SMC Networks SMC8612XL3 F 1.0.1.3 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of SMC Networks SMC8612XL3 F 1.0.1.3, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of SMC Networks SMC8612XL3 F 1.0.1.3 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of SMC Networks SMC8612XL3 F 1.0.1.3. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of SMC Networks SMC8612XL3 F 1.0.1.3 should contain:
- informations concerning technical data of SMC Networks SMC8612XL3 F 1.0.1.3
- name of the manufacturer and a year of construction of the SMC Networks SMC8612XL3 F 1.0.1.3 item
- rules of operation, control and maintenance of the SMC Networks SMC8612XL3 F 1.0.1.3 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of SMC Networks SMC8612XL3 F 1.0.1.3 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of SMC Networks SMC8612XL3 F 1.0.1.3, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the SMC Networks service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of SMC Networks SMC8612XL3 F 1.0.1.3.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the SMC Networks SMC8612XL3 F 1.0.1.3 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    T igerSwitch 10/100/1000 Gigabit Ether net Switch ◆ 12 1000B ASE-X SFP ports ◆ 4 RJ45 ports shared wit h 4 SFP transcei ver slots ◆ Non-blocking switching architect ure ◆ Support for a redundant po wer unit ◆ Spanning T ree Protocol ◆ Up to six LA CP or static 4-port trunks ◆ Layer 2/3/4 C oS support th rough four priorit y queues ◆[...]

  • Page 2

    [...]

  • Page 3

    38 T esla Irvine, CA 9261 8 Phone: (9 49) 679-80 00 T igerSwitch 10/100/1000 Manag ement Guide From SM C’ s T iger line of feature-r ich work group LAN so lutions October 2003 Pub. # 15 020003 9900A[...]

  • Page 4

    Infor matio n furn ished by SMC Networks , Inc. (SMC) is believed to be accurate and reliable. Ho wever , no re sponsibili ty is assumed by SMC for its use, nor f or any infring eme nts of p atents or oth er righ ts of thir d par t ies which may result from its use. No license is g ranted by implic ation or oth- erwise unde r an y pate nt or p aten[...]

  • Page 5

    v L IMITED W ARRANTY Limited W ar ranty Statement: S MC Ne tworks, Inc. (“SMC” ) warra nts it s produ cts to b e free from defects in wor kmanship and materials , under normal use and service, for the applicable warranty term . All SMC products carr y a standard 90-day li mited warranty from the date of purc hase from SMC or its Authorized R es[...]

  • Page 6

    L IMIT ED W AR RANTY vi LIABILITY IN C ONNECTION WITH THE SALE, I NSTALLA TION, MAINTENANCE OR USE OF ITS P RODUCTS . SMC SHALL NOT BE LIABLE UNDER THIS W ARR ANTY IF ITS TESTING AND EXA MINATION DISCLOSE THE ALLEGED DEFECT IN THE PR ODUCT DOES NOT EXI ST OR W AS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE , NEGLECT , IMPROP ER INSTALLA T[...]

  • Page 7

    vii C ONTENTS Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Featu res . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descripti on of Softw are Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 System Defa ults . . . . . . . . . . .[...]

  • Page 8

    C ONTENTS viii Using DHCP/ BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Managing F irmwa re . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Download ing System Software from a Server . . . . . . . . . . 3-17 Saving or Rest oring Confi guration Sett ings . . . . . . . . . . . . . . . 3-18 Download ing Con[...]

  • Page 9

    C ONTENTS ix Configuri ng a MAC AC L . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55 Configuri ng ACL Mas ks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57 Specifying th e Mask Ty pe . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57 Configuri ng an IP ACL M ask . . . . . . . . . . . . . . . . . . . . . . . 3-58 C[...]

  • Page 10

    C ONTENTS x Enabling or Dis abling GVRP (Globa l Setting) . . . . . . . . . . . 3-111 Displaying Ba sic VLAN In formatio n . . . . . . . . . . . . . . . . . . . 3-111 Displaying C urrent VL ANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112 Creating VL ANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114 Ad[...]

  • Page 11

    C ONTENTS xi Configuring Gen eral DNS Server Para meters . . . . . . . . . . . . 3-150 Configuri ng Static DN S Host to A ddress E ntries . . . . . . . . . 3-152 Displaying t he DNS Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154 Dynamic Ho st Configur ation Proto col . . . . . . . . . . . . . . . . . . . . . . . . 3-155 Configuri[...]

  • Page 12

    C ONTENTS xii Displaying t he Routin g Table . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195 Configuri ng the Routin g Informa tion Prot ocol . . . . . . . . . . . 3-196 Configuring Ge neral Proto col Settings . . . . . . . . . . . . . . 3-197 Specifying Ne twork In terfaces for RIP . . . . . . . . . . . . . . 3-199 Configuring Ne twork I[...]

  • Page 13

    C ONTENTS xiii Accessin g the CL I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Console C onnec tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Telnet Co nnection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Entering Command s . . . . . . . . . . . . . . [...]

  • Page 14

    C ONTENTS xiv exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 System Man agement C ommands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24 Device Desi gnation Co mmands . [...]

  • Page 15

    C ONTENTS xv SMTP Alert Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 logging se ndmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47 logging se ndmail leve l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47 logging se ndmail sou rce-email . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 16

    C ONTENTS xvi radius-ser ver retrans mit . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 radius-ser ver timeou t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 show radi us-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 TACACS+ C lient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 17

    C ONTENTS xvii MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 show mac a cces s-list . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 18

    C ONTENTS xviii dns-se rver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 next-se rver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 bootfi le . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 netbios -name-s erver . . . . . . . . . . . . . . . . .[...]

  • Page 19

    C ONTENTS xix port monito r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-147 show por t monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-148 Rate Lim it Command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149 rate-limit . . . . . . . . . . . . . . . . [...]

  • Page 20

    C ONTENTS xx spanni ng-tree po rtfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175 spanni ng-tree link-t ype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176 spanni ng-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-176 spanni ng-tree mst port-prior ity . . . . . . . . . . . [...]

  • Page 21

    C ONTENTS xxi Priority Comma nds (Laye r 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198 switchport p riority de fault . . . . . . . . . . . . . . . . . . . . . . . . 4-198 queue mod e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-199 queue ba ndwidt h . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 22

    C ONTENTS xxii ip igmp query -interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222 ip igmp max-re sp-inter val . . . . . . . . . . . . . . . . . . . . . . . . . 4-222 ip igmp last -memb-quer y-interval . . . . . . . . . . . . . . . . . . 4-223 ip igmp versio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-224[...]

  • Page 23

    C ONTENTS xxiii ip rip auth enticatio n mode . . . . . . . . . . . . . . . . . . . . . . . . 4-246 show rip glo bals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247 show ip ri p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-248 Open Shortest Path Fir st (OSPF) . . . . . . . . . . . . . . . . . .[...]

  • Page 24

    C ONTENTS xxiv General Mu lticast Routing Commands . . . . . . . . . . . . . . . . . 4-282 ip multicas t-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-282 show ip mrou te . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-283 DVMRP Multic ast Routin g Commands . . . . . . . . . . . . . . . . . 4-285 router d[...]

  • Page 25

    C ONTENTS xxv show vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-305 show vrrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-307 show vrrp router coun ters . . . . . . . . . . . . . . . . . . . . . . . . 4-308 show vrrp interface co unters . . . . . . . . . . . . . . . . . . . . . . 4-3[...]

  • Page 26

    C ONTENTS xxvi[...]

  • Page 27

    1-1 C HAPTER 1 I NTRODUCTION The Tige rSwitch 10/100/1000 provid es a broad range of features for La yer 2 switc hing a nd Laye r 3 routing . It includes a management agent that allows yo u to configure the features listed in this manual. Th e default config urati on can be used fo r most of the feat ure s provided by this swit ch. Howev er, there [...]

  • Page 28

    I NTR ODU C TI O N 1-2 Rate Limiting Input and outpu t rate limiting per port Port Mirroring One or more ports mirrored to single an alysis port Port Trunking Supports up to 6 trunks using either static or dyna mic trunking (LACP) Broadcast St orm Contr ol Supported Address Tab le Up to 16K MAC addres ses in the forward ing table, 1024 static MAC a[...]

  • Page 29

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-3 Descri ption of Soft ware Feature s Th e switch pr ovides a wid e rang e of advanced pe rfor mance e nhanc ing featu res . Flo w contro l elimina tes the loss of pack ets due t o bott leneck s caused by por t satur ation. Br oadc ast stor m supp ressio n prevents br oadc ast traffi c stor ms from engulf ing[...]

  • Page 30

    I NTR ODU C TI O N 1-4 by us ed to im prov e perfor mance b y bloc king un necessary netw ork traffic or to implement s ecurit y controls by res tricting access t o specific netw ork resourc es or protoco ls . DHCP Ser ver and DHCP Relay – A D H C P s er ve r is p r ov i de d t o as s i g n IP address es to host device s . Since DHCP u ses a broa[...]

  • Page 31

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-5 redund ancy by t aking over the load if a port in the tr unk sho uld fail. The switch sup por ts up to 6 tr unks. Broadca st Stor m Control – B roadc ast supp ress ion prevent s bro adca st traff ic from o verw helming t he netw ork. When enab led on a port, the lev el of bro adcast t raffi c pass ing thr[...]

  • Page 32

    I NTR ODU C TI O N 1-6 paths betw een se gments , this pr otoc ol wil l choo se a sin gle pa th and d isable all oth ers to ensu re that only one ro ute exist s betw een any tw o statio ns on the net work. T his pre vents the c reat ion of network loo ps. Ho wever , if t he chosen path should fail for any reason , an altern ate path will be act iv [...]

  • Page 33

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-7 except where a connecti on is explic itly defi ned via the switc h’s routing servic e. • Use private V LANs to restr ict traffic to pass only b etween dat a ports and the uplink po rts, thereb y isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need [...]

  • Page 34

    I NTR ODU C TI O N 1-8 OSPF – This a pproa ch uses a link s tate routing prot ocol to g en erate a shor test-p ath tre e, then buil ds up its ro uting ta ble based on this tree. O SPF produc es a mo re sta ble network bec ause the par tic ipating r outer s act on netw ork changes pr edicta bly and si mult aneousl y , con vergi ng on the best rout[...]

  • Page 35

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-9 Multicas t Routing – Routing for multicast packets is suppor ted by the Distance V ector Multic ast Routing Prot ocol ( D VMRP) and Protoc ol-Ind ependent M ulticast ing - D ense Mod e (PIM- DM). These protocol s work in conjunction with IG MP to filter and route multicast traffi c . DVMRP is a more compr[...]

  • Page 36

    I NTR ODU C TI O N 1-10 System Defaults The swit ch’ s system defaults are provided in the configuration file “Factor y_Defa ult_Con fig.cfg. ” To reset th e swit ch defa ults, this file should be s et as the star tup configur ation file (page 3-27). The following table lists some of the basic system d efaults . Function Parameter Default Con[...]

  • Page 37

    S YSTEM D EFAULTS 1-11 SNMP Community String s “public” (rea d only) “pri vate” (re ad/wr ite) Traps Authenticat ion traps: enabled Link-up-down events : enabled IP Fi ltering Disabled Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control D isabled Port Capability 1000BASE-T – 10 M bps h al f dupl ex 10 Mbps full d[...]

  • Page 38

    I NTR ODU C TI O N 1-12 Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filterin g Disabled Switchport Mode ( Egress Mode) Hybrid: tagged /untagg ed frames GVRP (globa l) Disabled GVRP (port interface) Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robin Q ueue: 0 1 2 3 4 5 6 7 Priority: 2 0 1 3 4 5 6 7 [...]

  • Page 39

    S YSTEM D EFAULTS 1-13 Router Redundancy HSRP Disabled VRRP Disa bled Multicast Filt ering IG MP Snooping (Layer 2) Snooping: Enabl ed Querier: Disable d IGMP (La yer 3) Disabled Multicast Routing DVMRP Disabled PIM-DM Disa bled System Log Status Enabled Messages Logg ed Levels 0-7 (all ) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event [...]

  • Page 40

    I NTR ODU C TI O N 1-14[...]

  • Page 41

    2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Switc h Configuration Opt ions The switc h incl udes a b uilt-in ne tw ork managem ent agent. The agent offer s a variety o f manag eme nt opt ions, including SN MP , RM ON and a web-base d inte rfa ce. A PC m ay also b e co nnec ted d irec tly to the s wit ch for config urati on and mo ni[...]

  • Page 42

    I NI TI AL C ONFIGURATION 2-2 The swi tch’ s web in terfac e, CLI configur ation program, and SN MP agent allow you to perf or m th e following ma nage ment fu nctions: • Set user na mes and pas swords for up to 16 users • Set an IP int erf ace f or a ny VL AN • Con fi gure SNM P pa ram ete rs • Enable /dis able any port • Set the s pee[...]

  • Page 43

    C ONNECTING TO THE S WITCH 2-3 Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or te r minal fo r monit oring an d config uring the sw itch . A nu ll-mo dem console cable is provided with th e switch. Attach a VT100-compatible ter minal, or a PC r unning a ter minal emu lation p rogram to t he swi tc[...]

  • Page 44

    I NI TI AL C ONFIGURATION 2-4 Windows 2000 service packs. 2. Refer to “Line Commands” o n page 4-15 for a complete desc riptio n of cons ole co nfigurati on opti ons. 3. Once you have set u p the t erminal correctl y, the co nsole l ogin screen will be disp layed. F or a descri ption of how t o use t he CLI, see “Usi ng the Co mmand Li ne Int[...]

  • Page 45

    B ASIC C ONFIGURATION 2-5 Remote Connections Prior to accessing the swit ch’ s onboard agent vi a a netw ork conn ection, you must first co nfigur e it with a v alid IP addres s , subnet mask, and defaul t g ateway using a c onsol e connec tion, DH CP or BOOTP pr otocol. The IP address for this switch is unassigned by default. T o manually confi [...]

  • Page 46

    I NI TI AL C ONFIGURATION 2-6 those available at the Pri vileg ed Exec leve l and allow you to only display infor mation and use basic utilities. T o fully configure the swi tch parameter s , y ou mus t access t he CLI at the Pri vileged Ex ec level. Acces s to both C LI levels are cont rolle d by user na mes and pa sswords . The switch has a defau[...]

  • Page 47

    B ASIC C ONFIGURATION 2-7 4. T ype “u ser name admin pa ssword 0 passw ord ,” for the Pri vileged Ex ec level, where passwo rd is your n ew pa ssw ord. Pr ess <En ter>. Setting an IP Address Y ou must establish IP addre ss infor mation for the swi tch to obtain manag emen t acc ess thr ough t he network. Th is can be d one in e ither of t[...]

  • Page 48

    I NI TI AL C ONFIGURATION 2-8 • IP addres s for the switch • Default gateway for th e network • Network mask for this networ k T o ass ign an IP address to the switch, complete the following ste ps: 1. Fr om the Privil eged Ex ec lev el global conf igurati on mode prompt, type “i nterface vla n 1” to acces s the in terface-config uration [...]

  • Page 49

    B ASIC C ONFIGURATION 2-9 If the “bo otp” or “dhc p” op tion is saved to th e star tu p-config f ile (ste p 6) , then the switch will st art bro adcasting ser vice requests as soon as it is powered on . T o automatica lly confi gure the s witch by co mmunica ting with BOOTP or DHCP addr ess allo cation s er vers on the network, comple te th[...]

  • Page 50

    I NI TI AL C ONFIGURATION 2-10 6. Then s av e y our conf igur ation c hanges b y typing “ copy running- config star tup-c onfig. ” Enter t he star tup file na me and press < Enter> . Enabling SNMP Management Access The swi tch c an be config ured to ac cept ma nagement com mands from Simple Ne twork Manag ement P rotoc ol (SNMP ) applic a[...]

  • Page 51

    B ASIC C ONFIGURATION 2-11 Th e de fault stri ngs ar e: • public - wit h read-only access. Au thor ized manag ement stat ions are only able to retrieve MIB ob jects. • private - with re ad-write access. A uthorized management stations ar e abl e to bo th re trie ve an d modif y MI B obj ects. Note: If you do no t intend to utilize SNMP, w e rec[...]

  • Page 52

    I NI TI AL C ONFIGURATION 2-12 1. Fr om the Privil eged Ex ec lev el global conf igurati on mode prompt, type “s nmp-ser ver host host-address community-string , ” where “host-ad dress” i s the IP add ress for the trap re ceiv er and “community -string” is the s tring associate d wit h that ho st. Press <Ente r>. 2. In orde r to c[...]

  • Page 53

    M ANAGING S YSTEM F ILES 2-13 Managing Syst em File s Th e switch’ s f lash memo r y sup por ts three types of sy stem file s that can be managed b y the CLI program, w eb interface , or SN MP . The swi tch’ s file syste m allow s files t o be up loaded and downlo aded, co pied, dele ted, an d set as a start-up file . Th e thr ee typ es of f il[...]

  • Page 54

    I NI TI AL C ONFIGURATION 2-14 Note that configuration files should be downloaded using a file name th at reflects t he conten ts or us age of the fi le sett ings . If you down load dire ctly to the r unn ing-c onfig, the s ystem wi ll reboot, and the setting s will have to be copi ed fro m the r unni ng-conf ig to a pe r ma nent file.[...]

  • Page 55

    3-1 C HAPTER 3 C ONFIGU RING THE S WITCH Using the We b Interface Th is switch provide s an em bedded HTTP web ag ent . Using a web browser you c an con figure th e switc h and vi ew statis tics to monito r netw ork acti vity . T he web agent can b e accesse d by a ny compute r on th e netw ork using a st andard web browser (Inter n et Explor er 5.[...]

  • Page 56

    C ONFIGURING THE S WI TC H 3-2 on th e third fail ed atte mpt the curr ent conn ectio n is terminate d. 2. If you log into th e web interface as guest (Normal Exec level), you ca n view t he config uratio n setti ngs or c hange t he gues t password. If you log in as “admin” (Privileged Exec lev el), you can c hange the setting s on any p age. 3[...]

  • Page 57

    N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-3 Navigati ng t he We b Brow ser I nterfac e T o access the we b-bro wser interface y ou mus t first enter a us er name and passw o rd. The administra tor has R ead/W rite access to all configurat ion parameter s and statistics . T he default user name and pa sswo rd for the administrator is “ ad[...]

  • Page 58

    C ONFIGURING THE S WI TC H 3-4 “ Apply ” or “ Ap ply Chan ge s” butto n to conf ir m t he new s etting. The following table sum marizes the web pag e configuration butt ons. Notes: 1. To ensu re pr oper scree n re fres h, be sure tha t Inter net Explor er 5.x is configured as follow s: Under the me nu “Tools / Internet Options / Gen eral [...]

  • Page 59

    N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-5 The following table brief ly describes the selections available from this prog r am. Menu Des cription Page System 3-14 System In format ion Provides basic s ystem description , including contact information 3-1 4 Switch Inf ormatio n Shows the number of ports , hardware/firmw are version numbers[...]

  • Page 60

    C ONFIGURING THE S WI TC H 3-6 SSH 3-5 0 Settings Configures Secure Sh ell server settings 3-55 Host -Ke y Se ttin gs Generate s the host key pair (pu blic and privat e) 3 -53 Port Secu rity Configure s per port security, including sta tus, response for secu rity breach, an d maximum allowed MAC addr esse s 3-5 6 802.1x Port authentication 3-60 Inf[...]

  • Page 61

    N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-7 Port Inter nal Info rmatio n Displays setti ngs and op erational state fo r the local side 3-106 Port Neighb ors Infor mation Displays settings and operational state for the remote side 3-108 Port Broa dcast C ontrol Sets t he broadcast st orm threshol d for each port 3-111 Mirror Por t Configura[...]

  • Page 62

    C ONFIGURING THE S WI TC H 3-8 Trunk Informa tion Displays trunk setting s for a specified MST ins tance 3-146 Port Conf iguratio n Configures port s ettings for a specifie d MST insta nce 3-148 Trun k Co nfi gurat ion Configures trunk settings for a specified MST instance 3-148 VLAN 3-150 802.1Q V LAN Status Enables GV RP VLAN registrati on protoc[...]

  • Page 63

    N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-9 Queue M ode Sets queue mode to strict priority or Weighted Round-R obin 3-176 Queue Sc heduli ng Configure s Weig hted Round Robin queuein g 3-176 IP Precedenc e/ DSCP Pri ority St atus Globa lly selects IP Precedence or DSCP Priority, or disables bot h. 3-179 IP Precedenc e Priority Sets IP Type[...]

  • Page 64

    C ONFIGURING THE S WI TC H 3-10 DNS 3-206 General C onfigu ration Enables DNS; configure s domain na me and domain list; and specif ies IP a ddress of name servers for dynamic look up 3-206 Static Host Table Configures static entries for domain name to address mapping 3-209 Cache Displa ys cache entries d iscovered b y des ignated name servers 3-21[...]

  • Page 65

    N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-11 ICMP Shows statistics for ICMP traffic, incl uding the amount of traf fic, protocol errors, and the number of echoes, times tamps, and addre ss m asks 3-265 UDP Shows sta tistics for UDP, inclu ding the amou nt of traffic and errors 3-267 TCP Shows stat istics for TCP, inclu ding the amou nt of [...]

  • Page 66

    C ONFIGURING THE S WI TC H 3-12 Inte rf ace S etti ngs Configures RIP parameters for each interface, including send and receive vers ions, messa ge loopback prevention , and authent ication 3-277 Statistics Displa ys general informatio n on update time, route changes and number of queries , as well as a lis t of statisti cs for known interfa ces an[...]

  • Page 67

    N AVIGATIN G THE W EB B RO W S E R I NTE RF AC E 3-13 DVMRP 3- 323 General S ettings Configure global sett ings for prune an d graft message s, and the exc hange of rout ing informatio n 3-324 Inte rf ace S etti ngs Enables/disabl es DVMRP per interfac e and s ets the route metric 3-329 Neighbor Info rmatio n Displays ne ighboring DVMRP rou ters 3-[...]

  • Page 68

    C ONFIGURING THE S WI TC H 3-14 Basic Configuratio n Displaying System I nformation Y ou can easil y identi fy the system b y displa ying the devic e name , locatio n and conta ct infor mation. Field Attributes • Sy stem Name – Nam e assign ed to the s witch s ystem. • Object ID – MI B II objec t ID for swi tch’s networ k manageme nt subs[...]

  • Page 69

    B ASIC C ONFIGURATION 3-15[...]

  • Page 70

    C ONFIGURING THE S WI TC H 3-16 CLI – Specify the h ostname, location and contact info r mation . Displaying Switch Hardware/Software Versions Use the Swi tch I nfor mation page to display hardware/fir mware version numbe rs for the main bo ard and man ag ement s oftware, as well as the pow er st atus of the s ystem. Field Attributes Main Board ?[...]

  • Page 71

    B ASIC C ONFIGURATION 3-17 supply. • Redundant Power Status* – D isplays the stat us of the re dundant power supply . * CLI only . Management Software • Loader Versio n – Vers ion nu mber of loade r code . • Boot-RO M Vers ion – Version of Power-On Self-Tes t (POST) and boot co de. • Operation Code Version – Versio n numb er of runt[...]

  • Page 72

    C ONFIGURING THE S WI TC H 3-18 CLI – Use the followin g command to display version infor mation. Displaying Bridge Extension Capabilities Th e Bridg e MIB in clude s exte nsions f or manag ed d evices th at sup por t Multicast Filtering , T raffic Class es , and Virtual LANs . Y ou can access t hese exten sions to disp lay defau lt setting s for[...]

  • Page 73

    B ASIC C ONFIGURATION 3-19 • Local VLAN Capable – This switch supports multiple lo cal bridges; i.e., multiple spa nning t rees. ( Refer to “ Configuri ng Multi ple Spann ing Trees” on page 3-101.) • GMRP – GARP Mu lticas t Regist rati on Prot ocol (G MRP) allo ws network d evices to r egister endstatio ns wit h multicast groups . This [...]

  • Page 74

    C ONFIGURING THE S WI TC H 3-20 Setting the Switch’s IP Address Th is sectio n desc ribes how to conf ig ure an initial IP interface for manageme nt acc ess o ver t he netw ork. The I P address for th is sw itch i s unassigne d by default . T o manually co nfigure an add ress , yo u need to c hange the swit ch ’ s default set ting s (IP address[...]

  • Page 75

    B ASIC C ONFIGURATION 3-21 as long as that VLAN has b een assigne d an IP address . • IP Address Mode – Specifies whether IP func tionality is enabled via manual c onfigu ration (S tatic), Dy namic H ost C onfigurati on Pr otocol (DHCP ), or Bo ot Prot ocol ( BOOTP). I f DHCP/BO OTP is en abled, IP will not function until a reply has been recei[...]

  • Page 76

    C ONFIGURING THE S WI TC H 3-22 Click IP , Glob al Setting . If this swit ch and manage ment stations exist on other network seg ments, then spec ify the default gateway , and clic k Apply . CLI – Specify t he management i nterface , IP addres s and defaul t gatewa y . Usin g DHC P/B OOT P If you r network provid es D HCP /BO OTP s er vice s, you[...]

  • Page 77

    B ASIC C ONFIGURATION 3-23 BOOTP . Click Apply to save y our changes . Then click Re start DHCP to immediately reque st a new address. Note that the swit ch will also broadcast a request for IP co nfigur ation settings on eac h po wer res et. Note: If you lose your ma nagement connect ion, us e a cons ole connec tion a nd enter “show ip i nterfac[...]

  • Page 78

    C ONFIGURING THE S WI TC H 3-24 We b – If the address assigne d by DHCP is no long er functio ning, you will not be a ble to rene w the IP set tings via th e web inte rface. Y ou can only restart DHCP ser vice via the web interface if the cur rent addres s is still av ailable. CLI – Enter th e following co mmand to rest ar t DHCP s er vi ce. Ma[...]

  • Page 79

    B ASIC C ONFIGURATION 3-25 to o verw rite o r specify a new fil e name , th en clic k T ransfer fro m Ser v er . T o start the ne w fir mware , reboot the s ystem via the System /Re set men u. If yo u download t o a new destinat ion file, then select the file from the drop-do w n bo x for th e operat ion code u sed at sta r tup , and cli ck Appl y [...]

  • Page 80

    C ONFIGURING THE S WI TC H 3-26 CLI – Ente r the IP a ddress o f the TF TP ser ver , sele ct “con fig” or “opcod e” file ty pe, then enter the source and destin ation fil e names, set the new file to star t up th e syste m, and th en rest ar t the swi tch. Saving or Restoring Configuration Sett ings Y ou can up load/ download configu rati[...]

  • Page 81

    B ASIC C ONFIGURATION 3-27 file “Factor y _Defa ult_ Con fig .cfg ” can be co pied to the TFTP ser ver , but cann ot be used as th e destin ation on the s witc h. We b – Click System, Configuration. Enter the IP addres s of the TFTP ser ver, enter the name of the file to download, sele ct a file on the sw itch to ov erwr ite or sp ecify a n e[...]

  • Page 82

    C ONFIGURING THE S WI TC H 3-28 If you download the startup configuration file under a new file name, you can set this file as t he st ar tup file a t a la ter time, and then resta r t the s witch. Configuring Event Log ging The switch allows you to control the log ging of e rror mes sages, including the ty pe of ev ents that are recorded in switc [...]

  • Page 83

    B ASIC C ONFIGURATION 3-29 flash. (Range: 0-7, Default : 3) • RAM Level – Limits log message s saved to th e switch’s temporar y RAM memory for all levels up to the spe cified level. For example, if level 7 is sp ecified, all mes sages from level 0 t o level 7 will be logged to RAM. (Range: 0-7, Default: 7) Note: The Flash Lev el must be eq u[...]

  • Page 84

    C ONFIGURING THE S WI TC H 3-30 CLI – Specify the h ostname, location and contact info r mation . Remote Log Configuration The Remote Logs pag e allows y ou to configure t he log gin g of message s that are se nt to sy slog s er vers or oth er man age ment statio ns . Y ou can als o limi t the e vent messages sent t o only th ose mes sages at o r[...]

  • Page 85

    B ASIC C ONFIGURATION 3-31 • Host IP Address – Specifies a new server IP add ress to add to th e Host IP List. We b – Click System , Remote Logs. T o add an IP addr ess to th e Host IP List, type the new IP addr ess in t he Host I P Address bo x, and t hen clic k Add IP Host. T o de lete an IP addres s , click th e entr y in the H ost IP L is[...]

  • Page 86

    C ONFIGURING THE S WI TC H 3-32 set the log ging tr ap . Displaying Log Messages Use the Log s page to scroll through th e log ged system and even t messages . The switch can store up to 2048 log entries in temporar y random access memor y (RAM; i.e., memor y flushed on power reset) and up to 4096 entries in per m anent f lash memor y . We b – Cl[...]

  • Page 87

    B ASIC C ONFIGURATION 3-33 error . Resetting the System We b – Cli ck S ystem , R eset. Clic k the R eset butt on to r esta rt the swi tch . CLI – Use th e rel oad com mand to rest art the s witc h. Note: When restarting the syste m, it will always run the Power-On Self-Test. Setting the System C lock Simple Network Time Protocol (SNTP) allows [...]

  • Page 88

    C ONFIGURING THE S WI TC H 3-34 addresses . T he switch will attempt to poll each ser v er in the con figured sequenc e. Broadcas t – Th e switch sets its clock from a time se r ver in the sa me sub net that br oadcas ts time updates. If there is more th an on e SNTP s er ver, the switch ac cep ts the firs t broad cast it de tects a nd ignor es b[...]

  • Page 89

    B ASIC C ONFIGURATION 3-35 We b – Select SNTP , Configurati on. Modify a ny of the re quired parameters , and click Apply . CLI – This example c onfigu res the sw itch to operate as an SNTP broadc ast c lient. Sett ing the Tim e Zo ne SNTP uses Co ordinated Univ ersal Time (or UTC , for merly Greenwi ch Mean T ime , or G MT) based on the time a[...]

  • Page 90

    C ONFIGURING THE S WI TC H 3-36 We b – Select SNTP , Cloc k Time Zon e. Set the offs et for y our time z one relativ e to the UTC, and click Apply . CLI - T his ex ample shows how to se t the t ime zone for the sy stem clock. Simple Netw ork Management Protoc ol Simple Ne twork Manag ement P rotoc ol (SNMP) is a communic ation protoc ol de signed[...]

  • Page 91

    S IMP LE N ETWORK M ANAGEME NT P RO T O C O L 3-37 Setting Communit y Access Stri ngs Y ou may configure up to fi v e community str ings autho rized for manageme nt acces s . All commu nity str ings used for I P T rap Mana gers should be listed in th is table. F or sec urity reasons, y o u should consider removing the d efault str ings. Command Att[...]

  • Page 92

    C ONFIGURING THE S WI TC H 3-38 CLI – The followi ng example ad ds the st ring “spi derman” with read/ write access . Console(config)#snmp-server community spiderman rw 3-147 Console(config)#[...]

  • Page 93

    S IMP LE N ETWORK M ANAGEME NT P RO T O C O L 3-39 Specifying Trap Managers and Trap Types T r aps indica ting st atus chang es a re issued by the switch to specif ied trap managers . Y ou mus t specify trap man agers so t hat k ey ev ents ar e reported by this switch to your man age ment sta tion (us ing network manag emen t platforms such as HP O[...]

  • Page 94

    C ONFIGURING THE S WI TC H 3-40 CLI – This example adds a t rap manager and enab les both au thentication and link-up , link -down traps. Console(config)#snmp-server host 10.1.28.150 private version 2c 3-150 Console(config)#snmp-server enable traps 3-1 51[...]

  • Page 95

    S IMP LE N ETWORK M ANAGEME NT P RO T O C O L 3-41 Filtering Ad dresses for SN MP Client Access The switch al lows y ou to create a list of up to 16 IP addresses or I P address groups t hat are allo wed access to the switch via SNM P mana gement s oftwa re (als o see page 3-69) . Command Usage • To speci fy the clients al lowed SNMP acc ess, ente[...]

  • Page 96

    C ONFIGURING THE S WI TC H 3-42 We b – Click SNMP , IP Filtering . T o add a client, enter the new addr ess , the subne t mask f or a no de or an addr ess ra ng e, and t hen c lick “ Add IP Filtering Ent r y .” CLI – This example a llows SNMP ac cess for a specif ic client. User Aut henti cation Y ou can restrict manageme nt access to this [...]

  • Page 97

    U SER A UTHENTICATION 3-43 • 802.1x – Use IEEE 802.1x port authentication to control access to specific por ts. Configuri ng the Logon P assword Th e gues t only h as read acce ss for mo st co nfigura tion pa ramete rs. Ho wev er, t he administ rator has write access for all parameters governing the onbo ard agent. Y ou should t herefore ass ig[...]

  • Page 98

    C ONFIGURING THE S WI TC H 3-44 CLI – Assign a user nam e to acc ess-lev el 15 (i. e., ad ministra tor), then speci fy the pa ssw ord. Configuring L ocal/Remote Logo n Authentication Use th e A uthentic ation Setting s menu to res trict m anagement ac cess bas ed on specif ied user names and passw o rds . Y ou can man ually config ure access righ[...]

  • Page 99

    U SER A UTHENTICATION 3-45 sequenc e and the co rrespon ding parameter s for the re mote authent icat ion prot ocol. Local and remote logon au thenti cation contr ol manag ement a ccess via the cons ole por t, web br owse r, or Telnet. • RADIU S and TAC ACS+ logon auth entic ation assi gn a sp ecific privil ege level for each user nam e/password [...]

  • Page 100

    C ONFIGURING THE S WI TC H 3-46 - Secret Text String – Encryption key used t o authent icate l ogon access for clien t. Do no t use bla nk spaces in the s tring. (Maximum length: 20 ch aracters) - Number of Server Transmits – Number of t imes th e switch tries to auth enti cate logon access via the auth enticatio n serve r. (Range: 1-30; Defaul[...]

  • Page 101

    U SER A UTHENTICATION 3-47 CLI – Sp ecify all the requ ired par ameters to enable log on au thentic ation. Console(config)#authentication login radius 3-93 Console(config)#radius-server host 19 2.168.1.25 3-95 Console(config)#radius-server port 18 1 3-95 Console(config)#radius-server key gre en 3-96 Console(config)#radius-server retrans mit 5 3-9[...]

  • Page 102

    C ONFIGURING THE S WI TC H 3-48 Configuring H TTPS Y ou can confi gure the s witch to enable the Secure H ypertext T ransfer Proto col (HT TPS) over the S ecur e Socket Lay er (SSL ), provid ing secu re access (i.e ., an encrypted con nection ) to th e switc h’ s web in terface . Command Usage • Both t he HTTP and H TTPS se rvice can be e nable[...]

  • Page 103

    U SER A UTHENTICATION 3-49 Secure-si te Certif icate” on page 3-49. Command Attributes • HTTPS St atus – Allows you to enable/disable the HTTPS server featu re on th e switch . (Default : Enabled) • Change HTTPS Po rt Nu mber – Specifies the UDP port n umber used for HTTPS/SSL c onnectio n to t he switch’ s web int erface. (Default: Por[...]

  • Page 104

    C ONFIGURING THE S WI TC H 3-50 Caution: For ma ximum secu rity, we recom mend you obtain a unique Secure Soc kets L ayer certi ficate at the e arliest op portunit y. Thi s is because the default certifi cate for the switch is n ot unique to the hardw are you have pu rcha sed. When y ou hav e obtained th ese, place them o n your T FTP server , and [...]

  • Page 105

    U SER A UTHENTICATION 3-51 Note: The switch supports both SSH Version 1.5 and 2.0. Command Usage The SSH se r ver on this s witch supports b oth passw ord and pub lic k ey authen ticatio n. If p assw ord authe nticati on is sp ecified b y the SSH client, then the password can b e authen ticate d eithe r locally or via a RADIUS o r T A CACS+ remote [...]

  • Page 106

    C ONFIGURING THE S WI TC H 3-52 sho wn in th e follow ing examp le: 1024 35 1341081 6856098 9392104 0944920 1554253 47631641921 8729589 2114317 3880 0555361616 3105177 5940838 6863110 9291232 22682851925 4374603 1009371 8772119 9696317 8136627741 4168985 1320491 1720483 0339254 32410163799 7592371 4490119 3800609 0253948 4084827178 1943722 8840253 [...]

  • Page 107

    U SER A UTHENTICATION 3-53 Teln et sess ions and SS H sess ions . Generatin g the Host Key Pair A host public/ priv ate key pair is used to provide secure communications between an SSH client and the switch. After g enerating this key pair, y ou must provide the host p ublic key to SSH clients and imp ort the client’ s public key t o the swit ch [...]

  • Page 108

    C ONFIGURING THE S WI TC H 3-54 We b – Click S ecurity , Host-Key Se ttings . Select the host-k ey type from th e drop -down bo x, sel ect th e opti on to sa v e the host k ey fro m memory to flash (if required ) prior to g enerating the key , and then click Generate . CLI – This example gen erates a h ost-k ey pair u sing bo th the RSA a nd DS[...]

  • Page 109

    U SER A UTHENTICATION 3-55 Configur ing the SS H Server The SSH server inc ludes basi c sett ings for aut henticat ion. Field Attributes • SSH Se rver S tat us – Allow s you to enable /disable the SSH server on the switc h. (Default: Enable d) • Versio n – The Secure Sh ell version numbe r. Version 2. 0 is displayed , but the swit ch su ppo[...]

  • Page 110

    C ONFIGURING THE S WI TC H 3-56 CLI – T his exam ple en ables S SH, set s the au thentic ation p aramete rs , and disp lays the current config uratio n. It shows th at the adminis trator has made a c onnectio n via SH H, and th en disa bles this connect ion. Configuring P ort Security P or t security is a feature th at allows y ou to configure a [...]

  • Page 111

    U SER A UTHENTICATION 3-57 intr usion w ill be detected and the switch can automatically take action by disabling t he port and sending a trap message. T o use port secur ity , first al low t he switc h to dy namically learn the <s ource MA C address , VLAN> pair for frames received on a port for an initial training p eriod, and the n enable [...]

