • To avoid creat ing a loop i n the network, be sure you enable LACP b efore connecting the ports, and also disconnec t the[...]
-
Page 127
Port Configuration 3-83 3 Command Attributes • Member List ( Current ) – Shows configured trunks (Port) . • New – Includes entry fields for creating n ew trunks. - Port – Port identifier. (Range: 1-26/50) Web – Click Port, L ACP , Configuration. Select any of the switch ports from the scroll-down port list and cl ick Add. After you have[...]
-
Page 128
Configuring the Switch 3-84 3 CLI – The followi ng example enables LACP for ports 1 to 6. Just c onnect these port s to LACP-enabled trunk port s on another switch to form a trunk. Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must meet the foll owing criteria: • Ports must hav e th[...]
-
Page 129
Port Configuration 3-85 3 - System priority is combined with the swit ch’s MAC address to form the LAG identifier. This ident ifier is used to indicate a specific LAG during LACP negotiations with other systems. • Admin Key – The LACP administration key must be set to the same value for ports that belong to the same LAG. (Range: 0-655 35; Def[...]
-
Page 130
Configuring the Switch 3-86 3 CLI – The following example configures LACP p arameters for ports 1-4. Ports 1-4 are used as active members of the LAG . Displaying LACP Port Counters Y ou can display st atistics for LACP protocol mess ages. Console(config)#interface ethernet 1/1 4-116 Console(config-if)#lacp actor system-pr iority 3 4-133 Console(c[...]
-
Page 131
Port Configuration 3-87 3 Web – Click Port, LACP , Port Counters Information . Select a member port to display the corresponding info rmation. Figure 3-54 LACP - Port Counte rs Information CLI – The following example displ ays LACP counters. Marker Unknown Pkts Number of frames receiv ed that either (1) Carry the Slow Protocols Ethernet T ype v[...]
-
Page 132
Configuring the Switch 3-88 3 Displaying LACP Settings and Status for the Local Side Y ou can display configurat ion settings and the operati onal stat e for the local side of an link aggrega tion. T able 3-8 LACP Internal Confi guration Informati on Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key[...]
-
Page 133
Port Configuration 3-89 3 Web – Click Port, LACP , Port Internal Informati on. Select a port channel to di splay the corresponding info rmation. Figure 3-55 LACP - Port Internal Inf ormation CLI – The following example displ ays the LACP configuration set tings and operational st ate for the local side of port channel 1. Console#show lacp 1 int[...]
-
Page 134
Configuring the Switch 3-90 3 Displaying LACP Set tings an d Status for the Remote Side Y ou can display configurat ion settings and the operati onal stat e for the remote side of an link aggregat ion. Web – Click Port, LACP , Port Neighbors Informa tion. Select a port chan nel to display the corresponding in formation. Figure 3-56 LACP - Port Ne[...]
-
Page 135
Port Configuration 3-91 3 CLI – The following example displ ays the LACP configuration set tings and operational st ate for the remote side of port channel 1. Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is ma lfunctioning, o r if application programs are no t well designed or prope rly configured. I[...]
-
Page 136
Configuring the Switch 3-92 3 Web – Click Port, Port/T runk Broadcast Control. Set the threshold, mark the Enabled field for the desired i nterface and click Apply . Figure 3-57 Port Broadcast Control CLI – S pecify any interface, and then enter th e threshold. The foll owing disables broadcast storm contro l for port 1, and the n sets broadcas[...]
-
Page 137
Port Configuration 3-93 3 Configuring Port Mirroring Y ou can mirror traf fic from any source port to a target port for real-time analy sis. Y ou can the n attach a logic analy zer or RMON probe to the target port and study the traf fic crossing the source port in a completely unobt rusive manner . Command Usage • Monitor port speed should match [...]
-
Page 138
Configuring the Switch 3-94 3 Configuring Rate Limits This function allows th e network manager to cont rol the maximum rate for tr affic transmitted or received on a n interface. Rate limiting is configured on i nterfaces at the edge of a network to limi t traffi c into or out of the switch. T raffic that falls within the rate limit is tran smitte[...]
-
Page 139
Port Configuration 3-95 3 CLI - This example sets the rat e limit level for i nput traff ic passing th rough port 3. Showing Port Statistics Y ou can display st andard stat istics on network traf fic from the Interfaces Group and Ethernet-like MIBs, as well as a detaile d breakdown of traf fic based on the RMON MIB. Interfaces and Et hernet-like st[...]
-
Page 140
Configuring the Switch 3-96 3 Tr ansmit Multicast Packets The total number of packe ts that higher-lev el protocols req uested be transmitted, and which were addressed to a multicast address a t this sub-layer , including those that were discard ed or not sent. Tr ansmit Broadcast Packets The total number of packe ts that hig her-level protocols re[...]
-
Page 141
Port Configuration 3-97 3 RMON Statistics Drop Events Th e total number of even ts in which packets were dropped due t o lack of resources. Jabbers The total number of frames receive d that were longer than 1518 octets (excluding framing bits, but includ ing FCS octets), and had eit her an FCS or alignment error . Received Bytes T otal number of by[...]
-
Page 142
Configuring the Switch 3-98 3 Web – Click Port, Port S tatistics. Select the required int erface, and click Query . Y ou can also use the Refresh butt on at the bottom of the p age to update the screen. Figure 3-60 Port Statistics[...]
-
Page 143
Address T able Settings 3-99 3 CLI – This example shows stat istics for port 13. Address Table Settings Switches store th e addresses for all known devices. Thi s information is us ed to pass traff ic directly between the inboun d and outbound port s. All the addresses learned by monitoring traf fic are stored in the dynamic address t able. Y ou [...]
-
Page 144
Configuring the Switch 3-100 3 Web – Click Address T able, S tatic Addresses. S pecify the interface, the MAC address and VLAN, then click Add S tatic Address. Figure 3-61 Configurin g a Static Address Table CLI – This exampl e adds an address to the static address table, but set s it to be deleted when t he switch is res et. Displaying the Add[...]
-
Page 145
Address T able Settings 3-101 3 Web – Click Address T able, Dynamic Addr esses. S pecify the search type (i. e., mark the Interfac e, MAC Address, or VLAN checkbox), select t he method of sorting the displayed addresses, and then click Query . Figure 3-62 Configuring a Dy namic Address Tab le CLI – This example also displa ys the address tabl e[...]
-
Page 146
Configuring the Switch 3-102 3 Changing the Aging Time Y ou can set the aging ti me for entries in th e dynamic address t able. Command Attributes • Aging Status – Enables/disables the funct ion. • Aging Time – The time after which a learned entry is di scarded. (Range: 10-630 seconds; Default: 300 seconds ) Web – Click Address T able, Ad[...]
-
Page 147
Spanning Tree Algorithm Configuration 3-103 3 disables all other port s. Network packets are therefore only fo rwarded between root ports and desig nated ports, eli minating any possible ne twork loops. Once a st able network top ology has been e stablishe d, all bridges listen for Hello BPDUs (Bridge Protocol Data Unit s) transm itted from the Roo[...]
-
Page 148
Configuring the Switch 3-104 3 An MST Region consists of a group of interconnected brid ges that have the same MST Configuration Ident ifiers (includi ng the Region Name , Revision Level and Configuration Digest -V see 3-1 16). An MST Region ma y contain multiple MSTP Instanc es. An Intern al S panning T ree (IST) is used to connect all the MSTP sw[...]
-
Page 149
Spanning Tree Algorithm Configuration 3-105 3 Displaying Global Settings Y ou can display a s ummary of the current b ridge ST A information that applies to the entire switch usi ng the ST A Information screen. Field Attributes • Spanning Tr ee State – Shows if the switch is enabled t o participate in an STA-compliant network. • Bridge ID –[...]
-
Page 150
Configuring the Switch 3-106 3 However, if all d evices have the same pr iority, the device wi th the lo west MAC address will then become th e root device. • Root Hello Time – Interval (in seco nds) at which this device transmi ts a configuration messa ge. • Root Maximum Age – The maximum time (in seconds ) this device can wait without rec[...]
-
Page 151
Spanning Tree Algorithm Configuration 3-107 3 CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network. Configuring Global Settings Global setti ngs apply to t he entire s witch. Command Usage • Spanni[...]
-
Page 152
Configuring the Switch 3-108 3 - To allow multiple spa nning trees to op erate over the ne twork, you must conf igure a related set of bridges with the same MSTP configuration, al lowing them to participate in a speci fic set of spanning tre e instances. - A spanning tree instance can exist only on bridges that have compatible VLAN instance assignm[...]
-
Page 153
Spanning Tree Algorithm Configuration 3-109 3 • Forward Delay – The maximum time (in seconds) this devic e will wait before changing states (i. e., discarding to learning t o forwarding). This delay is required because every device must re ceive information about topology changes before i t starts to forward frames. In addition, each port needs[...]
-
Page 154
Configuring the Switch 3-110 3 Web – Click S panning T ree, ST A, Configuration. Modify the required attr ibutes, and click Apply . Figure 3-65 Config uring Spanning Tree CLI – This example enables S panning T ree Protocol, sets the mode to RSTP , and then configures the ST A and RSTP parameters. Console(config)#spanning-tree 4-145 Console(conf[...]
-
Page 155
Spanning Tree Algorithm Configuration 3-111 3 Displaying Interface Settings The ST A Port Information and ST A Trunk Info rmation pag es display the current status of ports and trunks in the S panning T ree. Field Attributes • Spanning Tr ee – Shows if STA has been enable d on this interface. • STA Status – Displays current state of this po[...]
-
Page 156
Configuring the Switch 3-112 3 • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only) These additional p arameters are only displayed for the CLI: • Admin status – Shows if this interface is enabled. • Path cost – This p arameter is used by t he STA to determin e the best path between devices. Theref or[...]
-
Page 157
Spanning Tree Algorithm Configuration 3-113 3 the amount of frame flo oding required to rebuil d address tables during reconfiguration eve nts, does not cause the spanning tree to reconfi gure when the interface changes stat e, and also overcomes oth er STA-related timeout problems . However, remember that Ed ge Port should only be enabled for port[...]
-
Page 158
Configuring the Switch 3-114 3 Configuring Interface Settings Y ou can configure RSTP and MSTP attribute s for specific interface s, including port priority , path cost, link typ e, and edge port. Y ou may use a dif f erent priority or p ath cost for port s of the same media type to indicate the preferred p a th, link type to indicate a point-to-po[...]
-
Page 159
Spanning Tree Algorithm Configuration 3-115 3 • Admin Link Type – The link type attached to this interface . - Point-to-Point – A connection to exactly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines if the interface is attache d to a point-to-point link or to s hared media. ([...]
-
Page 160
Configuring the Switch 3-116 3 Configuring Multiple Spanning Trees MSTP generates a unique sp anning tree for each inst ance. This provides multiple path ways across the network , thereby balancin g the traff ic load, preventing wide-scale disrupt ion when a bridge node in a si ngle inst ance fails, and allowing f or faster convergence of a new top[...]
-
Page 161
Spanning Tree Algorithm Configuration 3-117 3 Web – Click S panning T ree, MSTP , VLAN Configuration. Select an ins tance identifier from the li st, set the instance priority , and click Apply . T o add the VLAN members to an MSTI inst ance, enter the inst ance identifier , the VLAN identifier , and click Add. Figure 3-68 Config uring Multiple Sp[...]
-
Page 162
Configuring the Switch 3-118 3 CLI – This example sets ST A attributes for port 1, , fo llowed by settings for each port. Displaying Interface Settings for MSTP The MSTP Port Informati on and MSTP T runk Informa tion pag es display the current status of ports and trunks in the selecte d MST inst ance. Command Attributes • MST Instance ID – In[...]
-
Page 163
Spanning Tree Algorithm Configuration 3-119 3 Web – Click S panning T ree, MSTP , Port or Trunk Information. Sele ct the required MST instance to display the current sp anning tree values. Figure 3-69 Displ aying MSTP Interface Settings[...]
-
Page 164
Configuring the Switch 3-120 3 CLI – This displays ST A settings for insta nce 0, followed by settings fo r each port. The settings for inst ance 0 are global setting s that apply to the IST , the settings fo r other inst ances only apply to the local span ning tree. Configuring Interface Settings for MSTP Y ou can configure the ST A interface se[...]
-
Page 165
Spanning Tree Algorithm Configuration 3-121 3 - Discarding – Port receives STA configur ation messages, but does not forward packets. - Learning – Port has transmitted configuration messages for an interval set by the Forward Delay parameter wi thout receivin g contradicto ry information. Po rt address table is cleared, and th e port begins lea[...]
-
Page 166
Configuring the Switch 3-122 3 Web – Click S panning T ree, MSTP , Port Configuration or T runk Configurati on. Enter the priority and p ath cost for an inte rface, and click Apply . Figure 3-70 Displ aying MSTP Interface Settings CLI – This example sets the MSTP attributes for port 4. VLAN Configuration IEEE 802.1Q VLANs In large networks, rou[...]
-
Page 167
VLAN Configuration 3-123 3 This switch support s the following VL AN features: • Up to 255 VLANs based on the IEEE 802.1Q standard • Distributed VLAN lea r ning across multi ple switches using explicit or impli cit tagging and GVRP protocol • Port overlappin g, allowing a port to partic ipate in multiple VLANs • End stations can bel ong to [...]
-
Page 168
Configuring the Switch 3-124 3 VLAN form a broadcast domain that is sep arate from other VLANs configured on the switch. Packet s are forwarded only between p orts that a r e designated for the same VLAN. Untagged VL ANs can be used to manually isola te user groups or subnet s. However , you should use IEEE 802.3 ta gged VLANs with GVRP whenever po[...]
-
Page 169
VLAN Configuration 3-125 3 Forwarding T agged/ Unt agged Frames If you want to create a smal l port-based VLAN for devices at tached di rectly to a single switch, you can ass ign ports to the same u ntagged VLAN. Howev er , to particip ate in a VLAN group that crosses several switches, you sho uld create a VLAN for that group and enable t agging on[...]
-
Page 170
Configuring the Switch 3-126 3 Displaying Basic VLAN Information The VLAN Basic Inf ormation p age displays ba sic information on the VLAN type supported by the switch. Field Attributes • VLAN Version Number 8 – The VLAN version used by this switch as spec ified in the IEEE 802.1Q standard. • Maximum VLAN ID – Maximum VLAN ID recognized by [...]
-
Page 171
VLAN Configuration 3-127 3 • Status – Shows how this VLAN was added to the swit ch. - Dynamic GVRP : Aut omatically learned via GVRP. - Permanent : Added as a stati c entry. • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. Web – Click VLAN, 802.1Q VLAN, Curren t T able. Select [...]
-
Page 172
Configuring the Switch 3-128 3 CLI – Current VLAN information can be di splayed with the followi ng command. Creating VLANs Use the VLAN S tatic List to create or remove VLAN group s. T o prop agate information abo ut VLAN groups used on this switch to externa l network devic es, you must specify a VLAN ID for each of thes e groups. Command Attri[...]
