Accton Technology ES4524D manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Accton Technology ES4524D. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoAccton Technology ES4524D vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Accton Technology ES4524D você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual Accton Technology ES4524D, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual Accton Technology ES4524D deve conte:
- dados técnicos do dispositivo Accton Technology ES4524D
- nome do fabricante e ano de fabricação do dispositivo Accton Technology ES4524D
- instruções de utilização, regulação e manutenção do dispositivo Accton Technology ES4524D
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Accton Technology ES4524D não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Accton Technology ES4524D e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Accton Technology na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Accton Technology ES4524D, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Accton Technology ES4524D, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Accton Technology ES4524D. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    P owered by Accton Manage ment G uide ES4524D ES4548D 24/48-Port Gigabit Ethe rnet Switch e-mail: info@direktronik.se tel: 08-52 400 700 fax: 08-520 18121[...]

  • Página 2

    [...]

  • Página 3

    Manage ment Guide ES4524D Gigabit Ethern et Switch Layer 2 Swit ch with 20 1 0/100/1000BAS E-T (RJ-45) Ports, and 4 G igabit Com bination P orts (R J-45/SFP) ES4548D Gigabit Ethern et Switch Layer 2 Swit ch with 44 1 0/100/1000BAS E-T (RJ-45) Ports, and 4 G igabit Com bination P orts (R J-45/SFP)[...]

  • Página 4

    ES452 4D ES454 8D F0.0.0.4 E1 12 006-CS-R01 1491000 30400 A[...]

  • Página 5

    v Contents Section I: G etting Started Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efaul ts 1-6 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uration O ptions 2-1 Requi red Connect ions 2-2 Remo te Co nnec tion s 2-2 Basi c Confi gura tion 2-3 Conso le Conn ection 2-3 S[...]

  • Página 6

    Contents vi Chapter 5 : Setting an IP A ddress 5-1 Setting th e Switch’s IP Address (IP Ve rsion 4) 5-1 Manual Conf igur atio n 5-2 Using DHCP/BOOTP 5-3 Setting th e Switch’s IP Address (IP Ve rsion 6) 5-4 Confi guring an IPv6 Addres s 5-4 Confi guring an IPv6 Gene ral Network Prefix 5-10 Confi guring the Neighbor D etection Protoco l and Stati[...]

  • Página 7

    Contents vii Config uring the SSH Server 12-12 Filter ing IP Addres ses for M anageme nt Access 12-13 Chapter 13 : Configuring Port Security 13-1 Chapter 14: Confi guring 802.1X Port Authentication 14-1 Displayi ng 802 .1X Globa l Settings 14-2 Config uring 802.1 X Global Settings 14-3 Configurin g Port Set tings for 8 02.1X 14-3 Displayi ng 802.1X[...]

  • Página 8

    Contents viii Config uring Globa l Settings 2 2-6 Display ing Interfa ce Setting s 22-10 Config uring Inte rface Settin gs 22-13 Config uring Mul tiple Span ning T rees 22-15 Display ing Interfa ce Settings fo r MSTP 22-18 Config uring Inte rface Settin gs for MSTP 22-19 Chap ter 23: VL AN Con fig urat ion 23-1 Assigning Ports to VLANs 23-1 Enablin[...]

  • Página 9

    Contents ix Chapter 28 : Multicast Filtering 28-1 Layer 2 I GMP (Snoop ing and Q uery) 28-1 Config uring IGMP Snooping and Quer y Paramete rs 28-2 Displ aying Interfa ces Attac hed to a M ulticast Router 28-4 Specify ing Static Interfaces fo r a Multic ast Router 28-5 Displ aying Port Members of Multic ast Servi ces 28-6 Assigni ng Ports to Multica[...]

  • Página 10

    Contents x end 33-4 exi t 33-4 quit 33-5 Chapter 34: Sy stem Managem ent Commands 34-1 host name 34-1 relo ad 34 -2 switch re number 3 4-2 jumbo f rame 34-3 show star tup- conf ig 34-3 show runn ing-confi g 34-5 show sy stem 34-7 show use rs 34-7 show ver sion 34-8 Chapter 35: Fi le Management Commands 35-1 copy 35-2 delet e 35 -4 dir 35-5 whichboo[...]

  • Página 11

    Contents xi Chapter 38: SM TP Alert Commands 38-1 logging se ndmai l host 38-1 logging se ndmai l level 38-2 logging se ndmai l source-ema il 38-2 logging se ndmai l destinatio n-email 38-3 logging se ndmail 38-3 show l ogging s endmail 38-4 Chapter 39 : Time Comma nds 39-1 sntp cli ent 39-1 sntp server 39-2 sntp poll 39-3 show sntp 39-3 clock tim [...]

  • Página 12

    Contents xii radi us-server timeout 41-8 show rad ius-server 41-8 TACACS+ Client 41-9 tacacs-serv er host 41-9 tacacs-serv er port 41-9 tacac s-ser ver key 41-1 0 show ta cacs-se rver 4 1-10 Web Serve r Comm ands 41 -11 ip http port 41 -11 ip http serve r 41-11 ip h ttp secur e-serve r 41-12 ip http secur e-port 41-13 Telnet Se rver Com mands 41-14[...]

  • Página 13

    Contents xiii Chapter 44 : Access Control Lis t Commands 44-1 IPv4 ACLs 44-1 access -list ip 44-2 permit, deny (Stand ard IPv4 AC L) 44-2 permit, deny (Exte nded IPv4 ACL ) 44-3 show ip acces s-list 44-5 ip acc ess-group 44-6 show ip acces s-group 44-6 IPv6 ACLs 44-7 access -list ipv6 44- 7 permit, deny (Stand ard IPv6 AC L) 44-8 permit, deny (Exte[...]

  • Página 14

    Contents xiv lacp port-pri ority 46-8 show lacp 46-8 show port -channel loa d-balan ce 46-11 Chapter 47: Broadca st Storm Control Comm ands 47-1 switchp ort broadca st packet-rat e 47-1 Chapter 48: Mirror Port Commands 4 8-1 port monit or 48-1 show port monitor 48-2 Chapter 49: Rat e Limit Commands 49-1 rate-lim it 49-1 Chap ter 50 : Ad dres s Tabl[...]

  • Página 15

    Contents xv Chapter 52: VLAN Commands 52-1 GVRP an d Bridge Ext ension C ommand s 52-1 brid ge-ex t gv rp 52-2 show brid ge-ext 52-2 switchp ort gvrp 52-3 show gvrp conf igurati on 52-3 garp timer 52-4 show garp timer 52-5 Editing VL AN Group s 52-5 vlan d ataba se 52- 5 vlan 5 2-6 Configurin g VLAN Inte rfaces 52-7 interf ace vlan 52-7 switch port[...]

  • Página 16

    Contents xvi Priority Co mmands (Layer 3 an d 4) 55-7 map ip port (Glo bal Configu ration) 55-7 map ip port (Interfa ce Conf iguration) 5 5-8 map ip preceden ce (Glob al Configura tion) 55-8 map ip preceden ce (Interfac e Confi guration) 5 5-9 map ip dscp (G lobal Confi gurati on) 55 -10 map ip dscp (Int erface Configu ration) 55-10 show m ap ip po[...]

  • Página 17

    Contents xvii ip doma in-lookup 58-5 show h osts 58-6 show dns 58-7 show d ns cach e 58-7 clear dn s cache 58-8 Chapter 59 : IPv4 Inter face Comman ds 59-1 ip addres s 59 -1 ip defaul t-gatewa y 59-2 ip dhcp restart 59-3 show ip i nterface 59-4 show ip re direct s 59-4 ping 59-5 Chapter 60 : IPv6 Inter face Comman ds 60-1 ipv6 ena ble 60-2 ipv6 gen[...]

  • Página 18

    Contents xviii Section IV: Appendices Appendix A: Soft ware Specificatio ns A-1 Soft ware F eat ures A- 1 Manage ment Featu res A-2 Stan dard s A-2 Manage ment Inform ation Bas es A-3 Appendix B: Trou bleshooting B-1 Problems Access ing the M anagemen t Interface B-1 Usin g Sys tem Lo gs B-2 Glossary Index[...]

  • Página 19

    xix Tables Table 1- 1 Key Featu res 1-1 Tab le 1-2 Sys tem D efaul ts 1-6 Table 3- 1 Web Page C onfigura tion Button s 3-3 Table 3- 2 Switch Main Men u 3-4 Table 9- 1 Logging Lev els 9-1 Table 11-1 SNMPv 3 Secu rity Mode ls and Level s 11-2 Table 11-2 Suppor ted Notificatio n Messages 11-1 3 Table 12-1 HTTPS System Support 12-6 Table 14 -1 8 02.1 X[...]

  • Página 20

    xx T ables Table 41 -5 RADIUS Client Com mands 41-5 Table 41 -6 TACACS+ Client Com mands 41-9 Table 41 -7 Web Server Comm ands 41-11 Table 41 -8 HTTPS System Support 41-13 Table 41 -9 Telnet Server Co mmands 41-14 Table 41- 10 Secure Shell Comm ands 4 1-15 Table 41 -11 sh ow ssh - di splay de scriptio n 41-22 Table 41 -12 IP Filte r Commands 41-24 [...]

  • Página 21

    xxi T ables Table 57-4 Static Multi cast Routing C ommands 57 -8 Table 58 -1 DNS Command s 58-1 Table 58 -2 show dns ca che - dis play des cription 58-7 Table 59 -1 IPv4 Configura tion Comm ands 59-1 Table 60 -1 IPv6 Configura tion Comm ands 60-1 Table 60 -2 show ipv6 interf ace - dis play des cription 60-10 Table 60 -3 show ipv6 m tu - displ ay de[...]

  • Página 22

    xxii T ables[...]

  • Página 23

    xxiii Figures Figur e 3-1 Home P age 3-2 Figure 3 -2 Front Pane l Indi cators 3-3 Figur e 4-1 Syste m Inf ormat ion 4- 2 Figure 4 -2 Switch Informati on 4-4 Figure 4 -3 Displ aying Brid ge Extens ion Con figuration 4-5 Figure 4 -4 Configuri ng Supp ort for Jumbo Frames 4-6 Figure 4 -5 Renumbe ring the Stack 4-7 Figur e 4-6 Rese tting the S yst em 4[...]

  • Página 24

    xxiv Figures Figure 1 2-7 IP Filter 1 2-14 Figure 1 3-1 Port Security 13-2 Figure 1 4-1 802.1X G lobal Inf ormation 14-2 Figure 1 4-2 802. 1X Global C onfigurati on 14-3 Figure 1 4-3 802.1X Por t Configu ration 14-4 Figure 1 4-4 802.1X Por t Statis tics 14-7 Figure 1 5-1 Selecti ng ACL Type 15-2 Figure 1 5-2 ACL Conf iguration - Standard IPv 4 15-3[...]

  • Página 25

    xxv Figures Figure 2 4-1 Private VLAN Status 24-1 Figure 2 4-2 Private VLAN Link Status 24-2 Figure 2 5-1 Protocol VLAN Config uration 25-2 Figure 2 5-2 Protocol VLAN Port Config uration 25-3 Figure 2 6-1 Default Po rt Priority 26-2 Figure 2 6-2 Traffi c Classes 26 -4 Figure 2 6-3 Queue Mode 26-5 Figure 2 6-4 Queue Schedulin g 26-6 Figure 2 6-5 IP [...]

  • Página 26

    xxvi Figures[...]

  • Página 27

    Section I: Getting Started This secti on provide s an overview of the switc h, and introdu ces some basic concep ts about netwo rk switche s. It also desc ribes the ba sic setting s required to acc ess th e ma nagem ent inte rfac e. Introduc tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1[...]

  • Página 28

    Getting Started[...]

  • Página 29

    1-1 Chapter 1: Introduction This switc h provides a b road rang e of features f or Layer 2 swi tching. It inc ludes a manage ment agent that allows yo u to conf igure the feat ures listed in this manua l. The defau lt configur ation can be used for mos t of the featu res provided by this switch . However , there ar e many op tions that yo u should [...]

  • Página 30

    Introduction 1-2 1 Description of Software F eatures The sw itch prov ides a wide range o f adva nced pe rforman ce enha ncing features. Flow cont rol elimina tes the loss of packets due to bottle necks cau sed by port satura tion. Broadc ast storm sup pressi on prevents bro adcast traffic stor ms from engulfin g the networ k. Untagged (po rt-based[...]

  • Página 31

    Description of Softw are Features 1-3 1 Port Configuration – Y ou can m anual ly configur e the speed an d duple x mode, a nd flow con trol used on specific por ts, or use auto-ne gotiation to de tect the con nection settings used by the attached device . Use the fu ll-duplex m ode on por ts whenever possible to doub le the th roughput o f swit c[...]

  • Página 32

    Introduction 1-4 1 Sp anning T ree Algorithm – The switch su pports these span ning tree prot ocols: S panning Tree Protocol (STP , IEEE 802.1D) – This pr otocol pr ovides loo p detec tion. When there are multiple physical p aths between segments, this protocol will c hoose a single pat h and disab le all other s to ens ure that o nly one rou t[...]

  • Página 33

    Description of Softw are Features 1-5 1 T r affic Priori tizatio n – This switch pr ioritizes each packet based on the req uired level of se rvice, using eight priorit y queues w ith strict or Weig hted Round Robin Queuing. It uses IEEE 802. 1p and 802 .1Q tags to priorit ize incomi ng traffic based on inp ut fr om t he en d-st ation a ppl icati [...]

  • Página 34

    Introduction 1-6 1 System Defaults The switc h’s system defa ults are provide d in the config uration file “Fact ory_Def ault_Con fig.cfg .” To reset the s witch defau lts, this file s hould be se t as the start up configurat ion file (page 6-5). The f ollo wing tab le li sts some of th e basi c syst em defa ult s. T ab le 1-2 S ystem D efaul[...]

  • Página 35

    System Defaults 1-7 1 SNMP SNMP Ag ent En abled Communi ty Strin gs “public ” (read on ly) “privat e” (read/w rite) Traps Authentic ation t raps: enab led Link-up-d own ev ents: ena bled SNMP V3 View: defaul tview Group: pu blic (re ad only); private (rea d/write) Port Conf iguratio n Ad min St atus Enabled Auto-neg otiation En abled Flow C[...]

  • Página 36

    Introduction 1-8 1 Traffic Prioritization Ingress P ort Prio rity 0 Queue M ode WR R Weighted Ro und R obin Queue: 0 1 2 3 4 5 6 7 Weight: 1 2 4 6 8 10 12 14 IP Preceden ce Priority Disabled IP DSCP Priority Disabled IP Port Priori ty Disabled IP S ett ings Router Re dunda ncy Multicast Filte ring Managem ent. V LAN Any VLAN config ured with an IP [...]

  • Página 37

    2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in netwo rk managem ent age nt. The agen t offers a variety of m anagement option s, incl uding SN MP , RMO N and a web- based i nterface. A P C may also be connec ted directly to the switch for configura tion and m onitoring via a com[...]

  • Página 38

    Initial Confi guration 2-2 2 • Configu re up to 32 static o r LACP trun ks per switc h • Enable po rt mirrorin g • Set br oadcast storm control on an y port • Displa y system info rmation and statistic s Required Connections The switch pr ovides an RS-232 ser ial port that en ables a conne ction to a PC or termin al for monitor ing and conf[...]

  • Página 39

    Basic Configur ation 2-3 2 Note: This sw itch supports four c oncurrent Telnet/SSH sessions. After configur ing the switc h’s IP parameters, yo u can acces s the onboa rd configur ation prog ram from any where withi n the attached net work. The on board configur ation prog ram can be ac cesse d using T eln et from any com puter at tached to the n[...]

  • Página 40

    Initial Confi guration 2-4 2 3. T y pe “usern ame guest passw ord 0 pa ss wo rd ,” for the Normal Ex ec level, where password is your new pass wor d. Pr ess < Ent er>. 4. T y pe “usern ame adm in password 0 pa s swo rd ,” for the Pr ivileged Exe c level, wher e password is yo ur new passw ord. Press < Enter>. Setting an IP Addre[...]

  • Página 41

    Basic Configur ation 2-5 2 3. T y pe “exit” to re turn to the globa l configurat ion mode p rompt. Pres s <Enter>. 4. T o set the IP ad dress of the defaul t gateway for the ne twork t o which the switch belongs , type “ip def ault-gatewa y gatew ay ,” where “gatewa y” is t he IP addres s of the defa ult gateway . Press <Enter&[...]

  • Página 42

    Initial Confi guration 2-6 2 T o configure an IPv6 link lo cal address for the switch, co mplete the foll owing steps: 1. From the G lobal Conf iguration mo de promp t, type “inter face vlan 1” to access the interfa ce-configur ation mode. Press <Ente r>. 2. T y pe “ipv6 address” follow ed by up t o 8 colon-sep arated 16- bit hexadec [...]

  • Página 43

    Basic Configur ation 2-7 2 T o genera te an IPv6 global unicas t address fo r the switch usi ng a gener al network prefix, c omple te the following steps: 1. From the G lobal Confi guration mo de promp t, type “ipv6 gen eral prefix prefix-nam e ipv 6-prefix/ prefix-lengt h ,” where the “pr efix-name ” is a label identifying the ne twork s e[...]

  • Página 44

    Initial Confi guration 2-8 2 Dynamic Con figuration Obtaining an I Pv4 Addres s If you sel ect the “bootp” o r “dhcp” optio n, IP will be enable d but will not function unti l a BOOTP or DHCP reply has been recei ved. Y ou therefore need to use the “ip dhcp restart” com mand to start br oadcast ing service re quests. Req uests will be s[...]

  • Página 45

    Basic Configur ation 2-9 2 Obtaining an I Pv6 Addres s Link Loc al Address — There are se veral wa ys to dynami cally con figure IPv6 address es. The sim plest metho d is to automa tically gen erate a “link local” addres s (id enti fie d by an ad dres s p refix of F E80) . T his addres s ty pe ma kes the swit ch accessi ble over IPv 6 for all[...]

  • Página 46

    Initial Confi guration 2-10 2 2. From the int erface pro mpt, type “ipv 6 address autoconfig” and press <E nter>. Enabling SNMP Management Access The switch ca n be confi gured to acc ept manage ment co mmands f rom Simple Network M anagem ent Protocol (SNMP) appl ications su ch as HP Ope nView . Y ou can config ure the swit ch to (1) res[...]

  • Página 47

    Basic Configur ation 2-11 2 The defa ult stri ngs are : • public - with read-on ly acces s. Aut horized manageme nt st ations a re only able to ret rieve MIB obje cts. • private - w ith re ad-write ac cess. A uthorized manag ement st ations a re able t o both ret rieve and modif y MIB obje cts. T o preve nt unautho rized a ccess to th e switch [...]

  • Página 48

    Initial Confi guration 2-12 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re manag ement acc ess for SNMP v3 clien ts, you need to first cr eate a view tha t defines th e portions of MIB that the client ca n read or write, assig n the view to a group , and then assign the user to a gr oup. The follo wing exampl e creates on e view c[...]

  • Página 49

    Managing System Files 2-13 2 Due to the size limit of the flash memor y , the swit ch suppor ts only two operat ion code file s. However, you can have as m any diagn ostic code files and conf iguration files as available f lash mem ory space al lows. The s witch ha s a total of 32 M bytes of flash memory for s ystem fi les. In the syst em flash mem[...]

  • Página 50

    Initial Confi guration 2-14 2[...]

  • Página 51

    Section II: Switch Management This secti on describe s the basic swi tch features, along with a de tailed description of how to conf igure each feature vi a a web browse r , an d a brief exam ple for the Comma nd Line Inte rface. Configuri ng the Swi tch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Basic Sy [...]

  • Página 52

    Switch Management Configuri ng Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 9-1 Switch Clus tering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30-1[...]

  • Página 53

    3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch prov ides an e mbedde d HTTP web ag ent. Us ing a we b browse r you c an configur e the switch and view statis tics to monit or network ac tivity . The web agen t can be acce ssed by any compu ter on the ne twork using a standard web browser (Interne t Explorer 5.0 or ab[...]

  • Página 54

    Configuring the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-br owser in terface yo u must first ente r a user nam e and password . The adm inistrato r has Rea d/Write acce ss to al l configur ation param eters and statistics. The default user name an d password “ad min” is used for the adminis trator . Home Page When y[...]

  • Página 55

    Navigating the Web Brow ser Interface 3-3 3 Configurati on Options Configu rable param eters h ave a di alog b ox or a drop-dow n list. Once a configur ation change ha s been mad e on a page, be sur e to click o n the Apply butt on to confi rm the new set ting. The foll owing table su mmarizes the web page conf iguration buttons. Notes: 1. To ensu [...]

  • Página 56

    Configuring the Switch 3-4 3 Main Menu Using th e onboard web agent, you can define sy stem parame ters, ma nage and contro l the switch, and a ll its ports, or monitor network c onditions. The following table briefly des cribes the selectio ns availab le from this pr ogram. T ab le 3-2 Sw itch Ma in Menu Menu Descr iption Page System 4-1 System In[...]

  • Página 57

    Navigating the Web Brow ser Interface 3-5 3 SNMP 11 - 1 Configura tion Configure s comm unity strin gs and re lated trap functio ns 1 1 -3 Agent Sta tus Enables o r disab les SNMP 1 1 -2 SNMPv3 11 - 6 Engine ID Sets the S NMP v3 engine ID 1 1-7 Remote E ngine ID Sets the S NMP v3 engine ID on a re mote devic e 1 1 -7 User s Con fi gures SNMP v3 use[...]

  • Página 58

    Configuring the Switch 3-6 3 Trunk Me mbersh ip Specif ies ports t o group in to stati c trunks 17-2 LACP 17-1 Configura tion Allo ws ports to dynamic ally join trunks 17-5 Aggregat ion Port Config ures paramet ers for link aggre gation group mem bers 17-7 Port Coun ters In formation Displays s tatistic s for LACP protocol messag es 17-9 Port Inter[...]

  • Página 59

    Navigating the Web Brow ser Interface 3-7 3 Port Conf iguratio n Configure s port sett ings fo r a specifie d MST ins tance 22-19 Trun k Co nfigu rati on Confi gures trun k set tin gs for a spec ifi ed MST inst anc e 22-19 VLAN 23-1 802.1Q V LAN GVRP Sta tus Enables G VRP VLA N regis tration pro tocol 23-4 802.1Q T unnel S tatus Enables Q inQ tu nn[...]

  • Página 60

    Configuring the Switch 3-8 3 IP DSCP Priority Se ts IP D ifferentiated S ervices C ode Point priority, mapping a DSCP tag to a c lass-of-ser vice value 26-9 IP Po rt P rior ity St at us Glob all y enab les o r di sabl es IP Po rt Prior ity 26-1 1 IP Port Pr iority Sets TCP /UDP p ort priority, defining the socket nu mber a nd associate d class -of-[...]

  • Página 61

    4-1 Chapter 4: Basic System Settings This cha pter descr ibes the ba sic functio ns requir ed to set up m anagem ent acces s to the swit ch, disp lay or upg rad e oper at ing soft ware , or res et th e sy stem. Displaying System Infor mation Y o u can easily identify the sy stem by displaying t he device name, loca tion and contact infor mation. Fi[...]

  • Página 62

    Basic System Settin gs 4-2 4 We b – Click Syste m, System Informa tion. S pecify the system name, location, and contac t informati on for the syst em administrato r , th en click Apply . (This page a lso includes a T elnet button that allows access to the Command Line Interface via T elnet.) Figure 4-1 Syste m Inform ation[...]

  • Página 63

    Displayin g Switch Hardware/Softw are V ersions 4-3 4 CLI – S peci fy th e ho stna me, l ocat io n and cont act in format io n. Displaying Switch Hardw are/Software Ve rsions Use the Sw itch Inform ation page to disp lay hard ware/firm ware vers ion number s for the main bo ard and m anagement software, as well as the powe r status of the system [...]

  • Página 64

    Basic System Settin gs 4-4 4 • Boot-ROM Version – Version of Pow er-On Sel f-Test (POST ) and boot cod e. • Operation Code Version – Version nu mber of ru ntime cod e. • Role – Shows tha t this switch is oper ating as Mas ter or Slave . These addi tional param eters are dis played for the CLI. • Unit ID – Unit number in sta ck. • [...]

  • Página 65

    Displaying Br idge Extension Capab ilities 4-5 4 Displaying Bridge Exten sion Capabilities The Bridg e MIB includ es extensio ns for manage d devices that suppor t Multicast Fil ter ing, T raf fic Cl asse s, a nd V irt ual LANs. Y ou ca n ac cess t hes e ext ensi ons t o dis play def ault sett ings fo r the key va riab les. Field Attributes • Ext[...]

  • Página 66

    Basic System Settin gs 4-6 4 CLI – Enter the fo llowing com mand. Configuring Support for Jum bo Frames The switc h provides more efficient thro ughput for large seque ntial data transf ers by support ing jumbo fram es up to 92 16 bytes. Com pared to standa rd Ethernet frames that run only up to 1.5 KB, using jumbo fram es signific antly reduces [...]

  • Página 67

    Renumbering the Sta ck 4-7 4 Renumbering the Stack If the units are no lo nger numbe red seque ntially after se veral topo logy cha nges or fai lur es, you ca n re set the unit numb ers u sin g the “ Ren umber ing ” co mmand. Jus t remembe r to save the new conf iguration s ettings to a startu p configur ation file prior to powering off the sta[...]

  • Página 68

    Basic System Settin gs 4-8 4[...]

  • Página 69

    5-1 Chapter 5: Settin g an IP Address This chap ter describe s how to conf igure an IP v4 interface for man agement ac cess over the net work. This switch sup ports both IPv4 an d IPv6, an d can be man aged throug h either of these address types. F or informati on on conf iguring the switch wit h an IPv6 add ress, see “ Settin g the Switch’s IP[...]

  • Página 70

    Setting an IP Addre ss 5-2 5 Manual Config uration We b – Click Sy stem, IP Co nfiguration. Select the VLAN t hrough whic h the manage ment station is attac hed, set the IP Address M ode to “S tatic,” Enter the IP address , subnet ma sk and gat eway , then click Apply . Figure 5- 1 IPv4 Interface Configura tion - Manual CLI – S pecify the m[...]

