Ir para a página of
Bom manual de uso
As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto SMC Networks SMC6752AL2. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoSMC Networks SMC6752AL2 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.
O que é a instrução?
A palavra vem do latim "Instructio" ou instruir. Portanto, no manual SMC Networks SMC6752AL2 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.
Infelizmente, pequenos usuários tomam o tempo para ler o manual SMC Networks SMC6752AL2, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.
Então, o que deve conter o manual perfeito?
Primeiro, o manual SMC Networks SMC6752AL2 deve conte:
- dados técnicos do dispositivo SMC Networks SMC6752AL2
- nome do fabricante e ano de fabricação do dispositivo SMC Networks SMC6752AL2
- instruções de utilização, regulação e manutenção do dispositivo SMC Networks SMC6752AL2
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes
Por que você não ler manuais?
Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque SMC Networks SMC6752AL2 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos SMC Networks SMC6752AL2 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço SMC Networks na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas SMC Networks SMC6752AL2, como para a versão papel.
Por que ler manuais?
Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo SMC Networks SMC6752AL2, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.
Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual SMC Networks SMC6752AL2. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação
Índice do manual
-
Página 1
T igerSwitch 10/100 48-P ort 10/100Mbps F ast Ether net Managed Switch ◆ 48 auto-MDI/MDI-X 10B ASE-T/100B ASE-TX ports ◆ 2 Gigabit RJ-45 ports shared with 2 SFP transcei ver slots ◆ 2 Gigabit RJ-45 ports ◆ 17.8 Gbps of aggreg ate bandwidth ◆ Non-blocking switching architecture ◆ Spanning T ree Protocol and Rapid STP ◆ Up to four LA CP[...]
-
Página 2
[...]
-
Página 3
38 T esla Irvine, CA 92618 Phone: (949) 679-80 00 T igerSwitch 10/100 Management Guide From SMC’ s Tiger line of feature-rich workgroup LAN solutions November 2004 Pub. # 14910000 5200H[...]
-
Página 4
Infor mation fur nished by SMC Netw orks, Inc . (SMC) is believed to be accu- rate and reliable . Howe ver, no resp onsib il ity is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use . No license is g ranted by implication or otherwise under any patent or patent rights of [...]
-
Página 5
i L IMITED W ARRANTY Limited W arranty Statement: SMC Netw orks, Inc . (“SMC”) warr ants its products to be fr ee from defects in workmanship an d materials , under nor mal use an d ser vice, for the appl icable warranty ter m. All SMC products car r y a standard 90-day limited warranty from the date of purchase from SMC or its Authoriz ed R es[...]
-
Página 6
L IMITED W AR RANTY ii WARRANTIES EX CLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS W ARRANTED ABO VE, CUSTOMER’S SOLE REMED Y SH ALL BE REP AIR OR REPLA CEMENT OF THE PRODUCT IN QUESTION , AT SMC’S OPTION . THE FOREGOING W ARRANTIES AND REMEDIES ARE EXCL U SIVE AND ARE IN LIEU OF ALL OTHER W ARRANTIES OR CONDITIONS, EXPRESS OR IMPLIE D , EITHE[...]
-
Página 7
iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Feature s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Description of Software Fea tures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 System Defaults . . . . . . . . . . . .[...]
-
Página 8
C ONTENTS iv Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 19 Managing Firm ware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Downloading System Softwa re from a Server . . . . . . . . . . 3-22 Saving or Restoring C onfiguration Settings . . . . . . . . . . . . . . . 3-24 Downloading Configura[...]
-
Página 9
C ONTENTS v Configuring a Stan dard IP ACL . . . . . . . . . . . . . . . . . . . . . 3 -80 Configuring an Extend ed IP ACL . . . . . . . . . . . . . . . . . . . 3-82 Configuring a M AC ACL . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84 Binding a Port to an Access Cont rol List . . . . . . . . . . . . . . . . . 3 -86 Port Configurat ion . [...]
-
Página 10
C ONTENTS vi Configuring VLAN Behavior fo r Interfaces . . . . . . . . . . 3-156 Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159 Displaying Current P rivate VLANs . . . . . . . . . . . . . . . . . 3-160 Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . 3-162 Associating VLANs . . . .[...]
-
Página 11
C ONTENTS vii Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Partial Keyword Looku p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 Negating the Effec t of Commands . . . . . . . . . . . . . . . . . . .[...]
-
Página 12
C ONTENTS viii User Access Comman ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35 enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 IP Filter Comma nds . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 13
C ONTENTS ix logging sendmail le vel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-70 logging sendmail destina tion-email . . . . . . . . . . . . . . . . . . 4-70 logging sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 show l[...]
-
Página 14
C ONTENTS x show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101 TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 tacacs-se rver host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 tacacs-se rver port . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 15
C ONTENTS xi show map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . 4-134 ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135 show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135 show access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]
-
Página 16
C ONTENTS xii lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171 show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-172 Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-177 mac-address-table static . . . . . . . . .[...]
-
Página 17
C ONTENTS xiii Displaying VLAN Informat ion . . . . . . . . . . . . . . . . . . . . . . . . 4-207 show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-207 Configuring Priva te VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-208 private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 18
C ONTENTS xiv Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-236 IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-236 ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237 ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . 4-[...]
-
Página 19
xv T ABLES Table 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System De faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Table 3-2 Main Menu . . . . . . . . . . . . . . . [...]
-
Página 20
T ABLES xvi Table 4-21 SMTP Alert Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 Table 4-22 Time Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 Table 4-23 System Sta tus Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-78 Table 4-24 Frame Size Comm ands . . . . . . . . . . . . . . . . . . . [...]
-
Página 21
T ABLES xvii Table 4-58 Priority Comm ands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-221 Table 4-59 Default CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . 4-225 Table 4-60 Priority Command s (Layer 3 and 4) . . . . . . . . . . . . . . . 4-228 Table 4-61 Mapping IP Precede nce Values . . . . . . . . . . . . . . . . . . . 4[...]
-
Página 22
T ABLES xviii[...]
-
Página 23
F IGUR ES xix F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 3-3 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Figure 3-4 Switch Information . . . . [...]
-
Página 24
F IGUR ES xx Figure 3-37 ACL Configuration - Extend ed IP . . . . . . . . . . . . . . . . . 3-83 Figure 3-38 ACL Configuration - MAC . . . . . . . . . . . . . . . . . . . . . . . 3- 85 Figure 3-39 Binding a Port to an ACL . . . . . . . . . . . . . . . . . . . . . . . . 3 -86 Figure 3-40 Displaying Port/Trunk Information . . . . . . . . . . . . . . [...]
-
Página 25
F IGUR ES xxi Figure 3-74 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 172 Figure 3-75 Configuring Queue Sche duling . . . . . . . . . . . . . . . . . . . 3-173 Figure 3-76 IP Precedence/DSCP Priority St atus . . . . . . . . . . . . . . 3-175 Figure 3-77 Mapping IP Precedence P riority Values . . . . . . . . . . .[...]
-
Página 26
F IGUR ES xxii[...]
-
Página 27
1-1 C HAPTER 1 I NTRODUCTION This switch provides a broad range of featu res for Layer 2 switching. It includes a management agent that allows y ou to configure the features listed in this manual. The default config uration can be used for most of the features provided by this switch. Ho we ver , there are many options that you should configure to [...]
-
Página 28
I NTR ODUCTION 1-2 Description of Software Features The switch provides a wide range of adva nced perfor mance enhancing features . Flow control elimina tes the loss of pack ets due to bottlenecks caused by port saturation. Broadcast stor m suppression prev ents broadcast traffic stor ms from engulfing the netw ork. P or t-based and private VLANs ,[...]
-
Página 29
D ESCRIPTION OF S OFTWARE F EATURES 1-3 Configuration Backup and Restore – Y ou can sav e the cur rent configuration settings to a file on a TFTP ser ver , and later download this file to restore the switch configuration settings. Authentication – This switch authenticate s managem ent access via the console port, T elnet or web browser . User [...]
-
Página 30
I NTR ODUCTION 1-4 Rate Limi ting – This featur e controls the maximum rate for tra ffic transmitted or re ceiv e d on an interf ace. Rate limiting is configured on interfaces at the edge of a netw ork to lim it traffic into or out of the networ k. T raffic that falls within the ra te limit is transmitted, while packets that ex ceed the acceptabl[...]
-
Página 31
D ESCRIPTION OF S OFTWARE F EATURES 1-5 Store-and-Forw ard Switching – T he switch copies ea ch frame into its memor y before forwarding them to another port. T his ensures that all frames are a s tandard Ether net size and hav e bee n verified for accuracy with the cyclic redundancy check (CR C ). This prevents bad frames from entering the netw [...]
-
Página 32
I NTR ODUCTION 1-6 switch to res t rict traffic to the VLAN groups to which a us er has been assigned. By segmenting your network into VLANs , you can: • Eliminate broadcast storms which se verely degrade performance in a flat network. • Simplify network management for node changes/moves by remotely configuring VLAN membership for an y port, ra[...]
-
Página 33
S YSTEM D EFAULTS 1-7 System Defaults The switch’ s system defaults are pr ovided in the configuration file “Factory_Default_Config.cfg .” To reset the switch defaults, this file should be set as the startup configuration file (page 3-23). The following table lists some of the basic system defaults . Table 1-2 System Defaults Function Paramet[...]
-
Página 34
I NTR ODUCTION 1-8 Web Management HTTP Server Enabled HTTP Port Numb er 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP Community Strings “public” (read on ly) “private” (read/write) Traps Authenticatio n traps: enabled Link-up-down ev ents: enabled Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control[...]
-
Página 35
S YSTEM D EFAULTS 1-9 Virtual LA Ns Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames GVRP (glo bal) Disabled GVRP (port interface) Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robi n Q ueue: 0 1 2 3 Weight: 1 2 4 6 IP Precedence Priority[...]
-
Página 36
I NTR ODUCTION 1-10[...]
-
Página 37
2-1 C HAPTER 2 I NITIAL C ONFIGURATION Connecting to the Switch Configuration Options The switch includes a built-in network management agent. T he agent offers a variety of management options , including SNMP , RMON (Groups 1, 2, 3, 9) and a W eb-based in terface . A PC may also be connected directly to the switch for configurat ion and monitoring[...]
-
Página 38
I NITIAL C ONFIGURATION 2-2 The switch’ s W eb interface, CLI conf iguration program, and SNMP agent allow y ou to perfor m the following manag ement functions: • Set user names and passwords for up to 16 users • Set an IP interface for a mana gement VLAN • Configure SNMP par ameters • Enable/disable any port • Set the speed/duplex mode[...]
-
Página 39
C ONNECTING TO THE S WITCH 2-3 Attach a VT100-compatible terminal, or a PC r unning a ter minal emulation program to the switch. Y ou can use the console cable provided with this pac kag e, or use a null-mode m cable that complies with the wiring assignments shown in the Installation Guide. T o connect a ter minal to the console por t, complete the[...]
-
Página 40
I NITIAL C ONFIGURATION 2-4 F or a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI command s and detailed infor mation on using the CLI, refer to “Command Groups” on page 4-12. Remote Connections Prior to accessing the switc h’ s onboa rd agent via a network connection, you [...]
-
Página 41
B ASIC C ONFIGURATION 2-5 Basic Configuration Console Connection The CLI prog ram provides two di fferent command levels — normal access level (Nor mal Exec) and privileged access level (Privileged Exec). The com mands av ailabl e at the Nor mal Exec level are a limited subset of those av ailable at the Privileged Ex ec level and al low you to on[...]
-
Página 42
I NITIAL C ONFIGURATION 2-6 2. T ype “configure” and press <Enter>. 3. T ype “username guest password 0 password ,” f o r t h e N o r m a l E xe c level, where password is your new password. Press <Enter>. 4. T ype “username admin password 0 password , ” for the Privileged Exec level, where password is your new password. Pre[...]
-
Página 43
B ASIC C ONFIGURATION 2-7 Manual Configuration Y ou can manually assign an IP address to the switch. Y ou may also need t o specify a defau lt g ateway that resides between this device and management stations that exist on another network segment. V alid IP ad dresses consist of four decimal numbers , 0 to 255 , se parated by periods . Anything out[...]
-
Página 44
I NITIAL C ONFIGURATION 2-8 Dynamic Configuration If you select the “bootp” or “dhcp” op tion, IP will be en abled but will not function until a BOOTP or DHCP repl y has been received. Y ou therefore need to use the “ip dhcp restar t” co mmand to s tar t broadcasting ser vice requests . Requests will be sent period ically in an effort t[...]
-
Página 45
B ASIC C ONFIGURATION 2-9 6. Then sav e your configuration chan ges by typing “copy r unning-config star tup-config .” Enter the star tu p file name and press <Enter>. Enabling SNMP Ma nagement Access The switch can be configured to accept management commands from Simple Network Manageme nt Protocol (SNMP) a pplications such as SMC EliteV[...]
-
Página 46
I NITIAL C ONFIGURATION 2-10 The default strings are: • public - with read-only access. Author ized management stations are only able to retrieve MIB objects. • private - with read-write access. Aut horized management stations are able to both retrieve and modify MIB objects. Note: If you do not intend to utilize SNMP, we recommend that you del[...]
-
Página 47
B ASIC C ONFIGURATION 2-11 “community-str ing” is the string associa ted with that host. Press <Enter>. 2. In order to configure the switc h to send SNMP notifications , you must enter at least one snmp-server enable traps command. T ype “snmp-ser ver enable traps type ,” wher e “type” is either authentication or link-up-down . Pr[...]
-
Página 48
I NITIAL C ONFIGURATION 2-12 Managing System Files The switch’ s flash memor y supports thr ee types of system files that can be managed by the CLI program, W eb inte rface, or SNMP . The switch’ s file system allows files to be uploaded and do wnloade d, copied, deleted, and set as a start-up file. The three types of files are: • Configurati[...]
-
Página 49
3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using the Web Interface This switch provides an embedded HTTP W eb agent. Using a W eb browser you can configure the s w itch and view statistics to monitor netw ork activity . T he W eb agent can be accessed b y any computer on the network using a standard W eb browser (Internet Explorer 5.0 or above, or Net[...]
-
Página 50
C ONFIGURING THE S WITCH 3-2 Notes: 1. You are allowed three att e mpts to enter the correct pa ssword; on the third failed attempt the current connection is terminated. 2. If you log into the Web interface as guest (Normal E xec level), you can view the configuration settings or change the guest password. If you log in as “admin” (Privileged E[...]
-
Página 51
N AVIGATING THE W EB B RO WS E R I NTERFACE 3-3 Navigating the Web Browser Interface T o access the web-br owser interface you m ust first enter a user name and password. The administrator has R ead/W rite access to all configuration parameters and statistics . The default user na me and passwo rd for the administrator is “admin.” Home Page Whe[...]
-
Página 52
C ONFIGURING THE S WITCH 3-4 Configuration Options Configurable parameters hav e a dial og box or a drop-down list. Once a configuration change has been made on a page, be sure to clic k on the Apply button to confir m the new settin g . T he following table summarizes the web page configuration buttons . Notes: 1. To ensure proper screen refresh, [...]
-
Página 53
M AIN M ENU 3-5 Main Menu Using the onboard web agent, you can define system pa rameters , manage and control the switc h, and all its por ts , or monitor network conditions . The following table briefl y describes the selections available from this prog ram. Table 3-2 Main Menu Menu Description Page System 3-11 System Information Provides basic sy[...]
-
Página 54
C ONFIGURING THE S WITCH 3-6 SNTP 3-42 Configuration Configu res SNTP client setting s, including broadcast mode or a spec ified list of servers 3-42 Clock Time Zone Sets the local time zone for the syst em clock 3-44 SNMP 3-45 Configuration Conf igures co mmunity st rings and related trap functions 3-45 Security 3-48 User Accounts Assigns a new pa[...]
-
Página 55
M AIN M ENU 3-7 IP Filter Sets IP addresses of clients allowed management ac cess via th e Web, SNMP, and Telnet 3-76 Port 3-87 Port Informatio n Displays po rt connecti on status 3-87 Trunk Information Display s trunk connec tion status 3-87 Port Configurat ion Configures po rt connecti on settings 3-90 Trunk Configurati on Configu res trunk conn [...]
-
Página 56
C ONFIGURING THE S WITCH 3-8 Output Port Conf iguration Sets the output rate limit for each port 3-113 Output Trunk Configurati on Sets the output rate limit for each trunk 3-113 Port Statistics Lists Ethernet and RMON port statistics 3-114 Address Table 3-121 Static Addresses Displ ays entries for interface, address or VLAN 3-121 Dynamic Addresses[...]
-
Página 57
M AIN M ENU 3-9 Static Membership by Port Configures m embership type for interfaces, including tagged, untagged or forbidden 3-153 Port Configuration Specifies defa ul t PVID and VLAN attributes 3-155 Trunk Config uration Specifies de fault trunk VID and VLA N attributes 3-155 Private VLAN 3-158 Information Displays Private VL AN feat ure informat[...]
-
Página 58
C ONFIGURING THE S WITCH 3-10 Queue Scheduling Configures Weighted Rou nd Robin queueing 3-173 IP Precedence / DSCP Priority Sta tus Globally selec ts IP Preceden ce or DSCP Priority, or disables bo th. 3-175 IP Precedence Priority Sets IP Type of Ser vice priority, mapping the precedence tag to a c lass-of-service value 3-175 IP DSCP Priority Sets[...]
-
Página 59
B ASIC C ONFIGURATION 3-11 Basic Configuration Displaying System Information Y ou can easily iden tify the system by displa ying the device name, location and contact infor mation. Field Attributes • System Name – Name ass igned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location ?[...]
-
Página 60
C ONFIGURING THE S WITCH 3-12 We b – Click System, System Infor mat ion. Specify the system name, location, and contact infor mation for th e syste m administrator , then clic k Apply . (This pag e also includes a T elnet button th at allows access to the Command Line Interface via T elnet.) Figure 3-3 System Information[...]
-
Página 61
B ASIC C ONFIGURATION 3-13 CLI – Specify the hostname , location and contact infor mation. Displaying Switch Hard ware/Software Versions Use the Switch Information pag e to display hardware/firmware version numb er s fo r the main board and management software, as well as the powe r st atus of the system. Field Attributes Main Board • Serial Nu[...]
-
Página 62
C ONFIGURING THE S WITCH 3-14 Management Softw ar e • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master or Slave. Expansion Slot • Expansion Slot 1[...]
-
Página 63
B ASIC C ONFIGURATION 3-15 CLI – Use the following command to display v ersion infor mation. Displaying Bridge Extension Capabilities The Bridg e MIB includes extensions for manag ed devices that support Multicast Filtering, T raffic Classes, and Virtual LANs . Y ou can access these extensions to dis play default settings for the k ey variables .[...]
-
Página 64
C ONFIGURING THE S WITCH 3-16 • Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID u sed in frame tag s) and egress status (VLAN-Tagged or Un tagged) on each port. (Refer to “VLAN Configuration” on page 3-141.) • Local VLAN Capable – This switch does not support multiple loc al bridges outside [...]
-
Página 65
B ASIC C ONFIGURATION 3-17 CLI – Enter the follo wing command. Setting the Switch’s IP Address This section describes how to config ure an IP interfa ce for manag ement access over the netw ork. T he IP addr ess for this switch is obtained via DHCP by default. T o manually configure an address , you need to change the switch’ s default settin[...]
-
Página 66
C ONFIGURING THE S WITCH 3-18 Requests will be broadcast periodically by the swit c h f o r a n I P a d d r e s s . (DHCP/BOOTP values can include the IP address , subnet mask, and default gatewa y.) • IP Address – Address of the VLAN interface that is allowed management access. Valid IP addresse s consist of four numbers, 0 to 255, separated b[...]