  • Page 112

    C ONFIGURING THE S WI TC H 3-58 - Shutdown : Disable t he po rt. - Trap and Shutdown : Send an SNMP trap message and dis able the po rt. • Status – Enables or disables port s ecurity on the por t. (Default : Disabled) • Max MAC Count – The maxi mum numb er of MAC addr esse s tha t can be lea rned on a por t. (Ran ge: 0 - 2 0) • Trunk – [...]

  • Page 113

    U SER A UTHENTICATION 3-59 CLI – This example sets the c ommand mode to P ort 5, sets the port security act ion to send a trap and disable th e port, and specifies a maximum address count. Console(config)#interface ethernet 1/ 5 Console(config-if)#port security acti on trap-and-shutdown 3-101 Console(config-if)#port security max- mac-count 20 Con[...]

  • Page 114

    C ONFIGURING THE S WI TC H 3-60 Configuring 802.1x P ort Authentication Netw ork swit ches can provi de open an d easy acc ess to net w ork resour ces by simply attaching a client PC. Althoug h this automatic config uration and access is a des irable feature, it also allows unauth orized person nel to easily intr ude and po ssibly g ain access to s[...]

  • Page 115

    U SER A UTHENTICATION 3-61 certificate . T he RADIUS server v erifie s the client cred entials and respond s with an accept or re ject pa cket . If aut henticati on is su ccessful , the swi tch allows the client to acces s the network. Otherwise, network access is denie d and th e port remains bloc ked. The operat ion o f dot1x on the s witc h requ[...]

  • Page 116

    C ONFIGURING THE S WI TC H 3-62 • dot1x Max Request Count – The maximum numb er of times the switch port will retransm it an EAP re quest packet to the client befo re it times ou t the auth enticatio n session. • Timeout for Quie t Period – Indicat es the ti me that a switch port waits af ter the Max Request Count ha s been exc eeded befo r[...]

  • Page 117

    U SER A UTHENTICATION 3-63 CLI – This exampl e show s the de fault pr otocol s etting s for dot1 x. F or a descri ption o f the add itional e ntries displa yed in t he CLI, s ee “sho w dot1x” on pag e 3-110. Console#show dot1x 3-110 Global 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: [...]

  • Page 118

    C ONFIGURING THE S WI TC H 3-64 Configur ing 802.1x Global Setti ngs Th e dot1 x protoc ol incl udes gl obal para meter s that co ntro l the clie nt authen ticati on pro cess th at runs betw een the client and the switc h (i. e., authen ticato r), as w ell as the clie nt iden tity l ookup pro cess th at runs betw een the s witch and authent ication[...]

  • Page 119

    U SER A UTHENTICATION 3-65 We b – Select Security , 802.1x, Configuration. Enable dot1x g lobally for the switc h, modify any of the para meters requi red, an d then cl ick App ly . CLI – T his enables re-authent ication and sets all of the glob al parameters for dot1x. Configur ing Port Au thorizatio n Mode Whe n dot1x is en abled , you need t[...]

  • Page 120

    C ONFIGURING THE S WI TC H 3-66 Default: 5) • Mode – Sets the authentica tion mode to one o f the follo wing optio ns: - Auto – Requires a dot1x-a ware client to be aut horized by the authentication server. Clients that are not dot1x-aw are will be denied access. - Force-Authorized – Forces the po rt to gran t acce ss to all clients , eithe[...]

  • Page 121

    U SER A UTHENTICATION 3-67 CLI – T his examp le set s the auth entica tion mode to enable 802.1x on por t 2, and allows up to ten clients to conne ct to this por t. Displaying 802.1x S tatistics This sw itch can display statistics for dot1x p rotocol exchanges for any por t. St atistical V a lues Console(config)#interface ethernet 1/2 3-1 Console[...]

  • Page 122

    C ONFIGURING THE S WI TC H 3-68 Tx EAP Req/Id The number of EAP Req/ Id frames tha t have been transmitted by this Authenticator. Tx EAP Req/Oth The number of EAP Reques t frames (other than Rq/Id frames) that have been t ransmitted by this Authentica tor. Parameter Description[...]

  • Page 123

    U SER A UTHENTICATION 3-69 We b – Select Security , 802.1x , Statistics . Select the r equired port and then click Query . Click R efresh to update the st atistics. CLI – This example displays the dot1x statisti cs for port 4. Filtering Management Access Y ou can spe cify the cl ient IP addres ses th at are all ow ed management access to the sw[...]

  • Page 124

    C ONFIGURING THE S WI TC H 3-70 Command Usage • The mana gement interfaces are open to all IP addresses by default . Once you add an entry to a filter list , access to that interface is restri cted to th e speci fied addr esses. • If anyon e tries t o access a managem ent interfac e on the switch f rom an invalid address, the sw itch will rejec[...]

  • Page 125

    U SER A UTHENTICATION 3-71 We b – Click Security , I P Filter . Enter the addresses that are allowed managem ent access to an interface, and click Add IP Filtering Ent r y . CLI – T his exam ple re str icts mana g ement a ccess for T elnet clients. Console(config)#management telnet-client 192.16 8.1.19 3-38 Console(config)#management telnet-cli[...]

  • Page 126

    C ONFIGURING THE S WI TC H 3-72 Access Control L ists Access Control Lists (A CL) pro vide pac ket filteri ng for I P frames (based on add ress, protoc ol, Layer 4 pr otoc ol por t numb er or TCP contr ol code) or any fr ames (bas ed on MA C address or Ethernet typ e). To filter incomin g packets , first crea te an acce ss list, ad d the req uired [...]

  • Page 127

    A CCES S C ONTROL L ISTS 3-73 1.User -defined r ules in t he Egress MAC A CL for e g ress ports . 2.User -defined r ules in t he Egress IP ACL for egress ports . 3.User -defined r ules in the Ingress MAC ACL for ingre ss ports . 4.User -defined r ules in the Ingr ess IP ACL for in gress p orts. 5.Explicit default r u le (per mit any an y) in the in[...]

  • Page 128

    C ONFIGURING THE S WI TC H 3-74 CLI – This example creates a standard IP A CL na med bill. Configur ing a Standar d IP ACL Command Attributes • Action – An A CL can contain all permit rules or all deny rules. (Default: P ermit rules) • IP – Speci fies the s ource IP a ddress. Use “Any” to inc lude all po ssible address es, “Ho st”[...]

  • Page 129

    A CCES S C ONTROL L ISTS 3-75 select “IP ,” enter a su bnet addre ss and th e mask for a n add ress ra ng e. The n click Add. CLI – This example c onfigu res one permit rule for the sp ecific add ress 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Confi guring an Ext ended IP ACL Command Attribut[...]

  • Page 130

    C ONFIGURING THE S WI TC H 3-76 (See the description for S ubMask on page 3-74.) • Service Type – Packet pr iority s etting s based on t he follo wing crit eria: - Preced ence – IP pre cedence l evel. (Ran ge: 0-7) - TOS – Type of Ser vice level. (Range: 0 -15) - DSC P – DSCP priority level. ( Range: 0-64) • Protocol – Speci fies the [...]

  • Page 131

    A CCES S C ONTROL L ISTS 3-77 We b – Specify the acti on (i.e ., Permit or Deny). Specify th e source an d/or desti nation addresses . Select the address t ype (Any , Host, or IP). If you selec t “Host, ” enter a specifi c address . If y ou select “IP , ” enter a subnet address an d the mask for an addr ess range . Set any ot her require [...]

  • Page 132

    C ONFIGURING THE S WI TC H 3-78 (3)Perm it all TCP pack ets from class C addresses 192.168.1.0 with the TCP co nt rol co de s et to “S YN . ” Configur ing a MAC AC L Command Attributes • Action – An A CL can contain all permit rules or all deny rules. (Default: P ermit rules) • Source/Destination MAC – Use “ Any” to incl ude all pos[...]

  • Page 133

    A CCES S C ONTROL L ISTS 3-79 - Untagge d-eth2 – Unta gged Ether net II pack ets. - Untagge d-802.3 – Untagg ed Ether net 802. 3 packets . - Tagg ed-eth2 – Tagg ed Ethernet II packets . - Tagge d-8 02.3 – Tagged Etherne t 802.3 pack ets. Command Usage • Egres s MAC AC Ls only wo rk for de stinatio n- mac-know n pack ets, not for multica s[...]

  • Page 134

    C ONFIGURING THE S WI TC H 3-80 We b – Specify the acti on (i.e ., Permit or Deny). Specify th e source an d/or desti nation addresse s . Se lect the address type (Any , Host, or MA C). If y ou select “Host,” enter a specific ad dress (e .g ., 11-22-33-44-55-66). If you select “MA C, ” enter a base address and a hexidecimal bit mask for a[...]

  • Page 135

    A CCES S C ONTROL L ISTS 3-81 Configuri ng ACL Masks Y ou can specify opt ional masks that c ontrol the order in w hich A CL r ules are c heck ed. The switc h includes two system default masks that pas s/filter pack ets match ing the pe r mit/deny r ules sp ecified in an ingress A CL. Y ou can als o configure up to seven user -defined masks fo r an[...]

  • Page 136

    C ONFIGURING THE S WI TC H 3-82 We b – Click Security , ACL, A CL Mask Co nfiguration. Click Edit for one of the basic mas k types to open the con figuration page. CLI – This exam ple crea tes an I P ingre ss mas k, and then add s two r ules. Each rul e is c hecked in order of preced ence t o look f or a match in the ACL entr ies. The first ent[...]

  • Page 137

    A CCES S C ONTROL L ISTS 3-83 match this bitmask. (See the description for SubMask on page 3-74.) • Protocol B itmask – Check th e proto col field. • Service Type – Check the rule for the specified priority type. (Option s: Preceden ce, TOS, DS CP; Default: TOS) • Src/Dst Por t Bitmas k – Prot ocol por t of rule must matc h this bitmask[...]

  • Page 138

    C ONFIGURING THE S WI TC H 3-84 We b – Configur e the mask to m atch the requir ed r ul es in the IP in g ress o r egress A CLs . Set the m ask to c hec k for any so urce or des tination address , a specifi c host add ress , or an address range. Include oth er crit eria to se arch for in th e r ules , such as a protocol ty pe or on e of the se r [...]

  • Page 139

    A CCES S C ONTROL L ISTS 3-85 10.1.1.1 255.255.255.255” r ule has the higher prec edence according the “mask ho st any” entry. Confi guring a MAC ACL Mask This mask defin es the fields to chec k in the pack et header . Command Usage Y ou must configure a mask for an A CL rule before you c an bind it t o a por t. Command Attributes • Source/[...]

  • Page 140

    C ONFIGURING THE S WI TC H 3-86 specific VL AN ID(s ) or Ether ne t type(s). Or check for r ules where a pack et f or mat was specified. Then click Add .[...]

  • Page 141

    A CCES S C ONTROL L ISTS 3-87 CLI – T his exa mple shows how to crea te an Ing ress MAC A CL and bind it to a po rt. You can then see that the ord er of the rul es have been changed by the ma sk. Binding a Port t o an Access Control List After co nfiguring th e Acce ss Cont rol Li sts (ACL), you can bind th e por ts that nee d to filter traffic t[...]

  • Page 142

    C ONFIGURING THE S WI TC H 3-88 • The swi tch does not sup port the explicit “deny a ny any” ru le for the egress IP ACL o r the egre ss MAC ACL s. If t hese rules are in cluded in an ACL, a nd you attempt to bind the ACL to an int erface for egres s checking, the bind operation will fail. Command Attributes •P o r t – Fixed port or SFP m[...]

  • Page 143

    P ORT C ONFIGURATION 3-89 CLI – This examples assign s an IP and MA C ing ress A CL to por t 1, and an IP ing re ss A CL to por t 2. Port Conf iguration Displaying Connection Status Y ou can use the P or t Inf or mation or T r unk In for matio n pag es to display the current c onnecti on stat us , incl uding link sta te, sp eed/dupl ex mode , flo[...]

  • Page 144

    C ONFIGURING THE S WI TC H 3-90 • Trunk Member 1 – Shows i f port is a trunk m ember. • Creation 2 – Sho ws if a trunk is manually configured or dynamically set via LACP. 1: Port Information only . 2: T runk Information only We b – Click P or t, Port Infor mation or T r unk Infor mation. Field Attributes (CLI) Basic informa tion: • Port[...]

  • Page 145

    P ORT C ONFIGURATION 3-91 • Capabilities – Specifies the capab ilities to b e advertised fo r a port durin g aut o-neg otiat ion. (To acce ss this item on t he we b, se e “Confi guring Interf ace Co nnec tions ” on page 3-48.) The f ollowing capabilities are supported . • 10half - Sup ports 1 0 Mbps half -dup lex op eratio n • 10full - [...]

  • Page 146

    C ONFIGURING THE S WI TC H 3-92 mode. • Flow control type – Indicates th e typ e of flow cont rol cur rently i n use. (IEEE 802.3x, Back-Pressure or none) CLI – This example s hows t he connect ion sta tus for P ort 5. Console#show interfaces status ethernet 1/5 3-11 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-[...]

  • Page 147

    P ORT C ONFIGURATION 3-93 Configuring I nterface Connections Y ou can use the P o rt Configuration or T r unk Configuration page to enable/disable an int erface, set a uto-n egotiati on and the in terf ace capabilities to advert ise, or manually fix the spe ed, duplex mod e, and flow contr ol. Command Attributes • Name – Allows you to label an [...]

  • Page 148

    C ONFIGURING THE S WI TC H 3-94 stat ions or segm ents conn ected dire ctly to the swit ch wh en its buffers f ill. When en abled, ba ck pressure i s used for half-duplex operation and IEEE 802.3x for full-duplex opera tion. (Avoid using flow control on a port connected to a hub unless it is actually requir ed to solv e a prob lem. Oth erwise back [...]

  • Page 149

    P ORT C ONFIGURATION 3-95 We b – Click P or t, P or t Configuration or T r un k Configuration. Modify the required interface settings, and c lick Apply . CLI – Sele ct the in terfac e, and the n enter th e req uired se ttings. Console(config)#interface ethernet 1/ 13 3-1 Console(config-if)#description RD SW# 13 3-2 Console(config-if)#shutdown 3[...]

  • Page 150

    C ONFIGURING THE S WI TC H 3-96 Creating Trunk Groups Y ou can create m ultipl e links betw een devices that w ork as on e virtual, ag g regate link. A port tr unk offers a d ramatic increase in b andwidth fo r network segments wher e bottlenecks exist , as well as providing a fault-t olerant lin k betw een tw o devices . Y ou can create u p to six[...]

  • Page 151

    P ORT C ONFIGURATION 3-97 • When conf iguring static trunks on switch es of different t ypes, they must be compat ible wi th the Cisco Eth erChanne l stan dard. • The ports at both ends of a trunk must be c onfigured in a n identical manner, including communication mod e (i.e., speed , duplex mode and flow co ntro l), VLA N assi gnmen ts, and C[...]

  • Page 152

    C ONFIGURING THE S WI TC H 3-98 and cl ick Add. After y ou ha ve c omplete d addin g ports to the me mber lis t, click Apply .[...]

  • Page 153

    P ORT C ONFIGURATION 3-99 CLI – This example creates tr unk 2 wit h ports 9 and 10. Just c onnect these ports to tw o sta tic trunk ports on an other s witch to form a tr unk. Enabling LACP o n Selected Port s Command Usage • To av oid cr eati ng a loop in the networ k, be s ure yo u en able LA CP befor e conn ect ing the port s, and also disco[...]

  • Page 154

    C ONFIGURING THE S WI TC H 3-100 assign ed the n ext availab le trunk ID . • If more t han four por ts attach ed to the s ame target s witch ha ve LACP enabled, the addition al ports will be placed in st andby mode, and will only be enabled if one of the active links fails. • All ports on both ends of an LACP trunk must be configured for full d[...]

  • Page 155

    P ORT C ONFIGURATION 3-101 CLI – T he fo llowing ex amp le en abl es LACP f or p or ts 1 to 6 . Just conn ect these ports to LA CP-enabled tr unk ports on another s witch to form a tr unk. Configur ing LACP P arameters Dynami cally Creat ing a Port Chann el – P ort s assigned to a common por t channe l must meet the foll owing criteria: • Por[...]

  • Page 156

    C ONFIGURING THE S WI TC H 3-102 Note – If the port channel admin key (lacp admin key, page 3 -26) is not set ( through the CLI) when a channel group is formed (i.e., it has a null val ue of 0), this key is set to the same value as the port admin key used by the interfaces that joined the group (lacp admin key, as described in this section and on[...]

  • Page 157

    P ORT C ONFIGURATION 3-103 We b – Click P or t, LACP , Ag g reg ation Port. Set the System Priori ty , Admin Key , and P ort Priority for the P ort Actor . Y ou can optionally config ure these se ttings for the P ort Part ner . (Be aware that thes e settings only affect the adminis trative state of the par tn er, and will not take effec t until t[...]

  • Page 158

    C ONFIGURING THE S WI TC H 3-104 CLI – The followi ng example co nfigures L A CP paramet ers for ports 1-6. P o rts 1-4 are used as active members of the LA G; ports 5 and 6 are set to backup mo de. Displaying LACP Port Counter s Y ou can display stati stics fo r LACP protoc ol mes sag es. Coun te r Info rma tio n Console(config)#interface ethern[...]

  • Page 159

    P ORT C ONFIGURATION 3-105 We b – Click P or t, LACP , P o rt Coun ters Infor matio n. Select a member port to dis pla y the correspond ing in for mation. CLI – The follow ing examp le displa ys LA CP counte rs for po rt channel 1. LACPDUs Unknown Pkts Number of frames received tha t either (1) Carry the Slow Protocols Etherne t Type value, but[...]

  • Page 160

    C ONFIGURING THE S WI TC H 3-106 Displaying LACP Settings and St atus for the Local Sid e Y ou can display configuration set tings and the oper ational state for the local side of an link ag g reg ation. Inte rn al C on fig ura tio n I nf orm at ion Field Description Oper Key Current operatio nal value of the key for the aggre gation port. Admin Ke[...]

  • Page 161

    P ORT C ONFIGURATION 3-107 We b – Click P or t, LACP , P ort Inter nal Infor mation. Select a port channel to disp lay th e cor respon ding info r mation. LACP Port Priority LACP port priority assigned to this interface within the channel group. Admin Stat e, Oper Stat e Administ rative or operation al values of th e actor’s state pa rameters :[...]

  • Page 162

    C ONFIGURING THE S WI TC H 3-108 CLI – The follow ing examp le displa ys the LA CP configurati on settin gs and op erational state for the lo cal side of port ch annel 1. Displaying LACP Settings and St atus for the Remote Sid e Y ou can display configuration set tings and the oper ational state for the remote side of an link ag gr eg ation. Cons[...]

  • Page 163

    P ORT C ONFIGURATION 3-109 Neighbor Co nfiguration Inform ation We b – Click P or t, LACP , P ort Neigh bors Infor mation. Select a por t channel to display the cor resp onding infor mation. Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the user. Partner Oper System ID LAG partner’s sys tem ID assigned by t he[...]

  • Page 164

    C ONFIGURING THE S WI TC H 3-110 CLI – The follow ing examp le displa ys the LA CP configurati on settin gs and op erational state for the rem ote side of port ch annel 1. Console#show 1 lacp neighbors 3-28 Channel group 1 neighbors ----------------------------------------------- -------------------------- Eth 1/1 --------------------------------[...]

  • Page 165

    P ORT C ONFIGURATION 3-111 Setting Broadcast Storm Thre sholds Broadc ast storms may occu r when a d evice on y our netw ork is malfunctioning, o r if application prog rams are not well designed or proper ly config ured. I f there i s too m uch broadcas t traf fic on y our network, per for ma nce ca n be severel y deg rad ed or ever yt hing can c o[...]

  • Page 166

    C ONFIGURING THE S WI TC H 3-112 CLI – Sp ecify any i nterf ace, and then enter the th reshol d. T he followin g disab les br oadcast storm control fo r port 1, and then s ets broa dcast suppression at 600 pack ets per second for port 2. Console(config)#interface ethernet 1/1 3-1 Console(config-if)#no switchport broadcast 3-9 Console(config-if)#e[...]

  • Page 167

    P ORT C ONFIGURATION 3-113 Configuri ng Port Mirr oring Y ou can mirror traffi c from any s ource por t to a targ et po r t for r eal -time analysis . Y ou can then attach a logic analyzer o r RMON pr obe to th e target port and stud y the traffic crossing t he source po rt in a completely uno btrusiv e manner . Command Usage • Monito r port spee[...]

  • Page 168

    C ONFIGURING THE S WI TC H 3-114 CLI – U se the inter fac e co mman d to sele ct th e mo nitor por t , the n us e the por t moni tor comm and to sp ecify th e source por t. Not e that d efault mir roring under the CLI is for bot h receiv ed and transmitted packets . Console(config)#interface ethernet 1/10 3-1 Console(config-if)#port monitor ether[...]

  • Page 169

    P ORT C ONFIGURATION 3-115 Configuring Rate Lim its This f unctio n allows the ne twork manag er to co ntro l the maximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is config ured on interfa ces at the edg e of a ne twork to limit t raffic int o or ou t of the switch. T r affic that falls within the rate limit is trans[...]

  • Page 170

    C ONFIGURING THE S WI TC H 3-116 We b - Click Rate Limit, Input/ Output Port/Trunk C onfigura tion. S et the Input Rate Limit St atus or Output Ra te Limit Status, then set t he rate limit for the ind ividual interfac es, and clic k Apply . CLI - This example sets the rate limit for inp ut and outp ut traffic passing through por t 1 to 600 Mbps. Sh[...]

  • Page 171

    P ORT C ONFIGURATION 3-117 sinc e the las t syst em reboot , and are sho wn as co unts p er secon d. Statist ics are refres hed ev er y 60 seconds b y default. Note: RM ON g rou ps 2, 3 and 9 can only be a cce ssed us ing SN MP management software such as HP OpenView. St atistical V a lues Parameter Description Interf ace Stat istics Received Octet[...]

  • Page 172

    C ONFIGURING THE S WI TC H 3-118 Transmit Multicas t Packets The total number of packet s tha t highe r-level protocol s requested be transmitted, an d which were addressed to a multicast address at this su b-layer, inc luding those that were discarded or not sent. Transmit Broadcast Packets The total number of pa ckets that highe r-lev el protocol[...]

  • Page 173

    P ORT C ONFIGURATION 3-119 Carrier Sense Errors The number of times that the carrier se nse condition was lost or never asserted when a ttempting to transmit a frame. SQE Test Errors A count o f times that the SQE TEST ERROR m essage is generated by the PLS sublayer for a particu lar interfac e. Frames To o Long A co unt of frames received on a p a[...]

  • Page 174

    C ONFIGURING THE S WI TC H 3-120 We b – Click P or t, Po r t Statistics . Select the required interface, and click Quer y . Y ou can als o use th e Refres h button at the bott om of the pag e to update th e screen. Oversize Frames The total number of frame s received that were longer tha n 1518 octets (excludi ng framing bits, but inclu ding FCS [...]

  • Page 175

    P ORT C ONFIGURATION 3-121[...]

  • Page 176

    C ONFIGURING THE S WI TC H 3-122 CLI – This example show s statistics for port 12. Addre ss Ta ble Settin gs Switches sto re t he addre sses f or all known devic es . This info r matio n is used to pass t raffic di rectly betwee n the i nbound and outb ound po rts . All the add resses learned by m onitorin g traffic ar e stored in the dy namic ad[...]

  • Page 177

    A DDR ES S T ABLE S ETTINGS 3-123 Command Attributes • Static Address Counts * – The num ber of ma nually co nfigured addr esses. • Current Static Addr ess Table – Lists all the static addresses. • Interface – Port or trunk ass ociated with t he device assigne d a static address. • MAC Address – Physica l address of a device mapp ed[...]

  • Page 178

    C ONFIGURING THE S WI TC H 3-124 CLI – This example adds an address to the static address table, but sets it to be deleted w hen the switch is rese t. Displaying the Address Table The Dynamic Address T able c ontains the MA C address es learned b y monit oring th e source address f or tra ffic enteri ng the s witch . When th e destination add res[...]

  • Page 179

    A DDR ES S T ABLE S ETTINGS 3-125 CLI – This example a lso dis play s the addre ss table entries fo r port 1. Changing the Agin g Time Y ou can se t the agin g time fo r entries in the dy namic a ddress ta ble. Command Attributes • Aging Time – The time af ter which a learne d entry i s discar ded. (Range: 10-1000000 seconds; Default: 300 sec[...]

  • Page 180

    C ONFIGURING THE S WI TC H 3-126 CLI – This example sets the aging time to 400 seconds . Spanni ng Tree Al gorith m Confi gurat ion The Spa nning T ree Algorith m (S TA) can b e used to dete ct and disab le network loops, and to provide ba ckup links betwee n swit ches , bridg e s or routers . T his allows t he swit ch to interact w ith oth er br[...]

  • Page 181

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-127 there fore only for warde d bet ween root por ts and d esigna ted p or ts, eliminating any p ossible network loops . Once a stab le network topolog y has been es tablished, all bridg es list en for Hello BPDUs (Brid ge Protoc ol Data Units) transmit ted from the Root Bridge. If a bridge does not g [...]

  • Page 182

    C ONFIGURING THE S WI TC H 3-128 • Max Age – The maximum time (in s econds) a device can wait witho ut receivi ng a conf iguratio n messa ge befor e attempt ing to r econfigure . All devic e ports (except for design ated po rts) shoul d receive configuration messages at regular inter vals. Any port that ages out STA information (p rovided in th[...]

  • Page 183

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-129 These additio nal parameter s are only display ed for the CLI: • Spanning tree mode – Specifies t he type of span ning tre e used on this switch: - STP : Spa nning Tree Pr otocol (I EEE 8 02.1D) - RSTP : Rapid Spanning Tree (IEEE 802.1w) - • Instance* – • Vlans configuration – VL ANs as[...]

  • Page 184

    C ONFIGURING THE S WI TC H 3-130 • Root Hold Time – The in terv al (in se conds ) duri ng whic h no more than two bridge con figuration pro tocol dat a units shall b e transm itted by this no de. •M a x h o p s – The m ax numb er of hop counts for the MST reg ion. • Remaining hops – T he re maining number of hop c ounts fo r the MST ins[...]

  • Page 185

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-131 CLI – This command displays globa l ST A settings, f ollow ed by settings for each port . Note: The current root po rt and curren t root cost disp lay as z ero when this de vice is n ot connect ed to the network. Configuring Global Setti ngs Global sett ings ap ply to the entire sw itch. Command [...]

  • Page 186

    C ONFIGURING THE S WI TC H 3-132 - STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a po rt’s migration de lay timer expi res, the sw itch assumes it is connected to an 802. 1D bridge and starts using only 802.1D BPDUs. - RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives an RSTP BPDU after the migrat ion [...]

  • Page 187

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-133 Root Device Configuration • Hello Time – Int erval (in second s) at which th e root device t ransm its a configuration message. •D e f a u l t : 2 • Minimum: 1 • Maximum: The low er of 10 or [(Max. Mess age Age / 2) -1] • Maximum Age – The maximum time (in seconds) a device can wait w[...]

  • Page 188

    C ONFIGURING THE S WI TC H 3-134 betwee n devices. Th e path cost me thod is used to determ ine the range of value s that can be assigned to each int erface. • Long: Specifies 32-bit based values that range from 1-200,000,000. ( T h i si st h e d e f a u l t . ) • Short: Specifies 16-bit based values that ra nge from 1-65535. • Transmissio n [...]

  • Page 189

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-135 We b – Click Spanning T ree, ST A, Configuration. Modify the required attributes , and click Apply .[...]

  • Page 190

    C ONFIGURING THE S WI TC H 3-136 CLI – T his examp le en able s Sp annin g T ree P rotoc ol, set s the mode t o MST , and then configure s the ST A and MSTP para meters . Displaying Interface Setti ngs The ST A P or t Infor mation and ST A T r unk Information pages d isplay t he cur rent s tatus o f por ts a nd tr unks in the S pannin g T r ee. F[...]

  • Page 191

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-137 - All po rts are discard ing when the sw itch is bo oted, then som e of them ch ange stat e to le arn ing, and t hen t o f orwa rd ing. • Forward Transitions – T he number o f times t his port has trans itione d from t he Le arnin g st ate t o the Fo rwa rdin g stat e. • Designated Cost – T[...]

  • Page 192

    C ONFIGURING THE S WI TC H 3-138 (STA Port Information o nly) These additio nal parameter s are only display ed for the CLI: • Admin status – Shows if this inte rface is enabled. • External path cost – The path cost for the IST. This param eter is used by the S TA to determ ine the best pa th betw een devi ces. Therefor e, lower values sho [...]

  • Page 193

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-139 an active link in the Span ning Tree. This makes a p ort with higher priority less likely to be blo cked if the Spannin g Tree Algorithm is detect ing networ k loops. Wh ere more th an one p ort is ass igned the highest priority , the port with the lowest n umeric iden tifier will be enabled. • D[...]

  • Page 194

    C ONFIGURING THE S WI TC H 3-140 We b – Click Sp anning T ree, ST A, P ort Infor mation or ST A T r unk Infor mation. CLI – This example s hows t he ST A attr ibutes for po rt 5. Configuring I nterface Settings Y ou can confi gure RSTP a ttributes for specifi c interfa ces , incl uding port prior ity , path c ost, li nk type , and edge port. Y [...]

  • Page 195

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-141 Command Attributes The followin g attributes are read-only an d cannot be chan ged: • STA S tat e – Displ ays curren t state o f this port withi n the Spann ing Tree. (See Dis playing In terfac e Settings on pa ge 3-136 for addi tional information.) • Discarding - Port receives STA configurat[...]

  • Page 196

    C ONFIGURING THE S WI TC H 3-142 ports attache d to fast er media, and high er values a ssigned to port s with slower m edia. (P ath cost take s precede nce over po rt prior ity.) N ote that wh en the Pa th Cost M ethod is set to sho rt (page 3-63) , the maximum path cost is 65,535. •R a n g e – - Ethe rnet: 200,00 0-20,000,000 - Fast Ethernet:[...]

  • Page 197

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-143 Configuration or Topology Change Notificatio n BPDUs, it will automatically set the se lected interface to forced STP-comp atible mode. Ho wever , you ca n also u se the P rotoc ol Migrat ion bu tton t o manually re-che ck th e appr opriate BPDU f orm at (RS TP or STP-compat ible) to send on the se[...]

  • Page 198

    C ONFIGURING THE S WI TC H 3-144 1-4094) We b – Click Span ning T ree, MST P , VLAN Config urati on. Sele ct an instance iden tifier from the list, se t the instanc e priority , and c lick Apply . T o add the VLAN membe rs to an MSTI in stance, enter t he instanc e ident ifier , the VLAN i dentifie r, and clic k Add.[...]

  • Page 199

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-145 CLI – T his displays ST A settings for instan ce 1, followed b y settings for eac h port. Console#show spanning-tree mst 2 3-51 Spanning-tree information ---------------------------------------- ----------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enabl e Instance :2 Vla[...]

  • Page 200

    C ONFIGURING THE S WI TC H 3-146 CLI – This example s ets the p riority fo r MSTI 1, an d adds VLANs 1-5 to this MSTI. Displaying Interface Setti ngs for MSTP The MSTP Port In for ma tion an d MSTP T r un k Infor m ation page s display the current s tatus of p orts and trunks in t he sele cted MST i nstance . Field Attributes MST Instance ID – [...]

  • Page 201

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-147 IST (page 3-127), the settings for other instances only apply to the local spanni ng tre e. Console#show spanning-tree mst 0 3-51 Spanning-tree information ---------------------------------------- ----------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enabl e Instance :0 Vla[...]

  • Page 202

    C ONFIGURING THE S WI TC H 3-148 Configuring I nterface Settings for MSTP Y ou can confi gure the ST A interface set tings f or an MST I nstance us ing the MSTP P or t Configuration and MSTP T r unk Configuration p ages. Field Attributes The followin g attributes are read-only an d cannot be chan ged: • STA S tat e – Displ ays curren t state o [...]

  • Page 203

    S PANNING T RE E A LGOR ITH M C ONFIGURATION 3-149 the be st path between d evices. Ther efore, l ower values should b e assign ed to po rts at tached to fa ster me dia, and h igher val ues assig ned to po rts with slower m edia. (P ath cost takes pr ecedence over port prio rity .) No te tha t when the P ath Co st Met hod is set to sho rt (pa ge 3-[...]

  • Page 204

    C ONFIGURING THE S WI TC H 3-150 VLAN C onf igur ation Overview In la rge netw orks , routers ar e used to is olate broadcast t raffic fo r each subnet into se parate domains. This switch provides a similar ser vice at Layer 2 by u sing VLAN s to or g anize an y g ro up of net work nodes into sepa rate br oadc ast domain s . VLAN s confine broad ca[...]

  • Page 205

    VLAN C ONFIGURATION 3-151 • Priori ty tag ging Assigning Ports t o VLANs Before enabling VLANs for the switch , you must first assign eac h port to the VLAN g roup (s) in which it will par ticipate. By default all por ts are assigned to VLAN 1 as untagg ed ports . Add a port as a tagg ed port if yo u want it to ca r r y traffi c for one or more V[...]

  • Page 206

    C ONFIGURING THE S WI TC H 3-152 P or t Overlapping – Por t overlapp ing ca n be used to allo w acce ss to common ly shared ne tw ork reso urces among di fferent VL AN g roup s , such as file ser vers or printers. Note that if you impleme nt VLANs wh ich do not overlap , but still nee d to communicate, you can connect them by enabled routing on t[...]

  • Page 207

    VLAN C ONFIGURATION 3-153 GVRP on th e boun dar y po rts to preven t advertis eme nts from be ing propag ated, or forbid those por ts from joining restricted VLAN s . Note: If you hav e host devices that do not su pport GV RP, you shou ld confi gure sta tic or unt agged VLA Ns for th e switch ports connec ted to th ese devic es (as d escribed in ?[...]

  • Page 208

    C ONFIGURING THE S WI TC H 3-154 from a VLAN-una ware device, it fir st decides where to forward the fr ame, and th en inserts a V LAN ta g reflecting t he ingress po rt’ s default VI D . Enabling or Disabling GVRP (Global Setting) GARP VLA N Re gist ration Prot ocol (GV RP) define s a wa y for switch es to exc hang e VLAN infor m ation in ord er[...]

  • Page 209

    VLAN C ONFIGURATION 3-155 VLANs t hat can be confi gured on this swi tch. * W eb Only We b – Click VLAN , 802.1Q VLAN, Basic Information. CLI – Enter the following command. Displaying Curre nt VLANs The VLAN Curren t T able sho ws the cur rent p ort members o f eac h VLAN and whethe r or not the po r t supp orts VLAN tagging . P orts assi gned [...]

  • Page 210

    C ONFIGURING THE S WI TC H 3-156 - Permanent : Adde d as a static en try. • Egress Ports – Show s all the VL AN po rt mem bers. • Untagged Ports – Show s the unta gged VL AN port me mbers . We b – Click VLAN , 802.1Q VLAN, Cu r rent T able. Select any ID fro m the scr oll-down list. Command Attributes (CLI) • VLAN – ID of configured V[...]

  • Page 211

    VLAN C ONFIGURATION 3-157 CLI – Cur rent VLAN infor mat ion can be disp layed with the following command. Console#show vlan id 1 3-64 VLAN Type Name Status Por ts/Channel groups ---- ------- ----------- ------ --- --------------------------------- 1 Static DefaultVlan Active Eth1 /1 Eth1/2 Eth1/3 Eth1/4 Eth1/5 Eth1 /6 Eth1/7 Eth1/8 Eth1/9 Eth1/10[...]

  • Page 212

    C ONFIGURING THE S WI TC H 3-158 Creati ng VLANs Use th e VLAN Stati c List t o create or remov e VLAN groups . T o propagate information about VLAN groups used on this switc h to external netw ork devices , you mus t specify a V LAN ID for eac h of these gro ups . Command Attributes •C u r r e n t – List s all the c urrent V LAN gro ups cr eat[...]

  • Page 213

    VLAN C ONFIGURATION 3-159 CLI – T his examp le cr eate s a new V LAN . Adding Stat ic Members t o VLAN s (VLAN Index) Use the V LAN Static T able to confi gure port member s for the s elected VLAN index. Assign por ts as tag g ed if they are connected to 802.1Q VLAN com pliant d evices , or untag ged they a re not c onnecte d to any VLAN-a war e [...]

  • Page 214

    C ONFIGURING THE S WI TC H 3-160 • Name – Name of the VLAN (1 to 32 charac ters). • Status – Enables o r disab les the s pecified VLAN. - Enable : VLAN is oper ational. - Disable : VLA N is sus pended; i.e., do es not pass pac kets. • Port – Port id entifier. • Trunk – Trun k id ent ifi er. • Membership Type – Select VLAN memb e[...]

  • Page 215

    VLAN C ONFIGURATION 3-161 We b – Click VLAN , 802.1Q VLAN , Static T able. Select a VLAN ID from the scrol l-down list. Modify the VLAN name and status if re quired. Select the membe rship ty pe by marking the appropr iate radio butto n in the list of por ts or tr unks. Click Apply . CLI – The follow ing examp le adds tag ged and untagged ports[...]

  • Page 216

    C ONFIGURING THE S WI TC H 3-162 • Non-Member – VLANs for w hich the se lected interface is not a tagged member .[...]

  • Page 217

    VLAN C ONFIGURATION 3-163 We b – Open VLAN , 802. 1Q VLAN , St atic Membership . Select an interfa ce from th e scro ll-down box (P or t or T r unk). Clic k Quer y to displa y membership in for matio n for the interface. Select a VLAN ID , and then click Add t o add the int erface as a tagg ed member , or clic k Re mov e to remov e the interface.[...]

  • Page 218

    C ONFIGURING THE S WI TC H 3-164 bridged LAN. The de fault values for t he GARP tim ers are indepen dent of t he media access met hod or d ata rate. Th ese values should not be changed u nless you are ex perienci ng diff iculties with GVRP regis tration/ deregist ration. Command Attributes • PVID – VLAN ID assig ned to unta gge d fram es re cei[...]