-
Page 173
VLAN Configuration 3-129 3 Web – Click VLAN, 80 2.1Q VLAN, S tatic List. T o create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activa te the VLAN, and then click Add. Figure 3-74 Config uring a VLAN Static List CLI – This example creates a new VLAN. Adding Static Members to VLANs (VLAN Index) Use the VLAN S tatic T[...]
-
Page 174
Configuring the Switch 3-130 3 2. VLAN 1 is the default untagged VLAN containing all ports on the switch, and can only be modified by first reassigning the default po rt VLAN ID as described under “Configuring VLAN B ehavior for Interf aces” on page 3-132. Command Attributes • VLAN – ID of configured VLAN (1-4094). • Name – Name of the [...]
-
Page 175
VLAN Configuration 3-131 3 Figure 3-75 Configuri ng a VLAN Static Table CLI – The following example adds t agged and untagged ports to VLAN 2. Adding Static Members to VLANs (Port Index) Use the VLAN S tatic Membership by Port menu to assign VLAN groups to the selected interfa ce as a tagged member . Command Attributes • Interface – Port or t[...]
-
Page 176
Configuring the Switch 3-132 3 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavi or for specific i nterfaces, incl uding the defaul t VLAN identifier (PVID), acce pted frame types, in gress filtering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a wa y for switches to exchang[...]
-
Page 177
Configuring IEEE 802.1Q Tunneling 3-133 3 Web – Click VLAN, 80 2.1Q VLAN, Port Configurat ion or T runk Configuration. Fill in the required sett ings for each i nterface, click Appl y . Figure 3-77 Configuring VL ANs per Port CLI – This exampl e sets port 3 to accept only tagged f rames, assigns PVID 3 as the native VLAN ID, and the n sets the [...]
-
Page 178
Configuring the Switch 3-134 3 using a VLAN-in-VLAN h ierarchy , preserving the customer’s original t agged packets, and adding SPVLAN t ags to each frame (also cal led double tag ging). A port configured to support QinQ tu nneling must be set to tunnel port mode. The Service Provider VLAN (SPVLA N) ID for the speci fic customer must be assigne d[...]
-
Page 179
Configuring IEEE 802.1Q Tunneling 3-135 3 (SPVLAN) into the pack et based on the default VLAN ID and T ag Protocol Identifier (TPID, t hat is, the ether-type of the tag). This outer t ag is used for learning and switchi ng packet s. The priority of the inner t ag is copied t o the outer tag if it is a t agged or priority tagged pa cket. 2. After su[...]
-
Page 180
Configuring the Switch 3-136 3 0x8100, a new VLAN t ag is added and it is al so treated as double-tag ged pack et. 5. If the destinatio n address lookup fails, t he packet i s sent to all member ports of the ou ter tag's V LAN. 6. After p acket classificati on, the packet is written to memory for processi ng as a single-t agged or double-t agg[...]
-
Page 181
Configuring IEEE 802.1Q Tunneling 3-137 3 “Adding an Interface to a QinQ T unnel” on page 3-138). 8. Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member (see “Adding S tatic Members to VLANs (VLAN Inde x)” on page 3-129). Enabling QinQ Tunneling on the Switch The switch can be configured to ope rate in normal VLAN mo[...]
-
Page 182
Configuring the Switch 3-138 3 CLI – This example set s the switch to operate in QinQ mode. Adding an Interface to a QinQ Tunnel Follow the guid elines in th e preceding section to set up a QinQ tun nel on the swi tch. Use the VLAN Port Configuration or VLAN T runk Configuration screen to set the access port on the edge switch t o 802.1Q T unnel [...]
-
Page 183
Configuring IEEE 802.1Q Tunneling 3-139 3 - 802.1Q Tunnel Uplink – Configures IEEE 802.1Q tunneling (Qin Q) for an uplink port to anothe r device within the service provi der network. Web – Click VLAN, 80 2.1Q VLAN, T unnel Configuration o r T unnel T runk Configuration. Se t the mode for a tunnel access port to 802.1 Q T unnel and a tunnel upl[...]
-
Page 184
Configuring the Switch 3-140 3 CLI – This example set s port 1 to tunnel access mode, indicat es that the TPID used for 802.1Q tagged f rames is 9100 hexadecimal, and sets port 2 to tunnel uplink mode. Console(config)#interface ethernet 1/1 45-1 Console(config-if)#switchport dot1q-tunnel mode access 52-14 Console(config-if)#switchport dot1q-tunne[...]
-
Page 185
Configuring IEEE 802.1Q Tunneling 3-141 3 Configuring Private VLANs Private VLANs provide port-based security and isolation b etween ports within the assigned VLAN. Dat a traffic on downlink port s can only be forwarded to, and from, uplink port s. (Note that private VLANs and normal VLANs can exist simul taneousl y within the sa me switch.) Enabli[...]
-
Page 186
Configuring the Switch 3-142 3 Configuring Uplink and Downlink Ports Use the Private VLAN Link S tatus p age to set ports as do wnlink or uplink port s. Ports designat ed as downlink port s can not communicate wit h any other ports on the switch except for the up link ports. Upli nk ports can co mmunicate with any other port s on the switch and wit[...]
-
Page 187
Configuring IEEE 802.1Q Tunneling 3-143 3 • Protocol Type – The only option for the LLC Other frame type is IPX Raw. The options for a ll other frames t ypes include IP, ARP, or RARP. Web – Click VLAN, Proto col VLAN, Configurati on. Figure 3-82 Protocol VLAN Conf iguration Configuring Protocol VLAN Interfaces Use the Protocol VLAN Port Confi[...]
-
Page 188
Configuring the Switch 3-144 3 Class of Service Configuration Class of Service (CoS) allows you to specify whic h data p ackets have greate r precedence when traf fic is buffered in th e switch due to congesti on. This switch supports Co S with four priority queu es for each port. Data packet s in a port’s high-priority queu e will be transmitted[...]
-
Page 189
Class of Service Conf iguration 3-145 3 Web – Click Priority , Default Port Priority or Defau lt T runk Priority . Modify the default priority for an y interface, then c lick Apply . Figure 3-84 Po rt Priority Configuration CLI – This example assigns a defau lt priority of 5 to port 3. Mapping CoS Values to Egress Que ues This switch processe s[...]
-
Page 190
Configuring the Switch 3-146 3 The priority l evels recommended in the IEEE 802.1p standard for va rious network applications are shown i n the following table . However , you can map the priority levels to the switch’ s output queues in any way that benefi ts applica tion traf fic for your own network. Command Attributes • Priority – CoS val[...]
-
Page 191
Class of Service Conf iguration 3-147 3 CLI – The following example sho ws how to change the CoS assignment s. Enabling CoS Enable or disable Class of Service (CoS). Command Attrib utes • Traffic Classes – Click to enabl e Class of Service. (Defaul t: Enabled) Web – Click Priority , T raffic Clas ses S tatus. Figure 3-86 Enable Traffic Clas[...]
-
Page 192
Configuring the Switch 3-148 3 Web – Click Priority , Queue Mode. Select S trict or WRR, then click Apply . Figure 3-87 Queue Mode CLI – The following set s the queue mode to WRR priority servi ce mode. Setting the Service Weig ht for Traffic Classes This switch uses the We ighted Round Ro bin (WRR) algorithm t o determine the frequency at whic[...]
-
Page 193
Class of Service Conf iguration 3-149 3 CLI – The following example sho ws how to display the WRR weight s assigned to each of the priority queues. Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traf fic to meet application requi rements. T raffic priori[...]
-
Page 194
Configuring the Switch 3-150 3 Web – Click Priority , IP Precedence/DSCP Prio rity S tatus. Select Disa bled, IP Precedence or IP DSCP from the scro ll-down menu, then click Ap ply . Figure 3-89 IP Precedence/DSCP Pr iority Status CLI – The following example enable s IP Precedence service on the switch. Mapping IP Precedence The T ype of Servic[...]
-
Page 195
Class of Service Conf iguration 3-151 3 Web – Click Priority , IP Precedence Priority . Select an ent ry from the IP Preceden ce Priority T able, enter a value in t he Class of Service V alue fiel d, and then cl ick Apply . Figure 3-90 Ma pping IP Preced ence Priority Values CLI – The f ollowing exam ple globally enables IP Preced ence service [...]
-
Page 196
Configuring the Switch 3-152 3 Mapping DSCP Priority The DSCP is six bits wide , allowing coding for up to 64 dif ferent forwarding behaviors. The DSCP ret ains backward compati bility with the thre e precedence bits so that non-DSCP compliant wil l not conflict with the DSCP mappi ng. Based on network policies, di fferent kinds of traffi c can be [...]
-
Page 197
Class of Service Conf iguration 3-153 3 CLI – The following example global ly enables DSCP Priority servi ce on the switch, maps DSCP value 0 t o CoS value 1 (on port 1), and then displays th e DSCP Priority settings. * Mapping specific values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the all [...]
-
Page 198
Configuring the Switch 3-154 3 Click Priority , IP Port Priority . Enter the port number for a netwo rk application in the IP Port Number box and the new CoS value in the Cla ss of Service box, and then click Apply . Figure 3-93 IP Port Priority CLI * – The foll owing example globa lly enables IP Port Priority service on the switch, maps HTTP tra[...]
-
Page 199
Quality of Service 3-155 3 All switches or routers tha t access the Internet rely on cl ass information t o provide the same forwarding treatment to packet s in the same class. Class information can be assigned by e nd hosts, or switches or rou ters along the p ath. Priority can then be assigned based on a gene ral policy , or a detaile d examinati[...]
-
Page 200
Configuring the Switch 3-156 3 based on an access l ist, a DSCP or IP Pre cedence value, or a VLAN, and click the Add button next to the field for the select ed traffi c criteria. Y ou can specify up to 16 items to match when assigni ng ingress traffic to a class map. • The class map is used wit h a policy map (page 3-158) to create a service pol[...]
-
Page 201
Quality of Service 3-157 3 Web – Click QoS, Diff Serv , then click Add Class to create a new class, or Edit Rules to change the rules of an exi sting class. Figure 3-94 Config uring Class Maps CLI - This example creates a class map call “rd-cl ass,” and sets it to match packet s marked for DSCP service value 3. Console(config)#class-map rd_cl[...]
-
Page 202
Configuring the Switch 3-158 3 Creating QoS Poli cies This function creates a pol icy map that can be att ached to multiple interfa ces. Command Usage • To configure a Policy Map, foll ow these steps: - Create a Class Map as described on page 3-155. - Open the Policy Map page, and click Add Policy. - When the Policy Configuration page op ens, fil[...]
-
Page 203
Quality of Service 3-159 3 Policy Rule Settings - Class Settings - • Class Name – Name of class map. • Action – Shows the service provi ded to ingress traf fic by setting a CoS, DSCP , or IP Precedence value i n a matching packet (as specifi ed in Match Class Sett ings on 3-155). • Meter – The maximum throug hput and burst rate. - Rate [...]
-
Page 204
Configuring the Switch 3-160 3 Web – Click QoS, DiffServ , Poli cy Map to display the li st of existing policy m aps. T o add a new pol icy map clic k Add Policy . T o co nfigure the pol icy rule settin gs click Edit Classes. Figure 3-95 Configuring Policy Maps CLI – This example creates a policy map call ed “rd-policy ,” sets the average b[...]
-
Page 205
Quality of Service 3-161 3 Attaching a Policy Map to Ingress Queu es This function binds a pol icy map to the ingress queue of a p articular interface. Command Usage • You must first def ine a class map, then defi ne a policy map, and finall y bind the service poli cy to the required interf ace. • You can only bind one poli cy map to an interfa[...]
-
Page 206
Configuring the Switch 3-162 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconf erencing or streaming audio. A mul ticast server does not have to est ablish a sep arate connection with each client. I t merely br oadcasts its se rvice to th e network, and any host s that want to receive the multicast regi[...]
-
Page 207
Multicast Filtering 3-163 3 Configuring IGMP Sn ooping and Query Parameters Y ou can configure the switch t o forward multicast t raffi c intelligently . Based on the IGMP query and report messages, th e switch forwards traf fic only to the port s that request multicast tr affic. Thi s prevents the swit ch from broadcasting the traf fic to all port[...]
-
Page 208
Configuring the Switch 3-164 3 Web – Click IGMP Snooping, IGMP Configu ration. Adjust the IGMP settings as required, and then clic k Apply . (The default settings are shown below .) Figure 3-97 IGMP Configura t ion CLI – This exampl e modifies the se ttings for mult icast filterin g, and then displ ays the current st atus. Enabling IGMP Immedia[...]
-
Page 209
Multicast Filtering 3-165 3 Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Immediate Leave – Enable or disable IGMP immediate leave for the selec ted VLAN. Web – Click IGMP Snooping, IGMP Immediate Leave. Figure 3-98 IGMP Immediate Leave CLI – This exampl e enables IGMP immediate leave for VLAN 1 and t hen displays the[...]
-
Page 210
Configuring the Switch 3-166 3 Web – Click IGMP Sno oping, Multicast Rout er Port Information. Se lect the require d VLAN ID from the scroll-down list to display the associated multicast routers. Figure 3-99 Displaying Multi cast Router Port Information CLI – This example shows that Port 1 1 has been statical ly configured as a port attache d t[...]
-
Page 211
Multicast Filtering 3-167 3 Web – Click IGMP Sno oping, S tatic Multic ast Router Port Configuration. S pecify the interfaces att ached to a multicast router , indicate the VLAN which will fo rward all the corresponding mult icast traf fic, and then click Add. After you have finished add ing interfaces to the li st, click Apply . Figure 3-100 Sta[...]
-
Page 212
Configuring the Switch 3-168 3 Web – Click IGMP Snooping, IP Multi cast Registration T able. Select a VLAN ID and the IP address for a multicast servic e from the scroll-down list s. The switch will display all the interf aces that are prop agating this multica st service. Figure 3-101 IP Multicast Registration Tabl e CLI – This example display[...]
-
Page 213
Multicast Filtering 3-169 3 Web – Click IGMP Snooping, IGMP Member Po rt T able. S pecify the interface attache d to a multicast service (via an I GMP-enabled switch or multica st router), indicate the VLAN that will propagate t he multicast service, speci fy the multicast IP address, and click Add. Aft er you have completed adding po rts to the [...]
-
Page 214
Configuring the Switch 3-170 3 switch randomly re moves an existin g group and replace s it with t he new multicast group. Note: IGMP filtering and throttling only applies to dynamically learned multicast groups, it does not apply to statically configured groups. Enabling IG MP Filtering and Th rottling T o implement IGMP filtering and throt tling [...]
-
Page 215
Multicast Filtering 3-171 3 Configuring IGMP Filt ering and Throttli ng for Interfaces Once you have conf igured IGMP profile s, you can then a ssign them to interfaces on the switch. Also, you can set the IGMP thrott ling number to limit t he numb er o f multicast groups an interface can join at the same time. Command Usage • Only one profile ca[...]