-
Página 67
B ASIC C ONFIGURATION 3-19 CLI – Specify the management inte rfac e, IP address and de fault gateway . Using DHCP/BOOTP If your netw ork provides DHCP/BOO TP ser vices , you can configure the switch to be dynamically configured b y these ser vices . We b – Click System, IP C onfiguration. Specify th e VLAN to which the management station is at [...]
-
Página 68
C ONFIGURING THE S WITCH 3-20 CLI – Specify the manage ment interface, and set the IP a ddress mode to DHCP or BOOTP , and then ente r the “ip dhcp restart” command. Rene w ing DC HP – DHCP may lease addresses to clients indefinite ly or for a specific period of time. If the address expires or the switch is mov ed to another network segment[...]
-
Página 69
B ASIC C ONFIGURATION 3-21 Managing Firmware Y ou can upload/download fir mware to or from a TFTP server , or copy files to and from switch units in a stac k. By saving r untime code to a file on a TFTP ser ver , that file can later be downloaded to the switch to restore operation. Y ou can also set the swit ch to use new firmware without ov erw ri[...]
-
Página 70
C ONFIGURING THE S WITCH 3-22 Downloading System So ftware from a Server When downloading r untime c ode, you can specify the destination file name to replace the cur rent imag e, or first download the file using a different name from the current r unt ime code file, and then set the new file as the startup file. We b –Click System, File Manageme[...]
-
Página 71
B ASIC C ONFIGURATION 3-23 If you do wnload to a new destinati on file, g o to the System/File/Set Start-Up menu, mark the operation code file used at startup , and click Apply . T o start the new fir mware, reboot the system via the System/R eset menu. Figure 3- 9 Select St art-Up Operation Fil e T o delete a file select System, File, Delete. Sele[...]
-
Página 72
C ONFIGURING THE S WITCH 3-24 CLI – T o d o wn lo ad ne w f irm w ar e f orm a TF T P s erv e r , e nt er t h e I P address of the TFTP ser ver , select “opc ode” as the file type, then enter the source and destination file names . W hen the file has finished downloading, set the new file to start up the system, and then res tar t the switch.[...]
-
Página 73
B ASIC C ONFIGURATION 3-25 - running-config to tftp – Copies the running configuration to a TFTP server. - startup-config to file – Copies the startup configuration to a file on the switch. - startup-config to running-config – Copies the startup config to the running config. - startup-config to t ftp – Copies the startup c onf iguration to [...]
-
Página 74
C ONFIGURING THE S WITCH 3-26 Downloading Configuration Settings from a Server Y ou can download the configuration f ile under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to dire ctly re place it. Note that the file “F actor y_De fault_Config .cfg” can be[...]
-
Página 75
B ASIC C ONFIGURATION 3-27 If you do wnload to a new file name us ing “tftp to startup-config” or “tftp to file, ” the file is automatically set as the star t-up configuration file. T o use the new settings , reboot the system via the System/R eset menu. Note that you can also sele ct any configuration file as the star t-up configuration by[...]
-
Página 76
C ONFIGURING THE S WITCH 3-28 Console Port Settings Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the switch’ s se rial console port. Manage ment access through the console port is controlled by v arious parameters, including a password, timeouts , and basic commun ication settings. These parameters [...]
-
Página 77
B ASIC C ONFIGURATION 3-29 • Speed – Sets the ter minal line’ s baud rate for transmit (to terminal) and receive (from term inal). Set the speed to match the baud rate of the device connected to the serial por t. (Rang e: 9600, 1920 0, 38400, 57600, or 115200 baud; Default: 9600 bps) • Stop Bits – Sets the number of the stop bit s transmi[...]
-
Página 78
C ONFIGURING THE S WITCH 3-30 CLI – Enter Line Configuration mode for the console , then specify the connection parameters as required. T o display the cur rent console port settings , use the show li ne command from the Normal Exec level. Telnet Settings Y ou can access the onboard configuration prog ram over the netw ork using T elnet (i.e., a [...]
-
Página 79
B ASIC C ONFIGURATION 3-31 • Login Timeout – Sets t he inter val th at the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0-300 seconds; Default: 300 seconds) • Exec Timeout – Sets the inter val that the system waits until use[...]
-
Página 80
C ONFIGURING THE S WITCH 3-32 We b – Click System, Line, T elnet. Spec ify the connection parameters for T elnet access , then click Apply . Figure 3-14 Enabling Telnet CLI – Enter Line Configuration mode for a virtual ter minal, then specify the connection parameters as required. T o display the cur rent vir tual ter minal sett ings , use t he[...]
-
Página 81
B ASIC C ONFIGURATION 3-33 Configuring Event Logging The switch allows y ou to control the log ging of error messag es, inc luding the type of events that are recorded in switch memory , log ging to a remote System Log (syslog) ser ver , and di splays a list of recent event messages . System Log Configuration The system allows you to enable or disa[...]
-
Página 82
C ONFIGURING THE S WITCH 3-34 • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all leve ls up to th e specified level. For ex ample, if level 7 is speci fied, all messages from le vel 0 to level 7 will be logged to RAM. (Range: 0-7, Def ault: 6) Note: The Flash Level must be equal to or less than the RAM Level.[...]
-
Página 83
B ASIC C ONFIGURATION 3-35 We b – Click System, Log, System Logs . Specify System Log Status , set the level of ev ent messages to be log ged to RAM and flash memor y , then click Apply . Figure 3-15 System Logs CLI – Enable system log ging and then specify the level of messages to be log g ed to RAM and flash memor y . Use the show log ging co[...]
-
Página 84
C ONFIGURING THE S WITCH 3-36 Command Attributes • Remote Log Status – Enables/disables the logging of debug or error messages to the remote loggin g process. (Default: Enabled) • Logging Facility – Sets the fac ility type for remote loggi ng of syslog messages. There are eight facility types specified by values of 16 to 23. The facility ty[...]
-
Página 85
B ASIC C ONFIGURATION 3-37 We b – Cl ick S ys tem , Lo g, Remot e L ogs. T o add an I P a ddr ess to t he Hos t IP List, type the new IP address in th e Host IP Address bo x, and then click Add. T o delete an IP address, c lick th e entry in the Host IP List, and then click R emove. Figure 3-16 Remote Logs CLI – Enter the syslog ser ver host IP[...]
-
Página 86
C ONFIGURING THE S WITCH 3-38 Displaying Log Messages The Logs pag e allows y ou to scroll through the log ged system and event messages . T he switch can store up to 2048 log entries in temporar y random access memory (RAM; i.e ., me mor y f lushed on pow er reset) and up to 4096 entries in per manent flash memor y . We b – Click System, Log, Lo[...]
-
Página 87
B ASIC C ONFIGURATION 3-39 Sending Simple Mail Transfer Protocol Alerts T o alert system adminis trators of problems , the switch can use SMTP (Simple Mail T ransfer Protocol) to se nd email messages when trig g ered by log ging events of a specified level. The message s are sent to specified SMTP ser vers on the netw ork and can be re trieved usin[...]
-
Página 88
C ONFIGURING THE S WITCH 3-40 We b – Click System, Log, SMTP . Enable SMTP , specify a source email address , and select the mini mum severit y level. T o add an IP address to the SMTP Ser ver List, type the new IP address in the SMTP Server field and click Add. T o delete an IP address, c lic k the entr y in the SMTP Ser ver List and clic k Remo[...]
-
Página 89
B ASIC C ONFIGURATION 3-41 CLI – Enter the IP addres s of at least one SMTP server , set the syslog severity lev el to trig ger an email mess age, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the log g ing sendmail command to complete the configuration. Use the show log ging sendmail com[...]
-
Página 90
C ONFIGURING THE S WITCH 3-42 CLI – Use the reloa d command to restart the switch. When prompted, confir m that you want to reset the switch. Note: When restarting the syste m, it will always run the Power-On Self-Test. Setting the System Clock Simple Netw ork Time Protocol (SNTP) a llows the switch to set its inter nal clock based on periodic up[...]
-
Página 91
B ASIC C ONFIGURATION 3-43 • SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the t ime from the first server, if this fails it attempts an up date from the next server in the sequence. We b – Sele ct SNTP , Config uration. Modify any of the required parameters , and click Apply . Figure 3-20 SNTP [...]
-
Página 92
C ONFIGURING THE S WITCH 3-44 Setting the Time Zone SNTP uses Coordinated Univ ersal Ti me (or UTC, formerly Greenwic h Mean Time, or GMT) based on the ti me at the Earth’ s prime meridian, zero deg rees longitude. T o display a time cor responding to your local tim e, you must in di cat e t he numb er of ho urs an d m inut es your ti me zo ne i [...]
-
Página 93
S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-45 Simple Network Management Protocol Simple Netw ork Manag ement Protoc ol (SNMP) is a communication protocol designed specifically fo r managing devices on a network. Equipment commonly managed with SN MP includes switches, routers and host computers . SNMP is typically used to configure these devices f[...]
-
Página 94
C ONFIGURING THE S WITCH 3-46 • Access Mode - Read-Only – Specifies read-only acce ss. Authorized management stations are only able to retrieve MIB objects. - Read/Write – Specifies read-write acce ss. Authorized management stations are able to both retr ieve and modify MIB objects. We b – Click SNMP , Configuration. Add new comm unity stri[...]
-
Página 95
S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-47 Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP addres s of the host (the targeted recipient). • Trap Manager Community String – Community [...]
-
Página 96
C ONFIGURING THE S WITCH 3-48 CLI – This example adds a trap manager and enables both authentication and link-up , li nk-down traps . User Authentication Y ou can restri ct manage me nt access to this switch using the follo wing options: • User Acco unts – Manually con figure access rights on the switch for specified users. • Authentication[...]
-
Página 97
U SER A UTHENTICATION 3-49 Command Attributes • Account List – Displ ays the current list of user accounts and associated access levels. (D efaults: admin, and guest ) • New Account – Displays conf iguration settings for a new account. - User Name – The name of the user. (Maximum le ngth: 8 charac ters; maximum number of use rs: 16) - Acc[...]
-
Página 98
C ONFIGURING THE S WITCH 3-50 CLI – Assign a user name to access-level 15 (i.e ., administrator), then specify the passw ord. Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passw ords. Y ou can manually configure access rights on the switch, or you[...]
-
Página 99
U SER A UTHENTICATION 3-51 Command Usag e • By default, manag ement access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol. Local an d remote logon authen[...]
-
Página 100
C ONFIGURING THE S WITCH 3-52 • RADIUS Settings - Global – Provides globally applicable RADIUS settings. - ServerIndex – Specifies one of five RADIUS servers that may be configured. The switch attemp ts authentication using the liste d sequence of servers. The process ends when a server either approves or denies access to a user. - Server IP [...]
-
Página 101
U SER A UTHENTICATION 3-53 We b – Click Security , Authentication Settings. T o configure local or remote authentication preferences , specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or T ACA CS+ authentication if selected, and click Apply . Figure 3-25 Authentication Settings[...]
-
Página 102
C ONFIGURING THE S WITCH 3-54 CLI – Specify all the required paramete rs to enable log on authentication. Configuring HTTPS Y ou can configure t he switch to enable the Secure Hypertext T ransfer Protocol (HTTPS) ov er the Secure So cket Layer (SSL), pro viding sec ure access (i.e ., an encr ypted connection) to the switch’ s web interface . Co[...]
-
Página 103
U SER A UTHENTICATION 3-55 • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https:// device [: port_number ] • When you start HTTPS, the connect ion is established in this way: - The client authenticates the serv er using the server’s digital certificate. - The client and server negotiate a se t of se[...]
-
Página 104
C ONFIGURING THE S WITCH 3-56 We b – Click Security , HT TPS Settings . Enable HTTPS and specify the port number, then click Apply . Figure 3-26 HTTPS Settings CLI – This example enables the HTTP secur e ser ver and mod ifies the port number . Replacing the Default S ecure-site Certificate When you log onto the web interface using HTTPS (for se[...]
-
Página 105
U SER A UTHENTICATION 3-57 When you hav e obtained these, place them on your TFTP se r ver , and use the following command at the switch's command-line interface to replac e the default (unrecognized) certif icate with an authorized one: Note: The switch must be reset for the ne w certificate to be activated. To reset the switch, type: Console[...]
-
Página 106
C ONFIGURING THE S WITCH 3-58 Command Usag e The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then the password can be a uthenticate d either locally or via a RADIUS or T ACA CS+ remote authentication s e r ver , as specified on the Authentication Set[...]
-
Página 107
U SER A UTHENTICATION 3-59 3. Import Client’ s Public Key to the Switch – Use the cop y tftp public-key command (page 4-87) to copy a file containing the public key for all the SSH client’ s granted manag ement access to the switch. (Note that these clients must be configured locally on the switch via the User Acco unts page as described on p[...]
-
Página 108
C ONFIGURING THE S WITCH 3-60 e. The switch compares the de cr ypted bytes to the original b y tes it sent. If the two sets match, this mean s that the client's pri vate ke y corresponds to an authorized pu blic key , and the client is authenticated. Notes: 1. To use SSH with only password authentication, the host public key must still be g iv[...]
-
Página 109
U SER A UTHENTICATION 3-61 • Host-Key Type – The key type used to genera te the host key pair (i.e., public and private keys). (Range : RSA (Version 1), DSA (Version 2), Both; Default: RSA) The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with th e switch, an d then negotiates with the client to sel[...]
-
Página 110
C ONFIGURING THE S WITCH 3-62 We b – Click Security , SSH, Host-Key Settings . Select the host-key type from the drop-down box, select the option to sav e the host key from memor y to flash (if required ) prior to g enerating the key , and then click Generate. Figure 3-27 SSH Host-Key Settings[...]
-
Página 111
U SER A UTHENTICATION 3-63 CLI – This example g enerates a host-key pair using both the RSA and DSA alg orithms , stores the keys to flash memor y , and then displays the host’ s public keys . Configuring the SSH Server The SSH se r ver includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/d[...]
-
Página 112
C ONFIGURING THE S WITCH 3-64 • SSH Authentication Retries – Spec ifies the number of authentication attempts that a client is allowed before authentication fails and the client has to resta rt the authentica tion process. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Specifies the SSH se rver key size. (Range: 512-896 bits; Defaul[...]
-
Página 113
U SER A UTHENTICATION 3-65 CLI – This example enables SSH, sets the authentication parameters , and display s the cur rent configur ation. It shows that the administrator has made a connection via SHH, and then disables this connection. Configuring Port Security P or t security is a feature that allows you to configure a switch port with one or m[...]
-
Página 114
C ONFIGURING THE S WITCH 3-66 already in the address table will be retained and will not ag e out. Any other device that attempts to u se the port will be prevented fr om accessing the switch. Command Usag e • A secure port has the following restrictions: - It cannot use port monitoring. - It cannot be a multi-VLAN port. - It cannot be used as a [...]
-
Página 115
U SER A UTHENTICATION 3-67 We b – Click Securi ty , P or t Security . Set the action to tak e when an inv alid address is dete cted on a port, mark the checkbo x in the Status column to enable security for a port, set the maximum number of MA C addres ses allow e d on a port, and click Apply . Figure 3-29 Configuring Port Security CLI – This ex[...]
-
Página 116
C ONFIGURING THE S WITCH 3-68 This switch uses the Extensible Authentication Protocol ov er LANs (EAPOL) to exc hang e authentication protocol messages with the client, and a remote RADIUS authen tication ser ver to verify user identity and access rights . When a client (i.e., Supplicant) connects to a switc h port, the switch (i.e., A uthenticator[...]
-
Página 117
U SER A UTHENTICATION 3-69 • The RADIUS server and 802.1X clie nt support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) • The RADIUS server and client al so have to support the same EAP authentication type – MD5. (Some clients have native support in Windows, otherwise the dot1 x client m[...]
-
Página 118
C ONFIGURING THE S WITCH 3-70 CLI – This example sho ws the default gl obal setting for 802.1X. Configuring 802.1X Global Settings The 802.1X protocol includes por t au thentication. The 802.1X protocol must be enabled globally for the switc h system before por t settings are active . Command Attributes • 802.1X System Authentication Control ?[...]
-
Página 119
U SER A UTHENTICATION 3-71 Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that r uns betwee n the client and the switc h (i.e., authenticator), as we ll as the client identity lookup process that r uns between the switc h and authentication ser ver . These parameters [...]
-
Página 120
C ONFIGURING THE S WITCH 3-72 • Quiet Period – Sets the tim e that a switch port wa its after the Ma x Request Count has been exceeded before attempting to acquire a new cli ent. (Rang e: 1-65535 seconds; Default: 60) • Re-authen Period – Sets the time period after which a connected client must be re-authenticated. (Range: 1-65535 seconds; [...]
-
Página 121
U SER A UTHENTICATION 3-73 CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields di splayed in this exam ple, see “show dot1x” on page 4-114. Console(config)#interface ethernet 1/2 4-145 Console(config-if)#dot1x port-control a uto 4-109 Console(config-if)#dot1x re-authenticat ion 4-111 Console(con[...]
-
Página 122
C ONFIGURING THE S WITCH 3-74 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol ex changes for any port. Table 3-5 802.1X Statistics Parameter Description Rx EAPOL Start Th e number of E APO L Start frames that have been received by this Authen ticator. Rx EAPOL Logoff The number of EAPO L Logoff frames that have be[...]
-
Página 123
U SER A UTHENTICATION 3-75 We b – Select Security , 80 2.1X , Statistics. Select the require d port and then click Query . Click Refresh to update the statistics . Figure 3-33 Displaying 802.1X Port Statistics CLI – This example displays the 802.1X statistics for por t 4. Console#show dot1x statistics interface ethernet 1/4 4-114 Eth 1/4 Rx: EA[...]
-
Página 124
C ONFIGURING THE S WITCH 3-76 Filtering Addresses for Mana gement Access Y ou create a list of up to 16 IP addr esses or IP address groups that are allow ed manag ement access to the switch through the w eb interface, SNMP , or T elnet. Command Usag e • The management interfaces are open to all IP addresses by default. Once you add an entry to a [...]
-
Página 125
U SER A UTHENTICATION 3-77 • End IP Address – The end address of a range. • Add/Remove Filtering Entry – Adds/removes an IP address from the list. We b – Click Security , IP Filter. Ente r the IP addresses or rang e of addresses that are allow ed management access to an interface, and clic k Add IP Filtering Entry to update the filter lis[...]
-
Página 126
C ONFIGURING THE S WITCH 3-78 CLI – This example allows SNMP access for a specific client. Access Control Lists Access Control Lists (A CL) provide pac k et filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MA C addres s or Ethernet type). To filter incoming pac kets, f[...]
-
Página 127
A CCESS C ONTR OL L ISTS 3-79 Command Usag e The following restrictions apply to A CLs: • Each ACL can have up to 32 rules. • The maximum number of ACLs is 88. • However, due to resource restrictions, th e average number of rules bound to the ports should not exceed 20. • This switch supports ACLs for ingres s filtering only. However, you c[...]
-
Página 128
C ONFIGURING THE S WITCH 3-80 - MAC : MAC ACL mod e that filters packets b ased on the source or destination MAC address and the Ethernet frame type (RFC 1060). We b – Click Security , A C L, Configurat ion. Enter an A CL name in the Name field, select the list type (IP Standard, IP Extended, or MA C), and click Add to open the configuration page[...]
-
Página 129
A CCESS C ONTR OL L ISTS 3-81 • Subnet Mask – A subnet mask containing fo ur integers from 0 to 255, each separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to indicate “ig nore.” The mask is bitwise ANDed with the specified source IP address, and compare d with the address for each IP packet entering the port(s)[...]
