SMC Networks TigerSwitch manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto SMC Networks TigerSwitch. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoSMC Networks TigerSwitch vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual SMC Networks TigerSwitch você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual SMC Networks TigerSwitch, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual SMC Networks TigerSwitch deve conte:
- dados técnicos do dispositivo SMC Networks TigerSwitch
- nome do fabricante e ano de fabricação do dispositivo SMC Networks TigerSwitch
- instruções de utilização, regulação e manutenção do dispositivo SMC Networks TigerSwitch
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque SMC Networks TigerSwitch não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos SMC Networks TigerSwitch e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço SMC Networks na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas SMC Networks TigerSwitch, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo SMC Networks TigerSwitch, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual SMC Networks TigerSwitch. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    T igerSwitch 10/100 24-P ort 10/100Mbps Stackable Managed Switch Management Guide ◆ 24 auto-MDI/MDI-X 10B ASE-T/100B ASE-TX ports ◆ 2 Gigabit RJ-45 ports shared with 2 SFP transcei ver slots ◆ 2 Gigabit stacking ports that act as Ethernet ports in standalone mode ◆ Stacks up to 8 units ◆ 12.8 Gbps of aggreg ate bandwidth ◆ Non-blocking [...]

  • Página 2

    [...]

  • Página 3

    38 T esla Irvine, CA 92618 Phone: (949) 679-80 00 T igerSwitch 10/100 Management Guide From SMC’ s Tiger line of feature-rich workgroup LAN solutions November 2004 Pub. # 14910000 5000H[...]

  • Página 4

    Infor mation fur nished by SMC Netw orks, Inc . (SMC) is believed to be accu- rate and reliable . Howe ver, no resp onsib il ity is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use . No license is g ranted by implication or otherwise under any patent or patent rights of [...]

  • Página 5

    i L IMITED W ARRANTY Limited W arranty Statement: SMC Netw orks, Inc . (“SMC”) warr ants its products to be fr ee from defects in workmanship an d materials , under nor mal use an d ser vice, for the applic able warranty ter m. All SMC products car r y a standard 90-day limited warranty from the date of purchase from SMC or its Authoriz ed R es[...]

  • Página 6

    L IMITED W AR RANTY ii WARRANTIES EX CLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS W ARR ANTED ABO VE, CUSTOMER’S SOLE REMEDY SHALL BE REP AIR OR REPLA CEMENT OF THE PRODUCT IN QUESTION , AT SMC’S OPTION . THE FOREGOING W ARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER W ARRANTIES OR CONDITIONS, EXPRESS OR IMPLIE D , EITHER I[...]

  • Página 7

    iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Feature s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Description of Software Fea tures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 System Defaults . . . . . . . . . . . .[...]

  • Página 8

    C ONTENTS iv Displaying Switch Hard ware/Software Vers ions . . . . . . . . . . . 3 -13 Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-15 Setting the Switch’s IP Addr ess . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Manual Configura tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Using DHC[...]

  • Página 9

    C ONTENTS v Filtering Addr esses for Management Access . . . . . . . . . . . . . . . 3-75 Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 -77 Configuring Access Cont rol Lists . . . . . . . . . . . . . . . . . . . . . . . 3-77 Setting the ACL N ame and Type . . . . . . . . . . . . . . . . . . .[...]

  • Página 10

    C ONTENTS vi Displaying Basic VLAN Inform ation . . . . . . . . . . . . . . . 3-147 Displaying Current V LANs . . . . . . . . . . . . . . . . . . . . . . . 3-148 Creating VLA Ns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 Adding Static Members to VLANs ( VLAN Index) . . . . 3-152 Adding Static Membe rs to VLANs (Port Index[...]

  • Página 11

    C ONTENTS vii Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Entering Comm ands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Keywords and Argum ents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Minimum Abbrevia tion . . . . . . . . . . . . . . .[...]

  • Página 12

    C ONTENTS viii quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 32 System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 Device Designation Co mmands . . . . . . . . . . . . . . . . . . . . . . . . 4-33 prompt . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 13

    C ONTENTS ix clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 -64 show log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 SMTP Alert Co mmands . . . . . . . . . . . . . . . . . . . [...]

  • Página 14

    C ONTENTS x RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99 radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 99 radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100 radius-server k ey . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 15

    C ONTENTS xi MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130 access-list ma c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130 permit, deny (MAC ACL) . . . . . . . . . . . . . . . . . . . . . . . . . 4-131 show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 16

    C ONTENTS xii show rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163 Link Aggregation Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164 channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-166 lacp . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 17

    C ONTENTS xiii switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202 switchport acceptable-frame -types . . . . . . . . . . . . . . . . . 4-203 switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-204 switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-205 switchpo[...]

  • Página 18

    C ONTENTS xiv map ip dscp (Inter face Configuration) . . . . . . . . . . . . . . . 4-233 show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-235 show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . 4- 236 show map ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-237 Multicast F[...]

  • Página 19

    C ONTENTS xv Glossary Index[...]

  • Página 20

    C ONTENTS xvi[...]

  • Página 21

    xvii T ABLES Table 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System De faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Table 3-2 Main Menu . . . . . . . . . . . . . . [...]

  • Página 22

    T ABLES xviii Table 4-21 SMTP Alert Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 Table 4-22 Time Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 Table 4-23 System Sta tus Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-78 Table 4-24 Frame Size Comm ands . . . . . . . . . . . . . . . . . . [...]

  • Página 23

    T ABLES xix Table 4-58 Priority Comm ands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-222 Table 4-59 Default CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . 4-226 Table 4-60 Priority Command s (Layer 3 and 4) . . . . . . . . . . . . . . . 4-229 Table 4-61 Mapping IP Precede nce Values . . . . . . . . . . . . . . . . . . . 4-[...]

  • Página 24

    F IGUR ES xx F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 3-3 System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 Figure 3-4 Switch Information . . . . .[...]

  • Página 25

    F IGURES xxi Figure 3-37 ACL Configuration - Extend ed IP . . . . . . . . . . . . . . . . . 3 -83 Figure 3-38 ACL Configuration - MAC . . . . . . . . . . . . . . . . . . . . . . . 3-85 Figure 3-39 Binding a Port to an ACL . . . . . . . . . . . . . . . . . . . . . . . . 3-87 Figure 3-40 Displaying Port/Trunk Information . . . . . . . . . . . . . . .[...]

  • Página 26

    F IGUR ES xxii Figure 3-74 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172 Figure 3-75 Configuring Queue Scheduling . . . . . . . . . . . . . . . . . . 3-173 Figure 3-76 IP Precedence/DSCP Priority St atus . . . . . . . . . . . . . . 3-175 Figure 3-77 Mapping IP Prec edence Priori ty Values . . . . . . . . . . . 3[...]

  • Página 27

    1-1 C HAPTER 1 I NTRODUCTION This switch provides a broad range of featu res for Layer 2 switching. It includes a management agent that allows y ou to configure the features listed in this manual. The default config uration can be used for most of the features provided by this switch. Ho we ver , there are many options that you should configure to [...]

  • Página 28

    I NTR ODUCTION 1-2 Description of Software Features The switch provides a wide range of adva nced perfor mance enhancing features . Flow control eliminate s the loss of pac kets due to bottlenecks caused by port saturation. Broadcast stor m suppression prevents broadcast traffic stor ms from engulfing the netw ork. P or t-based and protocol-based V[...]

  • Página 29

    D ESCRIPTION OF S OFTWARE F EATURES 1-3 Configuration Backup and Restore – Y ou can save the current configuration settings to a file on a TFTP ser ver , and later download this file to restore the switch configuration settings. Authentication – This switch authenticate s managem ent access via the console port, T elnet or web bro wser. User na[...]

  • Página 30

    I NTR ODUCTION 1-4 Rate Limi ting – This featur e controls the maximum rate for tra ffic transmitted or re ceiv e d on an interf ace. Rate limiting is configured on interfaces at the edge of a netw ork to limit traffic into or out of the networ k. T raffic that falls within the ra te limit is transmitted, while packets that ex ceed the acceptable[...]

  • Página 31

    D ESCRIPTION OF S OFTWARE F EATURES 1-5 Store-and-Forw ard Switching – T he switch copies ea ch frame into its memor y before forwarding them to another port. T his ensures that all frames are a s tandard Ether net size and hav e bee n verified for accuracy with the cyclic redundancy check (CR C ). This prevents bad frames from entering the netw [...]

  • Página 32

    I NTR ODUCTION 1-6 switch to res t rict traffic to the VLAN groups to which a us er has been assigned. By segmenting your network into VLANs , you can: • Eliminate broadcast storms which se verely degrade performance in a flat network. • Simplify network management for node changes/moves by remotely configuring VLAN membership for an y port, ra[...]

  • Página 33

    S YSTEM D EFAULTS 1-7 System Defaults The switch’ s system defaults are pr ovided in the configuration file “Factory_Default_Config.cfg .” To reset the switch defaults, this file should be set as the startup configuration file (page 3-23). The following table lists some of the basic system defaults . Table 1-2 System Defaults Function Paramet[...]

  • Página 34

    I NTR ODUCTION 1-8 Web Management HTTP Server Enabled HTTP Port Numb er 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP Community Strings “public” (read on ly) “private” (read/write) Traps Authenticatio n traps: enabled Link-up-down ev ents: enabled Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control[...]

  • Página 35

    S YSTEM D EFAULTS 1-9 Virtual LA Ns Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames GVRP (glo bal) Disabled GVRP (port interface) Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robi n Q ueue: 0 1 2 3 Weight: 1 2 4 6 IP Precedence Priority[...]

  • Página 36

    I NTR ODUCTION 1-10[...]

  • Página 37

    2-1 C HAPTER 2 I NITIAL C ONFIGURATION Connecting to the Switch Configuration Options The switch includes a built-in network management agent. T he agent offers a variety of management options , including SNMP , RMON (Groups 1, 2, 3, 9) and a W eb-based in terface. A PC may also be connected directly to the switch for configurat ion and monitoring [...]

  • Página 38

    I NITIAL C ONFIGURATION 2-2 The switch’ s W eb interface, CLI conf iguration program, and SNMP ag ent allow y ou to perfor m the following manag ement functions: • Set user names and passwords for up to 16 users • Set an IP interface for a mana gement VLAN • Configure SNMP par ameters • Enable/disable any port • Set the speed/duplex mod[...]

  • Página 39

    C ONNECTING TO THE S WITCH 2-3 Attach a VT100-compatible terminal, or a PC r unning a ter minal emulation program to the switch. Y ou can use the console cable provided with this pac kag e, or use a null-mode m cable that complies with the wiring assignments shown in the Installation Guide. T o connect a ter minal to the console port, complete the [...]

  • Página 40

    I NITIAL C ONFIGURATION 2-4 F or a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI command s and detailed infor mation on using the CLI, refer to “Command Groups” on page 4-12. Remote Connections Prior to accessing the switc h’ s onboa rd ag ent via a network connection, you[...]

  • Página 41

    S TACK O PERATIONS 2-5 Stack Operations Up to eight switches can be stac ked togethe r as described in the Installation Guide. One unit in the stac k acts as the Master for configuration tasks and fir mware upgr ade. All of the other units function in Slav e mod e. T o configure any unit in the stack, fi rst verify the u nit number b y counting dow[...]

  • Página 42

    I NITIAL C ONFIGURATION 2-6 Resilient IP Interface for Management Access The stack functions as one integr al system for management and configuration purposes. Y ou can ther efore manage the stack through any IP interface config ured on the stack. The Master unit does not ev en have to include an active port member in the VLAN interface used for ma[...]

  • Página 43

    B ASIC C ONFIGURATION 2-7 3. At the P assw ord prompt, also enter “admin. ” (T he password characters are not displa yed on the console screen.) 4. The session is opened and the CLI displays the “Console#” prompt indicating you ha ve access at the Privileged Exec level. Setting Passwords Note: If this is your firs t time to log into the CLI[...]

  • Página 44

    I NITIAL C ONFIGURATION 2-8 Setting an IP Address Y ou must establish IP address info rmation for the switch to obtain management access through the network. This can be done in either of the following wa ys: Manua l — Y ou have to input the inform ation, including IP address and subnet mask. If your mana gement station is not in the same IP subn[...]

  • Página 45

    B ASIC C ONFIGURATION 2-9 3. T ype “exit” to retur n to the gl obal configuration mo de prompt. Press <Enter>. 4. T o set the IP address of the defau l t gateway for the netw ork to which the switch belongs , ty pe “ip default-gateway gate way , ” where “gateway” is the IP address of the default gateway . Press <Enter>. Dyna[...]

  • Página 46

    I NITIAL C ONFIGURATION 2-10 • To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>. 3. T ype “end” to return to the Privileged Ex ec mode. Press <Enter>. 4. T ype “ip dhcp restart” to begi n broadcasting ser vice requests. Press <Enter>. 5. W ait a few min utes, and then check the IP configur a[...]

  • Página 47

    B ASIC C ONFIGURATION 2-11 Community Strings Community strings are used to cont rol manage ment access to SNMP stations , as well as to author ize SNMP stat ions to receive trap message s from the switch. Y ou therefore need to assign community strings to specified users or user g rou ps , and set the access level. The default strings are: • publ[...]

  • Página 48

    I NITIAL C ONFIGURATION 2-12 Trap Receivers Y ou can also specify SNMP stations that are to receiv e traps from the switch. T o configure a trap receiver , com plete the following steps: 1. From the Pri vileg ed Exec level global conf igurati on mode prompt, type “snmp-ser ver host host-addr ess community-string , ” where “host-address” is [...]

  • Página 49

    M ANAGING S YSTEM F ILES 2-13 2. Enter the name of the star t-up file. Press <Enter>. Managing System Files The switch’ s f lash memor y supports thr ee types of system files that can be managed by the CLI program, W eb inte rface, or SNMP . The switch’ s file system allows files to be uploaded and do wnloade d, copied, deleted, and set a[...]

  • Página 50

    I NITIAL C ONFIGURATION 2-14 Due to the size limit of the flash memor y , the switch supports only two operation code files . Howev er, you can ha ve as many diagnostic code files and configuration files as available flash me mor y space allows . In the system f lash memory , one file of each type must be set as the start-up file. During a system b[...]

  • Página 51

    3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using the Web Interface This switch provides an embedded HTTP W eb agent. Using a W eb browser you can configure the s w itch and view statistics to monitor netw ork activity . The W eb agent can be accessed b y any computer on t he network using a standard W eb browser (I nter net Explorer 5.0 or above , or [...]

  • Página 52

    C ONFIGURING THE S WITCH 3-2 Notes: 1. You are allowed three att e mpts to enter the correct pa ssword; on the third failed attempt the current connection is terminated. 2. If you log into the Web interface as guest (Normal E xec level), you can view the configuration settings or change the guest password. If you log in as “admin” (Privileged E[...]