-
Page 216
Configuring the Switch 3-172 3 Web – Click IGMP Snooping, IGMP Filter/T hrott ling Port Confi guration or IGMP Filter/Throttl ing T runk Configuration. Select a profile to ass ign to an interface, then set the throttli ng number and action. Click Ap ply . Figure 3-104 IGMP Filter and Throttl ing Port Configuration CLI – This example assigns IGM[...]
-
Page 217
Multicast Filtering 3-173 3 deny, IGMP join report s are only processed when a multi cast group is not in the controlled range. Command Attributes • Profile ID – Selects an existing profile number to confi gure. After selecting an I D number, click the Query button to display the current configuration. • Access Mode – Sets the access mode o[...]
-
Page 218
Configuring the Switch 3-174 3 CLI – This exampl e configures prof ile number 19 b y setting th e access mode to “permit” and t hen specifying a range of multi cast groups that a user c an join. The current profile con figuration is then di splayed. Multicast VLAN Registration Multicast VLAN Regis tration (MVR) is a protocol that controls acc[...]
-
Page 219
Multicast Filtering 3-175 3 General Configuration Guidelines for MVR 1. Enable MVR globally on the swit ch, select the MVR VLAN, and add th e multicast group s that will stream traffic to at tached host s (see “Configuring Global MVR Settings” on page 3-175). 2. Set the interfaces tha t will join the MVR as source po rts or receiver port s (see[...]
-
Page 220
Configuring the Switch 3-176 3 Web – Click MVR, Con f iguration. Enabl e MVR globally on the switch, select the MVR VLAN, add the multicast groups that will stream traf fic to atta ched hosts, and then click Appl y . Figure 3-106 MVR Global Configur ation CLI – This example first enables IGMP snoopi ng, enables MVR globall y , and then configur[...]
-
Page 221
Multicast Filtering 3-177 3 Web – Click MVR, Port or T r unk Informat ion. Figure 3-107 MVR Port Information CLI – This example shows informa tion about interfac es attached to the MVR VLAN. Console#show mvr interface 4-221 Port Type Status Immediat e Leave ------- -------- ------------- -------- ------- eth1/1 SOURCE ACTIVE/UP Disable eth1/2 R[...]
-
Page 222
Configuring the Switch 3-178 3 Displaying Port Members of Multicast Groups Y ou can display the multi cast groups ass igned to the MVR VLAN either thro ugh IGMP snooping or st atic configurati on. Field Attributes • Group IP – Multicast groups assigned to the MVR VLAN. • Group Port List – Shows the interf aces with subscri bers for multicas[...]
-
Page 223
Multicast Filtering 3-179 3 Configuring MVR Interface Status Each interface that particip ates in the MVR VLAN must be configured as an MVR source port or receiver port. If only one sub scriber attached to an i nterface is receiving multicas t services, you can enable the immediate leave functi on. Command Usage • One or more interfaces may be co[...]
-
Page 224
Configuring the Switch 3-180 3 Web – Click MVR, Po rt or T r unk Config uration. Figure 3-109 MVR Port Configur ation CLI – This example configures an MVR sou rce port and receiver port, and then enables immediate l eave on the receiver port. Assigning Static Multicast Groups to In terfaces For multicast streams tha t will run for a long te rm [...]
-
Page 225
Configuring Domain Nam e Service 3-181 3 Web – Click MVR, Grou p Member Configurati on. Sel ect a port or trunk from t he “Interface” field, and cl ick Query to display the assig ned multicast groups . Select a multicast address from t he displayed list s, and click the Add or Remove button to modify the Member list. Figure 3-110 MVR Group Me[...]
-
Page 226
Configuring the Switch 3-182 3 • When an incomplete host name is received by the DNS servi ce on this switch and a domain name list ha s been specified, the switch will work thro ugh the domain lis t, appending each domain name in the list to the host name , and checking with the specified name serv ers for a match. • When more than one name se[...]
-
Page 227
Configuring Domain Nam e Service 3-183 3 CLI - This example set s a default domain name and a domain l ist. However , remember that if a domain li st is specified, the defa ult domain name is not used. Configuring Static DNS Host to Address Entries Y ou can manually configure st atic entries in the DNS table that are use d to map domain names to IP[...]
-
Page 228
Configuring the Switch 3-184 3 Web – Select DNS, S tatic Host T able. Enter a host n ame and one or more corresponding addresse s, then click Apply . Figure 3-112 DNS Static Host Table CLI - This example maps two addre ss to a host name, and then confi gures an alias host name for the same addresses. Console(config)#ip host rd5 192.168.1.5 5 10.1[...]
-
Page 229
Configuring Domain Nam e Service 3-185 3 Displaying the DNS Cache Y ou can display entries in th e DNS cache that have been learned via th e designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefo re unreliable. • Type – This fie[...]
-
Page 230
Configuring the Switch 3-186 3 CLI - This example displays all the resour ce records learned from the desig nated name servers. DHCP Snooping DHCP snooping all ows a switch to protect a network from rog ue DHCP servers or other devices which sen d port-related informati on to a DHCP server . This information ca n be useful in tracking an IP address[...]
-
Page 231
DHCP Snooping 3-187 3 the packet wil l only be f orwarded if the c lient’s hardware address stored in the DHCP packet is t he same as the source MAC address i n the Ethernet header. • If the DHCP packet is not a recognizable type, it is dropped. • If a DHCP packet from a client passes the filtering criteria abo ve, it will only be forwarded t[...]
-
Page 232
Configuring the Switch 3-188 3 DHCP Snooping VLAN Configuration Enables DHCP snooping on the specifie d VLAN. Command Attributes • VLAN ID – ID of a configured VLAN. (Range: 1-4094) • DHCP Snoo ping Status – Enables o r disables DHCP s nooping for the se lected VLAN. When DHCP snooping is enabled gl obally on the switch, and enabled on the [...]
-
Page 233
DHCP Snooping 3-189 3 Command Attributes • DHCP Snooping I nformatio n Option Status – Enables or disab les DHCP Option 82 information rel ay. • DHCP Snoopi ng Information Option Policy – Sets the DHCP snooping information opti on policy for DHCP client pa ckets that include Option 82 informatio n. • Replace – Overwrites the DHCP client[...]
-
Page 234
Configuring the Switch 3-190 3 Web – Click DHCP Snoo ping, Information Option Configuratio n. Figure 3-117 DHCP Snoopin g Port Configu ration CLI – This examp le shows how to enabl e the DHCP Snoopi ng T rust S tatus for ports . DHCP Snooping Binding Information Displays the DHCP snooping binding information. Command Attributes • No. – Entr[...]
-
Page 235
IP Source Guard 3-191 3 Web – Click DHCP Snoopin g, DHCP Snooping Binding Information. Figure 3-118 DHCP Sno oping Binding Information CLI – This example shows how to displa y the DHCP Snooping bi nding table entries . IP Source Guard IP Source Guard is a security featu re that filter s IP traf fic on network inte rfaces based on manually confi[...]
-
Page 236
Configuring the Switch 3-192 3 Command Attributes • Filter Type – Configures the switch to filter inbound t raffic base d source IP address, or source IP address and co rrespondi ng MAC address. (Default: None) • None – Disables IP source guard filt ering on the port. • SIP – Enables traf fic filtering based on IP addresses stored in th[...]
-
Page 237
IP Source Guard 3-193 3 Command Attributes • Static Binding Table Counts – The total number of st atic entries in the t able. • Port – Switch port number. (Rang e: 1-26/50) • VLAN ID – ID of a configu r ed VLAN (Range: 1-4094) • MAC Address – A valid u nicast MAC address. • IP Address – A valid unicast IP addre ss, including cla[...]
-
Page 238
Configuring the Switch 3-194 3 Web – Click IP Source Guard, Dynamic Info rmation. Figure 3-121 Dynamic IP Source Guar d Binding Informati on CLI – This example shows how to configure a static source-guard binding on port 5 . Switch Clustering Switch Clustering is a met hod of grouping switches tog ether to enable centrali zed management through[...]
-
Page 239
Switch Clust ering 3-195 3 Once a switch ha s been configured to be a clu ster Commander , it automatically discovers other cluster-en abled switches in the network. These “Candidate” switches only become cluster Members when man ually selected by the administrator throug h the management station . After the Commander and Members have been conf[...]
-
Page 240
Configuring the Switch 3-196 3 Web – Click Clu ster , Configuration. Figure 3-123 Cluster Configuration CLI – This example first enables clu stering on the switch, set s the switch as the cluster Commander , and then configures the cluste r IP pool. Cluster Member Configuration Adds Candidate switches to the clu ster as Members. Command Attribu[...]
-
Page 241
Switch Clust ering 3-197 3 Web – Click Clu ster , Member Configurat ion. Figure 3-124 Cluster Member Conf iguration CLI – This example creates a new cluste r Member by specifying the Ca ndidate switch MAC address and setting a Me mber ID. Cluster Member Information Displays current cluster Membe r switch information. Command Attributes • Memb[...]
-
Page 242
Configuring the Switch 3-198 3 CLI – This example shows informati on about cluster Member switches. Cluster Candidate Information Displays informati on about discovered swi tches in the network that are already cluster Members or are available to beco me cluster Members. Command Attributes • Role – Indicates the curren t status of Candi date [...]
-
Page 243
4-1 Chapter 4: Command Line Interface This chapter descri bes how to use t he Command Line Int erface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interface for the switch over a dire ct connection to the server’s console port, or via a T e lnet connection, the switch can be managed by entering command [...]
-
Page 244
Command Line Interfa ce 4-2 4 Telnet Connection T elne t operates over the IP tra nsport protocol. In thi s environment, your management st ation and any network device you want to man age over the network must have a valid IP address. V alid IP addresses consist of four numbers, 0 to 255, separated by peri ods. Each address consist s of a network [...]
-
Page 245
Entering Commands 4-3 4 Entering Commands This section describes how to ent er CLI commands. Keywords and Arguments A CLI command is a series of keywords and argument s. Keywords iden tify a command, and argument s specify configurati on parameters. For examp le, in the command “show interfaces st atus ethernet 1/5,” show interfaces and st at u[...]
-
Page 246
Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will displa y the first level of keywords for the current command class (Normal Exec or Privil eged Exec) or configuration cl ass (Global, ACL, Interface, Line or VL AN Database). Y ou can also display a list of valid keywords for a specific comm[...]
-
Page 247
Entering Commands 4-5 4 Partial Keyword Lookup If you terminat e a parti al keyword with a question mark, alternatives that match the initial letters are provi ded. (Remember not to leave a space between th e command and question mark.) For exampl e “ s? ” shows all the keywords sta rting with “s.” Negating the Effect of Commands For many c[...]
-
Page 248
Command Line Interfa ce 4-6 4 Exec Commands When you open a new console session on the swit ch with the user name and password “guest,” the system enters the Normal Exec command mod e (or guest mode), displaying th e “Console>” command prompt. Only a li mited number of the commands are available in t his mode. Y ou can access all command[...]
-
Page 249
Entering Commands 4-7 4 Configuration Commands Configuration c ommands are privileg ed level comma nds used to modif y switch settings. These commands modify th e running configu r ation only an d are not saved when the switch is rebooted. T o store the running configuration in non-volatile storage, use the copy running-conf ig startup-config comma[...]
-
Page 250
Command Line Interfa ce 4-8 4 Command Line Processing Commands are not case sensitive . Y ou can abbreviate commands and parameters as long as t hey conta in enough l etters to dif ferentiate them from any other currently available comma nds or p arameters. Y ou can us e the T ab key to complete p artial commands, or enter a p artial command follow[...]
-
Page 251
Command Groups 4-9 4 Command Groups The system commands can be broken down into the functional group s shown below . T able 4-4 Command Groups Command Group Description Page Line Sets communication parameters fo r the serial port and T elnet, including baud rate and console time-out 4-10 General Basic commands for entering priv ileged access mode, [...]
-
Page 252
Command Line Interfa ce 4-10 4 The access mode shown in the followi ng tables is in dicated by these abbrev iations: ACL (Access Control List Configu ration) MST (Multiple S panning T ree) CM (Class Map Configuration) NE (Normal Exec) GC (Global Configuratio n) PE (Privileged Exec) IC (Interface Configurati on) PM (Policy Map Config uration) LC (Li[...]
-
Page 253
Line Comma nds 4-11 4 line This command identif ies a specific li ne for configuration, and to process subsequent line configu ration commands. Syntax line { console | vty } • console - Console termina l line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line . Command Mode Global Config[...]
-
Page 254
Command Line Interfa ce 4-12 4 - login selects authentication by a single global password as specified by the password line configuratio n command. When usin g this method, the management interface start s in Normal Exec (NE) mode. - login local selects authenti cation via the user name and password specified by the username command (i .e., default[...]
-
Page 255
Line Comma nds 4-13 4 during system bootup or when d ownloading the configura tion file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Related Commands login (4-1 1) password-thresh (4-14) timeout login response This command sets th e interval that the system waits for a user to log in to the CLI. Us[...]
-
Page 256
Command Line Interfa ce 4-14 4 Syntax exec-timeout [ seconds ] no exec-timeout seconds - Integer that specifies the number of seconds. (Range: 0-65535 seconds; 0: no timeout) Default Setting CLI: No timeout T elnet: 10 m inutes Command Mode Line Configuration Command Usage • If user input is detec ted within the timeout interval, the sessio n is [...]
-
Page 257
Line Comma nds 4-15 4 Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amou nt of time bef ore allowing th e next logon a ttempt. (Use the silent-time command to set this interval.) When this threshold i s reached for Telnet, the Telnet logon interface shuts down . • This command a[...]
-
Page 258
Command Line Interfa ce 4-16 4 Syntax da ta b i ts { 7 | 8 } no dat abits • 7 - Seven data bits per character. • 8 - Eight d ata bits per charact er. Default Setting 8 data bit s per character Command Mode Line Configuration Command Usage The data bit s command ca n be used to mask the high bit on inp ut from devices that generat e 7 data bit s[...]
-
Page 259
Line Comma nds 4-17 4 Example T o specify no parity , ente r this command: speed This command sets th e terminal line’ s baud rate. This command sets both the transmit (to t erminal) and rec eive (from terminal) sp eeds. Use the no form to restore the default sett ing. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, [...]
-
Page 260
Command Line Interfa ce 4-18 4 Example T o specify 2 st op bits, enter thi s command: disconnect This command termina tes an SSH, T elnet, or console con nection. Syntax disconnec t session-id session-id – The session identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecifying session [...]
-
Page 261
General Comma nds 4-19 4 Example T o sh ow all lines, enter this command: General Commands enable This command activates Pri vileged Exec mode. In privileged mode , additional commands are avail able, and cert ain commands display addi tional informat ion. See “Understandin g Command Modes” on page 4-5. Syntax enable [ level ] level - Privilege[...]
-
Page 262
Command Line Interfa ce 4-20 4 Default Setting Level 15 Command Mode Normal Exec Command Usage • “super” is the def ault password required t o change the comma nd mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on p age 4-26.) • The “#” character is appended to the end of the prompt to in[...]