-
Página 130
C ONFIGURING THE S WITCH 3-82 Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain any comb ination of permit or deny rules. • Source/Destination Address Type – Specifies the source or destination IP addres s. Use “Any” to include all possible addre sses, “Host” to specify a specifi c host addr ess in the [...]
-
Página 131
A CCESS C ONTR OL L ISTS 3-83 - 4 (rst) – Reset - 8 (psh) – Push - 16 (ack) – Acknowledgement - 32 (urg) – Urgent pointer For example, use the code value and mask below to catc h packets with the following flags set: - SYN flag valid, use control-code 2, control bitmask 2 - Both SYN and ACK valid, use cont rol-code 18, control bitmask 18 - [...]
-
Página 132
C ONFIGURING THE S WITCH 3-84 CLI – This example adds tw o r ules: 1. Accept any incom ing packets if the source address is in subnet 10.7.1.x. F or example, if the rule is matc hed; i.e., the r ule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the pac ket passes throug h. 2. Allow TCP pac kets from cla [...]
-
Página 133
A CCESS C ONTR OL L ISTS 3-85 • Ethernet Type – This option can only be used to filter Ethernet II formatted packets. (Range: 0-65535) A detailed listing of Ethernet protocol type s can be found in RFC 1060. A few of the more common ty pes include 0800 (IP), 0806 (ARP), 8137 (IPX). We b – Specify the action (i.e ., Permit or Deny). Specify th[...]
-
Página 134
C ONFIGURING THE S WITCH 3-86 Binding a Port to an Access Control List After configuring Access Control Lists (A CL), you should bind them to the por t s th at n ee d to fil ter tra ffi c. Y o u can as sig n one IP acc es s li st t o any port, but you can only assign one MAC access list to a ll the por ts on the switch. Command Usag e This switch o[...]
-
Página 135
P ORT C ONFIGURATION 3-87 CLI – T his example as signs an IP and MAC access list to port 1, and an IP access list to port 3. Port Configuration Displaying Connection Status Y ou can use the P or t Infor mation or T r unk Infor mation pages to display the current connection status, includ ing link state, speed/duplex mode, flow control, and auto-n[...]
-
Página 136
C ONFIGURING THE S WITCH 3-88 We b – Click P or t, Port Infor mation or T r unk Infor mation. Figure 3-40 Displaying Port/Trunk Information Field Attributes (CLI) Basic Infor mation: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physi cal layer address for this port. (To access this item on th[...]
-
Página 137
P ORT C ONFIGURATION 3-89 • Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiati on. (To access this item on the web, see “Configuring Interface Connections ” on page 3-48.) The following capabilities are supported. - 10half - Supports 10 Mbps half-duplex operation - 10full - Supports 10 Mbps full-dupl[...]
-
Página 138
C ONFIGURING THE S WITCH 3-90 CLI – This example shows the connection status f or Port 5. Configuring Interface Connections Y ou can use the P or t Configuration or T r unk Configuration pag e to enable/disable an interface, set auto-neg otiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control[...]
-
Página 139
P ORT C ONFIGURATION 3-91 • Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotia ti on is enabled, you need to specify the c apabilities to be adve rtised . When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.The following ca pabilities are supported.[...]
-
Página 140
C ONFIGURING THE S WITCH 3-92 We b – Click P or t, P or t Configuration or T r unk Configuration. Modify the required interface settings, and click Apply . Figure 3-41 Port/Trunk Configuration CLI – Select the interface , and then enter the required settings . Creating Trunk Groups Y ou can create multiple links between dev ices that work as on[...]
-
Página 141
P ORT C ONFIGURATION 3-93 automatically negotiate a tr unked link with LA CP-configured ports on another device. Y ou can configure any number of ports on the switch as LA CP , as long as they are not already conf ig u r e d a s p a r t o f a s t a t i c t r u n k . I f ports on another device are also conf igured as LACP , the switch and the other[...]
-
Página 142
C ONFIGURING THE S WITCH 3-94 Statically Configuring a Trunk Command Usag e • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible. • To avoid creating a loop in the network,[...]
-
Página 143
P ORT C ONFIGURATION 3-95 We b – Click P ort, T r unk Membership . Enter a tr unk ID of 1-4 in the T r unk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding port s to the member list, click Apply . Figure 3-42 Static Trunk Configuration[...]
-
Página 144
C ONFIGURING THE S WITCH 3-96 CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk por ts on another switch to for m a tr unk. Enabling LACP on Selected Ports Command Usag e • To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports[...]
-
Página 145
P ORT C ONFIGURATION 3-97 • A trunk formed with another switch using L ACP will automatically be assigned the next available trunk ID. • If more than four por ts attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. • All ports on b[...]
-
Página 146
C ONFIGURING THE S WITCH 3-98 CLI – The following example enables LA CP for por ts 1 to 6. Just connect these ports to LACP-enabled trunk por ts on another switch to form a tr unk. Configuring LACP Parameters Dynamically Creating a Por t Channel – P or ts assigned to a common port channe l must meet the following criteria: • Ports must have t[...]
-
Página 147
P ORT C ONFIGURATION 3-99 Note: If the port channel admin key (lac p admin key, page 4-171) is not set (through the CLI) when a channel group is formed (i.e., it has a null value of 0), this key is set to the same value as the port admin key used by the interfaces that jo ined the group (lacp admin key, as described in this s ection and on page 4-1[...]
-
Página 148
C ONFIGURING THE S WITCH 3-100 We b – Click P or t, LA CP , Ag g regation P or t. Set the System Pri ority , Admin Key , and Port Priority for t he P or t Actor. Y o u can optionally configure these setti ngs for the P ort Partner . (Be aw are that these set tings only affect the administrative state of the partne r , and will not take effect unt[...]
-
Página 149
P ORT C ONFIGURATION 3-101 CLI – The following example configures LACP parameters for por ts 1-4. P or ts 1-4 are used as active members of the LA G . Console(config)#interface ethernet 1/1 4-145 Console(config-if)#lacp actor system-pr iority 3 4-169 Console(config-if)#lacp actor admin-key 120 4-170 Console(config-if)#lacp actor port-prio rity 12[...]
-
Página 150
C ONFIGURING THE S WITCH 3-102 Displaying LACP Port Counters Y ou can display statistics for LA CP protocol messages . We b – Click P ort, LACP , P or t Counters Infor mation. Sele ct a member port to display the cor responding infor mation. Figure 3-45 LACP - Port Counters Information Table 3- 6 LACP Port C ounters Field Description LACPDUs Sent[...]
-
Página 151
P ORT C ONFIGURATION 3-103 CLI – The follo wing example displa ys LA CP counters . Displaying LACP Settings a nd Status for the Local Side Y ou can display configuration settin gs and the operational state for the local side of an link ag g reg ation. Console#show lacp counters 4-173 Port channel : 1 --------------------------------------- ------[...]
-
Página 152
C ONFIGURING THE S WITCH 3-104 LACP Port Priority LACP port priority assigned to th is interface within th e channel group. Admin State, Oper State Administrati ve or operational values of th e actor’s state parameters: • Expired – The actor’s receive machine is in the expi red state; • Defaulted – The actor’s receive machine is usin [...]
-
Página 153
P ORT C ONFIGURATION 3-105 We b – Click P ort, LACP , P ort Internal Infor mation. Select a por t channel to display the corresponding infor mation. Figure 3-46 LACP - Port Internal Information CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the local side of port channel 1. Console#show lacp 1 [...]
-
Página 154
C ONFIGURING THE S WITCH 3-106 Displaying LACP Settings a nd Status for the Remote Side Y ou can display configuration settin gs and the operational state for the remote side of an link ag g regation. Table 3-8 LACP Nei ghbor Configuration Infor mation Field Description Partner Admin System ID LAG partner’s system ID ass igned by the user. Partne[...]
-
Página 155
P ORT C ONFIGURATION 3-107 We b – Click P ort, LACP , P ort Neighbors Infor mation. Select a port channel to display the corresponding infor mation. Figure 3-47 LACP - Port Neighbors Informat ion CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the remote side of por t channel 1. Console#show lac[...]
-
Página 156
C ONFIGURING THE S WITCH 3-108 Setting Broadcast Storm Thresholds Broadcast stor ms may occur when a device on your network is malfunctioning, or if application pr og rams are not well designed or properly configur ed. If there is to o muc h broadcast traffic on your network, performance can be severely degraded or everything can come to complete h[...]
-
Página 157
P ORT C ONFIGURATION 3-109 We b – Click P ort, Port/T r unk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and click Apply . Figure 3-48 Port Broadcast Control[...]
-
Página 158
C ONFIGURING THE S WITCH 3-110 CLI – Specify any interfa c e, and th en enter the threshold. The following disables broadcast stor m control fo r por t 1, and then sets broadcast suppression at 600 octets per second fo r port 2 (which applies to all por ts). Configuring Port Mirroring Y ou can mir ror traffic from any source port to a target por [...]
-
Página 159
P ORT C ONFIGURATION 3-111 Command Attributes • Mirror Sessions – Displays a list of current mirror sessions. • Source Unit – The unit whose port traffic will be monitored. • Source Port – The port whose traffic will be monitored. • Type – Allows you to select which traff ic to mirror to the target port, Rx (receive), or Tx (trans m[...]
-
Página 160
C ONFIGURING THE S WITCH 3-112 Configuring Rate Limits This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on a por t. Rate limiting is configured on ports at the edg e of a network to limi t traffic coming into or out of the networ k. T raffic that falls within the ra te limit is transmitted, [...]
-
Página 161
P ORT C ONFIGURATION 3-113 CLI - This example sets and displays Fa st Ethernet and Gigabit Ether net granularity . Rate Limit Configuratio n Use the rate limit configurati on pag es to apply rate limiting . Command Usag e • Input and output rate limit can be enabl ed or disabled for individual interfaces. Command Attributes • Port/Trunk – Dis[...]
-
Página 162
C ONFIGURING THE S WITCH 3-114 We b – Click P or t, Rate Limit, Input/Ou tput P ort/T r unk Configuration. Enable the Rate Limit Status for the re quired interfaces, set the Rate Limit Level, and clic k Appl y . Figure 3-51 Output Rate Limit Port Configuration CLI - This example sets the rate limit level for input and output traffic passing throu[...]
-
Página 163
P ORT C ONFIGURATION 3-115 Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC EliteView. Table 3-9 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets receiv ed on the interface, including framing characters. Received Unicast Packets The number of subnetwork[...]
-
Página 164
C ONFIGURING THE S WITCH 3-116 Transmit Mult icast Packets The total number of pa ckets that higher-level protocols requested be transmitted, a n d which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent. Transmit Broadcast Packets The total number of pa ckets that higher-level protocols reques[...]
-
Página 165
P ORT C ONFIGURATION 3-117 Multiple Collision Frames A count of successf ully transmit ted frames for which transmission is inhibited by more than one collision. Carrier Sense Er rors The number of tim es that the carrier sense conditio n was lost or never asserted when attempting to transmit a frame. SQE Test Erro rs A count of times that the SQE [...]
-
Página 166
C ONFIGURING THE S WITCH 3-118 Multicast Frames The total number of good frames received that were directed to this mu lticast address. CRC/Alignment Errors The number of CRC/alignm ent e rrors (FCS or alignment errors). Undersize Frames The total number of frames recei v ed that were less th an 64 octets long (e xcluding framing bits, but incl udi[...]
-
Página 167
P ORT C ONFIGURATION 3-119 We b – Click P ort, Port Statistics . Select the require d interface, and click Quer y . Y ou can also use the R efresh button at the bottom of the page to update the screen. Figure 3-52 Port Statistics[...]
-
Página 168
C ONFIGURING THE S WITCH 3-120 CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 4-154 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets ou tput: 3492122 Unicast input: 7315, Unitcast o utput: 6658 Discard input: 0, Discard outpu t: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QL[...]
-
Página 169
A DDR ESS T ABLE S ETTINGS 3-121 Address Table Settings Switches store the addresses for all known devices . This infor mation is used to pass traffic directly betwee n the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. Y ou can als o manually configure st atic addresse s that ar[...]
-
Página 170
C ONFIGURING THE S WITCH 3-122 We b – Click Address T abl e, Static Addresses . Specify the interface, the MA C address and VLAN , then click Add Static Address . Figure 3-53 Configuring a Static Address Table CLI – This example adds an address t o th e static address table, but sets it to be deleted when the switch is reset. Displaying the Add[...]
-
Página 171
A DDR ESS T ABLE S ETTINGS 3-123 • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort th e information displayed based on MAC address, VLAN or interface (port or trunk). • Dynamic Address Counts – The number of addresses dynamically learned. • Current Dynamic Address Table – Lists all the dynamic addresse[...]
-
Página 172
C ONFIGURING THE S WITCH 3-124 Changing the Aging Time Y ou can set the aging time for entries in the dynamic ad dress table. Command Attributes • Aging Status – Enables/disables the function. • Aging Time – The time after which a learned entry is discarded. (Range: 10-30000 seconds; Default: 300) We b – Click Address T able, Address Agin[...]
-
Página 173
S PANNING T REE A LGORITHM C ONFIGURATION 3-125 The spanning tree alg orithms supported by this switch include these vers ions: • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanning Tr ee Protocol (IEEE 802.1w) ST A uses a distributed alg orithm to select a bri dging device (STA-compliant switch, bridge or rout er) that ser v[...]
-
Página 174
C ONFIGURING THE S WITCH 3-126 that can be used when a node or por t fails , and retaining the forwarding database for ports insensitive to c h anges in the tree str ucture when reconfiguration occurs . Displaying Global Settings Y ou can displa y a summar y of the cu r rent bridg e STA information that applies to the entire switch using the STA In[...]
-
Página 175
S PANNING T REE A LGORITHM C ONFIGURATION 3-127 • Designated Root – T he priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no [...]
-
Página 176
C ONFIGURING THE S WITCH 3-128 • Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i .e., discarding to learning to forwarding). This delay is requ ired because every device must receive information about topology changes befo re it starts to forward frames. In addition, each port needs time to lis[...]
-
Página 177
S PANNING T REE A LGORITHM C ONFIGURATION 3-129 CLI – This command displays global STA settings , follow ed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network. Console#show spanning-tree 4-196 Spanning-tree information -------------------------------------[...]
-
Página 178
C ONFIGURING THE S WITCH 3-130 Configuring Global Settings Global settings apply to the entire switch. Command Usag e • Spanning Tree Protocol 10 Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. • Rapid Spanning Tree Protocol 10 RSTP supports connections to ei ther STP or RSTP nodes by monitoring the incoming protocol mess[...]
-
Página 179
S PANNING T REE A LGORITHM C ONFIGURATION 3-131 • Priority – Bri dge priority is used in se lecting the root de vice, root port, and designa ted port. The device wi th the highest priority becomes the STA root device. However, if all de v ices have the same priority, the device with the lowest MAC address will then become the root device. (Note[...]
-
Página 180
C ONFIGURING THE S WITCH 3-132 • Forward Delay – The maximum time (in seconds) this device will wai t before changing states (i.e., discardi ng to learning to forwarding). This delay is required because every device must re ceive information about topology changes before it starts to forward frames. In addition, each port needs time to listen f[...]
-
Página 181
S PANNING T REE A LGORITHM C ONFIGURATION 3-133 We b – Click Spanning T ree, ST A, Conf iguration. Modify the required attributes , and click Apply . Figure 3-57 STA Configuration CLI – This example enables Spanning T r ee Protocol, sets the mode to RSTP , and then configures the STA and RSTP par ameters. Console(config)#spanning-tree 4-184 Con[...]
-
Página 182
C ONFIGURING THE S WITCH 3-134 Displaying Interface Settings The STA P ort Infor mation and STA T r unk Infor mation pages display the cur rent status of ports and tr unks in the Spanning T ree. Field Attributes • Spanning Tree – Shows if STA has been enabled on this interface. • STA Status – Displays curr ent state of this port within the [...]
-
Página 183
S PANNING T REE A LGORITHM C ONFIGURATION 3-135 • Designated Bridge – The bridge priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree. • Designated Port – The port priority and number of the port on the designated brid ging device th rough which this switch must communicate w[...]
-
Página 184
C ONFIGURING THE S WITCH 3-136 • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only) These additional parameters ar e only displa yed for the CLI: • Admin status – Shows if this interface is enabled. • Path cost – This parameter is used by the STA to determine the bes t path between devices. Th erefore[...]
-
Página 185
S PANNING T REE A LGORITHM C ONFIGURATION 3-137 • Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state . Specifying Edge Ports provides qu[...]
-
Página 186
C ONFIGURING THE S WITCH 3-138 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP attributes fo r specific interfaces, including port priority , path cost, link type, and edge por t. Y ou may use a different priority or path cost for ports of the sam e media type to indicate the preferr[...]
-
Página 187
S PANNING T REE A LGORITHM C ONFIGURATION 3-139 - Learning - Port has transmitted conf iguration messages for an interval set by the Forward De lay parameter with out receiving contradictory information. Port addr ess table is cleared, and the port begins learning addresses. - Forwarding - Port forwards packets, and continues learning addresses. ?[...]
-
Página 188
C ONFIGURING THE S WITCH 3-140 -Default: - Ethernet – Half duplex: 2,000 ,000; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half dupl ex: 200,000; full duplex: 100,000; trunk: 50,000 - Gigabit Ethernet – Full du plex: 10,000; trunk: 5,000 • Admin Link Type – The link type attached to this interface. - Point-to-Point – A conn[...]
-
Página 189
VLAN C ONFIGURATION 3-141 We b – Click Spanning T ree, ST A, Port Configuration or T r unk Configuration. M odify the required attributes , then click Apply . Figure 3-59 STA Port Configuration CLI – This example set s STA attribu tes for por t 7. VLAN Configuration IEEE 802.1Q VLANs In large networks , routers are used to isolate broadc ast tr[...]
-
Página 190
C ONFIGURING THE S WITCH 3-142 VLANs help to simplify network mana g ement by allowing you to mo ve devices to a new VLAN without ha ving to change any physical connections . VLANs can be easily or g anized to ref lect depar tmental g roups (suc h as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for mult imedia app[...]
-
Página 191
VLAN C ONFIGURATION 3-143 Note: VLAN-tagged frames can pass thr ough VLAN-aware or VLAN-unaware network interconne ction devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. VLAN Classification – When the switch recei ves a frame, it classifies the frame in one of two wa y[...]
-
Página 192
C ONFIGURING THE S WITCH 3-144 Automatic VLAN Registration – GVRP (GARP VLAN R egistration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned. If a n end station (or its netw ork adapter) suppor ts the IEEE 802.1Q VLAN prot ocol, it can be configured to broadcast a messag e[...]
-
Página 193
VLAN C ONFIGURATION 3-145 F orwarding T a gged/Untagged F rames If you w ant to create a small por t-based VLAN for devices attached directly to a single switch, y ou can assign ports to the same untag ged VLAN . Howev er, to participate in a VLAN group that crosses sev eral switches , you should create a VLAN for that group and enable tag ging on [...]
-
Página 194
C ONFIGURING THE S WITCH 3-146 Enabling or Disabling GVR P (Global Setting) GARP VLAN Re gistration Protocol (GVR P) defines a way for switc hes to ex chang e VLAN infor mation in or der to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the [...]
-
Página 195
VLAN C ONFIGURATION 3-147 We b – Click VLAN , 802.1Q VLAN , Basic Infor mation. Figure 3-61 VLAN Basic Information CLI – Enter the follo wing command. Displaying Current VLANs The VLAN Cur rent Table sho ws the cur rent por t members of each VLAN and whether or not the por t supports VLAN tag ging . P or ts assigned to a large VLAN g roup that [...]