  • Página 71

    Setting the Switc h’s IP Address (IP V ersion 4) 5-3 5 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switch to be dyna mic ally co nfi gur ed by th ese serv ices . We b – Click Sy stem, IP Co nfiguration. S p ecify the V LAN to which th e manage ment statio n is attached, set the IP Address Mode to DHCP o[...]

  • Página 72

    Setting an IP Addre ss 5-4 5 We b – If the address a ssigned by DHCP is no longer function ing, you will not be able to rene w the IP sett ings via the web i nterface . Y ou can o nly restart DHC P service vi a the web int erface if the current add ress is still av ailable. CLI – Enter t he following command t o rest art DHCP service. Setting t[...]

  • Página 73

    Setting the Switc h’s IP Address (IP V ersion 6) 5-5 5 length, an d using the EUI- 64 form of the interface iden tifier to auto matically cre ate th e low- orde r 64 bit s in t he host port ion of the add ress . - You can also manually c onfigure the global unicast a ddress b y enterin g the full addr ess an d pref ix le ngth . - Or y ou can incl[...]

  • Página 74

    Setting an IP Addre ss 5-6 5 IP Addr ess • Auto Configuration – Ena bles stat eless autoc onfigura tion of IPv6 ad dresses o n an inter face a nd enab les IP v6 funct ionality on th e interfac e. The network portion of the addr ess is bas ed on pref ixes rece ived in I Pv6 router advertis ement me ssages, and the ho st portion is aut omatica ll[...]

  • Página 75

    Setting the Switc h’s IP Address (IP V ersion 6) 5-7 5 length of the general prefix takes pr ecedenc e, and some of the addres s bits entered in the IPv6 Address field will be ignored. • Address Ty pe – Defines th e address type configur ed for this in terface. • Link Local – Con figures an IPv6 link-lo cal addres s. - The address p refix[...]

  • Página 76

    Setting an IP Addre ss 5-8 5 Curr ent Addr ess T able • IPv6 Ad dress – IPv6 address assigned to this interface. In addition to the un icast add resses ass igned t o an interfa ce, a nod e is required to join the all-n odes mult icast address es FF01 ::1 and FF02: :1 for all IPv6 no des within s cope 1 (inter face-loc al) and scope 2 (link- loc[...]

  • Página 77

    Setting the Switc h’s IP Address (IP V ersion 6) 5-9 5 We b – Click Sy stem, IPv 6 Configura tion, IPv6 Con figurat ion. Set the IP v6 default gateway , specify t he VLAN to c onfigure, en able IPv6, and set the M TU. Then enter a global uni cast or link-l ocal addres s and click Ad d IPv6 Addr ess. Figure 5 -3 IPv 6 Interfac e Conf iguration[...]

  • Página 78

    Setting an IP Addre ss 5-10 5 CLI – Th is e xampl e co nfig ures an I Pv6 g atewa y , spec ifi es th e mana geme nt interface, configur es a globa l unicast addr ess, and the n sets the MTU. Configuring an IPv6 General Network Prefix The IPv 6 Gen eral Prefix page is used to configu re g eneral p refixes t hat are subseque ntly us ed on the IPv6 [...]

  • Página 79

    Setting the Switc h’s IP Address (IP V ersion 6) 5-11 5 We b – C lick Syst em, IPv6 Config uration, IPv 6 Gene ral Prefix . Click A dd to open the editing fiel ds for a prefix entry . Ente r a name for the general prefix, the value for the general pr efix, and the prefix lengt h. Then click Ad d to enable th e entry . Figure 5- 4 IPv6 General P[...]

  • Página 80

    Setting an IP Addre ss 5-12 5 - Con figuring a val ue of 0 disab les duplicat e addres s detectio n. - Dup licate address detection deter mines if a new unicas t IPv 6 addre ss alrea dy exists on t he networ k before it is assi gned to an interface. - Dup licate address d etection is s topped on any interfac e that h as b een suspend ed (see “Cr [...]

  • Página 81

    Setting the Switc h’s IP Address (IP V ersion 6) 5-13 5 - PRO BE - A reach ability confir mation is ac tively sough t by resen ding neighb or solicitat ion messa ges every RetransT imer inter val until con firmation of reachab ility is receive d. - ?? ?? - Unknown s tate. The follow ing states are used for stat ic entries : - INC MP (Incom plete)[...]

  • Página 82

    Setting an IP Addre ss 5-14 5 We b – Click Sy stem, IPv6 C onfigura tion, IPv6 ND N eighbor . T o confi gure the Neighbo r Detec tion prot ocol set tings, select a VLAN i nterface, set the numb er of attempts allow ed for dupl icate add ress detect ion, set the int erval for nei ghbor solicitation messa ges, a nd click Apply . T o c onfigure stat[...]

  • Página 83

    6-1 Chapter 6: Managing System Files This chap ter describe s how to upgr ade the sw itch ope rating software, save and restor e switch co nfigura tion files, an d set the sy stem start-u p files. Managing Firmware Y ou ca n upload/d ownload f irmware to or from a TFTP se rver . By saving runtime code to a file on a TFTP serve r , that file can lat[...]

  • Página 84

    Managing System Files 6-2 6 Downloading System Software fr om a Server When dow nloadin g runtime cod e, you can specify the destinatio n file name to replace th e current im age, or first dow nload th e file using a differen t name from the current ru ntime co de file, and then set the new f ile as the startup fi le. We b – Click Sy stem, File M[...]

  • Página 85

    Managing F irmware 6-3 6 T o delete a f ile select Syst em, File Manag ement , Delete. Select the file name from the given l ist by check ing the tick bo x and click Ap ply . Note th at the file curr ently designa ted as the startu p code cann ot be delete d. Figure 6- 3 Dele ting Files CLI – T o downlo ad new firm ware form a TF TP server, enter[...]

  • Página 86

    Managing System Files 6-4 6 Saving or Restoring Conf iguration Settings Y ou ca n upload/ downlo ad configurat ion setting s to/from a TF TP server . The configur ation file can be later dow nloaded to restore the switch’s setting s. Command Attributes • File Trans fer Method – Th e configur ation copy o peration inc ludes these options: - fi[...]

  • Página 87

    Saving or Res toring Configurati on Settings 6-5 6 Downloading Configur ation Settings from a Server Y ou ca n downl oad the config uration file un der a new file name and then set it as the startup file, or you can spec ify the c urrent sta rtup conf iguration file as the destinat ion file to direct ly replace it. Note that th e file “Factory _D[...]

  • Página 88

    Managing System Files 6-6 6 CLI – Enter the IP ad dress of t he TFTP s erver , specif y the sour ce file on t he ser ver , set the startup file name on the switch , and then res tart the switch . T o selec t another co nfiguration f ile as the start-u p configur ation, use the boot system command a nd then res tart the switch. Console#copy tftp s[...]

  • Página 89

    7-1 Chapter 7: Console Port Settings Y ou ca n acces s the onboar d configur ation prog ram by attaching a VT1 00 compatible de vice to the switch’s serial console por t. Manage ment acces s throug h the con sole po rt is contr olled by various parameters , includin g a passwor d, timeou ts, and basi c commu nication settings . These param eters [...]

  • Página 90

    Console Port Setti ngs 7-2 7 We b – Click S ystem, Line, Cons ole. Specify the conso le port con nection para meters as req uired, th en click Apply . Figure 7-1 Conf iguring the Console Port CLI – Enter Line Co nfigurat ion mode for the console, t hen specify the conne ction parameter s as require d. T o display t he curren t console po rt set[...]

  • Página 91

    8-1 Chapter 8: Telnet Settings Y ou ca n acces s the onboar d configur ation prog ram over the ne twork using T elnet (i.e., a vir tual termin al). Man agemen t access via T elne t can be e nabled/di sabled and other va rious paramet ers set, includ ing the TCP port numbe r , tim eouts, and a password. These parame ters can be co nfigured via the w[...]

  • Página 92

    T elnet Setti ngs 8-2 8 Figure 8-1 Conf iguring th e Telnet In terfac e CLI – Enter Line Co nfigurat ion mode f or a virtual term inal, then spe cify the connection parameters as requir ed. T o displa y the curr ent virtual terminal s ettings, use the sho w line comma nd from t he Nor mal Exe c leve l. Console(config)#line vty 36-1 Console(config[...]

  • Página 93

    9-1 Chapter 9: Configur ing Event Logg ing The sw itch allow s you t o control t he logg ing of err or messag es, incl uding th e type o f events that are re corded in sw itch memory , logging to a rem ote System Log (syslog ) server, and disp lays a list of recent even t messa ges. System Log Configuration The syste m allows yo u to enable or di s[...]

  • Página 94

    Configuring Ev ent Logging 9-2 9 We b – Click Sy stem, Lo gs, System Logs. S pecify Syst em Log Status, set the lev el o f event messa ges to be l ogge d to RA M and f lash memory , th en cli ck Ap ply . Figure 9-1 Syste m Logs CLI – Enable system lo gging and t hen specif y the level of messa ges to be log ged to RAM an d flash memo ry . Use t[...]

  • Página 95

    Remote Log Confi guration 9-3 9 • Host IP Address – S p ecifies a new server IP address to add to the Ho st IP List. We b – Click System, Logs, Remote Logs. T o add an IP address to t he Host IP Lis t, type the new IP address in the Host IP Ad dress box , and then clic k Add. T o dele te an IP addr ess, click th e entry in the H ost IP List, [...]

  • Página 96

    Configuring Ev ent Logging 9-4 9 Displaying Log Message s Use the Log s page to scro ll through the lo gged syst em and event messag es. The switch can store up to 20 48 log entr ies in tempo rary rando m acces s memory (RAM; i.e., memor y flushed o n power res et) and up to 40 96 entries in permane nt flash memory . We b – Click Sy stem, Log , L[...]

  • Página 97

    Sending Simple Mail T ransfer Protocol Alerts 9-5 9 • SMTP Se rver List – S peci fies a li st of up t o t hree r eci pie nt SM TP se rver s. The switch attempts to connect to th e other listed se rvers if the fir st fails. Use the New SMTP Serv er text field an d the Add/Rem ove butto ns to configur e the list. • Email Dest ination Addres s L[...]

  • Página 98

    Configuring Ev ent Logging 9-6 9 CLI – Enter the IP ad dress of a t least on e SMTP se rver , set the s yslog seve rity level to trigger a n email me ssage, an d specify t he switch ( source) and up to five r ecipient (destina tion) email addr esses. En able SMTP wi th the logging sendm ail comm and to compl ete the configur ation. Us e the show [...]

  • Página 99

    10-1 Chapter 10: Setting the Sys tem Clock Simple Network T ime Protocol (SNTP) allows the switch to set its int ernal clock based on pe riodic upd ates from a time s erver (SN TP or NTP). Main taining an accurate t ime on the s witch enabl es the syste m log to recor d meaningf ul dates an d times fo r event entri es. Y ou ca n also m anually set [...]

  • Página 100

    Setting the System C lock 10-2 10 CLI – This examp le configu res the switch to operate a s an SNTP cli ent and then displays the curre nt time and se ttings. Setting the Time Zone SNT P uses Coor dina ted Uni vers al T ime (o r UTC , f ormer ly G reenw ich Mean T ime, or GMT) based on the time a t the Earth’s p rime merid ian, zero degrees lon[...]

  • Página 101

    11-1 Chapter 11: Simple Network Management Protoco l This chap ter describe s how to confi gure the Simp le Networ k Manag ement Protoc ol (SNMP) on the s witch. SNMP Overview SNMP is a com municat ion protoco l designe d spe cifically for manag ing dev ices on a network . Equipm ent comm only man aged wit h SNMP i ncludes sw itches, routers and ho[...]

  • Página 102

    Simple Network Manag ement Protocol 11-2 11 securi ty models v1 an d v2c. The f ollowing table shows the s ecurity m odels an d levels ava ilable and the system default se ttings. Note: The predefined default groups and view c an be deleted from the system. You can then d efine custom ized groups and views f or the SNM P clients tha t require a cce[...]

  • Página 103

    Setting Community Access Strings 11-3 11 CLI – The followi ng exampl e enables SN MP on the sw itch. Setting Community Acces s Strings Y o u may configur e up to five comm unity st rings autho rized for man agemen t access by clien ts using SN MP v1 and v 2c. All co mmunity strings used f or IP Trap Mana gers should be listed in this table. For s[...]

  • Página 104

    Simple Network Manag ement Protocol 11-4 11 Specifying Trap Manage rs and Trap Type s T raps indic ating status c hanges ar e issued by the switch to speci fied trap m anager s. Y o u must spec ify trap man agers so that key events a re reported by t his switch to your ma nageme nt station (using n etwork m anagem ent platforms su ch as HP OpenVie [...]

  • Página 105

    Specifying Trap Managers and Trap T ypes 11-5 11 Version 1 or 2c clients), or d efine a corres ponding “User Nam e” in the SNM Pv3 Users pag e (for Version 3 clients). (R ange: 1-32 c haracte rs, case sen sitive) • Trap UDP Port – Specifies th e UDP port num ber use d by the trap man ager. • Trap Version – Indi cates if the us er is run[...]

  • Página 106

    Simple Network Manag ement Protocol 11-6 11 We b – Click SN MP , Configura tion. Enter the IP addres s and commu nity string for each management stat ion that will receive trap messages, specify the UDP port, SNMP trap ve rsion, t rap secu rity le vel (for v3 clients), trap info rm set tings (f or v2c/ v3 clients), an d then click Add. Sele ct th[...]

  • Página 107

    Configuring SNMPv 3 Management Access 11-7 11 Setting a Local Engine ID An SNMP v3 eng ine is an independ ent SN MP agen t that res ides on t he switch . This engine prot ects against m essage re play , dela y , and redir ection. The en gine ID is also use d in combin ation with use r passwords to generate the secur ity keys for aut hent icat ing a[...]

  • Página 108

    Simple Network Manag ement Protocol 11-8 11 The en gine ID can be speci fied by ente ri ng 1 to 26 hex adec imal char acte rs. If less than 26 ch aracters ar e specified , trailing zer oes are add ed to the value. For example, the value “ 1234” is equiva lent to “12 34” followed by 22 zeroes . We b – Click SNMP , SNMPv3, Remote Engine ID.[...]

  • Página 109

    Configuring SNMPv 3 Management Access 11-9 11 • Authen tication Passwo rd – A min imum of ei ght plain te xt charact ers is req uired. • Privacy Protocol – The en cryption algorithm use f or data privacy; on ly 56- bit DES is currentl y available. • Privacy P asswor d – A minimum of eight plain text character s is required . • Actions[...]

  • Página 110

    Simple Network Manag ement Protocol 11-10 11 CLI – Us e th e snmp-s erver u ser comm and to conf igure a new user name an d assign it to a group. Configuring Remote SNMPv3 Users Each SNMP v3 user is defined by a uniq ue name. U sers must be co nfigured with a specific security le vel and ass igned to a group. The SNMPv 3 group rest ricts users to[...]

  • Página 111

    Configuring SNMPv 3 Management Access 11-11 11 • Privacy Protocol – The en cryption algorithm use f or data privacy; on ly 56- bit DES is currentl y available. • Privacy P asswor d – A minimum of eight plain text character s is required . We b – Click SNM P , SNMPv3, R emote User s. Click New t o configur e a user name. In the Ne w User p[...]

  • Página 112

    Simple Network Manag ement Protocol 11-12 11 CLI – Us e th e snmp-s erver u ser comm and to conf igure a new user name an d assign it to a group. Configuring SNMPv3 Groups An SNMP v3 group se ts the acces s policy for its ass igned use rs, restrict ing them to specific read, write, and notify view s. Y ou can use th e pre-define d defaul t groups[...]

  • Página 113

    Configuring SNMPv 3 Management Access 11-13 11 T a ble 11-2 Support ed Notifica tion M essages Object La bel Objec t ID De scription RFC 1493 Traps newRoot 1.3.6.1.2. 1.17.0 .1 The newR oot tra p indicate s that the sending agent has becom e the new roo t of the S panning Tree; the trap is sent by a bridge soo n after its election as the new root, [...]

  • Página 114

    Simple Network Manag ement Protocol 11-14 11 Private Tr aps - swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.95.2. 1.0.1 This trap is sent wh en the power state chan ges. swFanFai lureTra p 1.3 .6.1.4. 1.259.6.1 0.95.2.1.0 .17 This tr ap is sent when t he fan fail s. swFanRe coverTr ap 1.3.6.1.4. 1.259. 6.10.95.2. 1.0.18 Th is trap is s ent wh e[...]

  • Página 115

    Configuring SNMPv 3 Management Access 11-15 11 We b – Click SNMP , SNMPv3, Groups. Clic k New to configure a new group. In the New G roup page , define a name, assign a secur ity model and le vel, and then sel ect read, wr ite, and notify vi ews. Click Ad d to save the ne w group and return to th e Groups list. T o d elete a grou p, check t he bo[...]

  • Página 116

    Simple Network Manag ement Protocol 11-16 11 Setting SNMPv3 Views SNMPv 3 views are us ed to res trict user a ccess to specified por tions of the MIB tree. The prede fined view “defaultvi ew” include s access to th e entire MIB tree. Command Attributes • View Name – The nam e of the SNMP view. (Range : 1-64 chara cters) • View OID Subt re[...]

  • Página 117

    Configuring SNMPv 3 Management Access 11-17 11 CLI – Us e th e snmp-s erver vi ew comma nd to config ure a new vi ew . Thi s examp le view incl udes the MIB-2 in terfaces ta ble, and the wild card mask select s all in dex entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2. 1.2.2.1.1.* included 40-10 Console(config)#exit Console#show sn[...]

  • Página 118

    Simple Network Manag ement Protocol 11-18 11[...]

  • Página 119

    12-1 Chapter 12: User Authentication This chap ter describe s how to conf igure the swi tch to authent icate use rs logging int o the sy stem f or manag emen t access using local or remo te aut henticati on me thods. The sw itch pr ovides s ecure network manag ement a ccess u sing t he follow ing options: • User Accou nts – Man ually confi gure[...]

  • Página 120

    User Authenticatio n 12-2 12 We b – Click Sec urity , Use r Accounts. T o configure a new user accoun t, enter the user nam e, acces s level, a nd passwo rd, then click Add. T o chan ge the pass word for a specifi c user , enter the u ser name and new passwor d, confirm the password b y ent erin g it agai n, then cli ck A pply . Figure 12 -1 Use [...]

  • Página 121

    Configuring Loc al/Remote Logon Authentication 12-3 12 RADIUS uses UDP while T ACACS+ uses TCP . UDP on ly of fers best ef fort delivery , while TCP o ffers a connecti on-oriented transport. Also, note that RADIUS e ncrypts only the passw ord in the access-req uest packet from the clien t to the server, while T ACACS+ enc ryp ts th e enti re bo dy [...]

  • Página 122

    User Authenticatio n 12-4 12 - ServerIndex – Speci fies one of five RADIU S servers th at may be con figured. The switch at tempts authenticat ion using the l isted sequ ence of serve rs. The process ends whe n a server eithe r approv es or denies ac cess to a us er. - Server IP Address – Ad dress of authent ication serv er. (Default: 10.1.0.1)[...]

  • Página 123

    Configur ing HTTPS 12-5 12 CLI – Specify all the required parameters to enable logon authent ication. Configuring HTTPS Y ou ca n config ure the switch to enable th e Secure Hyp ertext Transfer Proto col (HTTPS ) over the Secu re Socket Layer (SS L), providi ng secure access (i.e., an encrypt ed con nection) to the switch ’ s w eb inter face. C[...]

  • Página 124

    User Authenticatio n 12-6 12 - The client and ser ver gene rate sessi on keys for encryptin g and decr ypting dat a. • The c lient and serve r esta blish a secure encryp ted co nnection . A padlock icon should appear in the status bar for Internet Expl orer 5.x or abo ve and Netsc ape 6.2 or above. • The follow ing web bro wsers and op erating [...]

  • Página 125

    Configur ing HTTPS 12-7 12 obt ai n a uniq ue cer tif icat e and a pr ivat e key an d pa sswor d from a reco gniz ed certifica tion autho rity . Note: For maximum security, we recom mend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity. This is because the default certificate for the switch is not unique to the hardw[...]

  • Página 126

    User Authenticatio n 12-8 12 Configuring the Secure S hell The Berkl ey-standard includes rem ote acce ss tools orig inally desi gned for Un ix systems. Some of the se tools hav e also bee n implemen ted for Micr osoft Window s and other environm ents. These tool s, includin g command s such as rlog in (remot e login), rsh (remote she ll), and rcp [...]

  • Página 127

    Configuri ng the Secure Shell 12-9 12 client’s gran ted manage ment ac cess to the swi tch. (Note th at these clie nts must be config ured loca lly on the sw itch via the Use r Accounts page as de scribed on page 12-1.) Th e clients are subs equently authentic ated using the se keys. Th e curren t firmware on ly accepts public key f iles based on[...]

  • Página 128

    User Authenticatio n 12-10 12 Authenticating SSH v2 Clients a.The client fir st queries the sw itch to determine if D SA public key authe ntication us ing a preferr ed algorithm is acceptable. b.If the spec ified alg orithm is supp orted by the switch, it notifies the cli ent to procee d with the aut henticati on proces s. Otherwi se, it rejects th[...]

  • Página 129

    Configuri ng the Secure Shell 12-11 12 We b – Click Security , SSH, Host-Key Settings. Sel ect the host-key type f rom the drop-down box, s elect the option to save the host key f rom memory to fla sh (if required ) prior to gener ating the key , and then c lick Genera te. Figure 1 2-5 S SH Host-K ey Settin gs CLI – Th is ex ampl e ge nera tes [...]

  • Página 130

    User Authenticatio n 12-12 12 Configuring t he SSH S erver The SSH se rver incl udes basic se ttings fo r authentica tion. Field Attributes • SSH Server Status – Allo ws you to enab le/disable the SSH serve r on the switch. (Def aul t: D isab led) • Version – The Secu re S hell vers ion numb er. V ers ion 2 .0 i s dis play ed, but the switc[...]

  • Página 131

    Filtering IP Add resses for Manageme nt Access 12-13 12 CLI – This examp le enables SSH, sets the auth enticatio n parameters, and displays the cur rent confi guration . It sho ws that t he adm inistrator h as mad e a conn ection via SHH, and then disables this connec tion. Filtering IP Addresses f or Management Ac cess Y o u can creat e a list o[...]

  • Página 132

    User Authenticatio n 12-14 12 • End I P Addr ess – The en d address of a r ange. We b – Click Secur ity , IP Filter. Enter the IP addres ses or ran ge of address es that are allowe d manage ment acces s to an interface , and click Add IP Filtering En try . Figure 1 2-7 IP Filter CLI – Th is e xampl e re str ict s ma nagem ent acces s fo r T[...]

  • Página 133

    13-1 Chapter 13: Configur ing Port Security Port securit y is a feature t hat allows you to configur e a switch por t with one or mor e device MA C addres ses that are authorize d to acces s the netw ork through that port. When por t security i s enabled on a po rt, the swi tch stops learning new MAC address es on the sp ecified po rt when it ha s [...]

  • Página 134

    Configuring Port Security 13-2 13 We b – Click Security , Port Security . Set the action to take when an invalid address is detected o n a port, mar k the checkb ox in the Status column to enabl e securit y for a port, set the maxi mum num ber of M AC addr esses all owed on a port, and click A pply . Figure 1 3-1 P ort Secur ity CLI – This exam[...]

  • Página 135

    14-1 Chapter 14: Config urin g 802.1X Po rt Authentication Netw ork switch es can pr ovi de ope n and eas y acce ss to ne twor k resou rces by simply attac hing a client PC. Although this automat ic configur ation and ac cess is a desirabl e feature, it al so allows un authoriz ed person nel to easily intr ude and possibly gain acces s to sensit iv[...]

  • Página 136

    Configuring 802.1 X Port Authentica tion 14-2 14 The oper ati on of dot1 x on the swit ch r equi res the f oll owin g: • Th e swi tch must have an IP addr ess assi gned. • The IP addr ess of the R ADIUS se rver must be specified . • 802.1X mus t be enabled globally for the switch. • Each swit ch port tha t will be used m ust be set to d ot1[...]

  • Página 137

    Configuring 802.1X Global Settings 14-3 14 Configuring 802.1X Glob al Settings The 80 2.1X proto col pr ovi des po rt aut hent ica tion . The 80 2.1X pr oto col mus t be enabled globa lly for the swit ch syst em b efore por t sett ings are active. Command Attributes 802.1X Sy stem Authent ication Con trol – Sets the g lobal setting for 802.1X. (D[...]

  • Página 138

    Configuring 802.1 X Port Authentica tion 14-4 14 • Max Reque st – Sets the maximum nu mber of times the switch p ort will retransmit an EAP request packet to the client bef ore it tim es out the aut henticatio n session . (Ran ge: 1-10 ; De faul t 2) • Quiet Period – Sets the ti me that a switch port waits after the Max R equest count has b[...]

  • Página 139

    Configuring Port Se ttings for 80 2.1X 14-5 14 CLI – Th is ex ampl e se ts the 802. 1X p aram eter s on p ort 2. For a des crip tio n of t he addition al fields disp layed in this e xample, see “show dot1 x” on page 43 -6. Console(config)#interface ethernet 1/2 45-1 Console(config-if)#dot1x port-control aut o 43-2 Console(config-if)#dot1x re-[...]

  • Página 140

    Configuring 802.1 X Port Authentica tion 14-6 14 Displaying 802.1X Stat istics Thi s swit ch c an d isp lay s ta tist ics for dot1 x prot oco l exc han ges f or an y po rt. T a ble 14-1 8 02.1X St atistics Paramete r Descr iption Rx EAPO L Start The numb er of EAPOL Start fra mes that ha ve been re ceived b y this Authe nticator. Rx EA POL Logo ff [...]

  • Página 141

    Displaying 8 02.1X Statistics 14-7 14 We b – Select Security , 802.1X, S tatisti cs. Select the required port and then click Query . Click Refresh to upd ate the sta tistics. Figure 14-4 8 02.1X Po rt Statistic s CLI – Th is ex ampl e di spl ays t he do t1x st atis tic s fo r po rt 4. Console#show dot1x statistics interface e thernet 1/4 43-6 E[...]

  • Página 142

    Configuring 802.1 X Port Authentica tion 14-8 14[...]