-
Page 263
General Comma nds 4-21 4 configure This command activates Globa l Configuration mod e. Y ou must enter this mode to modify any settings on the switch. Y ou must also enter Global Config uration mode prior to enabling some of the oth er configuration mode s, including Interface Configuration, Line Conf iguration, and VLAN Dat abase Configuration. Se[...]
-
Page 264
Command Line Interfa ce 4-22 4 The ! command repeats commands from the Execution command history buf fer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer whe n you are in any of the configuration modes. In this example , the !2 command repeat s the second command in the Execution histo [...]
-
Page 265
General Comma nds 4-23 4 exit This command returns to the previous configuration mode or exit the conf iguration program. Default Setting None Command Mode Any Example This example shows how to return to the Pri vileged Exec mode from the Globa l Configuration mode, and then quit the CLI sess ion: quit This command exit s the configuration program.[...]
-
Page 266
Command Line Interfa ce 4-24 4 System Management Commands These commands are used to control system l ogs, passwords, user names, browser configuration options, and di splay or confi gure a variety of other system information. Device Designation Commands prompt This command customi zes the CLI promp t. Use the no form to restore the default prompt.[...]
-
Page 267
System Management Commands 4-25 4 Example hostname This command specifies or modif ies the host name for this dev ice. Use the no form to restore the de fault host n ame. Syntax hostname name no hostname name - The name of this host. (M aximum length: 255 characters) Default Setting None Command Mode Global Configurat ion Example User Access Comman[...]
-
Page 268
Command Line Interfa ce 4-26 4 • name - The name of the user . (Maximum length: 8 charact ers, case sensitive. Maximum users: 16) • access-level level - Specifies the user lev el. The device has two predefin ed privilege levels: 0 :N o r m a lE x e c , 15 : Privileged Exec. • nopassword - No password is required for this user to log in. •{ [...]
-
Page 269
System Management Commands 4-27 4 • password - password for this privil ege level. (Maximum length: 8 characters pl ain text, 32 encrypted, cas e sensitive) Default Setting • The default is leve l 15. • The default password is “supe r” Command Mode Global Configurat ion Command Usage • You cannot set a null password. You will have to en[...]
-
Page 270
Command Line Interfa ce 4-28 4 • telnet-clie nt - Adds IP address(es) to the T elnet group. • start-address - A single IP address, or the st arting address of a range. • end-address - The end address of a range . Default Setting All addresses Command Mode Global Configurat ion Command Usage • If anyone tries t o access a management i nterfa[...]
-
Page 271
System Management Commands 4-29 4 Example Web Server Commands ip http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default p ort. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 80 Command[...]
-
Page 272
Command Line Interfa ce 4-30 4 Example Related Commands ip http server (4-30) ip http server This command allows this device to be moni tored or config ured from a browser . Use the no form to disable t his function. Syntax [ no ] ip http server Default Setting Enabled Command Mode Global Configurat ion Example Related Commands ip http port (4 -29)[...]
-
Page 273
System Management Commands 4-31 4 • When you start HTTPS, the connection is established in this way: - The client authenticates th e server using the server’s digita l certificate. - The client and server negotiate a set of sec urity protocols to use for the connection. - The client and server generate sess ion keys for encrypting and d ecrypti[...]
-
Page 274
Command Line Interfa ce 4-32 4 • If you change the HTTPS port number, cl ients attempting to conn ect to the HTTPS server must specify the port number in the URL, in t his format: https:// device : port_number Example Related Commands ip http secure-server (4-30) Telnet Server Commands ip telnet port This command specifi es the TCP port number us[...]
-
Page 275
System Management Commands 4-33 4 ip telnet server This command allows thi s device to be monitored or config ured from T elnet. Use the no form to d isable this f unction. Syntax [ no ] ip telnet server Default Setting Enabled Command Mode Global Configurat ion Example Related Commands ip telnet port (4 -32) Secure Shell Comma nds The Berkley-st a[...]
-
Page 276
Command Line Interfa ce 4-34 4 The SSH server on this switch supp orts both p assword and public key authenticati on. If p assword authentication is spec ified by the SSH client, then the password can be authe nticated either loca ll y or via a RADIUS or T ACACS+ remote authenticati on server , as specified by the authentication login command on pa[...]
-
Page 277
System Management Commands 4-35 4 firmware only accept s public key fi les based on st andard UNIX format as shown in the fo llowing e xample for an RSA V ersi on 1 ke y: 1024 35 13410816856098939 210409449201 554253476316 41921872958 921 143173880 0555361616 310517759408 3868631 10929 123222682851 92543746031 00937187721 19 9 6963178136 6277414168[...]
-
Page 278
Command Line Interfa ce 4-36 4 • The SSH server uses DS A or RSA for key exchange when the cli ent first establishes a connection with the swi tch, and then negotiates wit h the client to select either DES (56-bit ) or 3DES (168-bit) for data encryption. • You must generate the host key bef ore enabling the SSH server. Example Related Commands [...]
-
Page 279
System Management Commands 4-37 4 ip ssh authentication-retries This command configures the numb er of times the SSH server attempt s to reauthen ticate a user . U se the no form to restore the default setting. Syntax ip ssh authentication-retries count no ip ssh authenticati on-retries count – The number of authentication attemp ts permitted af [...]
-
Page 280
Command Line Interfa ce 4-38 4 delete p ublic-key This command deletes the speci fied user’s public key . Syntax delete publi c-key username [ dsa | rsa ] • username – Name of an SSH us er . (Range: 1-8 c haracters) • dsa – DSA public key type. • rsa – RSA public key type. Default Setting Deletes both the DSA an d RSA key . Command Mo[...]
-
Page 281
System Management Commands 4-39 4 Related Commands ip ssh crypto zeroize (4-39) ip ssh save host-key (4-39) ip ssh crypto zeroize This command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [ dsa | rsa ] • dsa – DSA key type. • rsa – RSA key type. Default Setting Clears both the DSA and RSA key . Command Mode Privi[...]
-
Page 282
Command Line Interfa ce 4-40 4 Example Related Commands ip ssh crypto host-key generate (4-38) show ip ssh This command displays the conn ection settings used when authenticating clien t access to the SSH server . Command Mode Privileged Exec Example show ssh This command displays the current SSH server connect ions. Command Mode Privileged Exec Ex[...]
-
Page 283
System Management Commands 4-41 4 show public-key This command shows the publi c key for the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no para meters are entered[...]
-
Page 284
Command Line Interfa ce 4-42 4 Example Console#show public-key host Host: RSA: 1024 35 156849954018676692593339467750546173253 1367489083654725415020245593199868 544358361651999923329781766065830958610 8259132128902337654680172627257141 342876294130119619556678259566410486957 4278881462065194174677298486546861 57177393901647793559423035774130980227[...]
-
Page 285
System Management Commands 4-43 4 Event Logging Commands logging on This command controls logging of error messag es, sending debug or error messages to switch memory . The no form disables the l ogging process. Syntax [ no ] logging on Default Setting None Command Mode Global Configurat ion Command Usage The logging process control s error message[...]
-
Page 286
Command Line Interfa ce 4-44 4 logging history This command limi ts syslog messages saved to switch memory based on severity . The no form return s the logging of syslog messag es to the default level . Syntax logging histo ry { flash | ram } level no logging history { flash | ram } • flash - Event hist ory stored in flash memory (i.e., p ermanen[...]
-
Page 287
System Management Commands 4-45 4 logging ho st This command adds a syslog server host IP address t hat will receive l ogging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server . Default Setting None Command Mode Global Configurat ion Command Usage[...]
-
Page 288
Command Line Interfa ce 4-46 4 logging tra p This command enables the logging of system messages to a remote server , or limits the syslog messages saved to a remote server based on severity . Use this command without a specif ied level to enable re mote logging. Use the no form to disable remote loggi ng. Syntax logging trap [ le vel ] no logging [...]
-
Page 289
System Management Commands 4-47 4 Related Commands show logging (4-47) show logging This command displays the conf iguration settin gs for logging messages t o local switch memory , to an SMTP event handler , or to a remote syslog server . Syntax show logging { flash | ram | sendmail | trap } • flash - Displays settings for storing event messages[...]
-
Page 290
Command Line Interfa ce 4-48 4 The following example dis plays settings for the tr ap function. Related Commands show logging s endmail (4-52) show log This command displays the system and event messages stored in memory . Syntax show log { flash | ram } [ lo gin ] [ tai l ] • flash - Event hist ory stored in flash memory (i.e., p ermanent memory[...]
-
Page 291
System Management Commands 4-49 4 Example The following example shows sampl e messages stored in RAM. SMTP Alert Commands These commands configure SMTP event handl ing, and forwarding of alert messages to th e specified SMTP se rvers and email recipient s. logging sendmail ho st This command specif ies SMTP servers that wi ll be sent al ert message[...]
-
Page 292
Command Line Interfa ce 4-50 4 Command Mode Global Configurat ion Command Usage • You can specify up to three SMTP servers for event han ding. However, you must enter a separate command to speci fy each server. • To send email a lerts, the swi tch first opens a connection , sends all the email alerts waiting in the queue one by one, and finall [...]
-
Page 293
System Management Commands 4-51 4 logging sendmail source- email This command sets th e email address used for the “From” fiel d in alert messages. Use the no form to delet e the source email address. Syntax [no] logging se ndmail sour ce-email email-address email-address - The source email address used in alert messages. (Range: 0-41 character[...]
-
Page 294
Command Line Interfa ce 4-52 4 logging s endmail This command enables SMTP even t handling. Use the no form to disable this function. Syntax [ no ] logging se ndmail Default Setting Enabled Command Mode Global Configurat ion Example show logging sendmail This command displ ays the settings for the SMTP event handler . Command Mode Normal Exec, Priv[...]
-
Page 295
System Management Commands 4-53 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP). Maintaini ng an accurate time on the swit ch enables the system log to record meaningful dates and t imes for event entries. If th e clock is not set, the switch will only record the time from the factor[...]
-
Page 296
Command Line Interfa ce 4-54 4 Example Related Commands sntp server (4-54) sntp poll (4 -55) show sntp (4-55) sntp server This command sets th e IP address of the se rvers t o which SNTP time request s are issued. Use the this comman d with no argument s to clear all time servers from the current list. Syntax sntp server [ ip1 [ ip2 [ ip3 ]]] ip - [...]
-
Page 297
System Management Commands 4-55 4 sntp poll This command sets th e interval between sending time request s when the switch is set to SN TP client mod e. Use the no form to restore to the default . Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode Global [...]
-
Page 298
Command Line Interfa ce 4-56 4 clock timezone This command sets th e time zone for the switch’ s internal clock. Syntax clock timezone name hour hours mi nute minutes { before-utc | after-utc } • name - Name of timezone, usua lly an acronym. (Range: 1-29 charac ters) • hours - Number of hours before/after UTC. (Range: 0-12 hours) • minutes [...]
-
Page 299
System Management Commands 4-57 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the syste m clock to 15:12:34, April 1st , 2004. show calend ar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileg ed Exec Example System Status Commands show startu p-config This com[...]
-
Page 300
Command Line Interfa ce 4-58 4 Command Usage • Use this command i n conjunction wi th the show runni ng-config command to compare the inf ormation in runni ng memory to the information stored in non-volatile me mory. • This command displays se ttings for key command mod es. Each mode group is separated by “!” symbols, and includes the confi[...]
-
Page 301
System Management Commands 4-59 4 Related Commands show running-confi g (4-59) show running-con fig This command displays the conf iguration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjuncti on with the show startup-config command to compare the inf ormation in runni ng m[...]
-
Page 302
Command Line Interfa ce 4-60 4 Example Related Commands show startup-con fig (4-57) Console#show running-config building startup-config, please wait... .. ! phymap 00-12-cf-ce-2a-20 00-00-00-00-00 -00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00- 00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 ! [...]
-
Page 303
System Management Commands 4-61 4 show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this command, refer to “Displayi ng System Information” o n page 3-10. • The POST results should all disp lay “PASS.” If any POST[...]
-
Page 304
Command Line Interfa ce 4-62 4 Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., sessi on) index number . Example show version This command displays hardware and sof tware version information fo r the system. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage S[...]
-
Page 305
System Management Commands 4-63 4 Example Frame Size Commands jumbo frame This command enables suppo rt for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configurat ion Command Usage • This switch p rovides more effi cient throughput for large sequen tial data transfers by supp[...]
-
Page 306
Command Line Interfa ce 4-64 4 • Enabling jumbo frames will limit the maximum thre shold for broadcast storm control to 64 packets pe r second. (See the switchport broadcast command on page 4-122.) • The current settin g for jumbo frames c an be displayed wi th the show syste m command (page 4-61). Example Flash/File Commands These commands are[...]
-
Page 307
Flash/File Co mmands 4-65 4 • https-certificate - Copi es an HTTPS certificate from an TFTP server to the switch. • public-key - Keyword that allows you to copy a SSH key from a TFTP server. (“Secure Shel l Commands” o n page 4-33) • unit - Keyword that allows you to copy to/from a unit. Default Setting None Command Mode Privileged Exec C[...]
-
Page 308
Command Line Interfa ce 4-66 4 Example The following example shows how to up load the configurati on settings to a file on the TFTP server: The following example shows how to cop y the running configur ation to a startup f ile. The following example shows how to do wnload a configuration file: This example shows how to copy a secure-site certificat[...]
-
Page 309
Flash/File Co mmands 4-67 4 This example shows how to copy a public-ke y used by SSH from a TFTP server . Note that public key authen tication via SSH is only supported for users configured locally on the switch: delete This command deletes a file or image. Syntax delete [ unit :] filename filename - Name of the configuration file or image name. un[...]
-
Page 310
Command Line Interfa ce 4-68 4 dir This command displays a list of files in flash memory . Syntax dir [ unit :] {{ b oot-rom: | co nfig: | opcode: } [: file name ]} The type of file or image to dis play includes: • boot-rom - Boot ROM (or diagnostic) image file. • config - Switch configuration file. • opcode - Run-time operation code image fi[...]
-
Page 311
Flash/File Co mmands 4-69 4 whichboo t This command displ ays which files were booted when t he system powere d up. Syntax whichboot [ unit ] unit - St ac k unit. (Always unit 1) Default Setting None Command Mode Privileged Exec Example This example shows the informat ion displayed by the whichboot command. See the tabl e under the dir command for [...]
-
Page 312
Command Line Interfa ce 4-70 4 Command Usage • A colon (:) i s required af ter the specif ied unit number and file ty pe. • If the file c ontains an error, it cannot be set as the defa ult file. Example Related Commands dir (4-6 8) whichboot (4-69) Authentication Commands Y ou can configure this switch to authen ti cate users logging into the s[...]
-
Page 313
Authentication Commands 4-71 4 authentication login This command define s the login aut hentication method and precedence. Use t he no form to restore the default. Syntax authentication log in {[ local ] [ radi us ] [ t acacs ]} no authentication login • local - Use local password. • radius - Use RADIUS server password. • t acacs - Use TACACS[...]