  • Page 219

    VLAN C ONFIGURATION 3-165 must be globally enable d for the switch before this setti ng can take effect. (See “Disp laying Bridge Extensio n Capabilities” on page 3-18.) When disabled, any GVRP packets rec eived on this port will be discarded and no GVRP reg istrations will b e propagated from othe r ports. ( De fault: Disa bled ) • GARP J oi[...]

  • Page 220

    C ONFIGURING THE S WI TC H 3-166 * Timer settings must follow th is r ule: 2 x (join timer) < le av e timer < leav eAll timer We b – Click VLAN , 802.1Q VLAN, P or t Configuration or VLAN T r unk Configuration. Fill in the required settings for each interface , click Apply . CLI – This example s ets port 3 to accept o nly tagg ed frames ,[...]

  • Page 221

    VLAN C ONFIGURATION 3-167 Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isolat ion betw een p orts withi n the assi gned VLAN . Data traff ic on d ownlink ports can onl y be forw arded to , and from, uplink ports . (Not e that pri vat e VLANs and nor m al VLANs can exis t simultaneously wi thin th e same switch.) Enab[...]

  • Page 222

    C ONFIGURING THE S WI TC H 3-168 Confi guring Upli nk and Downlink Ports Use the Pri v ate VLAN Link Stat us page to set ports as dow nlink or uplin k ports . P orts designa ted as do wnlink p orts can not commun icate wi th any other por ts on th e switch except for the uplink po r ts. Uplink por ts can communic ate with any other p orts on the sw[...]

  • Page 223

    VLAN C ONFIGURATION 3-169 por t, its V LAN me mbersh ip can th en be de ter mined bas ed on the protoc ol t ype be ing u sed by th e in boun d p ackets. Command Usage T o config ure pr otocol- based V LANs , follo w the se steps: 1. Fir st config ure VLAN groups for the protoc ols y ou w ant to use (page 3-158). Altho ugh not mandator y , we sug ge[...]

  • Page 224

    C ONFIGURING THE S WI TC H 3-170 CLI – The follo wing creates p rotoc ol group 1, and then sp ecifies E thernet frames with IP and ARP pr otocol type s . Mapping Protocols to VLANs Map a protocol g roup to a VLAN for ea ch interface that will part icipate in the g ro up . Command Usage • When c reatin g a protoc ol-ba sed VLAN, o nly assig n in[...]

  • Page 225

    VLAN C ONFIGURATION 3-171 Command Attributes • Interface – Po rt or trunk i denti fier. • Protocol G roup ID – Group identifier of this protocol group. (Range: 1 -21474836 47) • VLAN I D – VLAN to w hich ma tching proto col t raffi c is f orwa rded. (Range: 1-4094) We b – Click VLAN , Protocol VLA N , Port Configuration . Select a a p[...]

  • Page 226

    C ONFIGURING THE S WI TC H 3-172 Class o f Service Conf iguration Class of Ser vic e (CoS) allows you to specify wh ich data pack ets have greater pr ecedence whe n traffi c is buff ered in th e switc h due to cong esti on. T his sw itch suppo r ts CoS wit h eigh t prio rity qu eues for each port. Data packets in a por t’ s high-priority queue wi[...]

  • Page 227

    C LASS OF S ER VICE C ONFIGURATION 3-173 * CLI di splays this i nformation as “Priorit y for untagged traffic. ” We b – Click Priority , Default Port Prior ity or Default Trunk P riority . Modify th e default p riority for any inte rface, the n click Apply . CLI – T his examp le assigns a d efault priority of 5 to por t 3. Console(config)#i[...]

  • Page 228

    C ONFIGURING THE S WI TC H 3-174 Mappin g CoS Val ues to E gress Queues This sw itch processes Class of Ser vice (Co S) priority tag g ed traffic by using e ight priorit y queues fo r each port, with ser vice sc hedule s based o n strict or W eigh ted Round R obin (W RR). Up to ei ght se parate tr affic priorities are defined in IEEE 802.1p. The de[...]

  • Page 229

    C LASS OF S ER VICE C ONFIGURATION 3-175 prior ities t o the traf fic clas ses (i. e. , output q ueues) fo r the se lected interface, then click Apply . CLI – The follo wing exam ple sho w s ho w to c hange th e CoS assig nments to a on e-to-one mappi ng . * Mapping s pecific values f or CoS priorities is i mplemented as an interfac e configurati[...]

  • Page 230

    C ONFIGURING THE S WI TC H 3-176 Selecting the Queue Mode Y ou can se t the s witch to ser vice th e queue s base d on a str ict r u le that require s all tr affic in a higher priorit y queue to be proce ssed bef ore low er prior ity queu es are serviced, o r use W eight ed Ro und-R obin (WRR) queuing th at specifies a relativ e weight of each queu[...]

  • Page 231

    C LASS OF S ER VICE C ONFIGURATION 3-177 described in “Mapping CoS V alues to Eg ress Queues” o n page 3-174, the traffic classes are mappe d to one o f the ei ght egress queue s pro vided for eac h port. Y ou can a ssign a weig ht to each o f these queues (an d th ereby to the co r respon ding traff ic priori ties). This weig ht sets t he freq[...]

  • Page 232

    C ONFIGURING THE S WI TC H 3-178 CLI – The follow ing examp le sho ws ho w to as sign WRR w eights to eac h of the priority qu eues . Console(config)#queue bandwidth 1 3 5 7 9 11 13 15 3-81 Console(config)#exit Console#show queue bandwidth 3-84 Information of Eth 1/1 Queue ID Weight -------- ------ 0 1 1 3 2 5 3 7 4 9 5 11 6 13 7 15 Information o[...]

  • Page 233

    C LASS OF S ER VICE C ONFIGURATION 3-179 Mapp in g Lay er 3/ 4 Pr ior iti es to C oS V alu es This sw itch suppor ts se veral common methods o f prioritizin g layer 3/4 traffic to meet application re quirements . T r affic priorities can be specifie d in the IP he ader of a frame, usin g the prio rity bits in the T ype of Ser v ice (T o S) octe t o[...]

  • Page 234

    C ONFIGURING THE S WI TC H 3-180 CLI – The follow ing examp le enable s IP Preced ence service on the switch. Console(config)#map ip precedence 3-8 8 Console(config)#[...]

  • Page 235

    C LASS OF S ER VICE C ONFIGURATION 3-181 Mapping IP Precedence The T ype of Service (T oS) octet i n the IP v4 header inc ludes thr ee preceden ce bit s defini ng eight differe nt prio rity lev els ranging from hi ghest prior ity for netw ork cont rol pac kets to l ow est prio rity fo r routine traffi c. The default IP Preceden ce v alues are ma pp[...]

  • Page 236

    C ONFIGURING THE S WI TC H 3-182 We b – Clic k Priorit y , IP Preceden ce Priority . Select an entry from the IP Preceden ce Priorit y T able , ente r a va lue in the Clas s of Service V alue field, and then click A pply . CLI – The follow ing examp le glob ally enabl es IP Prece dence service on the sw itch, m aps IP P recedence v alue 1 to Co[...]

  • Page 237

    C LASS OF S ER VICE C ONFIGURATION 3-183 Mapping DSCP Priority The DSCP is six bits wide, allo w ing coding fo r up to 64 different forwardi ng behavior s . T he DSCP repl ace s the T oS bits, but it retains backward compatibility with the three precedence bi ts so that non -DSCP compliant, T oS-enable d devic es , will n ot conf lict with t he DSC[...]

  • Page 238

    C ONFIGURING THE S WI TC H 3-184 CLI – T he following example glo bally enables DSCP Priority se r vice on the switch , maps DS CP value 0 to CoS value 1 (o n por t 1), and then displays the DSCP Priority setting s . * Mapping s pecific values f or IP DSCP is impl emented as an inte rface configuration command, but any changes will appl y to the [...]

  • Page 239

    C LASS OF S ER VICE C ONFIGURATION 3-185 Map ping IP Port Pr iorit y Y ou can also map network ap plicatio ns to C lass of Se r v ice values base d on the IP por t number (i.e., TCP/UDP por t number ) in the frame header. Some of the more common TCP s er vice ports inc lude: HTTP : 80, FTP: 21, T elnet: 23 and POP3: 110. Command Attributes • IP P[...]

  • Page 240

    C ONFIGURING THE S WI TC H 3-186 * Mapping s pecific values f or IP Port Priority is implemented as an interface configurat ion command, but any changes will appl y to the all interfaces on the switch. CLI – T he following example glo bally enables IP P ort Priority ser vice on the switch , maps HTTP traffic (on p or t 1) to CoS value 0, and then[...]

  • Page 241

    C LASS OF S ER VICE C ONFIGURATION 3-187 queue; it is not writte n to the packet itself. F or infor mation on mapp ing the CoS valu es to output queues , see page 3-174. Command Usage Y ou must co nfigure an A CL mask before yo u can map CoS value s to the rul e . Command Attributes • Port – Port id entifier. •N a m e * – Name of ACL. • T[...]

  • Page 242

    C ONFIGURING THE S WI TC H 3-188 CLI – This exampl e assign s a CoS v alue of zero to pack ets m atchi ng rules within the sp ecified ACL on port 1 . Chan ging P rior ities Base d on ACL Rule s Y ou can chan ge traffic prio rities for frames mat ching t he defined A CL r ule. (This feature is comm only refer red to as A CL packet marking .) Th is[...]

  • Page 243

    C LASS OF S ER VICE C ONFIGURATION 3-189 Command Attributes • Port – Port id entifier. •N a m e * – Name of ACL. • Type – Ty pe of ACL (IP or M AC). • Precedence – IP Prece dence va lue. (Range: 0-7) • DSCP – Differen tiated Se rvices Code Point value. (Range: 0-63) • 802.1p Priority – Class of Servic e value in the IEEE 802[...]

  • Page 244

    C ONFIGURING THE S WI TC H 3-190 CLI – This example c hang es th e DSCP prio rity fo r pack ets matc hing an IP A CL r ule, and the 802.1p priority for pack ets matching a MA C A CL rul e . Mult ica st F ilt eri ng Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio . A multicast ser ver does no t[...]

  • Page 245

    M ULTICAST F ILTE RING 3-191 continue to receive the multicast ser vice. This proc edure is called multicast filtering . The pu rpose of IP multicast filtering is to op timize a switched ne twork’ s perfor manc e, so multicast packets will only be forwarded to those ports conta ining multica st g rou p hosts or multicast route rs/swit ches , inst[...]

  • Page 246

    C ONFIGURING THE S WI TC H 3-192 Note that IGMP neit her alters nor routes IP multicast packets . A multicast routing protoco l must be used to deliver IP mu lticast packets across differe nt subn etwo rks . Therefore , when D VMRP or PIM routing is enabled f or a su bnet on t his swit ch, y ou also need to enable IG MP . Layer 2 IGMP (Snooping and[...]

  • Page 247

    M ULTICAST F ILTE RING 3-193 IGMP Query (Lay er 2 or 3) – I GMP Query can only be en abled glo bally a t Layer 2, but ca n be enabled for indi vidual VLAN interfac es at La yer 3 (page 3-200). H owe ver , note that Laye r 2 quer y is disabled if La yer 3 query is enabled. Confi guring IGMP Sn ooping an d Query Paramet ers Y ou can configure the s[...]

  • Page 248

    C ONFIGURING THE S WI TC H 3-194 is also referr ed to as IGM P Snooping. (D efault: Enab led) • Act as I GM P Qu erie r — When enabl ed, the s witch can s erve as t he Querier , which is r espon sible f or askin g host s if they want to recei ve multicast traffic. (Default: Disable d) • IGMP Query Count — Sets the maximum number of queries [...]

  • Page 249

    M ULTICAST F ILTE RING 3-195 CLI – T his example modifies th e settings for multicast filtering, and then disp lays t he current status . Displaying Inte rfaces Attach ed to a Multicast Ro uter Multi cast rout ers th at are att ached to ports on the swit ch us e infor matio n obtained from IGM P , along with a multicast routing protoc ol such as [...]

  • Page 250

    C ONFIGURING THE S WI TC H 3-196 Y ou can use the Mult icast R outer P or t Information page t o displ ay the ports on this switch attached to a neighbo ring multicast router/switch for eac h VL AN ID . Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Multicast Router List – Multic ast routers dyn amically disc overed by thi[...]

  • Page 251

    M ULTICAST F ILTE RING 3-197 interface ( port or tr unk) on yo ur switc h, yo u can man ually configure the interface (and a specified VLAN) t o join all the cur rent multicast gro ups suppor te d by the at tached rout er. This can e nsure th at multicast tr affic is passed to all the appropriate int erfaces within the sw itch. Command Attributes ?[...]

  • Page 252

    C ONFIGURING THE S WI TC H 3-198 Displaying Port Members of Multi cast Services Y ou can disp lay th e port members as sociated wi th a spec ified VLA N and multicast ser vi ce. Command Attribute • VLAN I D – Selects th e VLAN for which to display port members. • Multicast IP Address – The IP address fo r a specif ic mul ticast servic e. ?[...]

  • Page 253

    M ULTICAST F ILTE RING 3-199 The T y pe field sh ows if this entr y was lear ned dyn amically or was statically config ured. Assigning Ports to Multicast Servi ces Multicast filte ring can be dyn amically configured using IGMP Snoo ping and IG MP Que r y me ssag es as de scri bed in “Con figur ing IGM P Sno oping and Query Parameter s” on page [...]

  • Page 254

    C ONFIGURING THE S WI TC H 3-200 multicast rout er), indicat e the VL AN that wil l propag at e the multic ast ser vice, specify the multicast IP address , and click Add. After you ha ve completed adding po rts to the member list, click Apply . CLI – This example assigns a mult icast address to VLAN 1, and th en displays all the known multicast s[...]

  • Page 255

    M ULTICAST F ILTE RING 3-201 Layer 3 IGMP – T his prot ocol inc ludes a for m of multicast quer y sp ecifically designed to work with multicas t routing . A router periodically ask s its hosts if they wa nt to receive multicast traffi c. It then propagat es service req uests on to an y upstream multicast router to ensure th at it will continue to[...]

  • Page 256

    C ONFIGURING THE S WI TC H 3-202 (Range: 1-4094) • IGMP Proto col Status (Admin Status) – Enables IGM P on a VLAN inte rface . (Defa ult: Dis able d) • Last Member Query Interval – A multicast client sends an IGMP leav e message whe n it lea ves a group. The route r then chec ks to see if this was the last host in th e group by sending an I[...]

  • Page 257

    M ULTICAST F ILTE RING 3-203 specific multicast se rvice. Only the designated multicast route r for a subnet sends host query messages , which are addressed to the multicast address 224.0.0. 1. - For IGM P Version 1, the designated ro uter is electe d accordin g to the mult icast ro utin g protoc ol tha t runs on the LA N. But for IGMP Version 2, t[...]

  • Page 258

    C ONFIGURING THE S WI TC H 3-204 We b – Clic k IP , IGMP , Interface Set tings . Specify eac h inte rface that w ill suppo r t IGMP ( Layer 3), speci fy the I GMP par ameters for eac h interfac e, then cl ick Appl y . CLI – This example c onfigures the IGMP parameters for VLAN 1. Console(config)#interface vlan 1 3-57 Console(config-if)#ip igmp [...]

  • Page 259

    M ULTICAST F ILTE RING 3-205 Displaying Multicast Gro up Informati on When IGMP ( Layer 3) is enab led on th is switc h the current m ulticas t g roups le ar ned v ia IGMP c an be di splayed in th e IP/I GMP/Gr oup Information page. When IGMP (La yer 3) i s disabl ed and IGMP ( Layer 2) is enabled, you can view the activ e multicast group s in the [...]

  • Page 260

    C ONFIGURING THE S WI TC H 3-206 CLI – The follo wing s hows t he IGMP groups currently act iv e on VL AN 1. Configu ring Do main Name Servi ce The Domain Naming Syst em (DNS) ser vic e on this switch allows host names t o be mappe d to IP a ddresse s usi ng static table entr ies or by redirec tion to othe r name se r vers on the net work. Whe n [...]

  • Page 261

    C ONFIGURING D OMAIN N AME S ER VICE 3-207 DNS client (i. e., not for ma tted wi th dot ted nota tion), you can sp eci fy a default domain name or a list of domain names to be tried in sequential order . • If ther e is no do main lis t, the d efault d omain name is used. If there is a domain list, the default domain name is n ot used. • When an[...]

  • Page 262

    C ONFIGURING THE S WI TC H 3-208 We b – Select DNS, General Configuration. Set the default domain na me or lis t of domai n names , specify on e or more n ame ser v ers to use to use for addre ss resolution , enable doma in lookup status , and click Apply .[...]

  • Page 263

    C ONFIGURING D OMAIN N AME S ER VICE 3-209 CLI - T his example se ts a default domain name and a domain list. Howev er, r emember th at if a domain list is specified , the default domain name is not u sed. Configuring Stat ic DNS Host t o Address Entr ies Y ou can manually configure static entries in the DNS table that are used to map domain names [...]

  • Page 264

    C ONFIGURING THE S WI TC H 3-210 • Alias – Displa ys th e host nam es that are mappe d to the s ame address (es) as a previousl y configur ed entry. We b – Select DNS , Static Host T able. Enter a host name and one or more correspondin g addresses , then clic k Apply .[...]

  • Page 265

    C ONFIGURING D OMAIN N AME S ER VICE 3-211 CLI - T his examp le maps tw o address to a h ost name , and then co nfigures an alias ho st name fo r the same addres ses. Console(config)#ip host rd5 192.168.1.55 10.1.0.55 3-177 Console(config)#ip host rd6 10.1.0.55 Console#show host 3-183 Hostname rd5 Inet address 10.1.0.55 192.168.1.55 Alias 1.rd6[...]

  • Page 266

    C ONFIGURING THE S WI TC H 3-212 Displaying the DNS Cache Y ou can disp lay e ntries in the DNS c ache t hat hav e been learned via the desi gnated name ser vers . Field Attributes •N o – The entry n umber for eac h resourc e recor d. • Flag – The fl ag is alway s “4” indi cating a c ache entr y and theref ore unreliable. • Type – T[...]

  • Page 267

    D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-213 CLI - T his exa mple disp lays al l the resou rce record s learned fro m the desi gnated name ser vers . Dynamic Host Co nfigurati on Protoco l Dynamic Ho st Configu ration P rotocol (DH CP) ca n dynamic ally alloca te an IP address an d othe r configura tion in formation to ne tw ork clients when [...]

  • Page 268

    C ONFIGURING THE S WI TC H 3-214 Configuring DH CP Relay Service This sw itch suppo rt s DHCP relay ser vice for attac hed ho st devices . If DHCP relay is enabled, and this switch sees a DHCP reque st bro adcast, it inser ts its own IP addres s into th e requ est so that the DHCP ser ver will know the subnet where th e client is loca ted. Then, th[...]

  • Page 269

    D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-215 We b – Click DHCP , Relay Configuration. Enter up to five IP addresses for any VLAN, then click Restar t DHCP Relay to star t the re lay ser vic e. CLI – This example s pecifies one DHCP rel ay server for VLAN 1, and enabl es the r elay ser vice. Configuring th e DHCP Server This sw itch includ[...]

  • Page 270

    C ONFIGURING THE S WI TC H 3-216 be ass igned to hosts based o n the cli ent iden tifier code or MA C address . Command Usage • First configure any exclu ded addres ses, in cluding the addre ss for t his switch. • Then conf igure addres s pools for the netw ork in terfac es. You can confi gure up to 8 net work addr ess pools . You can also manu[...]

  • Page 271

    D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-217 We b – Click DHCP , Ser v er, General. Ent er a single address or an address range , and clic k Add. CLI – This example e nables t he DHCP and sets an ex cluded addr ess range. Confi guring Ad dress Poo ls Y ou must confi gure IP a ddress p ools for eac h IP int erface that wi ll pro vide addre[...]

  • Page 272

    C ONFIGURING THE S WI TC H 3-218 address pool mat ching th e gateway where the request or iginat ed (i.e., i f the reques t was forwar ded by a re lay server). If the re is no gatew ay in the cl ient req uest (i.e ., the req uest wa s not for warde d by a relay server ), the switc h search es for a network poo l matchin g the inter face thro ugh wh[...]

  • Page 273

    D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-219 • Subnet Mask – Specif ies the netwo rk mask of th e client. • Hardware Address – Specifie s the MAC addr ess and protoco l used on the client. (Options: Ethernet, IEEE802, FDDI; Default: Ether net) • Client-Identifier – A un ique des ignation fo r the c lient d evice, ei ther a text st[...]

  • Page 274

    C ONFIGURING THE S WI TC H 3-220 Examples Crea ting a New A ddr ess Pool We b – Click DHCP , Ser ver , P ool Co nfiguration. Spec ify a pool name, then click Add. CLI – This example a dds an add ress po ol and enters DHCP p ool config urati on mode . Console(config)#ip dhcp pool mgr 3-162 Console(config-dhcp)#[...]

  • Page 275

    D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-221 Configuring a Network Address Pool We b – Click DHCP , Ser ver , P ool Conf iguration. Clic k th e Configure button for any ent r y . Click the radio button fo r “Net work. ” Enter th e IP address and subnet mask fo r the netw ork pool. Co nfigure th e option al parameter s suc h as gatewa y [...]

  • Page 276

    C ONFIGURING THE S WI TC H 3-222 Configuring a Ho st Addr ess Pool We b – Click DHCP , Ser ver , P ool Conf iguration. Clic k th e Configure button for any ent r y . C lick the radio button fo r “Host.” Enter the IP address , subnet mask, and hardw are addres s for the c lient device . Configu re the o ption al paramete rs such a s g ateway s[...]

  • Page 277

    D YNAMIC H OST C ONFIGURATION P RO T O C O L 3-223 CLI – This example configures a host ad dress pool. Displaying Address Binding s Y ou can disp lay th e host devices whic h hav e acquired an IP addr ess fr om this switch’ s DHCP ser v er. Command Attributes • IP Address – IP addre ss ass igned to host. • Mac Address – MAC ad dress of [...]

  • Page 278

    C ONFIGURING THE S WI TC H 3-224 We b – Click DHCP , Ser ver , IP Bin ding . Y ou may use the Delete button to clear an ad dress fro m the DHCP server’ s databa se. CLI – T his examp le disp lays the cu rr ent bindin g, and th en clea rs all automatic binding . Console#show ip dhcp binding 3-175 IP MAC Lease Time Start --------------- -------[...]

  • Page 279

    C ONFIGURING R OUTER R EDUNDA NCY 3-225 Configur ing Router Re dund ancy R outer redu ndancy pr otocols use a virtual IP address to support a primary router a nd mu ltiple ba ckup routers . The backup r outers ca n be confi gured to tak e o ver the w o rkload if the master rou ter fails , or can a lso be confi gured to share th e traffic loa d. The[...]

  • Page 280

    C ONFIGURING THE S WI TC H 3-226 • Several virtual master rou ters using th e same s et of ba ckup route rs. • Several virt ual mast er route rs config ured for mut ual backup an d load sharing. Load sh aring can be accomplishe d by assigning a subset of addres ses t o differ ent hos t addre ss poo ls using th e DHC P serv er. (See “Configuri[...]

  • Page 281

    C ONFIGURING R OUTER R EDUNDA NCY 3-227 Confi guring VRRP Gr oups T o configure VRRP , select an i nterfac e on one rou ter in th e group to ser ve as the ma ster virtual router . This phys ical interfac e is used a s the virtual address fo r the router group . Now se t the same virtual address and a priorit y on the backup r out ers, and config ur[...]

  • Page 282

    C ONFIGURING THE S WI TC H 3-228 fails. However, bec ause the pr iority of the virtual I P address Ow ner is the highe st, th e original ma ster rout er wi ll always become the active master ro uter wh en it reco vers. • If two or mor e routers are configure d with the sa me VRRP prior ity, the router wit h the high er IP address is elected as th[...]

  • Page 283

    C ONFIGURING R OUTER R EDUNDA NCY 3-229 • Preemption – Shows if this route r is allowed to preemp t the acting master. •P r i o r i t y – Prior ity of this ro uter in the VRRP gro up. • AuthType – Authenticati on mode used to veri fy VRRP packets from othe r ro uter s.[...]

  • Page 284

    C ONFIGURING THE S WI TC H 3-230 Command Attributes ( VRRP Group C onfiguration Detail ) • Associated IP Table – IP interfaces associated w ith this virtual router group . • Associated IP – IP address of the virtual router, o r secondary IP addresses assigned t o the current VLAN interfac e that are s upported by this VRRP grou p. If this a[...]

  • Page 285

    C ONFIGURING R OUTER R EDUNDA NCY 3-231 - The pr iority for th e VRRP gr oup addr ess o wner is aut omati cally set to 255. - The priorit y for bac kup router s is used to determine which ro uter will t ake over as the ac ting mas ter router if the c urrent m aster fai ls. • Authentication Type – Auth entica tio n mode u sed to v erif y VRRP pa[...]

  • Page 286

    C ONFIGURING THE S WI TC H 3-232 We b – Click IP , VRR P , Group Config uration. Selec t the VLAN ID , e nter the V RID g ro up numb er, and click Add. Clic k the E dit butt on for a g roup en tr y to op en the detailed configurat ion windo w . Enter the IP addres s of a real inte rface on this ro uter to mak e it the ma ster vir tua l rou ter fo[...]

  • Page 287

    C ONFIGURING R OUTER R EDUNDA NCY 3-233 IP addres s into the Asso ciated IP T able. Then s et any of the other parame ters as re quir ed, a nd cl ick Apply . CLI – This ex ample cr eate s VRRP g roup 1, sets this switc h as th e master vir tual rou ter by assigning the prim ar y inter face addre ss for the selecte d VLAN to the vir tual IP addres[...]

  • Page 288

    C ONFIGURING THE S WI TC H 3-234 VRRP g roup , sets all of the other VRRP parameter s , and then displays the configured settings. Displaying VRRP Global Statistics The VRRP Global Statis tics page dis pla ys counters for errors foun d in VRRP pr otoc ol pa ckets. Field Attributes • VRR P Pac kets wi th Inv alid Chec ksu m – The tota l number o[...]

  • Page 289

    C ONFIGURING R OUTER R EDUNDA NCY 3-235 We b – Click IP , VRR P , Global Statis tics . CLI – Thi s example di splays counters fo r protocol er ror s for all the VRRP g roups configured on this switch. Displaying VRRP Gr oup Statisti cs Th e VRR P Grou p Statis tics p age display s coun ters for VRR P prot ocol ev ents and e rrors that ha ve occ[...]

  • Page 290

    C ONFIGURING THE S WI TC H 3-236 not pass the authentication check. • Error IP T TL Pack ets – Number of V RRP packets receive d by the virtual rou ter with IP TT L (Time-To-Live) not equal to 255 . • Receiv ed Priori ty 0 Pack ets – Number of V RRP packets re ceived by the virtual router with priority set to 0. • Error Packet Le ngth Pa [...]

  • Page 291

    C ONFIGURING R OUTER R EDUNDA NCY 3-237 We b – Click IP , VRR P , Group Statistics. Se lect the VLAN and vir tual router group . CLI – This example displays VRRP protocol statistics for gr oup 1, VLAN 1. Hot Standby Router Pro tocol Hot Stan dby R outer Protoc ol (HSRP) allows you to confi gure a group of routers as a single virtual router . Th[...]

  • Page 292

    C ONFIGURING THE S WI TC H 3-238 Confi guring HSRP Gr oups T o configure HSRP , assign the s ame virtual router a ddress t o each router in the g roup . Set the hi ghest vir tual ro uter priority on the router that will serve as the master . Enable th e preempt feature to allo w a route r to tak e ov er as the master when it comes on l ine (if i t [...]

  • Page 293

    C ONFIGURING R OUTER R EDUNDA NCY 3-239 for HSRP such as authent ication, t racking, or a dvertisement in terval, then fir st conf igure the se parame ters be fore enabli ng HSRP. • HSR P cre ates a virt ual M AC add res s for th e mas ter r outer based on a standar d prefix , with th e last oc tet eq ual to th e group ID. When a backup rou ter t[...]

  • Page 294

    C ONFIGURING THE S WI TC H 3-240 sends other mes sages i ndicati ng th at it is n o longer acting as the des ignat ed ro ute r. • You c an add a del ay to t he preem pt funct ion to g ive a ddition al time to receive an advertis ement mess age from th e current master b efore taking con trol. If th e route r attemp ting to be come t he mast er ha[...]

  • Page 295

    C ONFIGURING R OUTER R EDUNDA NCY 3-241 - HSRP advert isements fro m the ma ster and s tandby virtual router include information about their pr iority, timer values, and current state a s the master or stan dby rout er. - Route rs on which the timer settin gs hav e not been con figured can learn t he current ti mer value s from the master or standb[...]

  • Page 296

    C ONFIGURING THE S WI TC H 3-242 to th e string configur ed on this rout er. If t he str ings mat ch, the message is accept ed. Otherwi se, the packet i s discarde d. - Plain te xt authen ticatio n does n ot provid e any r eal secu rity. It is suppor ted on ly to pr event a misco nfigur ed ro uter f rom participating in HSRP. • Virtual IP – IP [...]

  • Page 297

    C ONFIGURING R OUTER R EDUNDA NCY 3-243 Clic k the E dit butt on for a g roup en tr y to op en the detailed configurat ion window . Se t the values for the a dvertisem ent int er val, pr eemptio n, priori ty , and aut henticat ion as requ ired. E nter the vi rtual IP addr ess for the group . Y ou can also enter secondar y I P addresses that will be[...]

  • Page 298

    C ONFIGURING THE S WI TC H 3-244 the cor respo nding value b y which to ad just the pr iority wh en the inte rface state cha ng es. Then c lick App ly .[...]

  • Page 299

    C ONFIGURING R OUTER R EDUNDA NCY 3-245 CLI – This example crea tes HSRP g roup 1, se ts the vir tual ro uter’ s address, adds a secondar y IP addr ess to the g rou p , speci fies an interf ace fo r tracking , sets all the other HSRP paramete rs, and then displ ays the configured settings . Console(config)#interface vlan 1 3-57 Console(config-i[...]

  • Page 300

    C ONFIGURING THE S WI TC H 3-246 IP Routing Overview This sw itch suppor ts IP routi ng and routing path manag ement via st atic routing definitions (page 3-269) and dynamic routing such as RIP (page 3-273) or OSPF (pag e 3-285). When IP routing is enabled (page 3-274), this switch acts as a wire-s peed r outer, passing t raffic between VLANs us in[...]

  • Page 301

    IP R OUTING 3-247 IP Switch ing IP Swi tching (or pa cket forward ing) en compa sses tas ks requ ired t o forw ard pack ets for both La yer 2 and Layer 3, as well as tradition al routing . These functio ns include : • Lay er 2 for wardin g (sw itchi ng) b ased on th e Lay er 2 dest inatio n MA C address • Layer 3 forwarding (rou ting): - Bas ed[...]

  • Page 302

    C ONFIGURING THE S WI TC H 3-248 Howev er, if the MA C addr ess is not yet kn own to the sw itch, an Ad dress Resolution Protoc ol (ARP ) pa cket with the destina tion I P add ress is broadc ast to g et th e dest ination MAC address from th e destin ation no de. The IP pac ket can th en be se nt dir ectly w ith the d estinat ion MA C addr ess . If [...]

  • Page 303

    IP R OUTING 3-249 calcul ated onl y during setup . Once the route ha s been de termined, all pack ets in the c urrent f lo w are simpl y switc h ed or forwar ded across the chosen path . Th is takes a dvantag e of th e high throug hput and low latency of swit ching by en abling the traf fic to b ypass th e routing en gine onc e the path ca lcula ti[...]

  • Page 304

    C ONFIGURING THE S WI TC H 3-250 OSPFv2 Dynamic Routin g Pro tocol OSPF ov ercomes all the problems of RIP . It uses a link s tate routing protoc ol to g en erate a shor tes t-pat h tree, then builds u p its rout ing ta ble based o n thi s tree . OS PF produces a more st able ne tw ork bec ause the part icipating routers ac t on network changes pre[...]

  • Page 305

    IP R OUTING 3-251 - This command affects both static and dyna mic unicas t routing. - If IP routin g is en abled, all IP packets are rout ed usin g eit her stati c routing or dynami c routin g via R IP or OSPF, and other p ackets for all non- IP prot ocols (e.g. , Net Buei, Ne tWare or AppleT alk) are switc hed ba sed on MAC add resse s. If IP rout[...]

  • Page 306

    C ONFIGURING THE S WI TC H 3-252 Configuring I P Routing Interfaces Y ou can spec ify the I P subnet s conne cted to th is rou ter b y man ually assig ning an I P address to each VLA N , or by usin g the RIP or O SPF dyna mic rout ing prot ocol to identif y routes that le ad to other i nterfaces by exc hangin g pro tocol messag es with othe r ro ut[...]

  • Page 307

    IP R OUTING 3-253 - If DHCP/BOOTP is enabled, IP will not function until a reply has been received from th e address server. Re quests will be broadc ast p eriodic ally by the route r for an IP addr ess. ( DHCP/ BOOTP values in clude the IP address an d subnet mas k.) • IP Address – A ddress o f the VLAN i nter face. Valid IP add resse s consis[...]

  • Page 308

    C ONFIGURING THE S WI TC H 3-254 We b - Click IP , General, Routing Interface. Specif y an IP i nter fac e for ea ch VLAN that will supp or t routing to oth er subnets. Fir st specify a primar y address , and cli ck Set I P Configur ation. I f you n eed to assi gn second ary addresses , enter these add resses on e at a time, and click Set IP Config[...]

  • Page 309

    IP R OUTING 3-255 Address Resolution Protocol If IP routing is enabled (page 3-250), th e router uses its routing tables to make rout ing deci sions, and us es Addr ess Resolutio n Prot ocol ( ARP) to forw ard traffi c from one hop to the next . ARP is us ed to map an IP address t o a phy sical layer (i.e ., MA C) address . W hen an IP frame is rec[...]

  • Page 310

    C ONFIGURING THE S WI TC H 3-256 Proxy ARP When a no de in the attac hed subnet work d oes not h av e routin g or a default g ate way configured, Pro xy ARP can be used to forw ard ARP requests to a re mote subnetw ork. When th e router re ceiv es an ARP re quest for a remote network and Proxy ARP is enabled, it deter m ines if it has t he best ro [...]

  • Page 311

    IP R OUTING 3-257 Command Attributes • Timeout – Sets the aging tim e for dynami c entries i n the ARP cache. (Range: 300 - 86400 seconds; Default: 1200 seconds o r 20 minutes) • Proxy ARP – Enables or disabl es Prox y ARP for s pecified VLAN interfaces. We b - Click IP , AR P , Gen eral. Set th e timeou t to a suitable value for the ARP ca[...]

  • Page 312

    C ONFIGURING THE S WI TC H 3-258 can onl y remo ve a static ent r y via th e configur ation i nterface . Command Attributes • IP Address – IP ad dre ss st at ical ly ma pped to a ph ysi cal MA C add res s. (Valid IP addresses consist of four numbers, 0 to 255, separated by period s.) • MAC Address – MAC addre ss stati cally map ped to the c[...]

  • Page 313

    IP R OUTING 3-259 Command Attributes • IP Address – I P address of a dynami c entry in t he cache. • MAC Address – MAC a ddress ma pped to th e corresp onding I P address. • Interface – VLA N interface as sociated with th e address en try. • Dynamic to Static * – Chan ges a s elected dyn amic entry t o a static entry. • Clear Al l[...]

  • Page 314

    C ONFIGURING THE S WI TC H 3-260 CLI - This example shows all entries in t he ARP cache. Displaying Local ARP Entries The ARP ca che als o contai ns entri es for local i nterfaces , includin g subnet , host , and broadcas t addr esses . Command Attributes • IP Address – I P address of a loca l entry i n the c ache. • MAC Address – MAC a ddr[...]

  • Page 315

    IP R OUTING 3-261 We b - Clic k IP , ARP , Other Addresses . CLI - This router uses the T y pe specification “ other” to indicate local cac he entr ies in th e ARP cac he. Displaying ARP Statisti cs Y ou can disp lay s tatisti cs for ARP messages cro ssing all interfac es on th is router . St atistical V a lues Console#show arp 3-124 Arp cache [...]

  • Page 316

    C ONFIGURING THE S WI TC H 3-262 We b - Cl ic k IP , A RP , Sta tist ics . CLI - This exampl e pro vides detai led sta tistic s on commo n IP-relat ed protoc ols. Sent Request Number of ARP Reques t packets sent by the rou ter. Sent Reply Number of ARP Reply pa ckets sent by the route r. Console#show ip traffic 3-130 IP statistics: Rcvd: 5 total, 5[...]

  • Page 317

    IP R OUTING 3-263 Displaying Statistics for IP Protocols IP Statis tics The I nter ne t Protoc ol (IP) pr ovides a me chanism for tr ansmittin g blocks of da ta (often called pack ets or f rames) f rom a so urce to a destinat ion, where t hese netw ork devices (i .e ., hosts) are ide ntified b y fix ed lengt h addresses . The Internet Protocol also[...]

  • Page 318

    C ONFIGURING THE S WI TC H 3-264 Datagra ms Faili ng Fragmentat ion The number of datag rams that hav e been discarded because they needed to be fragmented at this entity but could not be, e.g., becaus e their “Don't Fragmen t” flag was set. Received Header Errors The number of input datagrams dis carded due to errors in their IP headers, [...]

  • Page 319

    IP R OUTING 3-265 We b - Cl ic k IP , St atis tic s , I P . CLI - See the example o n pag e 3-261. ICMP Sta tistics Inter n et Con trol Messag e Proto col ( ICMP) is a network laye r prot ocol that transm its me ssage pac kets to report errors in p rocess ing IP pac kets . ICMP is ther efore a n integral part of t he Int er net Pr otocol. ICMP mess[...]