  • Página 143

    15-1 Chapter 15: Access Control Lists Access C ontrol Lists (AC L) provid e packet filtering f or IPv4 frame s (based on addr ess, prot ocol , Laye r 4 prot ocol port number or TCP co ntro l code ), IPv6 fra mes (based on add ress, next h eader ty pe, or flow l abel), or any f rames ( based o n MA C address or Ethern et type). To filter incom ing p[...]

  • Página 144

    Access Co ntrol Lists 15-2 15 the “TC P” protocol is specifie d, then you ca n also filter pac kets bas ed on the TCP co ntrol code . • IPv6 Standard : IPv6 ACL mode that filters pac kets base d on the sou rce IPv6 addr ess. • IPv6 Extende d : IPv6 ACL mo de th at fi lte rs pa cke ts base d on the desti nati on IP addres s, as well as the t[...]

  • Página 145

    Configuring a n Extended IPv4 ACL 15-3 15 We b – S pecify the action (i .e., Permit or Deny). Select the address type ( Any , Host, or IP). If you select “Host ,” enter a spe cific addr ess. If you se lect “IP ,” enter a subnet address and t he ma sk for an addr ess ra nge. Then click Add. Figure 1 5-2 AC L Configu ration - S tandar d IPv[...]

  • Página 146

    Access Co ntrol Lists 15-4 15 • Source/D estination Por t – Source/d estinatio n port numb er for the spe cified protocol type. (Range: 0-6553 5) • Source/D estination Por t Bit Mask – Decim al number represent ing the port bit s to match. (R ange: 0-6 5535) • Control Code – Decim al number (represent ing a bit string) that specifies fl[...]

  • Página 147

    Configuring a n Extended IPv4 ACL 15-5 15 We b – S pecify the act ion (i.e., Perm it or Deny). Specify the sourc e and/or destinat ion addres ses. Select th e address type (Any , H ost, or IP). If you select “Host,” enter a spec ific addr ess. If y ou s elect “IP ,” e nter a s ubnet address and t he mask for an address r ange. Set any oth[...]

  • Página 148

    Access Co ntrol Lists 15-6 15 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any com bination of permit or deny r ules. • Source/D estination Address Type – Use “Any” to in clude all possibl e address es, “Host” to indicate a sp ecific MAC address , or “MAC” to sp ecify an addr ess rang e with the Add re[...]

  • Página 149

    Configuring a Stand ard IPv6 ACL 15-7 15 We b – S pecify the act ion (i.e., Perm it or Deny). Specify the sourc e and/or destinat ion addres ses. Select the address type (Any , Host, or MA C). If you sele ct “Host,” enter a sp ecific a ddress ( e.g., 1 1-22- 33-44-55- 66). If yo u selec t “MAC ,” enter a base addr ess and a hex idecima l [...]

  • Página 150

    Access Co ntrol Lists 15-8 15 • Source Prefix-Le ngth – A decimal value indicati ng how man y contiguou s bits (from the l eft) of the add ress compr ise the pre fix (i.e., the net work portio n of the address ). We b – S pecify the action (i .e., Permit or Deny). Select the address type ( Any , Host, or IPv6-pre fix). If you select “ Host,[...]

  • Página 151

    Configuring a n Extended IPv6 ACL 15-9 15 • Dest inat io n Pref ix -Le ngth – A decimal value i ndicating h ow many c ontigu ous bits (from the l eft) of the add ress compr ise the pre fix (i.e., the net work portio n of the address ). • Next Header – Ident ifies the type o f heade r immedi ately fol lowing th e IPv6 header . (Ran ge: 0- 25[...]

  • Página 152

    Access Co ntrol Lists 15-10 15 We b – S pecify the action (i .e., Permit or Deny). Select the address type ( Any or IPv6-pref ix). If y ou select “IPv6-pref ix,” enter a subne t addre ss and pr efix lengt h. Set any othe r required c riteria, such as ne xt header, DSCP , or flow label . Then cl ick Add. Figure 15-6 A CL Config uration - Exten[...]

  • Página 153

    Binding a Port to an Ac cess Control Lis t 15-11 15 Binding a Port to an Acce ss Control List After configur ing the Acce ss Contro l Lists (ACL), yo u should bin d them to the por ts that need t o filter traffic. Y ou can onl y bind a port to on e ACL for eac h basic type – IPv4 ing ress, MAC i ngress, and IPv6 ingres s. Command Usage • This s[...]

  • Página 154

    Access Co ntrol Lists 15-12 15[...]

  • Página 155

    16-1 Chapter 16: Port Configuration This chap ter describe s how to configure sw itch ports and di splay the cu rrent connect ion status. Displaying Connection S tatus Y o u can use the Por t Informa tion or Trunk Informat ion pages to displ ay the curr ent connect ion statu s, includi ng link state, spe ed/dupl ex mode , flow control, and auto-n e[...]

  • Página 156

    Port Configuration 16-2 16 Field Attributes (CL I) Basic informa tion: • Port type – Indi cates the port ty pe. (1000BAS E-T or SFP) • MAC address – The physi cal layer add ress for this port. (To ac cess this ite m on the web, see “ Setting the Swi tch’s IP Addr ess (IP Version 4)” on page 5 -1.) Conf ig urat ion: • Name – Inte r[...]

  • Página 157

    Displaying Con nection Status 16-3 16 CLI – This exam ple show s the connect ion status for Port 5. Console#show interfaces status ethernet 1/5 45-8 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-30-F1-D4-73-A5 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 10 0full, 1000[...]

  • Página 158

    Port Configuration 16-4 16 Configuring Interface Conn ections Y ou can u se the Po rt Conf iguration or Trunk Confi guration page to ena ble/disa ble an interface, set auto-ne gotiation an d the interfac e capabilities to adve rtise, or man ually fix the speed and du plex m ode. Command Attributes • Name – Allow s you to label an i nterface . ([...]

  • Página 159

    Configuring In terface Connecti ons 16-5 16 We b – Cli ck P ort, Por t Conf ig urat ion o r T runk Confi gura tio n. Mo dif y th e requ ir ed interface settings, and click Apply . Figure 1 6-2 Po rt - Port C onfigurat ion CLI – Select the interface, and t hen ente r the required settings. Console(config)#interface ethernet 1/13 45-1 Console(con[...]

  • Página 160

    Port Configuration 16-6 16 Showing Port Statistics Y o u can displa y standard statis tics on netw ork traffic from the In terfaces Group and Ethernet- like MIBs, as well as a detailed bre akdown of traffic based on the RM ON MIB. Inter faces an d Ethernet-l ike statistics dis play errors on the traffic passing throug h each port. T his informat io[...]

  • Página 161

    Showing Port Statis tics 16-7 16 Transmit Discarded Pac kets The num ber o f outbou nd pack ets w hich were chosen to be discar ded even though no errors had been detected to preven t their b eing trans mitted. One poss ible rea son for di scarding s uch a pac ket cou ld be to fr ee up buffer spa ce. Transmit Erro rs The nu mber of outb ound pack e[...]

  • Página 162

    Port Configuration 16-8 16 Received Frame s The total number of frames (b ad, broadc ast an d multicas t) received . Broadcas t Frame s The total number of good frames rec eived that were d irected to the broadcas t addre ss. Note th at this do es not incl ude mu lticast pac kets. Multicast Frames The total number of good frames rec eived that were[...]

  • Página 163

    Showing Port Statis tics 16-9 16 We b – Click Po rt, Port S tatistics. Select the required interface, and c lick Query . Y ou can also use the Refres h button at the bottom of the page to updat e the screen. Figure 16 -3 Por t Statistic s[...]

  • Página 164

    Port Configuration 16-10 16 CLI – Th is e xampl e sh ows s ta tist ics for port 12. Console#show interfaces counters ethernet 1/12 45-9 Ethernet 1/12 Iftable stats: Octets input: 868453, Octets output: 34 92122 Unicast input: 7315, Unitcast output: 6 658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, [...]

  • Página 165

    17-1 Chapter 17: Creating Trunk Groups Y o u can crea te multiple lin ks betwee n device s that work as o ne virtual, aggregate link. A por t trunk offers a dram atic incre ase in band width for networ k segmen ts where b ottlenec ks exi st, as well as provid ing a f ault-tolera nt link betwee n two switch es. Y o u can create up to 24 trunks for t[...]

  • Página 166

    Creating Trunk Groups 17-2 17 Statically Configuring a T runk Command Usage • When co nfiguri ng static t runks, y ou may not be able to link sw itches of different ty pes, dependi ng on the man ufactu rer’s implemen tation. However, n ote that the st atic trunks on th is switch a re Cisco Ethe rChannel compatible. • To avoid cr eating a loop[...]

  • Página 167

    Setting a Load -Balance Mode for Trunks 17-3 17 CLI – This examp le creates trunk 1 with ports 9 and 10. Just co nnect thes e ports to two static trun k ports on ano ther switch to form a trunk. Setting a Load-Balance M ode for Trunks When i ncoming data fra mes a re fowa rded thr ough t he swi tch to a trun k, the switch must dete rmine to wh ic[...]

  • Página 168

    Creating Trunk Groups 17-4 17 • Destination MAC Address : All traffic w ith the sam e destinat ion MAC ad dress is output on t he sam e link in a trunk. Th is mode wo rks best for swit ch-to-swit ch trunk links wh ere traffic th rough the sw itch is dest ined for many differen t hosts. Do no t use th is mode for s witch-to-r outer t runk links wh[...]

  • Página 169

    Enabling LACP on Se lected Ports 17-5 17 CLI – The followi ng exam ple sets the load -balance m ethod to sou rce and destinat ion IP addre ss. Enabling LACP on Selec ted Ports Command Usage • To avoid c reating a loop in the networ k, be sure you enabl e LACP befor e connect ing the por ts, and also disconnect the ports befo re disab ling LACP.[...]

  • Página 170

    Creating Trunk Groups 17-6 17 We b – Click Por t, LACP , Configur ation. Sele ct any of the swi tch ports from the scroll-dow n por t list and click Add. After you h ave com pleted adding ports to the member list, click Appl y . Figure 17-3 LACP Tru nk Config uration CLI – The follo wing examp le enabl es LACP for ports 1 to 6. Just connect th [...]

  • Página 171

    Configuring LACP Pa rameters 17-7 17 Configuring LACP Parame ters Dynami cally Creati ng a Port Chann el – Ports assigne d to a comm on port chann el must m eet the follo wing criter ia: • Ports must have the same LACP System Priority. • Ports must have the same LACP port Admin Key. • Howeve r, if the “port cha nnel” Ad min Key is set ([...]

  • Página 172

    Creating Trunk Groups 17-8 17 We b – Click Port , LACP , Aggregat ion Port. Set the Sys tem Priority , Admin Key , and Por t Pri orit y fo r the Por t Act or . Y ou can opt ion all y conf igur e thes e sett in gs for t he Por t Par tne r . (Be a war e tha t th ese sett ings onl y af fect th e adm inis tra tive st ate of t he partner , and will no[...]

  • Página 173

    Displaying L ACP Port Count ers 17-9 17 CLI – The followi ng exampl e configur es LACP param eters for por ts 1-10. Ports 1-8 are used as active me mbers of the LA G , ports 9 and 10 are set to ba ckup mod e. Displaying LACP Port Cou nters Y o u can displa y statistics for LAC P proto col messag es. Console(config)#interface ethernet 1/1 45-1 Con[...]

  • Página 174

    Creating Trunk Groups 17-10 17 We b – Click Port, LACP , Port Counte rs Information. Select a member port t o display the corres ponding information . Figure 17 -5 LAC P - Port C ounters I nformatio n CLI – The followi ng exam ple displays LACP coun ters for po rt channel 1. Mark er U nknow n Pkts Num ber of fram es r eceiv ed th at eit her (1)[...]

  • Página 175

    Displaying LACP Setti ngs and Status for the Loc al Side 17-11 17 Displaying LACP Settings and Status for the Local Side Y o u can displa y configur ation setting s and the op erationa l state for the loca l side of an link aggreg ation. T a ble 17-2 L ACP Int ernal C onfigur ation Info rmation Field Descr iption Oper Key Curren t operatio nal valu[...]

  • Página 176

    Creating Trunk Groups 17-12 17 We b – Click Port, LACP , Port Internal In formation. Sele ct a port c hannel to displa y the corres ponding information . Figure 1 7-6 LA CP - Port Internal In formation CLI – The followi ng exam ple displays the LACP conf iguration settings and operat ional state for the lo cal side of por t channel 1. Console#s[...]

  • Página 177

    Displaying L ACP Settings and Status for the Remote Si de 17-13 17 Displaying LACP Settings and Status for the Remote Side Y o u can displa y configur ation setting s and the op erationa l state for the remot e side of an link ag gregation. We b – Click Po rt, LACP , Port Neighbo rs Informa tion. Select a por t channel to display t he correspo nd[...]

  • Página 178

    Creating Trunk Groups 17-14 17 CLI – The followi ng exam ple displays the LACP conf iguration settings and operat ional state for the re mote side of port chann el 1. Console#show lacp 1 neighbors 46-8 Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/2 --------------------------------------[...]

  • Página 179

    18-1 Chapter 18: Broad cast Storm Control Broadca st storms may occu r when a device on your net work is mal function ing, or if applicat ion progra ms are not we ll designed or properly co nfigured . If there is too much br oadcast traffic on your netwo rk, perfo rmance can be severel y degrad ed or everythi ng can com e to compl ete halt. Setting[...]

  • Página 180

    Broadcast Storm C ontrol 18-2 18 CLI – S pecify any i nterface , and then ent er the thresho ld. The fol lowing disab les broadca st storm control for po rt 1, and then sets b roadcast su ppression at 600 packets per sec ond for port 2. Console(config)#interface ethernet 1/1 45-1 Console(config-if)#no switchport broadcas t 47-1 Console(config-if)[...]

  • Página 181

    19-1 Chapter 19: Configur ing Port Mirroring Y o u can mirr or traffic from any so urce port to a target po rt for real -time ana lysis. Y ou can then a ttach a logic analyz er or RMON probe to t he target port and study the traffic crossin g the source p ort in a com pletely unobt rusive m anner . Command Usage • Monitor port speed sh ould matc [...]

  • Página 182

    Configuring Port Mirroring 19-2 19 We b – Click Por t, Mirror Port Configurat ion. S pecify th e source po rt, the traffic type to be mirror ed, and the m onitor port, then click Add. Figure 19- 1 Mirr or Port Co nfiguratio n CLI – Use the in terface co mmand to s elect the mon itor port, then use the por t moni tor comman d to spe cify the sou[...]

  • Página 183

    20-1 Chapter 20: Configuring Rate Limits This funct ion allows th e network manager to c ontrol the m aximum rat e for traffic transmi tted or recei ved on an inte rface. Rat e limiting is co nfigured on interfaces at the edge o f a network to limit traffic into or out of the switch . T raffic that falls wit hin the rate lim it is transmit ted, whi[...]

  • Página 184

    Configuring Rate Limits 20-2 20 CLI - This exampl e sets the rate limit fo r input and o utput traffic passing thr ough port 1 to 600 M bps. Console(config)#interface ethernet 1/1 45-1 Console(config-if)#rate-limit input 600 49-1 Console(config-if)#rate-limit output 600 Console(config-if)#[...]

  • Página 185

    21-1 Chapter 21: Address Table Settings Switche s store the add resses fo r all known devi ces. This inf ormatio n is used to pass traffic directly between the i nbound and outbound ports. All the addr esses learn ed by monito ring traffic are stor ed in the dynami c addres s table. Y ou can also man ually configur e static address es that are bo u[...]

  • Página 186

    Address T abl e Settings 21-2 21 CLI – This exam ple adds an a ddress to the static address table, but sets it to be deleted when t he switch is re set. Displaying the Address Table The Dyna mic Addre ss T able con tains the MAC a ddresse s learned by monitorin g the source ad dress fo r traffic entering the switch. Wh en the desti nation add res[...]

  • Página 187

    Displaying the Address T able 21-3 21 We b – C lick Address T able, D ynamic Addresse s. S pecify the s earch t ype (i.e., mark the Inte rf ace, MAC A ddres s, or VL AN ch eckbo x), sel ect the metho d of sort ing the displaye d address es, and th en click Q uery . Figure 2 1-2 D ynamic Ad dresses CLI – This exam ple also dis plays the add ress[...]

  • Página 188

    Address T abl e Settings 21-4 21 Changing the Aging Time Y o u can set the a ging time fo r entries in the dy namic ad dress table. Command Attributes • Aging Status – Enab les/disabl es the aging f unction . • Aging Time – The time after whi ch a learned entry is disca rded. (Range: 10-1000000 seconds; Default: 300 sec onds) We b – Cli c[...]

  • Página 189

    22-1 Chapter 22: Spanning Tr ee Algorithm Conf iguratio n The S panning Tree Algorithm (ST A) ca n be used to det ect and disa ble network loops, and to provide ba ckup links betwe en switches , bridges or routers. This allow s the switch to interact wit h other bridging devices (that is, an ST A- compliant switch, bridge or r outer) in your networ[...]

  • Página 190

    Spanning Tree Algorithm Configu ration 22-2 22 alternate r oute that ca n be used w hen a node or por t fails, and retaining the forwar ding database for ports insensit ive to chang es in the tree st ructure wh en reconf iguration oc curs. MSTP – When using STP or RSTP , it may be difficult to maint ain a stable path between a ll VLAN mem bers. F[...]

  • Página 191

    Displaying Global Settings 22-3 22 MSTP conn ects all bridge s and LAN segm ents with a singl e Comm on and Interna l S panning Tree (CIST). The CIS T is forme d as a result of the r unning spanni ng tree algorithm betwe en switc hes tha t suppor t the S TP , RSTP , MS TP prot ocols. Displaying Global Settin gs Y ou can disp lay a su mmary o f the [...]

  • Página 192

    Spanning Tree Algorithm Configu ration 22-4 22 These addi tional param eters are on ly displayed for the CLI: • Spanning tree mode – Specifies th e type of spann ing tree us ed on this swi tch: - STP : Spann ing Tree Protoc ol (IEEE 802.1D ) - RSTP : Rapid Spa nning Tree ( IEEE 802.1w) - MSTP : Multiple Spanning Tree (IEEE 802 .1s) • Instanc [...]

  • Página 193

    Displaying Global Settings 22-5 22 We b – Click Sp anning T ree, ST A, Info rmation. Figure 22 -1 ST A Informa tion CLI – This command displays global ST A settings, followed by settings for each port . Console#show spanning-tree 51-18 Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode:[...]

  • Página 194

    Spanning Tree Algorithm Configu ration 22-6 22 Note: The current root por t and current root cost display as zer o when this device is not connected to the network. Configuring Global Setting s Global s ettings appl y to the entir e switch. Command Usage • Spannin g Tree Protoc ol 1 Uses RSTP for the internal state machi ne, but send s only 802.1[...]

  • Página 195

    Configuring Gl obal Settings 22-7 22 • Multiple S panning Tree Protoco l - To a llow multipl e spanning trees to op erate ov er the netwo rk, you mu st configur e a related se t of bridges w ith the same MSTP confi guration , allowing them to participat e in a spec ific set of spann ing tree in stances. - A span ning tree i nst ance ca n exis t o[...]

  • Página 196

    Spanning Tree Algorithm Configu ration 22-8 22 • Forward Delay – The maximum time (in seconds) this d evice will wai t before changin g states (i.e. , discarding to learning t o forwarding) . This dela y is required because e very devi ce must re ceive info rmation abo ut topolog y changes before it starts to forward frames. In addition, each p[...]

  • Página 197

    Configuring Gl obal Settings 22-9 22 We b – Click Sp anning T ree, ST A, Configuratio n. Modify th e required attr ibutes, and click Apply . Figure 22-2 S TA Globa l Configur ation[...]

  • Página 198

    Spanning Tree Algorithm Configu ration 22-10 22 CLI – Th is e xampl e en able s S pan ning T re e Prot ocol, s et s th e mode to M ST , a nd then configu res the ST A an d MSTP paramet ers. Displaying Interface Se ttings The S T A Port Informati on and ST A Trunk Info rmation pages dis play the current status of ports and tru nks in the Spanning [...]

  • Página 199

    Displaying Interface Settings 22-11 22 • Desig nated Po rt – The port priority and numbe r of the port on the d esignated bridging device thro ugh which this switch m ust comm unicate with the root of the Span ning Tre e. • Oper Path Cost – The contribu tion of this port to the path cost of paths to wards the sp anning tree ro ot which incl[...]

  • Página 200

    Spanning Tree Algorithm Configu ration 22-12 22 • Exte rnal path cost – The path cost f or the IST. This parameter is used b y the STA to d etermin e the best path b etween d evices. T herefo re, lower values sh ould be assi gned t o ports attached to fas ter med ia, and higher v alues a ssigned t o ports with slower media. ( Path cost ta kes p[...]

  • Página 201

    Configuring Inter face Settings 22-13 22 CLI – This examp le shows t he ST A attrib utes for port 5. Configuring Interface Sett ings Y ou ca n config ure RSTP and MSTP at tributes for sp ecific inter faces, incl uding port priority , path cost, link typ e, and edge port. Y ou may use a different priorit y or path cost for por ts of the same m edi[...]

  • Página 202

    Spanning Tree Algorithm Configu ration 22-14 22 The follow ing interfa ce attributes ca n be con figured: • Spanning Tree – Ena bles/disables STA on this i nterface. (Default: Enabled ) • Priority – Defines th e priority us ed for this p ort in the Spanni ng Tree Protocol. If the path cost for all ports on a swit ch are the sam e, the port [...]

  • Página 203

    Configuring Mul tiple Spanning Trees 22-15 22 Migratio n button to man ually re-check the appropr iate BPDU for mat (RSTP or STP- comp ati ble) to s end o n th e se lect ed in terf aces . ( Defau lt : Dis abl ed) We b – Click Sp anning T ree, ST A , Port Configurati on or Trunk Config uration. Modify the required attributes , then click Ap ply . [...]

  • Página 204

    Spanning Tree Algorithm Configu ration 22-16 22 3. Add the VLANs that will share this MSTI (MSTP VLAN Configuration). Note: All VLANs are automatically added to the I ST (Instance 0). T o ensure that the MSTI maintains connectiv ity across the networ k, you mus t configure a relat ed set of bridges wi th the same MSTI s ettings. Command Attributes [...]

  • Página 205

    Configuring Mul tiple Spanning Trees 22-17 22 CLI – This displays ST A settings for ins tance 1, follo wed by settings for each port. CLI – Th is ex ampl e se ts the prio rit y fo r MST I 1, and adds VLAN s 1-5 to this MSTI. Console#show spanning-tree mst 1 51-18 Spanning-tree information ----------------------------------------------------- --[...]

  • Página 206

    Spanning Tree Algorithm Configu ration 22-18 22 Displaying Interface Se ttings for MSTP The MSTP Po rt Information and MSTP Trunk Inform ation pages displa y the curren t status of por ts and tru nks in the sel ected MST instance. Field Attributes MST Instan ce ID – Inst ance ident ifier to configu re. (Rang e: 0-4094; Default: 0) The other attri[...]

  • Página 207

    Configuring In terface Settin gs for MSTP 22-19 22 Configuring Interface Sett ings for MSTP Y ou ca n configur e the ST A inter face settin gs for an MST Instance using th e MSTP Port Confi guration and M STP Trunk Configu ration pages . Field Attributes The follow ing attribu tes are read-on ly and can not be change d: • STA State – Disp lays [...]

  • Página 208

    Spanning Tree Algorithm Configu ration 22-20 22 • Default: 128 • Range: 0- 240, in ste ps of 16 • Admin MST Path Cost – This parameter is used by the MSTP to determi ne the best path betwee n dev ices . Ther efor e, low er valu es sh ould be as si gned to po rt s attached t o faster m edia, and high er value s assigned t o ports with sl owe[...]

  • Página 209

    23-1 Chapter 23: VLAN Configuration In large netw orks, rou ters are use d to isolate br oadcast tr affic for each subne t into separate doma ins. This switc h provides a similar service at Layer 2 by using VLANs to organ ize any group of network no des into separ ate broadca st doma ins. VLANs confine br oadcast traffic to the origina ting group ,[...]

  • Página 210

    VLAN Configura tion 23-2 23 Note: VLAN-tagged frames c an pass throug h VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host th at does not support V LAN tagging. VLAN Classification – When the switch rece ives a fram e, it classif ies the fram e in one of [...]

  • Página 211

    Assigning Ports to VLANs 23-3 23 these hos ts, and core swit ches in the ne twork, enable GVRP on the links be tween these dev ices. Y ou sho uld also dete rmine se curity bound aries in th e network and disable G VRP on the bo undary po rts to prevent adv ertisem ents from bein g propagate d, or forbid thos e ports from jo ining restric ted VLANs.[...]

  • Página 212

    VLAN Configura tion 23-4 23 Enabling or Disabling GV RP (Global Settin g) GARP VLAN Registra tion Protocol (G VRP) defines a way for switche s to exchange VLAN info rmat ion i n orde r to re gist er VL AN memb ers on port s acr oss th e netw ork . VLANs ar e dynamic ally config ured based on join mes sages issue d by host de vices and pro pagated t[...]

  • Página 213

    Displayi ng Current VLAN s 23-5 23 CLI – Enter the fo llowing com mand. Displaying Current VLANs The VLAN Cu rrent T able sh ows the cur rent port me mbers of each VLAN and whether or not the port supp orts VLAN tagging. Por ts assigned to a larg e VLAN group th at crosses s everal switch es shou ld use VLAN tagging. Howeve r , i f you just want [...]

  • Página 214

    VLAN Configura tion 23-6 23 Command Attributes (CLI) • VLAN – ID of con figured VLAN (1-4093, no le ading zeroe s). • Type – Show s how this VLAN was added to the switch. - Dynamic : Automa tically le arned v ia GVRP. - Static : Added as a s tatic ent ry. • Name – Name of t he VLAN (1 to 3 2 characters). • Status – Show s if this VL[...]

  • Página 215

    Adding Static Member s to VLANs (VLAN Ind ex) 23-7 23 We b – Click VL AN, 802.1Q VLAN, S tatic List. T o create a ne w VLAN, ente r the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lick Add . Figure 23 -4 VLA N Static L ist - Crea ting VL ANs CLI – Th is ex ampl e cr eate s a ne w VLA N. Adding Static Members[...]