-
Página 196
C ONFIGURING THE S WITCH 3-148 • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. We b – Click VLAN , 802.1Q VLAN , Current T able. Select any ID f r om the scroll-down list. Figure 3-62 Displaying Current VLANs Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094). ?[...]
-
Página 197
VLAN C ONFIGURATION 3-149 CLI – Current VLAN infor mation can be displayed with the following command. Creating VLANs Use the VLAN Static List to create or remo ve VLAN groups . T o propagate infor mation about VLAN groups used on this switch to external networ k devices , you must specif y a VLAN ID for each of these g roups . Command Attributes[...]
-
Página 198
C ONFIGURING THE S WITCH 3-150 • State (CLI) – Enables or disables the specified VLA N . - Active : VLAN is operational. - Suspend : VLAN is suspended; i.e., does not pa ss packets. • Add – Adds a new VLAN group to the current list. • Remove – Removes a VLAN group from the current list. If any port is assigned to this group as untagge d[...]
-
Página 199
VLAN C ONFIGURATION 3-151 CLI – This example creates a new VLAN . Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tag g ed if they are connected to 802.1Q VLAN compliant devices , or untag ged they are not connected to any VLAN-aware devices . Or configur[...]
-
Página 200
C ONFIGURING THE S WITCH 3-152 Command Attributes • VLAN – ID of configured VLAN (1-4094). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable : VLAN is operational. - Disable : VLAN is suspended; i.e., does not pass packets. • Port – Port identifier. • Membership Type – Se[...]
-
Página 201
VLAN C ONFIGURATION 3-153 We b – Click VLAN , 802.1Q VLAN, Static Table . Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required . Select the membership type by marking the a ppropriate radio button in the list of ports or tr unks. Clic k Apply . Figure 3-64 Configuring a VLAN Sta tic Table CLI – The following e[...]
-
Página 202
C ONFIGURING THE S WITCH 3-154 • Non-Member – VLANs for which the selected interface is not a tagged member. We b – Open VLAN , 802.1Q VLAN , Static Membership by P or t. Select an interface from the scroll-down box (P or t or T r unk). Click Query to display membership infor mation for the interface. Select a VLAN ID , and then click Add to [...]
-
Página 203
VLAN C ONFIGURATION 3-155 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), acce pt ed frame types , ingress filtering, GVRP status , and GARP timers . Command Usag e • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN[...]
-
Página 204
C ONFIGURING THE S WITCH 3-156 - If ingress filtering is disabled an d a port recei ves frames tagged fo r VLANs for which it is not a member , these frames will be flooded to all other ports (except for t hose VLANs explicitly forbidden on this port). - If ingress filtering is enabled an d a port receives frames tagged for VLANs for which it is no[...]
-
Página 205
VLAN C ONFIGURATION 3-157 • Mode – Indicates VLAN membership mode f or an interface. (Default: Hybrid) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port trans m its tagged frames that identi fy the source VLAN. Note that frames belonging to the port’s d efault VLAN (i.[...]
-
Página 206
C ONFIGURING THE S WITCH 3-158 CLI – This example sets por t 3 to ac ce pt only tag ged frames, assigns PVID 3 as the nativ e VLAN ID , enables GVRP , sets the GARP timers , and then sets the switc hpor t mode to hybrid. Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN . Th is swit ch [...]
-
Página 207
VLAN C ONFIGURATION 3-159 T o configure pri vate VLANs , follow these steps: 1. Use the Priv ate VLAN Configurati on menu (page 3-161) to designate one or more isolated or commun ity VLANs , and the primary VLAN that will channel traffic outside of the VLAN groups . 2. Use the Priv ate VLAN Associati on menu (page 3-162) to map the secondary (i.e.,[...]
-
Página 208
C ONFIGURING THE S WITCH 3-160 We b – Click VLAN , Priv ate VLAN , Infor mation. Select the desired port from the VLAN ID drop-down menu. Figure 3-67 Private VLAN Information CLI – This example shows the switch configured with primar y VLAN 5 and secondar y VLAN 6. P or t 3 has been configured as a promiscuous por t and mapped to VLAN 5, while [...]
-
Página 209
VLAN C ONFIGURATION 3-161 Configuring Private VLANs The Private VLAN Configuration page is used to create/remo ve primary or community VLANs . Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Type – There are three types of VLANs within a private VLAN: - Primary VLANs – Conveys traffic betw een promiscuous ports, and to co[...]
-
Página 210
C ONFIGURING THE S WITCH 3-162 CLI – This example configures VLAN 5 as a primar y VLAN , and VLAN 6 as a communit y VLAN and VLAN 7 as an isolated VLAN . Associating VLANs Each community or isolated VLAN mu st be associated with a primar y VLAN . Command Attributes • Primary VLAN ID – ID of primary VLAN (1-4094). • Association – Community[...]
-
Página 211
VLAN C ONFIGURATION 3-163 CLI – This example assoc iates community VLAN s 6 and 7 with primary VLAN 5. Displaying Private VLAN Interface Information Use the Pri vate VLAN P or t Infor mation and Priv ate VLAN T r unk Infor mation menus to display the interfaces associated with priv ate VLANs . Command Attributes • Port/Trunk – The switch inte[...]
-
Página 212
C ONFIGURING THE S WITCH 3-164 • Isolated VLAN – Conveys traffic only between the VLAN’s isolated ports and promiscuous ports. Traffic betwee n isolated ports within the VLAN is blocked. • Trunk – The trunk i dentifier . (Port Information only) We b – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private V[...]
-
Página 213
VLAN C ONFIGURATION 3-165 CLI – This example shows the switch configured with primar y VLAN 5 and comm unity VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while por ts 4 and 5 have been configured as host ports and associated with VLAN 6. This means that traffic for port 4 and 5 can only pass through port 3. Confi[...]
-
Página 214
C ONFIGURING THE S WITCH 3-166 specify the asso ciated primary VLAN . F or “Host” type , the Primar y VLAN displayed is the one to whic h the selected secondar y VLAN has been associated . • Community VLAN – A community VLAN conveys traffic between community ports , and from community ports to their designated promiscuous ports. If PVLAN Po[...]
-
Página 215
C LASS OF S ER VICE C ONFIGURATION 3-167 CLI – This example shows the switch configured with primar y VLAN 5 and secondar y VLAN 6. P or t 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 hav e been configured as a host ports and associated with VLAN 6. T his means that traffic for port 4 and 5 can only pass t[...]
-
Página 216
C ONFIGURING THE S WITCH 3-168 Command Usag e • This switch provides four priority q u eues for each port. It uses Weighted Round Robin to prevent head-of-queue blockage. • The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, r e ceives both untagged and tagged frames). This priority does not[...]
-
Página 217
C LASS OF S ER VICE C ONFIGURATION 3-169 CLI – This example assigns a default priority of 5 to port 3. Mapping CoS Values to Egress Queues This switch processes Class of Servic e (CoS) priority tag ged traffic by using four priority queues for ea ch port, with ser vice schedules based on strict or W e ighted Round R obin (W RR). Up to eight separ[...]
-
Página 218
C ONFIGURING THE S WITCH 3-170 The priority levels recommended in the IEEE 802.1 p standard for v arious network applications are shown in th e following table . Howeve r, you can map the priority levels to the switch’ s output queues in any way that benefits application traf fic for your o wn network. Command Attributes • Priority – CoS valu[...]
-
Página 219
C LASS OF S ER VICE C ONFIGURATION 3-171 We b – Click Priority , Tr affic Classes . Assi gn priorities to the traffic classes (i.e., output queues), then cli ck Apply . Figure 3-73 Traffic Classes CLI – The following example sho ws how to change the CoS assignments . Note: Mapping specific values for CoS priorities is implemented as an interfac[...]
-
Página 220
C ONFIGURING THE S WITCH 3-172 Selecting the Queue Mode Y ou can set the switch to ser vice the queues based on a strict rule that requires all traffic in a higher priori ty queue to be proc essed before lower priority que ues are ser viced, or use W eighted Round-R obin (WRR) queuing that specifies a relative w eight of each queue. WRR uses a pred[...]
-
Página 221
C LASS OF S ER VICE C ONFIGURATION 3-173 Setting the Service Weight for Traffic Classes This switch uses the W eighted Round R obin (WRR) alg orithm to deter mine the frequency at which it ser vi ces each priority queue. As described in “Mapping CoS V alues to Eg ress Queues” on page 3-169, the traffic clas ses are mapped to one of the four eg [...]
-
Página 222
C ONFIGURING THE S WITCH 3-174 CLI – The following example sho ws how to assign WRR weights to eac h of the priority queues . Layer 3/4 Priority Se ttings Mapping Layer 3/4 Prio rities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements . T raffic priorities can be spe cifie[...]
-
Página 223
C LASS OF S ER VICE C ONFIGURATION 3-175 Selecting IP Precedence/DSCP Priority The switch allows you to choos e be tween using IP Precedence or DSCP priority . Select one of the me thods or disable this feature. Command Attributes • Disabled – Disables both priority services . (This is the default setting.) • IP Precedence – Maps layer 3/4 [...]
-
Página 224
C ONFIGURING THE S WITCH 3-176 Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. • Class of Service Value – Maps a CoS value to the selected IP Precedence value. Note that “0” represents low priority and “7” represent high priority. We b – Click Priority , IP Prece dence Priority . Select an e[...]
-
Página 225
C LASS OF S ER VICE C ONFIGURATION 3-177 CLI – The following example globally enables IP Precedence ser vice on the switch, maps IP Precedence valu e 1 to CoS v alue 0 (on por t 1), and then displa ys the IP Precedence settings . Note: Mapping speci fic values for IP Prec edence is implemented a s an interface configuration command, but any chang[...]
-
Página 226
C ONFIGURING THE S WITCH 3-178 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. • Class of Service Value – Maps a CoS value to the selected DSCP Priority value. Note that “0” represents low priority and “7” represent high priority. We b – Click Priority , IP DSCP Priori ty . Select an entr y from the [...]
-
Página 227
C LASS OF S ER VICE C ONFIGURATION 3-179 CLI – The following example globally enables DSCP Priority ser vice on the switch, maps DSCP v alue 0 to CoS value 1 (on por t 1), and then displays the DSCP Priority settings. Note: Mapping specific values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the [...]
-
Página 228
C ONFIGURING THE S WITCH 3-180 We b – Click Priority , IP Port Priority Status . Set IP P o rt P riority Status to Enabled. Figure 3-79 IP Port Priority Status Click Priority , IP P or t Priority . Enter the port number for a netw ork application in the IP P or t Number box and the new CoS value in the Class of Ser vice box, and then click Apply [...]
-
Página 229
C LASS OF S ER VICE C ONFIGURATION 3-181 CLI – The following example globally enables IP P or t Priority ser vice on the switch, maps HTTP traffic on por t 5 to CoS value 0, and then displays all the IP P or t Priority settings for that por t. Note: Mapping specific values for IP Port Priority is implement ed as an interface configuration command[...]
-
Página 230
C ONFIGURING THE S WITCH 3-182 • CoS Priority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) • ACL CoS Priority Mapping – Displays the configured information. We b – Click Priority , ACL CoS Priority . Enable mapping for any por t, select an A CL from the scroll-down list, then click Add. Figure 3-81 ACL CoS Priority C[...]
-
Página 231
M ULTICAST F ILTERING 3-183 Multicast Filtering Multicasting is used to support real-time applications such as videoconf erencing or streaming audio . A multicast ser ver does not hav e to establish a separate connection with each client. It merely broadcasts its ser vice to the netw ork, and any hosts that wa nt to receive the multicast regist er [...]
-
Página 232
C ONFIGURING THE S WITCH 3-184 Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If mult icast routing is not supported on other switches in y our network, you can use IGMP Snooping and Quer y (page 3-184) to monitor IGMP ser vice requests passing between multicast clients and ser vers , and dynamically c onfigure the switch ports which[...]
-
Página 233
M ULTICAST F ILTERING 3-185 • IGMP Querier – A router, or multic ast-enabled sw itch, can periodically ask their hosts if they wa nt to receive multicast traffic. If there is more than one router/s witch on the LAN performing IP multicasti ng, one of these devi ces is elected “queri er” and assumes the role of querying the LAN for grou p me[...]
-
Página 234
C ONFIGURING THE S WITCH 3-186 • IGMP Version — Sets the protocol vers ion for compatibility with other devices on the network. (Range: 1-2; Default: 2) Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. We b – Click IGMP Snoopi[...]
-
Página 235
M ULTICAST F ILTERING 3-187 CLI – This example modifies the settings fo r multicast filt ering, and then display s the current status . Displaying Interfaces Atta ched t o a Mul ticast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP , along with a mu lticast routing protocol such as D VMRP or P[...]
-
Página 236
C ONFIGURING THE S WITCH 3-188 We b – Click IGMP Snooping, Multicast Router P ort Infor m ation. Select the required VLAN ID from the scroll-down list to display the associated mul ti ca st r ou te rs. Figure 3-83 Multicast Router Port Information CLI – This exam ple shows that P ort 11 ha s been statically configured as a port attached to a m [...]
-
Página 237
M ULTICAST F ILTERING 3-189 • VLAN ID – Selects the VLAN to propa gate all multicast traffic coming from the attached multicast router. • Port or Trunk – Specifi es the interface atta ched to a multicast router. We b – Click IGMP Snooping, Static Mult icast Router P ort Configuration. Specify the interfaces attached to a m ulticast router[...]
-
Página 238
C ONFIGURING THE S WITCH 3-190 • Multicast Group Port List – Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service. We b – Click IGMP Snooping, IP Multic ast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from the scroll-down lists . T he switch w[...]
-
Página 239
M ULTICAST F ILTERING 3-191 Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Quer y messages as descri bed in “Configuring IGMP snooping and Quer y P arameters” on page 3-133. F or cer tain applications that require tighter control, you may need to statically configure a m ulti[...]
-
Página 240
C ONFIGURING THE S WITCH 3-192 We b – Click IGMP Snooping, IGMP Member Port T able. Specif y the interface attached to a m ulticast ser v ice (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast ser vice, specify the multicast IP address , and click Add. After you hav e completed adding ports to th[...]
-
Página 241
4-1 C HAPTER 4 C OMMAND L INE I NTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manag ement interf ace for the switch ov er a direct connection to the ser ver’ s console por t, or via a T elnet connection, the switch can be managed by entering comma[...]
-
Página 242
C OMMAND L INE I NTERFACE 4-2 After connecting to the system throug h the console port, the login screen displays: Telnet Connection T el net operates over the IP transpor t protocol. In this environment, your management station and any network de vice you want to manage over the network m ust have a v alid IP address . V alid IP addresses consist [...]
-
Página 243
U SING THE C OMMAN D L INE I NTERFACE 4-3 2. At the prompt, enter the user name and system password. The CLI will display the “Vty- n #” prompt for the administra tor to show that you are using privileged access mode (i.e ., Privileged Exec), or “Vt y - n >” for the guest to sho w that you are using nor mal access mode (i.e ., Nor mal Ex[...]
-
Página 244
C OMMAND L INE I NTERFACE 4-4 Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keyw ords and arguments . Keywords identify a command, and argu ments specif y configuration parameters. F or example, in the command “show interfaces status ethernet 1/5, ” show interfaces and st[...]
-
Página 245
E NTERING C OMMANDS 4-5 Command Completion If you ter minate input with a T ab key , the CLI will print the remaining characters of a partial keyw ord up to the point of ambiguity . In the “log ging histor y” example, typing log follo wed by a tab w ill result in printing the command up to “ logging .” Getting Help on Commands Y ou can disp[...]
-
Página 246
C OMMAND L INE I NTERFACE 4-6 Showing Commands If you enter a “?” at the command prompt, the system will display the first level of ke y words for the current command class (Nor mal Exec or Privileged Exec) or conf ig uration class (Gl obal, A CL, Interface, Line or VLAN Database). Y ou can also display a list of va lid keywords for a specific [...]
-
Página 247
E NTERING C OMMANDS 4-7 The command “ show interfaces ? ” will display the following informati on: Partial Keyword Lookup If you t e r minate a partial keyw ord with a question mark, alt e rnatives t hat match the initial letters are pro vided. (Remember not to leave a space between the command and question mark.) F or exam ple “ s? ” shows[...]
-
Página 248
C OMMAND L INE I NTERFACE 4-8 Understanding Command Modes The command se t is divided into Ex ec and Configuration classes. Exec commands generally display infor mation on system status or clear statistical counters . Configuration commands , on the other hand, modify interface para meters or enable cert ain switching functions . These classes are [...]
-
Página 249
E NTERING C OMMANDS 4-9 T o enter Privileged Exec mode, enter the following user names and passwords : Configuration Commands Configuration commands are privileged level commands used to modify switch settings . T hese commands mo dify the running configuration only and are not sav ed when the switch is rebooted. T o store the r unning configuratio[...]
-
Página 250
C OMMAND L INE I NTERFACE 4-10 • VLAN Configuration - Includes the command to create VLAN groups. T o enter the Global Configurat ion mode , enter the command config ure in Privileged Exec mode. T he system prompt will change to “Console(config)#” which gi ves you access p rivilege to all Global Configu ration comma nds. T o enter the ot her [...]
-
Página 251
E NTERING C OMMANDS 4-11 Command Line Processing Commands are not case sensiti ve. Y ou can abbreviate commands and parameters as long as they contain e nough le tters to differentiate them from any other cur rently av ailable co mmands or parameters . Y ou can use the T ab key to comple te par tial commands , or enter a partial command followed b [...]
-
Página 252
C OMMAND L INE I NTERFACE 4-12 Command Groups The system commands can be broken do wn into the functional g roups shown belo w . Table 4-4 Command Groups Command Group Description Page Line Sets commu nication parame ters for the serial port and Telnet, including baud rate and console time-out 4-14 General Basic commands for entering privileged acc[...]
-
Página 253
C OMMAND G RO UP S 4-13 The acce ss mode shown in the following tables is indicated by these abbreviations: NE (Nor mal Exec) PE (Privileged Exec) GC (Global Configuration) ACL (Access Control List Configuration) IC (Interface Configuration) LC (Line Configuration) VC (VLAN Database Configuration) Address Table Configures the address table for filt[...]
-
Página 254
C OMMAND L INE I NTERFACE 4-14 Line Commands Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the ser ver’ s serial port. These commands ar e used to set communication pa rameters for the se rial port or T elnet (i.e., a virtual ter mina l). Table 4-5 Line Commands Command Function Mode Page line Identi[...]
-
Página 255
L INE C OMMANDS 4-15 line This command id entifies a specific lin e for configuration, and to process subsequent line configuration commands . Syntax line { console | vty } • console - Console te rminal li ne. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line. Command Mode Global Configu[...]
-
Página 256
C OMMAND L INE I NTERFACE 4-16 login This command e nables password c hecking at login. Use the no for m to disable password checking and allo w connections without a password. Syntax login [ local ] no login local - Selects local passw ord checki ng . Authentication is based on the user name specified with the username command. Default Setting log[...]
-
Página 257
L INE C OMMANDS 4-17 Example Related Commands username (4-35) password (4-17) password This command spec ifies the password for a line . Use the no for m to remov e the password. Syntax passw ord { 0 | 7 } password no pass word •{ 0 | 7 } - 0 means plain password, 7 means encrypted password • password - Character string that specifies the line [...]
-
Página 258
C OMMAND L INE I NTERFACE 4-18 configuration file from a TFTP serv er. There is no need for y ou to manually con figure encrypted passwords. Example Related Commands login (4-16) passw ord-thresh (4-20) timeout login response This command sets the inter val that the system waits for a user to log into the CLI. Use the no for m to restore the defaul[...]