  • Page 320

    C ONFIGURING THE S WI TC H 3-266 Destinat ion Unreachable The num ber of ICMP Des tination Unreachable messages received/sen t. Time Exceeded The num ber of ICMP Time Exceed ed messag es received / sent. Parameter Problem s The number of IC MP Parameter Probl em messages received/sen t. Source Quenches The number of ICMP Source Quench mess ages rec[...]

  • Page 321

    IP R OUTING 3-267 We b - Cl ic k IP , St atis tic s , I CMP . CLI - See the example o n pag e 3-261. UDP Statistics User Da tagram Protoc ol (UD P) pro vides a datagram mode o f packet- switche d co mmunic atio ns. It uses IP as the und erl ying tr ans por t mechanism, providing access to IP -like serv ices . UDP packets are delivere d jus t like I[...]

  • Page 322

    C ONFIGURING THE S WI TC H 3-268 We b - Cl ic k IP , St atis tic s , UD P . CLI - See the example o n pag e 3-261. TCP Statistics The T ransmission Control Protocol (T CP) provides highly reliable host -to- host co nnectio ns in pack et-switc hed ne tw orks , and i s used in conju nction w ith I P to sup port a wide varie ty of Internet pr otocol s[...]

  • Page 323

    IP R OUTING 3-269 We b - Cl ic k IP , St atis tic s , T CP . CLI - See the example o n pag e 3-261. Configuring Stat ic Routes This router c an dynam ically con figure routes to other netw ork segm ents using d ynami c routi ng pr otocols (i.e ., RIP or OSP F). Ho wever , you can also manually enter static routes in the routing table. Static routes[...]

  • Page 324

    C ONFIGURING THE S WI TC H 3-270 require d to acces s netw ork segmen ts where d ynamic routing is not suppor te d, or ca n be se t to force th e use of a specific route to a subne t, rather than using dynamic routing . Static routes do not automatically chang e in res ponse to chang es in network to polog y , so you should only configure a small n[...]

  • Page 325

    IP R OUTING 3-271 We b - Click IP , Routing, Static Ro utes . CLI - This example forwards all tra ffic for subnet 192.168.1.0 to the router 192.168.5.254, using the default metric of 1. Displaying the Routing Table Y ou can disp lay a ll the r outes that ca n be a ccessed via the local netw ork interfaces , via static routes , or via a dynamically [...]

  • Page 326

    C ONFIGURING THE S WI TC H 3-272 • Netmask – Network mask fo r the asso ciated IP s ubnet. This mask ident ifies the host ad dress bit s used for r outing t o specifi c subn ets. • Next Hop – The IP addres s of th e next hop (or gate way) in t his r oute. • Protocol – The protoc ol which generat ed thi s route informat ion. (Options : l[...]

  • Page 327

    IP R OUTING 3-273 Configuring th e Routing Infor mation Protocol Th e RIP pr otoc ol is the mos t wi dely us ed rou ting p rotoco l. Th e RIP protoc ol us es a d istan ce-vect or-base d appr oach to routin g . Routes are deter mine d on the b asis o f minimiz ing th e dist anc e vector, or hop c ount , which s er ves as a rough est imate of trans m[...]

  • Page 328

    C ONFIGURING THE S WI TC H 3-274 • Th ere a re several ser ious pr oblems w ith RIP that you sh ould co nside r . First of all, RIP ( vers ion 1) has no kno wledge of subn ets , both RIP versions can t ake a lon g time to co nverge o n a new rou te af ter the failu re of a li nk or router duri ng whic h time routing loops m ay oc cur , and its sm[...]

  • Page 329

    IP R OUTING 3-275 - The tim ers must be set to th e same valu es for all rou ters in th e networ k. Command Attributes Global Settings • RIP Routing Process – Enables RIP routing for all IP interface s on the rout er . (Defaul t: Disabl ed) • Glo bal R IP V ersio n – Specifie s a RIP version used globally by the router . (Defa ult: R IP V e[...]

  • Page 330

    C ONFIGURING THE S WI TC H 3-276 We b - Click Routing Prot ocol , RIP , Gene ral Sett ings. Enable or di sable RIP , set the RIP version used on p reviously unset inte rfaces to R IPv1 or RIPv2, se t the bas ic update timer, a nd then click A pply. CLI - T his exampl e sets the rout er to use RIP V ersion 2, and sets the basic timer to 15 seco nds.[...]

  • Page 331

    IP R OUTING 3-277 0 - 127 is class A, an d only the first field in the network address is used. 128 - 19 is class B, and the first two fields in the network address are used. 192 - 223 is class C, and th e first three fields in th e network address are used. Command Attributes • Subnet Address – IP ad dress of a ne twork dir ectly conn ect ed t[...]

  • Page 332

    C ONFIGURING THE S WI TC H 3-278 messag e type sent (i.e., RIP version o r comp atibility mode), the m ethod fo r preventing loopba ck of pro toco l messa ges, and w heth er or no t auth entica tion i s used (i.e ., authe nticat ion on ly app lies i f RIPv 2 mess ages are being sent or r eceiv ed). Command Usage Speci fyin g Rece iv e and Send Pr o[...]

  • Page 333

    IP R OUTING 3-279 retr ansmissi on of data tr affic . When protocol pack ets are caught in a loop , links will be co nges ted, and protocol packets may be los t. Howev er, the network will slowly conv erge t o the new state. RIP utilizes the following three m ethods t hat can provi de faste r conv ergence when the n etw ork topolo g y chan ges and [...]

  • Page 334

    C ONFIGURING THE S WI TC H 3-280 • Send Version – The RIP versio n to send on an interf ace. - RIPv1 : Sends on ly RIPv1 pack ets . - RIPv2 : Sends onl y RIPv2 packet s. - RIPv1 Compati ble : Route infor mation is broad cast to othe r routers w ith RIPv2. (D efault) - Do Not Send : Does no t transmit RI P update s . (The default depends on the [...]

  • Page 335

    IP R OUTING 3-281 We b - Clic k R outing Protocol, RIP , Inter face Settin gs . Select the RIP protocol messag e types that will be receiv ed and sent, t he method used to provide faster convergence and p revent loopback (i.e., prevent instability in the net work topolog y), and th e auth entica tion op tion and c or res ponding passw o rd. Then cl[...]

  • Page 336

    C ONFIGURING THE S WI TC H 3-282 RIP Informati on and St atistics Parameter Description Globals RIP Routing Proc ess Indicates if R IP has been enabl ed or disabl ed. Update Time in Second s The interval at which RIP advertises known route information. (Defa ult: 30 seconds) Number of Route Cha nges Number of times routing informatio n has changed [...]

  • Page 337

    IP R OUTING 3-283 We b - Click Routing Prot ocol , RIP , S tatistic s .[...]

  • Page 338

    C ONFIGURING THE S WI TC H 3-284 CLI - The infor mation dis played by the RI P Statistics screen via the web inte rface can b e accessed fro m the C LI using the foll owing command s. Console#show rip globals 3-142 RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration 3-143 [...]

  • Page 339

    IP R OUTING 3-285 Configuring th e Open Shortest Path F irst Protocol Open Sho r test P ath Firs t (OSPF) is more s uited for large area netw orks which experience frequent changes in th e links . It also handle s subnets much better than RIP . OSPF prot ocol actively tests th e sta tus of each lin k to its neig hbor s to ge nera te a sho r test pa[...]

  • Page 340

    C ONFIGURING THE S WI TC H 3-286 Command Usage • OSPF looks at more than just the simp le hop count. When adding the shor test p ath to any nod e into the tree, the o ptimal path is chose n on the basis of delay , throughp ut and connec tivity . OSPF utilizes IP mult icast to re duce the amount of r outing traf fic required when sending or recei [...]

  • Page 341

    IP R OUTING 3-287 - And fin ally, you m ust specify a virtual link to any OSPF area that is not p hysically attache d to the OSPF backbone. V irtual links c an also be use d to pr ovide a redun dant lin k between co ntiguou s areas to pre vent ar eas from being partiti oned, or to me rge backb one areas. Confi guring Gener al Protocol Settings T o [...]

  • Page 342

    C ONFIGURING THE S WI TC H 3-288 systems t o which it may be att ached. If a router is en abled as an ASBR, then e very othe r router in the auton omous sys tem can lear n abo ut exter nal routes fro m this devic e. (Def ault: Disab led) • Rfc1583 Compatible – If one or more ro uters in a routing domain are using OSPF V ersion 1, this router sh[...]

  • Page 343

    IP R OUTING 3-289 or static configurat ion, and s uch a route i s known. (See “Redistributing External Routes” on page 3-310.) • External Metric Type 2 – The external link t ype used to adver tise the default ro ute. Ty pe 1 route a dvertis emen ts add th e interna l cost to the exter nal rou te metric. Type 2 routes d o not add th e inte r[...]

  • Page 344

    C ONFIGURING THE S WI TC H 3-290 We b - Click Routing Prot ocol , OSPF , Ge nera l Configu ration . Ena ble OSPF , specify t he R outer ID , configur e the oth er global p arameters a s required, and click Apply . CLI - This exampl e confi gures the router w ith the same s ettings as sho wn in the s creen capt ure for th e web interface. Console(co[...]

  • Page 345

    IP R OUTING 3-291 Configur ing OSPF Ar eas An auto nomous syste m must be config ured with a backbon e area, design ated b y area ident ifier 0.0.0. 0. By default , all oth er areas are cre ated as nor mal transit areas . R outers in a n or mal area may impo r t or expor t routing infor mation about indi vidual no des . T o reduce t he amount of ro[...]

  • Page 346

    C ONFIGURING THE S WI TC H 3-292 • By defau lt, a stub can only pa ss traffic to ot her areas in the auto nomous system via the defau lt exter nal route. However, you also ca n confi gure an area b order route r to send Type 3 summ ary link adver tisements into the stub. NSSA – A not-so-s tubby area (NSSA ) is similar to a stub. It blocks most [...]

  • Page 347

    IP R OUTING 3-293 Command Usa ge • Before you cre ate a stub o r NSSA, firs t specify the addr ess range fo r an area us ing the Net work A rea Addres s Config uration scre en (page 3-305). • Stubs and NSSAs canno t be used as a transit area, and should therefore be placed at the edg e of the ro uting do main. • A stub or NSSA can have multip[...]

  • Page 348

    C ONFIGURING THE S WI TC H 3-294 We b - Click R outing Protocol, OSPF , Area Configuration. Set any area to a stub or N SSA as required , specify the cost for the defau lt summary route sent into a stub , and click Apply . CLI - T his example conf igures area 0.0.0. 1 as a nor mal area, area 0.0.0.2 as a stub , and area 0.0.0.3 as an NSSA. It also [...]

  • Page 349

    IP R OUTING 3-295 Configur ing Area Ran ges (Route Summarization for ABRs) An OSPF are a can incl ude a large n umber of node s . If th e Area Border R outer (ABR ) has to adv er tise route in fo r m ati on f or each o f these nodes , this w aste s a lot o f bandw idth and pro cessor ti me. Instead , yo u can configure an ABR to adv ertise a single[...]

  • Page 350

    C ONFIGURING THE S WI TC H 3-296 Command Attributes • Area ID – I denti fie s an ar ea for whic h the r out es ar e sum mar ized . (The area ID mus t be in the form of a n IP addre ss.) • Range Network – Base add ress f or the r out es to s umma rize . • Range Netmask – Netw ork mask for the summary route. • Adve rtis ing – Indicate[...]

  • Page 351

    IP R OUTING 3-297 The conf igured summar y route is shown in the list of infor mation displ ayed fo r area 1. Configur ing OSPF In terfaces Y ou should sp ecify a ro uting inter face for any loca l subnet that needs to communicat e with other ne twork segmen ts loc ated o n this rout er or elsewhere in the network. First configure a VLA N for each [...]

  • Page 352

    C ONFIGURING THE S WI TC H 3-298 • Designated Router – Desi gnated rout er for this ar ea. • Backup Designated Router – Des ignated backup r outer for this area. • Entry Count – The number o f IP interfa ces assigned to this VLAN. Note: Thi s r outer su pports up 64 OSPF in terfa ces . Detail Interface Con figuration • VLAN I D – Th[...]

  • Page 353

    IP R OUTING 3-299 - The transmit d elay must be th e same for all router s in an auton omous sy stem . - On sl ow lin ks, th e router m ay se nd pack ets more q uickl y than devices can re ceive them. T o avoid this pro blem, you can use the transmit delay to force the router to wait a sp ecified interval betwe en transm issi ons. • Retransmit In[...]

  • Page 354

    C ONFIGURING THE S WI TC H 3-300 - Rout es are s ubsequent ly assi gned a me tric equal to th e sum of all metrics for each interface link in the route. • Authentication Type – Sp ecifies the auth enti cation ty pe used for an interface. (Option s: None, Simp le password, MD5 ; Default: None) - Use a uthen tica tion to prev ent r outers from i [...]

  • Page 355

    IP R OUTING 3-301 - Normally, only on e key is used per interface to generate authen ticati on info rmation for outboun d packets and to authen ticate incomi ng packets . Neighbo r routers must use the same key iden tifier and key value. - When changin g to a new ke y, the router w ill send multiple c opies of all prot ocol messag es, one with t he[...]

  • Page 356

    C ONFIGURING THE S WI TC H 3-302 Change any of t he inter face-specific p rotocol parameters , and then click Apply . CLI - This example confi gures the int erface parameter s for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 5 3-168 Console(config-if)#ip ospf transmit-delay 6 3-16 9 Console(config-if)#ip ospf retrans[...]

  • Page 357

    IP R OUTING 3-303 Configur ing Virtu al Links All OSPF a reas must conne ct to the backbon e. If an area d oes not ha ve a direct p hys ical co nnection to the ba ckbo ne, you can configure a virtual lin k that pro vides a logical path to t he backbo ne. T o conne ct a n isolated are a to the backbone, th e logic al path can cro ss a single non-bac[...]

  • Page 358

    C ONFIGURING THE S WI TC H 3-304 Note: Thi s router s upports up 64 vi rtual lin ks. We b - Click R o uting Protocol, OSPF , Virt ual Link Configuration. T o create a new virtual li nk, specify t he Area I D and Neig hbor R outer ID , configure the link attribut es , and click Add. T o modify the settin gs for an existing link, click the D etail bu[...]

  • Page 359

    IP R OUTING 3-305 CLI - This ex ample configures a vir tual link from the ABR adjacent to area 0.0.0.4, through a transit area to the neighbor ro uter 10.1.1.252 at the other end of t he link w hich is adja cent to the backbo ne. Confi guring Netwo rk Area Addr esses OSPF pro tocol b roadcast messages (i .e ., Link S tate Ad vertisemen ts or LSAs )[...]

  • Page 360

    C ONFIGURING THE S WI TC H 3-306 • An a rea mu st be as sign ed a ran ge of sub networ k add resses. This a rea and th e corresp onding address r ange forms a routing inte rface, and can be confi gured to ag gregate LSA s from all o f its subn etwork add resses and exchange th is information wi t h othe r rou ters in th e netwo rk (page 3-29 5). [...]

  • Page 361

    IP R OUTING 3-307 other areas in you r network, c onfi gure an a rea f or all of th e oth er OSP F interfaces , then click Apply .[...]

  • Page 362

    C ONFIGURING THE S WI TC H 3-308 CLI - This example c onfigures the bac kbone area and one t ransit ar ea. Confi guring Sum mary Address es (for Exter nal AS Routes) An Autonom ous S ystem B ounda r y Router (ASBR) can redistri bute r outes learned f rom other prot ocols i nto all attac hed auto nomous s ystems . (See “Red istributing Exter nal R[...]

  • Page 363

    IP R OUTING 3-309 • Netmask – Netwo rk mask for the summary route. Note: This router supports up 16 Type-5 summary routes. We b - Clic k R outing Protoc ol, OSPF , Summary Address Co nfigura tion. Specify t he base ad dress and n etwo rk mask, then clic k Add. CLI - This example This ex ample creat es a summary address fo r all rout es containe[...]

  • Page 364

    C ONFIGURING THE S WI TC H 3-310 Redist ribut ing Ext erna l Rout es Y ou can confi gure this ro uter to i mpor t exte rnal routin g infor m ation from other rout ing p rotoc ols in to the a utonom ous sy ste m. Command Usage • Thi s route r su pports redi strib ution for bot h RI P and st atic rout es. • Wh en yo u red ist ribu te ex te rnal r[...]

  • Page 365

    IP R OUTING 3-311 • Redistribute Metric Type – Indicates t he metho d used to ca lculate extern al rou te co sts. (Op tions : Type 1, Ty pe 2; De fault : Type 1) • Redistribute Metric – Metric assi gned to all e xterna l routes for th e specified protocol. (Range: 1-65535: Default: 10) We b - Clic k R outing Protoc ol, OSPF , R edistri bute[...]

  • Page 366

    C ONFIGURING THE S WI TC H 3-312 ABR. (For a detaile d desc riptio n of NSSA area s , refe r to “Con figu ring OSPF Areas” on page 3-291.) Command Attributes • Area ID – Identifi er for an not-so-st ubby area ( NSSA). • Default Information Originate – An NSSA ASBR originates and floods Type -7 exte rna l LSA s throu ghou t its are a for[...]

  • Page 367

    IP R OUTING 3-313 We b - Click R outing Proto col, OSPF , NSSA Settings. Cr eate a new NSSA or modi fy the rout ing beha v ior fo r an existing NSSA, and click Apply . CLI - T his exam ple conf igur es a rea 0.0. 0. 1 as a stub and sets t he cost for the de fault sum mar y rout e to 10. Displaying Link State Datab ase Information OSPF routers adv e[...]

  • Page 368

    C ONFIGURING THE S WI TC H 3-314 The full database is e xc hanged b etween neighboring routers as soon as a new rou ter is disco vere d. Af terwar ds , any c h anges tha t occur in the rout ing tables are synchr oniz ed with n eighb oring route rs thro ugh a proce ss calle d reliable f loodi ng . Y ou can show in for mation a bout d iffere nt LSAs [...]

  • Page 369

    IP R OUTING 3-315 - A Router I D for Router, Netw ork, and Type 4 AS S ummary LSAs . • Self-O riginate – Sho ws LSAs originated by this rout er. • LS Type – LSA Ty pe (Op tions: Type 1- 5, 7). Se e the pre cedin g desc riptio n. • Adv R ou ter – IP add ress of t he advertisin g route r. If not e ntered, information about all advertising[...]

  • Page 370

    C ONFIGURING THE S WI TC H 3-316 We b - Clic k R o uting Pr otocol , OSPF , Link S tate Dat abase I nfor mation. Specify p aramete rs for the L SAs you want to display , th en click Que r y . CLI - The CLI pro vides a w ider sele ction of displa y optio ns for view ing the Link State Database. See “show ip ospf database” on page 3-172. Displayi[...]

  • Page 371

    IP R OUTING 3-317 • Type – Router type of the de stination; either A BR, ASBR or both. • Rte Type – Route t ype; eit her intr a-area or interarea route (IN TRA or INTER) . • Area – The a rea from w hich this route was learned. • SPF No – The number o f time s the sho rtest pa th first algo rithm has been exec uted for t his route. W[...]

  • Page 372

    C ONFIGURING THE S WI TC H 3-318 • Priority – Neighbor ’s rout er priori ty. • State – OSPF state and identifi cation flag. States inc lude: - Down – Connect ion dow n - Atte mpt – Con nec tion down , but attempt ing co ntact (non-br oadca st netw orks ) - Init – Have re ceive d Hel lo packe t, but communi cati ons no t yet establis[...]

  • Page 373

    M ULTICAST R OUTING 3-319 neig hbors. Multic ast Ro uting This router c an route multi cast traffi c to d ifferent su bnetw orks using either D istance V ector Mu lticast R outing Pro tocol (D VMRP) or Protoc ol-Ind ependent M ulticast ing - D ense Mod e (PIM- DM). These protocols flood m ulticast tr affic downs tream, and calculat e the shortest-p[...]

  • Page 374

    C ONFIGURING THE S WI TC H 3-320 (page 3-324) or PIM (pag e 3-335), and specify the interfaces that will participate (pag e 3-329 or 3-336). Note that you can only en able one multicast routing proto col on any giv en interface. We b – Click IP , Multicast Routing, General Setting . Set Multic ast F orwarding Stat us to Enable d, and clic k Apply[...]

  • Page 375

    M ULTICAST R OUTING 3-321 Displaying the Mult icast Routing Table Y ou can display infor m ation on each multicast route this router has learne d via D VMRP or PIM. T he router learns multicast routes from neighborin g routers , and also adv ertises these routes to its ne ighbors . The route r store s entr ies for all pa ths lear ned by itse lf or [...]

  • Page 376

    C ONFIGURING THE S WI TC H 3-322 We b – Click IP , Multicast Routing, Multicast Routing T able. Click Detail to displa y additional inf or mation for any e ntry .[...]

  • Page 377

    M ULTICAST R OUTING 3-323 CLI – T his example shows that multic ast fo rwar ding is en abl ed . T he mult icast ro uting ta ble disp lays one entry for a m ulticast sour ce routed b y D VMRP , and an othe r sour ce rou ted v ia PIM. Configuri ng DVMRP Th e Distan ce-V ecto r Multica st Routing Prot ocol (DVMRP) be haves somewh at similar ly to RI[...]

  • Page 378

    C ONFIGURING THE S WI TC H 3-324 looping and dete r min e the shor test pat h to the source of this multicast traffic. When this route r receives the m ulticast mess age, it checks its unicast routing ta ble to loc ate the po r t that p rovides the shor test path ba ck to the source . If that path pa sses t hrough th e same p ort on whic h the m ul[...]

  • Page 379

    M ULTICAST R OUTING 3-325 Command Usage[...]

  • Page 380

    C ONFIGURING THE S WI TC H 3-326 Broadca sting period icall y f loods the source flooding potential hosts pruning source grafting source[...]

  • Page 381

    M ULTICAST R OUTING 3-327 network with traffic fr om a ny active multicas t ser ver. If IGMP sn oopin g is disabled, multicast t raffic is floode d to all por ts on the router . Howeve r, if IGMP s noopin g is enable d, then the firs t pack et for any so urce group pair is f looded to all D VMRP downstream neighbors. If a packet is recei ved throug[...]

  • Page 382

    C ONFIGURING THE S WI TC H 3-328 neighbors are st ill active members of the multicast tree. (R ange: 1-65535 seconds; Default: 10 seconds) • Neighbor Timeo ut Interval – Sets th e interva l to wait for mes sages from a DVMRP neighbor befo re declaring it dead. This command is used for timing out routes , and for setti ng the ch ildren an d leaf[...]

  • Page 383

    M ULTICAST R OUTING 3-329 We b – Click R outing Protocol, D VMRP , General Settings. Enable or disable D VMRP . Set th e glob al parame ters t hat contr ol neighb or timeo ut, the exch ang e of routing infor mation, or the pr une lifetime, and click Apply . CLI – This sets th e global p arameter s for D VMRP and dis plays the current se tting s[...]

  • Page 384

    C ONFIGURING THE S WI TC H 3-330 (page 3-324), and also enable D VMR P for each interface that will part icipate in multicast routing . Command Attributes D VMRP Interface Infor mation • Interface – VLAN interface on this rou ter that has enabled DVMRP. • Address – IP address o f this VL AN interfa ce. • Metric – The metric f or this in[...]

  • Page 385

    M ULTICAST R OUTING 3-331 We b – Click R outing Proto col, DVMRP , I nterface Settings. Select a VLAN from the d rop-down box under DVMRP Inter face S ettings, modify th e Metric if required, set the Status to Enabled or Disabled , and click Apply . CLI – This example enables D VMRP and sets the metric fo r VLAN 1. Displaying Neighbor Informati[...]

  • Page 386

    C ONFIGURING THE S WI TC H 3-332 upstr eam neighb or. • Up time – The time sin ce this device l ast became a DVMRP neighb or to this route r. • Expire – The time remainin g before this e ntry will be aged out. • Capabilities – A hexadecimal value that indicates the neighb or’s capabilities. Each time a probe messa ge is received from [...]

  • Page 387

    M ULTICAST R OUTING 3-333 CLI – T his example displays the only neighbor ing DV MRP router . Displaying th e Routing Table Th e rout er lear ns sourc e-ro uted in for mation fr om nei ghborin g D VMRP routers an d also advertises learned routes t o its neigh bors . T he router merely records path infor mation it has lear ned on its own or from ot[...]

  • Page 388

    C ONFIGURING THE S WI TC H 3-334 • Expire – The time remainin g before this e ntry will be aged out. We b – Click R outing Protocol, D VMRP , D VMRP Routing T able. CLI – This exampl e displa ys kno wn D VMRP routes. Configuri ng PIM-DM Protoc ol-In dependent Multi casting (PI M) pro vides tw o dif feren t modes of operat ion: spar se mode [...]

  • Page 389

    M ULTICAST R OUTING 3-335 same interface used for routing unic ast packets to the multicast source network. If it is not, t he ro uter d rops th e packet a nd send s a pr une message bac k out the source i nterface . If it is the same interface used by the un icast pro tocol, then th e router forwar ds a copy of the p ack et to all the ot her inte [...]

  • Page 390

    C ONFIGURING THE S WI TC H 3-336 CLI – T his example enables PIM-DM globally and displays the cur rent status . Configur ing PIM-D M Interface Sett ings T o fully enable PIM -DM, you need to enable multicast routin g globally for the router (page 3-319), enable PIM-DM globally for the router (page 3-335), an d also enable PIM-DM for each interfac[...]

  • Page 391

    M ULTICAST R OUTING 3-337 transmitted. He llo mess ages are sent to neighboring PI M routers from which this de vice has rec eiv ed prob es , and are u sed to v erify whether or not these neighbors are still acti ve members of the multicast tree. (Range: 1-65535 second s; Default: 30) • Hello Holdtime – Sets th e interval to wait for h ello me [...]

  • Page 392

    C ONFIGURING THE S WI TC H 3-338 ackno w ledgement message is lost, the router that sent the graft messag e will resend it a m aximum number of t imes as defined by Max Graft Retries . (Range: 1-65535 seconds; Default: 3) • Max Graft Retries – Configures the maximum numb er of times to resend a graft message if it has not b een acknowledged . ([...]

  • Page 393

    M ULTICAST R OUTING 3-339 CLI – This exam ple sets the PIM -DM p rotocol parame ters f or VLAN 2, and dis plays the cu r rent se ttings . Displaying Inte rface Info rmation Y ou can disp lay a summary of the current interface s tatus for P IM-DM, includ ing the number of neig hbor ing PI M rout ers, an d the addre ss of th e des ignat ed P IM ro [...]

  • Page 394

    C ONFIGURING THE S WI TC H 3-340 We b – Click Routing Prot ocol, PIM-D M, Inter face Infor mation. CLI – This example s hows t he PIM-DM i nterface summ ar y for VLAN 1. Displaying Neighbor Information Y ou can di spla y all th e neig hboring PIM-DM routers . Command Attributes • Neighbor Address – IP addres s of th e next-h op ro uter. •[...]

  • Page 395

    M ULTICAST R OUTING 3-341 We b – Click R outing Protocol, PIM-DM, Neigh bor Infor mation . CLI – T his example displays the only neighbor ing PIM-DM router . Console#show ip pim neighbor 3-210 Address VLAN Interface Uptime Expi re Mode --------------- ---------------- -------- ----- --- ------- 10.1.0.253 1 613 91 Dense Console#[...]

  • Page 396

    C ONFIGURING THE S WI TC H 3-342[...]

  • Page 397

    4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This ch apter de scribes how t o use th e Command Line In terface (CLI ). Using the Com mand Line Inte rface Accessing the CLI When acces sing th e management interface for the s witch ov er a d irect connec tion to the server’ s conso le port, or via a T elnet co nnectio n, the switch ca n be manag ed by[...]

  • Page 398

    C OMMAND L IN E I NTE RF AC E 4-2 After c onnecti ng to the sy stem thr ough th e conso le port, th e login sc reen displ ays: Telnet Connection T elnet op erates o ver the IP tran sport protocol . In thi s enviro nment, y our management station and any netw ork device yo u want to manage o ver t he network must hav e a valid IP address . V alid IP[...]

  • Page 399

    U SIN G THE C OMMAND L INE I NTE RF AC E 4-3 After y ou con figure the s witch with an IP address , you can open a T elnet session by perfo r ming these st e ps: 1. Fr om the rem ote ho st, ente r the T elnet comma nd and t he IP addr ess of the device yo u want to access . 2. At th e prompt , enter the user name an d system p assw o rd. The C LI w[...]

  • Page 400

    C OMMAND L IN E I NTE RF AC E 4-4 Enteri ng Commands Th is sectio n desc ribes how to ente r CLI command s . Keywords and Arguments A CLI comm and is a serie s of keyw ords and argumen ts . Keyw ords identi fy a command, an d arguments specify configurat ion parameter s . F or example , in th e command “show i nterfaces s tatus ethernet 1/5, ” [...]

  • Page 401

    E NTERING C OMMANDS 4-5 Command Com pletion If you ter minate input w ith a T ab key , the CLI will p rint the remaining characters of a par tia l keyword up to the poin t of amb iguity . In the “logging his tory” example , typi ng log followed b y a tab will result in printing the comm an d up to “ logg ing .” Getting Help on Commands Y ou[...]

  • Page 402

    C OMMAND L IN E I NTE RF AC E 4-6 Sho win g Com man ds I f you en ter a “?” at the comma nd prompt, the syste m will displa y the first lev el of ke ywo rds for the current comman d class ( Nor mal Ex ec or Pri vileged Exec ) or config urati on class (Globa l, A CL, DHCP , Inter face, Li ne, VLAN Database, or MSTP). Y ou can also di splay a l i[...]

  • Page 403

    E NTERING C OMMANDS 4-7 The co mman d “ show interfaces ? ” will display the following infor mation: Partial Keyword Lookup If yo u ter minate a partial keyw ord with a question mark, alt ernatives that match the initial letters are provided. ( Re membe r not to leave a space betw een the comma nd and questi on mark.) F or example “ s? ” sh[...]

  • Page 404

    C OMMAND L IN E I NTE RF AC E 4-8 Understanding Command Modes The command s et is di vided in to Ex ec and Configurat ion class es . Ex ec commands ge nerally display infor matio n on system stat us or clear statisti cal cou nters. Config uratio n com mands, on the ot her hand , modify inte rface paramet ers or en able certain sw itching functio ns[...]

  • Page 405

    E NTERING C OMMANDS 4-9 console session with th e user name a nd pass word “admin.” T he syst em will now d ispl ay th e “Conso le#” command p rompt. Y ou can al so ente r Pri vileged Ex ec mode from within No r mal Exec mode , by entering the enab le command, followed by the pri vileg ed level passwo rd “super” (page 3-37). T o enter P[...]

  • Page 406

    C OMMAND L IN E I NTE RF AC E 4-10 packet filt ering. • DHCP Confi guration - These com mands are us ed to co nfigure t he DHCP server. • Interf ace Confi guration - T hese comman ds modify the port config urati on s uch as speed-duplex and negotiation . • Line Config urati on - These comman ds mod ify t he cons ole po rt and Telnet configura[...]

  • Page 407

    E NTERING C OMMANDS 4-11 T o enter t he othe r modes , at the conf iguratio n prom pt type on e of the follo wing com mands . Use the exit or end comma nd to r eturn to the Pri vileged Ex ec mode . For exa mple, you ca n use th e follow ing comma nds to ent er interfa ce configuration m ode, and then return to Privileged Exec mode Mode Command Prom[...]

  • Page 408

    C OMMAND L IN E I NTE RF AC E 4-12 Command Line Pr ocessing Commands are not ca se sens itiv e. Y ou can abb reviate com mands and para mete rs as long as th ey con tai n eno ugh lett ers to d iffer ent iat e the m from an y other currentl y av ailab le comma nds or p aramete rs . Y ou can use the T ab key to complete partial com mands , or enter a[...]

  • Page 409

    C OMMAND G RO U P S 4-13 Comman d Groups The syst em command s can be b rok en do wn into the funct ional groups shown below . Command Group Description Page Line Sets communication parameters for the serial po rt and Telnet, in cluding baud ra te and co nsole time-out 3-1 5 General Basic c ommands f or entering privileged a ccess mode, restarting [...]

  • Page 410

    C OMMAND L IN E I NTE RF AC E 4-14 Address Table Conf igures the address table for filterin g specified address es, displ ays curren t entries, clears the ta ble, or se ts the aging time 3-3 3 Spanning Tree Conf igures Spanning Tree settings fo r the switch 3-38 VLANs Conf igures V LAN setting s, and defines port membership for VLA N groups; also e[...]

  • Page 411

    L INE C OMMANDS 4-15 The access m ode sho wn in th e follo wing tab les is in dicated b y these abbr eviation s: NE (Nor mal Exec) VC ( VLAN Database Config uration) PE (Privilege d Exec) MST (Multiple Span ning T ree) GC (Global Con figuration) AC L (Access Control List Co nfigur ation) LC (Line Configuration) DC (DHCP Ser ver Configuration) IC (I[...]

  • Page 412

    C OMMAND L IN E I NTE RF AC E 4-16 line This command identifie s a specifi c line for config uration, an d to proces s subse quent line config uratio n com mands. Syntax line { console | vty } • console - Consol e terminal line. • vty - Virtual termin al for remote cons ole access ( i.e., Telnet). Default Setting There is n o default line. Comm[...]

  • Page 413

    L INE C OMMANDS 4-17 Related Commands show line (3-26) show users (3-83) login This command enables p assw ord c heckin g at log in. Use the no for m to disable password che cking an d allow con nection s wi thout a password. Syntax login [ local ] no login local - Sele cts local password checking . Authentication is ba sed on the user name s pecif[...]

  • Page 414

    C OMMAND L IN E I NTE RF AC E 4-18 • This co mmand con trols lo gin authe nticati on via th e switch i tself. To configure user na mes and pas swords for remote au then ticatio n servers, you must use the RADIUS or TACACS softw are installed on those serve rs. Example Related Commands username ( 3-35) password (3-18) password This comma nd specif[...]

  • Page 415

    L INE C OMMANDS 4-19 passwo rd before the sys tem termi nates the line conn ection an d retu rns the terminal to the idle st ate. • The encrypted pass word is required for compatibility w ith legacy passw ord set tings (i .e., plain text or e ncrypte d) wh en read ing the config uratio n file during system b ootup or when d ownloadin g th e confi[...]

  • Page 416

    C OMMAND L IN E I NTE RF AC E 4-20 • This co mmand app lies to both the local conso le and Teln et connect ions. • The t imeou t for Telne t cann ot be disabl ed. Example T o set the ti meou t to t wo min utes , ent er th is com man d: password-thresh This c ommand sets th e password intr usio n threshold which lim its the number of failed lo g[...]

  • Page 417

    L INE C OMMANDS 4-21 Example T o se t the pa ssword thresho ld to five attempts, enter this comman d: Related Commands silent-time ( 3-21) silent-time This c ommand sets the amount of time the man ag ement console is inacce ssible aft er the n umber of unsuccess ful logon atte mpts ex ceeds the threshold set by th e pass word- thresh co mmand . Use[...]

  • Page 418

    C OMMAND L IN E I NTE RF AC E 4-22 databi ts This c ommand sets the number of dat a bits per char acter th at are inter prete d and g e nera ted by th e con sole por t. Us e the no fo r m to r est ore the de fault value. Syntax databi ts { 7 | 8 } no databits • 7 - Seve n data bits per chara cter . • 8 - Eight da ta bits per characte r. Default[...]

  • Page 419

    L INE C OMMANDS 4-23 parity Th is comman d def ines t he ge nera tion of a pa rity bit . Use t he no for m to restore the defaul t settin g . Syntax parity { none | even | odd } no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communic ation protoc ols[...]

  • Page 420

    C OMMAND L IN E I NTE RF AC E 4-24 speed This command sets th e ter minal line’ s baud rate. This c ommand sets b oth the tr ansmit (t o terminal) and r eceiv e (from ter minal) s peeds . Use the no for m to restore the default se tting. Syntax speed bps no speed bps - Ba ud rate in bits per se cond. (Options: 9600, 19200, 38400, 5760 0, 115200 b[...]

  • Page 421

    L INE C OMMANDS 4-25 Syntax stopbits { 1 | 2 } • 1 - On e stop bit • 2 - T wo stop bits Default Setting 1 stop bit Command Mode Line Configuration Example T o specify 2 s top bits , enter t his comma nd: disconnect Use this command to terminate an SSH, T elnet, or console c onnectio n. Syntax disconnect session -id session- id – T he session [...]

  • Page 422

    C OMMAND L IN E I NTE RF AC E 4-26 Related Commands show ssh (3-55) show users (3-83) show line This comm and displays the ter min al line’ s p arameters . Syntax show li ne [ console | vty ] • console - Consol e terminal line. • vty - Virtual termin al for remote cons ole access ( i.e., Telnet). Default Setting Shows all li nes Command Mode [...]

  • Page 423

    G ENERAL C OMMANDS 4-27 General Comman ds enable This c ommand activates Privileged Exec mode. In privileged mode, addition al commands are a v ailable, an d certain commands displa y additiona l infor mation. Se e “Unde rstanding Comman d Modes” on pag e 4-8. Syntax enab le [ level ] leve l - Privilege level to log into the device. The device [...]

  • Page 424

    C OMMAND L IN E I NTE RF AC E 4-28 Command Mode Nor m al Exec Command Usage • “super ” is the de fault passwo rd require d to change t he command m ode from Norma l Exec to Pr ivileged Exe c. (To set th is passw ord, see th e enable password command on page 3-37.) • The “ #” char acte r is appe nded t o the e nd of th e promp t to indi [...]

  • Page 425

    G ENERAL C OMMANDS 4-29 Example Related Commands enable (3-27) configure This comm and activates Global Configuration mode. Y ou must enter this mode to m odify a ny sett ings on the switch. Y ou must al so ente r Glob al Config uratio n mode prio r to en abling some o f the ot her co nfigur ation modes, including Interf ace Co nfigura tion, Lin e [...]

  • Page 426

    C OMMAND L IN E I NTE RF AC E 4-30 Command Mode Nor m al Exec , Privileg ed Exec Command Usage The history buffer si ze is fix ed at 10 Execu tion com mands and 10 Conf igur ation c ommands . Example In this exam ple, th e show his tor y com mand l ists the con tent s of th e comma nd hist ory buffer: The ! command repeat s command s from th e Ex e[...]