  • Página 53

    N AVIGATING THE W EB B RO WS E R I NTERFACE 3-3 Navigating the Web Browser Interface T o access the web-bro wser interface you m u st first enter a user name and password. The administrator has R ead/W rite access to all configuration parameters and statistics . The default user na me and passwo rd for the administrator is “admin.” Home Page Wh[...]

  • Página 54

    C ONFIGURING THE S WITCH 3-4 Configuration Options Configurable parameters hav e a dial og box or a drop-down list. Once a configuration change has been made on a page, be sure to clic k on the Apply button to confir m the new settin g . T he following table summarizes the web page configuration buttons . Notes: 1. To ensure proper screen refresh, [...]

  • Página 55

    M AIN M ENU 3-5 Main Menu Using the onboard web agent, you can define system pa rameters , manage and control the switc h, and all its por ts , or monitor network conditions . The following table briefl y describes the selections available from this prog ram. Table 3-2 Main Menu Menu Description Page System 3-11 System Information Provides basic sy[...]

  • Página 56

    C ONFIGURING THE S WITCH 3-6 SNTP 3-42 Configuration Configu res SNTP client setting s, including broadcast mode or a spec ified list of servers 3-42 Clock Time Zone Sets the local time zone for the syst em clock 3-44 SNMP 3-45 Configuration Conf igures co mmunity st rings and related trap functions 3-45 Security 3-48 User Accounts Assigns a new pa[...]

  • Página 57

    M AIN M ENU 3-7 IP Filter Sets IP addresses of clients allowed management ac cess via th e Web, SNMP, and Telnet 3-75 Port 3-88 Port Informatio n Displays po rt connection status 3-88 Trunk Information Display s trunk connec tion status 3-88 Port Configurat ion Configures po rt connecti on settings 3-91 Trunk Configurati on Configu res trunk conn e[...]

  • Página 58

    C ONFIGURING THE S WITCH 3-8 Output Port Conf iguration Sets the output rate limit for each port 3-114 Output Trunk Configurati on Sets the output rate limit for each trunk 3-114 Port Statistics Lists Ethernet and RMON port statistics 3-115 Address Table 3-122 Static Addresses Displ ays entries for interface, address or VLAN 3-122 Dynamic Addresses[...]

  • Página 59

    M AIN M ENU 3-9 Static Membership by Port Configures m embership type for interfaces, including tagged, untagged or forbidden 3-154 Port Configuration Specifies defa ul t PVID and VLAN attributes 3-156 Trunk Config uration Specifies de fault trunk VID and VLA N attributes 3-156 Private VLAN 3-159 Information Displays Private VL AN feat ure informat[...]

  • Página 60

    C ONFIGURING THE S WITCH 3-10 Queue Scheduling Configures Weighted Rou nd Robin queueing 3-173 IP Precedence / DSCP Priority Sta tus Globally selec ts IP Preceden ce or DSCP Priority, or disables bo th. 3-175 IP Precedence Priority Sets IP Type of Ser vice priority, mapping the precedence tag to a c lass-of-service value 3-175 IP DSCP Priority Sets[...]

  • Página 61

    B ASIC C ONFIGURATION 3-11 Basic Configuration Displaying System Information Y ou can easi ly identify the system by displa ying the device name, location and contact infor mation. Field Attributes • System Name – Name ass igned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location ?[...]

  • Página 62

    C ONFIGURING THE S WITCH 3-12 We b – Click System, System Infor mat ion. Specify the system name, location, and contact infor mation for th e syste m administrator , then clic k Apply . (This pag e also includes a T elnet button th at allows access to the Command Line Interface via T elnet.) Figure 3-3 System Information[...]

  • Página 63

    B ASIC C ONFIGURATION 3-13 CLI – Specify the hostname , location and contact infor mation. Displaying Switch Hard ware/Software Versions Use the Switch Information pag e to display hardware/firmware version numb er s fo r the main board and management software, as well as the powe r st atus of the system. Field Attributes Main Board • Serial Nu[...]

  • Página 64

    C ONFIGURING THE S WITCH 3-14 • Internal Power Status – Displays the status of the internal power supply. Management Softw ar e • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that [...]

  • Página 65

    B ASIC C ONFIGURATION 3-15 CLI – Use the following command to display v ersion infor mation. Displaying Bridge Extension Capabilities The Bridg e MIB includes extensions for manag ed devices that support Multicast Filtering, T raffic Classes, and Virtual LANs . Y ou can access these extensions to dis play default settings for the k ey variables .[...]

  • Página 66

    C ONFIGURING THE S WITCH 3-16 • Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID u sed in frame tags) a nd egress status (VLAN-Tagged or Un tagged) on each port. (Refer to “VLAN Configuration” on page 3-142.) • Local VLAN Capable – This switch does not support multiple local bridges outside o[...]

  • Página 67

    B ASIC C ONFIGURATION 3-17 CLI – Enter the follo wing command. Setting the Switch’s IP Address This section describes how to config ure an IP interfa ce for manag ement access over the netw ork. T he IP addr ess for this switch is obtained via DHCP by default. T o manually configure an address , you need to change the switch’ s default settin[...]

  • Página 68

    C ONFIGURING THE S WITCH 3-18 Requests will be broadcast periodically by the swit c h f o r a n I P a d d r e s s . (DHCP/BOOTP values can include the IP address , subnet mask, and default gatewa y.) • IP Address – Address of the VLAN interface that is allowed management access. Valid IP addresse s consist of four numbers, 0 to 255, separated b[...]

  • Página 69

    B ASIC C ONFIGURATION 3-19 CLI – Specify the management inte rfac e, IP address and de fault gateway . Using DHCP/BOOTP If your netw ork provides DHCP/BOO TP ser vices , you can configure the switch to be dynamically configured b y these ser vices . We b – Click System, IP C onfiguration. Specify th e VLAN to which the management station is at [...]

  • Página 70

    C ONFIGURING THE S WITCH 3-20 CLI – Specify the manage ment interface, and set the IP a ddress mode to DHCP or BOOTP , and t hen enter the “ip dhcp restart” command . Rene w ing DC HP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is mov ed to another network segment[...]

  • Página 71

    B ASIC C ONFIGURATION 3-21 Managing Firmware Y ou can upload/download fir mware to or from a TFTP server, o r copy files to and from switch units in a stac k. By saving r untime code to a file on a TFTP ser ver , that file can later be downloaded to the switch to restore operation. Y ou can also set the swit ch to use new firmware without ov erw ri[...]

  • Página 72

    C ONFIGURING THE S WITCH 3-22 Downloading System So ftware from a Server When downloading r untime c ode, you can specify the destination file name to replace the cur rent imag e, or first download the file using a different name from the current r unt ime code file, and then set the new file as the startup file. We b –Click System, File Manageme[...]

  • Página 73

    B ASIC C ONFIGURATION 3-23 If you do wnload to a new destinati on file, g o to the System/File/Set Start-Up menu, mark the operation code file used at startup , and click Apply . T o star t the new fir mware , reboot the system via the System/R eset menu. Figure 3- 9 Select St art-Up Operation Fil e T o delete a file select Syste m, File, Delete . [...]

  • Página 74

    C ONFIGURING THE S WITCH 3-24 CLI – T o do w n l oa d n ew f i rm w ar e f orm a T F T P s erv er , e nt e r th e I P address of the TFTP ser ver , select “opc ode” as the file type, then enter the source and destination file names . W hen the file has finished downloading, set the new file to start up the system, and then res tar t the switc[...]

  • Página 75

    B ASIC C ONFIGURATION 3-25 - running-config to startup-config – Copies the running config to the startup config. - running-config to tftp – Copies the running configuration to a T FTP server. - startup-config to file – Copies the startup configuration to a file on the switch. - startup-config to running-config – Copies the startup config to[...]

  • Página 76

    C ONFIGURING THE S WITCH 3-26 Downloading Configuration Settings from a Server Y ou can download the configuration f ile under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to dire ctly re place it. Note that the file “F actor y_De fault_Config .cfg” can be[...]

  • Página 77

    B ASIC C ONFIGURATION 3-27 If you do wnload to a new file name us ing “tftp to startup-config” or “tftp to file, ” the file is automatically set as the star t-up configuration file. T o use the new settings , reboot the system via the System/R eset menu. Note that you can also sele ct any configuration file as the star t-up configuration by[...]

  • Página 78

    C ONFIGURING THE S WITCH 3-28 Console Port Settings Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the switch’ s se rial console port. Manag ement access through the console port is controlled by v arious parameters, including a password, timeouts , and basic commun ication settings . Th ese parameter[...]

  • Página 79

    B ASIC C ONFIGURATION 3-29 • Speed – Sets the ter minal line’ s baud rate for transmit (to terminal) and receive (from term inal). Set the speed to match the baud rate of the device connected to the serial por t. (Rang e: 9600, 1920 0, 38400, 57600, or 115200 baud, Auto; Default: 9600 bps) • Stop Bits – Sets the number of the stop bit s t[...]

  • Página 80

    C ONFIGURING THE S WITCH 3-30 CLI – Enter Line Configuration mode for the console , then specify the connection parameters as required. T o display the current console por t settings , use the show li ne command from the Normal Exec level. Telnet Settings Y ou can access the onboard configuration prog ram over the netw ork using T elnet (i.e ., a[...]

  • Página 81

    B ASIC C ONFIGURATION 3-31 • Telnet Port Number – Sets the TCP por t number for T elnet on the switch. (Default: 23) • Login Timeout – Sets t he inter val th at the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0-300 seconds;[...]

  • Página 82

    C ONFIGURING THE S WITCH 3-32 We b – Click System, Line , T elnet. Spec ify the connection parameters for T elnet acce ss, then clic k Apply . Figure 3-14 Enabling Telnet CLI – Enter Line Configuration mode for a virtual ter minal, then specify the connection parameters as required. T o display the current vir tual ter minal sett ings , use t h[...]

  • Página 83

    B ASIC C ONFIGURATION 3-33 Configuring Event Logging The switch allows y ou to control the log ging of error messag es, inc luding the type of events that are recorded in switch memory , log ging to a remote System Log (syslog) ser ver , and di splays a list of recent ev e nt message s . System Log Configuration The system allows you to enable or d[...]

  • Página 84

    C ONFIGURING THE S WITCH 3-34 • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all leve ls up to th e specified level. For ex ample, if level 7 is speci fied, all messages from le vel 0 to level 7 wi ll be logged to RAM. (Range: 0-7, Def ault: 6) Note: The Flash Level must be equal to or less than the RAM Level[...]

  • Página 85

    B ASIC C ONFIGURATION 3-35 We b – Click System, Log, System Logs . Specify System Log St atus, set the level of ev ent messages to be log ged to RAM and flash memor y , then click Apply . Figure 3-15 System Logs CLI – Enable system log ging and then specify the level of messages to be log g ed to RAM and flash memor y . Use the sho w logging co[...]

  • Página 86

    C ONFIGURING THE S WITCH 3-36 The facility type is used by the sysl og server to dispatch log messages to an appropriate service. The attribute specifies the facili ty type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be us ed by the syslog server to process mes[...]

  • Página 87

    B ASIC C ONFIGURATION 3-37 We b – Cl ick S ys tem , Lo g, Remot e Lo gs. T o add an I P a ddr ess to t he Hos t IP List, type the new IP address in th e Host IP Address bo x, and then click Add. T o delete an IP address, clic k th e entr y in the Host IP List, and then click R emove. Figure 3-16 Remote Logs CLI – Enter the syslog ser ver host I[...]

  • Página 88

    C ONFIGURING THE S WITCH 3-38 Displaying Log Messages The Logs pag e allows y ou to scroll through the log ged system and event messages . T he switch can store up to 2048 log entries in temporar y random access memory (RAM; i.e ., me mor y f lushed on po wer reset) and up to 4096 entries in per manent flash memor y . We b – Click System, Log, Lo[...]

  • Página 89

    B ASIC C ONFIGURATION 3-39 Sending Simple Mail Transfer Protocol Alerts T o alert system administr ators of problems, the switc h can use SMTP (Simple Mail T ransfer Protocol) to se nd email messages when trig g ered by log ging events of a specified level. The message s are sent to specified SMTP ser vers on the netw ork and can be re trieved usin[...]

  • Página 90

    C ONFIGURING THE S WITCH 3-40 We b – Click System, Log, SMTP . Enable SMTP , specify a source email address , and select the mini mum severit y level. T o add an IP address to the SMTP Ser ver List, type the new IP address in the SMTP Server field and click Add. T o delete an IP address, c lick th e entr y in the SMTP Ser ver Lis t and clic k Rem[...]

  • Página 91

    B ASIC C ONFIGURATION 3-41 CLI – Enter the IP addres s of at least one SMTP server , set the syslog severity lev el to trig ger an email mess age, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the log g ing sendmail command to complete the configuration. Use the show log ging sendmail com[...]

  • Página 92

    C ONFIGURING THE S WITCH 3-42 CLI – Use the reloa d command to restart the switch. When prompted, confir m that you want to reset the switch. Note: When restarting the syste m, it will always run the Power-On Self-Test. Setting the System Clock Simple Netw ork Time Protocol (SNTP) a llows the switch to set its inter nal clock based on periodic up[...]

  • Página 93

    B ASIC C ONFIGURATION 3-43 • SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the t ime from the first server, if this fails it attempts an up date from the next server in the sequence. We b – Sele ct SNTP , Config uration. Modify any of the required parameters , and click Apply . Figure 3-20 SNTP [...]

  • Página 94

    C ONFIGURING THE S WITCH 3-44 Setting the Time Zone SNTP uses Coordinated Univ ersal Ti me (or UTC, formerly Greenwic h Mean Time, or GMT) based on the ti me at the Earth’ s prime meridian, zero deg rees longitude. T o display a time cor responding to your local time, you must in di cat e t he nu mb er of hou rs and mi nute s yo ur ti me zon e is[...]

  • Página 95

    S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-45 Simple Network Management Protocol Simple Netw ork Manag ement Protoc ol (SNMP) is a communication protocol designed specifically fo r managing devices on a network. Equipment commonly managed with SN MP includes switches, routers and host computers . SNMP is typically used to configure these devices f[...]

  • Página 96

    C ONFIGURING THE S WITCH 3-46 • Access Mode - Read-Only – Specifies read-only acces s. Authorized management stations are only able to retri eve MIB objects. - Read/Write – Specifies read-write acces s. Authorized management stations are able to both re trieve and modify MIB objects. We b – Click SNMP , Configuration. Add new community stri[...]

  • Página 97

    S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-47 Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP addres s of the host (the targeted recipient). • Trap Manager Community String – Community [...]

  • Página 98

    C ONFIGURING THE S WITCH 3-48 CLI – This example adds a trap manager and enables both authentication and link-up , li nk-down traps . User Authentication Y ou ca n restrict manag eme nt access to this switch using the follo wi ng options: • User Acco unts – Manually con figure access rights on the switch for specified users. • Authenticatio[...]

  • Página 99

    U SER A UTHENTICATION 3-49 Command Attributes • Account List – Displ ays the current list of user accounts and associated access levels. (D efaults: admin, and guest ) • New Account – Displays conf iguration settings for a new account. - User Name – The name of the user. (Maximum l ength: 8 char acters; maximu m number of u sers: 5) - Acc[...]