-
Página 259
L INE C OMMANDS 4-19 Example T o set the timeout to two min utes, enter this command: Related Commands silent-time (4-21) exec-timeout (4-14) exec-timeout This command sets the inter val that the system waits until user input is detected. Use the no for m to restore the defa ult. Syntax exec-timeout [ seconds ] no exec-timeout seconds - Integer tha[...]
-
Página 260
C OMMAND L INE I NTERFACE 4-20 Example T o set the timeout to two min utes, enter this command: Related Commands silent-time (4-21) timeout login response (4-13) password-thresh This command sets the password intr usion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold val u e. Syntax passw ord-thr [...]
-
Página 261
L INE C OMMANDS 4-21 Example T o set the passw ord threshold to fi ve attempts , enter this command: Related Commands silent-time (4-21) timeout login response (4-13) silent-time This command sets the amount of time the management console is inaccessible after the number of unsu ccessful logon attem pts ex c eeds the threshold set by the pass word-[...]
-
Página 262
C OMMAND L INE I NTERFACE 4-22 databits This command sets the number of data bits per character that are interpreted and ge nerated by the console port. Use the no form to restore the default value. Syntax databits { 7 | 8 } no databits • 7 - Seven data bi ts per character. • 8 - Eight data bits per char acter. Default Setting 8 data bits per c[...]
-
Página 263
L INE C OMMANDS 4-23 parity This command de fines the genera tion of a parity bit. Use the no for m to restore the defaul t setting. Syntax parity { none | even | odd } no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols pro vided [...]
-
Página 264
C OMMAND L INE I NTERFACE 4-24 Default Setting 9600 Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the dev ice connected to the serial port. Some baud rates availa ble on devices connected to the port might not be suppor ted. The system in dicates if the speed you selected is not supported. Example T o specify[...]
-
Página 265
L INE C OMMANDS 4-25 disconnect This command ter minates an SSH, T e lnet, or console connection. Syntax disconnect session-id sessio n-id – The se ssion identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection. Specif[...]
-
Página 266
C OMMAND L INE I NTERFACE 4-26 Example T o show all lines , enter this command: General Commands Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 VTY configuration: Password threshold: 3 times Interacti[...]
-
Página 267
G ENERAL C OMMANDS 4-27 enable This command activates Privileged Exec mode. In privileg ed mode, additional comm ands are available, and certain comman ds display additional infor mation. See “Und erstanding Command Modes” on page 4-8. Syntax enab le [ le vel ] level - Privilege level to log into the device . The device has two predefined pri v[...]
-
Página 268
C OMMAND L INE I NTERFACE 4-28 disable This command retur ns to Nor mal Exec mode from pri vileg ed mode. In nor mal access mode, y ou can only di splay basic infor mation on the switch's configuration or Ethernet statistics . T o g ain access to all commands, y ou must use the privileged mode. See “Understanding Command Modes” on page 4-8[...]
-
Página 269
G ENERAL C OMMANDS 4-29 Example Related Commands end (4-30) show history This command shows the contents of the command histor y buffer . Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The histor y buffer size is fixed at 10 Ex ecution commands and 10 Configuration commands . Example In this example, the sho w histor[...]
-
Página 270
C OMMAND L INE I NTERFACE 4-30 The ! command repeats commands from the Ex ecution command histor y buffer when y ou are in Norm al Ex ec or Privileged Ex ec Mode, and commands from the Configuration co mmand h i story buffer when you are in any of the configuration modes . In this example, the !2 command repeats the second command in the Ex ecution[...]
-
Página 271
G ENERAL C OMMANDS 4-31 Command Mode Global Configuration, Interface Configuration, Line C onfiguration, and VLAN Database Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: exit This comm and return s to the previous configuration mode or exit the configuration prog ram. Defau[...]
-
Página 272
C OMMAND L INE I NTERFACE 4-32 Command Mode Nor mal Exec , Privileged Exec Command Usage The quit and exit commands can both exit the configuration prog ram. Example This example shows ho w to quit a CLI session: System Management Commands These commands are used to control sy stem logs , passwords , user names, browser configuration options , and [...]
-
Página 273
S YSTEM M ANAGEMENT C OMMANDS 4-33 Device Designation Commands prompt This command customizes the CLI prompt. Use the no for m to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configuration Example Sy[...]
-
Página 274
C OMMAND L INE I NTERFACE 4-34 hostname This command spec ifies or modifies th e host name for this devi ce. Use the no for m to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maxim um length: 255 characters) Default Setting None Command Mode Global Configuration Example User Access Commands The basic[...]
-
Página 275
S YSTEM M ANAGEMENT C OMMANDS 4-35 username This command adds nam ed users , requires authentication at login, specifies or changes a user's password (or spec ify that no password is required), or specifies or change s a user's access level. Use the no form to remov e a user name. Syntax user name name { access-level level | nopassw ord |[...]
-
Página 276
C OMMAND L INE I NTERFACE 4-36 Command Usage The en cr ypted password is requir ed for compatibility with leg acy passw ord settings (i.e ., plain text or encr ypted) when reading the configuration file duri ng system bootup or when downloading the configuration file from a TFTP se r ver . There is no need for you to manually configure encry pted p[...]
-
Página 277
S YSTEM M ANAGEMENT C OMMANDS 4-37 Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-27). • The encrypted password is required for compatibility with le gacy password settings (i.e., plain text or encrypted) when readin[...]
-
Página 278
C OMMAND L INE I NTERFACE 4-38 management This command spec ifies the client IP address es that are al lowed management access to the switch th rough va rious protocols. Use the no for m to restore the default setting . Syntax [ no ] mana gement { all-client | ht tp-client | snmp-client | telnet-client } start-address [ end-address ] • all-client[...]
-
Página 279
S YSTEM M ANAGEMENT C OMMANDS 4-39 • You can delete an address range just by specifying the start address, or by specifying both the start address and end address. Example This example restr icts management access to the i ndicated addresses . show management This comm and displays the client IP addresse s that are allowed management access to th[...]
-
Página 280
C OMMAND L INE I NTERFACE 4-40 Example Web Server Commands Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address --------------------------------------- -------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address --------------------------------------[...]
-
Página 281
S YSTEM M ANAGEMENT C OMMANDS 4-41 ip http port This command spec ifies the TCP port number used by the web bro wser interface. Use the no form to use the default port. Syntax ip http por t port-num ber no ip http por t port-number - The TCP por t to be used by the browser in terface. (Range: 1-65535) Default Setting 80 Command Mode Global Configur[...]
-
Página 282
C OMMAND L INE I NTERFACE 4-42 Example Related Commands ip http port (4-41) ip http secure-server This command enables the secure hy pertext transfer protocol (HTTPS) ov er the Secure Soc ket Layer (SSL), providing se cure access (i.e ., an encr ypted connection) to the switch’ s web interface. Use the no for m to disable this function. Syntax [ [...]
-
Página 283
S YSTEM M ANAGEMENT C OMMANDS 4-43 • A padlock icon should appear in th e status bar for Internet Explorer 5.x and Netscape Navigator 6.2 or later versions. • The following web browsers and operating systems currently support HTTPS: • To specify a secure-site certific ate, see “Replacing the Defaul t Secure-site Certificate” on page 4-56.[...]
-
Página 284
C OMMAND L INE I NTERFACE 4-44 Command Mode Global Configuration Command Usage • You cannot configure the HTTP an d HTTPS servers to use the same port. • If you change the HTTPS port number , clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https:// device : port_number Example Related C[...]
-
Página 285
S YSTEM M ANAGEMENT C OMMANDS 4-45 Default Setting 23 Command Mode Global Configuration Example Related Commands ip telnet ser ver (4-45) ip telnet server This comm and allows this device to be monitored or configured from T elnet. Use the no for m to disable this function. Syntax [ no ] ip telnet ser ver Default Setting Enabled Command Mode Global[...]
-
Página 286
C OMMAND L INE I NTERFACE 4-46 Secure Shell Commands The Berkle y-standard includes remote access tools originally designed for Unix systems . Some of these tools hav e also been implemented for Microsoft Windows and other envir onments . These tools, including commands such as rlo g in (remote login), rs h (rem ote shell), and rcp (remote copy), a[...]
-
Página 287
S YSTEM M ANAGEMENT C OMMANDS 4-47 The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then the password can be a uthenticate d either locally or via a RADIUS or T ACA CS+ remote authentication server, as specified by the authentication login command on [...]
-
Página 288
C OMMAND L INE I NTERFACE 4-48 2. Provide Host Public Key to Clie nts – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An entr y for a public key in the kn[...]
-
Página 289
S YSTEM M ANAGEMENT C OMMANDS 4-49 a. The cli ent sends its public key to the switch. b. The switch compares the client's publ ic key to those stored in memor y . c. If a match is found, the switc h uses the publ ic key to encrypt a random sequence of bytes , and sends this string to the client. d. The client uses its private k ey to decrypt t[...]
-
Página 290
C OMMAND L INE I NTERFACE 4-50 • You must generate the host key before enabling the SSH serv er. Example Related Commands ip ssh crypto host-key generate (4-53) show ssh (4-55) ip ssh timeout This command configures the timeout for the SSH ser ver . Use the no for m to restore the default setting . Syntax ip ssh timeout seconds no ip ssh timeout [...]
-
Página 291
S YSTEM M ANAGEMENT C OMMANDS 4-51 Related Commands exec-timeout (4-19) show ip ssh (4-55) ip ssh authentication-retries This command configures the number of times the SSH ser ver a ttempts to reauthenticate a user . Use the no form to restore the defa ult setting . Syntax ip ssh authentication-retries count no ip ssh authentication-retries count [...]
-
Página 292
C OMMAND L INE I NTERFACE 4-52 Default Setting 768 bits Command Mode Global Configuration Command Usage • The server key is a privat e key that is never shared outside the switch . • The host key is shared with the SS H clie nt, and is fixed at 102 4 bits. Example delete public-key This command delete s the specified us er’ s public key . Syn[...]
-
Página 293
S YSTEM M ANAGEMENT C OMMANDS 4-53 ip ssh crypto host-key generate This command g enerates the host key pair (i.e., public and priv ate). Syntax ip ssh cr ypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) key type. Default Setting Generates both the DSA and RSA key pairs . Command Mode Privileged[...]
-
Página 294
C OMMAND L INE I NTERFACE 4-54 ip ssh crypto zeroize This command clear s the host key from memor y (i.e. RAM ). Syntax ip ssh cr ypto zeroize [ dsa | rs a ] • dsa – DSA key type. • rsa – RSA key type. Default Setting Clears both the DSA and RSA key . Command Mode Privileged Exec Command Usage • This command clears the host key fr om vola[...]
-
Página 295
S YSTEM M ANAGEMENT C OMMANDS 4-55 Default Setting Sav es both the DSA and RSA key . Command Mode Privileged Exec Example Related Commands ip ssh crypto host-key generate (4-53) show ip ssh This command displays the connection settings used when authenticating client access to the SSH ser ver . Command Mode Privileged Exec Example show ssh This com[...]
-
Página 296
C OMMAND L INE I NTERFACE 4-56 Table 4-16 show ssh - display description Field Description Session The sess ion number. ( Range: 0-3) Version The Secure Sh ell ve rsion numb er. State The a uthentication negotiation state. (Values: Negotiation-Started, Authentication-Started, Session-Started) Username The user name of the c lient. Encryption The en[...]
-
Página 297
S YSTEM M ANAGEMENT C OMMANDS 4-57 show public-key This command shows the public k ey fo r the specified user or for the host. Syntax show public-k ey [ user [ user name ]| host ] user name – Name of an SSH us er . (Rang e: 1-8 characters) Default Setting Shows all public k e ys . Command Mode Privileged Exec Command Usage • If no parameters ar[...]
-
Página 298
C OMMAND L INE I NTERFACE 4-58 Example Console#show public-key host Host: RSA: 1024 35 156849954018676692593339467750546173253 1367489083654725415020245593 199868544358361651999923329781766065830 9586108259132128902337654680 172627257141342876294130119619556678259 5664104869574278881462065194 174677298486546861571773939016477935594 2303577413098022[...]
-
Página 299
S YSTEM M ANAGEMENT C OMMANDS 4-59 Event Logging Commands logging on This command controls log ging of error messag es , sending debug or er ror messages to switch memor y . The no for m disables the log ging process. Syntax [ no ] log ging on Default Setting None Command Mode Global Configuration Command Usage The log ging process controls error m[...]
-
Página 300
C OMMAND L INE I NTERFACE 4-60 Example Related Commands log ging histor y (4-60) clear log ging (4-6 4) logging history This command limits syslog messages sav ed to switch memory based on severity . The no for m retur ns the log ging of syslog messages to the default level. Syntax log ging histor y { fl a s h | ram } level no log ging histor y { f[...]
-
Página 301
S YSTEM M ANAGEMENT C OMMANDS 4-61 Default Setting Flash: er rors (level 3 - 0) RAM: warnings (level 6 - 0) Command Mode Global Configuration Command Usage The me ssage level specified for f lash memor y must be a higher priority (i.e., numerically low er) than that specifie d for RAM. Example logging host This comm and adds a syslog ser ver host I[...]
-
Página 302
C OMMAND L INE I NTERFACE 4-62 Command Usage • By using this command more than once you can build up a list of host IP addresses. • The maximum numbe r of host IP addresses allowed is five. Example logging facility This command sets the facili ty type fo r remote log ging of syslog messages . Use the no form to return the type to the default. S[...]
-
Página 303
S YSTEM M ANAGEMENT C OMMANDS 4-63 logging trap This command enables the log ging of system messages to a remote ser ver , or limits the syslog messages sav ed to a remote ser ver based on seve rity . Use this command withou t a specified le vel to enable remote log ging. Use the no for m to disable remote log g ing . Syntax log ging trap [ le vel [...]
-
Página 304
C OMMAND L INE I NTERFACE 4-64 clear logging This command c lears messages from the log buffer . Syntax clear log ging [ fla sh | ram ] • flash - Event history stored in fl ash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i .e., memory flushed on power reset). Default Setting Flash and RAM Command Mode Privile[...]
-
Página 305
S YSTEM M ANAGEMENT C OMMANDS 4-65 Default Setting None Command Mode Privileged Exec Example The following example shows that system logg ing is enabled, the message level for flash memor y is “er rors” (i.e., default lev el 3 - 0), the messag e level for RAM is “informational” (i.e., default level 6 - 0). Console#show logging flash Syslog [...]
-
Página 306
C OMMAND L INE I NTERFACE 4-66 The following example displays se ttings for the trap f unction. Related Commands show log ging sendmail (4-71) Console#show logging trap Syslog logging: Enabled REMOTELOG status: Enabled REMOTELOG facility type: local use 7 REMOTELOG level type: Informatio nal messages only REMOTELOG server IP address: 0.0.0.0 REMOTE[...]
-
Página 307
S YSTEM M ANAGEMENT C OMMANDS 4-67 show log This command disp lays the system a nd event me ssag es stored in mem or y . Syntax show log { fl as h | ram } [ lo gin ] [ tail ] • flash - Event history stored in fl ash memory (i .e., permanent memory). • ram - Event history stored in temporary RAM (i .e., memory flushed on power reset). • tail -[...]
-
Página 308
C OMMAND L INE I NTERFACE 4-68 SMTP Alert Commands These commands config ure SMTP event handling, and forwarding of alert messages to the specified SMTP ser vers and email recipients . logging sendmail host This command specifies SMTP ser vers that will be sent aler t messages . Use the no form to remo ve an SMTP server . Syntax [ no ] log ging sen[...]
-
Página 309
S YSTEM M ANAGEMENT C OMMANDS 4-69 • To send email alerts, the switch fi rst opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection. • To open a connection, the switch first selects the server that successfully sent mail during the la st connection, or the first server configured by thi[...]
-
Página 310
C OMMAND L INE I NTERFACE 4-70 logging sendmail source-email This command sets the email address used for the “From” fi eld in alert messages. Use the no for m to delete the source email ad dress . Syntax [no] log ging sendmail source-e mail email-address email-address - The source email address used in alert messag es. (Range: 0-41 characters)[...]
-
Página 311
S YSTEM M ANAGEMENT C OMMANDS 4-71 Command Mode Global Configuration Command Usage Y ou can specify up to fi ve recipients for aler t messages . Howev er, y ou must enter a separate command to spe cify each recipient. Example logging sendmail This command e nables SMTP event handling . Use the no for m to disable this function. Syntax [ no ] loggin[...]
-
Página 312
C OMMAND L INE I NTERFACE 4-72 Example Time Commands The system clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP). Maintaining an accurate time o n the switch enables the s ystem log to record meani ngful dates and times for event entries . If the clock is not set, the switch will only record the time from the [...]
-
Página 313
S YSTEM M ANAGEMENT C OMMANDS 4-73 sntp client This co mmand enables SNT P client requests for time synchronization from NTP or SNTP time se rvers specifi ed with the sntp ser vers command. Use the no for m to disable SNTP client requests . Syntax [ no ] sntp client Default Setting Disabled Command Mode Global Configuration Command Usage • The ti[...]
-
Página 314
C OMMAND L INE I NTERFACE 4-74 sntp server This command sets the IP address of the ser ver s to which SNTP time requests are issued. Use the this comm and with no arguments to clear al l time ser vers from the current list. Syntax sntp ser ver [ ip1 [ ip2 [ ip3 ]]] ip - I P a d d r e s s o f a t i m e s e rv e r ( N T P o r S N T P ) . (Range: 1-3 [...]
-
Página 315
S YSTEM M ANAGEMENT C OMMANDS 4-75 sntp poll This command sets the inter v al betw een sending time requests when the switch is set to SNTP client mode. Use the no for m to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Inter val betw een time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode Globa[...]
-
Página 316
C OMMAND L INE I NTERFACE 4-76 Example clock timezone This command sets the ti me zone for the switch’ s internal clock. Syntax clock timezone name hour hours minute minutes { befor e-utc | after-utc } • name - Name of timezone, usually an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 0-12 hours) • mi[...]
-
Página 317
S YSTEM M ANAGEMENT C OMMANDS 4-77 Example Related Commands show sntp (4-75) calendar set This command sets the sy stem clock. It may be used if there is no time ser ver on your netw ork, or if you ha ve not configured the switch to receive signals from a time server . Syntax calendar set hour min sec { day month year | mont h day year } • hour -[...]
-
Página 318
C OMMAND L INE I NTERFACE 4-78 show calendar This command displa ys the system clock. Default Setting None Command Mode Nor mal Exec , Privileged Exec Example System Status Commands Console#show calendar 15:12:45 April 1 2004 Console# Table 4-23 System Status Commands Command Function Mode Page show startup-c onfig Displays the conten ts of the con[...]
-
Página 319
S YSTEM M ANAGEMENT C OMMANDS 4-79 show startup-config This command displays the configuration file stored in non-volatile memor y that is used to start up the system. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the inform ation in running memory[...]
-
Página 320
C OMMAND L INE I NTERFACE 4-80 Example Related Commands show running-config (4-81) Console#show startup-config building startup-config, please wait... .. ! ! username admin access-level 15 username admin password 0 admin ! username guest access-level 0 username guest password 0 guest ! enable password level 15 0 super ! snmp-server community public[...]
-
Página 321
S YSTEM M ANAGEMENT C OMMANDS 4-81 show running-config This comm and displays the configur ation infor mation cur rently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the inform ation in running memory to the information stored in non-volat[...]
-
Página 322
C OMMAND L INE I NTERFACE 4-82 Example Related Commands show startup-config (4-79) Console#show running-config building running-config, please wait... .. ! phymap 00-30-f1-d3-26-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 ! clock timezone hours 0 minute 0 after- UTC ! SNMP-server community private rw SNMP-server community public ro ! ! username admin [...]