  • Página 216

    VLAN Configura tion 23-8 23 Command Attributes • VLAN – ID of config ured VLAN (1 -4093). • Name – Name of t he VLAN (1 to 3 2 characters). • Status – Enabl es or disable s the specified VL AN. - Enable : VLAN is oper ational. - Disable : VLAN is suspe nded; i.e., does not pass pa ckets. • Port – Port i dentifier. • Trunk – Trun[...]

  • Página 217

    Adding Static Members to VLANs (Port Index) 23-9 23 CLI – The followin g exampl e adds tagged and untagged por t s to V LAN 2. Adding Static Members to VLANs ( Port Index) Use the VLAN S tatic M embership by Port menu to ass ign VLAN groups t o the selected interface as a tagged mem ber . Command Attributes • Inte rfac e – Port or tr unk iden[...]

  • Página 218

    VLAN Configura tion 23-10 23 Configuring VLAN Behavio r for Interfaces Y ou can confi gur e VLAN behavi or fo r spe cif ic in terf aces , in clud ing th e defa ult VLAN identifier ( PVID), acce pted frame t ypes, ingress filtering, GV RP status, an d GARP time rs. Command Usage • GVRP – GA RP VLAN R egistration Pr otocol defi nes a way for sw i[...]

  • Página 219

    Configuring VL AN Behavior fo r Interfaces 23-11 23 • GARP L eave T imer 2 – The inter val a port w aits before l eaving a VL AN group. Th is time sh ould be s et to more than tw ice the joi n time. Th is ensures that after a Leave or LeaveA ll messag e has been i ssued, the ap plicant s can rejoin bef ore the port actually leaves the grou p. ([...]

  • Página 220

    VLAN Configura tion 23-12 23 CLI – Th is examp le sets port 3 to ac cept onl y tagged fr ames, as signs P VID 3 as the nati ve VLA N ID , e nab les GV RP , se ts t he G AR P ti mer s, a nd then se ts th e sw itc hpo rt mode to hybr id. Configuring IEEE 802.1Q Tunneling IEEE 802. 1Q Tunneling (QinQ) is de signed for service provide rs carrying t r[...]

  • Página 221

    Configuring IEEE 802.1 Q T unneling 23-13 23 When a dou ble-tagged pack et enters an other trun k port in an int ermedia te or core switch in the service p rovider ’s netw ork, the oute r tag is stripped for packet process ing. When the packet ex its another trunk p ort on the sam e core swi tch, the same SPVLAN tag is ag ain added to the packet.[...]

  • Página 222

    VLAN Configura tion 23-14 23 3. After packet clas sification th rough the sw itching pro cess, the packe t is written to memor y wit h one t ag (an ou ter t ag ) or wi th t wo ta gs (b oth an oute r ta g an d inne r tag) . 4. The swit ch sends t he packet to the pro per egre ss port. 5. If th e egress port is an unt agged member of the SPVLAN, the [...]

  • Página 223

    Configuring IEEE 802.1 Q T unneling 23-15 23 Configu ration Lim itations for QinQ • The native VLAN of uplink ports should not be used a s the SPVLAN. If the SPVL AN is the uplink port's native VLA N, the upl ink port mus t be an untagge d memb er of the SPVLAN. Then the oute r SPVLAN tag w ill be stripped when the packe ts are sent out. An [...]

  • Página 224

    VLAN Configura tion 23-16 23 Enabling QinQ Tunneling on the Switch The swit ch c an be con figur ed t o op erat e in nor mal V LAN mo de o r IE EE 80 2.1Q (QinQ) t unneling mod e which is used for passin g Layer 2 traffic acr oss a servic e provider ’s met ropolitan area net work. Command Attributes 802.1Q T unnel – S ets the switch to QinQ mod[...]

  • Página 225

    Configuring IEEE 802.1 Q T unneling 23-17 23 Adding an I nterface t o a QinQ Tunnel Follow the guideline s in th e precedin g section to set up a QinQ tunnel on the swi tch. Use the VLAN Port Configura tion or VLAN Trunk Configur ation screen to set the access po rt on the edge switch to 802 .1Q T unne l mode. Also set the T ag Pro tocol Ide ntif i[...]

  • Página 226

    VLAN Configura tion 23-18 23 Figure 2 3-1 Tunnel Port C onfigurati on CLI – This examp le sets port 1 to tunn el acces s mode, ind icates that the TPID used for 802.1Q tag ged frames is 9100 hexad ecimal, and sets port 2 to tunne l uplink mode. Console (conf ig)#int erface et herne t 1/1 45-1 Console (conf ig-if)# switchp ort dot1q-t unnel m ode [...]

  • Página 227

    24-1 Chapter 24: Configuring Private VLANs Private VLA Ns provid e port-bas ed security an d isolation between por ts within the assigne d VLAN. Data traffic on dow nlink po rts can only be forw arded to, and fr om, uplink p orts. (Note that pr ivate VL ANs and normal VLANs c an exi st simul taneously within the s ame switch.) Enabling Private VLAN[...]

  • Página 228

    Configuring Pri vate VLANs 24-2 24 Configuring Uplink and Do wnlink Ports Use the P riv ate V LAN Link S tatus p age t o set por ts as d ownli nk or up lin k por t s. Ports design ated as d ownlink po rts can no t commun icate with a ny other po rts on the switch except for the uplink ports. Uplin k ports can comm unicate with a ny othe r ports on [...]

  • Página 229

    25-1 Chapter 25: Configur ing Protocol-Based VLANs The net work dev ices requ ired to support multiple p rotoco ls cannot be easil y group ed into a common VLAN. This may require non-standard devices to pass traf fic between d ifferent VLANs in order to enco mpass all the dev ices participating in a specific protocol. Th is kind of conf iguration d[...]

  • Página 230

    Configuring Prot ocol-Based VLANs 25-2 25 We b – Click VLA N, Proto col VLAN, Co nfiguration. Enter a protoc ol group ID, fram e type and p rotocol type , then click Ap ply . Figure 25-1 Protoc ol VLAN Con figuration CLI – The followin g creates protocol g roup 1, and th en specifies Ethernet fram es wit h IP and A RP pr otoc ol t ypes . Mappin[...]

  • Página 231

    Mapping Protocol s to VLANs 25-3 25 We b – Click VL AN, Protocol VLA N, Port Con figuration. Sel ect a a port or trunk , enter a protoc ol group ID, the corresp onding VLAN ID, and click Apply . Figure 25 -2 Pro tocol VLA N Port Co nfigurat ion CLI – The following maps the traffic entering Po rt 1 which matc hes the pr otocol type specified i n[...]

  • Página 232

    Configuring Prot ocol-Based VLANs 25-4 25[...]

  • Página 233

    26-1 Chapter 26: Class of Se rvice Configuration Class of Service (CoS) allows you t o specify whi ch data packets have greater precede nce when traffic is buffered in the switc h due to cong estion. Th is switch supports Co S with eight priority queue s for each port. Data packets in a port ’s high-priorit y queue will be tr ansmitted before th [...]

  • Página 234

    Class of Serv ice Configurati on 26-2 26 We b – Click Priority , Default Port Priority or Defaul t Tr unk Priority . Modify the default priority for any inte rface, then c lick Apply . Figure 2 6-1 D efault Por t Priority CLI – Th is e xampl e as sign s a de faul t p rior ity of 5 to port 3. Console(config)#interface ethernet 1/3 45-1 Console(c[...]

  • Página 235

    Layer 2 Queue Settings 26-3 26 Mapping CoS Value s to Egress Queues This switc h process es Class of Ser vice (CoS) p riority tagged traffic by usi ng eight priority qu eues for each port, wit h service sch edules b ased on str ict or Weighted Round Ro bin (WRR ). Up to eight se parate traffic priorities ar e defined in IE EE 802.1p. The default pr[...]

  • Página 236

    Class of Serv ice Configurati on 26-4 26 We b – Click Prior ity , T raf fic Classes. Assign priorities t o the traf fic classes (i.e., output que ues), then c lick Apply . Figure 2 6-2 Tr affic Class es CLI – Th e fo llo wing e xamp le s hows how t o ch ange t he C oS as sign ment s to a one-to -one mapping . * Mapping specific values for CoS p[...]

  • Página 237

    Layer 2 Queue Settings 26-5 26 Command Attributes • WRR - W eighted Round- Robin sha res bandwi dth at the egre ss ports by us ing schedul ing weight s 1, 2, 4, 6, 8, 10, 12 , 14 for queue s 0 throug h 7 respective ly . (This is th e default sel ection.) • Stri ct - Services the eg ress queu es in seque ntial order , transmitt ing all traffic i[...]

  • Página 238

    Class of Serv ice Configurati on 26-6 26 We b – Click Pr iority , Queu e Schedul ing. Select the interface, highlight a traffic clas s (i.e., output queue), ent er a weight , then click App ly . Figure 26-4 Q ueue Sch eduling CLI – The followi ng exam ple shows how to assign W RR weig hts to each of the priority qu eues. Console(config)#queue b[...]

  • Página 239

    Layer 3/4 Pri ority Settings 26-7 26 Layer 3/4 Priority Setti ngs Mapping Layer 3/4 Priori ties to CoS Values This swi tch supports seve ral comm on meth ods of prio ritizing laye r 3/4 traffic to meet applicat ion requirem ents. T raffic priori ties can be sp ecified in the I P header of a fra me, usin g th e pr iori ty bit s in the T ype of Serv [...]

  • Página 240

    Class of Serv ice Configurati on 26-8 26 Mapping IP Pr ecedence The T ype of Servi ce (T oS) oct et in t he IPv4 head er incl ude s three prec edenc e bit s defining eight different prior ity leve ls ranging from highes t priority for ne twork con trol pac ket s to lo west pri ori ty f or r out ine traf f ic. T he defaul t IP Pr ecede nce valu es a[...]

  • Página 241

    Layer 3/4 Pri ority Settings 26-9 26 CLI – The followi ng exampl e globally ena bles IP Prece dence service on the sw itch, maps IP Prec edence va lue 1 to CoS val ue 0 (on port 1), and then disp lays the IP Pre ceden ce set ting s. * Mapping specific values for IP P recedence is implemented as an interface conf iguration command, but any changes[...]

  • Página 242

    Class of Serv ice Configurati on 26-10 26 We b – Clic k P rior ity , IP DSC P Pr iori ty . Sel ect an e ntr y fr om t he D SC P tab le, ente r a value in th e Class of Servi ce V alue field, then click App ly . Figure 26-7 IP DSCP Prio rity CLI – The followi ng exampl e globally ena bles DSC P Priority se rvice on the sw itch, maps DSC P value [...]

  • Página 243

    Layer 3/4 Pri ority Settings 26-11 26 Mapping IP Por t Priori ty Y o u can also ma p network applicatio ns to Class of Service val ues based on the IP port numb er (i.e., TCP/UDP port numbe r) in the frame he ader . Some of the mor e common TC P service ports include: HTTP: 80, FTP: 21, T elnet : 23 and POP3 : 1 1 0. Command Attributes • IP P ort[...]

  • Página 244

    Class of Serv ice Configurati on 26-12 26 CLI – The followin g exampl e globally ena bles IP Port Pr iority service on t he switch, maps HTTP traf fic (on port 1) to CoS value 0, and then displays th e IP Port Priorit y settings . * Mapping specific values for IP P ort Priority is i mplemented as an interfac e configuration command, but any chang[...]

  • Página 245

    27-1 Chapter 27: Quality of Service The comm ands des cribed in this se ction are us ed to configur e Quality of Service (QoS) classi fication cri teria and serv ice policies. Differe ntiated Services (Di ff Serv) provides po licy-ba sed mana gement mechanism s used f or prioritizin g network resourc es to meet the requirem ents of specific t raffi[...]

  • Página 246

    Quality of Service 27-2 27 Configuring a Class Map A class map i s used for m atching packets to a spec ified class . Command Usage • To configur e a Class M ap, follow t hese step s: - Ope n the Class M ap page, an d click Add Cl ass. - When the Class C onfigurat ion p age ope ns, fill i n the “Class Name ” field, an d click Add. - When t he[...]

  • Página 247

    Configur ing a Class Map 27-3 27 • IP Pre cedence – An IP Prece dence value . (Range: 0-7) • VLAN – A VLA N. ( Ran ge:1 -40 93) • Add – Adds specified cr iteria to the cl ass. Up to 16 ite ms are perm itted per cl ass. • Remo ve – Delete s the select ed criteri a from the cla ss. We b – C lick QoS, D iffServ , then c lick Add Clas[...]

  • Página 248

    Quality of Service 27-4 27 CLI - This exampl e creates a cl ass map ca ll “rd-class ,” and sets it to match packets marked for DSCP service value 3. Creating QoS Policies This funct ion create s a policy map t hat can be attached to multipl e interface s. Command Usage • To configur e a Policy Map , follow thes e steps: - Cre ate a Class M ap[...]

  • Página 249

    Creating QoS Poli cies 27-5 27 • Add Policy – Open s the “Poli cy Configur ation” pa ge. Enter a policy name and descript ion on this page , and click Add to open the “Policy Rul e Settings” pa ge. Enter the cr iteria used to service ing ress traffi c on this page . • Remove Po licy – D eletes a specified policy. Policy Configuratio[...]

  • Página 250

    Quality of Service 27-6 27 We b – Click QoS, Dif fServ , Policy Map to display t he list of exi sting policy map s. T o add a new policy map cl ick Add Polic y . T o conf igure the po licy rule se ttings click Ed it Classes. Figure 2 7-2 Co nfiguring Policy Ma ps[...]

  • Página 251

    Attaching a Polic y Map to Ingress Queues 27-7 27 CLI – This exam ple cre ates a policy map cal led “r d-policy ,” sets the averag e bandwidth the 1 Mbps, the bur st rate to 1522 bps, and the respo nse to reduc e the DSCP value for viol ating packets to 0. Attaching a Policy Map t o Ingress Queues This funct ion binds a po licy map to the i n[...]

  • Página 252

    Quality of Service 27-8 27[...]

  • Página 253

    28-1 Chapter 28: Mult icast Filtering Multicast ing is used t o supp ort real- time applicat ions suc h as v ideocon ferencin g or streaming audio. A multicas t server does n ot have to establish a se parate conn ection with ea ch client. It merely bro adcasts it s servic e to the network , and any ho sts that want to re ceive the multicast r egist[...]

  • Página 254

    Multi cast Fi lterin g 28-2 28 router/s witch to ens ure that mul ticast traffic is passed to all appropr iate interfac es within the switch. S t atic IGMP Host In terface – For mult icast applicati ons that you n eed to control more caref ully , you can manually assign a multic ast servic e to specific in terfaces on the switch (page 28-7). Conf[...]

  • Página 255

    Layer 2 IGMP (Snoop ing and Query) 28-3 28 • IGM P Ve rsio n — Sets t he protocol vers ion for compat ibility with oth er devices on the netw ork. (Range : 1-2; Defau lt: 2) Notes: 1. All syst ems on the subnet must support the same vers ion. 2. Some attributes are only enabled f or IGMPv2, including IGMP Report Delay and IGMP Query Timeout. We[...]

  • Página 256

    Multi cast Fi lterin g 28-4 28 Displaying Int erfaces Attached to a Multicast Router Multicast routers that are attached to ports on the swit ch use inform ation obtained fro m IGM P , alon g wi th a mult ica st r outi ng prot ocol suc h as D VMRP or PI M, t o supp ort IP m ulti cast ing acr oss t he I nter net . Thes e ro uter s may be dynami cal [...]

  • Página 257

    Layer 2 IGMP (Snoop ing and Query) 28-5 28 Specifying Stat ic Interfaces for a Multicast Router Depend ing on you r network co nnection s, IGMP snooping may not al ways be a ble to locate the IGMP queri er . Therefore, if the I GMP querier is a known mul ticast route r/ swi tch c onnec ted over the n etwor k to a n int erf ace ( port or tr unk) on [...]

  • Página 258

    Multi cast Fi lterin g 28-6 28 Displaying Port Members of Multicast Services Y o u can displa y the port mem bers ass ociated wi th a specifie d VLAN and multicast serv ice. Command Attribute • VLAN ID – Sele cts the VLAN fo r which to display port mem bers. • Multicast IP Address – The IP address for a specific multicast serv ice. • Mult[...]

  • Página 259

    Layer 2 IGMP (Snoop ing and Query) 28-7 28 Assigning Ports to Multicas t Services Multicast filtering ca n be dynamic ally configur ed using IGM P Snoopin g and IGMP Query me ssages as described i n “Confi guring IGM P Snooping an d Query Parame ters” on page 28-2. Fo r certain appli cations that re quire tight er control, you may n eed to stat[...]

  • Página 260

    Multi cast Fi lterin g 28-8 28 CLI – Th is exa mple ass igns a m ulticast address to VLA N 1, and then di splays al l the kno wn mul tic ast serv ices su ppor ted on VL AN 1. Console(config)#ip igmp snooping vlan 1 s tatic 224.1.1.12 ethernet 1/12 57-2 Console(config)#exit Console#show mac-address-table multicast vlan 1 57-3 VLAN M'cast IP a[...]

  • Página 261

    29-1 Chapter 29: Configuring Domain N ame Service The Domain Naming System ( DNS) service on thi s switch allows host names to be mapped to IP address es using s tatic table entries or by redirection t o other nam e server s on the netw ork. When a client dev ice designa tes this swi tch as a DNS server , the client will atte mpt to resolve host na[...]

  • Página 262

    Configuring Dom ain Name Serv ice 29-2 29 We b – Select DNS, General Con figuration. Set the defau lt domain na me or list of domain nam es, spe cify one or more name s ervers to us e to use for add ress resolution , enable domain looku p status, and cl ick Apply . Figure 29 -1 DNS General Configura tion CLI - Th is exa mple set s a defaul t do m[...]

  • Página 263

    Configuring Stat ic DNS Host to Add ress Entries 29-3 29 Configuring Static DNS Ho st to Address Entr ies Y o u can man ually config ure static entries i n the DNS table that are use d to map domain names to IP addresse s. Command Usage • Static ent ries may be us ed for local devices con nected dir ectly to the at tached network , or for comm on[...]

  • Página 264

    Configuring Dom ain Name Serv ice 29-4 29 We b – Select DNS, S tatic H ost T able. Enter a host name an d one or more corres ponding a ddresse s, then click Ap ply . Figure 29-2 D NS Static Host T able CLI - Th is ex ampl e map s two ad dres s to a hos t na me, a nd th en co nfi gures an alia s host nam e for the sam e addre sses. Console(config)[...]

  • Página 265

    Displayi ng the DNS Cach e 29-5 29 Displaying the DNS Cach e Y o u can displa y entries in the D NS cac he that have b een learned via the des ignated name se rvers. Field Attributes • No – The entry nu mber for ea ch resource record. • Flag – Th e flag is alway s “4” indicatin g a cache ent ry and ther efore unreliab le. • Type – T[...]

  • Página 266

    Configuring Dom ain Name Serv ice 29-6 29 CLI - This examp le displays all the resour ce record s learned f rom the desig nated name ser vers. Console#show dns cache 58-7 NO FLAG TYPE IP T TL DOMAIN 0 4 CNAME 207.46.134.222 5 1 www.microsoft.akadns.net 1 4 CNAME 207.46.134.190 5 1 www.microsoft.akadns.net 2 4 CNAME 207.46.134.155 5 1 www.microsoft.[...]

  • Página 267

    30-1 Chapter 30: Switch Clustering Switch Clustering is a method of grou ping s witches togeth er to en able c entralized manage ment th rough a single un it. Switch es that s upport clustering can be grouped together regardles s of physica l location or switch type, as long as they a re connect ed to the sam e local net work. A switch clus ter has[...]

  • Página 268

    Switch Clus tering 30-2 30 We b – Click Cluster , Configuration. Figure 30 -1 Clus ter Confi guration CLI – This example first enables c lustering on th e switch, set s the switch a s the cluster Co mmand er , a nd then con figures the c luster IP pool . Cluster Member Configura tion Adds Cand idat e sw itch es t o th e clu ster as Membe rs. Co[...]

  • Página 269

    Cluster Member Information 30-3 30 We b – Click C luster , Membe r Configurat ion. Figure 3 0-2 C luster Mem ber Conf iguration CLI – Th is ex ampl e cr eate s a ne w cl uste r Memb er b y spe cif ying the Cand idat e switch MAC addres s and setti ng a Member ID. Cluster Member Informati on Displays c urrent cl uster Member switch info rmation.[...]

  • Página 270

    Switch Clus tering 30-4 30 CLI – This exam ple show s informat ion about clus ter Memb er switche s. Cluster Candidate Informa tion Displa ys informat ion about disc overed s witches in the network t hat are alread y cluster M embers or are availa ble to become c luster Me mbers. Command Attributes • Role – In dica tes the curr ent sta tus of[...]

  • Página 271

    Section III:Command Line Interface This s ection p rovides a detailed descrip tion of t he C ommand Line In terface, along with exa mples for al l of the comm ands. Using th e Command Li ne Inter face . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-1 CLI Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 272

    Command Line In terface Domain Na me Servic e Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 8-1 IPv4 Inte rface Comman ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59-1 IPv6 Inte rface Comman ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60-1 Switch Clus t[...]

  • Página 273

    31-1 Chapter 31: Using the Command Line Interface This chap ter describe s how to use t he Comm and Line Inter face (CL I). Accessing the CLI When acc essing the managem ent inter face for the sw itch ove r a direct conne ction to the serve r ’s console por t, or via a T elnet connectio n, the switch ca n be manag ed by enter ing comm and keywor [...]

  • Página 274

    Using the Command Line Interface 31-2 31 T o acce ss the switc h through a T e lnet sessi on, you mus t first set the IP address for the switch , and set the default gatew ay if you ar e manag ing the switch from a different IP su bnet. For exam ple, If your cor porate net work is conne cted to an other netwo rk outside you r office or to the Int e[...]

  • Página 275

    Entering Com mands 31-3 31 Entering Commands Thi s sect ion de scri bes how to ente r CLI co mmand s. Keywords and Argument s A CLI comma nd is a serie s of keywords and argumen ts. Keywords id entify a comm and, and argu ments speci fy configura tion parameters . For examp le, in the comma nd “show int erf aces s ta tus ethe rnet 1/5 ,” show i[...]

  • Página 276

    Using the Command Line Interface 31-4 31 Showing Com mands If you ente r a “?” at the com mand pr ompt, the sys tem will di splay the f irst level of keywords for the curren t comman d class (N ormal Exec or Privilege d Exec) or configuration c lass (Global, ACL, DHCP , Interface, Line, Router , VLAN Dat abase, or MSTP). Y ou can also display a[...]

  • Página 277

    Entering Com mands 31-5 31 Partial Keyword Lookup If you termi nate a partial keyw ord with a question m ark, alternat ives that match the initial lette rs are provide d. (Rem ember not to l eave a space bet ween the c ommand and quest ion mark.) For examp le “ s? ” shows all the keyw ords starti ng with “s.” Negating t he Effect of Command[...]

  • Página 278

    Using the Command Line Interface 31-6 31 Understanding Command Modes The comm and set is d ivided into Exec and Conf iguration clas ses. Exe c command s general ly display inf ormatio n on system status or clear statist ical count ers. Configu ration co mmands, on the oth er hand, m odify in terface param eters or e nable certain switch ing funct i[...]

  • Página 279

    Entering Com mands 31-7 31 Configurati on Commands Configu ration comm ands ar e privileged level com mands us ed to modify s witch settings . These comm ands modif y the running co nfiguration onl y and are not saved when the sw itch is reb ooted. T o st ore the runn ing config uration in no n-volatile storag e, use t he c opy runn ing-config star[...]

  • Página 280

    Using the Command Line Interface 31-8 31 T o enter the other mode s, at the con figuratio n prompt type one of the foll owing comm ands. U se the exit or end command to retur n to the Priv ileged Exec mode. For exam ple, you can use the follow ing comma nds to ent er interface co nfigurat ion mode, and th en return to Priv ileged Exec mode T able 3[...]

  • Página 281

    Entering Com mands 31-9 31 Command Line Processi ng Comma nds are not ca se sens itive. Y ou can ab breviate commands and parameter s as long as they contain enoug h letters to differentiate them from any ot her curre ntly availabl e comman ds or parame ters. Y ou can u se the T ab key t o complet e partial comm ands, or en ter a partial comman d f[...]

  • Página 282

    Using the Command Line Interface 31-10 31[...]

  • Página 283

    32-1 Chapter 32: CLI Command Groups The syst em comm ands ca n be b roken do wn into th e functiona l groups s hown be low . T a ble 32-1 Comma nd Group Index Comman d Grou p De scription Page General Basic com mands for enteri ng privileg ed acc ess mode, restarting the system, o r quittin g the CLI 33-1 System M anage ment Display an d sett ing o[...]

  • Página 284

    CLI Command Groups 32-2 32 The access mode sho wn in the fol lowing tables is in dicated by the se abbrev iations: ACL (Access Control Li st Configu ration) MST (Multiple S panning Tree) CM (Class M ap Configur ation) NE (Normal Exec) GC (Global Configur ation) PE (Privi le ged E xec) IC ( Interface Conf iguration) PM (Policy M ap Configur ation) L[...]

  • Página 285

    33-1 Chapter 33: General Commands This chap ter describe s general system co mmand s that apply to using the C LI. enable Thi s com mand a cti vate s Pri vil eged Exec mode . In pri vile ged mode, addi tio nal comm ands are available, and cer tain comman ds disp lay additi onal inform ation. See “Unde rstanding C ommand M odes” on page 31-6. Sy[...]

  • Página 286

    General Command s 33-2 33 Example Related Commands disable (3 3-2) enable pass word (41-2) disable This command r eturns to Normal Ex ec mode from priv ileged mode. In normal access m ode, y ou can only display b asic in formatio n on the sw itch's conf iguration or Etherne t statistics. T o gain a ccess to all comma nds, you mu st use the pri[...]

  • Página 287

    sho w hist ory 33-3 33 Example Related Commands end (33-4 ) show history This comm and show s the conte nts of the comm and histor y buffer . Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage The hist ory buf fer si ze is fix ed at 10 E xecut io n com mands and 10 Configur ation com mands. Example In this exa mple, the s[...]

  • Página 288

    General Command s 33-4 33 prompt Thi s com mand c usto miz es t he CL I pro mpt. Use the no form to restor e the defaul t prompt. Syntax prompt string no prompt string - Any alphanum eric string to use for the C LI prompt. (Maximum length: 255 char acters) Default Sett ing Console Command Mode Global Co nfigurati on Example end This comm and return[...]