  • Página 100

    C ONFIGURING THE S WITCH 3-50 CLI – Assign a user name to access-level 15 (i.e ., administrator), then specify the passw ord. Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passw ords. Y ou can manually configure access rights on the switch, or you[...]

  • Página 101

    U SER A UTHENTICATION 3-51 Command Usag e • By default, manag ement access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol. Local an d remote logon authen[...]

  • Página 102

    C ONFIGURING THE S WITCH 3-52 • RADIUS Settings - Global – Provides globally appl icable RADIUS s ettings. - ServerIndex – Specifies one of five RA DIUS s ervers that may be configured. The switch attempts authentication using the lis ted sequence of servers. The process ends when a server either approves or denies access to a user. - S erver[...]

  • Página 103

    U SER A UTHENTICATION 3-53 We b – Click Securi ty , A uthentication Settings . T o configure local or remote authentication preferences , specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or T ACA CS+ authentication if selected, and click Apply . Figure 3-25 Authentication Settings[...]

  • Página 104

    C ONFIGURING THE S WITCH 3-54 CLI – Specify all the required paramete rs to enable log on authentication. Configuring HTTPS Y ou can configure the switch to enable the Secure Hypertext T ransfer Protocol (HTTPS) ov er the Secure So cket Layer (SSL), pro viding sec ure access (i.e ., an encr ypted connection) to the switch’ s w eb interface. Com[...]

  • Página 105

    U SER A UTHENTICATION 3-55 • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https:// device [: port_number ] • When you start HTTPS, the connect ion is established in this way: - The client authenticates the server using the server’s digital certi ficate. - The client and server negotiate a se t of se[...]

  • Página 106

    C ONFIGURING THE S WITCH 3-56 We b – Click Security , HTTPS Settings . Enable HTTPS and specify the port number, then click Apply . Figure 3-26 HTTPS Settings CLI – This example enables the HTTP secur e ser ver and mod ifies the port number . Replacing the Default S ecure-site Certificate When you log onto the web interface using HTTPS (for sec[...]

  • Página 107

    U SER A UTHENTICATION 3-57 When you hav e obtained these, place them on your TFTP se r ver , and use the following command at the switch's command-line interface to replac e the default (unrecognized) certif icate with an authorized one: Note: The switch must be reset for the ne w certificate to be activated. To reset the switch, type: Console[...]

  • Página 108

    C ONFIGURING THE S WITCH 3-58 Command Usag e The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then the password can be a uthenticate d either locally or via a RADIUS or T ACA CS+ remote authentication s e r ver , as specified on the Authentication Set[...]

  • Página 109

    U SER A UTHENTICATION 3-59 3. Import Client’ s Public Key to the Switch – Use the cop y tftp public-key command (page 4-89) to copy a file containing the public key for all the SSH client’ s g ranted management access to the switch. (Note that these clients must be configured locally on the switch via the User Acco unts page as described on p[...]

  • Página 110

    C ONFIGURING THE S WITCH 3-60 e. T he switch compares the decr ypted bytes to the original bytes it sent. If the two sets match, this mean s that the client's pri vate ke y corresponds to an authorized pu blic key , and the client is authenticated. Notes: 1. To use SSH with only password authentication, the host public key must still be g iven[...]

  • Página 111

    U SER A UTHENTICATION 3-61 the client to select either DES (5 6-bit) or 3DES (168-bit) for data encryption. • Save Host-Key from Memory to Flash – Saves the host key from RAM (i.e., volatil e memory to flash memory. Otherwise, the host key pair is stored to RAM by default. Note that you must select this item prior to generating the host-key pai[...]

  • Página 112

    C ONFIGURING THE S WITCH 3-62 CLI – This example g enerates a host-key pair using both the RSA and DSA alg orithms , stores the keys to flash memor y , and then displays the host’ s public keys . Configuring the SSH Server The SSH se r ver includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enabl[...]

  • Página 113

    U SER A UTHENTICATION 3-63 • SSH Authentication Retries – Spec ifies the number of authentication attempts that a client is allowed before authentication fails and the client has to resta rt the authentica tion process. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Specifies the SSH server key size. (Range: 512-896 bits; Default:76[...]

  • Página 114

    C ONFIGURING THE S WITCH 3-64 CLI – This example enables SSH, sets the authentication parameters , and display s the cur rent configur ation. It shows that the administrator has made a connection via SHH, and then disables this connection. Configuring Port Security P or t security is a feature that allows you to configure a switch port with one o[...]

  • Página 115

    U SER A UTHENTICATION 3-65 already in the address table will be retained and will not ag e out. Any other device that attempts to u se the port will be prevented fr om accessing the switch. Command Usag e • A secure port has the following restrictions: - It cannot use port monitoring. - It cannot be a multi-VLAN port. - It cannot be used as a mem[...]

  • Página 116

    C ONFIGURING THE S WITCH 3-66 We b – Click Securi ty , P ort Security . Set the action to tak e when an inv alid address is dete cted on a port, mark the checkbo x in the Status column to enable security for a port, set the maximum number of MA C addres ses allow e d on a port, and click Apply . Figure 3-29 Configuring Port Security CLI – This [...]

  • Página 117

    U SER A UTHENTICATION 3-67 This switch uses the Extensible Authentication Protocol ov er LANs (EAPOL) to exc hang e authentication protocol messages with the client, and a remote RADIUS authe ntication ser ver to v erify u ser identity and access rights . When a client (i.e., Supplicant) connects to a switc h port, the switch (i.e., A uthenticator)[...]

  • Página 118

    C ONFIGURING THE S WITCH 3-68 • The RADIUS server and 802.1X clie nt support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) • The RADIUS server and client al so have to support the same EAP authentication type – MD5. (Some clients have native support in Windows, otherwise the dot1x client[...]

  • Página 119

    U SER A UTHENTICATION 3-69 CLI – This example sho ws the default gl obal setting for 802.1X. Configuring 802.1X Global Settings The 802.1X protocol includes por t au thentication. The 802.1X protocol must be enabled globally for the swit ch system before port settings are active . Command Attributes • 802.1X System Authentication Control – Se[...]

  • Página 120

    C ONFIGURING THE S WITCH 3-70 CLI – This example enables 802.1X globally for the switch. Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that r uns betwee n the client and the switc h (i.e., authenticator), as we ll as the client identity lookup process that r uns be[...]

  • Página 121

    U SER A UTHENTICATION 3-71 • Max-Req – Sets the maximum number of times the swit ch port will retransmit an EAP reque st packet t o the client before it times out the authentication session. (Range: 1-10; Default 2) • Quiet Period – Sets the tim e that a switch port wa its after the Max Request Count has been exceeded before attempting to a[...]

  • Página 122

    C ONFIGURING THE S WITCH 3-72 CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields di splayed in this exam ple, see “show dot1x” on page 4-115. Console(config)#interface ethernet 1/2 4-146 Console(config-if)#dot1x port-control a uto 4-111 Console(config-if)#dot1x re-authenticat ion 4-113 Console([...]

  • Página 123

    U SER A UTHENTICATION 3-73 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol ex changes for any port. Table 3-5 802.1X Statistics Parameter Description Rx EAPOL Start Th e number of E APO L Start frames that have been received by this Authen ticator. Rx EAPOL Logoff The number of EAPO L Logoff frames that have been [...]

  • Página 124

    C ONFIGURING THE S WITCH 3-74 We b – Select Security , 802.1X , Statistics. Select the required por t and then click Query . Click R efresh to update the statistics . Figure 3-33 Displaying 802.1X Port Statistics CLI – This example displays the 802.1X statistics for por t 4. Console#show dot1x statistics interface ethernet 1/4 4-115 Eth 1/4 Rx:[...]

  • Página 125

    U SER A UTHENTICATION 3-75 Filtering Addresses for Management Access Y ou create a list of up to 16 IP addr esses or IP address groups that are allow ed manag ement access to the switch through the w eb interface, SNMP , or T elnet. Command Usag e • The management interfaces are open to all IP addresses by default. Once you add an entry to a filt[...]

  • Página 126

    C ONFIGURING THE S WITCH 3-76 • Start IP Address – A single IP address, or the starti ng address of a range. • End IP Address – The end address of a range. • Add/Remove Filtering Entry – Adds/removes an IP add ress from the list. We b – Click Security , IP Filter. Ente r the IP addresses or range of addresses that are allow ed managem[...]

  • Página 127

    A CCESS C ONTR OL L ISTS 3-77 CLI – This example allows SNMP access for a specific client. Access Control Lists Access Control Lists (A CL) provide packet filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control co de) or any frames ( based on MA C addres s or Ethernet type). To filter incoming pac kets, f[...]

  • Página 128

    C ONFIGURING THE S WITCH 3-78 Command Usag e The following restrictions apply to A CLs: • Each ACL can have up to 32 rules. • The maximum number of ACLs is 88. • However, due to resource restrictions, th e average number of rules bound to the ports should not exceed 20. • This switch supports ACLs for ingres s filtering only. However, you c[...]

  • Página 129

    A CCESS C ONTR OL L ISTS 3-79 - MAC : MAC ACL mod e that filters packets base d on the source or destination MAC address and the Ethernet frame type (RFC 1060). We b – Click Security , ACL, Configurat ion. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MA C), and click Add to open the configuration page fo[...]

  • Página 130

    C ONFIGURING THE S WITCH 3-80 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain any comb ination of permit or deny rules. • Address Type – Specifi e s the sour ce IP address. Use “Any” to include all possible addresses, “Host” to sp ecify a specific host address in the Address field, or “I P” to spec[...]

  • Página 131

    A CCESS C ONTR OL L ISTS 3-81 We b – Spec ify the action (i.e., P er mit or Deny). Select the addr ess type (Any , Host, or IP). If you select “Hos t,” enter a specific address . If you select “IP , ” enter a subnet address and the mask for an address range. Then click Add. Figure 3-36 ACL Configuration - Standard IP CLI – This example [...]

  • Página 132

    C ONFIGURING THE S WITCH 3-82 to specify a range of addresses with the Address and SubMask fields. (Options: Any, Host, IP; Default: Any) • Source/Destination Address – Source or destination IP address. • Source/Destination Subnet Mask – Subnet mask for source or destination address. (See the description for Subnet Mask on page 3-80.) • S[...]

  • Página 133

    A CCESS C ONTR OL L ISTS 3-83 For example, use the code value and mask below to catc h packets with the following flags set: - SYN flag valid, use control-code 2, control bitmask 2 - Both SYN and ACK valid, use c ontrol-code 18, control bitmask 18 - SYN valid and ACK invalid, use control-code 2, control bitmask 18 We b – Specify the action (i.e .[...]

  • Página 134

    C ONFIGURING THE S WITCH 3-84 3. P er mit all TCP packets from cla ss C addresses 192.168.1.0 with the TCP control code set to “SYN .” Configuring a MAC ACL Command Attributes • Action – An ACL can contain any comb ination of permit or deny rules. • Source/Destination Address Type – Use “Any” to include all possible addresses, “Ho[...]

  • Página 135

    A CCESS C ONTR OL L ISTS 3-85 We b – Specify the action (i.e ., Permit or Deny). Specify the source and/ or destination addresses . Select the addr ess type (Any , Host, or MA C). If you select “Host, ” enter a specific ad dress (e.g ., 11-22-33-44-55-66). If you select “MA C, ” enter a base address and a hexidecimal bitmask for an addres[...]

  • Página 136

    C ONFIGURING THE S WITCH 3-86 Binding a Port to an Access Control List After configuring Access Control Lists (A CL), you should bind them to the por t s th at n eed to filt er traf fic. Y ou can ass ig n one IP a cce ss l is t to any port, but you can only assign one MAC access list to a ll the por ts on the switch. Command Usag e • You must con[...]

  • Página 137

    A CCESS C ONTR OL L ISTS 3-87 We b – Click Security , ACL, P ort Binding. Mark the Enabled fie ld for the port you w ant to bind to an A CL, select the required ACL from the drop-down list, then clic k Apply . Figure 3-39 Binding a Port to an ACL CLI – T his example as signs an IP and MA C access list to por t 1, and an IP access list to port 3[...]

  • Página 138

    C ONFIGURING THE S WITCH 3-88 Port Configuration Displaying Connection Status Y ou can use the Port Infor mation or T r unk Infor mation pages to display the current connection status, includ ing link state, speed/duplex mode, flow control, and auto-neg otiation. Field Attributes (W eb) • Name – Interface label. • Type – Indicates the port [...]

  • Página 139

    P ORT C ONFIGURATION 3-89 We b – Click P ort, Port Infor mation or T runk Infor mation. Figure 3-40 Displaying Port/Trunk Inform ation Field Attributes (CLI) Basic Infor mation: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physi cal layer address for this port. (To access this item on the web[...]

  • Página 140

    C ONFIGURING THE S WITCH 3-90 - 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-duplex operation - 1000full - Supports 1000 Mbps full-duplex operation - Sym - Transmits and recei ves pause frames for flow control - FC - Supports flow control • Broadcast storm ?[...]

  • Página 141

    P ORT C ONFIGURATION 3-91 CLI – This example shows the connection status f or Port 5. Configuring Interface Connections Y ou can use the Port Configuration or T r unk Configuration page to enable/disable an interface, set auto-neg otiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. Comma[...]

  • Página 142

    C ONFIGURING THE S WITCH 3-92 • Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotia ti on is enabled, you need to specify the c apabilities to be adve rtised . When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.The following ca pabilities are suppor[...]

  • Página 143

    P ORT C ONFIGURATION 3-93 We b – Click P or t, P or t Configuration or T r unk Configuration. Modify the required interface settings, and clic k Apply . Figure 3-41 Port/Trunk Configuration CLI – Select the interface , and then enter the required settings . Creating Trunk Groups Y ou can create multiple links be tween devices that work as one v[...]

  • Página 144

    C ONFIGURING THE S WITCH 3-94 automatically negotiate a tr unked link with LA CP-configured ports on another device. Y ou can configure any number of ports on the switch as LA CP , as long as they are not already conf i g u r e d a s p a r t o f a s t a t i c t r u n k . I f ports on another device are also conf igured as LACP , the switch and the [...]

  • Página 145

    P ORT C ONFIGURATION 3-95 Statically Configuring a Trunk Command Usag e • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible. • To avoid creating a loop in the network, be [...]

  • Página 146

    C ONFIGURING THE S WITCH 3-96 We b – Click P ort, T r unk Membership . Enter a tr unk ID of 1-4 in the T r unk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding port s to the member list, click Apply . Figure 3-42 Configuring Port Trunks[...]

  • Página 147

    P ORT C ONFIGURATION 3-97 CLI – This example creates tr unk 2 with ports 1 and 2. Just connect these ports to two static trunk por ts on another switch to for m a tr unk. Enabling LACP on Selected Ports Command Usag e • To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports be[...]