  • Page 427

    G ENERAL C OMMANDS 4-31 command. Default Setting None Command Mode Pri vileged Ex ec Command Usage This comman d resets the ent ire syste m. Example Th is example shows how to r eset th e switch : end This command returns to Pri vileged Ex ec mode. Default Setting None Command Mode Global Configura tion, I nterface Co nfigura tion, Lin e Configura [...]

  • Page 428

    C OMMAND L IN E I NTE RF AC E 4-32 exit This comm and return s to the previous config uration mode or exit t he config uration p rog ra m. Default Setting None Command Mode Any Example This examp le sho ws how to return to the Pri vileged E xec mode from the Global Conf iguratio n mo de, and then quit the CLI se ssion: quit This c ommand exits th e[...]

  • Page 429

    S YSTE M M ANAGEME NT C OMMANDS 4-33 Example This e xample sh ows how to qui t a CLI sessio n: System Mana gemen t Comman ds These comman ds are use d to con trol sys tem logs , passw ords, user names , browser config uratio n opti ons, and di splay or c onfigu re a varie ty of ot her system inf or ma tion. Console#quit Press ENTER to start session[...]

  • Page 430

    C OMMAND L IN E I NTE RF AC E 4-34 Device Designation Commands prom pt This comma nd customi zes the CLI prompt . Use the no fo r m to rest or e the def ault pr ompt. Syntax prompt string no prompt string - Any a lphan umer ic strin g to u se for th e CLI pr ompt. (Maximu m length: 255 charact ers) Default Setting Consol e Command Mode Global Confi[...]

  • Page 431

    S YSTE M M ANAGEME NT C OMMANDS 4-35 Syntax hostname name no hostname name - T he name of this host. (Maximum length: 255 c haracters) Default Setting None Command Mode Global Configura tion Example User Access Commands The basic c ommands required f or managem ent access are list ed in this secti on. T hi s switch al so in clud es oth er op tions [...]

  • Page 432

    C OMMAND L IN E I NTE RF AC E 4-36 Syntax user name nam e { access-level le vel | no passw ord | password { 0 | 7 } password } no user name name • name - The name of the use r. (Maximum length: 8 ch aracters, case sens itive. Maximum users: 16) • access-level leve l - Speci fies the user l evel. The device has two predefined privilege levels: 0[...]

  • Page 433

    S YSTE M M ANAGEME NT C OMMANDS 4-37 Example This examp le sho ws how the set the access lev el and pa ssw ord for a user . enable password After initially log g ing onto the s ystem, you should set the Privilege d Exec password. R e member to record it in a safe place. This command co ntrols access t o the Pr ivile ged Exec le vel from the No r ma[...]

  • Page 434

    C OMMAND L IN E I NTE RF AC E 4-38 config uration file from a TF TP server . There is no need for y ou to manuall y configur e encrypt ed passwo rds. Example Related Commands enable (3-27) IP Filt er C ommand s management This comma nd specifies the clien t IP addr esses t hat are allo wed manageme nt acces s to th e switc h thr ough v arious proto[...]

  • Page 435

    S YSTE M M ANAGEME NT C OMMANDS 4-39 Default Setting All addresses Command Mode Global Configura tion Command Usage • If anyon e trie s to ac cess a ma nagement interfac e on th e switch fro m an invalid address, the switch will rejec t the connec tion, ente r an event message in the system log, and send a tr ap message to the trap manager. • I[...]

  • Page 436

    C OMMAND L IN E I NTE RF AC E 4-40 • all-client - Ad ds IP add ress(es ) to t he SNMP , web an d T elnet gro ups . • http-client - Adds IP addres s(es) to the web group . • snmp-client - Adds IP a ddre ss(e s) to th e SNM P g roup. • telnet-client - Adds IP a ddre ss(es ) to the Telnet gr oup. Command Mode Global Configura tion Example Cons[...]

  • Page 437

    S YSTE M M ANAGEME NT C OMMANDS 4-41 Web Server Commands ip http port This command specifies t he TCP port num ber used b y the web bro wser interface. Use the no form to use the defa ult port. Syntax ip http por t port-number no ip http por t por t-n umbe r - Th e T C P p or t t o b e u s e d b y t h e b r o w s e r i n t e r f a c e . (Range: 1-6[...]

  • Page 438

    C OMMAND L IN E I NTE RF AC E 4-42 ip http s erver This comm and allows this device to be monit ored or configured from a bro wser . Use th e no fo r m to d isabl e this f uncti on. Syntax [ no ] ip http ser ver Default Setting Enabl ed Command Mode Global Configura tion Example Related Commands ip http po rt (3- 41) ip http secur e-server This com[...]

  • Page 439

    S YSTE M M ANAGEME NT C OMMANDS 4-43 Command Usage • Both HT TP and HTT PS service can be ena bled ind ependent ly on the switch. However, you cann ot confi gure the HTTP and HTTP S servers to use the same UDP p ort. • If you enabl e HTTPS, yo u must ind icate this i n the URL th at you specify i n your brow ser: https :// device [: port_number[...]

  • Page 440

    C OMMAND L IN E I NTE RF AC E 4-44 copy t ftp https-c er tifi cate (3- 85) ip http secure-por t This command specifies t he UDP port num ber used for HTTPS/SSL connec tion to the switc h’ s web inte rface . Use th e no for m to restore the defau lt por t . Syntax ip http secure-por t por t_num ber n o i p h t t p s e c u re - p o rt por t_n um be[...]

  • Page 441

    S YSTE M M ANAGEME NT C OMMANDS 4-45 Secure Shell Commands The Berkley-stan dard includes remote access tools origin ally designed for Unix sys tems. Some of th ese t ools have also bee n implem ente d for Micros oft Wind ows and ot her env ironm ents. Thes e tool s , inclu ding comma nds suc h as rlogin (remot e login) , rsh (remote s hell), and r[...]

  • Page 442

    C OMMAND L IN E I NTE RF AC E 4-46 The SSH se r ver on this s witch supports b oth passw ord and pub lic k ey authen ticatio n. If p assw ord authe nticati on is sp ecified b y the SSH client, then the password can b e authen ticate d eithe r locally or via a RADIUS o r TA CACS+ remote auth enticatio n ser ver , as spec ified by the authentication [...]

  • Page 443

    S YSTE M M ANAGEME NT C OMMANDS 4-47 known hos ts file on th e manag eme nt stat ion an d place t he host pu blic key in it. An entr y for a public key in the known hosts fi le wo uld appear similar to the following example: 10.1.0.54 10 24 35 156849 9540186 7669259333 9467750 54617325 3136748 9083654 7254 1502024559 3199868 5443583 6165199 9923329[...]

  • Page 444

    C OMMAND L IN E I NTE RF AC E 4-48 c . If a mat ch is found, th e switc h uses the publi c key t o encrypt a ran dom sequenc e of b ytes , and se nds thi s string to th e client . d. The client use s its pri v ate ke y to decrypt the b ytes, and sen ds the decrypted b ytes back to the s witc h. e. The switc h compare s the d ecr ypted bytes to the [...]

  • Page 445

    S YSTE M M ANAGEME NT C OMMANDS 4-49 Example Related Commands ip ssh cr y pto hos t-key ge nerate (3-52) show ssh (3-55) ip ssh timeout Use this co mmand to confi gure the ti meout for the SSH ser ve r . Use the no for m to restore the default se tting. Syntax ip ssh timeout seconds no ip ssh tim eout seconds – T he timeo ut for c lient respon se[...]

  • Page 446

    C OMMAND L IN E I NTE RF AC E 4-50 Example Related Commands ex ec-timeout (3 -19) show ip ssh (3-54) ip ssh auth entication- retries Use th is command to conf igure the number of times the SS H ser ver attemp ts to reau thentic ate a user. Use the no for m to restore the default setting. Syntax ip ssh a uthentication-retries count no ip ssh authent[...]

  • Page 447

    S YSTE M M ANAGEME NT C OMMANDS 4-51 ip ssh server-key size Use this command to set the SSH server k ey size . Use the no for m to restore the defaul t settin g . Syntax ip ssh ser ver -key siz e ke y - s i z e no ip ssh ser ver-k ey size key -s i z e – The size of ser ver key . (Range: 512-896 bits) Default Setting 768 bits Command Mode Global C[...]

  • Page 448

    C OMMAND L IN E I NTE RF AC E 4-52 Command Mode Pri vileged Ex ec Example ip ssh crypt o host-key generate Use th is comm and to gene rate the host k ey pa ir (i.e ., p ublic and pri vat e). Syntax ip ssh cr ypto host-key generate [ dsa | rs a ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Generat es bo th the DS A an d RSA [...]

  • Page 449

    S YSTE M M ANAGEME NT C OMMANDS 4-53 Related Commands ip ssh cr yp to zeroize (3-53) ip ssh save host-key (3- 54) ip ssh crypt o zeroize Use this command to cle ar the ho st ke y from memory (i.e . RAM). Syntax ip ssh cr ypto zeroize [ dsa | rsa ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Clears b oth the DSA and RSA key [...]

  • Page 450

    C OMMAND L IN E I NTE RF AC E 4-54 ip ssh save host-k ey Use this command to sav e host key fr om RAM to flash memory . Syntax ip ssh sa ve host-k ey [ dsa | rs a ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Saves both the DSA and RS A key . Command Mode Pri vileged Ex ec Example Related Commands ip ssh cr y pto hos t-key [...]

  • Page 451

    S YSTE M M ANAGEME NT C OMMANDS 4-55 show ssh Use this command to disp lay t he current S SH ser ver connect ions . Command Mode Pri vileged Ex ec Example Console#show ssh Connection Version State U sername Encryption 0 2.0 Session-Started a dmin ctos aes128-cbc-hmac-md5 stoc aes128-cbc-hmac-md5 Console# Field Description Session The session number[...]

  • Page 452

    C OMMAND L IN E I NTE RF AC E 4-56 show publ ic-key Use this co mmand to sho w the public key for the sp ecified use r or for the host. Syntax show public-k ey [ user [ user name ]| host ] user na me – Name of an SSH user . (Range: 1-8 chara cters) Default Setting Shows all public keys. Encryption The encryptio n method is automati cally negoti a[...]

  • Page 453

    S YSTE M M ANAGEME NT C OMMANDS 4-57 Command Mode Pri vileged Ex ec Command Usage • If no pa rameters are entered, all keys a re disp layed. If the user keyw ord is entered, but no user name is specified, then the public keys for all users ar e displa yed. • When an RSA key is di splayed, the firs t field in dicates the siz e of the host key (e[...]

  • Page 454

    C OMMAND L IN E I NTE RF AC E 4-58 Event Logging Commands loggi ng on This c ommand cont rols log gi ng of er ror mess age s, sending debug or er ror messag es to switch memor y . The no form disa bles t he logging proces s . Syntax [ no ] lo ggi ng on Default Setting None Command Mode Global Configura tion Command Usage The log ging p rocess c ont[...]

  • Page 455

    S YSTE M M ANAGEME NT C OMMANDS 4-59 Example Related Commands log gin g histor y (3-59) clear log gin g (3-62) loggi ng history This c ommand limits syslo g messag es saved to swit ch memor y ba sed on severity . T he no for m retur n s the log ging of syslo g messag es to the defa ult level. Syntax logging his tor y { fla s h | ram } leve l no log[...]

  • Page 456

    C OMMAND L IN E I NTE RF AC E 4-60 • level - One of the leve l argument s listed b elow. Messages sent inclu de the se lected l evel down to level 0. (Range: 0-7) Default Setting Flash: errors (lev el 3 - 0) RAM: warnings ( level 7 - 0) Command Mode Global Configura tion Command Usage The messag e level specified for f lash memor y must be a high[...]

  • Page 457

    S YSTE M M ANAGEME NT C OMMANDS 4-61 Syntax [ no ] lo gging hos t ho st_ip_ addr ess host_ip_ address - T he IP ad dress of a syslog se r ver . Default Setting None Command Mode Global Configura tion Command Usage • By using t his command m ore than once you can build up a list of h ost IP add resse s. • The maximum numb er of host IP addresses[...]

  • Page 458

    C OMMAND L IN E I NTE RF AC E 4-62 Command Usage The co mmand spe cifies the fac ility type tag s ent in sysl og mes sages. (See RFC 3164.) T his type has no effect on the kind of messag es reported by th e switc h. Ho wev er, it may be used by the sy slog se r ver to sort mess ages or to s tore m essages in t he correspo nding dat abase . Example [...]

  • Page 459

    S YSTE M M ANAGEME NT C OMMANDS 4-63 Syntax clear lo g ging [ fl a sh | ram ] • flash - Even t histo ry stor ed in fl ash memo ry (i. e., per manent memory). • ram - Event history stored in tempor ary RAM (i. e., memory flushed on powe r reset) . Default Setting Flash and RAM Command Mode Pri vileged Ex ec Example Related Commands show log gin [...]

  • Page 460

    C OMMAND L IN E I NTE RF AC E 4-64 Default Setting None Command Mode Pri vileged Ex ec Example The following example shows that s ystem log ging is enabled, the messag e level for flash memor y is “errors ” (i.e., default lev el 3 - 0), the messag e level for RAM is “deb ug gin g” (i.e., default level 7 - 0) , and lists one sample error . C[...]

  • Page 461

    S YSTE M M ANAGEME NT C OMMANDS 4-65 The follo wing example di spla ys settin gs for th e trap funct ion. Related Commands show log gin g sendmail ( 3-70) SMTP Alert Com mands Configur es SMTP ev ent handling , and forw ardin g of alert messages to the specif ied SMTP s er vers and emai l recipien ts . Console#show logging trap Syslog logging: Enab[...]

  • Page 462

    C OMMAND L IN E I NTE RF AC E 4-66 loggi ng sendmai l host This c ommand specifie s SMTP ser vers that will be sent aler t messag es. Use the no form to remov e an SMTP server . Syntax [ no ] lo gging sendmail host ip_add r ess ip_address - I P a d d r e s s o f a n S M T P s e rv e r t h a t w i l l b e s e n t a l e r t mess ages f or ev ent ha n[...]

  • Page 463

    S YSTE M M ANAGEME NT C OMMANDS 4-67 trigge red if the swit ch cann ot succe ssfully o pen a con nection .) Example logging sendmail level This c ommand sets the severity thresh old use d to trig ge r aler t messa g es. Syntax loggin g s end mai l le vel le vel leve l - One of the system messa ge levels (page 3-59). Messages sent include the select[...]

  • Page 464

    C OMMAND L IN E I NTE RF AC E 4-68 logging sendmail s ource-email This command sets the email add ress use d for the “ From” fiel d in alert messag es. Syntax lo gging sendmail source-email email -addr ess email-address - The sour ce email a ddress u sed in al ert messages . (Range: 1 -41 characters) Default Setting None Command Mode Global Con[...]

  • Page 465

    S YSTE M M ANAGEME NT C OMMANDS 4-69 Default Setting None Command Mode Global Configura tion Command Usage Y ou can speci fy up to fi v e recipi ents for al ert messages . How ev er , you mus t enter a separate co mmand to sp ecify eac h recip ient. Example loggi ng sendmai l This comma nd enables SMTP ev ent handling . Use the no form to disable t[...]

  • Page 466

    C OMMAND L IN E I NTE RF AC E 4-70 show lo gging sen dmail Th is co mman d di splay s the s ett ings f or th e SM TP even t han dler. Command Mode Nor m al Exec , Privileg ed Exec Example Time Command s The sys tem clock can be dynami cally set by polling a set of spe cified time ser vers (NTP or SNTP), o r by using infor matio n broadcast by loc a[...]

  • Page 467

    S YSTE M M ANAGEME NT C OMMANDS 4-71 sntp client This comm and enables SNTP client re quests for time synchronization from N TP or SN TP time se r ver s specif ied wit h the sntp servers comma nd. Use the no form to disable SNTP client req uests . Syntax [ no ] sntp client Default Setting Disabled Command Mode Global Configura tion Command Usage ?[...]

  • Page 468

    C OMMAND L IN E I NTE RF AC E 4-72 Example Related Commands sntp ser ver (3-72) sntp poll (3-73) sntp br oadcast c lient (3 -74) show sntp (3-75) sntp server This comma nd sets the IP a ddress of the servers t o whic h SNTP time request s are is sued. Use t he this command wi th no a rguments to clear al l time ser vers from the cu r rent lis t. Sy[...]

  • Page 469

    S YSTE M M ANAGEME NT C OMMANDS 4-73 Command Usage This c ommand sp ecifies time ser vers from which the switch will poll for time update s when set to SNTP client mode. T he client will p oll the time ser vers in th e order specified until a respon se is received. It issues time sy nc hronizat ion request s based on the i nterval set v ia the sntp[...]

  • Page 470

    C OMMAND L IN E I NTE RF AC E 4-74 Example Related Commands sntp clien t (3-71) sntp broadcast client This co mmand syn ch ronize s the s witch ’ s cloc k based on time broad cast from time ser vers (using the mu lticast address 224. 0.1 .1). Use the no for m to disa ble SNTP broa dcast clie nt mode . Syntax [ no ] sntp broadcast client Default S[...]

  • Page 471

    S YSTE M M ANAGEME NT C OMMANDS 4-75 show sntp This comman d displa ys the current t ime and co nfiguratio n settin gs for th e SNTP client, a nd ind icates w hether or not the lo cal time has been p roperly updated . Command Mode Nor m al Exec , Privileg ed Exec Command Usage This comman d displ ays th e current time , the poll int er val used for[...]

  • Page 472

    C OMMAND L IN E I NTE RF AC E 4-76 Command Mode Global Configura tion Command Usage Th is comma nd sets the loca l time zone rela tive to the Coo rdinate d Unive rsal Time (UTC, form erly Greenwich Mean Time o r GMT), based on the earth’ s prime meri dian, z ero degrees lo ngitude . T o displ ay a time corr espondin g to your local time, y o u mu[...]

  • Page 473

    S YSTE M M ANAGEME NT C OMMANDS 4-77 Command Mode Pri vileged Ex ec Example This exampl e shows how to set the system clock to 15:12:34, F ebr uary 1st , 2002. show cale ndar This comma nd displ ays t he system clock. Default Setting None Command Mode Nor m al Exec , Privileg ed Exec Example Console#calendar set 15:12:34 1 February 2002 Console# Co[...]

  • Page 474

    C OMMAND L IN E I NTE RF AC E 4-78 System Status Commands show startup-config This c ommand displays the configuration file stored in non-volatile memor y th at is used to sta rt up the syst em. Default Setting None Command Mode Pri vileged Ex ec Command Usage • Use this command in conju nction w ith the show running-config command to compar e th[...]

  • Page 475

    S YSTE M M ANAGEME NT C OMMANDS 4-79 - VLAN databa se (VL AN ID, name a nd state) - VLAN configuration sett ings for each interface - Mul tiple s panning tree ins tances (name and i nterfac es) - IP address c onfigu red for VL ANs - Ro uting protoc ol con figurat ion sett ings - Spanning tree se tting s - Any config ured set tings fo r the cons ole[...]

  • Page 476

    C OMMAND L IN E I NTE RF AC E 4-80 Default Setting None Command Mode Pri vileged Ex ec Command Usage • Use this command in conju nction w ith the show startup-config command to compar e the info rmation i n running memory to the information store d in non-volatile memory. • This co mmand di splays se ttings for key com mand modes . Each mod e g[...]

  • Page 477

    S YSTE M M ANAGEME NT C OMMANDS 4-81 Example Related Commands show star tup-con fig (3-78) Console#show running-config building running-config, please wait..... ! ! snmp-server community private rw snmp-server community public ro ! ! username admin access-level 15 username admin password 7 21232f297a57a5a 743894a0e4a801fc3 username guest access-lev[...]

  • Page 478

    C OMMAND L IN E I NTE RF AC E 4-82 show system This c ommand displays syst em infor mat ion. Default Setting None Command Mode Nor m al Exec , Privileg ed Exec Command Usage • For a desc ript ion of th e items show n by this c omman d, re fer t o “Disp laying Syst em Info rmation” on page 3-14 . • The POST results should all disp lay “PAS[...]

  • Page 479

    S YSTE M M ANAGEME NT C OMMANDS 4-83 show us ers Shows all activ e console and T elnet sess ions , including use r name, idle time, and IP address of T elnet client . Default Setting None Command Mode Nor m al Exec , Privileg ed Exec Command Usage The session us ed to ex ecute this comman d is indica ted by a “ *” symbol next to t he Li ne (i.e[...]

  • Page 480

    C OMMAND L IN E I NTE RF AC E 4-84 Command Usage See “D isp laying Swi tch Hardware /Softwa re V ersio ns” on pag e 3-16 f or detailed infor mation on the items d isplayed by this comm and. Example Frame Size Commands jumbo frame This comma nd enables support for jumbo fra mes . Use th e no for m to disa ble it. Syntax [ no ] jumbo f rame Defau[...]

  • Page 481

    F LASH /F ILE C OMMANDS 4-85 to stand ard Etherne t frames that ru n only up to 1.5 KB, using jumbo frames si gnificant ly reduces t he per-p acket overhead required to proce ss prot ocol enca psul ation f ields . • To use jumbo frames, bot h the source an d destinati on end nodes (such as a compu ter or server) mus t supp ort this feature. Also,[...]

  • Page 482

    C OMMAND L IN E I NTE RF AC E 4-86 success of the fi le transf er depends on the acces sibility o f the TF TP ser ver and the qua lity of t he netw ork connection. Syntax copy file { fi le | r unning-config | star tup-co nfig | tftp } copy runni ng-config { fil e | start up-config | tftp } copy startup-config { file | r unning-config | tftp } copy [...]

  • Page 483

    F LASH /F ILE C OMMANDS 4-87 the fact ory de fault co nfigurati on fi le, but you cann ot use it as the destination . • To rep lace the s tartup c onfigu ration, you must use startup-config as the d estinatio n. • The B oot ROM an d Loader c annot b e uploa ded or do wnloade d from the TFTP se rver. You must use a direct con sole connect ion an[...]

  • Page 484

    C OMMAND L IN E I NTE RF AC E 4-88 Th e following examp le shows how to download a configuratio n file: This examp le sho ws how to copy a secure-s ite certifica te from an TFTP ser v er. It then re boots the switch t o activate the c er tifi cate: delete This comm and deletes a file or imag e. Syntax delete filename filename - Name of the configur[...]

  • Page 485

    F LASH /F ILE C OMMANDS 4-89 • “Factor y_Defa ult_Con fig.c fg” cann ot be d eleted. Example This e xample shows how to delete the test2.cfg configuration file from flas h memor y . Related Commands dir (3-89) dir This comm and displays a list of files in flash memor y . Syntax dir [ boot-ro m | config | opcode [: filename ]] The ty pe of fil[...]

  • Page 486

    C OMMAND L IN E I NTE RF AC E 4-90 • File info rmation is show n below: Example The following example shows how to display all file infor m ation: whichboot This command display s whic h files we re booted wh en the system pow ered up . Default Setting None Command Mode Pri vileged Ex ec Column Heading Description file nam e The name of the fi le[...]

  • Page 487

    F LASH /F ILE C OMMANDS 4-91 Example This examp le sho ws the info r mation di splaye d by t he whichboot comma nd. See t he table under th e dir command fo r a description o f the file infor mati on displayed by this command. boot system This comma nd specifies the fil e or image used to start up th e system . Syntax boot system { boot-rom | confi[...]

  • Page 488

    C OMMAND L IN E I NTE RF AC E 4-92 Example Related Commands dir (3-89) whichboot (3-90) Authen ticat ion Comma nds Y ou can conf igure t his switc h to authentic ate user s logging in to th e system for manag emen t access using local or R ADIUS authen ticatio n methods. Y ou can also enable po r t-based aut henticat ion for net wo rk client acc es[...]

  • Page 489

    A UTHE NTI CA TI ON C OMMANDS 4-93 Authentication Sequence authenti cation l ogin This comma nd defin es the lo gin au thentica tion met hod and prece dence . Use the no for m to restore the defau lt. Syntax authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • loca l - Use l ocal pass word . • radius - Use RADIUS se[...]

  • Page 490

    C OMMAND L IN E I NTE RF AC E 4-94 password on the RADIUS server is ver ified first. If the RADI US server is not availa ble, then auth entica tion is att empted on the TAC ACS+ serve r. If the TA CACS + server is not available, the local user name and passw ord is ch ecke d. Example Related Commands username - for set ting t he local user names an[...]

  • Page 491

    A UTHE NTI CA TI ON C OMMANDS 4-95 radi us-serve r host This command specifies t he RADIUS s er ver . Use the no form to restore the de fault. Syntax radius-server host host_ip_address no radius-server host host_ip_ address - IP a ddress of ser ver . Default Setting 10.1.0.1 Command Mode Global Configura tion Example radi us-serve r port This comma[...]

  • Page 492

    C OMMAND L IN E I NTE RF AC E 4-96 Example radi us-serve r key This comma nd sets t he RADIUS enc ryption ke y . Use the no form to restore the defau lt. Syntax radius-server key key_ s tr in g no radius-server key key _s t r i n g - En cr yption key used to a uthenticate log on acce ss for client. Do not use blank spaces in the string . (Maximum l[...]

  • Page 493

    A UTHE NTI CA TI ON C OMMANDS 4-97 Default Setting 2 Command Mode Global Configura tion Example radi us-serve r timeout This c ommand sets the inte r val between tra nsmitt ing authe ntication request s to the RA DIUS server . Use th e no for m to res tore the d efault. Syntax radius-ser ver timeout number_of _secon ds no radius-server timeout numb[...]

  • Page 494

    C OMMAND L IN E I NTE RF AC E 4-98 Command Mode Pri vileged Ex ec Example TACACS+ C lient T er min al Access Controlle r Access Co ntrol System (TA CA C S+) is a log on authent icat ion pr otocol th at use s soft ware r u nning on a cen tral ser ver to control access to T A CA CS-awar e devices o n the ne tw ork. An authen ticati on server contai n[...]

  • Page 495

    A UTHE NTI CA TI ON C OMMANDS 4-99 Default Setting 10.11.12.13 Command Mode Global Configura tion Example tacacs-server p ort This comma nd specifi es the T AC A CS+ server n etwo rk port. Use the no for m to restore the default. Syntax tacacs-ser ver port por t_numb er no tacacs-ser ver por t por t_n um ber - TA C A CS+ se r ver TCP p or t use d f[...]

  • Page 496

    C OMMAND L IN E I NTE RF AC E 4-100 Syntax tacacs-ser ver k ey ke y _ s t r i n g no tacacs-ser ver k ey key _s t r i n g - En cr yption key used to a uthenticate log on acce ss for the client. Do not use blank spa ces in the string . (Maximum length: 20 characters) Default Setting None Command Mode Global Configura tion Example show tacacs-ser ver[...]

  • Page 497

    A UTHE NTI CA TI ON C OMMANDS 4-101 Port Securi ty Comm ands Th ese co mmands c an be u sed to dis able th e lear n ing func tion o r manually specif y secure add resses for a po rt. Y ou may want to lea ve port security off for an initial training pe riod (i.e., enable the lear ning function ) to register all the c urrent VLAN members on the se le[...]

  • Page 498

    C OMMAND L IN E I NTE RF AC E 4-102 Default Setting Status: Disabled Act ion: None Maximum Addr esses: 0 Command Mode Interf ace Conf igurati on (Eth ernet) Command Usage • If you enable port secu rity, the switc h will stop dynamically learning new addre sses on the specif ied port. Only incomi ng traff ic with sour ce addresses already stored i[...]

  • Page 499

    A UTHE NTI CA TI ON C OMMANDS 4-103 Example The follo wing example ena bles p ort security for p ort 5, and se ts the respons e to a security viol ation to issue a trap message: Related Commands shutdown (3-9) mac-addr ess-tabl e static ( 3-34) show ma c-add ress -tabl e (3 -35) Console(config)#interface ethernet 1/5 Console(config-if)#port securit[...]

  • Page 500

    C OMMAND L IN E I NTE RF AC E 4-104 802.1x Port Authentication The switch suppor ts IEEE 802.1x (dot1x) por t-based access control that prev ents un authorize d access to the net w ork by requiri ng users to f irst submit credent ials for authenti cation. Client au thenti catio n is cont rolled central ly by a RADIUS server u sing EAP (E xtensi ble[...]

  • Page 501

    A UTHE NTI CA TI ON C OMMANDS 4-105 Syntax authentication dot1x default radius no authentication dot1x Default Setting RADIUS Command Mode Global Configura tion Example dot1x defa ult This comma nd se ts all c onfigurab le dot1x global a nd por t setti ngs to their defau lt values. Syntax dot1x default Command Mode Global Configura tion Example dot[...]

  • Page 502

    C OMMAND L IN E I NTE RF AC E 4-106 count – T he maximum n umber of requests (Range: 1-10) Default 2 Command Mode Global Configura tion Example dot1x port -con tro l This c ommand sets the do t1x mode on a por t interf ace. Use the no for m to restore th e default. Syntax dot1x por t-contr ol { auto | forc e-authoriz ed | force-unauthoriz ed } no[...]

  • Page 503

    A UTHE NTI CA TI ON C OMMANDS 4-107 dot1x oper ation-mode This c ommand allows single or multiple hosts (clie nts) to c onnect to an 802.1X-authorized port. Us e the no for m with no keyw ords to resto re the default to single hos t. Use the no for m wi th the m ulti-host max-count ke ywo rds to res tore the d efault max imum count. Syntax dot1x op[...]

  • Page 504

    C OMMAND L IN E I NTE RF AC E 4-108 - unit - This is device 1. - port - Port number. Command Mode Pri vileged Ex ec Example dot1x re-a uthenticat ion This c ommand enables pe riodic re-authenticatio n globally for all por ts. Use the no for m t o disab le re -authe ntica tion . Syntax [ no ] dot1x re-authentication Command Mode Global Configura tio[...]

  • Page 505

    A UTHE NTI CA TI ON C OMMANDS 4-109 Command Mode Global Configura tion Example dot1x time out re-a uthpe riod This com mand s ets the time period after w hich a co nnected client must be re-aut henticat ed. Syntax dot1x timeout re-authperiod second s no dot1x timeout r e-authperiod second s - T he number of seconds . (Range: 1-65535) Default 3600 s[...]

  • Page 506

    C OMMAND L IN E I NTE RF AC E 4-110 Default 30 seconds Command Mode Global Configura tion Example show dot 1x This c ommand shows ge neral por t a uthen tication rela ted se ttings on t he switch or a specific interface. Syntax show do t1x [ stat is tics ] [ interface interface ] interface • ethernet unit / port - unit - This is device 1. - port [...]

  • Page 507

    A UTHE NTI CA TI ON C OMMANDS 4-111 following glob al parameters whic h are set to a fixed value, in cluding the following items: - supp-timeo ut – Supplic ant time out. - serve r-timeout– Server timeo ut. - reauth-max – M aximum number of reauthentication attempt s. • 802.1X Port Summary – Dis plays th e port ac cess cont rol para meters[...]

  • Page 508

    C OMMAND L IN E I NTE RF AC E 4-112 - State – Current st ate (including initialize, reauthenticate). Example Console#show dot1x Global 802.1X Parameters reauth-enabled: no reauth-period: 3600 quiet-period: 60 tx-period: 30 supp-timeout: 30 server-timeout: 10 reauth-max: 2 max-req: 2 802.1X Port Summary Port Name Status Mode Authorized 1 disabled [...]

  • Page 509

    A CCES S C ONTROL L IST C OMMANDS 4-113 Access Co ntrol List Co mmands Access Control Lists (A CL) pro vide pac ket filteri ng for IP frames (b ased on add ress, protoc ol, Layer 4 pr otoc ol por t numb er or TCP contr ol code) or any fra mes (based on MA C address or Et hernet type). To fi lter packets , first cre ate an acc ess list, a dd the re [...]

  • Page 510

    C OMMAND L IN E I NTE RF AC E 4-114 to an interf ace – Ing res s IP A CL, Egre ss I P ACL , Ingr ess MAC A CL and Egres s MAC ACL. • When an ACL is bound to an in terface as an egress filter, all entries in the ACL must be deny rules. Otherwise, th e bind operation w ill fail. • Eac h ACL c an have up to 32 rule s. • The maximum number of A[...]

  • Page 511

    A CCES S C ONTROL L IST C OMMANDS 4-115 IP ACL, Egre ss IP ACL, In gress MAC ACL or Egress MAC ACL) , but a mask can b e bound to up to four ACLs of the same typ e. IP ACL s Comman d Grou ps Function Page IP ACLs Configures ACLs ba sed on IP addre sses, TCP/UD P port number, prot ocol type, and TCP control code 3-1 1 5 MAC ACLs Config ures ACLs bas[...]

  • Page 512

    C OMMAND L IN E I NTE RF AC E 4-116 access-list i p This command adds an IP access list and enters con figuration mod e for stand ard or ex tended I P A CLs. Use the no for m to remove the specified AC L . Syntax [ no ] access-lis t ip { standard | extended } acl_name • standard – Specifies an A CL that filte rs packets based on the source IP a[...]

  • Page 513

    A CCES S C ONTROL L IST C OMMANDS 4-117 •T o r e m o v e a r u l e , u s e t h e no permit or no deny command followed by the ex act text of a previousl y configured rule. • An ACL can cont ain up to 32 rules. Example Related Commands per mit, den y 3-117 ip access-group (3-127) show ip access-list (3-121 ) permi t , deny (Standard ACL) This co[...]

  • Page 514

    C OMMAND L IN E I NTE RF AC E 4-118 to indi cate “m atch” and 0 bits t o indica te “igno re.” The bitmas k is bitwi se ANDed with the s pecified s ource IP address , and the n compar ed with t he addres s for each IP packet entering the po rt(s) t o which this AC L has b een ass igned. Example This example c onfigures one permit r ule for t[...]

  • Page 515

    A CCES S C ONTROL L IST C OMMANDS 4-119 • protoc ol-numbe r – A specific protocol number . (Range : 0-255) • source – Source IP ad dress. • destination – Destination I P address. • address-bitmask – D ecimal number repr esenti ng the ad dress bit s to match. • host – Keyword followed by a specific IP address. •p r e c e d e n [...]

  • Page 516

    C OMMAND L IN E I NTE RF AC E 4-120 • The co ntrol-c ode bitm ask is a decima l number ( represe nting an equivalent bit mask) that is applie d to the cont rol code. Enter a dec imal number , where the equival ent binar y bit “1” me ans to match a bi t and “0” mean s to igno re a bit. The follow ing bits may be sp ecified : -1 ( f i n ) ?[...]

  • Page 517

    A CCES S C ONTROL L IST C OMMANDS 4-121 This per mits all TCP pack ets from class C addresses 192.168.1.0 with the TCP co nt rol co de s et to “S YN . ” Related Commands access-list ip (3-116) show ip access-list This comm and displays the r ules for configured IP A CL s . Syntax show i p access-list { standard | extended } [ acl_name ] • sta[...]

  • Page 518

    C OMMAND L IN E I NTE RF AC E 4-122 Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ing ress mask f or ingr ess ACL s. • out – Egress mas k for egress ACLs. Default Setting Defaul t system mask: Filte r inbound pac kets ac cordin g to specifi ed IP AC L s. Command Mode Global Configura tion Command Usage • A mask can only[...]

  • Page 519

    A CCES S C ONTROL L IST C OMMANDS 4-123 Syntax [ no ] ma sk [ protoc ol ] { any | host | sourc e-bitmask } { any | host | dest in atio n-b it mas k } [ precedence ] [ tos ] [ dscp ] [ source-por t [ por t-bitmask ]] [ destination-por t [ por t-bitmask] ] [ control-f la g [ flag-bi tmask ]] • proto col – Check t he prot ocol f ield . • any –[...]

  • Page 520

    C OMMAND L IN E I NTE RF AC E 4-124 • First cre ate the required A CLs and in gress or e gress mas ks before mapping an ACL to an interface. •I f y o u e n t e r dscp , you c annot e nter tos or precedence . You can enter both tos and precedence with out dscp . • Masks tha t include an entry fo r a Layer 4 p rotocol s ource po rt or desti nat[...]

  • Page 521

    A CCES S C ONTROL L IST C OMMANDS 4-125 This shows ho w to cr eate a standard A CL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others . This sho ws how to cr eate an exten ded A CL with an egress mask t o drop packe ts leaving netw ork 171.69.198.0 when the Layer 4 sourc e port is 23. Console(config)#[...]

  • Page 522

    C OMMAND L IN E I NTE RF AC E 4-126 This is a mor e compre hensi ve ex ample . It d enies any TCP pac kets i n which the S YN bit is ON , and p er mi ts all ot her packets. It then set s the ing res s mask to che ck the deny r ule f irst, an d finally bind s por t 1 t o this A CL. Note that o nce th e A CL is bou nd to a n int erface (i.e ., the A [...]

  • Page 523

    A CCES S C ONTROL L IST C OMMANDS 4-127 Command Mode Pri vileged Ex ec Example Related Commands mask (IP A CL) (3-122) ip access-gro up This command bind s a port to an IP A CL. Use the no fo r m t o r e mo ve t he por t. Syntax [ no ] ip access-group acl_name { in | out } • acl_na me – Name of the ACL. (Maximum le ngth: 1 6 characte rs) • in[...]

  • Page 524

    C OMMAND L IN E I NTE RF AC E 4-128 Example Related Commands show ip access-list (3-121 ) show ip access-grou p This co mmand shows th e ports assign ed to IP ACLs. Command Mode Pri vileged Ex ec Example Related Commands ip access-group (3-127) map access-list ip This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule. The specif[...]

  • Page 525

    A CCES S C ONTROL L IST C OMMANDS 4-129 Default Setting None Command Mode Inter face Con figurat ion (E ther net) Command Usage Command Usage • You must co nfigur e an ACL mask be fore you ca n map Co S value s to the ru le. • A packet ma tching a rule within the specified ACL is mapped to one of the outp ut qu eues as sho wn in the fo llowing [...]