  • Página 289

    quit 33-5 33 Command Mode Any Example This examp le shows ho w to return to t he Privilege d Exec mode from the Glob al Configu ration mode , and then qui t the CLI ses sion: quit This c ommand exits the configu ration pr ogram. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage The qui t and exit com mands can both exit [...]

  • Página 290

    General Command s 33-6 33[...]

  • Página 291

    34-1 Chapter 34: System Management Commands This secti on describ es comman ds used to configure inf ormation t hat unique ly identifie s the switch , and display o r configur e a variety of other system informat ion. hostname This comm and speci fies or mod ifies the host name fo r this device . Use the no form to restor e the default ho st name. [...]

  • Página 292

    System Management C ommands 34-2 34 reload This com mand re starts the system . Note: When the system is restarted, it will always run the Power-On Self- Test. It will also retain all configuration info rmation stored in non-volatile m emory by the copy runni ng-confi g startu p-config command. Default Sett ing None Command Mode Privileged Exec Com[...]

  • Página 293

    jumb o fra me 34-3 34 jumbo frame This comm and enabl es suppo rt for jumbo fram es. Use the no form t o disa ble it . Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mode Global Co nfigurati on Command Usage • This swi tch provides m ore effici ent throug hput for larg e sequent ial data transfer s by suppor ting jumbo frames up to 9[...]

  • Página 294

    System Management C ommands 34-4 34 Command Usage • Use this command in conj unction wi th the show runn ing-config command to compar e the inform ation in runn ing memo ry to the inform ation store d in non-volatile memory. • This co mmand displays settings f or key c ommand m odes. Each mo de group is s epar ate d by “ !” symbo ls, and i [...]

  • Página 295

    show runn ing-config 34-5 34 Related Commands show runni ng-con fig (34-5) show running-config This comm and disp lays the con figuratio n informatio n currently i n use. Default Sett ing None Command Mode Privileged Exec Command Usage • Us e thi s comm and i n conj unc tion w ith t he show startup-conf ig command t o compar e the inform ation in[...]

  • Página 296

    System Management C ommands 34-6 34 - Mul tiple spanni ng tree inst ances (na me and inte rfaces) - IP ad dres s - La yer 4 precede nce sett ings - Spa nning tree settings - Any configure d settings fo r the console po rt and Telne t Example Related Commands show startu p-config (34 -3) building running-config, please wait... !<stackingDB>00&[...]

  • Página 297

    show sys tem 34-7 34 show system This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descr iption of th e items show n by this com mand, re fer to “D isplaying System In formatio n” on page 4-1. • Th e POST resul ts sh ould all disp lay “PASS.” If any P OST te s[...]

  • Página 298

    System Management C ommands 34-8 34 Command Mode Normal Exec, Priv ileged Exec Command Usage The sess ion use d to ex ecute thi s com mand is indicate d by a “ *” symb ol next t o the Line (i.e ., session ) index num ber . Example show version Thi s comma nd dis play s hard ware an d sof twar e ver sio n infor mat ion for the sys tem . Default [...]

  • Página 299

    show vers ion 34-9 34 Example Console#show version Unit1 Serial Number: 0000E8900000 Hardware Version: R01 EPLD Version: 1.02 Number of Ports: 24 Main Power Status: Up Redundant Power Status: Not present Agent (master) Unit ID: 1 Loader Version: 0.0.0.2 Boot ROM Version: 0.0.0.2 Operation Code Version: 0.0.0.4 Console#[...]

  • Página 300

    System Management C ommands 34-10 34[...]

  • Página 301

    35-1 Chapter 35: File Management Commands Thes e comma nds ar e used to manag e sof twar e and config ura tion f ile s on the switch . Managing Firmw are Firmware can be uploade d and dow nloaded to o r from a TFTP serv er . By saving runtime cod e to a file on a TFTP s erver , that file can later be down loaded to the switch to restore oper ation.[...]

  • Página 302

    File Manag ement Commands 35-2 35 copy This comm and mov es (upload/ downloa d) a code im age or confi guration file between t he switch’s flash m emory and a TFTP server. When you save t he system code or con figuratio n settings to a file on a TFTP serv er , that file can later be downloa ded to the switch to rest ore system operatio n. The suc[...]

  • Página 303

    copy 35-3 35 • To repl ace the st ar tup co nfig urat ion, you mus t use st artu p-c onfi g as the destinat ion. •U s e t h e copy file unit command to copy a lo cal file to another switch in t he stack. U se t he copy u nit file command to copy a file from another sw itch in the stack. Note: This switch does not support stacking. • The Boot [...]

  • Página 304

    File Manag ement Commands 35-4 35 The follow ing exampl e shows how to downloa d a configur ation file: This examp le shows ho w to copy a se cure-sit e certificate from an TFTP s erver . It then r eboots the switch to act ivate t he cer tificate: This examp le shows ho w to copy a pub lic-key used by SSH from an TF TP server. Note that pu blic key[...]

  • Página 305

    dir 35-5 35 Command Mode Privileged Exec Command Usage • If the file type i s used for sys tem startup, th en this file cannot be dele ted. • “ Fact ory_ Defa ult _Conf ig. cfg” can not be de let ed. • A colon (:) is required af ter the specifi ed unit num ber. Example This exa mple sho ws how t o delete the test2 .cfg confi guration file[...]

  • Página 306

    File Manag ement Commands 35-6 35 • Fi le i nfor mat ion i s sh own b elow: Example The follow ing exampl e shows how to display al l file informa tion: whichboot This c ommand displays which files were bo oted wh en the syste m powe red up. Syntax whichboot [ unit ] unit - S tack unit. ( Ran ge: Alw ays 1) Default Sett ing None Command Mode Priv[...]

  • Página 307

    boot system 35-7 35 boot system This comm and speci fies the file or image use d to start up the sy stem. Syntax boot syst em [ unit : ] { boot-rom | con fig | opcode } : filename The type of file or i mage to set as a default includes: • boot-rom * - B oot R OM. • config * - Configuration f ile. • opcode * - Ru n-time o peration c ode. • f[...]

  • Página 308

    File Manag ement Commands 35-8 35[...]

  • Página 309

    36-1 Chapter 36: Line Commands Y ou ca n acces s the onboar d configur ation prog ram by attaching a VT1 00 compatible de vice to the server ’s seria l port. These co mman ds are used to set communicati on para meters for th e serial port or T elnet (i.e., a virtu al terminal). line This comm and id entifies a s pecific line for configu ration, a[...]

  • Página 310

    Line Commands 36-2 36 Command Mode Global Co nfigurati on Command Usage T elnet is co nsidered a vir tual termina l connecti on and will be sh own as “VTY” in scree n displays such as show us ers . Ho wever , the serial communicat ion parameter s (e.g., databits) do not affect T e lnet conne ctions. Example T o enter console line m ode, enter t[...]

  • Página 311

    password 36-3 36 • This co mmand c ontrols login au thentica tion via t he sw itch itself . To conf igure user na mes a nd pass words for remo te aut henticati on serv ers, you must us e the RADIUS or TACACS software instal led on those servers. Example Related Commands usernam e (41 -1) pas swo rd (3 6-3) password This comm and speci fies the pa[...]

  • Página 312

    Line Commands 36-4 36 Related Commands login ( 36-2) password -thresh (36- 5) timeout login response This com man d se ts th e inte rva l th at the sys tem waits for a u ser to log into the CLI . Use t he no form to r estore the defau lt setting. Syntax timeout login respons e [ seconds ] no time out login resp onse seconds - Integer that specifies[...]

  • Página 313

    password-thr esh 36-5 36 Default Sett ing CLI: No timeout T elnet: 10 minutes Command Mode Line Co nfigurati on Command Usage • If user input is detected w ithin the timeo ut interv al, the sessi on is kept ope n; otherwise the session is terminat ed. • This c omman d applie s to both the local console and T elnet connect ions. • The timeo ut[...]

  • Página 314

    Line Commands 36-6 36 Related Commands silent-tim e (36-6) silent-time This comm and sets the am ount of tim e the manage ment co nsole is inacc essible after the numbe r of unsuc cessfu l logon attem pts exceed s the thresh old set by the password -thre sh command. Use the no for m to remove th e silent t ime value. Syntax silent-time [ seconds ] [...]

  • Página 315

    parity 36-7 36 Command Usage The da tab i ts comman d can be used t o mask th e high bit on i nput from devices that g enerate 7 data bi ts with parity . If parity is bei ng gene rated, specify 7 data bi ts per char acter . If no par ity is required, specify 8 data bi ts per charact er . Example T o speci fy 7 data bits, enter this com mand : Relat[...]

  • Página 316

    Line Commands 36-8 36 speed This command set s the ter minal line’ s baud rate . This command set s both the transmi t (to termina l) and receiv e (from te rminal) sp eeds. Use the no form to re stor e the defaul t setting. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, 19200, 38400, 57600, 1 15200 bps, or auto) Def[...]

  • Página 317

    disconnect 36-9 36 Example T o speci fy 2 stop bits, enter th is comma nd: disconnect Thi s com mand t ermi nate s an SSH, T el net, or c onsol e co nnect ion . Syntax disconnect sessio n-i d sessio n-i d – The s ession identifier for an SSH, T elnet or con sole connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecifyi ng sess[...]

  • Página 318

    Line Commands 36-10 36 Example T o show all lines, ente r this comm and: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: auto Databits: 8 Parity: none Stopbits: 1 VTY configuration: Password threshold: 3 times Interactive timeout: 600 sec Logi[...]

  • Página 319

    37-1 Chapter 37: Event Logging Command s Thi s sec tio n desc ribe s co mmand s use d to con figur e ev ent logg ing on the swi tch. logging on This comm and cont rols loggin g of error mess ages, se nding deb ug or error messag es to a logging pr ocess. The no for m disa bles the logging proce ss. Syntax [ no ] logging on Default Sett ing None Com[...]

  • Página 320

    Event Logging Comma nds 37-2 37 Related Commands logging hi story ( 37-2) logging trap (37-4) clear log (37-5) logging history This com mand limi ts syslog me ssages sa ved to sw itch memor y based on s everit y . The no form re turns the logging of sys log messages to t he default le vel. Syntax logging history { flas h | ram } leve l no logging h[...]

  • Página 321

    logging host 37-3 37 Example logging host This comm and adds a syslog ser ver host IP address that will receiv e logging messag es. Use the no form to remove a s yslog serv er host. Syntax [ no ] logging host host_ip_ address host_ip_address - The IP address of a syslog server . Default Sett ing None Command Mode Global Co nfigurati on Command Usag[...]

  • Página 322

    Event Logging Comma nds 37-4 37 Command Usage The comm and spec ifies the facilit y type tag sent in sys log messag es. (See RFC 3164. ) This type has no effect on the ki nd of messag es reporte d by the switch . Howeve r , it may be used by the syslog ser ver to sort message s or to store mes sages in the co rrespo nding database . Example logging[...]

  • Página 323

    clear log 37-5 37 clear log This c ommand clears mess ages fro m the l og buffer. Syntax clear lo g [ f lash | ram ] • flas h - Event hist ory store d in flash memo ry (i.e., perm anent mem ory). • ram - Event histor y stored in tem porary R AM (i.e., memo ry flushed on power reset) . Default Sett ing Flash and RAM Command Mode Privileged Exec [...]

  • Página 324

    Event Logging Comma nds 37-6 37 Example The f ollo win g exam ple s hows th at sy stem logg ing is enab led , the mes sag e lev el for flash mem ory is “erro rs” (i.e., defau lt level 3 - 0) , and the mes sage level for RAM is “debugg ing” (i.e., de fault level 7 - 0). The follow ing exampl e displays settings for th e trap functi on. Relat[...]

  • Página 325

    show log 37-7 37 show log This comm and disp lays the log m essages s tored in local memory . Syntax show log { flash | ra m } • flas h - Event hist ory store d in flash memo ry (i.e., perm anent mem ory). • ram - Event histor y stored in tem porary R AM (i.e., memo ry flushed on power reset) . Default Sett ing None Command Mode Privileged Exec[...]

  • Página 326

    Event Logging Comma nds 37-8 37[...]

  • Página 327

    38-1 Chapter 38: SMTP Alert Commands These com mands configure SM TP event han dling, and forwa rding of aler t messag es to the spec ified SMTP se rvers and email recipi ents. logging sendmail host This co mmand sp ecifies SMTP se rvers tha t will be s ent alert m essage s. Use t he no form to r emove an SMTP serv er . Syntax [ no ] logging sendma[...]

  • Página 328

    SMTP Alert Comm ands 38-2 38 Example logging sendmail level This command sets the severit y threshold used to trigger alert mess ages. Syntax logging s endmail level level leve l - One of the system message levels (page 9-1). Messages sent include the selected level down to level 0. (Range: 0-7; Default: 7) Default Sett ing Level 7 Command Mode Glo[...]

  • Página 329

    logging sendmail destination-ema il 38-3 38 Command Usage Y o u may use an sym bolic em ail addre ss that identif ies the switch , or the address of an admini strator r esponsi ble for the sw itch. Example logging sendmail destina tion-email This comm and speci fies the em ail recipie nts of alert messa ges. Use t he no form to remov e a recipient.[...]

  • Página 330

    SMTP Alert Comm ands 38-4 38 Example show logging sendmail This command displays the settings for the SMTP event handler . Command Mode Normal Exec, Priv ileged Exec Example Console(config)#logging sendmail Console(config)# Console#show logging sendmail SMTP servers ----------------------------------------- ------ 192.168.1.19 SMTP minimum severity[...]

  • Página 331

    39-1 Chapter 39: Time Commands The syste m clock can be dynamic ally set by p olling a set of spe cified time servers (NTP or SNTP ). Mai ntain ing an ac cura te t ime on t he sw itc h enab les the syst em l og to record meaningful d ates and times f or event e ntries. If th e clock is not set, the switch will only record th e time from the factory[...]

  • Página 332

    Time Commands 39-2 39 Example Related Commands sntp s erver (3 9-2) sntp p oll ( 39-3) show sn tp (39-3) sntp server This comm and sets the IP address of the se rvers to w hich SNTP time requests are issued. U se the this com mand wi th no argum ents to clear all time servers from the current l ist. Syntax sntp server [ ip1 [ ip2 [ ip3 ]]] ip - IP [...]

  • Página 333

    sntp poll 39-3 39 Related Commands snt p cli ent (3 9-1) sntp p oll ( 39-3) show sn tp (39-3) sntp poll This comm and sets the in terval betwe en send ing time reques ts when the swi tch is set to SNTP client mode. Use the no form to res tore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-[...]

  • Página 334

    Time Commands 39-4 39 Example clock timezone This command set s the t ime zone for t he switch’ s intern al clock. Syntax clock timezone name hou r hours minute minutes { before-utc | after-utc } • name - Nam e of timezo ne, usua lly an acron ym. (Range : 1-29 cha racters) • hours - Num ber of hour s before/ after UTC . (Range: 0-1 3 hours) ?[...]

  • Página 335

    calendar s et 39-5 39 calendar set This comm and sets the sys tem cloc k. It may be used if there is no t ime serve r on your net work, or if you hav e not co nfigured the switc h to recei ve signal s from a time serv er . Syntax calenda r set hour mi n sec { day mont h ye ar | m onth da y yea r } • hour - H our in 24-hour fo rmat. (Range: 0 - 23[...]

  • Página 336

    Time Commands 39-6 39[...]

  • Página 337

    40-1 Chapter 40: SNMP Commands Controls a ccess to th is switch fr om management st ations usin g the Simple Ne twork Manage ment Protoc ol (SNMP ), as well as the error types sent to trap mana gers. SNMP V ersion 3 al so provid es securit y features that cover mes sage integ rity , authenti cation, an d encrypti on; as well as cont rolling use r a[...]

  • Página 338

    SNMP Commands 40-2 40 snmp-server This comm and enabl es the SNMPv3 eng ine and ser vices for all man agement cli ents (i.e., versi ons 1, 2c, 3). Use the no form to dis able the ser ver . Syntax [ no ] sn mp-s erver Default Sett ing Enabled Command Mode Global Co nfigurati on Example show snmp This comm and can be used to chec k the status of SNMP[...]

  • Página 339

    snmp-server c ommunity 40-3 40 Example snmp-server community This comm and define s the SNMP v1 and v2c com munit y access strin g. Use the no form to rem ove the sp ecified co mmunity s tring. Syntax snmp-s erver comm unity str ing [ ro | rw ] no snmp-s erver com munity strin g • strin g - Commu nity strin g that acts like a pa sswor d and permi[...]

  • Página 340

    SNMP Commands 40-4 40 • private - Read/wr ite acce ss. Aut horized m anagem ent stat ions are a ble to bo th ret rieve and modif y MIB obje cts. Command Mode Global Co nfigurati on Example snmp-server contact This comm and sets the sys tem con tact string. Us e the no fo rm to r emo ve the system cont act info rmation. Syntax snmp-s erver contact[...]

  • Página 341

    snmp-s erver host 40-5 40 Command Mode Global Co nfigurati on Example Related Commands snmp- server contac t (40-4) snmp-server host This comm and speci fies the rec ipient of a Simp le Network M anagem ent Protoc ol notificat ion operati on. Use the no form to rem ove the sp ecified host . Syntax snmp-s erver host hos t-addr [ inform [ re try retr[...]

  • Página 342

    SNMP Commands 40-6 40 • SNMP Version: 1 • UDP Port: 162 Command Mode Global Co nfigurati on Command Usage • If you do not en ter an snmp- server hos t comm and, no notifica tions are se nt. In ord er to co nfigure the swi tch to s end S NMP not ifications , you m ust en ter at least one snm p-serve r host com mand. I n order t o enable multip[...]

  • Página 343

    snmp-server enable traps 40-7 40 support s. If the snm p-serve r host co mmand doe s not spec ify the S NMP version, the default is to send SNMP ve rsion 1 not ifications. • If you specif y an S NMP Version 3 host, then t he com munity s tring i s interpret ed as an SNMP user name . If you use the V3 “auth” or “priv” option s, the user na[...]

  • Página 344

    SNMP Commands 40-8 40 conjunc tion with the cor respond ing entries in th e Notify View ass igned by the snmp-s erver gro up comm and (page 4 0-11). Example Related Commands snmp- server ho st (40-5 ) snmp-server engine-id This comm and conf igures an iden tification s tring for the S NMPv3 eng ine. Use the no form to restore the default. Syntax sn[...]

  • Página 345

    show snmp engine -id 40-9 40 • A local eng ine ID is au tomatical ly generat ed that is un ique to th e switch. Th is is referred to as the defau lt engine ID. If the local engi ne ID is dele ted or changed, all SNMP users will be clear ed. You will need to reconfigure all existin g users (page 4 0-14). Example Related Commands snmp- server ho st[...]

  • Página 346

    SNMP Commands 40-10 40 snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove an SNM P view . Syntax snmp-s erver view view-nam e oid-tree { included | excluded } no snmp-s erver vi ew view-n ame • view-name - Name of an SNMP v iew. (Ran ge: 1- 64 cha racters) • oid-tre e - O bje ct id[...]

  • Página 347

    show snmp vie w 40-11 40 sho w sn mp v iew This c ommand shows informati on on the SNM P view s. Command Mode Privileged Exec Example snmp-server group This comm and adds a n SNMP grou p, mappin g SNMP user s to SNMP view s. Use the no form to remove an SNMP group. Syntax snmp-s erver gro up groupna me { v1 | v2c | v3 { auth | noauth | priv }} [ re[...]

  • Página 348

    SNMP Commands 40-12 40 • writeview - Defines the view for write ac cess. (1-6 4 charact ers) • notifyvie w - Defines the view for notificati ons. (1-64 ch aracters) Default Sett ing • Default gr oups: pu blic 1 (read on ly), private 2 (read/write ) • readvi ew - Every obj ect belonging to the Inte rnet OID space (1.3.6.1). • writevie w - [...]

  • Página 349

    show snmp group 40-13 40 show snmp group Four def ault groups are pr ovided – SNMP v1 read-o nly acce ss and read /write access, and SNMP v2c read -only acces s and read /write acc ess. Command Mode Privileged Exec Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview Write View: daily Notify View: none Sto[...]

  • Página 350

    SNMP Commands 40-14 40 snmp-server user Thi s com mand a dds a use r t o an S NMP gr oup , res tri ctin g th e us er to a spe cif ic SNMP Re ad, Write, or No tify View . U se the no f orm to re move a user from an SN MP group. Syntax snmp-s erver user us ername groupn ame [ remote ip-addres s ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sh a } a[...]

  • Página 351

    show snmp user 40-15 40 Command Usage • The SNM P engine ID is used to comp ute the auth enticatio n/privacy di gests from the password. You should ther efore conf igure the en gine ID with the snmp-s erver engin e-id comm and befor e using this config uration co mmand. • Before y ou configur e a remote u ser, use the snmp -serve r en gine -id [...]

  • Página 352

    SNMP Commands 40-16 40 T ab le 40-5 sh ow snm p user - di splay d escription Field Descr iption EngineId String identifying the engin e ID. User Nam e Na me of u ser conne cting to th e SNMP a gent. Auth ent icat ion Pr ot ocol T he aut hen tica tion proto col used w ith SN MPv 3. Privacy P rotocol The p rivacy prot ocol us ed with SN MPv3. Storage[...]

  • Página 353

    41-1 Chapter 41: User Auth entication C ommands Y o u can config ure this swi tch to authen ticate use rs logging into the sys tem for manage ment ac cess using l ocal or remot e authen tication me thods. User Account Commands The bas ic com mands required for ma nageme nt acc ess ar e liste d in this section . This switc h also include s other op [...]

  • Página 354

    User Authenticatio n Commands 41-2 41 • access- level leve l - Specifies the user level. The devic e has two prede fined pri vilege levels: 0 : Normal Exec, 15 : Privileged Ex ec. • nopasswor d - No password is require d for thi s user to l og in. •{ 0 | 7 } - 0 means pl ain pass word, 7 mea ns encryp ted passwo rd. • password pass word - T[...]

  • Página 355

    Authentication Seq uence 41-3 41 Default Sett ing • The defau lt is level 15. • The defau lt passw ord is “supe r” Command Mode Global Co nfigurati on Command Usage • You c annot set a null passwor d. You will hav e to ent er a pa ssword t o chan ge the comm and mode from Normal Exe c to Privileg ed Exec with the en able comma nd (p age 3[...]

  • Página 356

    User Authenticatio n Commands 41-4 41 • t aca cs - Use TACACS server pas sword. Default Sett ing Local Command Mode Global Co nfigurati on Command Usage • RADIUS uses UDP while T ACACS+ uses TCP . UDP on ly of fers best ef fort delivery , while TCP offers a co nnection- oriented tr ansport. Als o, note that RADIUS encryp ts only the p assword i[...]

  • Página 357

    RADIUS Clie nt 41-5 41 Command Usage • RADIUS uses UDP while T ACACS+ uses TCP . UDP on ly of fers best ef fort delivery , while TCP offers a co nnection- oriented tr ansport. Als o, note that RADIUS encryp ts only the p assword in th e access- request packet fro m the client to th e server, whil e TACACS+ encrypts the entire bod y of the packe t[...]

  • Página 358

    User Authenticatio n Commands 41-6 41 radius-ser ver host This comm and speci fies prim ary and bac kup RADI US server s and auth entication par amet ers that ap ply t o each se rver . Use the no form to rest ore the def ault values. Syntax [ no ] radius -se rver in de x host { host _i p_add ress | host_alias } [ auth-por t auth_por t ] [ timeout t[...]

  • Página 359

    RADIUS Clie nt 41-7 41 Command Mode Global Co nfigurati on Example radius-ser ver key This comm and sets the R ADIUS en cryption key . Use the no form to rest ore the default. Syntax radi us-s erve r key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client. Do not use bl ank spaces in the string. [...]

  • Página 360

    User Authenticatio n Commands 41-8 41 radius-ser ver timeout This comm and sets the in terval betwe en transmi tting auth entication requests to the RADIUS server . Use the no for m to resto re th e de fa ult. Syntax radius-server t imeout numb er_of_sec onds no radius-server timeou t number_of_seconds - Number of seconds the switch waits for a r e[...]

  • Página 361

    T AC ACS+ Clie nt 41-9 41 TACACS+ Client T erminal Acce ss Controller Access Con trol System (T ACA CS+) is a logon authenti cation pro tocol that us es software ru nning on a cent ral server to control access t o T ACACS -aware de vices on t he networ k. An authenti cation ser ver contains a d atabase o f multiple user na me/passwo rd pairs wi th [...]

  • Página 362

    User Authenticatio n Commands 41-10 41 Default Sett ing 49 Command Mode Global Co nfigurati on Example tacacs-server key This comm and sets the T ACACS+ enc ryption k ey . Use the no form to re store the default. Syntax t aca cs-serv er key ke y_string no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the clien[...]

  • Página 363

    Web Server Commands 41-11 41 Web Server Commands This secti on describ es comman ds used to configure we b brows er managem ent access t o the switch . ip http port This comm and speci fies the TC P port numbe r used by the we b browse r interface . Use t he no form to us e the defaul t port. Syntax ip http port port- number no ip http port port-nu[...]

  • Página 364

    User Authenticatio n Commands 41-12 41 Command Mode Global Co nfigurati on Example Related Commands ip http port (41- 1 1) ip http secure-s erver This comm and enable s the secur e hypertex t transfer prot ocol (HTTPS) over the Secure Socket Lay er (SSL ), providing secur e access (i.e., an encrypt ed conn ection) to the swit ch’s web interfac e.[...]

  • Página 365

    Web Server Commands 41-13 41 • The follo wing web br owsers a nd opera ting system s current ly support H TTPS: • To specify a secure-si te certificate, see “Replac ing the Defa ult Secure-si te Certific ate” on page 12 -6. Also refer to the copy comm and on page 35-2. Example Related Commands ip http secu re-port (41-13) copy tftp https-ce[...]

  • Página 366

    User Authenticatio n Commands 41-14 41 Related Commands ip ht tp secu re-s erve r (41 -12 ) Telnet Server Commands This secti on describ es comman ds used to configure T elnet man agement access t o the switch . ip tel net server This command allows this device to be monitored or configured from T elnet. It also specifie s the TCP port numb er used[...]