-
Página 323
S YSTEM M ANAGEMENT C OMMANDS 4-83 show system This command di splays system infor mation. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage • For a description of the items sh own by this command, refer to “Displaying System Info rmation” on page -11. • The POST results should all display “PASS.” If any POS[...]
-
Página 324
C OMMAND L INE I NTERFACE 4-84 show users Shows all activ e consol e and T elnet sessions, including user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., ses s ion) index[...]
-
Página 325
S YSTEM M ANAGEMENT C OMMANDS 4-85 Command Mode Nor mal Exec , Privileged Exec Command Usage See “Displaying Switch Hardware/S oftware V ersions” on pag e 3-13 for detailed infor mation on the items displayed by this command. Example Frame Size Commands jumbo fram e This command enables support for jumbo frames . Use the no for m to disable it.[...]
-
Página 326
C OMMAND L INE I NTERFACE 4-86 Command Mode Global Configuration Command Usage • This switch provides more efficient throughput f or large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared t o standard Ethernet fr ames that run only up to 1.5 KB, using jumbo frames significantly reduce s the per-packet overhead requi[...]
-
Página 327
F LASH /F ILE C OMMANDS 4-87 copy This comm and moves (upload/download ) a code image or configuration file between the switc h’ s flash memor y and a TFTP ser ver . When you sav e the system code or configuration settin gs to a file on a TFTP ser ver , that file can later be downloaded to the sw itch to restore system operation. The success of t[...]
-
Página 328
C OMMAND L INE I NTERFACE 4-88 Command Mode Privileged Exec Command Usage • The system prompts for data re quired to comple te the copy command. • The destination file name should not contain slashes ( or /), the leading letter of the file name s hould not be a period (.), and the maximum length for file names on th e TFTP server is 127 charac[...]
-
Página 329
F LASH /F ILE C OMMANDS 4-89 Example The following exam ple shows ho w to up load the configuration settings to a file on the TFTP ser ver : The foll owing example shows how to c opy the running configuration to a startup file. The following example shows how to download a configuration file: This example sho ws how to copy a secu re-site cer tific[...]
-
Página 330
C OMMAND L INE I NTERFACE 4-90 This example shows how to copy a pub li c - k e y u s e d b y S S H f r o m a n T FT P ser ver . Note that public key authen tication via SSH is only supported for users configured locally on the switch: delete This command de letes a file or image. Syntax delete [ unit :] filename filename - Name of the configuration[...]
-
Página 331
F LASH /F ILE C OMMANDS 4-91 Example This example shows ho w to delete th e test2.cfg configuration file from flash memor y for unit 1. Related Commands dir (4-91) delete public-key (4-52) dir This command di splays a list of files in flash memor y . Syntax dir [ unit :] {{ boot-rom: | config : | opcode: } [: filename ]} The type of file or image t[...]
-
Página 332
C OMMAND L INE I NTERFACE 4-92 • File information is shown below: Example The following example shows how to displa y all file infor mation: whichboot This command displays which files were booted when the system pow ered up . Syntax whichboot Default Setting None Command Mode Privileged Exec Table 4-26 File Directory Information Column Heading D[...]
-
Página 333
F LASH /F ILE C OMMANDS 4-93 Example This example shows the information displa yed by the whichboot command. See the table u nder the dir command for a description of the file infor mation displayed by this command. boot system This command specifies the image used to star t up the system. Syntax boot system [ unit :] { boot-r om | config | opcode [...]
-
Página 334
C OMMAND L INE I NTERFACE 4-94 Example Related Commands dir (4-91) whichboot (4-92) Authentication Commands Y ou can configure thi s switch to authenti cate users log ging into the syst em for management acc ess using local or RADIUS authentication methods . Y ou can also enable por t-based authentication for netw ork client access using IEEE 802.1[...]
-
Página 335
A UTHENTICATION C OMMANDS 4-95 authentication login This command de fines the login auth entication method and precede nce. Use the no for m to restore the default. Syntax authentication login {[ local ] [ radius ] [ tacacs ]} no authentication login • local - Use local password. • radius - Use RADIUS server password. • tacacs - Use TACACS se[...]
-
Página 336
C OMMAND L INE I NTERFACE 4-96 Example Related Commands username - for setting the local user names and passwords (4-35) authentication enable This command defines th e authentication method and pr ecedence to use when changing from Exec command mode to Pri v ileged Exec command mode with the enable command (see pag e 4-27). Use the no for m to res[...]
-
Página 337
A UTHENTICATION C OMMANDS 4-97 • You can specify three authe nticati on methods in a single command to indicate the authentication sequence . For example, if you enter “ authentication enable radius tacacs local ,” the user na me and password on the RADIUS server is verified first. If the RADIUS server is not a vailable, then authent ication [...]
-
Página 338
C OMMAND L INE I NTERFACE 4-98 radius-server host This command spec ifies primar y and backup RADIUS ser vers and authentication parameters that apply to each server . Use the no for m to restore th e default val ues. Syntax [ no ] radius-ser ver index host { host_ip_addr ess | host_alias } [ auth-por t auth_port ] [ timeout timeout ] [ retra nsmit[...]
-
Página 339
A UTHENTICATION C OMMANDS 4-99 radius-server port This command sets the RADIUS ser ver netw ork por t. Use the no form to restore the default. Syntax radius-ser ver por t port_number no radius-ser ver port port_number - RADIUS ser ver UDP por t used for authentication messages. (Ran g e: 1-65535) Default Setting 1812 Command Mode Global Configurati[...]
-
Página 340
C OMMAND L INE I NTERFACE 4-100 Example radius-server retransmit This command sets the number of retries . Use the no for m to restore the default. Syntax radius-ser ver retransmit number_of_retries no radius-ser ver retransmit number_of_retries - Number of times the switch will try to authenticate log on access via th e RADIUS ser ver . (Range: 1-[...]
-
Página 341
A UTHENTICATION C OMMANDS 4-101 Command Mode Global Configuration Example show radius-server This command di splays the current settings for the RADIUS ser ver . Default Setting None Command Mode Privileged Exec Example Console(config)#radius-server timeout 10 Console(config)# Console#show radius-server Remote RADIUS server configuration: Global se[...]
-
Página 342
C OMMAND L INE I NTERFACE 4-102 TACACS+ Client T er minal Access Controller Access Control System (TA CA CS+) is a log on authentication protocol that uses soft w are r unning on a central ser ver to control access to T ACA CS-aware devices on the netw ork. An authentication ser ver cont ains a database of m ult iple user name/password pairs with a[...]
-
Página 343
A UTHENTICATION C OMMANDS 4-103 tacacs-server port This command spec ifies the TA CACS+ server netw ork por t. Use the no for m to restore the default. Syntax tacacs-ser ver por t port_number no ta cacs-server port port_number - TA CA CS+ ser ver TCP por t used for authentication messages. (Ran g e: 1-65535) Default Setting 49 Command Mode Global C[...]
-
Página 344
C OMMAND L INE I NTERFACE 4-104 Example show tacacs-server This command di splays the current settings for the TA CACS+ ser ver . Default Setting None Command Mode Privileged Exec Example Port Security Commands These commands can be used to enable por t security on a port. W hen using port security , the switch stops learning new MA C addresses on [...]
-
Página 345
A UTHENTICATION C OMMANDS 4-105 port security This command enables or configur es por t security . Use the no form without any keyw ords to disable port security . Use the no for m with the appropriate keyw ord to restore the default settings for a response to security violation or for the maxi mum nu m ber of allow e d addresses . Syntax por t sec[...]
-
Página 346
C OMMAND L INE I NTERFACE 4-106 Command Usage • If you enable port security, the switc h stops lear ning new MA C addresses on t he specified port wh en it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dy namic or st atic address table will be accepted. • First use the port security m[...]
-
Página 347
A UTHENTICATION C OMMANDS 4-107 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x ) por t-based access control that prevents unauthorized access to the netw ork by requiring users to first submit credentials for au thentication. Client authentication is controlled centrally by a RADIUS ser ver using EAP (Extensible A uthentication P[...]
-
Página 348
C OMMAND L INE I NTERFACE 4-108 dot1x system-auth-control This command enables 802.1X por t auth entication globally on the switch. Use the no form to restore the default. Syntax [ no ] system-auth-control Default Setting Disabled Command Mode Global Configuration Example dot1x default This command sets all configurable do t1x global and port setti[...]
-
Página 349
A UTHENTICATION C OMMANDS 4-109 dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/i dent ity packet to the clie nt before it times out the authentica tion session. Use the no for m to restor e the default. Syntax dot1x max-req count no dot1x max-req count – The maximum number of requests (R[...]
-
Página 350
C OMMAND L INE I NTERFACE 4-110 Default force-authorized Command Mode Interface Configuration Example dot1x operation-mode This command allows single or multiple hosts (cli ents) to connect to an 802.1X-authorized port. Use the no for m with no keyw ords to restore the default to single host. Use the no f or m with the mult i-host max-count keyw or[...]
-
Página 351
A UTHENTICATION C OMMANDS 4-111 • In “multi-host” mode, only one host connected to a port needs to pass authentication for all other hosts to be gra nted network access. Similarly, a port can become unauthor ized for all hosts if one attached host fails re-authentication or sends an EAPOL logoff message. Example dot1x re-authenticate This com[...]
-
Página 352
C OMMAND L INE I NTERFACE 4-112 Example dot1x timeout quiet-period This co mmand sets the time that a swit ch port waits after th e Max Request Count has been exceeded before attemp ting to acquire a new client. Use the no for m to reset the default. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period seconds - T he number of se[...]
-
Página 353
A UTHENTICATION C OMMANDS 4-113 Command Mode Interface Configuration Example dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-tra nsmi tting an EAP packet. Use the no for m to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-peri[...]
-
Página 354
C OMMAND L INE I NTERFACE 4-114 show dot1x This command shows general por t auth entication related settings on the switch or a specific interface. Syntax show dot1x [ statistics ] [ interface interf ace ] • statistics - Displays dot1x s tatus for each port. •i n t e r f a c e • ether net unit / port - unit - Stack unit. (This is unit 1) - po[...]
-
Página 355
A UTHENTICATION C OMMANDS 4-115 - tx-period – Time a port waits during authentication session before re-trans mitting EAP packet (page 4-113). - supplicant-timeout – Supplicant timeout. - server-timeout – Server timeout. - reauth-max – Maximum number of re authentica tion attempts. - max-req – Maximum n u mber of times a port will retrans[...]
-
Página 356
C OMMAND L INE I NTERFACE 4-116 from the Authentication Server. • Reauthentication State Machine - State – Current state (including init ialize, reauthenticate). Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthor[...]
-
Página 357
A CCESS C ONTR OL L IST C OMMANDS 4-117 Access Control List Commands Access Control Lists (A CL) provide packet filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control co de) or any frames (based on MA C address or Ether net type). To filter pack ets, first create an access list, add the requ ired rules and[...]
-
Página 358
C OMMAND L INE I NTERFACE 4-118 • This switch supports ACLs for in gress filtering only. You can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering. In other words, only two ACLs can be bound to an interface - Ingress IP ACL and Ingress MAC ACL. The order in which active ACLs are c he ck e d is as follows: 1. User-def[...]
-
Página 359
A CCESS C ONTR OL L IST C OMMANDS 4-119 access-list ip This command adds an IP access list and enters configuratio n mode for standard or extend ed IP A CLs . Use the no for m to remove the specified AC L . Syntax [ no ] access-list ip { standard | extended } acl _name • standard – Specifies an ACL that filters packets based on the source IP ad[...]
-
Página 360
C OMMAND L INE I NTERFACE 4-120 Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To cr eate an ACL, you must add at least one rule to the list. • To remove a rule , use the no permit or no deny command followed by the exact text[...]
-
Página 361
A CCESS C ONTR OL L IST C OMMANDS 4-121 Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing f our integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with th[...]
-
Página 362
C OMMAND L INE I NTERFACE 4-122 permit , deny (Extended ACL) This command adds a r ule to an Extended IP A CL. T he r ule sets a filter condition for packets with specific so urce or destination IP addresses , protocol types , source or destination protocol ports, or TCP control codes . Use the no f orm t o r e mo v e a rul e . Syntax [ no ] { per [...]
-
Página 363
A CCESS C ONTR OL L IST C OMMANDS 4-123 Default Setting None Command Mode Extended A CL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing f our integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicat[...]
-
Página 364
C OMMAND L INE I NTERFACE 4-124 Example This example accepts any incoming pac kets if the source address is within subnet 10.7.1.x. F or ex ample, if the rule is matched; i.e., the r ule (10.7.1.0 & 255.255.255.0) equals the masked ad dress (10.7.1.2 & 255.255.255.0), the pac ket passes throug h. This allows TCP pack ets from cl ass C addre[...]
-
Página 365
A CCESS C ONTR OL L IST C OMMANDS 4-125 Example Related Commands per mit, deny 4-120 ip access-g roup (4-125) ip access-group This command binds a por t to an IP A CL. Use the no f o r m to r e m ove t h e port. Syntax [ no ] ip access-gr oup acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that thi[...]
-
Página 366
C OMMAND L INE I NTERFACE 4-126 Example Related Commands show ip access-list (4-124) show ip access-group This command shows the ports assigned to IP ACLs. Command Mode Privileged Exec Example Related Commands ip access-group (4-12 5) map access-list ip This command sets the output queue for pac kets matching an A CL r ule. The speci fied CoS value[...]
-
Página 367
A CCESS C ONTR OL L IST C OMMANDS 4-127 Command Mode Interface Configuration (Ethernet) Command Usage A pack et matching a rule within the specified A CL is mapped to one of the output queues as shown in the follo w ing table. F or infor mation on mapping the CoS values to output queues , see queue cos-map on page 4-226 . Example Related Commands q[...]
-
Página 368
C OMMAND L INE I NTERFACE 4-128 Example Related Commands map access-list ip (4-126) MAC ACLs access-list mac This command adds a MA C access list and ent ers MAC A CL configuration mode. Use the no form to remov e the specified A CL. Syntax [ no ] access-list mac acl_name acl_name – Name of the A CL. (Maximum length: 16 characters) Console#show m[...]
-
Página 369
A CCESS C ONTR OL L IST C OMMANDS 4-129 Default Setting None Command Mode Global Configuration Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To cr eate an ACL, you must add at least one rule to the list. • To remove a rule , [...]
-
Página 370
C OMMAND L INE I NTERFACE 4-130 permit , deny (MAC ACL) This command adds a r ule to a MA C A CL. T he r ule filters packets matching a specified MA C source or dest ination address (i.e., ph ysical layer address), or Ethernet protocol type. Use the no f orm t o r e mo v e a rul e . Syntax [ no ] { per mit | deny } { any | host source | source addr[...]
-
Página 371
A CCESS C ONTR OL L IST C OMMANDS 4-131 • A detailed listing of Ethernet pr otocol types can be found in RFC 1060. A few of the more common types include the following: • 0800 - IP • 0806 - ARP • 8137 - IPX Example This r ule per mits pack ets from any so urce MAC address to the destination address 00-e0-29-94-34-de where the Ether net type[...]
-
Página 372
C OMMAND L INE I NTERFACE 4-132 mac access-group This command binds a port to a MA C ACL. Use the no for m to remove the por t. Syntax mac access-gr oup acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this list applies to ingress packets. Default Setting None Command Mode Interface Configurati[...]
-
Página 373
A CCESS C ONTR OL L IST C OMMANDS 4-133 Related Commands mac access-g roup (4-132) map access-list mac This command sets the output queue for pac kets matching an A CL r ule. The specifi ed CoS value is only used to map the matching pack et to an output queue; it is not writte n to the pac ket itself. Use the no for m to remov e the CoS mapping . S[...]
-
Página 374
C OMMAND L INE I NTERFACE 4-134 Related Commands queue cos-map (4-226) show map access-list mac (4-134) show map access-list mac This command shows the CoS v alue mapped to a MA C A CL for the cur rent interface. (The CoS value dete r mines the output queu e for packets matching an A C L r ule.) Syntax show map access-list mac [ interface ] interfa[...]
-
Página 375
A CCESS C ONTR OL L IST C OMMANDS 4-135 ACL Information show access-list This command shows all A C Ls and asso ciated r ules , as well as all the user -defined masks . Command Mode Privileged Exec Command Usage Once the A C L is bound to an interfac e (i.e., the A CL is ac tiv e ), the order in which the r ules are displayed is deter mined by the [...]
-
Página 376
C OMMAND L INE I NTERFACE 4-136 show access-group This command shows the port assignments of A CLs . Command Mode Pr ivi le g ed Exe cu tive Example SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protoc ol (SNMP), as well as the er ror ty pes sent to trap manag ers . Console#show access-gro[...]
-
Página 377
SNMP C OMMANDS 4-137 snmp-server community This command defines the comm unity access string for the Simple Network Management Protocol. Use the no form t o remove the specified community string . Syntax snmp-ser ver community string [ ro | rw ] no snmp-ser ver community string • string - Community str ing that acts like a password and perm its a[...]
-
Página 378
C OMMAND L INE I NTERFACE 4-138 snmp-server contact This command sets the system contact string. Use the no form to remove the system contact infor mation. Syntax snmp-ser ver contact string no snmp-server contact string - String that describes the system contact infor mation. (Maximum length: 255 characters) Default Setting None Command Mode Globa[...]
-
Página 379
SNMP C OMMANDS 4-139 Command Mode Global Configuration Example Related Commands snmp-ser ver contact (4-138) snmp-server host This command specifie s the recipien t of a Simple Netw ork Management Protocol notificati on operation. Use the no form to re mov e the spec ified host. Syntax snmp-ser ver host host-add r community-string [ ver si o n { 1 [...]
-
Página 380
C OMMAND L INE I NTERFACE 4-140 Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-serve r host command. In order to enable multiple hosts, you must issue a separate snmp-server hos t command for each host. •T h[...]
-
Página 381
SNMP C OMMANDS 4-141 snmp-server enable traps This comm and enables this device to send Simple Network Management Protocol traps (SNMP not ifications). Use the no for m to disable SNMP notifications . Syntax [ no ] snmp-ser ver enable traps [ authentication | link-up-down ] • authentication - Keyword to issue authentication fail ure traps. • li[...]
-
Página 382
C OMMAND L INE I NTERFACE 4-142 show snmp This command c hecks the status of S N MP comm unications . Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage This command provides infor mation on the community access strings, counter infor mation for SNMP input and output protocol data units , and whether or not SNMP log ging[...]
-
Página 383
SNMP C OMMANDS 4-143 Example Console#show snmp SNMP traps: Authentication: enabled Link-up-down: enabled SNMP communities: 1. alpha, and the privilege is read- write 2. private, and the privilege is rea d-write 3. public, and the privilege is read -only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for [...]
-
Página 384
C OMMAND L INE I NTERFACE 4-144 Interface Commands These commands are used to display or set communication parameters for an Ethernet por t, ag g reg ated link, or VLAN . Table 4-40 Interface Commands Command Function Mode Page interface Configures an interf ace type and enters interface configuration mode GC 4-145 description Adds a descriptio n t[...]
-
Página 385
I NTERFACE C OMMANDS 4-145 interface This command configures an interfa ce type and enter interface configuration mode. Use the no for m to remov e a tr unk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel ch[...]
-
Página 386
C OMMAND L INE I NTERFACE 4-146 Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 24. speed-duplex This command configures the speed an d duplex mode of a given interface when autoneg otiation is disabled. Use the no for m to restore the default. Syntax speed-[...]