  • Página 148

    C ONFIGURING THE S WITCH 3-98 • A trunk formed with another switch using L ACP will automatically be assigned the next available trunk ID. • If more than eigh t ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. • All ports[...]

  • Página 149

    P ORT C ONFIGURATION 3-99 CLI – The following example enables LA CP for por ts 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to for m a tr unk. Configuring LACP Parameters Dynamically Creating a Por t Channel – P or ts assigned to a common port channe l must meet the following criteria: • Ports must have the s[...]

  • Página 150

    C ONFIGURING THE S WITCH 3-100 Note: If the port channel admin key (lac p admin key, page 4-171) is not set (through the CLI) when a channel group is formed (i.e., it has a null value of 0), this key is set to the same value as the port admin key used by the interfaces that jo ined the group (lacp admin key, as described in this s ection and on pag[...]

  • Página 151

    P ORT C ONFIGURATION 3-101 We b – Click P ort, LA CP , Ag g reg ation P ort. Set the System Priori ty , Admin Key , and P or t Priority for t he P or t Actor. Y ou can optionally configure these setti ngs for the P ort Partner . (Be aw are that these set tings only affect the administrative state of the partne r , and will not take effect until t[...]

  • Página 152

    C ONFIGURING THE S WITCH 3-102 CLI – The following example configures LACP parameters for por ts 1-4. P or ts 1-4 are used as active members of the LA G . Console(config)#interface ethernet 1/1 4-146 Console(config-if)#lacp actor system-pr iority 3 4-168 Console(config-if)#lacp actor admin-key 120 4-170 Console(config-if)#lacp actor port-prio rit[...]

  • Página 153

    P ORT C ONFIGURATION 3-103 Displaying LACP Port Counters Y ou can display statistics for LA CP protocol messages. We b – Click P ort, LACP , P ort Counters Infor mation. Select a member port to display the cor responding infor mation. Figure 3-45 LACP - Port Counters Information Table 3- 6 LACP Port C ounters Field Description LACPDUs Sent Number[...]

  • Página 154

    C ONFIGURING THE S WITCH 3-104 CLI – The follo wing example displa ys LA CP counters . Displaying LACP Settings a nd Status for the Local Side Y ou can display configuration settin gs and the operational state for the local side of an link ag g reg ation. Console#show lacp counters 4-173 Port channel : 1 --------------------------------------- --[...]

  • Página 155

    P ORT C ONFIGURATION 3-105 LACP Port Priority LACP port priority assigned to th is interface within the ch annel group. Admin State, Oper State Administrati ve or operational values of the act or’s state parameters: • Expired – The actor’s receive machin e is in the expired state; • Defaulted – The actor’s receive mach ine is using de[...]

  • Página 156

    C ONFIGURING THE S WITCH 3-106 We b – Click P ort, LA CP , P ort Inter nal Infor mation. Select a por t channel to display the corresponding infor mation. Figure 3-46 LACP - Port Internal Information CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the local side of port channel 1. Console#show l[...]

  • Página 157

    P ORT C ONFIGURATION 3-107 Displaying LACP Settings a nd Status for the Remote Side Y ou can display configuration settin gs and the operational state for the remote side of an link ag g regation. Table 3-8 LACP Nei ghbor Configuration Infor mation Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the us er. Partner O[...]

  • Página 158

    C ONFIGURING THE S WITCH 3-108 We b – Click P ort, LA CP , P ort Neighbors Infor mation. Select a por t channel to display the corresponding infor mation. Figure 3-47 LACP - Port Neighbors Informat ion CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the remote side of por t channel 1. Console#sh[...]

  • Página 159

    P ORT C ONFIGURATION 3-109 Setting Broadcast Storm Thresholds Broadcast stor ms may occur when a device on your network is malfunctioning, or if application pr ograms are not well designed or properly configur ed. If there is to o muc h broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt. [...]

  • Página 160

    C ONFIGURING THE S WITCH 3-110 We b – Click P ort, Port/T r unk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and click Apply . Figure 3-48 Port Broadcast Control[...]

  • Página 161

    P ORT C ONFIGURATION 3-111 CLI – Specify any interfa c e, and th en enter the threshold. The following disables broadcast stor m control fo r por t 1, and then sets broadcast suppression at 600 octets per second fo r port 2 (which applies to all por ts). Configuring Port Mirroring Y ou can mir ror traffic from any source port to a targ et port fo[...]

  • Página 162

    C ONFIGURING THE S WITCH 3-112 Command Attributes • Mirror Sessions – Displays a list of current mirror sessions. • Source Unit – The unit whose port traffic will be monitored. • Source Port – The port whose traffic will be monitored. • Type – Allows you to select which traff ic to mirror to the target port, Rx (receive), or Tx (tra[...]

  • Página 163

    P ORT C ONFIGURATION 3-113 Configuring Rate Limits This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on a por t. Rate limiting is configured on ports at the edg e of a network to limi t traffic coming into or out of the networ k. T raffic that falls within the ra te limit is transmitted, whil[...]

  • Página 164

    C ONFIGURING THE S WITCH 3-114 CLI - This example sets and displays Fa st Ethernet and Gigabit Ether net granularity . Rate Limit Configuratio n Use the rate limit configurati on pag es to apply rate limiting . Command Usag e • Input and output rate limit can be enabl ed or disabled for individual interfaces. Command Attributes • Port/Trunk –[...]

  • Página 165

    P ORT C ONFIGURATION 3-115 We b – Click P or t, Rate Limit, Input/Ou tput P ort/T r unk Configuration. Enable the Rate Limit Status for the required interfaces, set the Rat e Limit Level, and clic k Appl y . Figure 3-51 Output Rate Limit Port Configuration CLI - This example sets the rate limit level for input and output traffic passing through p[...]

  • Página 166

    C ONFIGURING THE S WITCH 3-116 Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as MC EliteView. Table 3-9 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets receiv ed on the interface, including framing characters. Received Unicast Packets The number of subnetw[...]

  • Página 167

    P ORT C ONFIGURATION 3-117 Transmit Mult icast Packets The total number of pa ckets that higher-level protocols requested be transmitted, a n d which were addressed to a multicast address at this su b-layer, including those that were discarded or not sent. Transmit Broadcast Packets The total number of pa ckets that higher-level protocols requested[...]

  • Página 168

    C ONFIGURING THE S WITCH 3-118 Multiple Collision Frames A count of successfull y transmit ted frames for which transmission is inhibited by more than one collision. Carrier Sense Er rors The number of times that the carrier se nse condition was lost or never asserted when attempting to transmit a frame. SQE Test Erro rs A count of times that the S[...]

  • Página 169

    P ORT C ONFIGURATION 3-119 Multicast Frames The total number of good frames received that were directed to this mu lticast address. CRC/Alignment Errors The number of CRC /alignment e rrors (FCS or alignment errors). Undersize Frames The total number of frames recei v ed that were less th an 64 octets long (e xcluding framing bits, but incl uding F[...]

  • Página 170

    C ONFIGURING THE S WITCH 3-120 We b – Click P ort, Port Statistics . Select the require d interface, and click Quer y . Y ou can also use the Refresh button at the bottom of the page to update the screen. Figure 3-52 Port Statistics[...]

  • Página 171

    P ORT C ONFIGURATION 3-121 CLI – This example shows statistics for port 13. Console#show interfaces counters ethern et 1/13 4-155 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen out[...]

  • Página 172

    C ONFIGURING THE S WITCH 3-122 Address Table Settings Switches store the addresses for all known devices . This infor mation is used to pass traffic directly betwee n the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. Y ou can also manually configure st atic addresse s that are b[...]

  • Página 173

    A DDR ESS T ABLE S ETTINGS 3-123 We b – Click Address T able, Static Addresses . Specify the interface, the MA C address and VLAN , then click Add Static Address . Figure 3-53 Configuring a Static Address Table CLI – This example adds an address t o th e static address table, but sets it to be deleted when the switch is reset. Displaying the Ad[...]

  • Página 174

    C ONFIGURING THE S WITCH 3-124 • MAC Address – Physical addres s associated with this interface. • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort th e information displayed based on MAC address, VLAN or interface (port or trunk). • Dynamic Address Counts – The number of addresses dynamically learned. [...]

  • Página 175

    S PANNING T REE A LGORITHM C ONFIGURATION 3-125 Changing the Aging T ime Y ou can se t the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the function. • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) We b – Click [...]

  • Página 176

    C ONFIGURING THE S WITCH 3-126 The spanning tree alg orithms supported by this switch include these vers ions: • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanning Tr ee Protocol (IEEE 802.1w) ST A uses a distributed alg orithm to select a bri dging device (STA-compliant switc h, bridg e or rout er) that ser ves as the root [...]

  • Página 177

    S PANNING T REE A LGORITHM C ONFIGURATION 3-127 that can be used when a node or por t fails , and retaining the forwarding database for ports insensitive to c h anges in the tree str ucture when reconfiguration occurs . Displaying Global Settings Y ou can display a summary of the cur rent bridge STA inform ation that applies to the entire switch us[...]

  • Página 178

    C ONFIGURING THE S WITCH 3-128 • Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, then th[...]

  • Página 179

    S PANNING T REE A LGORITHM C ONFIGURATION 3-129 • Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i .e., discarding to learning to forwarding ). This delay is re quired because ever y device must receive information about topology changes befo re it starts to forward frames. In addition, each por[...]

  • Página 180

    C ONFIGURING THE S WITCH 3-130 CLI – This command displays global STA settings , follow ed by settings for each port . Note: The current root port and current r oot cost display as zero when this device is not connected to the network. Console#show spanning-tree 4-196 Spanning-tree information --------------------------------------- -------------[...]

  • Página 181

    S PANNING T REE A LGORITHM C ONFIGURATION 3-131 Configuring Global Settings Global settings apply to the entire switch. Command Usag e • Spanning Tree Algorithm 6 Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. • Rapid Spanning Tree Protocol* RSTP supports connections to ei ther STP or RSTP nodes by monitoring the incomin[...]

  • Página 182

    C ONFIGURING THE S WITCH 3-132 • Priority – Bridge priority is used i n se lecting the root de vice, root port, and designa ted port. The device wi th the highest priority becomes the STA root device. However, if all de vices have the same priority, the device with the lowest MAC add ress will then become the root devic e. (Note that lower nume[...]

  • Página 183

    S PANNING T REE A LGORITHM C ONFIGURATION 3-133 • Forward Delay – The maximum time (in seconds) this device will wai t before changing states (i.e., discardi ng to learning to forwarding). This delay is required because every device must re ceive information about topology changes before it starts to forward frames. In addition, each port needs[...]

  • Página 184

    C ONFIGURING THE S WITCH 3-134 We b – Click Spanning T ree, ST A, Conf iguration. Modify the re quired attributes , and click Apply . Figure 3-57 STA Configuration CLI – This example enables Spanning T ree Protocol, sets the mode to RSTP , and then config ures the STA a nd RSTP parameters . Console(config)#spanning-tree 4-184 Console(config)#sp[...]

  • Página 185

    S PANNING T REE A LGORITHM C ONFIGURATION 3-135 Displaying Interface Settings The STA P ort Infor mation and STA T runk Infor mation pages display the cur rent status of ports and tr unks in the Spanning T ree. Field Attributes • Spanning Tree – Shows if STA has been enabled on this interface. • STA Status – Displays curr ent state of this [...]

  • Página 186

    C ONFIGURING THE S WITCH 3-136 • Designated Port – The port priority and number of the port on the designated brid ging device th rough which this switch must communicate with the root of the Spanning Tree. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is d etermined b[...]

  • Página 187

    S PANNING T REE A LGORITHM C ONFIGURATION 3-137 • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only) These additional parameters ar e only displa yed for the CLI: • Admin status – Shows if this interface is enabled. • Path cost – This parameter is used by the STA to determine the bes t path between de[...]

  • Página 188

    C ONFIGURING THE S WITCH 3-138 • Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state . Specifying Edge Ports provides quicker c onvergenc[...]

  • Página 189

    S PANNING T REE A LGORITHM C ONFIGURATION 3-139 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP attributes fo r specific interfaces, including port priority , path cost, link type, and edge port. Y ou may use a different priority or path cost for ports of the sam e media type to indi[...]

  • Página 190

    C ONFIGURING THE S WITCH 3-140 contradictory information. Port addr ess table is cleared, and the port begins learning addresses. - Forwarding - Port forwards packets, and continues learning addresses. • Trunk – Indicates if a port is a member of a trunk. (STA Port Configuration only) The following interface attr ibutes can be configured: • S[...]

  • Página 191

    S PANNING T REE A LGORITHM C ONFIGURATION 3-141 - D e f a u l t – - Ethernet – Half duplex: 2,000,00 0; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half duplex : 200,000; full duplex: 100,000; trunk: 50,000 - Gigabit Ethernet – Full duplex: 10,000; trunk: 5,000 • Admin Link Type – The link type atta ched to this interface. [...]

  • Página 192

    C ONFIGURING THE S WITCH 3-142 We b – Click Spanning T ree, ST A, Port Configuration or T runk Configuration. M odify the required attributes , then click Apply . Figure 3-59 STA Port Configuration CLI – This example set s STA attribu tes for por t 7. VLAN Configuration IEEE 802.1Q VLANs In large networks , routers are used to isolate broadcast[...]

  • Página 193

    VLAN C ONFIGURATION 3-143 VLANs help to simplify network mana g ement by allowing you to mo ve devices to a new VLAN without ha ving to change any physical connections . VLANs can be easily or g anized to ref lect depar tmental g roups (suc h as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for multimedia applicati[...]

  • Página 194

    C ONFIGURING THE S WITCH 3-144 Note: VLAN-tagged frames can pass thr ough VLAN-aware or VLAN-unaware network interconne ction devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. VLAN Classification – When the switch recei ves a frame, it classifies the frame in one of tw [...]

  • Página 195

    VLAN C ONFIGURATION 3-145 Automatic VLAN Registration – GVRP (GARP VLAN R egistration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each end station should be a ssigned. If an end station (or its netw ork adapter) suppor ts the IEEE 802.1Q VLAN prot ocol, it can be configured to broadcast a message to yo[...]

  • Página 196

    C ONFIGURING THE S WITCH 3-146 F orwarding T agged/Untagged F rames If you w ant to create a small por t-based VLAN for devices attached directly to a single switch, y ou can assign ports to the same untag ged VLAN . Ho wever , to participate in a VLAN g roup that crosses s everal switches , you should create a VLAN for that group and enable tag gi[...]

  • Página 197

    VLAN C ONFIGURATION 3-147 Enabling or Disabling GVR P (Global Setting) GARP VLAN Re gistration Protocol (GVR P) defines a way for switc hes to ex chang e VLAN infor mation in or der to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the netwo[...]

  • Página 198

    C ONFIGURING THE S WITCH 3-148 • Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch. We b – Click VLAN , 802.1Q VLAN , Basic Infor mation. Figure 3-61 VLAN Basic Information CLI – Enter the follo wing command. Displaying Current VLANs The VLAN Cur rent Table sho ws the cur rent por t members of[...]