  • Página 367

    Secure Shell Com mands 41-15 41 Secure Shell Command s Thi s sect ion de scri bes the comma nds us ed to co nfig ure th e SSH ser ver . Note th at you al so need to ins tall a SSH client on the manage ment station wh en using this protocol to configure t he switch. Note: The switch supports both SSH Version 1.5 and 2.0 clients. Configuration Guid e[...]

  • Página 368

    User Authenticatio n Commands 41-16 41 2. Provide Host Public Key to Client s – Many SSH client p rograms automatically import the host public key during the i nitial connec tion setup with the switc h. Otherwi se, you n eed to manu ally create a known h osts file on the manage ment station and place the ho st public key in it. An entry for a pu [...]

  • Página 369

    Secure Shell Com mands 41-17 41 c.If a matc h is found, the s witch use s its secret key to gen erate a rand om 256-bit string as a ch allenge, enc rypts this string with the user ’ s public ke y , and send s it to the cli ent. d.The clie nt uses its privat e key to decryp t the cha llenge string, computes the MD5 checksum, and sends t he checks [...]

  • Página 370

    User Authenticatio n Commands 41-18 41 Example Related Commands ip ssh cryp to host-k ey genera te (41-20) show ss h (41-22) ip ssh t imeout This comm and conf igures th e timeout for the SSH se rver . Use the no form to restore the defaul t setting. Syntax ip s sh timeout seconds no ip ssh time out seconds – The timeout for client response durin[...]

  • Página 371

    Secure Shell Com mands 41-19 41 ip ssh aut hentication-ret ries This comm and conf igures the num ber of time s the SSH serve r attempts to rea uthe ntic ate a us er . Use th e no form to restore t he default setting. Syntax ip s sh authent ication-re tries co unt no ip ssh au thenticati on-retri es count – The num ber of authentication attempts [...]

  • Página 372

    User Authenticatio n Commands 41-20 41 delete publ ic-key This comm and dele tes the spec ified user ’ s public ke y . Syntax delete public-key userna me [ dsa | rsa ] • usernam e – N ame of an SSH user . (Range: 1-8 c haracters ) • dsa – DSA pu blic key type. • rsa – RSA p ublic key ty pe. Default Sett ing Deletes both the DSA and RS[...]

  • Página 373

    Secure Shell Com mands 41-21 41 Related Commands ip ssh crypt o zeroize (4 1-21) ip ssh sav e host-ke y (41-21 ) ip ssh cr ypto zero ize This comm and clea rs the host key f rom mem ory (i.e. RAM ). Syntax ip ssh cryp to zero ize [ dsa | rsa ] • dsa – DSA ke y type. • rsa – RSA key type. Default Sett ing Clears bo th the DSA and RSA ke y . [...]

  • Página 374

    User Authenticatio n Commands 41-22 41 Example Related Commands ip ssh cryp to host-k ey genera te (41-20) show ip ssh This comm and disp lays the con nection se ttings use d when au thenticating client access to th e SSH server . Command Mode Privileged Exec Example show ssh This comm and disp lays the curr ent SSH server connectio ns. Command Mod[...]

  • Página 375

    Secure Shell Com mands 41-23 41 show public-key Thi s com mand s hows the publ ic ke y fo r th e sp ecifi ed u ser or fo r th e ho st. Syntax show p ublic-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys . Command Mode Privileged Exec Command Usage • I f no para mete[...]

  • Página 376

    User Authenticatio n Commands 41-24 41 Example IP Filter Commands This secti on describ es comman ds used to configure I P manage ment acces s to the switch . management This comm and speci fies the clien t IP address es that a re allowed ma nagemen t access t o the switch through vari ous protoc ols. Use the no form to re store the default se ttin[...]

  • Página 377

    IP Filter Com mands 41-25 41 Command Mode Global Co nfigurati on Command Usage • If anyo ne tries to a ccess a m anag ement inter face on the switch from an in valid address , the swit ch will rej ect the con nection, enter an ev ent messa ge in th e system l og, and sen d a trap mess age to the trap manager . • IP addre ss can be configured f [...]

  • Página 378

    User Authenticatio n Commands 41-26 41 Example Console#show management all-client Management Ip Filter HTTP-Client: Start IP address End IP address ----------------------------------------- ------ 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address ----------------------------------------- ------ 1[...]

  • Página 379

    42-1 Chapter 42: Port Security Commands These com mands can be used t o enable port se curity on a po rt. When us ing port securi ty , the swi tch stops l earning n ew MA C address es on th e specifi ed port w hen it has r eache d a conf igur ed max imum nu mber . Only inco ming t raf fic with so urce address es alrea dy stored in the dynamic or st[...]

  • Página 380

    Port Security Commands 42-2 42 Command Usage • If you e nable p ort se curity, t he switch stops l earning n ew MA C add resses on the spec ified port whe n it has reac hed a configu red max imum numb er. Only incomin g traffic wi th source address es already stored in the dyna mic or st atic address table will be ac cepted . • First use the po[...]

  • Página 381

    43-1 Chapter 43: 802.1X Port Authentication The switch su pports IEEE 802 .1X (dot 1x) port-base d access co ntrol tha t prevents unautho rized acce ss to the ne twork by requ iring user s to first subm it creden tials for authenti cation. Client authenti cation is con trolled cent rally by a RAD IUS server using EAP (Exten sible Authenticatio n Pr[...]

  • Página 382

    802.1X Port Authentication 43-2 43 dot1x default This comm and sets all conf igurable dot1x globa l and port sett ings to their def ault values. Command Mode Global Co nfigurati on Example dot1x max-req This co mmand se ts the maxi mum num ber of times th e switch p ort will retransmi t an EAP request/identity packet to the client before it times o[...]

  • Página 383

    dot1x oper ation-mode 43-3 43 • force- authorized – Confi gures the p ort to gr ant access to all c lients, eit her dot1x- aware or othe rwise. • force-unau thorized – C onfigur es the port to de ny access t o all clients, either dot1x -aware or otherwise . Default force-au thorized Command Mode Interface C onfigur ation Example dot1x opera[...]

  • Página 384

    802.1X Port Authentication 43-4 43 Example dot1x re-authenticate This comm and forces re-authen tication on all ports or a specific interface. Syntax dot1x re- authenticat e [ interface ] interfa ce • etherne t unit / port - unit - S tack unit. (Ran ge: A lway s 1) - port - Por t nu mber . (Ra nge: 1-24 /48) Command Mode Privileged Exec Command U[...]

  • Página 385

    dot1x timeout quie t-period 43-5 43 • The con nected clien t is re-authe nticated after the inter val specified by the dot1x ti meout re-aut hperiod co mman d. The default i s 3600 second s. Example Related Commands dot 1x t imeou t r e-aut hper io d (43- 5) dot1x timeout quiet-period This comm and sets the tim e that a sw itch port waits after t[...]

  • Página 386

    802.1X Port Authentication 43-6 43 Command Mode Interface C onfigur ation Example dot1x timeout tx-period This comm and sets the time tha t an interface on t he switch w aits during an authenti cation sessi on before re -transmitti ng an EAP packe t. Use the no form to reset to th e default val ue. Syntax dot1x ti meout tx-p eriod seconds no do t1x[...]

  • Página 387

    show dot1x 43-7 43 Command Usage This command displays the following information: • Global 8 02.1X Par ameters – Shows whet her or not 80 2.1X port authenti cation is globa lly enab led on the sw itch. • 802.1X Po rt Summary – Dis plays the por t access control para meters fo r each inter face that h as enabled 80 2.1X, incl uding the fol l[...]

  • Página 388

    802.1X Port Authentication 43-8 43 • Request Coun t– Numb er of EAP Reques t pa ckets sent to the Su pplicant without re ceiving a r esponse. • Identifi er(Server)– Identi fier carri ed in the most r ecent EAP Success, Failure or R equest pack et receive d from the Authen tication Ser ver. • Reauthe ntication State M achine • State– C[...]

  • Página 389

    44-1 Chapter 44: Access Cont rol List Commands Access C ontrol Lists (AC L) provid e packet filtering f or IPv4 frame s (based on addr ess, prot ocol , Laye r 4 prot ocol port number or TCP co ntro l code ), IPv6 fra mes (based on add ress, next h eader ty pe, or flow l abel), or any f rames ( based o n MA C address or Ethernet type). To filter pac[...]

  • Página 390

    Access C ontrol Lis t Commands 44-2 44 access-lis t ip This co mmand ad ds an IP acce ss list an d enter s configu ration mo de for standard or extende d IPv4 AC Ls. Use the no form to remove the s pecified ACL. Syntax [ no ] access-list ip { st andar d | ext ende d } acl_na me • standar d – Specifies an AC L that filte rs packets ba sed on the[...]

  • Página 391

    IPv4 ACLs 44-3 44 Default Sett ing None Command Mode S tandard IPv4 ACL Command Usage • New rules are append ed to the end of the list. • Address bitmask s are simil ar to a subn et mask, containi ng four inte gers from 0 to 25 5, each separa ted by a p eriod. T he bina ry mas k uses 1 bits to i ndicate “match” and 0 bits to indicate “ ig[...]

  • Página 392

    Access C ontrol Lis t Commands 44-4 44 • host – Keywo rd followe d by a specific IP address. • precede nce – IP pre cedence lev el. (Ran ge: 0-7) • tos – Type of Ser vic e l evel . (Ran ge: 0-15 ) • dscp – DSCP p rior ity lev el. (Ran ge: 0-63 ) • sport – Prot ocol 1 sour ce port num ber. (Range : 0-6553 5) • dport – Prot oc[...]

  • Página 393

    IPv4 ACLs 44-5 44 Example This e xample accepts a ny incom ing pac kets if the sourc e addre ss is wi thin su bnet 10.7.1.x . For example, if th e rule is matched; i.e ., the rule (10.7.1. 0 & 255.255 .255.0) equals the masked ad dress (1 0.7.1.2 & 25 5.255.255 .0), the packet pass es through. This allow s TCP packets from cla ss C addres s[...]

  • Página 394

    Access C ontrol Lis t Commands 44-6 44 ip access-g roup This comm and bind s a port to an IPv4 ACL. Use t he no form to r emove the port. Syntax [ no ] ip access-group acl_na me in • acl_name – Name o f the ACL. (Max imum length: 16 c haracters ) • in – Indicat es th at this l ist app lies to i ngress packets . Default Sett ing None Command[...]

  • Página 395

    IPv6 ACLs 44-7 44 IPv6 ACLs The com mands in thi s secti on conf igure A CLs b ased on IPv6 address es, ne xt header type , and flow la bel. T o confi gure IPv6 AC Ls, first crea te an access l ist containing the required pe rmit or deny rules, and t hen bind the access list to one or more por ts access-lis t ipv6 This co mmand ad ds an IP acce ss [...]

  • Página 396

    Access C ontrol Lis t Commands 44-8 44 Example Related Commands permit , deny (44-8) ipv6 a ccess-g roup (44-1 1) show ipv6 a ccess-l ist (44 -10) permit , deny (Standard IPv 6 ACL) This comm and adds a rule to a S tandard IPv6 ACL . The rule sets a filter co ndition for packets ema nating from the specif ied source . Use the no form to remove a ru[...]

  • Página 397

    IPv6 ACLs 44-9 44 permit , deny (Extended IPv6 ACL) This co mmand ad ds a rule to an Ex tended IPv 6 ACL. The rule s ets a filter c ondition for packets with spe cific des tination IP addresse s, next heade r type, or flo w label. Use t he no form to r emove a rule. Syntax [ no ] { permit | deny } { any | desti nat ion- ipv6 -add res s [ /prefix-le[...]

  • Página 398

    Access C ontrol Lis t Commands 44-10 44 e.g., in a hop- by-hop op tion. A flow is un iquely ide ntified by the co mbina tion of a sou rce address and a non-zero f low label. Packets that do not be long to a flow carry a flow label of zero. • Optiona l interne t-layer i nformati on is en coded in sepa rate headers that m ay be place d between the [...]

  • Página 399

    IPv6 ACLs 44-11 44 Command Mode Privileged Exec Example Related Commands permit , deny (44-8) ipv6 a ccess-g roup (44-1 1) ipv6 access-group This comm and bind s a port to an IPv6 ACL. Use t he no form to r emove the port. Syntax [ no ] ipv6 acces s-group acl_na me in • acl_name – Name o f the ACL. (Max imum length: 16 c haracters ) • in – [...]

  • Página 400

    Access C ontrol Lis t Commands 44-12 44 Example Related Commands ipv6 a ccess-g roup (44-1 1) MAC ACLs The com mands in this secti on confi gure A CLs b ased on hardwa re addr esses, packet form at, and Ethernet type. T o conf igure MAC AC Ls, first create an ac cess list containing the required pe rmit or deny rules, and t hen bind the access list[...]

  • Página 401

    MAC ACLs 44-13 44 • An ACL c an co ntai n up to 3 2 ru les. Example Related Commands permit , deny (44-13 ) mac a ccess-g roup ( 44-15) show mac a ccess -list (44 -14) permit , deny (MAC ACL) This comm and adds a rule to a MAC ACL . The rule filters packets matching a specifie d MAC sour ce or dest ination addr ess (i.e., physical laye r address [...]

  • Página 402

    Access C ontrol Lis t Commands 44-14 44 • source – Source M AC addres s. • destinat ion – Dest ination MAC ad dress ra nge with b itmask. • address - bitmas k 2 – Bit mask for MAC ad dre ss (i n hexi deci mal format ). • vid – VLAN ID. (R ange: 1-409 3) • vid-bi tmask 2 – VLAN bitm ask. (Ran ge: 1-4093) • protocol – A s peci[...]

  • Página 403

    MAC ACLs 44-15 44 Example Related Commands permit , deny 44-13 mac a ccess-g roup ( 44-15) mac access-group This comm and binds a po rt to a MAC AC L. Use the no form to remove the p ort. Syntax mac a ccess-group acl_ name in • acl_name – Name o f the ACL. (Max imum length: 16 c haracters ) • in – Indicat es th at this l ist app lies to i n[...]

  • Página 404

    Access C ontrol Lis t Commands 44-16 44 Example Related Commands mac a ccess-g roup ( 44-15) ACL Information Thi s sect ion de scri bes command s used t o disp lay ACL info rmat ion. show access-list This comm and show s all IPv4 AC Ls and asso ciated rules . Command Mode Privileged Exec Example show access-group Thi s comma nd show s the po rt ass[...]

  • Página 405

    ACL Informati on 44-17 44 Example Console#show access-group Interface ethernet 1/2 IP standard access-list david MAC access-list jerry Console#[...]

  • Página 406

    Access C ontrol Lis t Commands 44-18 44[...]

  • Página 407

    45-1 Chapter 45: Inte rface Commands Thes e comma nds ar e used t o disp lay or set comm unic atio n par amet ers for an Ethernet p ort, aggregate d link, or VLAN. interface This comm and conf igures an inte rface type and enter inter face configu ration mode . Use t he no form to r emove a trunk. Syntax inte rfac e in terf ace no interface port-ch[...]

  • Página 408

    Interface Com mands 45-2 45 Command Mode Global Co nfigurati on Example T o speci fy port 4, enter t he following command: description This comm and adds a description to an interfac e. Use the no form to r emove the descri ption. Syntax description string no description string - Comment or a description to help you remember what is attached to thi[...]

  • Página 409

    negotiation 45-3 45 Default Sett ing • Auto-ne gotiation is enabled by default. • When aut o-negoti ation is disa bled, the def ault speed- duplex set ting is: -Gig abit Ether net ports – 1000 full ( 1 Gbp s fu ll- dupl ex) Command Mode Interface C onfigur ation (Ether net, Port Ch annel) Command Usage • To force operation to the speed and [...]

  • Página 410

    Interface Com mands 45-4 45 • If aut onegotiation is d isabled, auto-MDI/MDI- X pin signal configuration will also be disa bled for th e RJ-45 por ts. Example The fo llowing example configur es por t 1 1 t o use autone gotiation. Related Commands capabilit ies (45- 4) speed-d uplex (45- 2) capabilities Thi s comma nd adve rti ses th e port ca p a[...]

  • Página 411

    flowcontrol 45-5 45 Example The follow ing exampl e configur es Etherne t port 5 capabilit ies to 100half and 100fu ll. Related Commands negotiat ion (45-3) speed-d uplex (45- 2) flowco ntrol (45-5) flowcontrol This comm and enabl es flow contr ol. Use the no form to disa ble f low con trol . Syntax [ no ] flowcontrol Default Sett ing Disabled Comm[...]

  • Página 412

    Interface Com mands 45-6 45 Related Commands negotiat ion (45-3) capabilitie s (flowcontr ol, symmet ric) (45-4) media-type This co mmand f orces the port type sel ected for comb ination por ts 21-24/4 5-48. Use the no form to restor e the default mode. Syntax media-type mode no media-type • mode - copper -forced - Always use s the built-in RJ-45[...]

  • Página 413

    clear count ers 45-7 45 Command Usage This comm and allows you to disabl e a port due to ab normal beh avior (e.g., exces sive collisi ons), and the n reenable it after the problem ha s been resolved. Y ou m ay also wan t to disable a po rt for secur ity reasons. Example The follow ing exampl e disables por t 5. clear counters This comm and clea rs[...]

  • Página 414

    Interface Com mands 45-8 45 show interfaces status This comm and disp lays the status for an interface . Syntax show in terface s status [ in terf ace ] interfa ce • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Por t nu mber . (Ra nge: 1-24 /48) • port-chann el cha nnel-id (Rang e: 1-24) • vlan vlan-i d (Ra nge: 1-4[...]

  • Página 415

    show interf aces counters 45-9 45 show interfaces counter s This c ommand displays inte rface statist ics. Syntax show i nterface s cou nters [ inte rface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Port num ber. (Rang e: 1-24/48 ) • port-chann el cha nnel-id (Rang e: 1-24) Default Sett ing Shows the c[...]

  • Página 416

    Interface Com mands 45-10 45 show interfaces switchp ort This comm and disp lays the admi nistrative an d operat ional status of th e specified int erfa ce s. Syntax show i nterface s switc hport [ inte rface ] interfa ce • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Por t nu mber . (Ra nge: 1-24 /48) • port-chann el[...]

  • Página 417

    show interfaces switc hport 45-11 45 VLAN memb ershi p mode Indi cat es mem bers hip mode as Tr unk or Hyb rid ( page 5 2-8 ). Ingress ru le Shows if i ngress filtering is enabled o r disab led (page 52-9). Acceptab le fram e type Shows if a ccepta ble VLAN frames in clude all ty pes or tagged fra mes only (page 52-9). Native VL AN Ind icates the d[...]

  • Página 418

    Interface Com mands 45-12 45[...]

  • Página 419

    46-1 Chapter 46: Link Ag gregation Commands Ports can be statica lly grouped i nto an aggreg ate link (i.e. , trunk) to incr ease the bandwidth of a network co nnection or to ensure fa ult recove ry . Or you c an use the Link Aggr egation Con trol Protoc ol (LACP) to aut omatically ne gotiate a tru nk link between this sw itch and anothe r netwo rk[...]

  • Página 420

    Link Aggregation Commands 46-2 46 • Al l the po rts i n a trun k have to be trea ted as a whol e when mov ed fro m/to , added or de leted from a VLAN via the spe cified port -channe l. • STP, VLAN , and I GMP sett ings can o nly be m ade for the entire tr unk via t he specifi ed port-cha nnel. Dynami cally Crea ting a Port Chann el – Ports as[...]

  • Página 421

    port channe l load-balance 46-3 46 port channel load-balanc e This c ommand sets the load-dis tribution method among ports in aggreg ated link s (for bot h static a nd dyna mic tr unks). U se the no for m to res tore the defa ult s ett ing . Syntax port chann el load-balan ce { dst -ip | dst-mac | src-ds t-i p | src-dst-mac | src-ip | src-mac } no [...]

  • Página 422

    Link Aggregation Commands 46-4 46 - src-dst- ip : All traffic wit h the same so urce and de stination I P address is output on the sam e link in a trun k. This m ode work s best for switch- to-router tru nk li nks w her e traf fic thro ugh the sw itc h is r ecei ved f rom an d dest in ed fo r many dif fer ent ho sts. - src-dst -mac : All traffi c w[...]

  • Página 423

    lacp syst em-priority 46-5 46 Example The follow ing shows L ACP enabl ed on ports 10-1 2. Because LA CP has al so been enabled on the ports at the oth er end of the lin ks, the show i nterfaces s t atus port-chann el 1 comm and show s that Trunk1 has bee n established. lacp system-priority This c ommand configur es a p ort's LAC P sys tem pri[...]

  • Página 424

    Link Aggregation Commands 46-6 46 Command Mode Interface C onfigur ation (Ether net) Command Usage • Port must be configur ed with the s ame system priority to join the same LAG. • System priority is comb ined with t he switch’ s MAC addr ess to form th e LAG ide nti fier . Th is i dent ifi er i s us ed t o indi cat e a sp ecif ic LAG d urin [...]

  • Página 425

    lacp admin- key (Port Channel) 46-7 46 • Once the re mote sid e of a link has been establis hed, LACP op erational settings are already in use on that side. Configu ring LACP set tings for the partne r only applies to its admin istrative sta te, not its op erationa l state, and will only tak e effect the ne xt time an agg regate li nk is establi [...]

  • Página 426

    Link Aggregation Commands 46-8 46 lacp port-priority This comm and conf igures LAC P port priorit y . Use the no form to rest ore the defaul t setting. Syntax lacp { actor | par t n e r } port-priority priority no lacp { actor | pa r t n er } po rt-p rior ity • actor - Th e local side an ag gregate link . • partner - The remot e si de of an agg[...]

  • Página 427

    sho w lac p 46-9 46 Default Sett ing Port Ch annel: a ll Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel: 1 ----------------------------------------- -------------------------------- Eth 1/ 2 ----------------------------------------- -------------------------------- LACPDUs Sent: 10 LACPDUs Receive: 5 Marker Sent: 0 M[...]

  • Página 428

    Link Aggregation Commands 46-10 46 T able 46-3 show lacp internal - display d escripti on Field Descr iption Oper Key Cu rrent o perational value of th e key for the agg regation p ort. Admin Ke y Cu rrent a dministrativ e value o f the key fo r the agg regatio n port. LACPDUs Intern al Numb er of secon ds before invalidatin g rece ived LACP DU inf[...]

  • Página 429

    show port-c hannel load-bal ance 46-11 46 show port-channel load-b alance This comm and show s the settin g of the aggre gated link load -balanc e method. Default Sett ing None Command Mode Privileged Exec Partner A dmin Port Num ber Current admini strative va lue of the port nu mber for th e protoco l Partner. Partner O per Port Num ber Operatio n[...]

  • Página 430

    Link Aggregation Commands 46-12 46 Example Console#show port-channel load-balance Source and destination IP address Console#[...]

  • Página 431

    47-1 Chapter 47: Broad cast Storm Control Comm ands These com mand s can be us ed to enab le broa dcast storm contro l on a port. Y ou can protect yo ur network f rom broad cast storm s by setting a threshold for broadcas t traffic for each po rt. Any broa dcast packe ts exceeding the specified threshold will then b e dropp ed. switchport broadcast[...]

  • Página 432

    Broadcast Storm C ontrol Command s 47-2 47[...]

  • Página 433

    48-1 Chapter 48: Mirror Port Commands This secti on describ es how to mir ror traffic from a so urce port to a target port. port monitor This c ommand config ures a m irror session. Use the no form to clear a m irror session . Syntax port mo nitor interfa ce [ rx | tx | bot h ] no port monitor in terf ac e • interface - ethe rnet unit / port (sou[...]

  • Página 434

    Mirror Por t Commands 48-2 48 Example The follow ing exampl e configur es the swit ch to mirror al l packets from port 6 to 1 1: show port monitor This command displays mirror informa tion. Syntax sh ow port mon itor [ in terf ace ] interfa ce - ether net unit / port (source port) • unit - Stack un it. (Range : Always 1) • port - Por t nu mber [...]

  • Página 435

    49-1 Chapter 49: Rate Lim it Comm ands This funct ion allows th e network manager to c ontrol the m aximum rat e for traffic transmi tted or recei ved on an inte rface. Rat e limiting is co nfigured on interfaces at the edg e of a n etwork to limit tra ffic into or ou t of the network . T raffic that f alls within the rate lim it is transmit ted, w[...]

  • Página 436

    Rate Limit Command s 49-2 49[...]

  • Página 437

    50-1 Chapter 50: Address Table Commands Thes e comma nds ar e used to conf igur e the ad dres s ta ble fo r fil teri ng spe cifi ed addr esse s, di spla yin g curr ent en tri es, cle arin g the t abl e, or setti ng th e agin g time . mac-address-table stati c This comm and maps a static ad dress to a desti nation por t in a VLAN. Use the no form to[...]

  • Página 438

    Address T able Commands 50-2 50 Command Usage The static add ress for a host de vice can be assigned to a specific po rt within a specifi c VLAN. Use this command t o add static addres ses to the MA C Address T able. S tatic addres ses have the fo llowing ch aracterist ics: • Static a ddresses will n ot be removed fr om the address tab le when a [...]

  • Página 439

    show mac-addr ess-table 50-3 50 show mac-address-table This comm and show s classes o f entries in the br idge-fo rwarding da tabase. Syntax show mac -addres s-t able [ address mac-addr ess [ ma sk ]] [ interf ace interface ] [ vlan vlan-id ] [ sort { address | vlan | interface }] • mac-a ddress - MAC a ddress. • mask - Bits to match in the add[...]

  • Página 440

    Address T able Commands 50-4 50 mac-address-table agin g-time This comm and sets the agi ng time for entries in the add ress table. Us e the no form to restor e the default ag ing time. Syntax mac-ad dress-table agi ng-time se conds no mac-add ress -t abl e agin g-ti me seconds - Aging time. (Range: 10-1000000 seconds; 0 to disable aging) Default S[...]

  • Página 441

    51-1 Chapter 51: Spanning Tree Commands This secti on include s command s that conf igure the Sp anning T ree Algorithm (ST A) globally fo r the switch , and comm ands that co nfigure ST A for the select ed interface . T able 51-1 Spannin g T ree Com mands Comman d F unction Mo de Page span nin g-tr ee Enable s the s pann ing t ree pr ot ocol GC 51[...]