-
Page 314
Command Line Interfa ce 4-72 4 authentication enable This command defines the authent ication method and prece dence to use when changing from Exec command mode to Priv ileged Exec command mode with the enable command (see page 4- 19). Use the no form to restore t he defaul t. Syntax authentication enable {[ local ] [ radius ] [ taca cs ]} no authe[...]
-
Page 315
Authentication Commands 4-73 4 Command Usage • RADIUS uses UDP while T ACACS+ uses TCP . UDP only offers best ef fort delivery , while TCP offers a connect ion-oriented transport. Also, note that RADIUS encrypts only the password in the acc ess-request packet from the client to the server, whi le TACACS+ encrypts the entire body of th e packet. ?[...]
-
Page 316
Command Line Interfa ce 4-74 4 radius-server host This command specifies primary an d backup RADIUS servers and authenticati on parameters that apply to each server . Use the no form to restore the default values. Syntax [ no ] radius-server index host { host_ip_address | host_ alias } [ auth-port auth_port ] [ timeout timeout ] [ retransmit retr a[...]
-
Page 317
Authentication Commands 4-75 4 Command Mode Global Configurat ion Example radius-server key This command sets th e RADIUS encryption key . Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate log on access for client. Do not use blank spaces in the string. [...]
-
Page 318
Command Line Interfa ce 4-76 4 radius-server timeout This command sets th e interval between transmitting authent ication request s to the RADIUS server . Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the s witch waits for a reply before resendin[...]
-
Page 319
Authentication Commands 4-77 4 TACACS+ Client T erminal Access Co ntroller Access Control System (T ACACS+) is a logon authenticati on protocol that uses sof tware running on a central server to control access to T ACACS-aware devices on the network. An authenti cation server contains a databa se of multiple user name/p assword pairs with associate[...]
-
Page 320
Command Line Interfa ce 4-78 4 Command Mode Global Configurat ion Example tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to restore th e default. Syntax t acacs-server key key _string no t acacs-server key key_string - Encryption key used to authenticate log on access for the client. Do not use blank spaces in th[...]
-
Page 321
Authentication Commands 4-79 4 Port Security Commands These commands can be used to enable port securi ty on a port. When using port security , the switch stops learning new MAC addresses on the specified port when it has reached a co nfigured maximum nu mber . Only incoming traff ic with source addresses already s t ored in the dynamic or s tatic [...]
-
Page 322
Command Line Interfa ce 4-80 4 Command Usage • If you enable po rt security, th e switch stop s learning new MAC addresses on the specified port when it has reached a configured maximum number. Onl y incoming traffi c with source addresses al ready stored in the dyna mic or static address table wi ll be accepted . • First use th e port security[...]
-
Page 323
Authentication Commands 4-81 4 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authenticati on. Client authenti cation is controlled cent rally by a RADIUS server using EAP (Extensible Authent ication Prot[...]
-
Page 324
Command Line Interfa ce 4-82 4 dot1x default This command sets al l configurable dot1x global and port settings to thei r default values. Command Mode Global Configurat ion Example dot1x max-req This command sets th e maximum number of times the switch port will ret ransmit an EAP request/identity p acket to the client before it times out the auth [...]
-
Page 325
Authentication Commands 4-83 4 Default force-authorized Command Mode Interface Configur ation Example dot1x operation-mode This command allows singl e or multiple host s (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to resto re the default to single host. Use th e no form with th e multi-host max-cou nt keyword[...]
-
Page 326
Command Line Interfa ce 4-84 4 dot1x re-authenticate This command forces re-authenticat ion on all ports or a specific interface. Syntax dot1x re-authenticate [ inte rface ] interface • ethernet unit / port - unit - Stack unit. (Al ways unit 1) - port - Port number. (Range: 1-26/50) Command Mode Privileged Exec Example dot1x re-authentication Thi[...]
-
Page 327
Authentication Commands 4-85 4 Command Mode Interface Configur ation Example dot1x timeout re-authperiod This command sets the time perio d after which a connected cl ient must be re-authenticated. Syntax dot1x timeout re-authperio d seconds no dot1x timeout re-aut hperiod seconds - The number of seconds. (Range: 1-65535) Default 3600 seconds Comma[...]
-
Page 328
Command Line Interfa ce 4-86 4 Example show dot1x This command shows general port aut hentication related set tings on the switch or a specific interface. Syntax show dot1x [ statistics ] [ interface interface ] • statistics - Displays dot1x status for each port. • interface • ethernet unit / port - unit - S tack un it. (Always unit 1) - port[...]
-
Page 329
Authentication Commands 4-87 4 • 802.1X Port Details – Displays the port access control parameters f or each interface, incl uding the following i tems: - reauth-enabled – Periodic re-authenticati on (page 4-84). - reauth-period – Time after which a connecte d client must be re-authenticated (pag e 4-85). - quiet-period – T ime a port wai[...]
-
Page 330
Command Line Interfa ce 4-88 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mod e Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes . . . 1/26 disabled Single-Host ForceAuthorized n/a 802.1X Port Details 802.1X is disabled o[...]
-
Page 331
Access Contro l List Comm ands 4-89 4 Access Control List Commands Access Control List s (ACL) provide packet fi ltering for IP fr ames (based on add ress, protocol, or Laye r 4 protocol port numb er) or any frames (based on MAC address or Ethernet type). To f ilter packets, first create an access list, a dd the required ru les and then bind the li[...]
-
Page 332
Command Line Interfa ce 4-90 4 IP ACLs access-list ip This command adds an IP access list and enters configurat ion mode for st andard or extended IP ACLs. Us e the no form to remove the specified ACL. Syntax [ no ] access-li st ip { standard | extended } acl_name • standard – Specif ies an ACL that filters packets based on the so urce IP addre[...]
-
Page 333
Access Contro l List Comm ands 4-91 4 Related Commands permit, deny 4-91 ip access-group (4-93) show ip access-li st (4-93) permit , deny (Standard ACL) This command adds a rule to a S tandard IP ACL. The rule sets a filter conditio n for packet s emanating from the specified source. Us e the no form to re move a rule. Syntax [ no ] { permit | deny[...]
-
Page 334
Command Line Interfa ce 4-92 4 Syntax [ no ] { permit | deny } [ protocol - number | ud p ] { any | source address-bitmask | host source } { any | destination address-bit mask | host desti nation } [ source-port sport [ end ]] [ destination-port dpor t [ end ]] [ no ] { permit | deny } tcp { any | source address-bitmask | host source } { any | dest[...]
-
Page 335
Access Contro l List Comm ands 4-93 4 This allows TCP packet s from class C addresses 192.168.1.0 to any desti nation address when set for desti natio n TCP port 80 (i.e., HTTP). Related Commands access-list ip (4-90) show ip access-list This command displays the ru les for configured IP ACLs. Syntax show ip access-list { st andard | extended } [ a[...]
-
Page 336
Command Line Interfa ce 4-94 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with the new one. • You must configure a mask for an ACL rule bef ore you can bind it to a port. Example Related Commands show ip access-li st[...]
-
Page 337
Access Contro l List Comm ands 4-95 4 MAC ACLs The commands in this section configure ACLs based on hardware address es, packet f ormat, and Ethernet type. T o configure MAC ACLs, first creat e an access list containi ng the required permit or deny rules, and th en bind the access list to one or more port s access-list mac This command adds a MAC a[...]
-
Page 338
Command Line Interfa ce 4-96 4 permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rul e filters p ackets matching a specified MAC source or destinat ion address (i.e., physical layer address), or Ethernet protocol ty pe. Use the no form to remove a rule. Syntax [ no ] { permit | deny } { any | host source | source address-bitm ask }[...]
-
Page 339
Access Contro l List Comm ands 4-97 4 Default Setting None Command Mode MAC ACL Command Usage • New rules are added to the en d of the list. • The ethertype option can only be used to filt er Ethernet II forma t ted packets. • A detailed listi ng of Ethernet protocol types can be found in RFC 1060. A few of the more common ty pes include the [...]
-
Page 340
Command Line Interfa ce 4-98 4 mac access-group This command binds a port to a MAC ACL. Use the no form to remove the port. Syntax mac access-group acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this l ist applies to ingress pac kets. Default Setting None Command Mode Interface Configur ation[...]
-
Page 341
Access Contro l List Comm ands 4-99 4 ACL Information show access-list This command shows all ACLs and associated rules, as wel l as all the us er-defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interf ace (i.e., the ACL is active), t he order in which the rules are disp layed is determined by th e associated m[...]
-
Page 342
Command Line Interfa ce 4-100 4 SNMP Commands Controls access to thi s switch from management stations us ing the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP V ersion 3 also provides securit y features that cover message integ rity , authenticati on, and encryption; as well as controllin g user [...]
-
Page 343
SNMP Commands 4-101 4 snmp-server This command enables the SNMPv3 engine and se rvices for all management cli ents (i.e., versions 1, 2c, 3). Use th e no form to disable the server . Syntax [ no ] snmp-serve r Default Setting Enabled Command Mode Global Configurat ion Example show snmp This command can be used to check the st atus of SNMP co mmunic[...]
-
Page 344
Command Line Interfa ce 4-102 4 Example snmp-server community This command defines the SNMP v1 and v2c community access string. Use th e no form to remove the specified commun ity string. Syntax snmp-server community string [ ro | rw ] no snmp-server community string • string - Community string that acts like a pass word and permits access to the[...]
-
Page 345
SNMP Commands 4-103 4 • private - Read/write access. Authorize d management stations are able to bo th retrieve and modify MIB ob jects. Command Mode Global Configurat ion Example snmp-server contact This command set s the system contact string. Use the no form t o remove the system cont act informati on. Syntax snmp-server cont act string no snm[...]
-
Page 346
Command Line Interfa ce 4-104 4 Command Mode Global Configurat ion Example Related Commands snmp-server contact (4-103) snmp-server host This command specifies the recipient of a Simple Ne twork Management Protocol notificati on operation. Use the no form to remove the sp ecified host. Syntax snmp-server host host-addr [ inform [ retry retries | ti[...]
-
Page 347
SNMP Commands 4-105 4 • SNMP Version: 1 • UDP Port: 162 Command Mode Global Configurat ion Command Usage • If you do not en ter an snmp-server host command, no notificati ons are sent. In order to conf igure the switch to sen d SNMP notification s, you must enter at least one snmp-s erver host command. In order t o enable multipl e hosts, you[...]
-
Page 348
Command Line Interfa ce 4-106 4 supports. If t he snmp-server host command does not speci fy the SNMP version, the def ault is to send SNMP version 1 notif ications. • If you specify an SNMP Version 3 host , then the community stri ng is interpreted as an SNMP user name. If you use th e V3 “auth” or “priv” options, the user name must firs[...]
-
Page 349
SNMP Commands 4-107 4 conjunction with the corresponding entries in the Noti fy View assigned by the snmp-server group command (page 4-110). Example Related Commands snmp-server host (4-104) snmp-server engine-id This command configures an ident ification string fo r the SNMPv3 engine. Use the no form to restore the default. Syntax snmp-server engi[...]
-
Page 350
Command Line Interfa ce 4-108 4 fill the octet . For example, enterin g the value “123456789 ” results in an engin e ID of “123456 7890.” • A local engine ID is automatical ly generated t hat is unique to the switch. This is referred to as th e default engine ID. If the local engine I D is deleted or changed, all SNMP users will be cleare[...]
-
Page 351
SNMP Commands 4-109 4 snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view . Syntax snmp-server view view-name oid-tr ee { included | excluded } no snmp-server view view-name • view-name - Name of an SNMP view. (Range: 1-64 characters) • oid-tree - Object identi fier of a [...]
-
Page 352
Command Line Interfa ce 4-110 4 show snmp view This command shows information on t he SNMP views. Command Mode Privileged Exec Example snmp-server group This command adds an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP grou p. Syntax snmp-server group groupname { v1 | v2c | v3 { auth | noaut h | priv }} [ read rea[...]
-
Page 353
SNMP Commands 4-111 4 Default Setting • Default groups: publ ic 17 (read only), private 18 (read/write) • readview - Every object belonging to the Internet OID space (1.3.6.1). • writeview - Nothin g is defined. • notifyvie w - Nothing is defined. Command Mode Global Configurat ion Command Usage • A group sets the access poli cy for the a[...]
-
Page 354
Command Line Interfa ce 4-112 4 show snmp group Four default group s are provided – SNMP v1 read-only access and read/wri te access, and SNMPv2c read-only access and read/write access. Command Mode Privileged Exec Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview Write View: daily Notify View: none Stor[...]
-
Page 355
SNMP Commands 4-113 4 snmp-server user This command adds a user to an SNMP g roup, restricting the user to a specific SNMP Read, W rite, or Notify V iew . Use the no form to remove a user f rom an SNMP group. Syntax snmp-server user username groupname [ remote ip-address ] { v1 | v2 c | v3 [ encrypted ] [ auth { md5 | sha } auth-password [ priv des[...]
-
Page 356
Command Line Interfa ce 4-114 4 Default Setting None Command Mode Global Configurat ion Command Usage • The SNMP engine ID is used to compu te the authenticat ion/privacy digest s from the password. You should theref ore configure the engine ID with the snmp-server engine-id command bef ore using this confi guration command. • Before you config[...]
-
Page 357
SNMP Commands 4-115 4 show snmp user This command shows information on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active SNMP remote user EngineId: 80000000030004e2b316c54321 U[...]
-
Page 358
Command Line Interfa ce 4-116 4 Interface Commands These commands are used to display or set co mmunication pa rameters for an Ethernet port, aggregate d link, or VLAN. interface This command configures an in terface type and enter interface configuration mode . Use the no form to remove a trunk. Syntax interface interface no interface port-cha nne[...]
-
Page 359
Interface Commands 4-117 4 Command Mode Global Configurat ion Example T o speci fy port 24, enter t he following command: description This command adds a description t o an interface. Use the no form to remo ve the description. Syntax description string no description string - Comment or a d escription to help you remember what is attached to this [...]
-
Page 360
Command Line Interfa ce 4-118 4 Default Setting • Auto-negotiat ion is enabled by default . • When auto-negoti ation is disabl ed, the default speed-duplex setti ng is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports. Command Mode Interface Co nfiguration (Et hernet, Po rt Channel) Command Usage • To force operation to the[...]
-
Page 361
Interface Commands 4-119 4 • If autonegoti ation is disabled, au to-MDI/MDI-X pin signal confi guration will also be disabled for the RJ-45 ports. Example The following example conf igures port 1 1 to use autonegotiation. Related Commands capabili ties (4-1 19) speed-duplex (4 -1 17) capabilities This command advertises the port capabilit ies of [...]
-
Page 362
Command Line Interfa ce 4-120 4 Example The following example configures Etherne t port 5 cap abilities to 10 0half, 100full and flow cont rol. Related Commands negotiation (4-1 18) speed-duplex (4 -1 17) flowcontrol (4-120 ) flowcontrol This command enable s flow control. Use the no form to disable flow control. Syntax [ no ] flowcontrol Default S[...]
-
Page 363
Interface Commands 4-121 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-1 18) capabilities (flowc ontrol, symmetri c) (4-1 19) shutdown This command disables an int erface. T o rest art a disabled interface, use the no form. Syntax [ no ] shut down Default Setting All interfaces are enabled. Command[...]