  • Página 199

    VLAN C ONFIGURATION 3-149 • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP : Automatically learned via GVRP. - Permanent : Added as a static entry. • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. We b – Click VLAN , 802.1Q VLAN , Cur rent T able . Select [...]

  • Página 200

    C ONFIGURING THE S WITCH 3-150 • Status – Shows if this VLAN is enabled or disabled. - Active : VLAN is operational. - Suspend : VLAN is suspended; i.e., does not pa ss packets. • Ports / Channel groups – Shows the VLAN interface members. CLI – Current VLAN infor mation can be displayed with the following command. Creating VLANs Use the V[...]

  • Página 201

    VLAN C ONFIGURATION 3-151 • State (CLI) – Enables or disables the specified VLAN. - Active : VLAN is operational. - Suspend : VLAN is suspended; i.e., does not pa ss packets. • Add – Adds a new VLAN group to the current list. • Remove – Removes a VLAN group from the curr ent list. If any port is assigned to this group as untagge d, it w[...]

  • Página 202

    C ONFIGURING THE S WITCH 3-152 Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port membe rs for the selected VLAN index. Assign ports as tag g ed if they are connected to 802.1Q VLAN compliant devices , or untag ged they are not connected to any VLAN-aware devices . Or configure a port as forbidden to prevent the[...]

  • Página 203

    VLAN C ONFIGURATION 3-153 • Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - Tagged : Interface is a member of th e VLAN. All packets transmitted by the port will be tagged, that is, carry a tag and therefore carry VLAN or CoS information. - Untagged : Interface is a memb[...]

  • Página 204

    C ONFIGURING THE S WITCH 3-154 We b – Click VLAN , 80 2.1Q VLAN , Static T able. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required . Select the membership type by marking the a ppropriate radio button in the list of ports or tr unks . Click Apply . Figure 3-64 Configuring a VLAN Sta tic Table CLI – The foll[...]

  • Página 205

    VLAN C ONFIGURATION 3-155 • Member – VLANs for which the selected interface is a tagged member. • Non-Member – VLANs for which the sele cted interface is not a tagged member. We b – Open VLAN , 802.1Q VLAN , Static Membership by P or t. Select an interface from the scroll-do wn box (P or t or T r unk). Click Query to display membership in[...]

  • Página 206

    C ONFIGURING THE S WITCH 3-156 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavior for specific interface s , including the default VLAN identifier (PVID), acce pt ed frame types , ingress filtering, GVRP status , and GARP timers . Command Usag e • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchan[...]

  • Página 207

    VLAN C ONFIGURATION 3-157 - If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member , these frames will be flooded to all other ports (except for those VLANs explici tly forbidden on this port). - If ingress filtering is enabled an d a port receives frames tagged for VLANs for which it is not a memb[...]

  • Página 208

    C ONFIGURING THE S WITCH 3-158 • Mode – Indicates VLAN membership mode f or an interface. (Default: Hybrid) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify t h e source VLAN. However, note that frames belonging to the port’s defa[...]

  • Página 209

    VLAN C ONFIGURATION 3-159 CLI – This example sets por t 3 to ac ce pt only tag ged frames, assigns PVID 3 as the nativ e VLAN ID , enables GVRP , sets the GARP timers , and then sets the switc hpor t mode to hybrid. Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN . Th is swit ch suppo[...]

  • Página 210

    C ONFIGURING THE S WITCH 3-160 T o configure priv ate VLANs , follow these steps: 1. Use the Priv ate VLAN Configurati on menu (page 3-161) to designate one or more isolated and commun ity VLANs , and the primary VLAN that will channel traffic outside of the VLAN groups . 2. Use the Priv ate VLAN Associati on menu (page 3-163) to map the secondary [...]

  • Página 211

    VLAN C ONFIGURATION 3-161 We b – Click VLAN , Priv ate VLAN , Infor mation. Select the desired port from the VLAN ID drop-down menu. Figure 3-67 Private VLAN Information CLI – This example shows the switch configured with primar y VLAN 5 and secondar y VLAN 6. P or t 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports [...]

  • Página 212

    C ONFIGURING THE S WITCH 3-162 • Type – There are three types of VLANs within a private VLAN: - Primary VLANs – Conveys traffic between promiscuous ports, and to community ports wi thin secondary VLANs. - Community VLANs - Conveys traffic betw een community ports, and to their associat ed promiscuous ports. - Isolated VLANs – Conveys traffi[...]

  • Página 213

    VLAN C ONFIGURATION 3-163 Associating VLANs Each community or isolated VLAN mu st be associated with a primar y VLAN . Command Attributes • Primary VLAN ID – ID of primary VLAN (1-4094). • Association – Community or isolated VLANs associated with the selected primary VLAN . • Non-Association – Community or isolated VLANs not associated [...]

  • Página 214

    C ONFIGURING THE S WITCH 3-164 Displaying Private VLAN Interface Information Use the Pri vate VLAN P or t Infor mation and Priv ate VLAN T runk Infor mation menus to display the interfaces associated with priv ate VLANs . Command Attributes • Port/Trunk – The switch interface. • PVLAN Port Type – Displays private VLAN port types. - Normal ?[...]

  • Página 215

    VLAN C ONFIGURATION 3-165 We b – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private VLAN Port Information CLI – This example shows the switch configured with primar y VLAN 5 and comm unity VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while por ts 4 and 5 have been configured as[...]

  • Página 216

    C ONFIGURING THE S WITCH 3-166 - Host – The port is a community port and can only communicate with other ports in its own community VLAN , and with the designated promiscuous port (s). - Promiscuous – A promiscuous port ca n communicate with all interfaces within a priv ate VLAN . • Primary VLAN – Conveys traffic between promiscuous ports, [...]

  • Página 217

    VLAN C ONFIGURATION 3-167 We b – Click VLAN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Ty pe for each port that will join a private VLAN. For promiscuous ports, set the associated primary VLAN. For host ports, set the associated sec ondary VLAN. For isolated ports, set the associated isolated VLAN. After all the [...]

  • Página 218

    C ONFIGURING THE S WITCH 3-168 Class of Service Configuration Class of Ser vice (CoS) allo ws you to specify whic h data pack ets have g reater precedence when traffic is buffered in the switch due to congestion. Th is switch supports CoS with four priority queues for eac h port. Data packets in a port’ s high-pri ority queue will be transmitted [...]

  • Página 219

    C LASS OF S ER VICE C ONFIGURATION 3-169 Command Attributes • Default Priority 9 – The priority that is assigned to untagged frames received on the specified interface. (Range: 0-7, Default: 0) • Number of Egress Traffic Class es – The number of queu e buffers provided for each port. We b – Click Priority , De fault Port Priority or Defau[...]

  • Página 220

    C ONFIGURING THE S WITCH 3-170 Mapping CoS Values to Egress Queues This switch processes Class of Servic e (CoS) priority tag ged traffic by using four priority queues for ea ch port, with ser vice schedules based on strict or W eighted Round R obin (W RR). Up to eight separate traffic priorities are defined in IEEE 802.1p . T he default priority l[...]

  • Página 221

    C LASS OF S ER VICE C ONFIGURATION 3-171 Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class 10 – Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) We b – Click Priority , T raffic Classes . Assi gn priorities to the traffic classes (i.e., output queues), then[...]

  • Página 222

    C ONFIGURING THE S WITCH 3-172 Selecting the Queue Mode Y ou can set the switch to ser vice the queues based on a strict ru le that requires all traffic in a higher priori ty queue to be proc essed before lower priority que ues are ser viced, or use W eighted R ound-Robin (WRR) queuing that specifies a relative w eight of each queue. WRR uses a pre[...]

  • Página 223

    C LASS OF S ER VICE C ONFIGURATION 3-173 Setting the Service Weight for Traffic Classes This switch uses the W eighted R ound Robin (WRR) algorithm to deter mine the frequency at which it ser vi ces each priority queue. As described in “Mapping CoS V alues to Eg ress Queues” on page 3-170, the traffic clas ses are mapped to one of the four eg r[...]

  • Página 224

    C ONFIGURING THE S WITCH 3-174 CLI – The following example sho ws how to assign WRR weights to eac h of the priority queues . Layer 3/4 Priority Se ttings Mapping Layer 3/4 Prio rities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements . T raffic pri orities can be specifie[...]

  • Página 225

    C LASS OF S ER VICE C ONFIGURATION 3-175 Selecting IP Precedence/DSCP Priority The switch allows you to choos e be tween using IP Precedence or DSCP priority . Select one of the me thods or disable this feature. Command Attributes • Disabled – Disables both priority services . (This is the default setting.) • IP Precedence – Maps layer 3/4 [...]

  • Página 226

    C ONFIGURING THE S WITCH 3-176 Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. • Class of Service Value – Maps a CoS value to the selected IP Precedence value. Note that “0” represents low priority and “7” represent high priority. We b – Click Priority , IP Precedence Priority . Select an en[...]

  • Página 227

    C LASS OF S ER VICE C ONFIGURATION 3-177 CLI – The following example globally enables IP Precedence ser vice on the switch, maps IP Precedence valu e 1 to CoS v alue 0 (on por t 1), and then displa ys the IP Precedence settings . Note: Mapping speci fic values for IP Prec edence is implemented a s an interface configuration command, but any chang[...]

  • Página 228

    C ONFIGURING THE S WITCH 3-178 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. • Class of Service Value – Maps a CoS value to the selected DSCP Priority value. Note that “0” represents low priority and “7” represent high priority. Note: IP DSCP settings apply to all interfaces. We b – Click Priority [...]

  • Página 229

    C LASS OF S ER VICE C ONFIGURATION 3-179 CLI – The following example globally enables DSCP Priority ser vice on the switch, maps DSCP v alue 0 to CoS value 1 (on por t 1), and then displays the DSCP Priority settings. Note: Mapping specific values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the [...]

  • Página 230

    C ONFIGURING THE S WITCH 3-180 We b – Click Priority , IP P or t Priority Status . Set IP P o rt P riority Status to Enabled. Figure 3-79 IP Port Priority Status Click Priority , IP Port Priority . Enter the port number for a network application in the IP P or t Number box and the new CoS value in the Class of Ser vice box, and then click Apply .[...]

  • Página 231

    C LASS OF S ER VICE C ONFIGURATION 3-181 CLI – The following example globally enables IP P or t Priority ser vice on the switch, maps HTTP traffic on por t 5 to CoS value 0, and then displays all the IP P or t Priority settings for that por t. Note: Mapping specific values for IP Port Priority is implemente d as an interface configuration command[...]

  • Página 232

    C ONFIGURING THE S WITCH 3-182 • ACL CoS Priority Mapping – Displays the configured information. * F or in for mation on config uring A C Ls , see pag e 3-77. We b – Click Priority , A CL CoS Priority . Enable mapping for any port, select an A CL from the scroll-down list, then click Add. Figure 3-81 ACL CoS Priority CLI – This example assi[...]

  • Página 233

    M ULTICAST F ILTERING 3-183 Multicast Filtering Multicasting is used to support real-time applications such as videoconf erencing or streaming audio . A multicast ser ver does not hav e to establish a separate connection with each client. It merely broadcasts its ser vice to the netw ork, and any hosts that wa nt to receive the multicast regist er [...]

  • Página 234

    C ONFIGURING THE S WITCH 3-184 Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If mult icast routing is not supported on other switches in y our network, you can use IGMP Snooping and Quer y (page 3-184) to monitor IGMP ser vice requests passing between multicast clients and ser vers , and dynamically c onfigure the switch ports which[...]

  • Página 235

    M ULTICAST F ILTERING 3-185 multicasti ng, one of these devi ces is elected “queri er” and assumes the role of querying the LAN for grou p members. It then propagates the service requests on to any upstream multicast switch/router to ensure that it will continue to r eceive the multicast service. Note: Multicast routers use this inform ation, a[...]

  • Página 236

    C ONFIGURING THE S WITCH 3-186 Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. We b – Click IGMP Snooping, IGMP C onfiguration. Adjust the IGMP settings as required, and then click Apply . (The default settings are shown below .)[...]

  • Página 237

    M ULTICAST F ILTERING 3-187 Displaying Interfaces Atta ched t o a Mul ticast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP , along with a mu lticast routing protocol suc h as D VMRP or PIM, to support IP multicasting across the Internet. These routers may be dynamically discovered b y the switc[...]

  • Página 238

    C ONFIGURING THE S WITCH 3-188 CLI – This exam ple shows that P ort 11 ha s been statically configured as a port attached to a m ulticast router . Specifying Static Interfaces for a Multicast Router Depending on your netw ork connections, IGMP snooping ma y not always be able to locate the IGMP querier . T herefore , if the IGMP queri er is a kno[...]

  • Página 239

    M ULTICAST F ILTERING 3-189 We b – Click IGMP Snooping, Static Mult icast Router P ort Configuration. Specify the interfaces attached to a m ulticast router , indicate the VLAN which will forward all the corresponding multicast traffic, an d then click Add. After you ha ve finished adding interfaces to the list, click Apply . Figure 3-84 Static M[...]

  • Página 240

    C ONFIGURING THE S WITCH 3-190 We b – Click IGMP Snooping, IP Multic ast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from the scroll-down lists . T he switch will display all the in terfaces that are propagating this multicast ser vice. Figure 3-85 IP Multicast Registration Table CLI – This example displays[...]

  • Página 241

    M ULTICAST F ILTERING 3-191 Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Quer y messages as descri bed in “Configuring IGMP snooping and Quer y P arameters” on page 3-133. F or cer tain applications that require tighter control, you may need to statically configure a m ulti[...]

  • Página 242

    C ONFIGURING THE S WITCH 3-192 We b – Click IGMP Snooping, IGMP Member Port T able. Specif y the interface attached to a m ulticast ser v ice (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast ser vice, specify the multicast IP address , and click Add. After you hav e completed adding ports to th[...]

  • Página 243

    4-1 C HAPTER 4 C OMMAND L INE I NTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manag ement interf ace for the switch ov er a direct connection to the ser ver’ s console por t, or via a T elnet connection, the switch can be managed by entering comma[...]

  • Página 244

    C OMMAND L INE I NTERFACE 4-2 After connecting to the system throug h the console port, the login screen displays: Telnet Connection T elnet operates over the IP transpor t protocol. In this environment, your management station and any network de vice you want to manage over the network m ust have a v alid IP address . V alid IP addresses consist o[...]

  • Página 245

    U SING THE C OMMAN D L INE I NTERFACE 4-3 2. At the prompt, enter the user name and system password. The CLI will display the “Vty- n #” prompt for the administra tor to show that you are using privileged access mode (i.e ., Privileged Exec), or “Vt y - n >” for the guest to sho w that you are using nor mal access mode (i.e ., Nor mal Ex[...]

  • Página 246

    C OMMAND L INE I NTERFACE 4-4 Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keyw ords and arguments . Keywords identify a command, and argu ments specif y configuration parameters. F or example, in the command “show interfaces status ethernet 1/5, ” show interfaces and st[...]