  • Página 442

    Spanning Tree Commands 51-2 51 spanning-tree This comm and ena bles the Spanning Tree Algorithm g lobally fo r the switch . Use the no form to d isable it. Syntax [ no ] sp anning-tree Default Sett ing S panning tree is ena bled. Command Mode Global Co nfigurati on Command Usage The S panning Tree Algorithm (ST A) can be used to dete ct and disable[...]

  • Página 443

    spanning-tree forward-ti me 51-3 51 Command Usage • Spannin g Tree Protoc ol Uses RSTP for the i nternal state machine, but sends only 802.1D BPDUs. - This creates one spanning t ree instan ce for the en tire network . If multiple VLANs ar e impleme nted on a netw ork, the pat h between sp ecific VLA N memb ers may be in advertent ly disabled to [...]

  • Página 444

    Spanning Tree Commands 51-4 51 Default Sett ing 15 seco nds Command Mode Global Co nfigurati on Command Usage This co mmand set s the maximum ti me (in se conds) t he root device wil l wait before changing sta tes (i.e., disc arding to learning to forward ing). This d elay is required because eve ry devic e must rece ive informa tion about topology[...]

  • Página 445

    spanning-tr ee max-age 51-5 51 spanning-tree max-age Thi s comma nd conf igu res th e span ning tre e brid ge maxi mum age gl obal ly for th is switch. Use the no fo rm to res tore the defa ult. Syntax spanning-tree m ax-age se conds no spanning-tree max-age seconds - T ime in seconds. (Range: 6-40 seconds) The minimum value i s the higher of 6 or [...]

  • Página 446

    Spanning Tree Commands 51-6 51 Default Sett ing 32768 Command Mode Global Co nfigurati on Command Usage Bridge prior ity is used in se lecting the root device, ro ot port, and des ignated port. The de vice with th e highest prio rity (i.e., lowe r numeri c value) beco mes the ST A root device. How ever , if all devices have th e same priori ty , th[...]

  • Página 447

    spanning-tree transmission- limit 51-7 51 spanning-tree transmiss ion-limit This c ommand configur es the minimu m inte rval bet ween the transm ission of consecutive RSTP/MST P BPDUs. Use the no form to restore the default. Syntax spanning-tree tr ansmissi on-limit count no spanning-tree t ransmiss ion-limit count - The transmission limit in secon[...]

  • Página 448

    Spanning Tree Commands 51-8 51 mst vlan Thi s com mand ad ds VLA Ns to a sp anni ng tr ee i nst anc e. Us e th e no form t o remove the spec ified VLAN s. Using t he no form without a ny VLAN param eters to re move all VLANs. Syntax [ no ] mst instance_i d vlan vlan-r ang e • instance _id - Insta nce identi fier of the spann ing tree. (Range: 0-4[...]

  • Página 449

    mst priority 51-9 51 mst priority This c ommand configur es the priorit y of a s panning tree ins tance. Use the no form to restor e the default. Syntax mst instance_id prior ity priority no mst instance_ id prio ri ty • instance _id - Insta nce identi fier of the spann ing tree. (Range: 0-40 94) • priority - Priority of the a span ning t ree i[...]

  • Página 450

    Spanning Tree Commands 51-10 51 Command Usage The MST re gion name an d revision number (page 51- 10) are used to designa te a unique M ST region. A bridge (i.e., spann ing-tree compliant device suc h as th is s witc h) ca n only bel ong to one MST reg ion. And a ll b ridg es in the same re gion must be con figured w ith the same MST instances . Ex[...]

  • Página 451

    max-hops 51-11 51 max-hops This comm and conf igures the maximum nu mber of hops i n the region bef ore a BPDU is discarde d. Use the no form to re store the de fault. Syntax max-h op s hop-numb er hop-number - M aximum hop number for multiple spanning tree. (Range: 1-40) Default Sett ing 20 Command Mode MST Conf iguration Command Usage An MSTI re [...]

  • Página 452

    Spanning Tree Commands 51-12 51 spanning-tree cost This comm and conf igures the spanning tree path cost for the spec ified inter face. Use t he no form to re store the d efault. Syntax spanning-tree cost co st no spanning-tree co st cost - T he path cost for the por t. (Range: 0 for auto-configuration, or 1-200,000,000) The recommended r ange is: [...]

  • Página 453

    spanning-tree po rt-priori ty 51-13 51 spanning-tree port-priority This c ommand configur es the priorit y for the spec ified inter face. Us e the no form to restore t he default. Syntax spanning-tree port-priority prio rity no spanning-tree port -priority priority - The priority for a por t. (Range: 0-240, in steps of 16) Default Sett ing 128 Comm[...]

  • Página 454

    Spanning Tree Commands 51-14 51 cause fo rwardin g loops, they ca n pass d irectly throu gh to the sp anning tre e forwar ding state. Sp ecifying Edge Ports provi des quicke r converg ence for devices such as wo rkstati ons or ser vers, ret ains the current forw ardin g databas e to reduce the amo unt of fram e flooding re quired to rebuild ad dres[...]

  • Página 455

    spanning-tree l ink-type 51-15 51 Example Related Commands spanning-tr ee edg e-port ( 51-13) spanning-tree link-type This c ommand configur es the link typ e for Rapid S panning Tree and Multipl e S panning Tree. Use the no f orm to re store the de fault. Syntax spanning-tree link -type { auto | point-to-p oint | shared } no spanning-tree lin k-ty[...]

  • Página 456

    Spanning Tree Commands 51-16 51 spanning-tree mst cost This comm and conf igures the path cost on a spanning instance in the M ultiple S panning Tree. Use the no f orm to re store the de fault. Syntax spanning-tree mst instanc e_id cost cost no spanning-tree m st instance_ id cos t • instance _id - Insta nce identi fier of the spa nning tree . (R[...]

  • Página 457

    spanning-tree ms t port-priori ty 51-17 51 spanning-tree mst port-pri ority This comm and conf igures the interface prio rity on a spannin g instance in the Multiple S panning Tree. U se the no form to res tore the de fault. Syntax spanning-tree mst instanc e_id po rt-p riori ty prior ity no spanning-tree m st instance_ id port -prio rity • insta[...]

  • Página 458

    Spanning Tree Commands 51-18 51 Command Mode Privileged Exec Command Usage If at any time the sw itch detects STP BPD Us, including Configurat ion or T opology Change Noti fication BPDUs, it will automatica lly set the s elected interface t o forced STP- compatible mode . Howev er , yo u can also use t he spanning-tree protocol-mig ration com mand [...]

  • Página 459

    show spanning -tree 51-19 51 • For a descr iption of th e items disp layed und er “Spannin g-tree info rmation, ” see “Conf igur ing Globa l Set tin gs” on pag e 22-6. For a desc ript io n of the ite ms displaye d for spec ific interfaces , see “Displ aying Inter face Set tings” on page 22-1 0. Example Console#show spanning-tree Spann[...]

  • Página 460

    Spanning Tree Commands 51-20 51 show spanning-tree mst configuration This c ommand shows the c onfiguratio n of t he mul tiple spanni ng tree. Command Mode Privileged Exec Example Console#show spanning-tree mst configurat ion Mstp Configuration Information ----------------------------------------- --------------------- Configuration name: R&D R[...]

  • Página 461

    52-1 Chapter 52: VLAN Commands A VLAN is a gro up of ports that ca n be located anywhere in th e network , but comm unicate as tho ugh they be long to the s ame phys ical segm ent. This se ction describes comma nds used t o create VLAN gr oups, add port members, specify ho w VLAN taggi ng is u sed, a nd enab le autom atic VL AN regist ration f or t[...]

  • Página 462

    VLAN Commands 52-2 52 bridge-ext gvrp This command enables GVRP g lobally for th e switch. Use the no form to disable i t. Syntax [ no ] bridg e-ex t gvr p Default Sett ing Disabled Command Mode Global Co nfigurati on Command Usage GVRP d efines a way fo r switches to exchang e VLAN informat ion in orde r to register VLAN m embers on ports ac ross [...]

  • Página 463

    GVRP and Bridge Extens ion Commands 52-3 52 switchport gvrp This comm and enable s GVRP for a port. Use th e no form to disabl e it. Syntax [ no ] s witchport gvrp Default Sett ing Disabled Command Mode Interface C onfigur ation (Ether net, Port Ch annel) Example show gvrp configurati on This c ommand shows if G VRP is enabled . Syntax show g vrp c[...]

  • Página 464

    VLAN Commands 52-4 52 garp timer This comm and sets the val ues for the join, leave and l eaveall timer s. Use th e no form to r estore the time rs’ defaul t values. Syntax garp t imer { join | leave | leaveall } t imer_ valu e no garp timer { join | le ave | leavea ll } •{ join | leave | leavea ll } - Which timer to set. • time r_value - Val[...]

  • Página 465

    Editing VLAN Groups 52-5 52 show garp timer This c ommand shows the G ARP timers for the selected interf ace. Syntax sh ow garp time r [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Port num ber. (Rang e: 1-24/48 ) • port-chann el cha nnel-id (Rang e: 1-24) Default Sett ing Shows all GARP time[...]

  • Página 466

    VLAN Commands 52-6 52 Command Usage • Use the VLAN databa se com mand mo de to add, chan ge, an d delete VLANs . After finishi ng config uration ch anges, yo u can displa y the VLAN set tings by entering the sh ow vlan command. •U s e t h e interf ace vl an c ommand mode to define th e port members hip mode and add or r emove ports f rom a VLAN[...]

  • Página 467

    Configuring VLAN Inte rfaces 52-7 52 Example The follow ing exam ple adds a VL AN, using VL AN ID 105 an d name R D5. The VLA N is activa ted by default . Related Commands show vlan (52-17) Configuring VLAN Interfac es interfac e vlan This comm and enters interface co nfiguration m ode for VLANs , which is use d to configur e VLAN parame ters for a[...]

  • Página 468

    VLAN Commands 52-8 52 Example The follow ing exampl e shows how to set the inter face con figuratio n mode to VLAN 1, and t hen assign an IP addres s to the VLAN: Related Commands shutdown (4 5-6) switchport mode This comm and conf igures the VLAN member ship mode for a port. Use th e no form to restor e the default. Syntax switchport mode { hybr i[...]

  • Página 469

    Configuring VLAN Inte rfaces 52-9 52 switchport acceptabl e-frame-types This co mmand co nfigures the acc eptable fram e types f or a por t. Use the no fo rm to restore t he default. Syntax switchpo rt acceptable-fra me-types { all | ta g g ed } no switchp ort acceptable-fr ame-types • all - The por t accepts all frames, tag ged or untagg ed. •[...]

  • Página 470

    VLAN Commands 52-10 52 • If ingress filtering i s enabled a nd a po rt receives frames tag ged for VLANs for whi ch i t is not a memb er, these fr ames wil l be disc arde d. • Ingress filt ering does no t affect VLAN inde penden t BPDU frame s, such as GVRP or STA. How ever, they do affect VLAN dep endent B PDU frames , such as GMR P. Example T[...]

  • Página 471

    Configuring VLAN Inte rfaces 52-11 52 switchport allowed vlan This c ommand configur es VLAN grou ps on the select ed interf ace. Us e the no form to restor e the default. Syntax switchpo rt allow ed vlan { add vlan-list [ t a gged | untagged ] | remo ve vlan -li st } no switchp ort allow ed vlan • add vlan-l ist - Lis t of VLA N ide nti fier s t[...]

  • Página 472

    VLAN Commands 52-12 52 switchport for bidden vlan This c ommand configur es forbidd en VLAN s. Us e the no form to re move the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan-li st | remo ve vlan-list } no switchp ort forbid den vlan • add vlan-l ist - Lis t of VLA N ide nti fier s to add . • remo ve vlan-l ist - Li st of [...]

  • Página 473

    Configuring IEEE 802.1 Q T unneling 52-13 52 Configuring IEEE 802.1Q Tunneling IEEE 802.1Q tunneling ( QinQ tunne ling) uses a sing le Service Prov ider VLAN (SPV LAN) fo r cust ome rs wh o ha ve mu lti ple VLAN s. Cus tom er VL AN I Ds ar e pre ser ved an d tr af fic fro m dif f erent cust omer s is segr egat ed wi thi n th e se rvic e provider ?[...]

  • Página 474

    VLAN Commands 52-14 52 dot1q-tunne l system-tunn el-control This com ma nd s ets th e sw itc h to ope rate in Q inQ mod e. U se t he no form to disab le QinQ op erating mod e. Syntax [no] dot1q-tun nel system-tunn el-control Default Sett ing Disabled Command Mode Global Co nfigurati on Command Usage QinQ tunn el mode mus t be enabled on the swit ch[...]

  • Página 475

    Configuring IEEE 802.1 Q T unneling 52-15 52 Example Related Commands show dot1 q-tunne l (52- 16) show int erfaces swi tchport (45- 10) switchpo rt dot1q-tunnel tp id This comm and se ts the T ag Pr otocol Iden tifier (TP ID) value of a tunnel port. Us e the no form to restore the default setting. Syntax switchport dot1q-tu nnel tpid tpid no switc[...]

  • Página 476

    VLAN Commands 52-16 52 show dot 1q-tunnel Thi s comma nd dis play s inf ormat ion ab out Q inQ tu nnel port s. Command Mode Privileged Exec Example Related Commands switch port dot 1q-tunnel mode (52-14) Displaying VLAN Informa tion Thi s sect ion de scri bes command s used t o disp lay VL AN inf orma tion . Console (conf ig)#dot 1q-tunn el s ystem[...]

  • Página 477

    Displaying VLAN Informati on 52-17 52 show vlan This c ommand shows VLAN i nformation. Syntax show v lan [ id vl an-id | name vlan-n ame ] • id - Key word to be follow ed by the VLAN ID. vlan-i d - ID of the co nfigured VL AN. (Range : 1-4093, no leading zer oes) • name - Keyw ord to be followe d by the VLAN name. vlan-n ame - ASCI I s tri ng f[...]

  • Página 478

    VLAN Commands 52-18 52[...]

  • Página 479

    53-1 Chapter 53: Private VLAN Commands Private VLA Ns provid e port-bas ed security an d isolation between por ts within the assigne d VLAN . This section describes comm ands u sed to configu re private VlAN s. pvlan This comm and enab les or config ures a priva te VLAN. Us e the no form t o dis able the private VLAN . Syntax pvlan [ up-link interf[...]

  • Página 480

    Private VLAN Commands 53-2 53 show pvlan This comm and displ ays the config ured private VL AN. Command Mode Privileged Exec Example Console#show pvlan Private VLAN status: Enabled Up-link port: Ethernet 1/12 Down-link port: Ethernet 1/5 Ethernet 1/6 Ethernet 1/7 Ethernet 1/8 Console#[...]

  • Página 481

    54-1 Chapter 54: Protocol-b ased VLAN Commands The net work dev ices requ ired to support multiple p rotoco ls cannot be easil y group ed into a common VLAN. This may require non-standard devices to pass traf fic between d ifferent VLANs in order to enco mpass all the dev ices participating in a specific protocol. Th is kind of conf iguration de pr[...]

  • Página 482

    Protocol-based VLAN C ommands 54-2 54 • protocol - Protocol typ e. The only op tion for the llc_oth er frame type is ipx_raw . The option s for all other fra mes types i nclude: ip, ipv6, arp, rarp, and user-de fined (0801- FFFF hexade cimal). Default Sett ing No protoc ol groups are con figured. Command Mode Global Co nfigurati on Example The fo[...]

  • Página 483

    show protocol -vlan protoc ol-group 54-3 54 - If the f rame is untag ged and th e protocol type matches, the frame is forwarded to the approp riate VLAN . - If the f rame is unta gged but the protoco l type does not match, the f rame is forwarded to the default VLAN for this interfac e. Example The follow ing exampl e maps the traffic ente ring Por[...]

  • Página 484

    Protocol-based VLAN C ommands 54-4 54 show interfaces protoco l-vlan protocol-grou p This comm and show s the mapp ing from proto col groups to VLA Ns for the selected int erfa ce s. Syntax show interface s protocol-vlan protoco l-group [ interf ace ] interfa ce • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Por t nu mb[...]

  • Página 485

    55-1 Chapter 55: Class of Service Commands The comm ands des cribed in thi s section all ow you to sp ecify which data packets have grea ter preced ence whe n traffic is buffered in the sw itch due to con gestion. This switch suppor ts CoS with e ight priority qu eues for each port. Da ta p ackets in a port’s high-pr iority queu e will be transm [...]

  • Página 486

    Class of Serv ice Commands 55-2 55 queue mode This comm and sets the que ue mode t o strict prior ity or Weighted Roun d-Rob in (WR R) for the clas s of servi ce ( CoS) prio rit y queu es. U se t he no form to r esto re the default va lue. Syntax queue mod e { stri ct | wrr } no queue mode • strict - Se rvices the egress que ues in sequen tial or[...]

  • Página 487

    Priority Co mmands (Layer 2) 55-3 55 switchport pri ority default This comm and sets a prio rity for incomi ng untagged frames. Use th e no form to restore t he default val ue. Syntax switchport priority default de fault-prior ity-id no switchport priority default default-priority-id - The pri ority number for untagged i ngress traffic. The priorit[...]

  • Página 488

    Class of Serv ice Commands 55-4 55 queue bandwidth Thi s com mand a ssig ns we ight ed r ound -ro bin ( WRR) w eig ht s to the eigh t cla ss o f service (Co S) priori ty queues. Use the no form to restore th e default weig hts. Syntax queue bandwidth weight1...weight4 no queue bandwidth weight1...weight4 - The ratio of weights for queues 0 - 7 dete[...]

  • Página 489

    Priority Co mmands (Layer 2) 55-5 55 Default Sett ing This switc h supports Class of Service by using eight priority que ues, with Weighted Ro und Robin queuing for each port. Eight se parate traffic classes are defi ned in IEEE 802.1p. T he defau lt priority levels a re assign ed accor ding to recomm endatio ns in the IEEE 80 2.1p standard as sh o[...]

  • Página 490

    Class of Serv ice Commands 55-6 55 show queue bandwidth This command dis plays the weighted r ound-robin (WRR) bandwid th allocati on for the eight p riority queues . Default Sett ing None Command Mode Privileged Exec Example show queue cos-map This co mmand sho ws the cl ass of se rvic e prio rity map . Syntax show q ueue cos-map [ interfac e ] in[...]

  • Página 491

    Priority Command s (Layer 3 and 4) 55-7 55 Priority Commands (Laye r 3 and 4) This secti on describ es comman ds used to configure L ayer 3 and La yer 4 traffic priority on the switch. map ip port (Global Confi guration) This co mmand en ables IP p ort mapp ing (i.e. , class o f service m apping f or TCP/UDP socke ts). Use th e no form to disa ble [...]

  • Página 492

    Class of Serv ice Commands 55-8 55 map ip port (Interface Configu ration) This command set s IP port p riority (i.e., TCP/UDP port priority ). Use the no form to remove a sp ecific setti ng. Syntax map ip port port-num ber cos cos- value no map ip port po rt-number • port -num ber - 16-bit TCP/U DP port numb er. (Range: 0-65535 ) • cos-val ue -[...]

  • Página 493

    Priority Command s (Layer 3 and 4) 55-9 55 Example The follow ing exampl e shows how to enable IP precedence mappin g globally: map ip precedence (Inter face Config uration) This co mmand se ts IP preced ence prior ity (i.e., I P T y pe of Se rvice priori ty). Use the no form to restore the default table . Syntax map ip preceden ce ip-prec edence-v[...]

  • Página 494

    Class of Serv ice Commands 55-10 55 map ip dscp (Global Configuration ) This comm and enable s IP DSCP m apping (i.e., Differentiated Serv ices Code Point mapping) . Use the no fo rm t o dis abl e IP D SCP ma ppin g. Syntax [ no ] m ap ip dscp Default Sett ing Disabled Command Mode Global Co nfigurati on Command Usage • The prece dence for priori[...]

  • Página 495

    Priority Command s (Layer 3 and 4) 55-11 55 Default Sett ing The DS CP def ault value s are de fin ed in the fol lowi ng t abl e. Not e that al l the DSCP values t hat are not s pecified a re mapp ed to CoS va lue 0. Command Mode Interface C onfigur ation (Ether net, Port Ch annel) Command Usage • The prece dence for priority map ping is IP Port,[...]

  • Página 496

    Class of Serv ice Commands 55-12 55 Default Sett ing None Command Mode Privileged Exec Example The follow ing shows t hat HTTP traffic h as been ma pped to CoS va lue 0: Related Commands map ip port ( Global Configuratio n) (55-7) map ip port (Interface Configurati on) (55-8) show map ip pr ecedence This comm and show s the IP prec edence pri ority[...]

  • Página 497

    Priority Command s (Layer 3 and 4) 55-13 55 Example Related Commands map ip prec edence (Gl obal Confi guration) (55-8) map ip prec edence (Int erface C onfiguration ) (55-9) show map ip dscp This comm and show s the IP DSC P priority m ap. Syntax show m ap ip d scp [ in terface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : [...]

  • Página 498

    Class of Serv ice Commands 55-14 55 Related Commands map ip dscp ( Global Co nfiguratio n) (55-10) map ip d scp ( Int erfa ce Co nfi gura tion ) (5 5-10 )[...]

  • Página 499

    56-1 Chapter 56: Quality of Service Commands The comm ands des cribed in this se ction are us ed to confi gure Differentia ted Services ( DiffServ) class ificatio n criteria an d service po licies. Y ou can classify traffic base d on acces s li st s, IP Prec edenc e or DSCP v alue s, or VLA Ns. Us ing a ccess li st s allows you sele ct traffic base[...]

  • Página 500

    Quality of Service Co mmands 56-2 56 Notes: 1. You can configure up to 16 rules per Class Map. Y ou can also include multiple classes in a Policy Map. 2. You should create a Class Map (page 56-2) before creating a Policy Map (page 56-4). Ot herwise, you will not be abl e t o specify a Class Map with the class command (page 56-4) after entering Poli[...]

  • Página 501

    match 56-3 56 match This c ommand defines the cr iteria u sed to classify traffic. U se the no form to del ete the matc hing cri ter ia. Syntax [ no ] match { access- list ac l-name | ip dscp dsc p | ip pre cedence ip-p rece dence | vlan vlan } • acl-nam e - Name of the access con trol list. Any type of ACL can be specifi ed, includin g standard [...]

  • Página 502

    Quality of Service Co mmands 56-4 56 policy-map This c ommand create s a poli cy map t hat c an be a ttached to multiple interfaces , and ent ers Poli cy Ma p co nfig urat io n mode. Use the no for m to delete a po licy map an d return t o Glob al con figuration mode. Syntax [ no ] policy -map pol ic y-map -name policy-map-name - Name of the policy[...]

  • Página 503

    set 56-5 56 Default Sett ing None Command Mode Policy Map Configuration Command Usage • Use th e policy-ma p comm and to sp ecify a po licy map and enter Po licy Map configur ation m ode. T hen use the class command t o enter Policy Map Class configur ation m ode. And f inally, us e the set and polic e comman ds to s pecify the m atch crit eria, [...]

  • Página 504

    Quality of Service Co mmands 56-6 56 Command Mode Policy M ap Cl ass Conf iguration Example This ex ample cr eates a policy called “rd_ policy ,” uses the class c omma nd to s pecify the pr eviously defined “r d_class ,” uses t he set comma nd to c lassify the serv ice that incom ing packets will recei ve, and the n uses the po lice command[...]

  • Página 505

    service-pol icy 56-7 56 Example This ex ample cr eates a policy called “rd_ policy ,” uses the class c omma nd to s pecify the pr eviously defined “r d_class ,” uses t he set comma nd to c lassify the serv ice that incom ing packets will recei ve, and the n uses the po lice command to li mit the average bandwidth to 100 ,000 Kbps, the bu rs[...]

  • Página 506

    Quality of Service Co mmands 56-8 56 show class-map Thi s co mmand dis play s th e Qo S cl ass maps wh ich defi ne ma tchi ng c ri teri a us ed f or classifyin g traf fic. Syntax show c lass- map [ class- map-na me ] class-map-name - Name o f t he cl ass m ap. (Ran ge: 1-16 char act ers) Default Sett ing Displays all class maps. Command Mode Privil[...]

  • Página 507

    show policy- map interface 56-9 56 Example show policy-map interfac e This c ommand displays the service policy a ssigned to t he spe cified in terface. Syntax show po licy-ma p interface interface input inte rface • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Port num ber. (Rang e: 1-24/48 ) • port-chann el cha nnel[...]

  • Página 508

    Quality of Service Co mmands 56-10 56[...]

  • Página 509

    57-1 Chapter 57: Multicast Filtering Commands This switc h uses IGMP (Int ernet Grou p Manage ment Prot ocol) to query for any attached ho sts that w ant to receive a spe cific mult icast se rvice. It identifies the po rts containing hosts reques ting a se rvice a nd sends data out to those po rts only . It then propagate s the service r equest up [...]

  • Página 510

    Multicast Filter ing Commands 57-2 57 ip igmp snoop ing vlan static This comm and adds a po rt to a multic ast group. Use the no form to remove th e port. Syntax [ no ] ip igm p snooping vlan vlan- id st atic ip-address int erface • vlan-i d - VLAN I D (Range: 1-4 093) • ip-a ddre ss - IP address fo r multicas t group • int erfa ce • ethern[...]

  • Página 511

    IGMP Snooping Com mands 57-3 57 Example The follow ing configur es the switc h to use IGMP V ersion 1: show ip igmp snooping This c ommand shows the IGM P snoo ping c onfiguration . Default Sett ing None Command Mode Privileged Exec Command Usage See “Conf iguring IGM P Snooping and Query Par ameters ” on page 2 8-2 for a descrip tion of the di[...]

  • Página 512

    Multicast Filter ing Commands 57-4 57 Example The follow ing shows t he multica st entries lear ned through IGMP snoo ping for VLAN 1: IGMP Query Commands This secti on describ es comman ds used to c onfigure L ayer 2 IGMP qu ery on the switch. ip igmp snoop ing querier This co mmand e nables the swi tch as an IGMP qu erier. Use the no form to disa[...]

  • Página 513

    IGMP Query Commands 57-5 57 ip igmp snoop ing query-count This c ommand configur es the query count. Use th e no form to res tore the defa ult. Syntax ip igmp s nooping query-count count no ip igmp snooping que ry-count count - The maximum n umber of queries issued for which there has be en no response before the switch t akes action to drop a clie[...]