-
Page 364
Command Line Interfa ce 4-122 4 switchport broad cast packet-rate This command confi gures broadcast storm co ntrol. Use the no form to disable broadcast storm contro l. Syntax switchport broadcast octet-rate rate no switchport broadcast rate - Threshold l evel as a ra te; i.e. , kilobits per second. (Range: 500-262143) Default Setting Enabled for [...]
-
Page 365
Interface Commands 4-123 4 Command Mode Privileged Exec Command Usage S tatistics are only in itialized for a power re set. This command sets t he base value for displayed st atistics to zero for the current management sess ion. However , if you log o ut and back int o the management int erface, the st atistics displayed will sh ow the absolute val[...]
-
Page 366
Command Line Interfa ce 4-124 4 Example show interfaces counters This command displays inte rface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (Al ways unit 1) - port - Port number. (Range: 1-26/50) • port-cha nnel channel-id (Range: 1-32) Default Setting Shows the counters for [...]
-
Page 367
Interface Commands 4-125 4 Example show interfaces switchport This command displays the admi nistrative and ope rational st atus of the specif ied interface s. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit. (Al ways unit 1) - port - Port number. (Range: 1-26/50) • port-cha nnel channel-id ([...]
-
Page 368
Command Line Interfa ce 4-126 4 Example This example shows the configu ration setting for port 24. Console#show interfaces switchport ethe rnet 1/24 Broadcast threshold: Enabled , 500 packets/second LACP status: Enabled Ingress Rate Limit: Disable d, 100000 Kbits per second Egress Rate Limit: Disable d, 100000 Kbits per second VLAN membership mode:[...]
-
Page 369
Mirror Port Commands 4-127 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion. Use the no form to clear a mirror session. Syntax port monitor in terface [ rx | tx ] no port monit or interface • interface - ethernet unit / port (source por[...]
-
Page 370
Command Line Interfa ce 4-128 4 Example The following example conf igures the switch to mi rror received packet s from port 6 to 1 1: show port mo nitor This command displays mirror informa tion. Syntax show port monit or [ interf ace ] interface - ethernet unit / port (source port) • unit - Stack unit. (Always uni t 1) • port - Port number. (R[...]
-
Page 371
Rate Limit Co mmands 4-129 4 Rate Limit Commands This function allows th e network manager to cont rol the maximum rate for tr affic received on an interface. Rate limiting i s configured on interfaces at the edge of a network to limit traff ic into or out of t he network. T raffic th at falls within t he rate limit i s transmitted, whil e packet s[...]
-
Page 372
Command Line Interfa ce 4-130 4 Link Aggregation Commands Ports can b e statical ly grouped into an aggregate link (i.e., t runk) to increase the bandwidth of a network connection or to ensure fault recovery . Or you can use the Link Aggregation Contro l Protocol (LACP) to automatic ally negotiate a trunk l ink between this swit ch and another netw[...]
-
Page 373
Link Aggregation Commands 4-131 4 Guidelines for Cre ating Trunks General Guidelines – • Finish configuri ng port trunks b efore you connect the correspond ing network cables between swit ches to avoid creating a loop. • A trunk can have up to eight port s. • The ports at both ends of a connect ion must be configured as trunk port s. • Al[...]
-
Page 374
Command Line Interfa ce 4-132 4 Example The following example creat es trunk 1 and then adds port 1 1: lacp This command enables 802.3ad Link Aggrega tion Control Prot ocol (LACP) for the current inte rface. Use the no form to disable it . Syntax [ no ] lacp Default Setting Disabled Command Mode Interface Configur ation (Eth ernet) Command Usage ?[...]
-
Page 375
Link Aggregation Commands 4-133 4 Example The following shows LACP enabled on port s 1 1-13. Because LACP has also been enabled on the port s at the other end of the li nks, the show interfa ces status port-cha nnel 1 command shows that T runk 1 has been established. lacp system-priority This command configures a port's LACP system priority . [...]
-
Page 376
Command Line Interfa ce 4-134 4 Command Mode Interface Configur ation (Eth ernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined wit h the switch’s MAC address to form the LAG identifier. This ident ifier is used to indicate a specific LAG during LACP negotiations with[...]
-
Page 377
Link Aggregation Commands 4-135 4 • Once the remote side of a link ha s been established, LACP operation al settings are already in use on that side. Configurin g LACP settings for the partner only app lies to its administ rative state, not its ope rational state, and will only take effe ct the next time an aggregate li nk is established with th [...]
-
Page 378
Command Line Interfa ce 4-136 4 lacp port-priori ty This command configures LACP port priori ty . Use the no form to resto re the def ault setting. Syntax lacp { actor | pa r t n er } port-priority priority no lacp { actor | pa r t n e r } port-pri ority • actor - The local side an aggregat e link. • partner - The remote side of an aggregate li[...]
-
Page 379
Link Aggregation Commands 4-137 4 Default Setting Port Channel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel : 1 --------------------------------------- ---------------------------------- Eth 1/ 1 --------------------------------------- ---------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 [...]
-
Page 380
Command Line Interfa ce 4-138 4 T able 4-48 show lacp internal - display desc ription Field Description Oper Key Current operational value of the ke y for the aggregation port. Admin Key Current administrative valu e of the key for the aggregation port. LACPDUs Internal Number of seconds before inva lidating received LACPDU information. LACP System[...]
-
Page 381
Link Aggregation Commands 4-139 4 T able 4-49 show lacp neighbors - display description Field Description Partner Admin System ID LAG partner’s system ID assign ed by the user . Partner Oper Syst em ID LAG partner’s sys tem ID assigned by the LACP protocol. Partner Admin Port Number Current administrati ve value of the port number for the proto[...]
-
Page 382
Command Line Interfa ce 4-140 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearing the t able, or setting the aging time. mac-address-table static This command maps a static address to a destination port in a VLAN. Us e the no form to remove an addr[...]
-
Page 383
Address T able Commands 4-141 4 Command Usage The static add ress for a host device can be assig ned to a specific port within a specific VLAN. Use this co mmand to add static ad dresses to the MAC Address T abl e. S tatic addresses have the fol lowing characterist ics: • Static addresses wi ll not be removed from the address ta ble when a given [...]
-
Page 384
Command Line Interfa ce 4-142 4 • sort - Sort by address, vlan or interface. Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contai ns the MAC addresses associated with eac h interface. Note tha t the Type field may include t he following types: - Learned - Dynamic address entries - Permanent - Static ent[...]
-
Page 385
Address T able Commands 4-143 4 Example show mac-address -table aging-time This command shows the aging time for entri es in the address ta ble. Default Setting None Command Mode Privileged Exec Example Console(config)#mac-address-table aging -time 100 Console(config)# Console#show mac-address-table aging-ti me Aging time: 100 sec. Console#[...]
-
Page 386
Command Line Interfa ce 4-144 4 Spanning Tree Commands This section includes co mmands that configure the S panning T ree Algorithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. T able 4-52 Spanning T ree Commands Command Fu nction Mode Page spanning-tree Enables the spanning tree protocol GC 4-145 spa[...]
-
Page 387
Spanning Tree Commands 4-145 4 spanning-tr ee This command enables the S panning T ree Algorithm globally for the switch. Use t he no form to disable it. Syntax [ no ] sp anning-tree Default Setting S panning tree is enabl ed. Command Mode Global Configurat ion Command Usage The S panning T ree Algorithm (ST A) can be used to detect and disable net[...]
-
Page 388
Command Line Interfa ce 4-146 4 - This creates one spanning tree instance f or the entire network. If mult iple VLANs are implemented on a netwo rk, the path between spec ific VLAN members may be inadvertently disabled to prevent network loops, thus isolating gro up members. When opera ting multiple VL ANs, we recommend selecting the MSTP opt ion. [...]
-
Page 389
Spanning Tree Commands 4-147 4 Command Usage This command sets the maxi mum time (in seconds) the root device will wait before changing states (i.e., discarding to learning to forwarding). This delay i s required because every device mu st receive informat ion about to pology changes before it st arts to forward frames. In addi tion, each port nee [...]
-
Page 390
Command Line Interfa ce 4-148 4 spanning-tr ee max-age This command configures the sp anning tree bridge maximum age globally for t his switch. Use the no form to restore the defaul t. Syntax sp anning-tree max-age second s no spanning-tree max-age seconds - T ime in seconds. (Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello[...]
-
Page 391
Spanning Tree Commands 4-149 4 Default Setting 32768 Command Mode Global Configurat ion Command Usage Bridge priority is used in sel ecting the root de vice, root port, and desi gnated port. The device with the highest priority (i.e., lower numeric value) becomes the ST A root device. However , if all devices h ave the same priority , the device wi[...]
-
Page 392
Command Line Interfa ce 4-150 4 spanning-tree tran smission-limit This command configures the min imum interval between the tra nsmission of consecutive RSTP/MSTP BPDUs. Use the no form to restore the def ault. Syntax sp anning-tree tr ansmission-li mit count no sp anning-tree tr ansmis sion-limit count - The transmission limit in seconds. (Range: [...]
-
Page 393
Spanning Tree Commands 4-151 4 mst vlan This command adds VLANs t o a spanning tree insta nce. Use the no fo rm to remove the specified VLANs. Usin g the no form wit hout any VLAN p a ramet ers to remove all VLANs. Syntax [ no ] mst instance_ id vlan vlan-ra nge • instance_id - Instance ident ifier of the s panning tree. (Range: 0-4094) • vlan-[...]
-
Page 394
Command Line Interfa ce 4-152 4 Default Setting 32768 Command Mode MST Configuration Command Usage • MST priority is used in selecting the root bridge and al ternate bridge of the specified insta nce. The device with the highest priority (i. e., lowest numerical value) becomes the MSTI root device. Howev er, if all devices have the same priority,[...]
-
Page 395
Spanning Tree Commands 4-153 4 revisi on This command confi gures the revisio n number for thi s multiple sp anning tree configurati on of this switch. Use the no form to restore th e default. Syntax revision number number - Revision number of the spanning tree. (Range: 0-65535) Default Setting 0 Command Mode MST Configuration Command Usage The MST[...]
-
Page 396
Command Line Interfa ce 4-154 4 specify the maximum number of bri dges that will prop agate a BPDU. Each bridge decrement s the hop count by one before p assing on the BPDU. When the hop count reaches zero, the message is dropped. Example spanning-tree sp anning-disabled This command disables the sp anning tree algorithm for the specified interf ac[...]
-
Page 397
Spanning Tree Commands 4-155 4 • Fast Ethernet – half duplex: 200,000; fu ll duplex: 10 0,000; trunk: 50,000 • Gigabit Ethern et – full duplex: 10,000; trunk: 5,000 • 10 Gigabit Eth ernet – full dupl ex: 1000; tru nk: 500 Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage • This command is used by the Spann[...]
-
Page 398
Command Line Interfa ce 4-156 4 Related Commands spanning-t ree cost (4-154) spanning-tr ee edge-port This command specifi es an interface as an edge port. Use the no form to re store the default. Syntax [ no ] sp anning-tree edge-port Default Setting Disabled Command Mode Interface Co nfiguration (Et hernet, Po rt Channel) Command Usage • You ca[...]
-
Page 399
Spanning Tree Commands 4-157 4 Command Usage • This command is used to enable/di sable the fast spannin g-tree mode for the selected port. In this mode, ports skip the Discardi ng and Learning states, and proceed straight to Forwarding. • Since end-nodes cannot cause forwarding loops, they can be passed through the spanning tree state chan ges [...]
-
Page 400
Command Line Interfa ce 4-158 4 • RSTP only works on point-to-point link s between two bridges. If you design ate a port as a shared link, RSTP is f orbidden. Since MSTP is an ext ension of RSTP, this same restriction appl ies. Example spanning-tree mst co st This command configures the p ath cost on a spanning inst ance in the Multiple S panning[...]
-
Page 401
Spanning Tree Commands 4-159 4 Example Related Commands spanning-t ree mst port-priority (4-159) spanning-tree mst po rt-priority This command configures the in terface priority on a span ning instan ce in the Multiple S panning T ree. Use the no form to restore the defaul t. Syntax sp anning-tree mst instance _id port-priority priority no spanning[...]
-
Page 402
Command Line Interfa ce 4-160 4 spanning-tr ee protocol-migratio n This command re-checks the appropriate BPDU format to send on th e selected interface . Syntax sp anning-tree protoc ol-migration interface interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26/50) • port-cha nnel channel-id (Rang[...]
-
Page 403
Spanning Tree Commands 4-161 4 Command Usage • Use the show spanning-tree command with no parameters t o display the spanning tree configuration for t he switch for the Common Spanning Tree (CST) and for every interface in the tree. • Use the show spanning-tree int erface command to display the spanning tree configuration fo r an interface with[...]
-
Page 404
Command Line Interfa ce 4-162 4 show spanning-tree m st configuration This command shows the configurat ion of the multiple sp anning tree. Command Mode Privileged Exec Example --------------------------------------- ------------------------ Eth 1/ 1 information --------------------------------------- ------------------------ Admin status: enable R[...]
-
Page 405
VLAN Commands 4-163 4 VLAN Commands A VLAN is a group of port s that can be located a nywhere in the net work, but communicate as though t hey belong to the same physical segment. This sectio n describes commands used to create VLAN grou ps, add port members, specify how VLAN tagging is used, and enable automatic VLAN regist ration for the selected[...]
-
Page 406
Command Line Interfa ce 4-164 4 bridge-e xt gvrp This command enables GVRP global ly for the switch. Use the no form to disabl e it. Syntax [ no ] bridge-ext gvrp Default Setting Disabled Command Mode Global Configurat ion Command Usage GVRP defines a way for switches to exchang e VLAN information in order to register VLAN members on ports acro ss [...]
-
Page 407
VLAN Commands 4-165 4 switchport gvrp This command enables GVRP for a port . Use the no form to disable it. Syntax [ no ] switchport gvrp Default Setting Disabled Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Example show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp conf iguration [ interfa ce ] inte[...]
-
Page 408
Command Line Interfa ce 4-166 4 garp timer This command sets th e values for the join, leave and leaveall timers. Use the no form to restore the timers’ defau lt values. Syntax garp timer { join | leave | leaveall } timer_value no garp tim er { join | leave | leaveall } •{ join | leav e | leaveall } - Which timer to set. • timer_value - Value[...]
-
Page 409
VLAN Commands 4-167 4 Syntax show garp timer [ int erface ] interface • ethernet unit / port - unit - Stack unit. (Al ways unit 1) - port - Port number. (Range: 1-26/50) • port-cha nnel channel-id (Range: 1-32) Default Setting Shows all GARP timers. Command Mode Normal Exec, Privileg ed Exec Example Related Commands garp timer (4-166) Editing V[...]
-
Page 410
Command Line Interfa ce 4-168 4 Command Usage • Use the VLAN database command mode to add, change, and del ete VLANs. After finishing config uration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membershi p mode and add or remove ports from a VLAN. Th e res[...]