  • Page 526

    C OMMAND L IN E I NTE RF AC E 4-130 • ethernet unit / port - unit - This is device 1. - port - Port number. Command Mode Pri vileged Ex ec Example Related Commands map access-list ip (3-128) match access-list ip This command cha nges the IEEE 802.1p prior ity , IP Preceden ce, or DSCP Pri ority of a frame matc hing the defi ned A CL r ule . (This[...]

  • Page 527

    A CCES S C ONTROL L IST C OMMANDS 4-131 Command Mode Inter face Con figurat ion (E ther net) Command Usage • You must con figure an A CL mask b efore you can change fram e priori ties ba sed on an AC L rule . • Traffic priorities may be included in the IEEE 802.1p priority tag. This tag is also incor porated as part of the overall IEE E 802.1Q [...]

  • Page 528

    C OMMAND L IN E I NTE RF AC E 4-132 Example Related Commands match access-list ip (3-130) Console#show marking Interface ethernet 1/12 match access-list IP bill set DSCP 0 match access-list MAC a set priority 0 Console#[...]

  • Page 529

    A CCES S C ONTROL L IST C OMMANDS 4-133 MAC AC Ls access-list mac This command adds a MA C access list and ente rs MA C A CL configur ation mode. Use the no for m to remov e the specified A CL. Syntax [ no ] access-list mac ac l_ name Comman d Func tion Mode Pag e access-lis t mac C reates a MAC ACL and enters co nfiguration mode GC 3-13 3 permit, [...]

  • Page 530

    C OMMAND L IN E I NTE RF AC E 4-134 acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configura tion Command Usage • An egr ess ACL mus t cont ain all den y rules . • Whe n you c reate a new A CL or enter con figura tion mode fo r an existi ng ACL, use the permit or deny co mmand to add new r[...]

  • Page 531

    A CCES S C ONTROL L IST C OMMANDS 4-135 [ vid vid vid-bitmask ] [ ether type pr otocol [ pr otocol - bitmask ]] Note: - The default is for Ethern et II packet s. [ no ] { per mi t | deny } tagg ed- eth2 { any | host sour c e | source address-bitmask } { any | host destination | destinatio n address-bitmask } [ vid vid vid-bitmask ] [ ether type pr [...]

  • Page 532

    C OMMAND L IN E I NTE RF AC E 4-136 Default Setting None Command Mode MA C A CL Command Usage • New rules are added to the en d of the lis t. •T h e ethertype option can on ly be used to filter Ethe rnet II f ormatted packets. • A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more c ommon t ypes in clude t[...]

  • Page 533

    A CCES S C ONTROL L IST C OMMANDS 4-137 Example Related Commands per mit, den y 3-134 mac access-group (3-142) access-list mac mask -precedence This comma nd cha nges to M AC Mask m ode used t o configur e access control m asks . Use th e no form to del ete the mask tabl e. Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ing re[...]

  • Page 534

    C OMMAND L IN E I NTE RF AC E 4-138 Example Related Commands mask (MA C A CL) (3-138) mac access-group (3-142) mask (MAC ACL) Th is comman d define s a mask fo r MAC ACLs . This ma sk defin es the fiel ds to che ck in th e packe t head er. Use the no for m to remove a mask. Syntax [ no ] ma sk [ pktfor mat ] { any | host | sourc e-bitmask } { any |[...]

  • Page 535

    A CCES S C ONTROL L IST C OMMANDS 4-139 Command Usage • Up t o seven mas ks can be assig ned to an in gress o r egre ss ACL. • Packets cross ing a port are checked agains t all the rules in the A CL until a match is found. The order in whic h these packets are checked i s dete rmined by the mas k, and not the o rder in which the ACL r ules were[...]

  • Page 536

    C OMMAND L IN E I NTE RF AC E 4-140 Example This examp le sho ws how to cr eate an Ingress MA C A CL and bin d it to a port. You can then see th at the o rder of the rules have been changed by the mas k. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-f[...]

  • Page 537

    A CCES S C ONTROL L IST C OMMANDS 4-141 This exampl e creates an Egress MA C AC L. show access-list mac mask-pr ecedence This c ommand shows the ing ress or e g ress r ule masks f or MA C A CLs. Syntax show access-li st mac mask-precedence [ in | out ] • in – Ingr ess mask preceden ce for in gress A CLs. • out – Egress ma sk prece dence for[...]

  • Page 538

    C OMMAND L IN E I NTE RF AC E 4-142 Related Commands mask (MA C A CL) (3-138) mac access-group Th is comm and bi nds a po rt to a MAC A C L. Use the no for m to remove the po rt . Syntax mac access-group ac l_na me { in | out } • acl_na me – Name of the ACL. (Maximum le ngth: 1 6 characte rs) • in – Indicate s that this list applies to ingr[...]

  • Page 539

    A CCES S C ONTROL L IST C OMMANDS 4-143 show mac access-gro up This co mmand shows th e ports assign ed to MA C ACLs. Command Mode Pri vileged Ex ec Example Related Commands mac access-group (3-142) map access-list mac This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule. The specifie d CoS v alue is only used to map the matc [...]

  • Page 540

    C OMMAND L IN E I NTE RF AC E 4-144 the out put queues a s show n below. Example Related Commands queue cos -map (3-81) show map access-list mac (3-144) show map access-list mac This command show s the Co S val ue mapped t o a MA C ACL for the current inter face. (The CoS val ue deter mines t he output queue for pack ets matching an A CL r ule.) Sy[...]

  • Page 541

    A CCES S C ONTROL L IST C OMMANDS 4-145 Related Commands map access-list mac (3-143) match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching th e def ined ACL ru le. (Th is featu re is com monly refer re d to as A CL pack et marking .) Use the no for m to remo ve t he A CL mark er . Syntax match access-list m[...]

  • Page 542

    C OMMAND L IN E I NTE RF AC E 4-146 ACL Informatio n show access-list This command shows all ACLs and associated r ules, as well as all the user -defined m asks . Command Mode Pri vileged Ex ec Command Usage Once th e A CL is bo und t o an inter face (i. e., the ACL is activ e), the order i n whic h the rules are di spla yed is de ter mined b y the[...]

  • Page 543

    SNMP C OMMANDS 4-147 Command Mode Pri vileged Ex ecuti ve Example SNMP Commands Controls access to this switch from manag ement stations using the Simple Netw ork Management Pr otoc ol (SNM P), as we ll as th e er ror typ es sent t o trap manag e rs . snmp-server community This comma nd defines th e comm unity acce ss str ing for the Simple Network[...]

  • Page 544

    C OMMAND L IN E I NTE RF AC E 4-148 Syntax snmp-ser ver community str ing [ ro | rw ] no snmp-ser ver community string • string - Co mmuni ty stri ng th at acts like a p asswor d and p erm its acc ess to th e SNMP p rotocol . (Max imum le ngth: 32 charac ters, c ase sensitive ; Maximu m number of stri ngs: 5) • ro - Specifie s read-only access.[...]

  • Page 545

    SNMP C OMMANDS 4-149 Syntax snmp-ser ver contact str ing no snmp-ser ver contact string - String that describe s the syste m contact in for mation . (Maximum length: 255 char acters) Default Setting None Command Mode Global Configura tion Example Related Commands snmp-server locatio n (3-149) snmp-server loc ation This comman d sets the sys tem loc[...]

  • Page 546

    C OMMAND L IN E I NTE RF AC E 4-150 Example Related Commands snmp-ser ver contact (3-148) snmp-server host This co mmand sp ecifies the rec ipient of a Si mple Ne tw ork Ma nagement Protoc ol noti fication operat ion. Use the no form to remov e the specified host. Syntax snmp-server host host -addr community-string [ ve r s i on { 1 | 2c }] no snmp[...]

  • Page 547

    SNMP C OMMANDS 4-151 are se nt. In orde r to co nfigure the sw itch to send SNMP notifica tions, you mus t enter at least on e snmp-serve r host com mand. In or der to enable multiple ho sts, you must issue a sep arate snmp-s erver host command for each host. •T h e snmp-ser ver host comma nd is u sed in conju nct ion with the snmp-server enable [...]

  • Page 548

    C OMMAND L IN E I NTE RF AC E 4-152 Default Setting Issue aut hent icati on an d li nk-up- down tr aps. Command Mode Global Configura tion Command Usage • If you do not ente r an snmp-server enable traps command , no notificat ions controlled by this command a re sent. In order to configu re this d evice to send S NMP notific ations , you mus t e[...]

  • Page 549

    SNMP C OMMANDS 4-153 are allo wed SNMP access t o the swit ch. • subnet_m ask - An ad dress bitmask of d ecimal numbe rs tha t repr esent the a ddre ss b its t o matc h. Default Setting None Command Mode Global Configura tion Command Usage • You can create a list of up to 16 IP addresses or IP addres s groups that are allow ed access t o the sw[...]

  • Page 550

    C OMMAND L IN E I NTE RF AC E 4-154 show snmp This comma nd che cks th e status of SNMP com munica tions . Default Setting None Command Mode Nor m al Exec , Privileg ed Exec Command Usage This c ommand provides infor mation on the community acces s strings, count er infor matio n for SN MP inp ut and outpu t protoc ol da ta un its, and wh ether or [...]

  • Page 551

    DHCP C OMMANDS 4-155 DHCP Commands These commands are used to configure Dynami c Host Configura tion Protoc ol (DHCP) client , relay , and server fun ctions . Y ou can confi gure any VLAN int erface to be automatical ly assig ned an IP addr ess via DHCP . This s witch can be configured to relay DHCP client configuration requests to a DHCP s er ver [...]

  • Page 552

    C OMMAND L IN E I NTE RF AC E 4-156 • hex - The hexa decimal value . Default Setting None Command Mode Interf ace Conf igurati on (VLA N) Command Usage This c ommand is used to include a client id entifier in all comm unicati ons wit h the DH CP server . T he ide ntifier typ e depends on the requ iremen ts of y our DHCP ser ver . Example Related [...]

  • Page 553

    DHCP C OMMANDS 4-157 • I f t h e B O O T P o r D H C P s e r v e r h a s b e e n m o v e d t o a d i f f e r e n t d o m a i n , the netw ork portion o f the add ress pro vided to th e client w ill be base d on this ne w domain. Example In the fo llow ing examp le, th e device i s reassigne d the sa me address . Related Commands ip address (3-116[...]

  • Page 554

    C OMMAND L IN E I NTE RF AC E 4-158 Command Mode Interf ace Conf igurati on (VLA N) Command Usage This c ommand is used to configure DHCP re lay functions for host devices attached to the switch. If DHCP relay ser vice is enabled , and this switch sees a DHCP request broadcast, it in sert s its own IP address into the request so the DH CP ser ver w[...]

  • Page 555

    DHCP C OMMANDS 4-159 Syntax ip dhcp relay ser ver address1 [ address2 [ addr ess3 ... ]] no ip dhcp relay ser v er address - IP addres s of DHCP server . (Range : 1-3 addresses) Default Setting None Command Mode Interf ace Conf igurati on (VLA N) Usage Guidelines • You must sp ecify the I P address for at least one DHCP serve r. Otherwise, th e s[...]

  • Page 556

    C OMMAND L IN E I NTE RF AC E 4-160 DHCP Server Command Funct ion Mod e Page service dh cp En ables the DHCP serve r feature on this swi tch GC 3-16 1 ip dhcp excluded -addre ss Specifie s IP addre sses that a DHC P server shou ld not assign t o DHCP client s GC 3-16 1 ip dhcp pool Confi gures a DHCP address pool on a D HCP Server G C 3 -16 2 netwo[...]

  • Page 557

    DHCP C OMMANDS 4-161 service dhcp Use this command to enabl e the DHCP server on this sw itch. Use the no for m to disable the DHCP s er ver. Syntax ser vice dhcp no ser vice dhcp Default Setting Enabl ed Command Mode Global Configura tion Example ip dhcp excluded -address Use this command to speci fy IP addre sses th at the DHCP ser ver should not[...]

  • Page 558

    C OMMAND L IN E I NTE RF AC E 4-162 • high-address - The last I P address in a n excluded address range . Default Setting All IP po ol addr ess es may be assig ned. Command Mode Global Configura tion Example ip dh cp p ool Use this command to confi gure a DHCP a ddress poo l and enter D HCP P o ol Co nfigura tion mo de. Use the no for m to remov [...]

  • Page 559

    DHCP C OMMANDS 4-163 within the ra nge of a c onfi gured ne twor k addr ess pool . Example Related Commands network (3-163) host (3-170) netw ork Use this command to co nfigur e the subnet n umber and mask for a DHCP addres s pool. Use the no for m to remov e the subnet number a nd mask. Syntax network networ k-number [ mask ] no network • netwo [...]

  • Page 560

    C OMMAND L IN E I NTE RF AC E 4-164 • This co mmand is valid for DHCP netw ork addr ess pool s onl y. If th e mask is no t specifie d, the class A , B, or C natural mask is used (see page 3-276). The DHCP server assume s that all host addresses are availabl e. You c an exclud e subset s of th e addr ess spa ce by usin g the i p dhcp excluded-addr[...]

  • Page 561

    DHCP C OMMANDS 4-165 domain-name Use this c ommand t o specify th e domain name for a D HCP client. Use the no form t o remo ve the domain name . Syntax domain-name dom ai n no domain-name domain - S pecifies the domain name of the client. (Range: 1-32 characters) Default Setting None Command Mode DHCP Pool Configuration Example dns-server Use this[...]

  • Page 562

    C OMMAND L IN E I NTE RF AC E 4-166 Command Mode DHCP P ool Configur ation Usage Guidelines • If DNS IP s ervers are not con figured fo r a DHCP clie nt, th e client canno t corre late h ost name s to IP a ddre sses . • Servers are listed in order o f preferenc e (star ting wit h address1 as the most pr eferred server). Example next-se rve r Us[...]

  • Page 563

    DHCP C OMMANDS 4-167 bootfile Use this command to speci fy the na me of the d efault boo t image for a DH CP cl ien t. This file should placed on the T rivial File T ransfer Protoc ol (TFTP) ser ver s pecifie d with th e next -ser ver c ommand. Use the no form to dele te th e boot i mage name . Syntax bootfile filename no bootfile filename - Name o[...]

  • Page 564

    C OMMAND L IN E I NTE RF AC E 4-168 • address2 - Speci fies IP add ress of a lternate NetBIOS WI NS name serv er. Default Setting None Command Mode DHCP P ool Configur ation Usage Guidelines Servers are l isted i n order of preferen ce (st ar ting w ith address1 as the most pr eferred server). Example Related Commands netbios-node-type (3-168) ne[...]

  • Page 565

    DHCP C OMMANDS 4-169 Command Mode DHCP P ool Configur ation Example Related Commands netbios-name-ser ver (3-167) Console(config-dhcp)#netbios-node-type hy brid Console(config-dhcp)#[...]

  • Page 566

    C OMMAND L IN E I NTE RF AC E 4-170 lease Use this co mmand to confi gure the durat ion that an IP address is assigned to a DHCP cl ient. Use th e no for m to restore the defa ult value . Syntax leas e { days [ hours ][ minutes ] | infinite } no lease • days - Specifies the duration of the lease in num bers of days. (Range: 0-364) • hours - Spe[...]

  • Page 567

    DHCP C OMMANDS 4-171 Syntax host address [ mask ] no host • address - Specifies the IP addr ess of a c lient. • mask - Specifies the network mask of the cl ient. Default Setting None Command Mode DHCP P ool Configur ation[...]

  • Page 568

    C OMMAND L IN E I NTE RF AC E 4-172 Usage Guidelines • Host addresses must fall within the range specified for an existing network po ol. • When a cl ient requ est is r eceived, the switch fi rst checks for a n etwork address pool mat ching the gate way where t he request origin ated (i.e ., if the requ est was for warded by a relay s erver). I[...]

  • Page 569

    DHCP C OMMANDS 4-173 Syntax client-identifier { text te xt | hex he x } no client-identifier • text - A text s tri ng. ( Range: 1-15 chara cters) • hex - The hexa decimal value . Default Setting None Command Mode DHCP P ool Configur ation Command Usage • This c ommand i dentifies a DHCP cl ient t o bind to an a ddress s pecified in the host c[...]

  • Page 570

    C OMMAND L IN E I NTE RF AC E 4-174 Syntax hardware-address ha rdware-address type no hardware-address • hardware-address - Speci fies the M AC address o f the clien t device. • type - Indica tes th e followin g protoco l used on the client device: -e t h e r n e t - ieee802 -f d d i Default Setting If no typ e is sp ecified , the d efault prot[...]

  • Page 571

    DHCP C OMMANDS 4-175 • address - The add ress of t he bindi ng to clear. • * - Clears all automatic binding s. Default Setting None Command Mode Pri vileged Ex ec Usage Guidelines •A n address specifies the client’s IP address. I f an asterisk (*) is used as the add ress para meter, th e DHCP serve r clears all auto matic bin dings. •U s [...]

  • Page 572

    C OMMAND L IN E I NTE RF AC E 4-176 Command Mode Nor m al Exec , Privileg ed Exec Example. DNS Commands These commands are used to configure Dom ain Naming System (DN S) ser vices. Y ou can manually configure entries in the DNS domain name to IP ad dres s map ping ta ble, co nfigur e de fault domain nam es, or spec ify on e or more name s er vers t[...]

  • Page 573

    DNS C OMMANDS 4-177 ip host This comma nd creates a stat ic entry in the D NS table that ma ps a host name to an I P address . Use the no form to remov e an entry . Syntax [ no ] ip ho st name address1 [ a ddr ess2 … address8 ] •n a m e - Name of the hos t. (Range: 1-64 charact ers) • address1 - Correspo nding I P address. • address2 … ad[...]

  • Page 574

    C OMMAND L IN E I NTE RF AC E 4-178 Example This example maps tw o addre ss to a host n ame. clear host This c ommand delete s entries from the DNS table. Syntax clear host { name | * } •n a m e - Name of the hos t. (Range: 1-64 charact ers) • * - Rem oves a ll entrie s. Default Setting None Command Mode Pri vileged Ex ec Example This exampl e [...]

  • Page 575

    DNS C OMMANDS 4-179 with dott ed nota tion). Use the no for m to remo ve th e current domain name. Syntax ip doma in-nam e name no ip doma in-name name - Name of th e host. Do not include the initial dot that separates the hos t name fr om the domain name. (Range : 1-64 character s) Default Setting None Command Mode Global Configura tion Example Re[...]

  • Page 576

    C OMMAND L IN E I NTE RF AC E 4-180 Syntax [ no ] ip do main- list name name - Name of th e host. Do not include the initial dot that separates the hos t name fr om the domain name. (Range: 1-64 c haracters) Default Setting None Command Mode Global Configura tion Command Usage • Doma in nam es are add ed to the e nd of the lis t one at a time. ?[...]

  • Page 577

    DNS C OMMANDS 4-181 Related Commands ip domain-name (3-178) ip name-server This comman d specifies the addres s of one or mor e domain nam e ser ve rs to us e fo r na me- to-a dd ress res olu tio n. Us e th e no for m t o rem ove a nam e ser ver from this list . Syntax [ no ] ip name -ser ve r ser ver-addr e ss1 [ se r ve r-addr e ss2 … server-ad[...]

  • Page 578

    C OMMAND L IN E I NTE RF AC E 4-182 Example This examp le adds tw o domain -name se r vers t o the li st and t hen disp lays the list. Related Commands ip domain-name (3-178) ip domain-lookup (3-182) ip domain- lookup This command enables DNS host name-to-ad dress translat ion. Use the no for m to dis able DNS. Syntax [ no ] ip do main- looku p Def[...]

  • Page 579

    DNS C OMMANDS 4-183 Example This examp le enable s DNS and then dis play s the confi guratio n. Related Commands ip domain-name (3-178) ip name-ser ver (3-181) show host s This c ommand displays the static host name-to-ad dress mapping t able. Command Mode Pri vileged Ex ec Example Note that a host na me will be displayed as an alias if it is mappe[...]

  • Page 580

    C OMMAND L IN E I NTE RF AC E 4-184 show dn s This comm and displays the configuration of th e DNS ser ver . Command Mode Pri vileged Ex ec Example show dns cache This comma nd displ ays en tries i n the DN S cache . Command Mode Pri vileged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name[...]

  • Page 581

    DNS C OMMANDS 4-185 clear dns cache This comm and clears all entries in t he DNS cache. Command Mode Pri vileged Ex ec Example FLAG The flag is alwa ys “4” indicatin g a cache entry and theref ore unreliable. TYPE This field inc ludes CNAME which specifies the canonical or pri mary name for the owner, and AL IAS which specifie s multiple domain[...]

  • Page 582

    C OMMAND L IN E I NTE RF AC E 4-186[...]

  • Page 583

    I NTERFACE C OMMANDS -1 Interface Commands These comman ds are us ed to d ispla y or set co mmuni cation paramet ers for an Ethernet port, a g g reg ated li nk, or VLAN . interface This comma nd config ures an int erface ty pe and enter inte rface config urati on mod e. Use the no for m to remo ve a tr unk. Command Function Mode P age interface Con[...]

  • Page 584

    -2 Syntax interf ace interface no interface port-channel chann el-i d interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Default Setting None Command Mode Global Configur ation Example T o specify p ort 4, enter the fo llowi ng command : desc[...]

  • Page 585

    I NTERFACE C OMMANDS -3 Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Example The follo wing exam ple adds a descrip tion to port 4. speed-du plex This command co nfigur es the speed an d duplex mod e of a gi v en interfa ce when a utone g otiat ion i s disa bled. Use the no for m to restore the default. Syntax speed-duplex { [...]

  • Page 586

    -4 Default Setting • Auto-ne got iation is enab led by d efau lt. • When aut o-negot iation is disa bled, the defaul t spe ed-duplex setti ng is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports. Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Channel ) Command Usage • To forc e operat ion to the speed an d duple[...]

  • Page 587

    I NTERFACE C OMMANDS -5 Default Setting Enabl ed Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • When auto-n egotiat ion is ena bled t he switch w ill negotiat e the b est setting s for a li nk based on the capabilities command. When auto-ne gotiatio n is disab led, yo u must manually specify the link attribu t[...]

  • Page 588

    -6 • 10full - Supports 10 Mbp s full-dup lex op erat ion • 10half - Suppo rts 10 M bps ha lf-d uple x opera tion • flowcontrol - Su pports f low con trol • symmetric (Gigabit o nly) - W hen specifie d, the po rt transmits and receives p ause frame s; when not s pecified, t he port w ill auto-ne gotiate t o determin e the sende r and receive[...]

  • Page 589

    I NTERFACE C OMMANDS -7 flo wc ont rol (3 -7 ) flowc ontr ol This command enables flo w control . Use th e no for m to disable flow contr ol. Syntax [ no ] fl o w c o n t ro l Default Setting Flow contr ol enabled Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • Flow c ontrol can eliminat e frame loss by “bloc[...]

  • Page 590

    -8 Example The follo wing example ena bles flow cont rol on port 5. Related Commands negotiati on (3-4) capabilities (f lowcontrol, symmetri c) (3-5) combo-forced-mode This command forces t he port type selected for comb ination p orts 8 - 12. Use the no form to restore the defaul t mode. Syntax combo-forced-mode mode no combo-forced-mode • mode [...]

  • Page 591

    I NTERFACE C OMMANDS -9 Example This forces t he switc h to use the bu ilt-in RJ-45 por t for the combination por t 8. shutdown This comman d disabl es an inter face . T o restart a disa bled in terface , use the no for m. Syntax [ no ] shutdown Default Setting All interfaces are enabled. Command Mode Interfac e Con figurat ion (Ethe rn et, Port Ch[...]

  • Page 592

    -10 Syntax swi tchpor t br oadcast packet-rate rate no switchpor t broadcast rate - Threshol d level as a rate; i.e., pac kets per sec ond. (Range: 500 - 262143) Default Setting Enabled for all por ts P acke t-rate limit: 500 packets per second Command Mode Interf ace Conf igurati on (Eth ernet) Command Usage • When broa dcast traffi c exceeds t [...]

  • Page 593

    I NTERFACE C OMMANDS -11 - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Ex ec Command Usage Statistics are only initializ ed for a power reset. This co mmand sets the base value for d isplayed statistic s to z ero for th e cur r ent man age ment session. Howev[...]

  • Page 594

    -12 Default Setting Shows the status for all in terfaces . Command Mode Nor m al Exec , Privileg ed Exec Command Usage If no interface is specified, in for mation o n all interfaces is d isplayed. F or a d escription o f the item s displa yed b y this co mmand, see “Displaying Conn ection Statu s” on pag e 3 -89. Example Console#show interfaces[...]

  • Page 595

    I NTERFACE C OMMANDS -13 show interfaces counters This comm and displays interface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting Shows the counters for all interfaces. Command Mode Nor m al Exec ,[...]

  • Page 596

    -14 Example show interfaces switch port This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Console#show interfaces counters ether[...]

  • Page 597

    I NTERFACE C OMMANDS -15 Default Setting Shows all inte rfaces. Command Mode Nor m al Exec , Privileg ed Exec Command Usage If no interface is specified, in for mation o n all interfaces is d isplayed. Example This exampl e shows the confi guration s etting for port 4. Console#show interfaces switchport ethern et 1/4 Broadcast threshold: Enabled, 5[...]

  • Page 598

    -16 Mirror Port Commands Th is sectio n desc ribe s how to mir r or traff ic fr om a sour ce por t to a targ et por t. port monitor This command con figures a mirror sessi on. Use the no form to clear a mir ror se ssion. Syntax por t monitor interface [ rx | tx | both ] no por t monitor interface • interface - ethernet unit / port (source por t) [...]

  • Page 599

    M IR R OR P ORT C OMMANDS -17 Default Setting No mirror ses sion is de fined. When enabled, the defa ult mirroring is for both r eceiv ed and trans mitted pac kets . Command Mode Interfac e Con figurat ion (Ethe rn et, de stinatio n por t) Command Usage • You can m irror traffic fr om any sou rce port to a des tination port for real-tim e analysi[...]

  • Page 600

    -18 Default Setting Sho ws all session s . Command Mode Pri vileged Ex ec Command Usage This comman d displ ays th e currently confi gured so urce port, destinat ion po rt, and mir ror mode (i.e., RX, TX , RX/TX). Example The foll owin g sho ws mirrorin g confi gured fro m port 6 to port 11: Rate Limit Commands This f unctio n allows the ne twork m[...]

  • Page 601

    R ATE L IMIT C OMMANDS -19 by the hard ware to verify confo r mi ty . No n-conf or min g traff ic is dr opped , confo r ming traff ic is fo rwarde d with out any cha ng es. rate-limit This comm and defines the rate limit for a specific interface. Use this command without specifyi ng a rate t o restore the defaul t rate . Use the no for m to restore[...]

  • Page 602

    -20 Link Aggregation Comman ds P o rt s can be st atically gr ouped into an ag g reg ate link (i.e., tr unk) to incre ase the bandw idth of a network c onnec tion or to ensur e faul t recover y . Or you can use the Link Ag g reg ation C ontrol P rotoc ol (LACP) to automatic ally ne go tiate a t r unk link betwee n this sw itch and anot her network [...]

  • Page 603

    L INK A GG RE G AT I O N C OMMANDS -21 • A trunk can have up to eight ports. • The po rts at both ends of a co nnectio n must be configured as trun k ports. • All ports in a trunk must be configure d in an identical manner, including communicatio n mode (i.e., sp eed, duplex mode and flow control) , VLAN assi gnments , and CoS se ttings. • [...]

  • Page 604

    -22 Default Setting Th e cur r ent por t will be a dded to th is tr unk. Command Mode Interf ace Conf igurati on (Eth ernet) Command Usage • When con figuring static trunks , the switches must c omply with th e Cisco Ether Chann el standard. •U s e no channel-group to remove a po rt group from a trunk. •U s e no interfaces port-channel to rem[...]

  • Page 605

    L INK A GG RE G AT I O N C OMMANDS -23 Command Usage • Th e p or t s o n b ot h e n d s o f a n L A C P t ru n k m u s t b e co n f i g u re d f o r f u ll duple x, either by for ced mo de or aut o-negot iation . • A trunk formed with another sw itch using LACP wil l automatically be assign ed the n ext avail able po rt-chann el ID. • If the [...]

  • Page 606

    -24 lacp system -priority This comman d configure s a port's LA CP system priori ty . Use the no form to rest ore t he defaul t sett ing . Syntax lacp { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The local side an a ggregate link. • partner - The remote s ide of an aggregat e link. ?[...]

  • Page 607

    L INK A GG RE G AT I O N C OMMANDS -25 state, and will only take effect the next time an aggre gate link is establish ed w ith the pa rtner. Example lacp admin-key (Ethernet Interface) Th is comman d conf igure s a por t's L A CP admi nistrat ion key . U se th e no for m to restore the default se tting. Syntax lacp { actor | par tner } admin-k[...]

  • Page 608

    -26 • Once th e remote sid e of a link ha s been estab lished, LACP opera tional settings are already in use on t hat side. Config uring LACP settings for the partn er only appl ys to its admin istrat ive state , not its oper ationa l state, and will only take effect the next time an aggre gate link is establish ed w ith the pa rtner. Example lac[...]

  • Page 609

    L INK A GG RE G AT I O N C OMMANDS -27 that when the LAG is n o longer us ed, the po rt channel admin ke y is reset to 0. Example lacp p ort -prio rity This command c onfigu res LA CP port priority . Use the no for m t o r est ore the de fault set ting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-pri[...]

  • Page 610

    -28 state, and will only take effect the next time an aggre gate link is establish ed w ith the pa rtner. Example show lacp This c ommand displays LA CP infor mati on. Syntax show lacp [ port-channel ] { counter s | internal | neighbors | sys-id } • port-channe l - Local identifier for a link aggregation group. (Range: 1-6) • counters - Sta tis[...]

  • Page 611

    L INK A GG RE G AT I O N C OMMANDS -29 Example Console#show 1 lacp counters Channel group : 1 ----------------------------------------- -------------------------------- Eth 1/ 1 ----------------------------------------- -------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts [...]

  • Page 612

    -30 Console#show 1 lacp internal Channel group : 1 ----------------------------------------- -------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ----------------------------------------- -------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin Key : 4 Oper Key : 4 Admin[...]

  • Page 613

    L INK A GG RE G AT I O N C OMMANDS -31 LACP Port Priority LACP port priority assigned to this interface within the channel group. Adm in S tat e, Oper S tate Administrative or opera tional values of t he actor’s stat e parameters: • Expired – The actor’s receive machine is in th e expire d state; • Defaulted – The acto r’s receive mac[...]

  • Page 614

    -32 Console#show 1 lacp neighbors Channel group 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 ----------------------------------------- -------------------------------- Partner Admin System ID : 32768, 00-00- 00-00-00-00 Partner Oper System ID : 32768, 00-00-0 0-00-00-01 Partner Admin Port Number : 1[...]

  • Page 615

    A DDRESS T ABL E C OMMANDS -33 Addre ss T able Comma nds These comma nds are use d to con figure th e addre ss table for filte ring speci fied add resses , displa ying current entri es , clearing t he tabl e, o r sett ing the agin g time. Console#show lacp sysid Channel group System Priority Syste m MAC Address -------------------------------------[...]

  • Page 616

    -34 mac-address-table stat ic This c ommand maps a s tatic address to a de stination por t in a VLAN . Use the no for m to remo ve an address . Syntax mac-address-tabl e static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table sta tic mac-address vlan vlan-id • mac-address - MAC a ddress. • interface • ethernet uni[...]

  • Page 617

    A DDRESS T ABL E C OMMANDS -35 • Static ad dresses are bound to the assigned inte rface and will not be mov ed. When a stat ic address is seen on an other in terface, the address will be ignored and will not be writte n to the address table. • A static addre ss cannot be learned on another port until the address is removed w ith the no form of [...]

  • Page 618

    -36 - port - Port number. • port-channel chann el-id (Range: 1-6) • vlan -i d - VLAN ID (Range: 1-4094) • sort - Sort by address , vlan or interface. Default Setting None Command Mode Pri vileged Ex ec Command Usage • The MA C Addres s Table contai ns the MAC addr esses a ssoci ated with each int erface. Not e that th e Type field may incl [...]

  • Page 619

    A DDRESS T ABL E C OMMANDS -37 Syntax mac-address-tabl e a ging-time second s no mac-address-ta ble aging-time seconds - Aging time. (Range: 10-1000000 seconds; 0 to disable aging) Default Setting 300 seconds Command Mode Global Configura tion Command Usage The aging t ime is used to age out d ynamically lear ned forwarding infor mation . Example s[...]

  • Page 620

    -38 Spanni ng Tree Com man ds This secti on incl udes comma nds that config ure the Sp anning T ree Alg orith m (STA) globally for the switch, and com mands tha t configur e ST A for the selected in terface . Command Functi on Mode Page spanni ng-tree Enables the spa nning tree prot ocol GC 3-39 spanni ng-tree mode Configures STP, RSTP mode GC 3 -3[...]

  • Page 621

    S PANNING T REE C OMMANDS -39 spanning- tree This comma nd enabl es the Span ning T ree Algorithm glo bally for the switch. U se t he no for m to disable it. Syntax [ no ] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configura tion Command Usage The Spann ing T ree Algorithm (S T A) can be us ed to d etect an d disab [...]

  • Page 622

    -40 • stp - Spanning Tree Protocol (IEEE 802.1D) • rstp - Rapid Sp anning T ree Protoco l (IEEE 802.1w) Default Setting rstp Command Mode Global Configura tion Command Usage • Span ning Tre e Protocol Uses RSTP for the i nternal state machine, but sends only 802.1D BPDUs. - Th is creates o ne spann ing tree in stance for t he entire n etwork.[...]

  • Page 623

    S PANNING T REE C OMMANDS -41 spanning- tree forwar d-time This comm and configures the spann ing tree bridge forward time globally for this switch. Use the no for m to restore the default. Syntax spanning-tree for w ard- time sec onds no span ning-t ree forw ard-t ime seconds - T ime in seconds. (Range: 4 - 30 seconds) The minimum value i s the hi[...]

  • Page 624

    -42 spanning-tr ee hello-time This comm and configures the spanning tree bridge hello time globally for this sw itch. Use t he no for m to restore the defa ult. Syntax spanning-tree hello-ti me tim e no spanning-tree hello-time time - Time in seconds . (Range: 1-10 seconds). The maximum v alue is the lowe r of 10 or [(max-age / 2) -1]. Default Sett[...]

  • Page 625

    S PANNING T REE C OMMANDS -43 Default Setting 20 seconds Command Mode Global Configura tion Command Usage This command s ets the m aximu m time (in s econds) a device can w ait without receiving a co nfigura tion mess ag e befo re atte mpting to reconfi gure. All device p orts (ex cept for desi gnated po r ts) shoul d recei v e configur ation mes s[...]

  • Page 626

    -44 Command Mode Global Configura tion Command Usage Bridge prio rity is used in sele cting the root d evice, root por t, and designa ted por t. T he d evice wi th the h ighes t priorit y beco mes th e STA root devi ce. Howe ver , if all devices h av e the same priority , the device with the lo west MA C addr ess will then beco me the r oot device [...]

  • Page 627

    S PANNING T REE C OMMANDS -45 Example spanning-tree tr ansmission-limi t This comman d configur es the min imum i nter val betw een the tr ansmissi on of cons ecuti ve RST P BPDUs . Use the no fo r m to restore the defaul t. Syntax spanning-tree transmi ssion-limit count no spanning-tree transmission-limit count - The transmission limit in seconds.[...]

  • Page 628

    -46 Th is example disa bles the spa nning t ree alg orith m for por t 5. spanning-tree cost This comma nd config ures the sp anning tre e path co st for th e specifi ed interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 1- 200,000,000)) The recom mended [...]

  • Page 629

    S PANNING T REE C OMMANDS -47 the maximum value for path cost is 65,535. Example spanning- tree port-pr iority This command configures the priori ty for th e specified i nterface . Use th e no for m t o restor e the d efault. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority priority - The priority for a por t. (Range: 0-[...]

  • Page 630

    -48 spanning-tree edge-po rt This command specifies an inter face as an edge port. Use the no fo r m to restore the defau lt. Syntax [ no ] spanning-tree edge-por t Default Setting Disabled Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Channel ) Command Usage • You can enable this o ption if an int erface is atta ched to a LAN se gme[...]

  • Page 631

    S PANNING T REE C OMMANDS -49 spanning- tree portfa st This comma nd sets an interface t o fast forw arding . Use the no for m to disable fas t forwa rding . Syntax [ no ] spanning-tree por tfast Default Setting Disabled Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • This comm and is used to enable/disable the[...]

  • Page 632

    -50 spanning- tree link -type This command configures t he link type fo r Rapid Span ning T ree. Use the no for m t o restor e the d efault. Syntax spanning-tree link-type { auto | point-to-point | shar ed } no spanning-tree link-type • auto - Automatica lly derived from the du plex mode set ting. • point-to-point - Poi nt-to-point lin k. • s[...]

  • Page 633

    S PANNING T REE C OMMANDS -51 spanning-tree protocol-migration This com mand re-c hec ks the ap propri ate BPDU f or mat to se nd on t he sele cted inte rfac e. Syntax spanning-tree protocol -mig ration interfac e interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Command Mo[...]

  • Page 634

    -52 • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Ex ec Command Usage •U s e t h e show spanning-tree c o m m a n d w i t h n o p a r a m e t e r s t o d i s p l a y the sp anning tr ee config uration f or the s witch and for every [...]

  • Page 635

    S PANNING T REE C OMMANDS -53 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :0 Vlans configuration :1-4094 P[...]

  • Page 636

    -54 VLAN Commands A VLAN is a g rou p of por t s that ca n be locat ed any where in the network, but co mmunicat e as th ough they belong t o the s ame ph ysical s egment. This secti on descr ibes comm ands used to creat e VLAN groups , add port members , specify h ow VLA N tag ging is used, and en able auto matic VLAN reg istratio n for the s elec[...]

  • Page 637

    VLAN C OMMANDS -55 Command Mode Global Configura tion Command Usage • Use the VLAN d atabase command mod e to add, chan ge, and delete VLANs. After finis hing config uration c hanges, you c an disp lay th e VLAN settin gs by ente ring th e show v lan co mmand. •U s e t h e i nterface vlan command mode to define the port membership mode and a dd[...]