  • Página 514

    Multicast Filter ing Commands 57-6 57 Example The fo llowing shows how to configu re th e query i nterval to 100 seco nds: ip igmp snoop ing query-m ax-response-time This c ommand configur es the query report delay . U se t he no form to restore th e default. Syntax ip igmp s nooping query-max -response-tim e se conds no ip igmp snooping que ry-max[...]

  • Página 515

    IGMP Query Commands 57-7 57 ip igmp snoop ing router- port-expire -time This c ommand configur es the query timeout . Use the no form to resto re the defaul t. Syntax ip igmp s nooping rou ter-port-expire-time secon ds no ip igmp snooping router-po rt-expire-time seconds - The tim e the switch waits aft er the previous querier stops before it consi[...]

  • Página 516

    Multicast Filter ing Commands 57-8 57 Static Multicast Routing C ommands ip igmp snoop ing vlan mrout er This comm and statically c onfigures a multicast ro uter port. Use the no form to remov e the configur ation. Syntax [ no ] ip igm p snooping vlan vlan- id mro uter inte rface • vlan-i d - VLAN I D (Range: 1-4 093) • int erfa ce • etherne [...]

  • Página 517

    Static Multicast Ro uting Commands 57-9 57 show ip igmp snooping mrouter This comm and di splays infor mation on s tatically co nfigured and dynami cally lear ned multicast router ports. Syntax show ip igmp snooping mrouter [ vl an vlan-id ] vlan-id - VLAN ID (Range: 1-4093) Default Sett ing Displa ys multicas t router ports for all con figured VLA[...]

  • Página 518

    Multicast Filter ing Commands 57-10 57[...]

  • Página 519

    58-1 Chapter 58: Domain Na me Service Commands Thes e comma nds ar e used t o conf igur e Domai n Nami ng Syst em (DN S) ser vice s. Y ou can m anual ly confi gure entr ies i n the DNS dom ain name to IP addr ess m appi ng table, config ure defaul t domain na mes, or spe cify one or mo re name se rvers to use for domain name to addr ess transl atio[...]

  • Página 520

    Domain Name Ser vice Commands 58-2 58 Command Usage Servers or other netw ork devices may suppo rt one or more co nnection s via multiple IP address es. If more than one IP addr ess is asso ciated with a ho st name usin g this comm and, a DN S client can try each addr ess in succes sion, until it establishes a conn ection with t he target device. E[...]

  • Página 521

    ip doma in- nam e 58-3 58 ip domain-name This comm and define s the defaul t domain name appe nded to inco mplete ho st names ( i.e., host nam es passed from a client that ar e not forma tted with dot ted notation). Use the no form to re move the cu rrent dom ain name. Syntax ip d om ain -nam e name no ip domain-na me name - Name of the host. Do no[...]

  • Página 522

    Domain Name Ser vice Commands 58-4 58 Default Sett ing None Command Mode Global Co nfigurati on Command Usage • Domain names are ad ded to the end of the list one at a time. • When an incom plete hos t name is received by the DN S servic e on thi s switch, it will w ork throu gh the domain list, appe nding each dom ain n ame in the list to the [...]

  • Página 523

    ip domain-l ookup 58-5 58 Command Usage The listed name server s are querie d in the specif ied sequence until a respons e is receive d, or the end of th e list is reached with no respon se. Example Thi s exam ple ad ds two doma in- nam e server s to the lis t and th en dis play s the l ist. Related Commands ip domain -name ( 58-3) ip d omai n-l oo[...]

  • Página 524

    Domain Name Ser vice Commands 58-6 58 Example This e xample enables DNS and then displays the configur ation. Related Commands ip domain -name ( 58-3) ip name-s erver (58- 4) show hosts This comm and disp lays the static hos t name-t o-address m apping table. Command Mode Privileged Exec Example Note that a host name will be displayed as an a lias [...]

  • Página 525

    show dns 58-7 58 show dns This comm and disp lays the con figuratio n of the DNS se rvice. Command Mode Privileged Exec Example show dns cach e This comm and disp lays entrie s in the DNS ca che. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp sa[...]

  • Página 526

    Domain Name Ser vice Commands 58-8 58 clear dns cache This comm and clea rs all entries in the DNS cac he. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG TYPE IP T TL DOMAIN Console#[...]

  • Página 527

    59-1 Chapter 59: IPv4 Interface Commands An IP addre sses ma y be used for m anagem ent access t o the switch o ver your network. An IPv4 a ddress for this s witch is obt ained via DHCP by defaul t. Y ou can manuall y configur e a specific IPv 4 address or direct the dev ice to obtain an addr ess from a BOOTP or DHCP server when it is powered on. Y[...]

  • Página 528

    IPv4 Interface Comm ands 59-2 59 numbers, 0 to 255, separa ted by peri ods. Anything out side this f ormat will not be accept ed by the co nfiguration p rogram . • If you select th e bootp or dhcp opt ion, IP is enabl ed but w ill not fun ction unt il a BOOTP or DH CP reply has been rece ived. Req uests will be b roadcast periodic ally by this de[...]

  • Página 529

    ip dhcp restart 59-3 59 • An defaul t gateway ca n only be su ccessf ully set whe n a network interface t hat directly co nnects t o the gatew ay has been configure d on the swi tch. Example The follow ing exampl e defines a d efault gatew ay for this device: Related Commands show ip red irects (59-4) ipv6 d efault-gat eway (6 0-12) ip dhcp resta[...]

  • Página 530

    IPv4 Interface Comm ands 59-4 59 show ip interface Thi s com mand d ispl ays the s ett ing s of a n IP v4 in terf ace. Command Mode Privileged Exec Example Related Commands show ip red irects (59-4) show ipv6 i nte rfac e (60- 10) show ip redirects This command shows the IPv4 default gateway configured fo r this dev ice. Default Sett ing None Comma[...]

  • Página 531

    ping 59-5 59 ping This comm and sends (IPv4) ICM P echo requ est packets to anoth er node on the network . Syntax ping host [ count count ][ size size ] • host - IP ad dre ss or IP alias of the ho st. • count - Nu mber of pack ets to send. (Range: 1-16, defau lt: 5) • size - Num ber of byte s in a packet . (Range: 32- 512, defau lt: 32) The a[...]

  • Página 532

    IPv4 Interface Comm ands 59-6 59[...]

  • Página 533

    60-1 Chapter 60: IPv6 Interface Commands An I Pv6 addr ess ca n ei ther be manual ly conf igur ed or dyna mic ally gen erat ed. Y ou may also ne ed to a establish an IPv6 defa ult gatewa y between t his device and manage ment stati ons that exist on anothe r network segme nt. Both IP V ersion 4 and V er sion 6 ad dresses can be defi ned and use d s[...]

  • Página 534

    IPv6 Interface Comm ands 60-2 60 ipv6 enable Thi s com mand e nab les I Pv6 on an inte rf ace t hat h as n ot b een co nfi gured wit h an explici t IPv6 addres s. Use the no form to di sable IPv6 on an interface that has not been conf igured w ith an explicit IPv6 addres s. Syntax [ no ] i pv6 en able Default Sett ing IPv6 is disa bled Command Mode[...]

  • Página 535

    ipv6 genera l-prefix 60-3 60 ipv6 general-prefix This co mmand de fines an IPv6 g eneral pr efix for the network addres s segme nt. Use the no for m to remo ve the IPv6 gen eral pref ix. Syntax ipv6 gener al-prefix pre fix- name ipv6 -pre fix / prefix-leng th no ipv6 general-pr efix pref ix-n ame • prefix-nam e - The label assigned t o the genera[...]

  • Página 536

    IPv6 Interface Comm ands 60-4 60 show ipv6 general-prefi x This comm and disp lays all conf igured IPv 6 general pr efixes. Command Mode Normal Exec, Priv ileged Exec Example This examp le disp lays a single I Pv6 genera l prefix conf igured fo r the switch. ipv6 address This comm and conf igures an IP v6 global un icast addr ess and ena bles IPv6 [...]

  • Página 537

    ipv6 address 60-5 60 Command Usage • The g eneral p refix n ormally a pplies t o all interfaces , and is theref ore sp ecified at the glob al configur ation level . The subse quent netwo rk prefix bits normall y appl y t o one or m ore s peci fic int erf aces, and are ther efor e sp ecif ied b y th is comm and at the inter face config uration l e[...]

  • Página 538

    IPv6 Interface Comm ands 60-6 60 ipv6 address autoconfig This comm and enabl es stateless au toconf iguration of IP v6 addres ses on an interface an d enable s IPv6 on th e interface. The network po rtion of the a ddress is based on prefixe s recei ved in IP v6 rout er adve rtisement mess ages; the host po rtion in based o n the modified EU I-64 fo[...]

  • Página 539

    ipv6 address eui- 64 60-7 60 Related Commands ipv6 a ddress (60-4) show ipv 6 in terf ace ( 60- 10) ipv6 address eui-64 This comm and conf igures an IP v6 addres s for an interfac e using an EUI-64 interface I D in the low ord er 64 bits and enabl es IPv6 on the interface. Use the no for m wit hout an y ar gument s to r emove al l man uall y co nfi[...]

  • Página 540

    IPv6 Interface Comm ands 60-8 60 universal /local bit in the address an d inserting t he hexade cimal numb er FFFE between the upper a nd lower thr ee bytes of the of the MAC ad dress. For exam ple, if a device had an EUI-4 8 address of 28 -9F-18-1C -82-35, th e global/lo cal bit m ust fi rst be inverted to mee t EUI-64 requi rements (i.e., 1 for g[...]

  • Página 541

    ipv6 address l ink-local 60-9 60 ipv6 address link-loca l This comm and conf igures an IP v6 link-loc al address f or an interfa ce and enable s IPv 6 on t he i nte rfac e. Us e th e no form with out any argument s to re move all manuall y configur ed IPv6 add resses fro m the interfac e. Use the no form with a specifi c address to remo ve it from [...]

  • Página 542

    IPv6 Interface Comm ands 60-10 60 Related Commands ipv6 e nable (60-2) show ipv6 i nte rfac e (60- 10) show ipv6 interf ace This comm and disp lays the usa bility and co nfigured settings for IPv6 interfa ces. Syntax show i pv6 in terfac e [ brie f [ vlan vlan-id [ ipv6-prefix / prefix-lengt h ]]] • brief - Displays a brief sum mary of IPv6 op er[...]

  • Página 543

    show ipv6 inter face 60-11 60 This examp le displa ys a brief summ ary of IPv 6 address es configur ed on the s witch. Related Commands show ip in terface (59- 4) IPv6 IP v6 is m arked “en able” if the switch ca n send and rece ive IP traffic o n this interface , “disab le” if the switc h cannot se nd and rece ive IP traffic on th is interf[...]

  • Página 544

    IPv6 Interface Comm ands 60-12 60 ipv6 default-gateway This comm and sets a n IPv6 defa ult gatewa y to use wh en the m anagem ent station in located on a different netwo rk segment . Use t he no for m to rem ove a pr evio usly configur ed default gateway . Syntax ipv6 default-ga teway ipv 6-add ress no ipv6 addres s ipv6-address - The IPv6 address[...]

  • Página 545

    ipv6 m tu 60-13 60 Example The follow ing shows t he default gat eway co nfigured fo r this device: Related Commands show ip red irects (59-4) ipv6 mtu This comm and sets the si ze of the ma ximum tran smissio n unit (MTU ) for IPv6 packets sent on an i nterface . Use the no form to restore the default settin g. Syntax ipv 6 m tu size no ipv6 mtu s[...]

  • Página 546

    IPv6 Interface Comm ands 60-14 60 show ipv6 mtu This comma nd displays the maximu m transmissio n unit (MTU) cache for destinat ions that have returne d an ICMP pack et-too-bi g messag e along with an accept able MTU to this switc h. Command Mode Normal Exec, Priv ileged Exec Example The follow ing exampl e shows th e MTU cache for this dev ice: sh[...]

  • Página 547

    show ipv6 traffic 60-15 60 Example The follow ing exampl e shows statis tics for all IPv6 un icast and m ulticast tra ffic, as well as ICMP , UDP and TCP statisti cs: Console#show ipv6 traffic IPv6 Statistics: Ipv6 rcvd rcvd total 1432 source routed 0 truncated 0 format errors 0 hop count exceeded 0 unknown protocol 0 not a router 0 fragments 0 tot[...]

  • Página 548

    IPv6 Interface Comm ands 60-16 60 router solicit 0 router advert 0 redirects 0 neighbor solicit 0 neighbor advert 0 Ipv6 icmp output sent output 6 unreach routing 0 unreach admin 0 unreach neighbor 0 unreach address 0 unreach port 1 parameter error 0 parameter header 0 parameter option 0 hopcount expired 0 Reassembly timeout 0 too big 0 echo reques[...]

  • Página 549

    show ipv6 traffic 60-17 60 hop count ex ceede d N umber of pack ets disc arded becau se its time-to- live (TTL ) field was decr emented to zero. unknown protoc ol The num ber of loc ally-add ressed da tagrams r eceived successf ully but dis carded because of an unknown o r unsupp orted p rotocol. Th is counter is incre mented a t the inter face to [...]

  • Página 550

    IPv6 Interface Comm ands 60-18 60 Ipv6 mcas t mcast receive d T he number of multica st packets received by the interfa ce. mcast sen t The num ber of mu lticast p ackets tra nsmitted b y the inte rface. ICMP Statist ics Ipv6 icmp input input The tota l number of ICMP mes sages receive d by the interface whi ch include s all those co unted by ipv6I[...]

  • Página 551

    show ipv6 traffic 60-19 60 router sol icit The n umber of ICMP Rou ter Soli cit messag es receive d by the i nterfac e. router adv ert The n umber of ICMP Rou ter Advert isemen t message s received by the in terface . redirects The num ber of Re direct m essages r eceived. neighbor solicit The num ber of ICMP Neig hbor Solic itation me ssages recei[...]

  • Página 552

    IPv6 Interface Comm ands 60-20 60 clear ipv6 traffic This command resets IPv6 traf fic counters. Command Mode Privileged Exec Command Usage This comm and rese ts all of the counter s displaye d by the show ip tr affic comm and. Example UDP Stat istics input The t otal numb er of UDP datagr ams delive red to UD P users . checksum errors The t otal n[...]

  • Página 553

    ping ipv6 60-21 60 ping ipv6 This comm and sends ICMP echo request packets to an IPv6 no de on the netwo rk. ping ipv6 addres s { ipv6-add ress | host-n ame } [ size dat agram -si ze | repe at repe at-count | dat a hex-data-patter n | source so urce-ad dress | time out second s | verbose ] • ipv6-a ddress - The I Pv6 addres s of the devi ce to pi[...]

  • Página 554

    IPv6 Interface Comm ands 60-22 60 Example Related Commands ping (59 -5) ipv6 neighbor This c ommand config ures a s tatic ent ry in the IPv6 neighb or dis covery ca che. U se the no form to remove a static entry from t he cache. Syntax ipv6 neighbo r ipv6-addr ess vlan vlan- id ha rdwar e-ad dre ss no ipv6 mtu • ipv6-a ddress - Th e IPv6 ad dress[...]

  • Página 555

    ipv6 nd dad attempts 60-23 60 • If the spec ified entry wa s dynamic ally learned through the IPv6 neighb or discov ery process , and alread y exists in the neighbor di scovery cache, it is convert ed to a static en try. S tatic entri es in the IPv6 n eighbor discover y cache are not modified if subseq uently de tected by the nei ghbor disc overy[...]

  • Página 556

    IPv6 Interface Comm ands 60-24 60 in a “pendin g” state. D uplicate addr ess dete ction is auto matically re started when the interf ace is adminis tratively re- activated. • An int erfa ce t hat is re -ac tivat ed r esta rt s dupl icat e add res s det ect ion for a ll unicast I Pv6 addr esses on the inter face. Wh ile dupl icate addres s det[...]

  • Página 557

    ipv6 nd ns i nterval 60-25 60 ipv6 nd ns interval This c ommand configur es the interv al betwee n tr an sm itt ing IPv6 neigh bor solicitation m essages on an interfac e. Use the no form to re store the de fault value. Syntax ipv6 nd ns-in terval milliseconds no ip v6 nd ns -i nter val milliseconds - The interval between transmitting IPv6 neighbor[...]

  • Página 558

    IPv6 Interface Comm ands 60-26 60 show ipv6 neighbors This c ommand displ ays info rmation i n the IPv6 neighbor discov ery ca che. Syntax show ipv 6 neighbors [ vlan vlan -id | ipv6-add ress ] • vlan-i d - VLAN I D (Range: 1-4 093) • ipv6-a ddress - The I Pv6 addres s of a neighbo r device. Yo u can speci fy either a lin k-local or globa l uni[...]

  • Página 559

    clear ipv 6 neighbors 60-27 60 Related Commands show mac -addres s-table (50-3) clear ipv6 neighbors This comm and dele tes all dynam ic entries i n the IPv6 nei ghbor disc overy cac he. Command Mode Privileged Exec Example The follow ing delete s all dynami c entries in the I Pv6 neigh bor cache : State T he followin g states a re used fo r dynam [...]

  • Página 560

    IPv6 Interface Comm ands 60-28 60[...]

  • Página 561

    61-1 Chapter 61: Switch Cluster Commands Switch Clustering is a method of grou ping s witches togeth er to en able c entralized manage ment thro ugh a single unit. A switch cluster has a “Co mmand er” unit that is used to manag e all other “Membe r” switc hes in th e cluster . The m anagem ent station uses T el net to commu nicate directly [...]

  • Página 562

    Switch Clus ter Commands 61-2 61 • Configured switch clusters are maint ained across power resets and network changes. Example cluster commander This comm and enabl es the swit ch as a cluste r Command er . Use the no form to disable t he switch as cl uster Co mmander. Syntax [ no ] cl uster co mmander Default Sett ing Disabled Command Mode Globa[...]

  • Página 563

    cluster member 61-3 61 Command Mode Global Co nfigurati on Command Usage • An “intern al” IP addr ess pool is used t o assign IP addresses to Member switch es in the clust er. Internal cluster IP ad dresses a re in the form 10. x.x. member-I D . Only the base IP addres s of the poo l needs to be se t since Memb er IDs can only be between 1 an[...]

  • Página 564

    Switch Clus ter Commands 61-4 61 rcommand This comm and prov ides access to a cluster Member CLI for configur ation. Syntax rcommand id < member- id > membe r-id - The ID number of the Member switch. (Range: 1-36) Command Mode Privileged Exec Command Usage • This comm and only operates t hrough a Teln et connec tion to the Com mande r switc[...]

  • Página 565

    show cluster memb ers 61-5 61 show cluster members This c ommand shows the c urrent switch cluster m ember s. Command Mode Privileged Exec Example show cluster candidate s This c ommand shows the d iscove red Cand idate s witches in the networ k. Command Mode Privileged Exec Example Console#show cluster members Cluster Members: ID: 1 Role: Active m[...]

  • Página 566

    Switch Clus ter Commands 61-6 61[...]

  • Página 567

    Section IV:App endices This section provid es additional informat ion on the following topics. Software Spe cifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troubles hooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1 Glossa ry Index[...]

  • Página 568

    Appendices[...]

  • Página 569

    A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS +, Port (802.1X), HTTPS, S SH, Port Security Acce ss Co ntrol List s 32 ACLs (96 M AC rules , 96 IP rules, 96 IPv 6 rules) DHCP Client BOOTP Client DNS Proxy Port Co nfiguration 1000BASE- T : 10/100 Mbps at half/full duplex, 1000 Mbps at full du plex 100[...]

  • Página 570

    Software Specifi cations A-2 A Multicast Filt ering IGMP S nooping Switch Clusterin g 36 gr oup s Addi tio nal Feat ures CIDR (Classless In ter-Domain Routing) SNTP (Simpl e Network Time Protocol) SNMP (Si mple Netwo rk Managem ent Proto col) RMON (R emote Mon itoring, gr oups 1,2,3,9) SMTP Ema il Alerts Management Features In-Band Mana gement T el[...]

  • Página 571

    Management Infor mation Bases A-3 A IGMPv2 (RFC 2236) IPv4 IGMP (RFC 3228) RADIUS+ (RFC 2 618) RMON (R FC 2819 grou ps 1,2,3,9) SNMP (RFC 1 157) SNMPv2 c (RFC 2571) SNMP v3 ( RFC DR AFT 3414, 3410 , 22 73, 341 1, 341 5) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 13 50) Management Information Bases Bridge MIB (R FC 1493) DNS Resolver MIB (RFC 1612[...]

  • Página 572

    Software Specifi cations A-4 A T ACACS+ Authentication Client MIB TCP MIB (RFC 2012) T rap (R FC 1215 ) UDP MIB ( RFC 2013)[...]

  • Página 573

    B-1 Appe ndix B: Trou blesho oting Problems Accessing th e Management Inte rface T able B -1 T r ouble shoot ing Cha rt Sympt om A ctio n Cannot co nnect using T elne t, web brow ser, or SNMP software • Be sure the s witch i s powered up. • Check netwo rk cabl ing betwee n the man ageme nt station and the s witch. • Check that you ha ve a val[...]

  • Página 574

    T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer to the I nstallati on Guide to ensure that th e problem you encount ered is act ually cause d by the switc h. If the prob lem appear s to be caused by th e swit ch, fol lo w these st ep s: 1. Enable logg ing. 2. Set the erro r messages reported t o include all categories. 3. D[...]

  • Página 575

    Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it net work traf f ic and re stri ct ac cess to ce rt ai n users or devi ces by checkin g each packet for certain IP or MA C (i.e., La yer 2) informa tion. Boot Protocol (BOOTP) BOOTP is use d to provid e bootup inf ormation f or network de vices, including IP address information , the [...]

  • Página 576

    Glossary Glossar y-2 Extended U niversal Id entifier (EUI) An addres s format u sed by IPv6 to identify the host portion of th e network address . The i nte rfac e iden tif ier in EUI co mp ati ble ad dres ses i s base d on th e lin k-la yer ( MAC) address of an interfac e. Interfac e identifier s used in glob al unicast and other IPv6 address type[...]

  • Página 577

    Glos sary -3 Glossary IEEE 802.1Q VLAN T agging—Defines Ethernet f rame tags wh ich carry VLAN informa tion. It allows switches to a ssign endstati ons to different virt ual LANs, an d define s a standard wa y for VLANs t o comm unicate ac ross sw itched net works. IEEE 802.1p An IEEE standard for providing qu ality of service (QoS) in Eth ernet [...]

  • Página 578

    Glossary Glossar y-4 IP Multicast Filtering A process whereby th is switch ca n pass multica st traffic along to partic ipating hosts. IP Precedence The T ype of Servi ce (T oS) oct et in t he IPv4 head er incl ude s three prec edenc e bit s defining eight different prior ity leve ls ranging from highes t priority for ne twork con trol packets to l[...]

  • Página 579

    Glos sary -5 Glossary Port Authentica tion See IEEE 802.1X. Port Mirroring A method w hereby da ta on a target port is mirrore d to a monitor port for troubles hooting w ith a lo gic ana lyzer or R MON probe. This allows data on the target port to be st udied unobstruc tively . Port Trunk Defines a network link aggregat ion and trunki ng method whi[...]

  • Página 580

    Glossary Glossar y-6 Secure Shell (SSH) A secure r eplaceme nt for remote ac cess func tions, includ ing T elnet . SSH can authenti cate use rs with a crypto graphic key , and encr ypt data connec tions betw een manage ment clients and the switc h. Simple Ma il Transfer Protocol (SMTP) A standard host -to-host m ail transpor t protoco l that operat[...]

  • Página 581

    Glos sary -7 Glossary User Datagram Protocol (UDP) UDP provi des a da tagram m ode for pack et-switc hed comm unicati ons. It use s IP as the under lying trans port mech anism to prov ide access t o IP-like ser vices. UD P packets are delive red just like IP packets – conn ection-les s datagrams t hat may be discarded before reac hing their targe[...]

  • Página 582

    Glossary Glossar y-8[...]

  • Página 583

    Index-1 Numerics 802.1Q tu nnel 23-12 , 52-13 desc rip tion 23 -12 interface c onfigurat ion 23-17, 52-14–5 2-15 mode sel ecti on 2 3-17 TPID 23-17, 52-15 802.1X, po rt authenti cation 14-1, 43-1 A accepta ble frame ty pe 23-10, 52 -9 Acce ss Co ntrol List See ACL ACL Ext ended IP (IPv 4) 15- 1, 15-3 , 44-1 , 44-3 IPv6 Extend ed 15- 2, 15-8, 44-7[...]

  • Página 584

    Index-2 Index E edge port , STA 22-12, 22-14, 51-1 3 event logg ing 37-1 F firmware displ aying versio n 4-3, 34-8 upgrading 6-2, 3 5-2 G GARP VLAN Registration Protoc ol See GVRP gateway, IPv4 default 5-1, 59-2 gateway, IPv6 default 5-5, 60-12 general net work pre fix, IPv6 60-3 GVRP global s etting 23-4 , 52-2 interface co nfigurat ion 23-10 , 52[...]

  • Página 585

    Index-3 Index TACACS+ s erver 12-2 , 41-9 logon auth entication , sequenc e 1 2-3, 41-3, 41 -4 M main menu 3-4 Management Info rmation Base s (MIB s) A -3 mirror p ort, co nfigurin g 1 9-1, 48- 1 MSTP 51-2 global s ettings 2 2-15, 51 -1 interface s ettings 22-1 3, 51-1 MTU for IPv6 5-5, 60-13 multicast filtering 28-1 , 30-1, 5 7-1 multicast groups [...]

  • Página 586

    Index-4 Index path cost met ho d 2 2-8 , 51- 6 port pri orit y 22-1 2, 51- 13 protocol migrati on 22-14, 51-17 tra nsmi ssi on li mit 22- 8, 51- 7 standards , IEEE A-2 startup f iles creating 6-5, 35- 2 displayi ng 6-2, 3 4-3 sett ing 6-2, 3 5-7 static ad dresses , setting 21-1, 50-1 statistic s port 16-6 , 45-9 STP 22- 6, 51-2 STP Also see STA swi[...]

  • Página 587

    [...]

  • Página 588

    ES452 4D ES454 8D E11200 6-CS-R01 1491000 30400 A[...]