-
Page 411
VLAN Commands 4-169 4 Example The following example adds a VLAN, using VLAN ID 105 and na me RD5. The VLAN is activat ed by defaul t. Related Commands show vlan (4-175) Configuring VLAN Interfaces interface vlan This command enters interf ace configuration mode for VLANs, which is used to configur e VLAN parameters for a physical interface. Syntax [...]
-
Page 412
Command Line Interfa ce 4-170 4 Example The following example shows how to set the interface configurat ion mode to VLAN 1, and then assign an IP addres s to the VLAN: Related Commands shutdown (4 -121) switchport mode This command confi gures the VLAN membershi p mode for a p ort. Use the no form to restore the de fault. Syntax switchport mode { t[...]
-
Page 413
VLAN Commands 4-171 4 switchport acceptable-frame-types This command confi gures the accept able frame ty pes for a port. Use the no form to restore the default. Syntax switchport accept able-frame-types { all | ta g g e d } no switchport accept a ble-frame-types • all - The port accepts all frames, tagged or untagged. • tagged - The port only [...]
-
Page 414
Command Line Interfa ce 4-172 4 Command Mode Interface Co nfiguration (Et hernet, Po rt Channel) Command Usage • Ingress filterin g only affect s tagged frames. • With ingress filt ering enabled, a port will discard received frames tagg ed for VLANs for it which it is not a member. • Ingress filterin g does not aff ect VLAN independ ent BPDU [...]
-
Page 415
VLAN Commands 4-173 4 switchport allowed vlan This command confi gures VLAN groups o n the selected interface. Use t he no form to restore the de fault. Note: Each port can only have one untagge d VLAN. If a second VLAN is defined for a port as untagged, the other VLAN that had untagged statu s will automatically be changed to tagged. Set ting a VL[...]
-
Page 416
Command Line Interfa ce 4-174 4 Example The following example shows how to ad d VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the lis t of forbidden VLANs. Syntax switchport forbidden vlan { add vlan-list | remove vlan-list } no switc[...]
-
Page 417
VLAN Commands 4-175 4 Displaying VLAN Information show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name | priv ate-vlan private-vlan-type ] • id - Keyword to be followed by t he VLAN ID. - vlan-id - ID of the configured VL AN. (Range: 1-4094, no leading zeroes ) • name - Keyword to be followed by the VLAN[...]
-
Page 418
Command Line Interfa ce 4-176 4 Configuring IEEE 802.1Q Tunneling IEEE 802.1Q tunneling (QinQ tun neling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs. Custome r VLAN IDs are preserved and tr affic f rom dif ferent customers is segregated wi thin the servi ce provider’s network even when they use the same cu [...]
-
Page 419
VLAN Commands 4-177 4 Default Setting Disabled Command Mode Global Configurat ion Command Usage QinQ tunnel mode must be enabled on the switch for QinQ interfa ce settings to be functional . Example Related Commands show dot1q-tunnel (4-178) show interfaces switchport (4-125) switchport dot1q-tunn el mode This command confi gures an interfa ce as a[...]
-
Page 420
Command Line Interfa ce 4-178 4 switchport dot1q-tunn el tpid This command sets t he T ag Protocol Iden tifier (TPID) value of a tunnel po rt. Use the no form to restore the default setti ng. Syntax switchport dot1q-tunnel tpid tp id no switchport dot1q-tun nel tpid tpid – Sets the ethertype value for 802.1Q encapsulation. This identifier is used[...]
-
Page 421
VLAN Commands 4-179 4 Example Related Commands switchport dot1q-tunnel mode (4-177) Configuring Private VLANs Private VLANs provide port-based security and isolation b etween ports within the assigned VLAN. This section desc r ibes commands used to confi gure private VlANs. pvlan This command enables or configures a pri vate VLAN. Use the no form t[...]
-
Page 422
Command Line Interfa ce 4-180 4 • up-link - Sepcifies an uplink interface. • down-link - Sepcifies a downlink interface. Default Setting No private VLANs are defined. Command Mode Global Configurat ion Command Usage • A private VL AN provides port -based security and isolation between ports within the VLAN. Data t raffic on the downli nk port[...]
-
Page 423
VLAN Commands 4-181 4 Configuring Protocol-based VLANs The network devices required to support mu lti ple protocols canno t be easily gr ouped into a common VLAN. This may require non -standard dev ices to pass traffic between dif ferent VLANs in order to encompa ss all the devices p articipati ng in a specific protocol . This kind of configu r ati[...]
-
Page 424
Command Line Interfa ce 4-182 4 • protocol - Protocol t ype. The o nly option for t he llc_other f rame type is ipx_raw. The options for all other frames typ es include: ip, arp, rarp, and user-defined (0801-FFFF hexad ecimal). Default Setting No protocol group s are configured. Command Mode Global Configurat ion Example The following create s pr[...]
-
Page 425
VLAN Commands 4-183 4 - If the frame is untagged but the protocol type doe s not match, the frame is forwarded to the de fault VLAN for thi s interface. Example The following example map s the traffic entering Port 1 which match es the protocol type specified in protocol group 1 to VLAN 2. show protoco l-vlan protoc ol-group This command shows the [...]
-
Page 426
Command Line Interfa ce 4-184 4 Command Mode Privileged Exec Example This shows that traffi c entering Port 1 that matches the specificati ons for protoco l group 1 will b e mapped to VL AN 2: Priority Commands The commands described in this secti on allow you to specify which data packe ts have greater precedence when traf fic is bu ffered in the [...]
-
Page 427
Priority Commands 4-185 4 queue mode This command sets th e queue mode to strict priori ty or Weight ed Round-Robin (WRR) for the class of service (CoS) priorit y queues. Use the no form to re store the default value. Syntax queue mode { stric t | wrr } no queue mode • strict - Services the egre ss queues in sequential order, transmitting all tra[...]
-
Page 428
Command Line Interfa ce 4-186 4 Default Setting The priority is not set, and the default value for untagged frames re ceived on the interface is zero. Command Mode Interface Co nfiguration (Et hernet, Po rt Channel) Command Usage • The precedence for priority mappin g is IP DSCP, and default switchport priority. • The default priority appl ies [...]
-
Page 429
Priority Commands 4-187 4 Command Usage WRR controls bandwid th sharing at the egress port by defin ing scheduling weights. Example This example shows how to assign WRR weigh ts to priority qu eues 0 - 2: Related Commands show queue bandwid th (4-188) queue cos-map This command assigns class of servi ce (CoS) values to the priority queu es (i.e., h[...]
-
Page 430
Command Line Interfa ce 4-188 4 Command Usage • CoS values assigned at the ingre ss port are also used at the egress port. Example The following example shows how to cha nge the CoS assignments: Related Commands show queue cos-map (4-189) show queue mode This command shows the current queue mode. Default Setting None Command Mode Privileged Exec [...]
-
Page 431
Priority Commands 4-189 4 Example show queue cos-map This command shows the class of se rvice priority map. Syntax show queue cos-map [ interfac e ] interface • ethernet unit / port - unit - Stack unit. (Al ways unit 1) - port - Port number. (Range: 1-26/50) • port-cha nnel channel-id (Range: 1-32) Default Setting None Command Mode Privileged E[...]
-
Page 432
Command Line Interfa ce 4-190 4 Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configurat ion Command Usage • The precedence for priority mappin g is IP DSCP, and default switchport priority. Example The following example shows how to en able IP DSCP mapping globally: map ip dscp (Interface Configuration) This command sets[...]
-
Page 433
Priority Commands 4-191 4 Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP DSCP, and default switchport priority. • DSCP priority valu es are mapped to def ault Class of Service values according to recommendations in t he IEEE 802.1p standard, and then subsequently mappe[...]
-
Page 434
Command Line Interfa ce 4-192 4 Example Related Commands map ip dscp (Global Conf iguration) (4-189) map ip dscp (Interface Config uration) (4-190) Quality of Service Commands The commands described in this sect ion are used to configure Dif ferentiated Services (Dif fServ) classification criteria and service policies. Y ou can classify traf fic ba[...]
-
Page 435
Quality of Service Co mmands 4-193 4 T o create a service policy for a specific category of ingress traffic, follow t hese steps: 1. Use the class-map command to designate a class name for a spe cific category of traf fic, and enter the Class Map config uration mode. 2. Use the match command to sel ect a specify type of traf fic based on an access [...]
-
Page 436
Command Line Interfa ce 4-194 4 class-map This command creates a class map used for matchi ng packet s to the specified class, and enters Class Map conf iguration mode. Use the no form to delete a cla ss map and return to Global configuratio n mode. Syntax [ no ] class-map class-map-name [ ma tch-any ] • match-any - Match any condit ion within a [...]
-
Page 437
Quality of Service Co mmands 4-195 4 • vlan - A VLAN. (Range:1-4094) Default Setting None Command Mode Class Map Configuration Command Usage • First enter the class-ma p command to des ignate a class map and enter t he Class Map configurati on mode. Then use the match command to sp ecify the fields within ingress pack ets that must match to qua[...]
-
Page 438
Command Line Interfa ce 4-196 4 Command Usage • Use the policy-map command to specify t he name of the policy map , and then use the class command to config ure policies for traffi c that matches criteria defined in a class map. • A policy map can contain multi ple class stateme nts that can be app lied to the same interfa ce with the service-p[...]
-
Page 439
Quality of Service Co mmands 4-197 4 Example This example creates a policy called “rd_policy ,” uses the class command to specify the previously d efined “rd_class,” uses t he set command to classify the se rvice that incoming p ackets wi ll receive, an d then uses t he police command to limit the average bandwid th to 100,000 Kbps, the bur[...]
-
Page 440
Command Line Interfa ce 4-198 4 police This command defines an poli cer for classified traf fic. Use the no form to re move a policer . Syntax [ no ] police rate-kbps burst-byte [ exceed-action { drop | set }] • rate-kbps - Rate in ki lobits per seco nd. (Range: 1-100000 kb ps or maximum port speed, whichever is lower) • burst-byte - Burst i n [...]
-
Page 441
Quality of Service Co mmands 4-199 4 service-policy This command appli es a policy map defined b y the policy -map command to th e ingress queue of a parti cular interface. Use the no form to remove the policy map from this interface. Syntax [ no ] service-policy input policy-map-name • input - Apply to the input traffi c. • policy-map-name - N[...]
-
Page 442
Command Line Interfa ce 4-200 4 Example show policy-map This command displays the QoS pol icy maps wh ich define classifi cation criteria for incoming traf fic, and may include policers for bandwi dth limit ations. Syntax show policy-map [ policy-map-name [ class class-map-name ]] • policy-map-name - Name of the policy map. (Range: 1-16 charact e[...]
-
Page 443
Example 4-201 4 Command Mode Privileged Exec Example Multicast Filtering Commands This switch uses IGMP (Internet Group Manage ment Protocol) to query for any attache d hosts that want to receive a specif ic multicast service. It identifies the ports containi ng hosts requesting a se rvice and sends d ata out to those port s only . It then propagat[...]
-
Page 444
Command Line Interfa ce 4-202 4 ip igmp snoopi ng This command enables IGMP sno oping on this switch. Use the no form to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping. ip igmp snoopi ng vlan static This command adds a port to a multic ast gr[...]
-
Page 445
Multicast Filter ing Commands 4-203 4 ip igmp snoo ping ver sion This command confi gures the IGMP snooping version. Use the no form to restore the default. Syntax ip igmp snoopi ng version { 1 | 2 } no ip igmp snoo ping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Setting IGMP V ersion 2 Command Mode Global Configurat ion Command [...]
-
Page 446
Command Line Interfa ce 4-204 4 • The leave-proxy f eature does not func tion when a switch is set as the querier. Example ip igmp snoopi ng immediate -leave This command enables IGMP immedi ate leave for specific VLAN. Use the no form to disable the feature f or a VLAN. Syntax [ no ] ip igmp snooping immediate-leave Default Setting Disabled Comm[...]
-
Page 447
Multicast Filter ing Commands 4-205 4 Example The following s hows the current IGMP snooping conf iguration: show mac-address -table multicast This command shows kn own multicast addresse s. Syntax show mac-addre ss-t able multicast [ vlan vlan-id ] [ user | igmp-snooping ] • vlan-id - VLAN ID ( 1 to 4094) • user - Displa y only the use r-confi[...]
-
Page 448
Command Line Interfa ce 4-206 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the switch as an I GMP querier . Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch will serve as querie r if elected. The que[...]
-
Page 449
Multicast Filter ing Commands 4-207 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count define s how long the querier waits for a response from a multicast cli ent before taki ng action. If a queri er has sent a number of queri es defined by t his command, b ut a client has not res ponded, a count down timer i[...]
-
Page 450
Command Line Interfa ce 4-208 4 ip igmp snoopi ng qu ery-max-response-time This command configures the que ry report delay . Use the no form to resto re the default. Syntax ip igmp snoopi ng qu ery-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s. (Range: 5-25) Default Set[...]
-
Page 451
Multicast Filter ing Commands 4-209 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this command to take ef fect. Example The following shows how to confi gure the default timeout t o 300 seconds: Related Commands ip igmp snooping version (4-203) Static Multicast Routing Commands ip igmp[...]
-
Page 452
Command Line Interfa ce 4-210 4 Command Usage Depending on your network connect ions, IGMP snooping may not always be able to locate the IGMP querier . Ther efore, if the IGMP querier is a known multicast router/swit ch connected over the network t o an interface (port or trunk) on your router , you can manually configure that interf ace to join al[...]
-
Page 453
Multicast Filter ing Commands 4-211 4 IGMP Filtering and Throttling Commands In cert ain switch applica t ions, the administrator may want to control the multicast services that are avai lable to end users. Fo r example, an IP/TV service based on a specific subscri ption plan. The IGMP f iltering feature fu lfills this require ment by restricting a[...]
-
Page 454
Command Line Interfa ce 4-212 4 • The IGMP filtering feature operate s in the same manner when MVR is used to forward multicas t traffic. Example ip igmp profile This command creates an IGMP filt er profile number and ente rs IGMP profile configurati on mode. Use the no form to delete a profile nu mber . Syntax [no] ip igmp pr ofile profi l e-num[...]
-
Page 455
Multicast Filter ing Commands 4-213 4 • When the access mode is set to pe rmit, IGMP join report s are processed when a multicast group fal ls within the contro lled range. When the access mode is set to deny, IGMP joi n reports are only processed when a mult icast group is not in the controlled range. Example range This command specifies mult ic[...]
-
Page 456
Command Line Interfa ce 4-214 4 Command Mode Interface Configur ation Command Usage • The IGM P filtering pr ofile mu st first be crea ted with the ip igmp profi le command before being able t o assign it to an interfac e. • Only one profile can be assig ned to an interface. • A profile can also be a ssigned to a trunk interface. When ports a[...]
-
Page 457
Multicast Filter ing Commands 4-215 4 Example ip igmp max-grou ps action This command sets th e IGMP throttling action f or an interface on the switch. Syntax ip igmp ma x-group s action {replace | deny} • replace - The new multicast group replaces an existing group. • deny - The new multicast group join report is dropp ed. Default Setting Deny[...]