  • Page 638

    -56 - suspend - VLAN is susp ended . Suspen ded VL ANs do not pa ss packets. Default Setting By default only VL AN 1 exists and is active . Command Mode VLAN Da tabase C onfigur ation Command Usage • no vlan vlan -id deletes t he VL AN. • no vlan vlan -id name removes the VLAN name. • no vlan vl an- id stat e returns the VLAN to the de faul t[...]

  • Page 639

    VLAN C OMMANDS -57 Configuring V LAN Interfaces interface vlan This comma nd enters i nterfac e config ura tion mod e for VLANs , which is used to configur e VLAN par ameters for a ph ysical i nterface . Syntax interface vlan vlan- id vlan-id - ID of the configured VLAN . ( Range: 1-4094, no leading zero es) Default Setting None Command Mode Global[...]

  • Page 640

    -58 Example Th e following exampl e shows how to set the in terfa ce co nfigura tion mode to VLAN 1, an d then ass ign an IP add ress to the VLAN: Related Commands shutdown (3-9) switc hport mode This comma nd config ures the VL AN memb ership mode for a port. Use the no for m to restore th e default . Syntax swi tchpor t mode { tr unk | hyb ri d }[...]

  • Page 641

    VLAN C OMMANDS -59 Example Th e following shows how to set the con figurat ion mod e to p or t 1, an d then se t the s witchpor t mod e to hybrid: Related Commands switchport acce ptable-frame-types (3-5 9) switchport accep table-frame-typ es This comma nd config ures the accept able fra me type s for a po r t. Use t he no for m t o restor e the d [...]

  • Page 642

    -60 Example Th e followin g exa mple s hows how t o re strict the t raff ic rec eived on po rt 1 to t ag ged f ram es: Related Commands switchpor t mo de (3-58 ) switchpor t ingress-filter ing This c ommand enable s ing ress filt ering for an interfac e. Use t he no form to restore th e default. Syntax [ no ] sw itchpor t ing ress-filtering Default[...]

  • Page 643

    VLAN C OMMANDS -61 Example The follo wing example show s how t o set t he inter face to p ort 1 and then enable ing res s filtering: switch port na tive vlan This c ommand configure s the PV ID (i.e., default V LAN ID ) for a por t. Use the no for m to restore the defau lt. Syntax swi tchpor t native vlan vlan-i d no switchpor t nativ e v lan vlan-[...]

  • Page 644

    -62 Example Th e followin g exa mple s hows how t o set the P VID for po rt 1 to VLAN 3 : switc hpo rt al lowe d vla n This comma nd config ures VLAN groups on the selec ted inter face . Use the no for m to restore th e default . Syntax swi tchpor t allow ed vlan { add vl an -li st [ tagged | untagged ] | remov e vlan-l ist } no switchpor t allo we[...]

  • Page 645

    VLAN C OMMANDS -63 whethe r to keep or remove t he tag fr om a frame o n egress. • If none of the in termedia te netwo rk devices n or the h ost at the o ther end of th e connect ion suppo rts VLANs, the inter face sho uld be added to these VLANs as an untagg ed member. Oth erwise, it is only necessa ry to add at most one VLA N as untagg ed, and [...]

  • Page 646

    -64 Command Usage • This comman d preve nts a VLAN from being automa tically a dded to the speci fied inter face via G VRP. • If a VLAN has been added to the set of allowed VLANs fo r an interface, then you cannot add it to t he set of fo rbidden V LANs for that same interface . Example Th e following examp le shows how to pr event por t 1 from[...]

  • Page 647

    VLAN C OMMANDS -65 Default Setting Shows all VL ANs . Command Mode Nor m al Exec , Privileg ed Exec Example Th e following exam ple s hows how to di splay inf or m ati on for V LAN 1 : Configuring Protocol-based VLANs The ne tw ork devi ces r equired t o supp ort mult iple pr otoc ols canno t be easily g rouped into a common VLAN . This may require[...]

  • Page 648

    -66 T o config ure pr otocol- based V LANs , follo w the se steps: 1. Fir st config ure VLAN groups for the protoc ols y ou w ant to use (pa ge 3-55). Al thoug h not manda tory , we suggest config urin g a sepa rate VLAN fo r each major protoc ol r unning on you r network. Do not add por t members at th is time. 2. Cre ate a protoc ol g roup for ea[...]

  • Page 649

    VLAN C OMMANDS -67 rarp. Default Setting No proto col g ro ups ar e conf igu red. Command Mode Global Configura tion Example Th e following creat es prot ocol g roup 1, a nd spe cifies E ther net f rame s with IP and A RP prot ocol typ es: protocol -vlan p rotocol-g roup (Con figu ring Int erf ace s) Th is comm and map s a prot oco l g roup to a VL[...]

  • Page 650

    -68 Command Usage • When c reating a pr otocol -base d VLAN, on ly assi gn inter faces vi a this command. If you a ssign inter faces usi ng any of t he other V LAN commands (such as vlan on page 3-55), these in terfaces will admit traffic of any protocol type int o the a ssociate d VLAN. • Whe n a frame ente rs a port th at ha s been ass ign ed[...]

  • Page 651

    VLAN C OMMANDS -69 Command Mode Pri vileged Ex ec Example This s hows pr otocol group 1 conf igured f or IP o ver Ethernet: show inter faces protoco l-vlan p rotocol-g roup Th is comman d shows the mapp ing fro m prot ocol g ro ups t o VLANs f or the se lected i nterfaces . Syntax sho w int erfaces pr otocol -vlan p rotocol -group [ interface ] int[...]

  • Page 652

    -70 Example This sh ows that traffic entering P ort 1 that matches the sp ecifications for protocol g roup 1 will be mapp ed to VLAN 2: Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isolat ion betw een ports with in the as signed V LAN . This secti on descr ibes co mmands u sed to config ure pr ivate VlANs. pvlan This[...]

  • Page 653

    GVRP AND B RIDGE E XTENSION C OMMANDS -71 Command Usage • A pri vate VLAN provides port-bas ed securit y and i solation betw een ports within the VLAN. Data traffi c on the down link port s can only be forwarde d to, and from, th e uplink p ort. • Priva te VLANs and norm al VLANs can exi st simu ltaneous ly within the same sw itch. • Enteri n[...]

  • Page 654

    -72 as how to dis play defa ult conf igurati on s ettings f or the Bridg e Exte nsion MIB . bridge-e xt gvrp This c ommand enables GV RP globally for the switch. Use the no for m to disa ble it. Syntax [ no ] bridge-ext gvr p Default Setting Disabled Command Mode Global Configura tion Command Usage GVRP defines a way for switches to exchange VLAN i[...]

  • Page 655

    GVRP AND B RIDGE E XTENSION C OMMANDS -73 Example show bridg e-ext This command sh ows th e configur ation for bridge extensi on commands . Default Setting None Command Mode Pri vileged Ex ec Command Usage See “Displaying Basic VLAN Infor mation” on pag e 3-154 and “Displaying Bridg e Extension Cap abilities” on pag e 3-18 for a description[...]

  • Page 656

    -74 Default Setting Disabled Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Channel ) Example show gv rp configu ration This comm and shows if GVRP is enabl ed. Syntax show gvr p configuration [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Defau[...]

  • Page 657

    GVRP AND B RIDGE E XTENSION C OMMANDS -75 garp t ime r This comm and sets the values for the join, leav e and leaveall timers . Us e the no for m to re store the timers’ defau lt values . Syntax gar p timer { join | le ave | leavea ll } time r_value no gar p timer { join | lea v e | leavea ll } •{ jo in | leave | leav eal l } - Whi ch tim er to[...]

  • Page 658

    -76 success fully. Example Related Commands show gar p timer (3-76) show ga rp timer This comma nd sho ws th e GARP timer s for the selec ted inter face . Syntax show garp timer [ inte rfa ce ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting Sho ws all GAR[...]

  • Page 659

    P RIORITY C OMMANDS -77 Related Commands garp timer (3-75) Priority Commands The com mands describe d in this section all ow yo u to specify which data pack ets h ave g reater p recedence when traffi c is buffer ed in the sw itch d ue to co ng estion. T his s witch su ppor ts CoS w ith eight prior ity q ueues for each port. Data packets in a port?[...]

  • Page 660

    -78 for ea ch inte rface, th e re lative weight of ea ch queu e, and t he mapp ing of frame prio rity tags to the s witch’ s priorit y queue s . Priority Comm ands (Layer 2) switc hpo rt pri ori ty de fault This comma nd sets a p riority for inc oming un tag ged frames . Use the no for m to restore the default value. Syntax swi tchpor t priority [...]

  • Page 661

    P RIORITY C OMMANDS -79 def ault- pr ior ity -id - The prior ity numb er fo r untag g ed ing ress tr affic. The p riority is a number f rom 0 t o 7. Seven is t he high est prior ity . Default Setting The p riority is not se t, and t he defau lt value for unta g g ed frame s recei v ed on the i nterface is zero . Command Mode Interfac e Con figurat [...]

  • Page 662

    -80 queue mode This c ommand sets the que ue mode to strict prio rity or W e ighted R ound-R obin (WRR) for the class of service (CoS) prio rity queues . Use the no for m t o restor e the d efault value. Syntax queue mode { strict | wr r } no queue mode • strict - Services the egre ss queues in sequen tial ord er, trans mitting all tr affic in th[...]

  • Page 663

    P RIORITY C OMMANDS -81 queue ban dwidth This c ommand assigns weig hted round-r obin (W RR) weights to the eigh t class of service (CoS) priorit y queues . Use the no fo r m to restore the defau lt weigh ts. Syntax queue bandwidth weigh t1. ..wei ght4 no queue bandwidth weight1...weight4 - T he rat io of w eights fo r queues 0 - 3 determines the w[...]

  • Page 664

    -82 Syntax queue cos-map queue_ id [ cos1 ... co sn ] no queue cos-map • queue_ id - The ID of the p riority queu e. Ranges are 0 to 7, wh ere 7 is the high est prio rity queue. • cos1 .. cosn - The CoS values that are mapped to the queue ID. It is a space-s eparated l ist of n umbers. Th e CoS value is a numb er from 0 to 7, wher e 7 is the h [...]

  • Page 665

    P RIORITY C OMMANDS -83 Example Th e following examp le shows how to chan ge the Co S as signment s to a one- to-one ma pping: Related Commands show q ueue cos-m ap (3-84) show queue mode This comma nd sho ws th e current queue m ode. Default Setting None Command Mode Pri vileged Ex ec Example Console(config)#interface ethernet 1/1 Console(config-i[...]

  • Page 666

    -84 show queue ban dwidth This comma nd displa ys the weigh ted round- robin (WRR) bandwidt h allocatio n for the ei ght prio rity queu es. Default Setting None Command Mode Pri vileged Ex ec Example show queue cos-map This com mand sh ows the cla ss of se r vice pri ority map . Syntax show queue cos-map [ interface ] interface • ethernet unit / [...]

  • Page 667

    P RIORITY C OMMANDS -85 Default Setting None Command Mode Pri vileged Ex ec Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration) Use this command to enab le IP port map ping (i .e ., class o f service mapping for TC P/UDP sockets). Us e the no for m to disable I P port mapping . Syntax [ no ] map ip por t Console#show queue [...]

  • Page 668

    -86 Default Setting Disabled Command Mode Global Configura tion Command Usage Th e pr ece den ce fo r pri ori ty ma pping is I P Port, IP P rec eden ce o r IP DSCP , and default sw itchport prio rity . Example Th e following examp le shows how to enab le TCP/U DP por t mapping globally: Console(config)#map ip port Console(config)#[...]

  • Page 669

    P RIORITY C OMMANDS -87 map ip port (Int erface Conf iguration) Use this comma nd to set I P por t priorit y (i.e., TCP/UDP po rt priority). Use the no for m to remove a specific setting . Syntax map ip por t port-number cos cos-value no map ip por t port-number • port-number - 16-bit TCP/UDP port number. (Range: 0-65535) • cos-va lue - Class-o[...]

  • Page 670

    -88 map ip pre cedence (Global Configuration) This comma nd enabl es IP pr ecedence map ping (i.e ., IP T ype of Ser vice). Use the no form to disa ble IP precedenc e mappin g . Syntax [ no ] map ip precedence Default Setting Disabled Command Mode Global Configura tion Command Usage • The pr ecedence fo r priori ty mapp ing is IP Port, IP Precede[...]

  • Page 671

    P RIORITY C OMMANDS -89 Default Setting The l ist below shows th e default priority mappin g . Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • The pr ecedence fo r prio rity mapp ing is IP Port, I P Precedenc e or IP DSCP, an d default s witchpo rt prio rity. • IP Precede nce values are mapped to default C la[...]

  • Page 672

    -90 Command Mode Global Configura tion Command Usage • The pr ecedence fo r priori ty mapp ing is IP Port, IP Precedenc e or IP DSCP, an d default s witchpo rt prio rity. • IP Preced ence and IP DSCP cannot bo th be enabled. Enabli ng one o f these priority types will autom atically d isable the oth er type. Example Th e following examp le show[...]

  • Page 673

    P RIORITY C OMMANDS -91 Command Mode Interfac e Con figurat ion (Ethe rn et, Port Chan nel) Command Usage • The pr ecedence fo r prio rity mapp ing is IP Port, I P Precedenc e or IP DSCP, an d default s witchpo rt prio rity. • DSCP priority values are mapped to default Class of Service values according t o recommendations in the I EEE 802.1p st[...]

  • Page 674

    -92 Default Setting None Command Mode Pri vileged Ex ec Example Th e following shows tha t HTTP tr affic h as been mappe d to Co S value 0: Related Commands map ip por t ( Global Configuration ) (3-85) map i p port (Interf ace Conf iguratio n) ( 3-87) show map ip preceden ce This comma nd sho ws th e IP prece dence pri ority m ap . Syntax show map [...]

  • Page 675

    P RIORITY C OMMANDS -93 Command Mode Pri vileged Ex ec Example Related Commands map ip precedenc e (Global Configurat ion) (3-88) map ip p recedence (I nterface Co nfigurati on) (3-88) show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - This is device 1. -[...]

  • Page 676

    -94 Command Mode Pri vileged Ex ec Example Related Commands map ip dscp (G lobal Config uration) (3-89) map ip ds cp (Int erfac e Configu ratio n) ( 3-90) Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 0 0 Eth 1/ 1 1 0 Eth 1/ 1 2 0 Eth 1/ 1 3 0 . . . Eth 1/ 1 61 0 Eth 1/ 1 62 0 Eth 1/ 1[...]

  • Page 677

    M ULTICAST F ILTERING C OMMANDS -95 Mult icast Fi lteri ng Co mman ds Th is switch us es IGM P (In ter net Group Ma nag ement P rot ocol) to q uer y for any a ttac hed hosts that w ant to rece iv e a spec ific m ulticast ser vice . It ident ifies the ports cont aining ho sts requ esting a service and sends data out to those po rts only . It then pr[...]

  • Page 678

    -96 IGMP Snooping Commands ip igmp snoopi ng This c ommand en ables IGMP sn ooping on this switch. Us e the no form to dis able i t. Syntax [ no ] ip igmp snooping Default Setting Enabl ed Command Mode Global Configura tion Example The follo wing example enables IGMP sno oping . ip igmp sno oping vlan static This comm and adds a port to a multicast[...]

  • Page 679

    M ULTICAST F ILTERING C OMMANDS -97 Syntax [ no ] ip igmp snooping vlan vlan -id static ip-address interfac e • vlan -i d - VLAN ID (Range: 1-4094) • ip-address - IP address for multicast group • interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting None C[...]

  • Page 680

    -98 Default Setting IGMP V e rsion 2 Command Mode Global Configura tion Command Usage • All sy stems on the su bnet mus t support the sa me version . If t here are legacy devices in your network that only suppo rt Version 1, you will also have to configure this swit ch to use Version 1. • Some command s are only enabled for IGMPv2, including ip[...]

  • Page 681

    M ULTICAST F ILTERING C OMMANDS -99 Example Th e following shows the cur re nt IGMP s noopin g con figurat ion: show mac-address- table multicast This c ommand shows known multicast addresses. Syntax show mac-address-ta ble multicast [ vlan vlan-id ] [ user | igmp- snoopi ng ] • vlan -i d - VLAN ID (1 to 4094) • user - Display only the user-con[...]

  • Page 682

    -100 Example The following shows the multicast entries lear ned through IG MP snoopin g for VL AN 1: IGMP Query Co mmands (Layer 2) ip igmp snooping querier This command enables the switc h as an IGMP queri er . Use th e no form t o disa ble it. Syntax [ no ] ip igmp snooping querier Default Setting Enabl ed Command Mode Global Configura tion Conso[...]

  • Page 683

    M ULTICAST F ILTERING C OMMANDS -101 Command Usa ge If enabled, the switch will ser ve as querier if elected. The querier is respon sible fo r asking hosts i f they w ant to recei ve m ulticast traffi c . Example ip igmp s nooping query-coun t This comm and con figures t he query count . Use th e no form to r estor e th e defau lt. Syntax ip igmp s[...]

  • Page 684

    -102 Example The follo wing show s ho w to confi gure th e query count to 10: Related Commands ip igm p snoo ping query-max -respon se-tim e (3-102) ip igmp s nooping query-int erval This comma nd confi gures the quer y interval. Use th e no for m to restore the de fault. Syntax ip igmp snooping quer y-inter va l seco nds no ip igmp snooping quer y[...]

  • Page 685

    M ULTICAST F ILTERING C OMMANDS -103 Syntax ip igmp snooping quer y-max-r esponse-time seconds no ip igmp snooping quer y -max-response-time seconds - Th e report dela y adv ertised in I GMP quer ies . (Ran ge: 5-30) Default Setting 10 seconds Command Mode Global Configura tion Command Usage • The switch must be using IGMPv2 for this co mmand to [...]

  • Page 686

    -104 ip igmp s nooping router-p ort-expir e-time This comma nd confi gures the query timeout. Use the no for m to restore the de fault. Syntax ip igm p snoo ping rout er- port-expire- time seconds no ip igmp snooping router-por t-expir e-time seconds - T he time the switch waits after th e previous qu erier sto ps before it co nsiders the router po[...]

  • Page 687

    M ULTICAST F ILTERING C OMMANDS -105 Static Multicast Routing Commands ip igmp sno oping vlan mrouter This comm and statically configures a multicast router po rt . Use the no for m to remove the configu ration . Syntax [ no ] ip igmp snooping vlan vlan -id mrouter interface • vlan -i d - VLAN ID (Range: 1-4094) • interface • ethernet unit / [...]

  • Page 688

    -106 Example Th e fo llowi ng s hows how to conf igu re p or t 1 1 a s a multi cas t ro ute r po r t withi n VLAN 1: show ip ig mp snoopi ng mrouter This comm and displays infor mation on statically config ured and dynamically lear ned multicast rout er port s . Syntax show ip igmp snoo ping mrouter [ vlan vlan-id ] vlan-id - VLAN ID (Range : 1-409[...]

  • Page 689

    M ULTICAST F ILTERING C OMMANDS -107 IGMP Commands (Layer 3) ip igmp Use this command to enabl e IGMP on a VLAN in terface . Use th e no form of this comm and to di sable IGMP on the specifie d inter face . Syntax ip igmp no ip igmp Default Setting Disabled Command Mode Interf ace Conf igurati on (VLA N) Command Function Mode Page ip igmp Enables I[...]

  • Page 690

    -108 Command Usage IGMP qu er y can be enable d globall y at Lay er 2 via the ip ig mp snooping com mand, or enabled fo r specifi c VLAN i nterface s at La yer 3 via the ip igmp command. (La yer 2 query is disabled if Layer 3 query is enabled.) Example Related Commands ip igmp sno oping (3-96) show ip igmp s nooping ( 3-98) ip ig mp ro bus tv al Us[...]

  • Page 691

    M ULTICAST F ILTERING C OMMANDS -109 Command Mode Interf ace Conf igurati on (VLA N) Command Usage The robust ness value is used in ca lculating the app ropriate rang e for other IGMP vari ables, such as the Group Membership Inter val ( ip igmp la st-m emb-qu er y-interval , page 3-111) , as well as t he Other Querier Present Interval, and the Star[...]

  • Page 692

    -110 multicast routing prot ocol tha t runs o n the LAN . But for IG MP Version 2, the d esignat ed querie r is the lo west IP -addressed multicast router o n the sub net. Example The following shows ho w to configure the query inter val to 100 seconds: ip ig mp m ax-r esp -int erv al Use this co mmand to conf igure the maximum response t ime adver[...]

  • Page 693

    M ULTICAST F ILTERING C OMMANDS -111 • The num ber of s econds r eprese nted by the max imum respo nse in terval must be less tha n the Quer y Interva l (page 3-1 09). Example Th e following shows how to co nfigure the maximum re spons e time to 20 second s: Related Commands ip igmp version (3-112) ip igmp quer y-inter val (3-109) ip igmp las t-m[...]

  • Page 694

    -112 reduced val ue result s in reduc ed time to detect the loss of th e last member of a group. Example Th e following shows how to co nfigure the maximum re spons e time to 10 second s: ip i gmp vers ion Use this command to confi gure the IG MP ve rsion us ed on an in terface. Use the no form of thi s command t o restore the de fault. Syntax ip i[...]

  • Page 695

    M ULTICAST F ILTERING C OMMANDS -113 Example The following configures the switch to use IG MP V e rsion 1 on the sele cted inte rfac e: show ip igmp in terface Use this command t o show the IGMP configuratio n for a specific VLAN interface or for all interfaces . Syntax show ip igmp interface [ vl an vlan- id ] vlan-id - VLAN ID (Range : 1-4094) De[...]

  • Page 696

    -114 Syntax clear ip igmp group [ gr oup-address | int erf ace vlan vlan-i d ] • group-address - IP address of the multicast g roup . • vlan -i d - VLAN ID (Range: 1-4094) Default Setting Deletes all e ntries in the cache if no options are selected. Command Mode Pri vileged Ex ec Command Usage Enter the addre ss for a multic ast g rou p to dele[...]

  • Page 697

    M ULTICAST F ILTERING C OMMANDS -115 Command Mode Nor m al Exec , Privileg ed Exec Command Usage • This comm and displays information for multicast g roups learned via IGMP, no t stat ic groups . • If the sw itch receives an IGMP Vers ion 1 Memb ership Report , it sets a timer to n ote tha t there are Version 1 hosts pr esent w hich are member [...]

  • Page 698

    -116 IP Inte rface Commands There are no IP ad dresses assigne d to this router by def ault. Y ou must man ually con figure a n ew addres s to m anage the router o ver y our netw ork or to connect th e router to exis ting IP subnets . Y ou may al so need to a establish a default g ate way between this device and manag eme nt statio ns or othe r dev[...]

  • Page 699

    IP I NTERFACE C OMMANDS -117 Syntax ip address { ip-address netmask | bootp | dhcp } [ secondar y ] no ip address • ip-address - IP address • netm as k - Network mask fo r the associ ated IP subnet. This mask identi fies the host addre ss bits used for r outing t o specific subn ets. • bootp - Obtain s IP addr ess from B OOTP. • dhcp - Obta[...]

  • Page 700

    -118 Anything o utside th is format will no t be accepte d by the configuration progra m. • An int erf ace can ha ve on ly on e prima ry IP addr ess, but ca n have many secondary IP addresse s. In other words, you will need to spe cify second ary addres ses if more than one IP s ubnet c an be acce ssed vi a this interface. • If you sel ect the [...]

  • Page 701

    IP I NTERFACE C OMMANDS -119 Syntax ip default-gatew ay ga tewa y no ip default-gateway gat e wa y - IP add ress of the defa ult ga teway Default Setting No static route is established . Command Mode Global Configura tion Command Usage • The gateway specified in t his command is only valid if routing is disab led with the no ip routing com mand .[...]

  • Page 702

    -120 Example Related Commands show ip redirects (3-120) show ip re directs This comma nd sho ws the d efault gatew ay c onfigured for thi s device . Default Setting None Command Mode Pri vileged Ex ec Example Related Commands ip default-gateway (3-118) ping Th is comm and s ends IC MP echo requ est pa ckets to ano ther node on the network. Syntax p[...]

  • Page 703

    IP I NTERFACE C OMMANDS -121 • size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the rout er adds head er infor mation. Default Setting This command h as no defa ult for t he host. Command Mode Nor m al Exec , Privileg ed Exec Command Usage • Use th[...]

  • Page 704

    -122 Address Resolution Protocol (ARP) arp Use this command t o add a stat ic ent r y in the A ddress R esolution Pr otocol (ARP) ca che. Use the no for m to remov e an entr y from the cac he. Syntax ar p ip-address hardware-address no ar p ip-addr ess • ip-address - IP address t o map to a specified h ardware addres s. • hardw are -address - H[...]

  • Page 705

    IP I NTERFACE C OMMANDS -123 128. • You may need to ente r a stati c entry in the cac he if t here is no resp onse to an ARP broa dcast messag e. For example, some applications may not resp ond to ARP reque sts or the r espons e arri ves to o late , caus ing networ k opera tions to time o ut. Example Related Commands clear arp-cac he show arp arp[...]

  • Page 706

    -124 clear arp- cache Use th is command to del ete all d ynamic entries from th e Address Resolution Pro toco l (ARP ) c ache. Command Mode Pri vileged Ex ec Example This examp le clears all dynami c entries in the A RP cac he. show arp Use th is command to dis pla y entries in the A ddress R esolut ion Proto col (ARP) cache. Command Mode Nor m al [...]

  • Page 707

    IP I NTERFACE C OMMANDS -125 Example This examp le displa ys all entr ies in the ARP cach e. ip prox y-arp Use this command to enab le pro xy Addr ess R esol ution Pro tocol (ARP) . Use the no form to disabl e pro xy ARP . Syntax ip pr oxy-ar p no ip proxy-ar p Default Setting Disabled Command Mode Interf ace Conf igurati on (VLA N) Command Usage P[...]

  • Page 708

    -126 IP Routi ng Commands After you configu re network inter faces for this rout er, you must set the paths u sed to s end t raffic betwee n diff erent inter faces. If you enab le routing on this devic e, traffic will automatically be forwarded between all of the local subn etw orks . Howev er, to forwa rd traf fic to devices o n other subnetw orks[...]

  • Page 709

    IP R OUTING C OMMANDS -127 Global Routing Configurati on ip rout ing Use this co mmand to enable I P routing . Use the no for m to disable IP routing . Syntax ip r outing no ip routing Default Setting Enabl ed Command Mode Global Configura tion Command Usage • The co mmand affects both s tatic and dynamic u nicast ro uting. • If IP routing is e[...]

  • Page 710

    -128 Example ip ro ute Use th is command to conf igure sta tic route s . Use the no for m to remo ve static r out es. Syntax ip r oute { destin ation-ip netmask | default } { gat e wa y } [ metric metric ] no ip route { de stination-ip netmask | def aul t | * } • destination-ip – IP addr ess of th e destin ation ne twork, su bnetw ork, or host.[...]

  • Page 711

    IP R OUTING C OMMANDS -129 clear i p route Use this command to remo v e dynamica lly learned en tries fro m the IP routing t able. Syntax clear ip route { network [ ne tm ask ] | * } • netw ork – Ne twork or subne t addr ess. • netm as k - Network mask fo r the associ ated IP subnet. This mask identi fies the host addre ss bits used for r out[...]

  • Page 712

    -130 Command Usage If the address is specifie d without the netmask parameter, the route r disp lays all route s for the correspo nding natural class a ddress (page 3-134). Example show ip traff ic Use th is command to disp lay s tatistic s for IP , ICMP , UDP , TCP and ARP protoc ols. Command Mode Pri vileged Ex ec Command Usage F or a description[...]

  • Page 713

    IP R OUTING C OMMANDS -131 Example Routing Informatio n Protocol (RIP) Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gate way Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragmen t Sent: 9 generated 0 no route ICMP statistics: Rcvd: 0 checksum errors, 0 redi[...]

  • Page 714

    -132 route r r ip Use th is com mand to enabl e R outing Information P rotocol (RIP ) routin g for all IP inte rfaces on the rout er . Use the no form to disable it. Syntax router rip no router rip Command Mode Global Configura tion Default Setting Disabled Command Usage • RIP is used to speci fy how r outers ex change r outing t able in formatio[...]

  • Page 715

    IP R OUTING C OMMANDS -133 Related Commands network (3-134) timer s ba sic Use this comma nd to con figure th e RIP updat e timer, timeou t timer, and garbage- collecti on timer . Use the no form to restore the defau lts . Syntax timer s basic update-sec onds no timers basic update-seconds – Set s the update timer to the specified value, sets the[...]

  • Page 716

    -134 netwo rk. Example This e xample se ts the u pdate time r to 40 seco nds . Th e timeou t timer is subsequently set to 240 seconds , and the garbage-collection tim er to 160 second s . netw ork Use this command t o specify the network interfaces that will be include d in the RIP r outing pro cess . Use th e no form to remo ve an entry . Syntax n[...]

  • Page 717

    IP R OUTING C OMMANDS -135 Example This exampl e includes n etwo rk inte rface 10.1.0.0 in the RIP routing proce ss. Related Commands router rip (3-132) neig hbor Use this command to defin e a neighboring router w ith which this router will exc hange routing infor m ation. Use the no for m to remove an entr y . Syntax neighbor ip-address no neighbo[...]

  • Page 718

    -136 Syntax ver si o n { 1 | 2 } no version • 1 - RIP V ersion 1 • 2 - RIP V ersion 2 Command Mode R outer Configura tion Default Setting RIP V ersion 1 Command Usage • Whe n this co mmand is used to spec ify a glob al RIP versio n, any V LAN interfa ce not pre vious ly set by th e ip rip receive version or ip rip send version command will be[...]

  • Page 719

    IP R OUTING C OMMANDS -137 ip rip receive version Use this command to sp ecify a RIP v ersion to recei ve on an int erface. Us e the no for m to re store the default value. Syntax ip rip receiv e v ersi on { none | 1 | 2 | 1 2 } no ip rip receiv e version • none - Does not a ccept incoming RIP pac kets . • 1 - Acc epts only R IPv1 pa ck ets . ?[...]

  • Page 720

    -138 Example This example s ets the interface ver sion for VLAN 1 t o receiv e RIPv1 packet s . Related Commands version (3-13 5) ip rip send v ersio n Use this command to speci fy a RIP v ersio n to send o n an int erface . Use the no for m to restor e the default value. Syntax ip rip send v ersion { no ne | 1 | 2 | v2-b roadc ast } no ip rip send[...]

  • Page 721

    IP R OUTING C OMMANDS -139 - Use “none ” to pas sively monitor r oute in forma tion adve rtised by other router s atta ched to the net work. - Use “1” or “2” if all ro uters in the lo cal ne twork a re ba sed on RIPv 1 or RIPv2, respectively. - Us e “v2-broa dcast” t o propagate ro ute infor mation by br oadcastin g to othe r rout e[...]

  • Page 722

    -140 Command Usage • Split horiz on nev er prop aga tes rou tes b ack t o an inte rface from wh ich they ha ve been acqu ired. • Poiso n reverse pr opagate s routes back to an interface po rt from which they h ave been a cquired, b ut sets the di stance-vec tor metric s to i nfinity. (This pro vides fa ster con vergence.) Example This exampl e [...]

  • Page 723

    IP R OUTING C OMMANDS -141 Example This exampl e sets an au thentica tion pas sw ord of “smal l” to v erify incoming ro uting m essages and t o tag o utg oing ro uting m essages. Related Commands ip rip authentication mode ( 3-141) ip rip a uthenticat ion mode Use this comma nd to sp ecify th e type of authentic ation tha t can be u sed on a n [...]

  • Page 724

    -142 Example Th is example sets th e auth entica tion mode to plain te xt. Related Commands ip rip authentication key (3-140) show ri p globals Use th is command to disp lay g lobal co nfigur ation se ttings for RIP . Command Mode Pri vileged Ex ec Example Console(config)#interface vlan 1 Console(config-if)#ip rip authentication mode text Console(c[...]

  • Page 725

    IP R OUTING C OMMANDS -143 show ip rip Use this command to displa y infor mation abou t interfac es config ured for RIP . Syntax show ip rip { co nfiguration | status | pee r } • configuration - Sho ws RIP co nfigur ation setti ngs for each interface. • status - Sho ws the s tatus of ro uting messages on eac h interface . • peer - Shows infor[...]

  • Page 726

    -144 Open Shortest Path Fir st (OSPF) SendMod e RIP version sen t on this interface ( none, RIPv1, RIPv2, or RIPv2-broadca st) ReceiveM ode RIP version rece ived on this interfa ce (none, RIPv1, RIPv2, RIPv1 or RIPv2) Poison Shows if split -horizon, poison -r eve rse, or no proto col message loopback pre vention metho d is in use. Authentic ation S[...]

  • Page 727

    IP R OUTING C OMMANDS -145 Route Metr ics and Summa ries area range Summarizes routes advertised by an ABR RC 3-15 1 area def ault-co st Sets the cost for a default summ ary route sent int o a stub or NSSA RC 3-15 2 summary-add ress Su mmarizes routes a dvertised by an ASBR RC 3-15 3 redistribute Redistribute routes from one routing domain to anoth[...]

  • Page 728

    -146 rout er ospf Use this co mmand to enable Ope n Shor test Path First (OS PF) routin g for all I P inte rface s on the rou ter . Use th e no form to disable it. Syntax router ospf no router ospf Command Mode Global Configura tion Default Setting Disabled ip ospf retransmit-int erval Specifies the time between resending a lin k-state advertisem e[...]

  • Page 729

    IP R OUTING C OMMANDS -147 Command Usage • OSPF is used to spe cify how ro uters exch ange rou ting tab le information. • This com mand is als o used to enter rout er configur ation mode . Example Related Commands network area (3-155) route r-i d Use this command to assign a unique router ID for this device within the autonomo us syst em. U se [...]

  • Page 730

    -148 • If the prio rity values of the rou ters bid ding to be the de signa ted ro uter or backup designated router fo r an area ar e equal, th e router with the highes t ID is elected. Example Related Commands router ospf (3-146) compatible rfc1583 Use this command to calculate summary route costs using RFC 1583 (OSPFv1). Use t he no for m to cal[...]

  • Page 731

    IP R OUTING C OMMANDS -149 default- informa tion origi nate Use this comman d to gene rate a default exte rn al route into a n autonomou s system . Use the no for m to disable this feature . Syntax default-infor mation originate [ alw ays ] [ metric interface-metric ] [ metr ic-ty pe metric-type ] no default-infor mation originate • always - Alw [...]

  • Page 732

    -150 used to impo rt external rout es via RIP or stat ic routing, an d such a route is k nown. • Type 1 route adve rtisement s add the intern al cost to the extern al route metric. Ty pe 2 route s do not ad d the inte rnal cos t metric. When comparing Type 2 ro utes, the inter nal cost is only used as a tie-br eaker if several Type 2 routes have [...]

  • Page 733

    IP R OUTING C OMMANDS -151 • Using a low value all ows the ro uter to swi tch to a n ew path fas ter, but uses more CPU proces sing tim e. Example area rang e Use this command to summarize the rout es adv ertised b y an Area Borde r Router (ABR). Use the no fo r m to dis ab le thi s fu nct i on. Syntax area area-id ran ge ip-address netmask [adve[...]

  • Page 734

    -152 Example This example cre ates a summ ary address for all area rou tes in the ran ge of 10.2.x.x. area def ault-c ost Use this command to specify a cost fo r the defa ult summary route sen t into a s tub or not-so-st ubby ar ea (NSSA) f rom an Area Border R outer (ABR). Us e the no for m to remove the ass igned de fault co st. Syntax area ar ea[...]

  • Page 735

    IP R OUTING C OMMANDS -153 summary-address Use this command to ag g regate routes l earned from oth er protoco ls . Use the no for m to remove a summar y address . Syntax summar y-address summar y-address netmask no summar y-addr ess summar y-addr ess netm ask • summar y-addr ess - Summary address co v ering a range of add resses . • netm as k [...]

  • Page 736

    -154 redis tri bute Use th is comm and to i mport external routing information fro m other routing do mains (i.e., pr otoco ls) into the auton omous syst em . Use the no for m to disable this feat ure. Syntax redistribute [ rip | static ] [ me tr ic metric-value ] [ metric-type type-v alue ] no redistribute [ ri p | static ] [ metric metric-value ][...]

  • Page 737

    IP R OUTING C OMMANDS -155 • Metric t ype speci fies th e way to adver tise ro utes to de stinati ons ou tside the AS via Extern al LSAs. Specify Typ e 1 to add the int ernal cost metric to th e exter nal route metric. In other words, th e cost of the r oute from any ro uter with in th e AS is equa l to the cost asso ciated with reaching the adve[...]

  • Page 738

    -156 Command Usage • An area I D uniquely defin es an OSPF broa dcast are a. The area ID 0.0.0.0 indicates the OSPF backbone for an autonomous system. Each route r must be conn ecte d to the ba ckbo ne via a dire ct conne ctio n or a virtual link. • Set the ar ea ID to the sam e value for all router s on a netw ork segmen t using the network ma[...]

  • Page 739

    IP R OUTING C OMMANDS -157 • area-id - Identifies the stub area. (The area ID must be in the form of an IP addre ss.) • summar y - Makes an Area Border R outer (ABR) send a summary link adv er tisement into the stub area. (Def ault: no s ummar y) Command Mode R outer Configura tion Default Setting No stub is co nfigured. Command Usage • All r[...]

  • Page 740

    -158 area nssa Use this c ommand to de fine a not-s o-stubby a rea (N SSA). T o remove an NSSA, use t he no form without a ny optio nal ke yw ords . T o remo ve an optiona l attrib ute, use the no for m wi thout th e relevant keyword. Syntax area area-id nssa [n o-redis tribut ion] [ default-in for mation-or iginate ] no area ar ea-id nssa [ no-red[...]