-
Página 387
I NTERFACE C OMMANDS 4-147 • When using the negotiation command to e nable auto- negotiation, the optimal settings will be de termined by the capabilities command. To set the speed/duplex mode unde r auto-negotiation, the required mode must be specified in the capabilities list for an interface. Example The following example configures por t 5 to[...]
-
Página 388
C OMMAND L INE I NTERFACE 4-148 Example The following example configures port 11 to use autoneg otiation. Related Commands capabilities (4-148) speed-duplex (4-146) capabilities This command advertises the port capabilities of a giv en interface during autoneg otiation. Use the no f o r m w i t h p a r a m e t e r s t o r e m o v e a n a d ve r t i[...]
-
Página 389
I NTERFACE C OMMANDS 4-149 Command Usage When auto-neg otiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and fl o w c o nt r ol commands. Example The followin[...]
-
Página 390
C OMMAND L INE I NTERFACE 4-150 • To force flow control on or off (with the flowcontr ol or no flowcontrol command ), use the no negotiation command to disable auto-negotiation on the selected interface. • When using the negotiation command to enable auto-negotiation, the optimal settings will be de termined by the capabilities command. To enab[...]
-
Página 391
I NTERFACE C OMMANDS 4-151 Command Usage This command allows you to disabl e a port due to abnor mal behavior (e.g ., excessi ve collisions), and then reenable it afte r the problem has been resolv ed. Y ou may a lso want to disable a por t for security reasons. Example The following example disables port 5. switchport broadcast packet-rate This co[...]
-
Página 392
C OMMAND L INE I NTERFACE 4-152 Example The following shows how to config ure broadcast storm control at 600 packets per second: clear counters This command clear s statistics on an in terface. Syntax clear counter s interface interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-chann[...]
-
Página 393
I NTERFACE C OMMANDS 4-153 show interfaces status This command displays the status for an interface . Syntax show interfaces s tatus [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (Range: 1-4) • vlan vlan-id (Range: 1-4094) Default Setting Show[...]
-
Página 394
C OMMAND L INE I NTERFACE 4-154 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (Range: 1-4) Default Setting Shows the counters f or all[...]
-
Página 395
I NTERFACE C OMMANDS 4-155 Command Usage If no interface is specified, inform ation on all interfaces is displayed. F or a description of the items displayed by this comma nd, see “Showing P ort Statistics” on pag e 3-114. Example Console#show interfaces counte rs ethernet 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output: 1965[...]
-
Página 396
C OMMAND L INE I NTERFACE 4-156 show interfaces switchport This command displays the administrativ e and operational status of the specified interfaces. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (Range: 1-4)[...]
-
Página 397
I NTERFACE C OMMANDS 4-157 Table 4-41 Interfaces Switchport Statistics Field Description Broadcast threshold Shows if broadcast storm suppression is enabled o r disabled; if enabled it also shows th e threshold level (page 4-151). Lacp status Shows if Link Aggregation Con trol Protocol has been enabled or disabled (page 4-166 ). Ingress/Egress rate[...]
-
Página 398
C OMMAND L INE I NTERFACE 4-158 Mirror Port Commands This section describes how to mir ror tr affic from a source port to a targ et port. port monitor This command configures a mir ror session. Use the no for m to clear a mir ror session. Syntax por t monitor interface [ rx | tx ] no por t monitor interface • interface - ethernet unit / port (sou[...]
-
Página 399
M IR R OR P ORT C OMMANDS 4-159 • The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port. • You can only create a single mirror session. Example The following example conf igures the switch to mirror receiv ed packets from port 6 to 11: show port monitor This comm and displays mirr or infor [...]
-
Página 400
C OMMAND L INE I NTERFACE 4-160 Example The following shows mirroring configured from port 6 to port 11: Rate Limit Commands This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is configured on interfaces at the edge of a netw ork to limit traffic into or out of t[...]
-
Página 401
R ATE L IMIT C OMMANDS 4-161 rate-limit Use this command to define the ra te lim it lev el for a specific interface . Use this command without spec ifying a rate to restore the default rate limit level. Use the no form to restore the default status of disabled. Syntax rate-limit { input | output } level [ rate ] no rate-limit { input | output } •[...]
-
Página 402
C OMMAND L INE I NTERFACE 4-162 rate-limit granularity Use this command to define the rate lim it granularity for the F ast Ethernet ports, and the Gigabit Ethernet por ts . Use the no for m of this command to restore the default setting . Syntax rate-limit { fastethe r net | gigabitethernet } g ranularity [ granularit y ] no rate-limit { fastether[...]
-
Página 403
R ATE L IMIT C OMMANDS 4-163 show rate-limit Use this command to display the rate limit g ranularity . Default Setting F ast Ether net interface – 3.3 Mbps Gigabit Ether net interface – 33.3 Mbps Command Mode Privileged Exec Command Usage • For Fast Ethernet inte rfaces, the rate limit granularity is 512 Kbps, 1 Mbps, or 3.3 Mbps. • For Gig[...]
-
Página 404
C OMMAND L INE I NTERFACE 4-164 Link Aggregation Commands P or ts can be statically grouped into an ag g regate link (i.e., trunk) to increase the bandwidth of a netw or k connection or to ensure fault recov er y . Or you can use t he Link Ag g reg ation Control Protocol (LA CP) to automatically negotiate a trunk link between this switch and anothe[...]
-
Página 405
L INK A GG RE G A T I O N C OMMANDS 4-165 Guidelines for Creating Trunks General Guidelines – • Finish configuring port trunks be fore you connect the corresponding network cables between switch es to avoid creating a loop. • A trunk can have up to eight ports. • The ports at both ends of a connect ion must be configured as trunk ports. •[...]
-
Página 406
C OMMAND L INE I NTERFACE 4-166 channel-group This comm and adds a por t to a tr unk. Use the no for m to remov e a port from a tr unk. Syntax channel-gr oup channel-id no channel-group channel-id - T r unk index (Range: 1-4) Default Setting The cur rent por t will be ad ded to this tr unk. Command Mode Interface Configuration (Ethernet) Command Us[...]
-
Página 407
L INK A GG RE G A T I O N C OMMANDS 4-167 Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP trunk must be c onfigured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next avai lable port-channel ID. • [...]
-
Página 408
C OMMAND L INE I NTERFACE 4-168 Example The following shows LA CP enabled on por ts 11-13. Because LA CP has also been enabled on the ports at the other end of the links , the show interfaces status por t-channel 1 command shows that T r unk 1 has been established. Console(config)#interface ethernet 1/11 Console(config-if)#lacp Console(config-if)#e[...]
-
Página 409
L INK A GG RE G A T I O N C OMMANDS 4-169 lacp system-priority This command configures a por t's LA CP system priority . Use the no form to restore the default setting . Syntax lacp { actor | par tner } sy stem-priority priority no lacp { actor | partner } system-priority • actor - The local side an aggregate link. • partner - The remote s[...]
-
Página 410
C OMMAND L INE I NTERFACE 4-170 lacp admin-key (Ethernet Interface) This command configures a por t's LA CP administration key . Use the no for m to restore the default setting . Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-key • actor - The local side an aggregate link. • partner - The remote side[...]
-
Página 411
L INK A GG RE G A T I O N C OMMANDS 4-171 lacp admin-key (Port Channel) This command configures a port ch annel's LA CP administration key string . Use the no for m to re store the default setting. Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-key key - The por t channel admin k ey is u sed to identify [...]
-
Página 412
C OMMAND L INE I NTERFACE 4-172 lacp port-priority This command configur es LA CP por t priority . Use the no for m to res tor e the default setting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | partner } por t-priority • actor - The local side an aggregate link. • partner - The remote side of an agg regate link. [...]
-
Página 413
L INK A GG RE G A T I O N C OMMANDS 4-173 show lacp This command di splays LA CP infor mation. Syntax show lacp [ port-channel ] { counter s | inter nal | neighbors | sysid } • port-channel - Local identifier for a link aggregation group. (Range: 1-4) • counters - Statistics for LACP protocol messages. • inter nal - Configuration se ttings an[...]
-
Página 414
C OMMAND L INE I NTERFACE 4-174 Example Console#show lacp 1 counters Port channel : 1 --------------------------------------- ---------------------------- Eth 1/ 1 --------------------------------------- ---------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LACPDUs Illegal [...]
-
Página 415
L INK A GG RE G A T I O N C OMMANDS 4-175 Console#show lacp 1 internal Port channel : 1 --------------------------------------- ---------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 --------------------------------------- ---------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin K[...]
-
Página 416
C OMMAND L INE I NTERFACE 4-176 Admin State, Oper State Administrati ve or operational values of th e actor’s state parameters: • Expired – The actor’s rece ive ma chine is in the expired state; • Defaulted – The actor’s receive mach ine is using defaulted operational partner informat ion, administratively confi gured for the partner.[...]
-
Página 417
L INK A GG RE G A T I O N C OMMANDS 4-177 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------------- ---------------------------- Eth 1/1 --------------------------------------- ---------------------------- Partner Admin System ID : 32768, 00-0 0-00-00-00-00 Partner Oper System ID : 32768, 00-00 -00-00-00-01 Part[...]
-
Página 418
C OMMAND L INE I NTERFACE 4-178 Address Table Commands These commands are use d to config ure the address table for filtering specified addresses, displa y ing cur rent en tries, clearing the table , or setting the aging time. Console#show lacp sysid Port Channel System Priority Sys tem MAC Address --------------------------------------- ----------[...]
-
Página 419
A DDR ESS T ABLE C OMMANDS 4-179 mac-address-table static This command maps a static address to a destination por t in a VLAN . Use the no for m to remove an address . Syntax mac-address-table static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table static mac-address vlan vlan-id • mac-address - MAC address. • inter[...]
-
Página 420
C OMMAND L INE I NTERFACE 4-180 • A static address cannot be learned on another port until the address is removed with the no form of this command. Example clear mac-address-table dynamic This comm and remov e s any learned entr ies from the forwarding database and clear s the transmit and rece ive coun ts for any static or sy stem configured ent[...]
-
Página 421
A DDR ESS T ABLE C OMMANDS 4-181 Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains th e MAC addresses a ssociated with each interface. Note that the Type field m ay include the following types: - Learned - Dynami c address entries - Permanent - Static entry - Delete-on-reset - Sta t ic entry t o be d[...]
-
Página 422
C OMMAND L INE I NTERFACE 4-182 Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding infor mation. Example show mac-address-table aging-time This command shows the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Exa[...]
-
Página 423
S PANNING T RE E C OMMANDS 4-183 Spanning Tree Commands This section i ncludes commands th at configure the Spanning T ree Alg orithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. Table 4-50 Spanning Tr ee Commands Command Function Mode Page spanning-tree En ables the spanni ng tree protocol GC 4 -184 [...]
-
Página 424
C OMMAND L INE I NTERFACE 4-184 spanning-tree This command enables the Spanning T ree Algorithm globally for the switch. Use the no form to disable it. Syntax [ no ] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tr ee Alg orithm (ST A) ca n be used to dete ct and disable network[...]
-
Página 425
S PANNING T RE E C OMMANDS 4-185 spanning-tree mode This command selects the spanning tr ee mode for this swit ch. Use the no for m to restore the default. Syntax spanning-tree mode { stp | rstp } no spanning-tree mode • stp - Spanning Tree Pr otocol (IEEE 802.1D) • rstp - Rapid Spanning Tree Protocol (IEEE 802.1w) Default Setting rstp Command [...]
-
Página 426
C OMMAND L INE I NTERFACE 4-186 spanning-tree forward-time This command configures the spanning tree br idge f orw ard time globally for this switch. Use the no for m to restore the default. Syntax spanning-tree forw ard- time seconds no spanning-tree forw ard- time seconds - Time in seconds . (Range: 4 - 30 seconds) The minimum value is the higher[...]
-
Página 427
S PANNING T RE E C OMMANDS 4-187 Default Setting 2 seconds Command Mode Global Configuration Command Usage This command sets the time inter val (in seconds) at which the root device transmits a configuration message. Example spanning-tree max-age This command configures the spanning tree bridg e maximum age globally for this switch. Use the no for [...]
-
Página 428
C OMMAND L INE I NTERFACE 4-188 becomes the designated por t for the atta ched LAN . If it is a root port, a new root port is selected from among the device ports at tached to the network. Example spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanni[...]
-
Página 429
S PANNING T RE E C OMMANDS 4-189 spanning-tree pathcost method This command configures the path co st method used for Rapid Spanning T ree. Use the no form to restore the default. Syntax spanning-tree pathcost method { long | shor t } no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 0-200,000,0 00. • short[...]
-
Página 430
C OMMAND L INE I NTERFACE 4-190 Command Mode Global Configuration Command Usage This command lim its the maximum transmission rate for BPDUs. Example spanning-tree spanning-disabled This command disables the spanning tree algorithm for the specified interface. Use the no f or m to reenable the spanning tree algorithm for the specified interface. Sy[...]
-
Página 431
S PANNING T RE E C OMMANDS 4-191 spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range : 1-200,000,000)) The recomme nded range is: • Ethernet: 200,000-20,000,000 • [...]
-
Página 432
C OMMAND L INE I NTERFACE 4-192 spanning-tree port-priority This command configures the priority for the specified int erface. Use the no for m to restore the defa ult. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority priority - The priority for a port. (Rang e: 0-240, in steps of 16) Default Setting 128 Command Mode Int[...]
-
Página 433
S PANNING T RE E C OMMANDS 4-193 Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the [...]
-
Página 434
C OMMAND L INE I NTERFACE 4-194 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/ dis able the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and procee d straight to Forwarding. • Since end-nodes cannot cause forw arding loo[...]
-
Página 435
S PANNING T RE E C OMMANDS 4-195 Default Setting auto Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Specify a point-to-point link if th e interface can only be connecte d to exactly one other br idge, or a shared link if it can be connected to two or more bridges. • When automatic detection is selected , the swit[...]
-
Página 436
C OMMAND L INE I NTERFACE 4-196 Command Usage If at any time the switch detects STP BPDUs, including Configuration or T opolog y Chang e Notification BPDU s , it will automatically set the selected interface to forced STP-compatible mode. Howev er, y o u can also use the spanning-tr ee protocol-migration command at any time to manually re-chec k th[...]
-
Página 437
S PANNING T RE E C OMMANDS 4-197 • For a description of the item s displayed under “Spanning-tree information,” see “Configuring Gl obal Settings” on page 3 -130. For a description of the items displa yed for specific interfaces, see “Displaying Interface Settings” on page 3 -134. Example Console#show spanning-tree Spanning-tree infor[...]
-
Página 438
C OMMAND L INE I NTERFACE 4-198 VLAN Commands A VLAN is a g roup of ports that can be located anywhe re in the network, but communicate as though they bel ong to the same physical segment. This section describes commands used to create VLAN gr oups , add por t members, speci fy how VLAN tag ging is used, and enable automatic VLAN registration for t[...]
-
Página 439
VLAN C OMMANDS 4-199 Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configurat ion cha nges, you can display the VLAN settings by entering the show vlan command. •U s e t h e interface vlan command mode to define the port membership mode and add or remove po[...]
-
Página 440
C OMMAND L INE I NTERFACE 4-200 Default Setting By default only VLAN 1 exists and is active . Command Mode VLAN Database Configuration Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id na me removes the VLAN name. • no vlan vlan-id state r e turns the VLAN to the default state (i.e., act ive). • You can configure up to 255[...]
-
Página 441
VLAN C OMMANDS 4-201 Configuring VLAN Interfaces interface vlan This comm and enters inte rface configuration mode for VLANs, whic h is used to configure VLAN parame ters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN . (Rang e: 1-4094, no leading zeroes) Default Setting None Command Mode Global Configur[...]
-
Página 442
C OMMAND L INE I NTERFACE 4-202 Example The following example shows how to se t the interface conf iguration mode to VLAN 1, and then assign an IP address to the VLAN: Related Commands shutdown (4-150) switchport mode This command configures the VLAN membership mode for a port . Use the no for m to restore the defa ult. Syntax switchport mode { tr [...]
-
Página 443
VLAN C OMMANDS 4-203 Example The following shows how to set the configuration mode to por t 1, and then set the switchport mode to hy brid: Related Commands switchport acceptable-frame-types (4-203) switchport acceptable-frame-types This command configures the acce ptab le frame types for a port. Use the no for m to restore the defa ult. Syntax swi[...]
-
Página 444
C OMMAND L INE I NTERFACE 4-204 Related Commands switchport mode (4-202) switchport ingress-filtering This comm and enables ing ress filtering for an inte rface. Use the no for m to restore the default. Syntax [ no ] switchport ing ress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage ?[...]
-
Página 445
VLAN C OMMANDS 4-205 switchport native vlan This command configures the PVID (i.e ., default VLAN ID) for a port. Use the no for m to restore the default. Syntax switchport nativ e vlan vlan- id no switchport nativ e vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1 Command Mode Interface Configura[...]
-
Página 446
C OMMAND L INE I NTERFACE 4-206 switchport allowed vlan This command configur es VLAN g rou ps on the selected interface. Use the no for m to restore the defa ult. Syntax switchport allowed vlan { add vlan-list [ tagged | untagged ] | remo ve vlan-list } no switchport allowed vlan • add vlan-lis t - List of VLAN identifiers t o add. • remove vl[...]
-
Página 447
VLAN C OMMANDS 4-207 • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows ho w to add VLANs 1, 2, 5 and 6 to the allowed list as tag ged VLANs for por t 1: switchport forbidden vlan This command conf[...]
-
Página 448
C OMMAND L INE I NTERFACE 4-208 Example The following example shows ho w to prevent port 1 from being added to VLAN 3: Displaying VLAN Information show vlan This comm and shows VLAN infor mation. Syntax show vlan [ id vlan-id | name vlan-name | priv ate-vlan private-vl an-type ] • id - Keyword to be follo wed by the VLAN ID. - vlan-id - ID of the[...]
-
Página 449
VLAN C OMMANDS 4-209 Command Mode Nor mal Exec , Privileged Exec Example The following example shows ho w to display infor mation for VLAN 1: Configuring Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN . Th is swit ch supports three types of private VLAN ports: promiscuous, community an[...]
-
Página 450
C OMMAND L INE I NTERFACE 4-210 T o configure pri vate VLANs , follow these steps: 1. Use the priv ate-vl an command to designate one or more isolated or communi ty VLANs and the primary VLAN that will c hannel traffic outside the community groups . 2. Use the priv ate-vlan a ssociation command to map the community VLAN(s) to the primary VLAN . 3. [...]
-
Página 451
VLAN C OMMANDS 4-211 private-vlan Use this command to create a primar y , isolated or community pri vate VLAN . Use the no for m to remov e the specified privat e VLAN . Syntax priv ate-vlan vlan-id { community | primar y | isolated } no priv ate-vlan vlan-id • vlan-id - ID of private VLAN. (Ran ge: 1-4094, no leading zeroes). • community - A V[...]
-
Página 452
C OMMAND L INE I NTERFACE 4-212 Example private vlan association Use this command to associate a primar y VLAN with a secondar y (i.e ., community) VLAN . Use the no for m to remov e all associations for the specified primar y VLAN . Syntax priv ate-vlan primar y-vlan-id association { secondar y-vlan-id | add secondar y-vlan-id | remov e secondar y[...]
-
Página 453
VLAN C OMMANDS 4-213 switchport mode private-vlan Use this command to set the pri vate VLAN mode for an interf ace. Use the no for m to restore the defa ult setting . Syntax switchport mode priv ate-vlan { host | pr omiscuous } no switchport mode priv ate-vlan • host – This port type can subsequent l y b e a s s i g n e d t o a c o m m u n i t [...]