  • Página 247

    E NTERING C OMMANDS 4-5 Command Completion If you ter minate input with a T ab key , the CLI w ill print the remaining characters of a partial keyw ord up to the point of ambiguity . In the “log ging histor y” example, typing log follo wed by a tab w ill result in printing the command up to “ logging .” Getting Help on Commands Y ou can dis[...]

  • Página 248

    C OMMAND L INE I NTERFACE 4-6 Showing Commands If you enter a “?” at the command prompt, the system will display the first level of ke y words for the current command class (Nor mal Exec or Privileged Exec) or conf ig uration class (Gl obal, A CL, Interface, Line or VLAN Database). Y ou can also display a list of valid k eywords for a specific [...]

  • Página 249

    E NTERING C OMMANDS 4-7 The command “ show interfaces ? ” will display the following informati on: Partial Keyword Lookup If you t e r minate a partial keyw ord with a question mark, alt e rnatives t hat match the initial letters are pro vided. (Remember not to leave a space between the command and question mark.) F or exam ple “ s? ” shows[...]

  • Página 250

    C OMMAND L INE I NTERFACE 4-8 Understanding Command Modes The command se t is divided into Ex ec and Configuration classes. Exec commands generally display infor mation on system status or clear statistical counters . Configuration commands , on the other hand, modify interface para meters or enable cert ain switching functions . These classes are [...]

  • Página 251

    E NTERING C OMMANDS 4-9 Privileged Exec mode from within Nor m al Exec mode, b y entering the enab le comm and, followed b y the privileged level password “super” (page 4-37). T o enter Privilege d Exec mode , enter the following user names and passwords : Configuration Commands Configuration commands are privileged level commands used to modif[...]

  • Página 252

    C OMMAND L INE I NTERFACE 4-10 • Line Configuration - These commands modify the console port and Telnet configuration, and include com mand such as parity and databits . • VLAN Configuration - Includes the command to create VLAN groups. T o enter the Global Configurat ion mode, ent er the command configure in Privileged Exec mode. T he system p[...]

  • Página 253

    E NTERING C OMMANDS 4-11 Command Line Processing Commands are not case sensiti ve. Y ou can abbreviate commands and parameters as long as they contain e nough le tters to differentiate them from any other cur rently av ailable co mmands or parameters . Y ou can use the T ab k ey to complete partial commands , or ent er a par tial comm and followed [...]

  • Página 254

    C OMMAND L INE I NTERFACE 4-12 Command Groups The system commands can be broken do wn into the functional g roups shown belo w . Table 4-4 Command Groups Command Group Description Page Line Sets communicati on parame ters for the serial port and Telnet, i ncluding baud rate and console time-out 4-14 General Basic commands fo r entering privileged a[...]

  • Página 255

    C OMMAND G RO UP S 4-13 The acce ss mode shown in the following tables is indicated by these abbreviations: NE (Nor mal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) GC (Global Configuration) VC (VLAN Database Configuration) ACL (Access Control List Configuration) Address Table Configures the address table for filt[...]

  • Página 256

    C OMMAND L INE I NTERFACE 4-14 Line Commands Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the ser ver’ s ser ial por t. These commands are used to set communication pa rameters for the se rial port or T elnet (i.e., a virtual ter mina l). Table 4-5 Line Commands Command Function Mode Page line Ident[...]

  • Página 257

    L INE C OMMANDS 4-15 line This command id entifies a specific lin e for configuration, and to process subsequent line configuration commands . Syntax line { console | vty } - console - Console te rminal li ne. - vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line. Command Mode Global Configurati[...]

  • Página 258

    C OMMAND L INE I NTERFACE 4-16 login This command e nables password c hecking at login. Use the no for m to disable password checking and allo w connections without a password. Syntax login [ local ] no login local - Selects local passw ord checki ng . Authentication is based on the user name specified with the username command. Default Setting log[...]

  • Página 259

    L INE C OMMANDS 4-17 Example Related Commands username (4-36) password (4-17) password This command spec ifies the password for a line . Use the no for m to remov e the password. Syntax passw ord { 0 | 7 } password no pass word -{ 0 | 7 } - 0 means plain password, 7 means encrypted password - password - Character string that specifies the line pass[...]

  • Página 260

    C OMMAND L INE I NTERFACE 4-18 configuration file from a TFTP serv er. There is no need for y ou to manually con figure encrypted passwords. Example Related Commands login (4-16) passw ord-thresh (4-20) timeout login response This command sets the inter val that the system waits for a user to log into the CLI. Use the no for m to restore the defaul[...]

  • Página 261

    L INE C OMMANDS 4-19 Example T o set the timeout to two minutes , enter this command: Related Commands silent-time (4-21) exec-timeout (4-14) exec-timeout This command sets the inter val that the system waits until user input is detected. Use the no for m to restore the defa ult. Syntax exec-timeout [ seconds ] no exec-timeout seconds - Integer tha[...]

  • Página 262

    C OMMAND L INE I NTERFACE 4-20 Example T o set the timeout to two minutes , enter this command: Related Commands silent-time (4-21) timeout login response (4-13) password-thresh This command sets the password intr usion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold val u e. Syntax passw ord-thr [...]

  • Página 263

    L INE C OMMANDS 4-21 Example T o set the passw ord threshold to fiv e attempts, enter this command: Related Commands silent-time (4-21) timeout login response (4-13) silent-time This command sets the amount of time the management console is inaccessible after the number of unsu ccessful logon attem pts ex c eeds the threshold set by the pass word-t[...]

  • Página 264

    C OMMAND L INE I NTERFACE 4-22 databits This command sets the number of data bits per character that are interpreted and ge nerated by the console port. Use the no form to restore the default value. Syntax databits { 7 | 8 } no databits - 7 - Seven data bi ts per character. - 8 - Eight data bits per character. Default Setting 8 data bits per charac[...]

  • Página 265

    L INE C OMMANDS 4-23 parity This command de fines the genera tion of a parity bit. Use the no for m to restore the defaul t setting. Syntax parity { none | even | odd } no parity - none - No parity - even - Even parity - odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols pro vided by dev[...]

  • Página 266

    C OMMAND L INE I NTERFACE 4-24 Default Setting 9600 Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the dev ice connected to the serial port. Some baud rates availa ble on devices connected to the port might not be suppor ted. The system in dicates if the speed you selected is not supported. Example T o specify[...]

  • Página 267

    L INE C OMMANDS 4-25 disconnect This command ter minates an SSH, T elnet, or console connection. Syntax disconnect session-id sessio n-id – The se ssion identifier for an SSH, T elne t or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection. Specif[...]

  • Página 268

    C OMMAND L INE I NTERFACE 4-26 Example T o show all lines , enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 VTY configuration: Password threshold: 3 times Interactive timeout: 600 s[...]

  • Página 269

    G ENERAL C OMMANDS 4-27 General Commands enable This command activates Privileged Exec mode. In privileg ed mode, additional comm ands are available, and certain comman ds display additional infor mation. See “Und erstanding Command Modes” on page 4-8. Syntax enab le [ le vel ] level - Privilege level to log into the device . The device has two[...]

  • Página 270

    C OMMAND L INE I NTERFACE 4-28 Command Mode Nor mal Exec Command Usage • “super” is the default password r e quired to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on page 4-37.) • The “#” character is appended to the end of the prompt to indicate that the system is [...]

  • Página 271

    G ENERAL C OMMANDS 4-29 Example Related Commands enable (4-27) configure This command activa tes Global Config uration mode. Y ou must ent er this mode to modify any settings on the switch. Y ou must also enter Global Configuration mode prior to enablin g some of the other configuration modes, including Inte rface Configurat ion, Line Configur atio[...]

  • Página 272

    C OMMAND L INE I NTERFACE 4-30 Command Usage The histor y buffer size is fixed at 10 Ex ecution commands and 10 Configuration commands . Example In this example, the sho w histor y command lists the contents of the command histor y buffer: The ! command repeats commands from the Ex ecution command histor y buffer when y ou are in Norm al Ex ec or P[...]

  • Página 273

    G ENERAL C OMMANDS 4-31 Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: end This comm and returns to Privileg ed Exec mode . Default Setting None Command Mode Global Configuration, Interface Configuration, Line C onfiguration, and VLAN Database Configuration. Exam[...]

  • Página 274

    C OMMAND L INE I NTERFACE 4-32 Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode , and then quit the CLI session: quit This command exits the configuration prog ram. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The quit and exit commands can both exit the config[...]

  • Página 275

    S YSTEM M ANAGEMENT C OMMANDS 4-33 System Management Commands These commands are use d to control sy stem logs , passwords , user names, browser configuration options , and disp lay or configure a va riety of other system infor mation. Device Designation Commands Table 4-7 System Management Commands Command Group Function Page Device Designation Co[...]

  • Página 276

    C OMMAND L INE I NTERFACE 4-34 prompt This command customizes the CLI prompt. Use the no for m to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configuration Example hostname This command spec ifies o[...]

  • Página 277

    S YSTEM M ANAGEMENT C OMMANDS 4-35 Example User Access Commands The basic comm ands required for management access are listed in this section. This sw itch also includes ot her options for passw ord checking via the console or a T e lnet connection (p age 4-14), user authentication via a remote authentication ser ver (page 4-95), and host access au[...]

  • Página 278

    C OMMAND L INE I NTERFACE 4-36 username This command adds nam ed users , requires authentication at login, specifies or changes a user's password (or spec ify that no password is required), or specifies or change s a user's access level. Use the no form to remov e a user name. Syntax user name name { access-level level | nopassw ord | pas[...]

  • Página 279

    S YSTEM M ANAGEMENT C OMMANDS 4-37 Command Usage The en cr ypted password is requir ed for compatibility with leg acy passw ord settings (i.e ., plain text or encr ypted) when reading the configuration file duri ng system bootup or when downloading the configuration file from a TFTP se r ver . There is no need for you to manually configure encry pt[...]

  • Página 280

    C OMMAND L INE I NTERFACE 4-38 Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-27). • The encrypted password is required for compatibility with le gacy password settings (i.e., plain text or encrypted) when reading th[...]

  • Página 281

    S YSTEM M ANAGEMENT C OMMANDS 4-39 management This command spec ifies the client IP address es that are al lowed management access to the switch th rough various protocols . Use the no for m to restore the default setting . Syntax [ no ] mana gement { all-client | ht tp-client | snm p-client | telnet-client } start-address [ end-address ] - all-cli[...]

  • Página 282

    C OMMAND L INE I NTERFACE 4-40 • You can delete an address range just by specifying the sta rt address, or by specifying both the start address and end address. Example This example restr icts management access to the i ndicated addresses . show management This comm and displays the client IP addresse s that are allowed management access to the s[...]

  • Página 283

    S YSTEM M ANAGEMENT C OMMANDS 4-41 Example Web Server Commands Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address --------------------------------------- -------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address ----------------------------------[...]

  • Página 284

    C OMMAND L INE I NTERFACE 4-42 ip http port This command spec ifies the TCP port number used by the web bro wser interface. Use the no form to use the default port. Syntax ip http por t port-num ber no ip http por t port-number - T h e T C P p o rt t o b e u s e d b y t h e b r o w s e r i n te r f a c e . (Range: 1-65535) Default Setting 80 Comman[...]

  • Página 285

    S YSTEM M ANAGEMENT C OMMANDS 4-43 Example Related Commands ip http port (4-42) ip http secure-server This command enables the secure hy pertext transfer protocol (HTTPS) ov er the Secure Soc ket Layer (SSL), providing se cure access (i.e ., an encr ypted connection) to the switch’ s w eb interface. Use the no for m to disable this function. Synt[...]

  • Página 286

    C OMMAND L INE I NTERFACE 4-44 5.x and Netscape Navigator 6.2 or later versions. • The following web browsers and operating systems currently support HTTPS: • To specify a secure-site certific ate, see “Replacing the Defa ult Secure-site Certificate” on page 4-56. Also refe r to the copy command on page 4-89. Example Related Commands ip htt[...]

  • Página 287

    S YSTEM M ANAGEMENT C OMMANDS 4-45 Command Mode Global Configuration Command Usage • You cannot configure the HTTP an d HTTPS servers to use the same port. • If you change the HTTPS port number , clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https:// device : port_number Example Relat[...]

  • Página 288

    C OMMAND L INE I NTERFACE 4-46 Default Setting 23 Command Mode Global Configuration Example Related Commands ip telnet ser ver (4-46) ip telnet server This comm and allows this device to be monitored or configured from T elnet. Use the no for m to disable this function. Syntax [ no ] ip telnet ser ver Default Setting Enabled Command Mode Global Con[...]

  • Página 289

    S YSTEM M ANAGEMENT C OMMANDS 4-47 Secure Shell Commands The Berkle y-standard includes remote access tools originally designed for Unix systems . Some of these tools hav e also been implemented for Microsoft Windows and other envir onments . T hese tools , including commands such as rlo g in (remote login), rs h (rem ote shell), and rcp (r emote c[...]

  • Página 290

    C OMMAND L INE I NTERFACE 4-48 The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then the password can be a uthenticate d either locally or via a RADIUS or T ACA CS+ remote authentication server, as specified by the authentication login command on page[...]

  • Página 291

    S YSTEM M ANAGEMENT C OMMANDS 4-49 2. Provide Host Public Key to Clie nts – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An entr y for a public key in th[...]

  • Página 292

    C OMMAND L INE I NTERFACE 4-50 a. The cli ent sends its public key to the switch. b. The switch compares the client's publ ic key to those stored in memor y . c. If a match is found, the switc h uses the public key to encr ypt a random sequence of bytes , and sends this string to the client. d. The client uses its private k ey to decrypt the b[...]

  • Página 293

    S YSTEM M ANAGEMENT C OMMANDS 4-51 Example Related Commands ip ssh crypto host-key generate (4-53) show ssh (4-56) ip ssh timeout This command configures the timeout for the SSH ser ver . Use the no for m to restore the default setting . Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client resp onse during SSH negotiat[...]

  • Página 294

    C OMMAND L INE I NTERFACE 4-52 ip ssh authentication-retries This command configures the number of times the SSH ser ver a ttempts to reauthenticate a user . Use the no form to restore the defa ult setting . Syntax ip ssh authentication-retries count no ip ssh authentication-retries count – The number of authentication attempts pe r mitted after [...]

  • Página 295

    S YSTEM M ANAGEMENT C OMMANDS 4-53 Command Usage • The server key is a privat e key that is never shared outside the switch . • The host key is shared with the SS H clie nt, and is fixed at 102 4 bits. Example delete public-key This command deletes the specified user’ s public key . Syntax delete public-key user name [ dsa | rsa ] -u s e r n [...]

  • Página 296

    C OMMAND L INE I NTERFACE 4-54 Command Mode Privileged Exec Command Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save host-key command to save the host key pair to flash memory. • Some SSH client programs automati cally add the public key to the known hosts file as part of the c onfiguration process. Other[...]