  • Page 741

    IP R OUTING C OMMANDS -159 import a default ex ternal A S route (fo r routing protoc ol domain s adjacent to the N SSA but n ot within th e OSPF AS ) into the NS SA using the default-infor mation-originate keyw ord. • External r outes advert ised into an NSSA can include n etwork destinations outside the AS learned via OSPF, the default route, st[...]

  • Page 742

    -160 area virtu al-link Use this command to define a virtual link. T o remove a vir tual link, use the no form with no op tional keyw ords . T o resto re the de fault va lue for an attribut e, use the no for m wi th the requi red keyword. Syntax area area-id virtual-link rout er -i d [authentic ation [messag e-dig est | null ]] [h ello-inter val se[...]

  • Page 743

    IP R OUTING C OMMANDS -161 • retransmit-inter v al seconds - Specifies the inte r val at wh ich the ABR retransmits link-state advertisements (LSA) ov er the vir tual link. T he retran smit inter val should be set to a cons er vative v alue that provides a n adeq uate f low o f rout ing infor mati on, bu t does n ot produ ce unn ecess ar y pr oto[...]

  • Page 744

    -162 Default Setting area-id : Non e ro ut er -id : No ne hello-inter val : 10 seconds retransmit-inter v al : 5 se cond s transmit-delay : 1 se con d dead-inter val : 40 seconds authentication-key : None message-digest-key : None Command Usage • All area s must be connect ed to a b ackbone ar ea (0.0.0.0 ) to main tain routing connectiv ity thro[...]

  • Page 745

    IP R OUTING C OMMANDS -163 ip ospf au thenticatio n Use this co mmand to speci fy the auth entica tion type used for an interf ace . Enter this command w ithou t any op tion al paramet ers to specify plain t ext (or simple password) auth entica tion. Use the no for m to restore the default of n o authen tication . Syntax ip ospf authentication [ me[...]

  • Page 746

    -164 ip ospf au thenticatio n-key Use this command to assign a simple p assw ord to be use d by neighborin g routers . Use the no form to remove the passw ord. Syntax ip ospf authentication-key key no ip ospf authentication-key key - Sets a p lain tex t passw ord. (Range : 1-8 c harac ters) Command Mode Interf ace Conf igurati on (VLA N) Default Se[...]

  • Page 747

    IP R OUTING C OMMANDS -165 ip ospf message-digest-k ey Use this command to enab le mes sage-digest (MD 5) auth entic ation on the specified int erface and to assign a ke y-id and ke y to be used by neigh boring routers . Use the no for m to remove an existin g key . Syntax ip ospf message-digest-key key - id md5 key no ip ospf message-digest-key ke[...]

  • Page 748

    -166 Related Commands ip ospf authentication (3-163) ip o spf c ost Use th is command to exp licitly set th e cost of s ending a pac ket on an interface. Use the no form to restore the default v alue. Syntax ip ospf cos t cost no ip ospf cost cost - Link m etric for th is interfac e. Use hig her value s to indica te slower ports. (Range : 1-6553 5)[...]

  • Page 749

    IP R OUTING C OMMANDS -167 secon ds - The max imum tim e that ne ighbor rout ers can w ait for a hello packet before declaring the tran smitting router do wn. This int erval mus t be set to the sam e value for all route rs on the netwo rk. (Rang e: 1-655 35) Command Mode Interf ace Conf igurati on (VLA N) Default Setting 40, or four times t he inte[...]

  • Page 750

    -168 Example ip o spf pr iori ty Use th is command to set the router priorit y used wh en dete r mining the design ated rout er (DR) an d backup designa ted router ( BDR) for a n area. Use the no form to restore the defaul t value . Syntax ip ospf priority priority no ip ospf priority priority - Sets the in terface prio rity for this router. (Range[...]

  • Page 751

    IP R OUTING C OMMANDS -169 ip ospf retr ansmit-interv al Use this comma nd to sp ecify the tim e between r esending link-sta te adver ti sem ents (LS As). Us e t he no for m t o restore the defau lt value. Syntax ip ospf r etr ansm it-inter val second s no ip ospf retransmit-inter val secon ds - Sets the inter val at which LS As are ret ransmit ted[...]

  • Page 752

    -170 Command Mode Interf ace Conf igurati on (VLA N) Default Setting 1 second Command Usage LSAs hav e th eir age increm ented b y this dela y befor e transm ission . Whe n estim ating the transm it delay , cons ider bo th the tr ansm ission and propagation delays for an inter face. Set the transmit d elay accord ing to link speed, using larg er va[...]

  • Page 753

    IP R OUTING C OMMANDS -171 show ip os pf bord er-routers Use this command t o show entri es in the r outing t able t hat lead to an Area Border Router (A BR) or Autono mous Syst em Boundar y Router (ASBR). Command Mode Pri vileged Ex ec Example Field Description Routing Process with ID Router ID Supports only single TOS ( TOS0) route Type of servic[...]

  • Page 754

    -172 show ip os pf databa se Use thi s comman d to sh ow infor m ation about d iffere nt OSPF Link S tate Advertisement s (LSAs) stored in t his router’ s database. Syntax show ip ospf [ area- id ] database [ adv-ro uter [ ip-address ]] show ip ospf [ area- id ] database [ asbr -summar y ] [ lin k-state-id ] show ip ospf [ area- id ] database [ a[...]

  • Page 755

    IP R OUTING C OMMANDS -173 - An IP netw ork numb er fo r Type 3 S ummary a nd Exte rnal LS As - A R o u t e r I D f o r R o u t e r , N e t w o r k , a n d T y p e 4 A S S u m m a r y L S A s Also , note th at whe n an T yp e 5 ASBR Ext er nal LS A is des cribing a default route , its link-sta te-id is set to the defau lt destina tion (0.0.0.0). ?[...]

  • Page 756

    -174 Th e followi ng shows output when using the asbr-summar y keyw ord. Console#show ip ospf database asbr-summar y OSPF Router with id(10.1.1.253) Displaying Summary ASB Link Sta tes(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Route r) Link State ID: 192.168.5.1 (AS Boundary R outer's Router ID)[...]

  • Page 757

    IP R OUTING C OMMANDS -175 Th e followi ng shows output when using the database-s ummar y keyword . Console#show ip ospf database database-su mmary Area ID (10.1.0.0) Router Network Sum-Net Sum-ASBR External-AS External-Nssa 2 1 1 0 0 0 Total LSA Counts : 4 Console# Field Description Area ID Area id entifier Rout er Numb er o f ro uter LS As Networ[...]

  • Page 758

    -176 Th e followi ng shows output when using the exter nal keyw ord. Console#show ip ospf database external OSPF Router with id(192.168.5.1) (Autonom ous system 5) Displaying AS External Link Sta tes LS age: 433 Options: (No TOS-capability) LS Type: AS External Link Link State ID: 10.1.1.253 (External Netwo rk Number) Advertising Router: 10.1.2.254[...]

  • Page 759

    IP R OUTING C OMMANDS -177 Th e followi ng shows output when using the network keyw ord. Forward Address Forwardin g addres s for data to be pas sed to the advertised destination (If set to 0.0.0.0, da ta is forwarded to the orig inator of the advertisement) External Route Tag 32- bit field a ttached to each external rou te (Not used by OSPF ; may [...]

  • Page 760

    -178 Th e followi ng shows output when using the router keyw ord. LS Sequence Number Sequence number of LSA (used to detect older du plicate LSAs) LS Checksum Checksu m of the complete contents of the LSA Length The length of the LSA in bytes Netw ork M ask Ad dress mask for t he n etwo rk Attached Router List of routers attached to the network; i.[...]

  • Page 761

    IP R OUTING C OMMANDS -179 Link State ID Router ID of the router that originated the LSA Advertising Router Advertising router ID LS Sequence Number Sequence number of LSA (used to detect older du plicate LSAs) LS Checksum Checksu m of the complete contents of the LSA Length The length of the LSA in bytes Router Role Description of router type, i n[...]

  • Page 762

    -180 Th e followi ng shows output when using the summar y keyw ord. Console#show ip ospf database summary OSPF Router with id(10.1.1.253) Displaying Summary Net Link Sta tes(Area 10.1.0.0) Link State Data Summary (Type 3) ------------------------------- LS age: 686 Options: Support External routing capabil ity LS Type: Summary Links(Network) Link S[...]

  • Page 763

    IP R OUTING C OMMANDS -181 show ip ospf in terface Use this co mmand to displa y summary infor mation for OSPF interfaces . Syntax show ip os pf inter face [ vla n vlan -id ] vlan-i d - VLAN I D (Range : 1-4094) Command Mode Pri vileged Ex ec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.1.1.253, Mask 255. 255.255.[...]

  • Page 764

    -182 show ip os pf neigh bor Use th is com mand to displ ay inf or mation ab out nei ghbor ing rout ers on each interface w ithin an OS PF area. Syntax show ip ospf neighbor Command Mode Pri vileged Ex ec Example State • Disabled – OSPF not enabled on this interface • Down – OSPF is enabl ed on this i nterface, but interface is do wn • Lo[...]

  • Page 765

    IP R OUTING C OMMANDS -183 show ip osp f summary-address Use this command t o display all summar y address infor mation. Syntax show ip ospf s ummar y-address Command Mode Pri vileged Ex ec Example This e xample sh ows a summar y addres s and asso ciate d network mask. Related Commands summa ry-addre ss (3-153) State O SPF state an d ident ificatio[...]

  • Page 766

    -184 show ip os pf virtual-l inks Use th is command to disp lay d etaile d infor mation about virtual links. Syntax show ip ospf virtual-links Command Mode Pri vileged Ex ec Example Related Commands area vi rtual-l ink (3 -160) Multic ast Ro uting Comman ds This router u ses IGMP s noopin g and query to de term ine th e ports connecte d to dow nstr[...]

  • Page 767

    M ULTICAST R OUTING C OMMANDS -185 Multicast routers use snoop ing and quer y messag es , along with a multicast routing protoco l to deliv er IP multicast packets across different subnetw orks . This rou ter supports b oth the Dis tance-V ector Multica st R outing Protocol (D VMRP) an d Protoc ol Independ ent Mult icastin g (PIM). (Not e that you [...]

  • Page 768

    -186 • interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting No stat ic mul ticast ro uter ports are co nfigur ed. Command Mode Global Configura tion Command Usage Depe nding on your ne twork conne ction s, IGMP snoo ping may no t alw ays b e able to l ocate t[...]

  • Page 769

    M ULTICAST R OUTING C OMMANDS -187 Default Setting Displays multicast router por ts for all configured V LANs . Command Mode Pri vileged Ex ec Command Usage Multicast router por t types di splayed include Static or Dynamic. Example Th e following shows tha t por t 11 in VLAN 1 is attached to a multicast router: General Multicast Ro uting Commands i[...]

  • Page 770

    -188 Command Mode Global Configura tion Command Usage This c ommand is used to enable multicast routing globally for th e router . Y ou also need t o globall y enable a specific multicast routin g protoc ol us ing the router dvmr p or router pim command, and t hen specify the inte rfaces that will suppo rt multicast routin g using the ip dvmr p or [...]

  • Page 771

    M ULTICAST R OUTING C OMMANDS -189 and source pair, detailed info r mation is displayed only for the speci fied entr y . If th e summar y option is selected, an abbreviated li st of infor mation for each entr y is displayed on a single line. Example This example shows detailed multicast infor mation for a specified g roup / source pai r Console#sho[...]

  • Page 772

    -190 This example lists all entries in the multicast table in sum mar y for m: Console#show ip mroute summary IP Multicast Forwarding is enabled. IP Multicast Routing Table (Summary) Flags: P - Prune UP Group Source Source Mask Interface Owner Flags --------------- --------------- --------- ------ ---------- ------- ------ 224.1.1.1 10.1.0.0 255.2 [...]

  • Page 773

    M ULTICAST R OUTING C OMMANDS -191 DVMRP Multicast Routing Commands rout er dvmrp Use this co mmand to en able Distanc e-V ector Multicast Routing (DVMRP) global ly for the r outer and to enter router co nfiguratio n mode . Use the no for m to disa ble D VMRP multicast routing. Command Function Mode Page router dvmrp Enables DVMRP and enters router[...]

  • Page 774

    -192 Syntax router dvmr p no router dvmr p Command Mode Global Configura tion Command Usage This com mand enables DVMRP globally for the router and enters router con figuration mode . Mak e any ch anges necessary to the global D VMRP parameters. Then specify the int erfaces that will supp or t D VMRP multicast routing usin g the ip dv mr p co mman [...]

  • Page 775

    M ULTICAST R OUTING C OMMANDS -193 second s - Inter val between sending ne ighbor p robe messag es. (Range: 1-65535) Default Setting 10 seconds Command Mode R outer Configura tion Command Usage Probe me ssag es ar e sent to neighb orin g DVMRP router s from which this de vice has r eceiv ed probes , and is used to veri fy whether o r not these neig[...]

  • Page 776

    -194 Example repor t-int erva l Use this c ommand t o specify how oft en to pr opag ate th e comple te set o f routin g tables to othe r neigh bor DVMRP rout ers. Use the no form t o restore the defa ult value. Syntax repor t-inter val seco nds second s - Inter val between sending the co mplete set of r outing tables . ( Range: 1-65535) Default Set[...]

  • Page 777

    M ULTICAST R OUTING C OMMANDS -195 Default Setting 5 second s Command Mode R outer Configura tion Example prun e-life ti me Use this command t o specify how long a pr une state will remain in effect for a multicast tre e. Use the no for m to restor e the de fault value. Syntax pr une-lifetime se cond s second s - Pr une state lifeti me. (Range: 1-6[...]

  • Page 778

    -196 defa ult-g atew ay Use th is com mand t o speci fy the default D V MRP gatew ay for IP mult icast traffic. Use the no for m to remove the default g ateway . Syntax default-gateway ip-addr ess no default-gateway ip-address - I P addr ess of the de fault D VMRP gatew a y . Default Setting None Command Mode R outer Configura tion Command Usage ?[...]

  • Page 779

    M ULTICAST R OUTING C OMMANDS -197 ip dvmrp Use this command to enable D VMRP on the specifie d interface . Use the no form t o disable D VMRP on this inter face. Syntax ip dvm r p no ip dvmr p Default Setting Disabled Command Mode Interf ace Conf igurati on (VLA N) Command Usage T o fully enable DVMRP , you need to enable multicast routing globall[...]

  • Page 780

    -198 ip dvm rp metr ic Use th is command to conf igure t he metr ic used i n selectin g the r eve rse path t o ne tworks co nne cted d ire ctly to a n int erfa ce on this rou ter. Use th e no for m t o restor e the d efault value. Syntax ip dvmr p metric interface-metric no ip dvmr p metric interface-metric - Metric u sed to sele ct the bes t rever[...]

  • Page 781

    M ULTICAST R OUTING C OMMANDS -199 As sh own bel ow , this command clears ev erything from th e route t able ex cept for th e default rout e. show rou ter dvmrp Use this comman d to display the global DVMRP configuration se ttings. Command Mode Nor m al Exec , Privileg ed Exec Command Usage This co mmand di splays t he global DVMRP setti ngs desc r[...]

  • Page 782

    -200 The defa ult set tings are sho wn in t he foll owin g exampl e: show ip dvmrp r oute Use th is command to disp lay all e n tries in the DVMRP routing table. Command Mode Nor m al Exec , Privileg ed Exec Example DMVRP r outes are s hown in the foll owing example: Console#show route dvmrp Admin Status : enable Probe Interval : 10 Nbr expire : 35[...]

  • Page 783

    M ULTICAST R OUTING C OMMANDS -201 show ip dvmrp ne ighbor Use this command to displa y all of the D VMRP neighbo r routers . Command Mode Nor m al Exec , Privileg ed Exec Example UpTime The time elapsed since this entry was created. Expire The time remaining before this entry will be aged out. Console#show ip dvmrp neighbor Address Interface Uptim[...]

  • Page 784

    -202 show ip dv mrp inter face Use this command to displ ay the DV MRP confi guration fo r interface s which have enab led DVMRP . Command Mode Nor m al Exec , Privileg ed Exec Example PIM-DM Multicast Routing Comman ds Console#show ip dvmrp interface Vlan 1 is up DVMRP is enabled Metric is 1 Console# Command Function Mode Page rou ter pi m Enab le[...]

  • Page 785

    M ULTICAST R OUTING C OMMANDS -203 router pim Use this c ommand to e nable Pr otocol-I nde pendent M ulticas t - Dens e Mode (PIM -DM) glob ally for t he router a nd to en ter router configurat ion mode. Use the no for m to disa ble PIM-DM multicast routing . Syntax router pim no router pim Default Setting Disabled Command Mode Global Configura tio[...]

  • Page 786

    -204 ip pim de nse- mo de Use this command to enable PI M-DM on t he specifie d inter face. Use the no form t o disable PI M-DM on this inter face. Syntax ip pim dense-mode no pim dense-mode Default Setting Disabled Command Mode Interf ace Conf igurati on (VLA N) Command Usage • To fully enable PI M-DM, you need to enable multicast routing glo ba[...]

  • Page 787

    M ULTICAST R OUTING C OMMANDS -205 Example ip pim hell o-interval Use this command to conf igure the frequency at whic h PIM hel lo messages ar e transmit ted. Us e the no form to restore the default va lue. Syntax ip pim hello-inter val seconds no pim hello-inter val second s - Inter val between sending PIM he llo messag es . (Range: 1-65535) Defa[...]

  • Page 788

    -206 ip pim he llo- holdt ime Use this command to conf igure the i nter val to wai t for he llo messages from a n eighbor ing PI M router before dec laring i t dead. U se the no form to restore th e default v alue . Syntax ip pim hello-holdtime second s no ip pim hello-inter val second s - The hold time for PIM hello messages . (Range: 1-65535) Def[...]

  • Page 789

    M ULTICAST R OUTING C OMMANDS -207 Default Setting 5 second s Command Mode Interf ace Conf igurati on (VLA N) Command Usage • When a router first starts or P IM is enabled on an inter face, the hello-int erval is s et to ra ndom value betw een 0 and the trigger-hello-in terval. This p revents synchro nization of Hello messag es on multi-access li[...]

  • Page 790

    -208 Command Usage The multicast in terface that fi rst receiv es a multicast stream from a particular source forw ards this traffic to all other PIM interface s on the router . If there ar e no request ing g roups on that inter face, the leaf node sends a prune message upstream and enters a prune state for t his multicast stream. T he pr une s tat[...]

  • Page 791

    M ULTICAST R OUTING C OMMANDS -209 Example ip pim max-g raft-retries Use this comm and to configure the maximum number of time s to resend a Graft m essage if it has not been ackno wledged. Us e the no fo r m t o r e st o r e the de fault value. Syntax ip pim max-g raft-retries re tr i es no ip pim g raft-retr y-inter val re tr i es - T h e maximum[...]

  • Page 792

    -210 show ip pi m interface Use this command to displ ay information abou t int erfaces confi gured for PIM. Syntax show ip pi m interf ace vlan-id vlan-id - VLAN ID (Range : 1-4094) Command Mode Nor m al Exec , Privileg ed Exec Command Usage This co mmand disp lays t he PIM sett ings for th e speci fied inte rface as desc ribed in the p receding p[...]

  • Page 793

    R OUTER R EDUND ANC Y C OMMANDS -211 Command Mode Nor m al Exec , Privileg ed Exec Example Router Re dund ancy Com man ds R outer redu ndancy pr otocols use a virtual IP address to support a primary router a nd mu ltiple ba ckup routers . The backup r outers ca n be confi gured to tak e o ver the w o rkload if the master rou ter fails , or can a ls[...]

  • Page 794

    -212 Virtual Router Redundancy Pr otocol Commands T o configure VRRP , select an i nterfac e on one rou ter in th e group to ser ve as the ma ster virtual router . This phys ical interfac e is used a s the virtual address fo r the router group . Now se t the same virtual address and a priorit y on the backup r out ers, and config ure a n au then ti[...]

  • Page 795

    R OUTER R EDUND ANC Y C OMMANDS -213 Use the no form to di sable VRRP on an i nterface a nd remo ve the IP address fro m the virtual router . Syntax vr r p gr oup ip ip-addr ess [ secondar y ] no vr r p gr oup ip ip-addr ess [ secondar y ] • group - Identifies the vir tual router group. (Range: 1-255) • ip-address - T he I P add ress of th e vi[...]

  • Page 796

    -214 This example cre ates VRRP group 1 us ing the prim ar y interface fo r VLAN 1 as the V RRP group Owner , and also adds a secondary interfa ce as a memb er of the group . vrrp aut hentication Use this command to specify t he key used to authenticat e VRRP pac kets recei ved from other routers . Use the no form to prevent auth entica tion. Synta[...]

  • Page 797

    R OUTER R EDUND ANC Y C OMMANDS -215 Example vrrp prior ity Use this comma nd to set th e priority of this rout er in a VRRP g ro up . Use the no for m to re store th e default se tting. Syntax vr r p gr oup priority level no vr r p gr oup priority • group - Identifies the VRRP g roup. (Range: 1-255) • level - Priority of this router in t he VR[...]

  • Page 798

    -216 Example Related Commands vr rp preempt (3-217) vrrp timers advertise Use this command to set the inter va l at whic h the m aster virtual ro uter sends advertis ements co mmunic ating its state as the m aster . Use the no for m to restore the default in ter val. Syntax vr r p gr oup time rs adver tise inter val no vr r p gr oup timers adv er t[...]

  • Page 799

    R OUTER R EDUND ANC Y C OMMANDS -217 before atte mpting to take over as the m aster is thre e times the hello interval plus half a second Example vrrp preempt Use this command to conf igure the router t o take ov er as the maste r virtual rout er for a VRRP group if it has a higher priority than the cur rent actin g master route r . Use the no form[...]

  • Page 800

    -218 Example Related Commands vr rp priority (3-215) show vrrp Use this co mmand to displa y statu s inform ation fo r VRRP . Syntax show vr r p [ brief | group ] • brief - Displays summar y infor matio n for all VRR P g roup s on this router . • group - Identifies a VRRP g roup . (Range: 1-255) Defaults None Command Mode Pri vileged Ex ec Comm[...]

  • Page 801

    R OUTER R EDUND ANC Y C OMMANDS -219 This examp le displa ys the full lis ting of status infor mation for all g roup s . Console#show vrrp Vlan 1 - Group 1, state Master Virtual IP address 192.168 .1.6 Virtual MAC address 00-00-5 E-00-01-01 Advertisement interval 5 sec Preemption enabled Min delay 10 sec Priority 1 Authentication SimpleT ext Authen[...]

  • Page 802

    -220 This example disp lays the brief listin g of status infor m ation for all g ro ups . show vrrp interf ace Use this command to displ ay statu s information for th e specified V RRP interface. Syntax show vrr p interface vlan vl an- id [ brief ] • vlan -i d - Identifier of configured VLAN interface . (Range: 1-4094) • brief - Displays summar[...]

  • Page 803

    R OUTER R EDUND ANC Y C OMMANDS -221 Defaults None Command Mode Pri vileged Ex ec Example This examp le displa ys the full lis tin g of stat us infor mation for V LAN 1. * Refer to “s how vrrp” on p age 3-218 for a description of the display items. Console#show vrrp interface vlan 1 Vlan 1 - Group 1, state Master Virtual IP address 192.168 .1.6[...]

  • Page 804

    -222 show vr rp router cou nters Use th is com mand to d isp lay co unt ers for er ro rs f oun d in VRR P pr otoc ol packet s . Command Mode Pri vileged Ex ec Example Note that unkno wn errors indi cate VRRP pac ke ts recei ved w ith an unknown or u nsuppor t ed version number. show vrrp interf ace counters Use th is command to disp lay coun ters f[...]

  • Page 805

    R OUTER R EDUND ANC Y C OMMANDS -223 Example * Refer to “Displaying VRRP Group S tatistics” on page 3-235 for a description of the display items. clear vr rp rout er counters Use this co mmand to clear VRRP s ystem statis tics . Command Mode Pri vileged Ex ec Example clear vrrp interface co unters Use this com mand to cle ar VRRP system stati s[...]

  • Page 806

    -224 Command Mode Pri vileged Ex ec Example Console#clear vrrp 1 interface 1 counters Console#[...]

  • Page 807

    R OUTER R EDUND ANC Y C OMMANDS -225 Hot Standby Router Pro tocol Commands T o configure HSRP , add the interface fo r each router that will par ticipate in the vi rtual router group , set t he prior ities , and confi gure an authentication string . The HSRP prot ocol will autom atically selec t the master and sta ndby rou ter ba sed on the prio ri[...]

  • Page 808

    -226 for m to disable HSRP o n an interfac e and remov e the IP address f or the virtual router . Syntax standby [ gr oup ] ip [ ip-address [ secondar y ]] no standby [ gr oup ] ip [ ip-addr ess ] • group - Identifies the vir tual router group. (Range: 0-255) • ip-address - The designated IP address o f the virtual router . • secondar y - Spe[...]

  • Page 809

    R OUTER R EDUND ANC Y C OMMANDS -227 • HSRP is en abled once the des ignated a ddress an d prio rity are configure d, and t he master and sta ndby router s are e lected b ased on highes t priorit y. If you need to customi ze any of the othe r param eters for HSRP suc h as auth entica tion, trac king, or a dvertisem ent int erval, then firs t conf[...]

  • Page 810

    -228 become the active master r outer agai n if the co nfigured p rioriti es have not be en chang ed. • If two o r more route rs are c onfigur ed with th e same HS RP priori ty, the router wit h the hig her IP addre ss is electe d as the new master rout er if the curr ent master fa ils. • The pr iorit y settin g takes preced ence over au then t[...]

  • Page 811

    R OUTER R EDUND ANC Y C OMMANDS -229 Default Setting Group nu mber : 0 Preempt : Disabl ed Delay: 0 seco nds Command Mode Interfac e (VLA N) Command Usage • If preem pt is enabl ed, and t his router h as a prio rity hig her than t he current acting mast er, it will take over as the new master. If pree mpt is not enabled, th is router will only ta[...]

  • Page 812

    -230 standb y authenti cation Use this co mmand to specify t he key used to authenticat e HSRP pack ets recei ved from other routers . Use the no f orm to dele te an auth entic atio n string . Syntax standby [ gr oup ] authentication string no standby [ gr oup ] authentication • group - Identifies the HSRP g roup. (Range : 0-255) • string - Aut[...]

  • Page 813

    R OUTER R EDUND ANC Y C OMMANDS -231 Example Related Commands standby priority (3-227) standb y timers Use this c ommand t o set the time betwee n the ma ster a nd stan dby rout er sending hello pack ets , and the tim e before other rout ers decl are the a ctiv e master ro uter or standby router d own. Use t he no for m to restore the default tim e[...]

  • Page 814

    -232 • Route rs on whi ch the tim er settin gs have not been co nfigure d can learn the curr ent timer va lues fro m the mas ter or s tandby rout er. Tim ers configure d on th e master ro uter always overrid e any other timer setting s. All routers in an HSRP gr oup shoul d be con figured with th e same tim er values. • If the master router st [...]

  • Page 815

    R OUTER R EDUND ANC Y C OMMANDS -233 Default Setting Group nu mber : 0 Interface prio rity: 10 Command Mode Interfac e (VLA N) Command Usage • This co mmand adju sts th e HSRP router p riority based on the availability of its IP interfaces. When a tracked int erface goes down, the HSRP route r priorit y decreases by the speci fied value, and incr[...]

  • Page 816

    -234 show stand by Use this co mmand to displa y statu s information for HSRP . Syntax show standby [ active | init | listen | standby ] [ brie f ] •a c t i v e - Displ ays HSRP g ro ups in th e active state. •i n i t - Displays HSRP g rou ps in the initial st ate. •l i s t e n - Displays HSRP g roups in the lis ten or lear n state. • stand[...]

  • Page 817

    R OUTER R EDUND ANC Y C OMMANDS -235 Field Description Local state State of the local router: • Active - Curre nt master router. • Standby - De signated backup route r next in line to tak e over as the ma ster router. • Speak - Rou ter is send ing pac kets to claim the ma ster or standby ro le. • Init - Router i s not re ady to pa rticipat [...]

  • Page 818

    -236 This example disp lays the brief listin g of status infor m ation for all g ro ups . Authenticatio n text Key used to authenticate HSRP packets received from ot her routers. Tracking interface states List of interfaces that are being t racked and their corresponding states. Console#show vrrp brief Interface Grp Prio P State Active addr Standby[...]

  • Page 819

    R OUTER R EDUND ANC Y C OMMANDS -237 show standby in terface Use this command to displa y HSRP status information fo r the spec ified interface. Syntax show standby interface vlan vlan-i d [ group group ] [ active | init | lis ten | standby ] [ brief ] • vlan -i d - Identifier of configured VLAN interface. (Range: 1-4094) • group - Identifies t[...]

  • Page 820

    -238 Example This examp le displa ys the full lis tin g of stat us infor mation for V LAN 1. For a description of the displayed information, see the preeeding “show standby” command. Console#show standby interface vlan 1 gro up 1 Vlan 1 - Group 1 Local State is Active, priority 5 (confgd 10), may preempt Preemption delayed for 10 secs Hellotime[...]

  • Page 821

    -1 A PPENDIX A S OFT WARE S PECIFICATI ONS Softwa re Feat ures Au then ticati on Local, RADIUS , TA CA CS , P or t (802.1x), HTT PS , SSH, P o rt Security Access Control Lists IP , MA C (up to 32 lis ts) DHCP Client, Relay , Ser ver DNS Ser ver P o rt Configuration 1000B ASE-T : 10/100/1000 Mbps , half/full duplex 1000B ASE-SX/LX: 1000 Mbps , full [...]

  • Page 822

    -2 Rapid Spanning T ree Protocol (RSTP , IEEE 802.1w) Multiple Spanning T ree Protocol (MSTP , IEEE 802.1 s) VLAN Supp or t Up to 255 gr oups; port-based, protocol-based, or tag ged (802.1Q), GVRP for automati c VLAN learning, pri vat e VLANs Class of Ser vic e Supports ei ght le vels of pr iority a nd W eighted R ound R obin Queueing (which ca n b[...]

  • Page 823

    S TAND ARDS -3 SNMP Manag eme nt acce ss via MIB datab ase T rap management to sp ecified hos ts RMON Groups 1, 2, 3, 9 (Statistics, Histor y , Alar m, Event) Standards IEEE 802.3 Ether net, IEEE 802.3u F ast Ether net IEEE 802.3x Full-duplex flow control (ISO/I EC 8802-3) IEEE 802.3z Gig abit Ether net, IEEE 802.3ab 1000B ASE-T IEEE 802.3ac VLAN t[...]

  • Page 824

    -4 SNTP (RFC 2030) SSH (V ersion 2.0) VRRP (RFC 2338) Management Information B ases Bridge MIB (RFC 1 493) D VMRP MIB Entity MIB (RFC 2737) Ethernet MI B (RFC 2665) Ether-lik e MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) F orwarding T able MIB (RFC 2096) IGMP MIB ( RFC 2933) Interface Group MIB (RFC 2233) Int[...]

  • Page 825

    M ANAG EMENT I NFORMATI ON B ASES -5 TCP MIB (RFC 2013) T rap (RFC 1215) UDP MIB (RFC 2012) VRRP MIB (RFC 2787)[...]

  • Page 826

    -6[...]

  • Page 827

    B-1 A PPENDIX B T ROUBLESHOOTING Troubl eshooting Ch art Symptom Action Cannot con nect using Telnet, web browse r, or SNMP software • Be s ure yo u have configure d the V LAN in terface through which t he manage ment s tation is conne cted wit h a valid IP a ddress , subne t mask and def aul t gat eway. • If y ou are trying to c onnec t to the[...]

  • Page 828

    T R OUBLESHOOTING B-2[...]

  • Page 829

    Glossary-1 G LOSSA RY Acc ess Co ntro l Li st (AC L) A CLs can limit network traffic and restrict access to cer tain users or devices by checking each pack et for cer tain IP or MAC (i.e., La yer 2) infor mation. Address Re soluti on Proto col (ARP) ARP converts between IP addresse s and MAC (i.e., hardware) addresses. ARP is used to locate the MA [...]

  • Page 830

    G LOSSAR Y Glossary-2 Distance Vector Multicast Routin g Protocol (DVMRP) A distance- vector-style routing protocol used for routing multicas t datag ram s through the Internet. DV MRP combines many of the features of RIP with R e verse P ath F orwarding (RPF). Dynamic Ho st Contr ol Protoc ol (DHCP) Provides a framework for passing c onfiguration [...]

  • Page 831

    G LOSSAR Y Glossary-3 Group Attribute Regi strati on Protocol (GAR P) See Generic Attribute Registr ation Protocol. Hot Stand by Rout er Pr otoc ol (HSRP) This pr otocol allows hosts to conne ct to a single vir tual router and to maintain connectivity even if the actual first hop ga tewa y they are using fails . IEEE 802.1D Specifies a g eneral met[...]

  • Page 832

    G LOSSAR Y Glossary-4 IGMP Snooping Listening to IGM P Quer y and IGMP Repor t packets transfer red between IP Multicast Routers and IP Multicast host g roups to identify IP Multicast g roup members . IGMP Query On each subnetwork, one IGMP-capa ble device will act as the querier — th at is, the device that asks all hosts to rep ort on the IP mul[...]

  • Page 833

    G LOSSAR Y Glossary-5 Layer 2 Data Link layer in the ISO 7- Layer Data Communications Protocol. This i s related directly to the hardware interface for ne twork devices and passes on traffic based on MA C address es . Layer 3 Network la yer in the ISO 7- Layer Data Communications Protoco l. This layer handles th e routing functi ons for data moving[...]

  • Page 834

    G LOSSAR Y Glossary-6 Out-of-Band Management Manag ement of the net work from a station not atta ched to the network. Port Authentication See IEEE 802.1 x. Port Mirror ing A method whereby data on a targe t port is mir rored to a monitor por t f or troublesh ooting with a logi c analyzer or RMON probe. T his allows dat a on the target port to be st[...]

  • Page 835

    G LOSSAR Y Glossary-7 Remote Monitoring (RMON ) RMON provides comprehensive netw ork moni toring capabilities. It eliminate s the polling requ ired in standard SN MP , and can set alar ms on a variety of traffic conditions, including specifi c er ror types . Rapid Spanning Tree Protocol (RS TP) RSTP reduces the conv erg ence time for network topolo[...]

  • Page 836

    G LOSSAR Y Glossary-8 data along the sho rtes t available path, maximizing the perfor m ance and effici ency of the network. Terminal Access Controller Access Control System Plus (TACACS+) TACACS+ is a logon authentica tion protocol th at uses sof tware ru nning on a central ser ver to control access to TA C A CS-complia nt devices on the net work.[...]

  • Page 837

    G LOSSAR Y Glossary-9 host device which has been con figured with a fixed gateway to maintain netw ork connectivity in case the primar y g ateway goe s down. XModem A protocol used to transfer file s between devices. Data is groupe d in 128-byte blocks and er ror-corr ected.[...]

  • Page 838

    G LOSSAR Y Glossary-10[...]

  • Page 839

    Index-1 Symbols 3-31 Numerics 802.1x, port authen tication 3- 42 , 4-74 A acceptab le frame type 3-11 8 , 4-184 Access Control List See ACL ACL Extended IP 3-51 , 4-82 , 4-83 , 4-86 MAC 3-51 , 4- 82 , 4-97 , 4- 97 – 4-99 Standard IP 3-51 , 4-82 , 4- 83 , 4-85 Address Reso lution Protocol Se e ARP addres s table 3-86 , 4- 159 aging ti me 3-88 , 4-[...]

  • Page 840

    I NDE X Index-2 DVMR P configuring 3-23 4 , 4- 285 global setti ngs 3- 234 , 4- 285 – 4-289 interface settin gs 3-237 , 4-289 – 4-29 0 neighbor routers 3- 239 , 4-292 routing table 3-240 , 4-292 dynamic ad dresses , display ing 3-87 , 4-160 Dynamic Host Configur ation Protoco l See DHCP E edge port, STA 3-98 , 3-100 , 4-17 4 event logging 4- 41[...]

  • Page 841

    I NDEX Index-3 IP routing 3- 176 , 4-235 configuring interfa ces 3-180 , 4- 227 enabling or disabling 3-179 , 4-23 5 status 3-179 , 4- 235 unicast p rotocols 3-178 IP, stat isti cs 3-189 , 4-238 J jumbo frame 4- 60 L LACP configuratio n 4-150 local parameters 3- 74 , 4- 156 partner parameters 3- 77 , 4-15 6 protocol mes sage st atistics 4-156 proto[...]

  • Page 842

    I NDE X Index-4 P password, line 4- 13 passwords 2-4 administrator setting 3-30 , 4-25 path cost 3- 90 , 3-98 method 3-94 , 4- 167 STA 3-90 , 3-98 , 4-167 PIM-DM 3-24 1 , 4-293 configuring 3-24 1 , 4- 293 global config uration 3-241 , 4-29 4 interface settin gs 3-242 , 4-294 – 4-29 8 neighbor routers 3- 245 , 4-300 port authentication 3-42 , 4-74[...]

  • Page 843

    I NDEX Index-5 specifications , software A-1 SSH, configuring 3-35 , 4- 35 , 4-36 STA 3-88 , 4-162 edge port 3-98 , 3-100 , 4-17 4 global se tti ngs, conf iguring 3-92 , 4-163 – 4-168 global se tti ngs, dis playing 3-89 , 4-179 interface settin gs 3-96 , 3-10 4 , 3-107 , 4-173 – 4-178 , 4-179 link type 3-98 , 3- 100 , 4-176 path cost 3- 90 , 3-[...]

  • Page 844

    I NDE X Index-6 W Web interface access requirements 3-1 configurat ion b uttons 3- 2 home page 3-2 menu list 3-3 panel display 3-3[...]

  • Page 845

    [...]

  • Page 846

    38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Cana da (24 hours a day , 7 days a wee k) (800) SMC-4-YOU; (94 9) 679-800 0; Fax: (949) 679- 1481 From Europ e : Contact de tails can be found on www .smc-europ e.co m or w ww .smc.com INTERNET E-mail a ddresses: techsupp ort@smc. com europea n.techs u[...]