-
Página 454
C OMMAND L INE I NTERFACE 4-214 switchport private-vl an host-association Use this command to associate an in terface wit h a secondar y V LAN . Use the no for m to remove t his association. Syntax switchport priv ate-vlan host-association second ar y-vlan-id no switchport priv ate-vlan host-association secondar y -vlan-id - ID of secondar y (i.e.,[...]
-
Página 455
VLAN C OMMANDS 4-215 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage All ports assigned to an isolated VLAN can pass traffic between group members , but must co mmunicate with resource s outside of the group via a promiscuous port. Example switchport private-vlan mapping Use this command to map an interface to a primar y[...]
-
Página 456
C OMMAND L INE I NTERFACE 4-216 show vlan private-vlan Use this command to show the priv at e VLAN configuration settings on this switch. Syntax show vlan pri vate-vlan [ community | isolate d | primar y ] • community – Displays all community VLANs, along with their associated primary VLAN and assigned hos t interfaces. • isolated – Display[...]
-
Página 457
GVRP AND B RIDGE E XTENSION C OMMANDS 4-217 GVRP and Bridge Extension Commands GARP VLAN Registrati on Protocol defines a way for switc hes to ex chang e VLAN infor mation in orde r to automatic ally regist er VLAN members on interfaces across the netw or k. T his section describes how to enable GVRP for individual interfaces and globally for the s[...]
-
Página 458
C OMMAND L INE I NTERFACE 4-218 Command Mode Global Configuration Command Usage G V R P d e f i n e s a w a y f o r s w i t c h e s t o e x c h an g e V L A N i n f o rm a t i o n i n order to registe r VLAN member s on ports across the network. This function should be enabled to per m it automatic VLAN registr ation, and to support VLANs which ext[...]
-
Página 459
GVRP AND B RIDGE E XTENSION C OMMANDS 4-219 switchport gvrp This co mmand enables GVR P for a por t. Use the no for m to disab le it. Syntax [ no ] s wi t ch p ort g vrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example show gvrp configuration This command shows if GVRP is e nabled. Syntax show gvrp conf[...]
-
Página 460
C OMMAND L INE I NTERFACE 4-220 garp timer This comm and sets the values for the join, leav e and leaveall timers . Use the no for m to restore the timers’ defaul t values . Syntax gar p timer { join | leav e | leaveall } ti mer_value no gar p timer { join | leave | leav eall } •{ join | leave | leaveall } - Which timer to set. • timer_value [...]
-
Página 461
GVRP AND B RIDGE E XTENSION C OMMANDS 4-221 Example Related Commands show garp timer (4-221) show garp timer This comm and shows the GARP timers for the selected interface. Syntax show gar p timer [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (R[...]
-
Página 462
C OMMAND L INE I NTERFACE 4-222 Priority Commands The com mands described in this section allow you to specify which data packets ha ve g reater precedence when tr affic is buffered in the switch due to congestion. T his switch supports CoS with four priority queues for each port. Data packets in a port’ s high- pri ority queue will be transmitte[...]
-
Página 463
P RIORITY C OMMANDS 4-223 queue mode This command sets the queue mode to strict pri ority or W eighted Round-R obin (WRR) for the class of se r vice (CoS) priority queues . Use the no for m to restore the defa ult value . Syntax queue mode { strict | wr r } no queue mo de • strict - Services the egress queues in sequential order, transmitting all[...]
-
Página 464
C OMMAND L INE I NTERFACE 4-224 Example The following ex ample sets the queue mode t o strict priority service mode: switchport priority default This command sets a priority for incoming untag ged frames. Use the no for m to restore the default value . Syntax switchport priority defa ult default-priority-id no switchport priority default default-pr[...]
-
Página 465
P RIORITY C OMMANDS 4-225 Therefore, any inbound fr ames that do not have priority tags will be placed in queue 0 of th e output port. (Note that if the output port is an untagged mem ber of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission.) Example The following example shows ho w to set a default priority on p[...]
-
Página 466
C OMMAND L INE I NTERFACE 4-226 Related Commands show queue bandwidth (4-227) queue cos-map This command assigns cl ass of ser vice (CoS) val ues to the priority qu eues (i.e., hardware output queues 0 - 3). Use the no for m set the CoS map to the defaul t values . Syntax queue cos-map queue_id [ cos1 ... cosn ] no queue cos-map • queue_id - The [...]
-
Página 467
P RIORITY C OMMANDS 4-227 Example The fol lowing example shows ho w to map CoS v alue s 0, 1 and 2 to egre ss queue 0, value 3 to egress queue 1, values 4 and 5 to eg ress queu e 2, and va lues 6 and 7 to eg ress queue 3: Related Commands show queue cos-map (4 -228) show queue mode This command show s the cur rent queue mod e. Default Setting None [...]
-
Página 468
C OMMAND L INE I NTERFACE 4-228 Command Mode Privileged Exec Example show queue cos-map This command shows the class of service priority map . Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (Range: 1-4) Default Setting N[...]
-
Página 469
P RIORITY C OMMANDS 4-229 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP por t mapping (i.e., class of ser vice mapping for TCP/UDP sock ets). Use the no form to disable IP port mapping . Syntax [ no ] map ip por t Table 4-60 Priority Commands (Layer 3 and 4) Command Func tion Mode Page map ip port Enab[...]
-
Página 470
C OMMAND L INE I NTERFACE 4-230 Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP P o rt, IP Preceden ce or IP DSCP , and default switchport priority . Example The following example shows ho w to enable TCP/UDP por t mapping globally: map ip port (Interface Configuration) This command[...]
-
Página 471
P RIORITY C OMMANDS 4-231 Example The following example shows how to map HTTP traffic to CoS value 0: map ip precedence (Global Configuration) This command e nables IP precedence ma pping (i.e., IP T ype of Ser vice). Use the no form to disabl e IP precedence mapping . Syntax [ no ] map ip pr ecedence Default Setting Disabled Command Mode Global Co[...]
-
Página 472
C OMMAND L INE I NTERFACE 4-232 map ip precedence (Interface Configurat ion) This command sets IP prec edence priority (i.e ., IP T ype of Ser vice priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-va lue cos cos-value no map ip precedence • precedence-value - 3-bit precedence value. (Range: 0-7) • [...]
-
Página 473
P RIORITY C OMMANDS 4-233 map ip dscp (Global Configuration) This command e nables IP DSCP mapping (i.e ., Differentiate d Ser vices Code P oint mapping). Use the no for m to disable IP DSCP mapping . Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Port[...]
-
Página 474
C OMMAND L INE I NTERFACE 4-234 Default Setting The DSCP default values are defined in the follo wing table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and def[...]
-
Página 475
P RIORITY C OMMANDS 4-235 show map ip port Use this command to show the IP port priority map . Syntax show map ip port [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Example The follo[...]
-
Página 476
C OMMAND L INE I NTERFACE 4-236 show map ip precedence This co mmand shows the IP precedence priori ty map . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Ex[...]
-
Página 477
P RIORITY C OMMANDS 4-237 show map ip dscp This command shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-52) • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Example Related Command[...]
-
Página 478
C OMMAND L INE I NTERFACE 4-238 Multicast Filtering Commands This switch uses IGMP (Interne t Gr oup Management Protocol) to quer y for any attac hed hosts that w ant to re ceive a spec ific multicast ser vice. It identifies the ports containing hosts requesting a ser vice and sends data out to those ports only . It then propagates the ser vice req[...]
-
Página 479
M ULTICAST F ILTERING C OMMANDS 4-239 ip igmp snooping This command enables IGMP snooping on this switch. Us e the no for m to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping . ip igmp snooping vlan static This command adds a port to a mu lticas[...]
-
Página 480
C OMMAND L INE I NTERFACE 4-240 Command Mode Global Configuration Example The following shows how to statica lly configure a multicast g roup on a port: ip igmp snooping version This command configures the IG MP snooping version. Use the no for m to restore the default. Syntax ip igmp snooping version { 1 | 2 } no ip igmp snooping v er sion • 1 -[...]
-
Página 481
M ULTICAST F ILTERING C OMMANDS 4-241 show ip igmp snooping This command shows the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping and Quer y Pa rameters” on page 3-184 for a description of the displayed items . Example The following shows the cur ren t IGMP snooping confi[...]
-
Página 482
C OMMAND L INE I NTERFACE 4-242 Command Mode Privileged Exec Command Usage Member types displayed includ e IGMP or USER, de pending on selected options. Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: IGMP Query Commands (Layer 2) Console#show mac-address-table multicas t vlan 1 igmp-snooping VLAN M'[...]
-
Página 483
M ULTICAST F ILTERING C OMMANDS 4-243 ip igmp snooping querier This command enables the switch as an IGMP querier . Use the no for m to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will ser ve as querier if elected. The querier is responsible for as[...]
-
Página 484
C OMMAND L INE I NTERFACE 4-244 Command Usage The quer y count defines how long the querier waits for a response from a multicast client before taki ng action. If a querier has sent a number of queries defined by this command, but a client has not responded, a countdown timer is started using the time defined by ip igmp snooping quer y-max- r espon[...]
-
Página 485
M ULTICAST F ILTERING C OMMANDS 4-245 ip igmp snooping query-max-response-time This command configur es the quer y repor t dela y . Use the no for m to restore the default. Syntax ip igmp snooping quer y-max-r esponse-time seconds no ip igmp snooping quer y-max-response-time seconds - The re por t delay adv er tised in IGMP queries . (Rang e: 5-25)[...]
-
Página 486
C OMMAND L INE I NTERFACE 4-246 ip igmp snooping router-port-ex pire-time This command configur es the quer y timeout. Use the no for m to restore the default. Syntax ip igmp snooping router-por t-expire-time seconds no ip igmp snooping router-port-expir e-time seconds - The time the switch waits after the previous querier stops before it considers[...]
-
Página 487
M ULTICAST F ILTERING C OMMANDS 4-247 Static Multicast Routing Commands ip igmp snooping vlan mrouter This comm and statically configures a mult icast router port. Use the no for m to remov e the configuration. Syntax [ no ] ip igmp snooping vlan vlan-id mrouter interface • vlan-id - VLAN ID (Range: 1-4094) • interface - ethernet unit / port - [...]
-
Página 488
C OMMAND L INE I NTERFACE 4-248 Example The following shows how to configure port 11 as a multicast router port within VLAN 1: show ip igmp snooping mrouter This command di splays infor mati on on statically configured and dynamically lear ned multicast router por ts . Syntax show ip igmp snooping mrouter [ vlan vlan-id ] vlan-id - VLAN ID (Range: [...]
-
Página 489
IP I NTERFACE C OMMANDS 4-249 IP Interface Commands An IP addresses ma y be used for ma nagem ent access to the switch ov er your netw ork. The IP address for this switch is obtained via DHCP b y default. Y ou can manually configure a spec ific IP address, or direct the device to obtain an addr ess from a BOOTP or DHCP ser ver when it is pow ered o[...]
-
Página 490
C OMMAND L INE I NTERFACE 4-250 Default Setting DHCP Command Mode Interface Configuration (VLAN) Command Usage • You must assign an I P address to this device to gain management access over the network. You can ma nually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses c on[...]
-
Página 491
IP I NTERFACE C OMMANDS 4-251 ip default-gateway This command e stablishes a static ro ute between this switch and devices that exist on another network segment. Use the no for m to remov e the static route. Syntax ip default-gateway gat ewa y no ip default-gateway gat eway - IP address of the defa ult gateway Default Setting No static route is est[...]
-
Página 492
C OMMAND L INE I NTERFACE 4-252 Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires the server to reassign the client’s last address if available. • If the BOOTP or DHCP server has been moved to a different domain, the net[...]
-
Página 493
IP I NTERFACE C OMMANDS 4-253 show ip redirects This command shows the default gateway confi gured for this device . Default Setting None Command Mode Privileged Exec Example Related Commands show ip interface (4-252) ping This command sends ICMP echo request pack ets to another node on the network. Syntax ping host [ size size ] [ count count ] ?[...]
-
Página 494
C OMMAND L INE I NTERFACE 4-254 Command Usage • Use the ping command to see if another s i te on the network can be reached. • Following are some results of the ping command: - Normal response - The normal response occurs in one to ten seconds, depending on network traffic. - Destination does not res pond - If the host does not respond, a “ti[...]
-
Página 495
A-1 A PPENDI X A S OFTWARE S PECIFICATIONS Software Features Authentication Local, RADIUS , TA CACS , Port (802. 1X), HTTPS , SSH, Port Security Access Control Lists IP , MA C (up to 88 lists) DHCP Client Port Configuration 100B ASE-TX: 10/100 Mbps , half/full duplex 1000B ASE- T : 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex Flo w Co [...]
-
Página 496
S OFTWARE S PECIFICATIONS A-2 Spanning T r ee Algorithm Spanning T ree Protocol (STP , IEEE 802.1D) Rapid Spanning T ree Prot ocol (RSTP , IEEE 802.1w) VLAN Suppor t Up to 255 groups; por t-based or tag g ed (802.1Q), GVRP for automatic VLAN learning, priv ate VLANs Class of Ser vice Supports four levels of priority and W eighted Round R obin Queue[...]
-
Página 497
S OFTWARE S PECIFICATIONS A-3 RMON Groups 1, 2, 3, 9 (Statistics , Histor y , Alar m, Event) Standards IEEE 802.1D Spanning T ree Pr otocol and traffic priorities IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Spanning T ree Protocol IEEE 802.1X Port Authentication IEEE 802.3-2002 Ethernet, Fast Ethernet, Gig abit Ethernet Full-duplex[...]
-
Página 498
S OFTWARE S PECIFICATIONS A-4 Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-lik e MIB (R FC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) F orwarding T able MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP Multicasting related MIBs [...]
-
Página 499
B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connec t using Telnet, web browser, or SNMP software • Be sure the switc h is powered up. • Check network cabling between the managemen t station and the switch. • Check that you have a vali d network co nnection [...]
-
Página 500
T R OUBLESHOOTING B-2 Cannot connec t using Secure Shell • If you cannot connect usin g SSH, you may have exceeded the maximum number of concurrent Te lnet/SSH sessions permitted. Try connecting again at a later time. • Be sure the control paramete rs for the SSH server are properly configure d on the switch, and that the SSH client software is[...]
-
Página 501
U SING S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem y ou encountered is actually caused by the swi tch. If the problem appears to be caused b y the switch, follo w these ste ps: 1. Enable log ging . 2. Set the er ror messag es repor ted to include all categ ories . 3. Designat[...]
-
Página 502
T R OUBLESHOOTING B-4[...]
-
Página 503
Glossary-1 G LOSSARY Access Control List (ACL) A CLs can limit network traffic and re strict access to certain users or devices by c hecking each pack et for certain IP or MAC (i.e., La yer 2) infor mation. Boot Prot ocol (BOOTP) BOOTP is used to provide bootup infor mation for network devices , including IP address infor mation, th e address of th[...]
-
Página 504
G LOSSAR Y Glossary-2 Dynamic Host Control Protocol (DHCP) Provides a framew ork for passing conf iguration infor mation to hosts on a TCP/IP netwo rk. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allo cation of reusable ne twork addresses and additional configuration options . Extensible Authentication Protoc[...]
-
Página 505
G LOSSAR Y Glossary-3 IEEE 802.1D Specifies a general method for the operation of MA C bridg es , including the Spanning T ree Protocol. IEEE 802.1Q VLAN T ag ging—Defines Ethernet frame tags which carr y VLAN infor mation. It allows switches to a ssign endstations to different virtual LANs , and defines a standard wa y for VLANs to communicate a[...]
-
Página 506
G LOSSAR Y Glossary-4 IGMP Query On each subnetw ork, one IGMP-capable devi ce will act as the querier — that is , the device that asks all hosts to repor t on the IP multicast g roups they wish to join or to which they already belong . The elec ted querier will be the device with the lo west IP address in the subnetw ork. Internet Group Manageme[...]
-
Página 507
G LOSSAR Y Glossary-5 Link Aggregation See Port T r unk. Link Ag g regation Contr ol Protocol (LAC P) Allows ports to automatically negotiate a tr unked link with LA CP-configured por ts on another device. Management Infor mation Base (MIB) An acronym for Management Infor mati on Base. It is a set of database objects that contains inform at ion abo[...]
-
Página 508
G LOSSAR Y Glossary-6 Port Mirroring A method whereby data on a targ et por t is mirrored to a monitor port for troubleshooting with a logi c analyzer or RMON probe . T his allows data on the target por t to be studied unobstructively . Port Trunk Defines a network link agg regation and tr unking method which specifies how to create a single high-s[...]
-
Página 509
G LOSSAR Y Glossary-7 Simple Network Management Protocol (SNMP) The application protocol in the Intern et suite of protocols which offers network management services. Simple Network Ti me Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Netw ork Time Protocol (NTP) ser ver . Updates can be requested fr[...]
-
Página 510
G LOSSAR Y Glossary-8 User Datagram Protocol (UDP) UDP provides a dat a gram mode for pa cket-s witched communications . It uses IP as the underlying transpor t mechanism to pro vide access to IP-like ser vices . UDP packets are deli vered ju st like IP pac kets – connection-less datag rams that may be discarded before reaching their targets . UD[...]
-
Página 511
Index-1 Numerics 802.1X, port authentication 3-67 A acceptable fr ame type 3-15 5 , 4-203 Access Cont rol List See ACL ACL Extend ed IP 3-79 , 4-117 , 4-118 , 4-122 MAC 3-80 , 4-117 , 4-128 , 4-128 – 4-131 Standard IP 3-79 , 4-117 , 4-118 , 4-120 address table 3-121 , 4-178 aging time 3-124 , 4-182 B BOOTP 3-19 , 4-248 BPDU 3-125 broadcast storm,[...]
-
Página 512
I NDEX Index-2 G GARP VLAN Regist ration Protocol See GVRP gateway, default 3-18 , 4-250 GVRP global setting 4-216 interface configuration 3-156 , 4-218 GVRP, global se tting 3-146 H hardware version, displaying 3-13 , 4-84 HTTPS 3-54 , 4-42 HTTPS, secure server 3-54 , 4-42 I IEEE 802.1D 3-125 , 4-185 IEEE 802.1w 3-125 , 4-185 IEEE 802.1X 3-67 , 4-[...]
-
Página 513
I NDEX Index-3 P password, line 4-1 7 , 4-18 passwords 2-5 administrator setting 3-48 , 4-35 path cost 3-127 , 3-136 method 3-13 2 , 4-189 STA 3-127 , 3-136 , 4-189 port authentication 3-67 port priority configuring 3-167 , 4-221 default ingress 3-167 , 4-223 STA 3-136 , 4-192 port security, configuring 3 -65 , 4-104 port, statistics 3-114 , 4-154 [...]
-
Página 514
I NDEX Index-4 STA 3-124 , 4-183 edge port 3-137 , 3-140 , 4-192 global settings, configuring 3-130 , 4-184 – 4-189 global settings, displaying 3 -126 , 4-196 interface settings 3-134 , 4-191 – 4-195 , 4-196 link type 3-137 , 3-140 , 4-194 path cost 3-127 , 3-136 , 4-191 path cost method 3-132 , 4 -189 port priority 3-136 , 4-192 protocol migra[...]
-
Página 515
[...]
-
Página 516
38 T esla Irvine, CA 92618 Phone: (949) 679-8 000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. and Canada (2 4 hours a day , 7 days a week) (800) SMC-4-Y OU; Phn: (949) 679 -8000; Fax: (949) 679-1481 From Europe: Contact details can be found on www .smc-europe.com or www .smc.com INTERNET E-mail addresses: techsupport@smc.com european.techsupp ort@sm[...]