  • Página 297

    S YSTEM M ANAGEMENT C OMMANDS 4-55 Command Usage • This command clears the host key fr om volatile memory (RAM). Use the no ip ssh save host-k ey command to clear the host key from flash memory. • The SSH server must be disabl ed before you can execute this command. Example Related Commands ip ssh crypto host-key generate (4-53) ip ssh sav e ho[...]

  • Página 298

    C OMMAND L INE I NTERFACE 4-56 show ip ssh This command displays the connection settings us ed when authenticating client access to the SSH ser ver . Command Mode Privileged Exec Example show ssh This command displ ays the current SSH ser ver connections . Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiati[...]

  • Página 299

    S YSTEM M ANAGEMENT C OMMANDS 4-57 show public-key This command shows the public k ey fo r the specified user or for the host. Syntax show public-k ey [ user [ user name ]| host ] user name – Name of an SSH us er . (Rang e: 1-8 characters) Default Setting Shows all public k e ys . Encryption The encryption method is au tomatically negotiated betw[...]

  • Página 300

    C OMMAND L INE I NTERFACE 4-58 Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is spec ified , then the public keys for all users are displayed. • When an RSA key is displayed, the first field indicates the size of the host key (e.g., 1024), the [...]

  • Página 301

    S YSTEM M ANAGEMENT C OMMANDS 4-59 Event Logging Commands logging on This command controls log ging of er ror messag es , sending debug or er ror messages to switch memor y . The no for m disables the log ging process. Syntax [ no ] log ging on Default Setting None Command Mode Global Configuration Command Usage The log ging process controls error [...]

  • Página 302

    C OMMAND L INE I NTERFACE 4-60 Example Related Commands log ging histor y (4-60) clear log ging (4-6 4) logging history This command limits syslog messages sav ed to switch memory based on severity . The no for m returns the log ging of syslog messages to the default level. Syntax log ging histor y { fl a s h | ram } level no log ging histor y { fl[...]

  • Página 303

    S YSTEM M ANAGEMENT C OMMANDS 4-61 Default Setting Flash: er rors (level 3 - 0) RAM: warnings (level 7 - 0) Command Mode Global Configuration Command Usage The me ssage level specified for f lash memor y must be a higher priority (i.e., numerically low er) than that specifie d for RAM. Example logging host This comm and adds a syslog ser ver host I[...]

  • Página 304

    C OMMAND L INE I NTERFACE 4-62 Command Usage • By using this command more than once you can build up a list of host IP addresses. • The maximum numbe r of host IP addresses allowed is five. Example logging facility This command sets the facili ty type fo r remote log ging of syslog messages . Use the no form to return the type to the default. S[...]

  • Página 305

    S YSTEM M ANAGEMENT C OMMANDS 4-63 logging trap This command enables the log ging of system messages to a remote ser ver , or limits the syslog messages sav ed to a remote ser ver based on seve rity . Use this command withou t a specified le vel to enable remote log ging . Use the no for m to disable remote log g ing . Syntax log ging trap [ le vel[...]

  • Página 306

    C OMMAND L INE I NTERFACE 4-64 clear logging This command c lears messages from the log buffer . Syntax clear log ging [ fla s h | ram ] - flash - Event history stored in fl ash memory (i.e., permanent memory). - ram - Event history stored in temporary RAM (i .e., memory flushed on power reset). Default Setting Flash and RAM Command Mode Privileged[...]

  • Página 307

    S YSTEM M ANAGEMENT C OMMANDS 4-65 - sendmail - Displays settings for the SMTP event handl er (page 4-71). - trap - Displays settings for the trap function. Default Setting None Command Mode Privileged Exec Example The following example shows that system logg ing is enabled, the message level for flash memor y is “er rors” (i.e., default lev el[...]

  • Página 308

    C OMMAND L INE I NTERFACE 4-66 The following example displays se ttings for the trap f unction. Related Commands show log ging sendmail (4-71) show log This command disp lays the system a nd event me ssag es stored in mem or y . Syntax show log { fla sh | ram } [ login ] [ tail ] - flash - Event history stored in fl ash memory (i.e., permanent memo[...]

  • Página 309

    S YSTEM M ANAGEMENT C OMMANDS 4-67 - tail - Shows event history starting from the most recent entry. - login - Shows the login record only. Default Setting None Command Mode Privileged Exec Command Usage This command shows the system and ev ent messag es stored in memor y , including the time stamp , messag e level (page 4-60), prog ram module, fun[...]

  • Página 310

    C OMMAND L INE I NTERFACE 4-68 SMTP Alert Commands These commands config ure SMTP event handling, and forwarding of alert messages to the specified SMTP ser vers and email recipients . logging sendmail host This command specifies SMTP ser vers that will be sent aler t messages . Use the no form to remo ve an SMTP server . Syntax [ no ] log ging sen[...]

  • Página 311

    S YSTEM M ANAGEMENT C OMMANDS 4-69 • To send email alerts, the switch fi rst opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection. • To open a connection, the switch first selects the server that successfully sent mail during the la st connection, or the first server configured by thi[...]

  • Página 312

    C OMMAND L INE I NTERFACE 4-70 logging sendmail source-email This command sets the email address used for the “From” fi eld in alert messages. Use the no for m to delete the source email ad dress . Syntax [no] log ging sendmail source-e mail email-address email-address - The source email address used in alert messag es. (Range: 0-41 characters)[...]

  • Página 313

    S YSTEM M ANAGEMENT C OMMANDS 4-71 Command Mode Global Configuration Command Usage Y ou can specify up to fi ve recipients for al er t messages . Howev er, y ou must enter a separate command to spe cify each recipient. Example logging sendmail This command e nables SMTP event handling . Use the no form to disable this function. Syntax [ no ] loggin[...]

  • Página 314

    C OMMAND L INE I NTERFACE 4-72 Example Time Commands The system clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP). Maintaining an accurate time o n the switch enables the s ystem log to record meani ngful dates and times for event entries . If the clock is not set, the switch will only record the time from the [...]

  • Página 315

    S YSTEM M ANAGEMENT C OMMANDS 4-73 sntp client This co mmand enables SNT P client requests for time synchronization from NTP or SNTP time se rvers specifi ed with the sntp ser vers command. Use the no for m to disable SNTP client requests . Syntax [ no ] sntp client Default Setting Disabled Command Mode Global Configuration Command Usage • The ti[...]

  • Página 316

    C OMMAND L INE I NTERFACE 4-74 sntp server This command sets the IP address of the ser ver s to which SNTP time requests are issued. Use the this comm and with no arguments to clear al l time ser vers from the current list. Syntax sntp ser ver [ ip1 [ ip2 [ ip3 ]]] ip - I P a d d r e s s o f a n t i m e s e rv e r ( N T P o r SN T P ) . (Range: 1-3[...]

  • Página 317

    S YSTEM M ANAGEMENT C OMMANDS 4-75 sntp poll This command sets the inter v al betw een sending time requests when the switch is set to SNTP client mode. Use the no for m to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Inter val betw een time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode Globa[...]

  • Página 318

    C OMMAND L INE I NTERFACE 4-76 Example clock timezone This command sets the ti me zone for the switch’ s internal cloc k. Syntax clock timezone name hour hours minute minutes { befor e-utc | after-utc } • name - Name of timezone, usually an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 1-12 hours) • m[...]

  • Página 319

    S YSTEM M ANAGEMENT C OMMANDS 4-77 Example Related Commands show sntp (4-75) calendar set This command sets the sy stem clock. It may be used if there is no time ser ver on your netw ork, or if you ha ve not configured the switch to receive signals from a time server . Syntax calendar set hour min sec { day month year | mont h day year } • hour -[...]

  • Página 320

    C OMMAND L INE I NTERFACE 4-78 show calendar This command displa ys the system clock. Default Setting None Command Mode Nor mal Exec , Privileged Exec Example System Status Commands Console#show calendar 15:12:34 April 1 2004 Console# Table 4-23 System Status Commands Command Function Mode Page light unit Displays the uni t ID of a switch using its[...]

  • Página 321

    S YSTEM M ANAGEMENT C OMMANDS 4-79 light unit This command di splays the unit ID of a switc h using its front-panel LED indicators . Syntax light unit [ unit ] - unit - specifies a unit in a switch stack to light the panel LEDs Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The unit ID is displayed using the por t st[...]

  • Página 322

    C OMMAND L INE I NTERFACE 4-80 • This command displays settings for key com mand modes. Each mode group is separated by “!” symbols, and includ es the configuration mode command, and corresponding commands. This command displays the following information: - SNMP community strings - Users (names and access levels) - VLAN database (VLAN ID, nam[...]

  • Página 323

    S YSTEM M ANAGEMENT C OMMANDS 4-81 Example Related Commands show running-config (4-82) Console#show startup-config building startup-config, please wait... .. ! ! username admin access-level 15 username admin password 0 admin ! username guest access-level 0 username guest password 0 guest ! enable password level 15 0 super ! snmp-server community pu[...]

  • Página 324

    C OMMAND L INE I NTERFACE 4-82 show running-config This comm and displays the configur ation infor mation cur rently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the inform ation in running memory to the information stored in non-volatile [...]

  • Página 325

    S YSTEM M ANAGEMENT C OMMANDS 4-83 Example Console#show running-config building running-config, please wait... .. ! phymap 5a-a5-aa-55-44-32 00-00-00-00-00 -00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00- 00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 ! ! ! SNMP-server community private rw SNMP[...]

  • Página 326

    C OMMAND L INE I NTERFACE 4-84 Related Commands show startup-config (4-79) show system This command di splays system infor mation. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage • For a description of the items sh own by this command, refer to “Displaying System Info rmation” on page -11. • The POST results s[...]

  • Página 327

    S YSTEM M ANAGEMENT C OMMANDS 4-85 Example show users Shows all activ e consol e and T elnet sessions, including user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., ses [...]

  • Página 328

    C OMMAND L INE I NTERFACE 4-86 Example show version This com mand displays hardware and soft ware version infor mation for the system. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage See “Displaying Switch Hardware/S oftware V ersions” on page 3-13 for detailed infor mation on the items displayed by this command. [...]

  • Página 329

    S YSTEM M ANAGEMENT C OMMANDS 4-87 Example Frame Size Commands jumbo fram e This command enables support for jumbo frames . Use the no for m to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configuration Command Usage • This switch provides more efficient throughput f or large sequential data transfers by supp[...]

  • Página 330

    C OMMAND L INE I NTERFACE 4-88 using jumbo frames significantly reduce s the per-packet overhead required to process protoc ol encapsulation fields. • To use jumbo frames, both the so urce and destination end nodes (such as a computer or server) must support this feature. Also, when the connection is operating at full du plex, all switches in the[...]

  • Página 331

    F LASH /F ILE C OMMANDS 4-89 copy This comm and moves (upload/download ) a code image or configuration file between the switc h’ s flash memor y and a TFTP ser ver . When you sa ve the system code or configuration settin gs to a file on a TFTP ser ver , that file can later be downloaded to the sw itch to restore system operation. The success of t[...]

  • Página 332

    C OMMAND L INE I NTERFACE 4-90 • The destination file name should not contain slashes ( or /), the leading letter of the file name s hould not be a period (.), and the maximum length for file names on th e TFTP server is 127 characters or 31 characters for files on the switch . (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) • Due[...]

  • Página 333

    F LASH /F ILE C OMMANDS 4-91 The foll owing example shows how to c opy the running configuration to a startup file. The following example shows how to download a configuration file: This example sho ws how to copy a secu re-site cer tificate from an TFTP ser ver . It then reboots the switc h to activ ate the cer tificate: This example shows how to [...]

  • Página 334

    C OMMAND L INE I NTERFACE 4-92 delete This command de letes a file or image. Syntax delete [ unit :] filename filename - Name of the configuration file or image name. unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted. • [...]

  • Página 335

    F LASH /F ILE C OMMANDS 4-93 - boot-rom - Boot R OM (or diagnostic) image file. - config - Switch configuration file. - opcode - Run-time operati on code image file. - filename - Name of the configurat ion file or image name. - unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If you enter the comma[...]

  • Página 336

    C OMMAND L INE I NTERFACE 4-94 whichboot This command displays which files were booted when the system pow ered up . Syntax whichboot [ unit ] unit - Specifies the unit number . Default Setting None Command Mode Privileged Exec Example This example shows the information displa yed by the whichboot command. See the table u nder the dir command for a[...]

  • Página 337

    A UTHENTICATION C OMMANDS 4-95 - unit * - Specifies the unit number. * The colon (:) is required. Default Setting None Command Mode Global Configuration Command Usage • A colon (:) is required after the specified file type. • If the file contains an error, it cannot be set as the default file. • A colon (:) is required after the specifie d un[...]

  • Página 338

    C OMMAND L INE I NTERFACE 4-96 Authentication Sequence authentication login This command defines the login authentication method and precedence . Use the no for m to restore the default. Syntax authentication login {[ local ] [ radius ] [ tacacs ]} no authentication login • local - Use local password. • radius - Use RADIUS server password. • [...]

  • Página 339

    A UTHENTICATION C OMMANDS 4-97 access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server. ?[...]

  • Página 340

    C OMMAND L INE I NTERFACE 4-98 Command Mode Global Configuration Command Usage • RADIUS uses UDP while T A CA CS+ us es TCP . UDP only offers best effort delivery , while TCP offers a connection-oriented transpor t. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts[...]

  • Página 341

    A UTHENTICATION C OMMANDS 4-99 RADIUS Client Re mote Authentication Dial-in User Ser vice (RADIUS) is a log on authentication protocol that uses soft w are r unning on a central ser ver to control access to RADIUS-aware devices on the netw ork. An authentication ser ver cont ains a database of mult iple user name/passw ord pairs with associated pri[...]

  • Página 342

    C OMMAND L INE I NTERFACE 4-100 • port_number - RAD IU S se r ver UDP port used for authentication messages. (Range: 1-65535) • timeout - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) • retransmit - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1-3[...]

  • Página 343

    A UTHENTICATION C OMMANDS 4-101 Example radius-server key This command sets the RADIUS encryption key . Use the no for m to restore the default. Syntax radius-ser ver key key _s t r i ng no radius-ser ver key key _s t r i n g - Encr yption key used to au thenticate logon access for client. Do not use blank spaces in the string . (Maximum length: 20[...]

  • Página 344

    C OMMAND L INE I NTERFACE 4-102 Command Mode Global Configuration Example radius-server timeout This command sets the inter v al be tween transmitting authentication requests to t he RADIUS ser ver . Use the no for m to restore the default. Syntax radius-ser ver timeout number_of_seconds no radius-ser ver timeout number_of_secon ds - Number of seco[...]

  • Página 345

    A UTHENTICATION C OMMANDS 4-103 Example TACACS+ Client T er minal Access Controller Access Control System (TA CA CS+) is a log on authentication protocol that uses soft w are r unning on a central ser ver to control access to T ACA CS-aw are devices on the network. An authentication ser ver cont ains a database of mult iple user name/passw ord pair[...]