-
Page 458
Command Line Interfa ce 4-216 4 Command Mode Privileged Exec Example show ip igmp p rofile This command displays IGMP filterin g profiles created on the swi tch. Syntax show ip igmp profil e [ profile-number ] profile-number - An existing IGMP filter profile number . (Range: 1-4294967295) Default Setting None Command Mode Privileged Exec Example sh[...]
-
Page 459
Multicast Filter ing Commands 4-217 4 - -port - Port number. (Range: 1-29) • port-cha nnel channel-id (Range: 1-32) Default Setting None Command Mode Privileged Exec Command Usage Using this command withou t specifying an int erface displays all in terfaces. Example Multicast VLAN Registration Commands This section de scribes commands used to con[...]
-
Page 460
Command Line Interfa ce 4-218 4 mvr (Global Configuration) This command enables Multic ast VLAN Registration (MVR) globally on th e switch, static ally configures MVR multicast gr oup IP address(es) using the group keyword, or specifies th e MVR VLAN identifier u sing the vlan keyword. Use the no form of this command wit hout any keywords to global[...]
-
Page 461
Multicast Filter ing Commands 4-219 4 mvr (Interface Configuration) This command configures an int erface as an MVR receiver or source port using the type keyword, enables immediate l eave capabil ity using the immediate keyword, or configures an int erface as a static member of the MVR VLAN using the gr oup keyword. Use the no form to restore th e[...]
-
Page 462
Command Line Interfa ce 4-220 4 Command Usage • A port which is not configured as an MVR recei ver or source port can use IGMP snooping to joi n or leave multicast grou ps using the standard ru les for multicas t filterin g. • MVR receiver ports can not be members of a trunk. Recei ver ports can belong to different VLANs, but shoul d not be con[...]
-
Page 463
Multicast Filter ing Commands 4-221 4 show mvr This command shows informatio n about the global MVR config uration settings when entered without any keywords, the interfaces at tached to the MVR VLAN using the interface keyword, or the multicast groups assign ed to the MVR VLAN using the members keyword. Syntax show mvr [ interface [ inte rface ] |[...]
-
Page 464
Command Line Interfa ce 4-222 4 The following d isplays informat ion about the interfaces at tached to the MVR VLAN: The following s hows information a bout the int erfaces associate d with multica st groups assigne d to the MVR VLAN: Console#show mvr interface Port Type Status Immediate Leave ------- -------- ------------- --------------- eth1/1 S[...]
-
Page 465
IP Interface Commands 4-223 4 IP Interface Commands An IP addresses may be used for manage ment access to the switch over your network. The IP address for th is switch is obtained via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the dev ice to obtain an address from a BOOTP or DHCP server when it is powered on. Y o[...]
-
Page 466
Command Line Interfa ce 4-224 4 • If you select the bootp or dh cp option, IP i s enabled but will not fun ction until a BOOTP or DHCP reply has been rece ived. Requests will be br oadcast periodically b y this device in an effort t o learn its I P address. (BOOTP and DHCP values can include t he IP address, defaul t gateway, and su bnet mask). ?[...]
-
Page 467
IP Interface Commands 4-225 4 ip dhcp restart This command submit s a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has bee n set to BOOTP or DHCP mod e via the ip address command. • DHCP requires t he server to reassig[...]
-
Page 468
Command Line Interfa ce 4-226 4 show ip re directs This command shows the default gateway configure d for this device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4-2 24) ping This command sends ICMP echo reques t packet s to another node on th e network. Syntax ping host [ size size ] [ count cou[...]
-
Page 469
IP Source Guard Commands 4-227 4 Example Related Commands interface (4-1 16) IP Source Guard Commands IP Source Guard is a security featu re that filter s IP traf fic on network inte rfaces based on manually confi gured entries in the IP Source Guard t able, or static an d dynamic entries in the DHCP Snooping table when en abled (see “DHCP Snoopi[...]
-
Page 470
Command Line Interfa ce 4-228 4 Syntax ip source-guard { sip | sip-mac } no ip source-guard • sip - Filters traf fic based on IP add resses stored in the binding t able. • sip-mac - Filt ers traffi c based on IP addresses and corresponding MAC addresses stored i n the binding table. Default Setting Disabled Command Mode Interface Configur ation[...]
-
Page 471
IP Source Guard Commands 4-229 4 is static IP source guard binding, stati c DHCP snooping binding or d ynamic DHCP snooping binding, th e packet will be forwarded. - If IP source guard if enabled on an interfa ce for which IP source bindings (dynamically learned vi a DHCP snooping or manually confi gured) are not yet configured, th e switch will dr[...]
-
Page 472
Command Line Interfa ce 4-230 4 table, or st atic addresses co nfigured in th e source guard bind ing table wit h this command. • Static bindin gs are processed as follows: - If there is no entry with same VLAN ID and MAC address, a new entry is added to binding tabl e using the type of static I P source guard binding. - If there is an entry with[...]
-
Page 473
DHCP Snooping Commands 4-231 4 Example DHCP Snooping Commands DHCP snooping all ows a switch to protect a network from rog ue DHCP servers or other devices which sen d port-related informati on to a DHCP server . This information ca n be useful in tracking an IP address back to a physical port . This section descr ibes commands used to configure DH[...]
-
Page 474
Command Line Interfa ce 4-232 4 firewall. When DHCP snooping is enabled globally by this comma nd, and enabled on a VLAN interfa ce by the ip dhcp snooping vlan command (page 4-233), DHCP messages received on an untruste d interface (as specified by the no ip dh cp snooping tr ust command, page 4-234) from a device not l isted in the DHCP snooping [...]
-
Page 475
DHCP Snooping Commands 4-233 4 receives an ACK message from a DHCP server. Al so, when the switch sends out DHCP client packets for itself, no filteri ng takes place. However, when the switch receives any messages from a DHCP server, any packets received from untruste d ports are dropped. Example This example enables DHCP snooping globally for the [...]
-
Page 476
Command Line Interfa ce 4-234 4 Related Commands ip dhcp snoopi ng (4-231) ip dhcp snoopi ng trust (4 -234) ip dhcp snooping trust This command configures the spe cified interface as truste d. Use the no form to restore the default sett ing. Syntax [ no ] ip dhcp snoo ping trust Default Setting All interfaces are untrusted Command Mode Interface Co[...]
-
Page 477
DHCP Snooping Commands 4-235 4 ip dhcp snooping verify mac-a ddress This command verifies the client ’s hardware address st ored in the DHCP packet against the so urce MAC address in the Ethernet header . Use the no form to disable this function. Syntax [ no ] ip dhcp snoo ping verify mac-address Default Setting Enabled Command Mode Global Config[...]
-
Page 478
Command Line Interfa ce 4-236 4 identified by t he switch port t o which they are connec ted rather than jus t their MAC address. DHCP client -server exchange me ssages are then forwarded directly between the server an d client with out having to flood them t o the entire VLAN. • DHCP snooping must be enabled on th e switch for the DHCP Option 82[...]
-
Page 479
Switch Cluster Comma nds 4-237 4 show ip dhcp snooping This command shows the DHCP snooping confi guration settings. Command Mode Privileged Exec Example show ip dhcp snooping binding This command shows the DHCP snooping bindi ng table entri es. Command Mode Privileged Exec Example Switch Cluster Commands Switch Clustering is a met hod of grouping [...]
-
Page 480
Command Line Interfa ce 4-238 4 cluster This command enables clus tering on the switch. Use the no form to disable clustering. Syntax [ no ] cluste r Default Setting Enabled Command Mode Global Configurat ion Command Usage • To create a switch clust er, first be sure that clusteri ng is enabled on the switch (the default is enabl ed), then set th[...]
-
Page 481
Switch Cluster Comma nds 4-239 4 cluster commander This command enable s the switch as a cluster Commande r . Use the no fo rm to disable the switch as clust er Commander . Syntax [ no ] cluster com mander Default Setting Disabled Command Mode Global Configurat ion Command Usage • Once a switch has been configured to be a clu ster Commander, it a[...]
-
Page 482
Command Line Interfa ce 4-240 4 subnet. Cluster IP addre sses are assigned to switches when they become Members and are used for communication b etween Member switches and the Commander . • You cannot change the cluster IP pool when the switch is currently in Commander mode. Commander mode must first be d isabled. Example cluster member This comm[...]
-
Page 483
Switch Cluster Comma nds 4-241 4 Commander is not supported. • There is no need to enter the usern ame and password for access to the Member switch CLI . Example show cluster This command shows the switch clust ering configuration. Command Mode Privileged Exec Example show cluster members This command shows the current switch clus ter members. Co[...]
-
Page 484
Command Line Interfa ce 4-242 4 show cluster candidates This command shows the discove red Candidate swi tches in the network. Command Mode Privileged Exec Example Console#show cluster candidates Cluster Candidates: Role Mac Description --------------- ------------------------ ---------------------------------- ACTIVE MEMBER 00-12-cf-23-49-c0 Ti ge[...]
-
Page 485
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802. 1X), HTTPS, SSH, Port Security Access Control List s 128 ACLS (96 MAC rules, 96 IP rules) DHCP Client Port Configuration 100BASE-TX: 10/100 Mb ps, half /full duplex 1000BASE-T : 10/100 Mbp s at half/ full duplex, 1000 Mbp s at full duplex 100[...]
-
Page 486
Software Specifications A-2 A Quality of Service DiffServ supp orts class map s, policy map s, and service policies Additional Featu r es BOOTP client SNTP (Simple Network T ime Protocol) SNMP (Simple Network Ma nagement Protocol) RMON (Remote Monitoring, group s 1,2,3,9) SMTP Email Alerts DHCP Snooping IP Source Guard Switch Clusteri ng Management[...]
-
Page 487
Management Inform ation Bases A-3 A RMON (RFC 1757 groups 1,2,3,9) SNMP (RFC 1 157) SNMPv2 (RFC 2571) SNMPv3 (RFC DRAFT 3414, 3410, 2273, 341 1, 3415) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 1350) Management Information Bases Bridge MIB (RFC 1493) Diffe rentiated Service s MIB (RFC 3289) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended[...]
-
Page 488
Software Specifications A-4 A[...]
-
Page 489
B-1 Appendix B: Troubleshooting Problems Accessing the Mana gement Interface T able B-1 T roubleshooting Chart Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cabling between the management s tation and the s witch. • Check that you have a valid network connect i[...]
-
Page 490
T roubleshooting B-2 B Using System Logs If a fault does occur , refer to the Installati on Guide to ensure that the problem you encountered is actual ly caused by the switch. If the problem app ears to be caused by the switch, follow these steps: 1. Enable logging. 2. Set the error messages reported to incl ude all categories. 3. Designate the SNM[...]
-
Page 491
Glossary-1 Glossary Access Control List (ACL) ACLs can limit netwo rk traffic and restrict access to certai n users or devices by checking each p acket for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide boot up information fo r network devices, in cluding IP address informati on, the address of the TFT[...]
-
Page 492
Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VL AN information in order to register necessary VLAN members on p orts along the S panning T ree so that VL ANs defined in each switch can work automa tically over a S panning T ree network. Generic Attribute Regi stration Protocol (GARP) GARP is a pr[...]
-
Page 493
Glossary-3 Glossary IGMP Snooping Listening to IGMP Query and IGMP Re port packe ts transferred b etween IP Multicast Routers and IP Multicast host group s to identify IP Multicast group members. IGMP Query On each subnetwork, on e IGMP-capable devi ce will ac t as the querier — that is, the device that asks all ho sts to report on the IP multica[...]
-
Page 494
Glossary Glossary-4 Multicast Switching A process whereby the switch filters incoming multicast fra mes for services for which no attache d host has registered, or forwards t hem to all ports cont ained within the designated mult icast VLAN group. Network Time Protocol (NTP) NTP provides the mechanisms to synch ronize time across the net work. The [...]
-
Page 495
Glossary-5 Glossary Secure Shell (SSH) A secure replacement for remote access functions, includi ng T el net. SSH can authenticate use rs with a cryptographic key , and encrypt dat a connections between management clie nts and the switch. Simple Networ k Management Pro tocol (SNMP) The application protoc ol in the Internet suite of pro tocols which[...]
-
Page 496
Glossary Glossary-6 Virtual LAN (VLAN) A Virtual LAN is a collect ion of network nodes that share the same coll ision domain regardless of their physi cal location or connecti on point in the network. A VLAN serves as a logical wo rkgroup with no physical barri ers, and allows users to share information and re sources as though located on th e same[...]
-
Page 497
Index-1 Numerics 802.1Q tunnel 3-133, 4-176 description 3-1 33 interface configurat ion 3-138, 4-177–4-178 mode selection 3-138 TPID 3-137, 4-178 802.1X, port authe ntication 3-60, 3-67 A acceptable frame type 3-132, 4-171 Access Control List See ACL ACL Extended IP 4-89, 4-90, 4-91 MAC 4-95, 4-95–4-97 Standard IP 4-89, 4-90, 4-91 address table[...]
-
Page 498
Index-2 Index F firmware displaying version 3-11, 4-62 upgrading 3-18, 4-64 G GARP VLAN Registration Protocol See GVRP gateway, defaul t 3-14, 4-224 GVRP global setting 3-125, 4-164 interface configurat ion 4-165 H hardware version, displaying 3-11, 4-62 HTTPS 3-52, 4-30 HTTPS, secure server 3-52, 4-30 I IEEE 802.1D 3-102, 4-145 IEEE 802.1s 4-145 I[...]
-
Page 499
Index-3 Index P password, line 4-12, 4-13 passwords 2-4 administrator sett ing 3-46, 4-25 path cost 3-105, 3-112 method 3-109, 4-149 STA 3-105, 3-112, 4-149 port authenticat ion 3-60, 3-67 port priority configuring 3-144, 4-184, 4 -192 default ingre ss 3-144, 4-185 STA 3-112, 4-155 port security, con figuring 3-59, 4-79 port, stati stics 3-95, 4-12[...]
-
Page 500
Index-4 Index switchport mode dot 1q-tunnel 4-177 system clock, setti ng 3-31, 4-53 system logs 3-25 system mode, no rmal or QinQ 3-137, 4-176 system software, down loading from server 3-18 T TACACS+, logon auth entication 3-48, 4-77 throttling, IGM P 3-169 time, settin g 3-31, 4-53 TPID 3-137, 4-178 traffic clas s weights 3 -148, 4-186 trap manage[...]
-
Page 501
[...]
-
Page 502
20 Mason • Irvine, CA 92618 • Phn: 949 -679-8000 • www. smc.com 149100036100A R01 SMC812 6L2 SMC8150L2 TECHNICAL SUPPORT F rom U .S.A. and Can ada (2 4 hours a da y , 7 day s a week) Phn: 800- SMC-4 - Y OU / 949-6 79-8000 Fa x : 9 4 9 - 5 0 2 - 3 4 0 0 ENGLISH T echnic al Support in formation av ailable at www .smc.com FRENCH Inf ormations S [...]