  • Página 346

    C OMMAND L INE I NTERFACE 4-104 tacacs-server host This command spec ifies the T ACA CS+ server . Use the no fo r m t o r e s t o r e the default. Syntax tacacs-ser ver host host_ip_address no tacacs-ser ver host host_ip_address - IP addres s of a TA CA CS+ ser ver . Default Setting 10.11.12.13 Command Mode Global Configuration Example tacacs-serve[...]

  • Página 347

    A UTHENTICATION C OMMANDS 4-105 Example tacacs-server key This command sets the T ACA CS+ encryption key . Use the no for m to restore the default. Syntax tacacs-ser ver key ke y _ s tr i n g no ta cacs-server k ey key _s t r i n g - Encr yption key used to au thenticate logon access for the client. Do not use blank spaces in the string . (Maximum [...]

  • Página 348

    C OMMAND L INE I NTERFACE 4-106 Example Port Security Commands These commands can be used to enable por t security on a port. W hen using port security , the switch stops learning new MA C addresses on the specified port when it has reached a configur ed maximum n umber . Only incoming traffic with source addresse s already stored in the dynamic or[...]

  • Página 349

    A UTHENTICATION C OMMANDS 4-107 port security This command enables or configur es por t security . Use the no form without any keyw ords to disable port security . Use the no for m with the appropriate keyw ord to restore the default settings for a response to security violation or for the maxi mum nu m ber of allow e d addresses . Syntax por t sec[...]

  • Página 350

    C OMMAND L INE I NTERFACE 4-108 • You can also manually add secure addresses with the mac-address-table static command. • A secure port has the following restrictions: - Cannot use port monitoring. - Cannot be a multi-VLAN port. - Cannot be connected to a ne twork interconne ction device. - Cannot be a trunk port. • If a port is disabled due [...]

  • Página 351

    A UTHENTICATION C OMMANDS 4-109 dot1x system-auth-control This command enables 802.1X por t auth entication globally on the switch. Use the no form to restore the default. Syntax [ no ] system-auth-control Default Setting Disabled dot1x max-req Sets the maximum numb er of times that the switch retransmit s an EAP request/ identity packet to the cli[...]

  • Página 352

    C OMMAND L INE I NTERFACE 4-110 Command Mode Global Configuration Example dot1x default This command sets all configurable do t1x global and port settings to their default values . Syntax dot1x default Command Mode Global Configuration Example dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request[...]

  • Página 353

    A UTHENTICATION C OMMANDS 4-111 Example dot1x port-control This command sets the dot1x mode on a port interface. Use t he no for m to restore the default. Syntax dot1x por t-control { auto | force-authorized | force-unauthorized } no dot1x por t-control • auto – Requires a dot1x-awar e connecte d client to be authorized by the RADIUS server. Cl[...]

  • Página 354

    C OMMAND L INE I NTERFACE 4-112 dot1x operation-mode This command allows single or multiple hosts (cli ents) to connect to an 802.1X-authorized port. Use the no for m with no keyw ords to restore the default to single host. Use the no f or m with the mult i-host max-count keyw ords to restore the default maximum count. Syntax dot1x operation-mode {[...]

  • Página 355

    A UTHENTICATION C OMMANDS 4-113 dot1x re-authenticate This comm and forces re-a uthentication on all por ts or a specific interface. Syntax dot1x re-authenticate [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26) Command Mode Privileged Exec Example dot1x re-authentication This com[...]

  • Página 356

    C OMMAND L INE I NTERFACE 4-114 dot1x timeout quiet-period This co mmand sets the time that a swit ch port waits after the M ax Request Count has been exceeded before attemp ting to acquire a new client. Use the no for m to reset the default. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period seconds - T he number of seconds . [...]

  • Página 357

    A UTHENTICATION C OMMANDS 4-115 Example dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-tra nsmi tting an EAP packet. Use the no for m to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - T he number of seconds .[...]

  • Página 358

    C OMMAND L INE I NTERFACE 4-116 Command Mode Privileged Exec Command Usage This command displays the following infor mation: • Global 802.1X Parameters – Shows whether or not 802.1X port authentication is globall y enabled on the switch. • 802.1X Port Summary – Displays the port access control parameters for each interface, including the fo[...]

  • Página 359

    A UTHENTICATION C OMMANDS 4-117 - Max Count – The maximum number of hosts allowed to access this port (page 4-112). - Port-control – Shows the dot1x mode on a port as auto , force-authorized, or fo rce-unauthori zed (page 4-111). - Supplicant – MAC addre ss of authorized client. - Current Identifier– Th e integer (0-25 5) used by t he Authe[...]

  • Página 360

    C OMMAND L INE I NTERFACE 4-118 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes . . . 1/26 disabled Single-Host ForceAuthorized n/a 802.1X Port Details 802.1X is disabled o[...]

  • Página 361

    A CCESS C ONTR OL L IST C OMMANDS 4-119 Access Control List Commands Access Control Lists (A CL) provide packet filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control co de) or any frames (based on MA C address or Ether net type). To filter pack ets, first create an access list, add the requ ired rules and[...]

  • Página 362

    C OMMAND L INE I NTERFACE 4-120 • This switch supports ACLs for ingres s filtering only. However, you can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering. In other words, only two ACLs can be bound to an interface - Ingress IP ACL and Ingress MAC ACL. The order in which active ACLs are c he ck e d is as follows: 1.[...]

  • Página 363

    A CCESS C ONTR OL L IST C OMMANDS 4-121 access-list ip This command adds an IP access list and enters configurat ion mode for standard or extend ed IP A CLs . Use the no for m to remove the specified AC L . Syntax [ no ] access-list ip { standard | extended } acl_na me • standard – Specifies an ACL that filters packets based on the source IP ad[...]

  • Página 364

    C OMMAND L INE I NTERFACE 4-122 Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To cr eate an ACL, you must add at least one rule to the list. • To remove a rule , use the no permit or no deny command followed by the exact text[...]

  • Página 365

    A CCESS C ONTR OL L IST C OMMANDS 4-123 Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing f our integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with th[...]

  • Página 366

    C OMMAND L INE I NTERFACE 4-124 [ precedence pr eced ence ] [ tos tos ] [ dscp dscp ] [ source-por t spo rt [ end ]] [ destination-por t dpo rt [ end ]] [ control-flag control-flags flag-bitmask ] • protocol-number – A specific protocol number. (Range: 0-255) • source – Source IP address. • destination – Destination IP address. • addr[...]

  • Página 367

    A CCESS C ONTR OL L IST C OMMANDS 4-125 • The control-code bitmask is a decimal number (representing an equivalent bit mask) th at is applied to the control code. Enter a decimal number, where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. The following bits may be specified: 1 (fin) – Fi nish 2 (syn) [...]

  • Página 368

    C OMMAND L INE I NTERFACE 4-126 Related Commands access-list ip (4-121 ) show ip access-list This comm and displays the r u les for configured IP A CLs. Syntax show ip access-list { standard | extended } [ acl_name ] • standard – Specifies a standard IP ACL. • extended – Specifies an e xtended IP ACL. • acl_name – Name of the ACL. (Maxi[...]

  • Página 369

    A CCESS C ONTR OL L IST C OMMANDS 4-127 Command Mode Interface Configuration (Ethernet) Command Usage • A port can only be bound to one ACL. • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. • You must configure a mask for an AC L rule before you can bind it to[...]

  • Página 370

    C OMMAND L INE I NTERFACE 4-128 map access-list ip This command sets the output queue for pac kets matching an A CL r ule. The speci fied CoS value is only used to map the matching packet to an output queue; it is not writte n to the pac ket itself. Use the no for m to remov e the CoS mapping . Syntax [ no ] map access-list ip acl_name cos cos-v al[...]

  • Página 371

    A CCESS C ONTR OL L IST C OMMANDS 4-129 show map access-list ip This command sho ws the CoS valu e mapped to an IP A CL for the cur rent interface. ( T he CoS value determines the output queue for pac kets matching an A CL r ule.) Syntax show map access-list ip [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Por[...]

  • Página 372

    C OMMAND L INE I NTERFACE 4-130 MAC ACLs access-list mac This command adds a MA C access list and ent ers MAC A CL configuration mode. Use the no form to remov e the specified A CL. Syntax [ no ] access-list mac acl_name acl_name – Name of the A CL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configuration Table 4-36 [...]

  • Página 373

    A CCESS C ONTR OL L IST C OMMANDS 4-131 Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To cr eate an ACL, you must add at least one rule to the list. • To remove a rule , use the no permit or no deny command followed by the ex[...]

  • Página 374

    C OMMAND L INE I NTERFACE 4-132 • address- bitmask 2 – Bitmask for MAC address (in hexidecim al format). • vid – VLAN ID. (Range: 1-4094) • vid-end – Upper bound of VID range. (R ange: 1-4094) • protocol – A specific Ethernet protocol number. (Range: 0-65535) • protocol-end – Upper bound of protoc ol range. (Range: 0-65535) Defa[...]

  • Página 375

    A CCESS C ONTR OL L IST C OMMANDS 4-133 show mac access-list This comm and displays the r u les for configured MAC A CLs. Syntax show mac access-list [ acl _ name ] acl_name – Name of the A CL. (Maximum length: 16 characters) Command Mode Privileged Exec Example Related Commands per mit, deny 4-131 mac access-g roup (4-133) mac access-group This [...]

  • Página 376

    C OMMAND L INE I NTERFACE 4-134 Command Usage • A port can only be bound to one ACL. • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. Example Related Commands show mac access-list (4-133) show mac access-group This command shows the ports assigned to MAC ACLs. C[...]

  • Página 377

    A CCESS C ONTR OL L IST C OMMANDS 4-135 Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS values to the rule. • A packet matching a rule within the specified ACL is mapped to one of the output queues as shown below. Example Related Commands queue cos-map (4[...]

  • Página 378

    C OMMAND L INE I NTERFACE 4-136 Command Mode Privileged Exec Example Related Commands map access-list mac (4-134) ACL Information show access-list This command shows all A CLs and asso ciated r ules , as well as all the user -defined masks . Command Mode Privileged Exec Command Usage Once the A C L is bound to an interfac e (i.e., the A CL is ac ti[...]

  • Página 379

    A CCESS C ONTR OL L IST C OMMANDS 4-137 Example show access-group This command shows the port assignments of A CLs . Command Mode Pr ivi le g ed Exe cu tive Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255.255.15.0 IP extended access-list bob: permit 10.7.1.1 0.0.0.255 any permit 192.168.1.[...]

  • Página 380

    C OMMAND L INE I NTERFACE 4-138 SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protoc ol (SNMP), as well as the er ror ty pes sent to trap manag ers . snmp-server community This command defines the comm unity access string for the Simple Network Management Protocol. Use the no form t o remo[...]

  • Página 381

    SNMP C OMMANDS 4-139 • rw - Specifies read/write access. Au thorized management stations are able to both retrieve and modify MIB objects. Default Setting • public - Read-only access. Authoriz ed management st ations ar e only able to retrieve MIB objects. • private - Read/write access. Author ized management st ations are able to both retrie[...]

  • Página 382

    C OMMAND L INE I NTERFACE 4-140 Example Related Commands snmp-ser ver location (4-140) snmp-server location This command sets the system location string . Use the no f or m to re m ove the location string . Syntax snmp-ser ver location text no snmp-server location text - String that describe s the system location. (Maximum length: 255 characters) D[...]

  • Página 383

    SNMP C OMMANDS 4-141 snmp-server host This command specifie s the recipien t of a Simple Netw ork Management Protocol notificati on operation. Use the no form to re mov e the spec ified host. Syntax snmp-ser ver host host-add r community-string [ ver si o n { 1 | 2c }] no snmp-server host host-addr • host-addr - Internet addre ss of the host (the[...]

  • Página 384

    C OMMAND L INE I NTERFACE 4-142 enable tra ps command and the snmp-serve r host command for that host must be enabled. • Some notification types cannot be controlled with the snmp-server enable traps command. For example, so me notification types are always enabled. • The switch can send SNMP version 1 or version 2c notifications to a host IP a[...]

  • Página 385

    SNMP C OMMANDS 4-143 Command Usage • If you do not enter an snmp-s erver enable traps command, no notifications controlle d by this command are sent. In order to configure this device to send SNMP notifications, you must enter at least one snmp-server enable t raps command. If you enter the command with no keywords, both au thentication and link-[...]

  • Página 386

    C OMMAND L INE I NTERFACE 4-144 Example Console#show snmp System Contact: Joe System Location: Room 23 SNMP traps: Authentication: enabled Link-up-down: enabled SNMP communities: 1. private, and the privilege is rea d-write 2. public, and the privilege is read -only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal o[...]

  • Página 387

    I NTERFACE C OMMANDS 4-145 Interface Commands These commands are used to display or set communication parameters for an Ethernet por t, ag g reg ated link, or VLAN . Table 4-40 Interface Commands Command Function Mode Page interface Configur es an interf ace type and en ters interface configurat ion mode GC 4-146 description Adds a description to a[...]

  • Página 388

    C OMMAND L INE I NTERFACE 4-146 interface This command c onfigures an interface type and enter interface configuration mode. Use the no for m to remov e a tr unk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel [...]

  • Página 389

    4-147 Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 24. speed-duplex This command configures the speed an d duplex mode of a given interface when autoneg otiation is disabled. Use the no for m to restore the default. Syntax speed-duplex { 1000full | 100full | 100half | 10full [...]

  • Página 390

    C OMMAND L INE I NTERFACE 4-148 • When using the negotiation command to enable auto-negotiation, the optimal settings will be de termined by the capabilities command. To set the speed/duplex mod e under auto-negotiation, the required mode must be specified in the capabilities list for an interface. Example The following example configures por t 5[...]

  • Página 391

    4-149 Example The following example configures por t 11 to use autoneg otiation. Related Commands capabilities (4 -149) speed-duplex (4 -147) capabilities This command advertises the port capabilities of a giv en interface during autoneg otiation. Use the no f o r m w i t h p a r a m e t e r s t o r e m o ve a n a d v e r t i s e d capability , or [...]

  • Página 392

    C OMMAND L INE I NTERFACE 4-150 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When auto-neg otiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the[...]

  • Página 393

    4-151 Command Usage • Flow control can eliminate frame loss by “blocking” traffi c from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pres sure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. • To force flow control on or off (with the flowcontr ol or no flow[...]

  • Página 394

    C OMMAND L INE I NTERFACE 4-152 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disabl e a port due to abnor mal behavior (e.g ., excessi ve collisions), and then reenable it afte r the problem has been resolv ed. Y ou may also w ant to disable a port for security reasons . Example The followin[...]

  • Página 395

    4-153 Example The following shows ho w to config ure broadcast storm control at 600 packets per second: clear counters This command clear s statistics on an in terface. Syntax clear counter s interface interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) D[...]

  • Página 396

    C OMMAND L INE I NTERFACE 4-154 show interfaces status This command displays the status for an int erface. Syntax show interfaces s tatus [ interface ] interface - ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26) - port-channel channel-id (Range: 1-4) - vlan vlan-id (Range: 1-4094) Default Setting Shows the[...]

  • Página 397

    4-155 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting Shows the counters f or all interfaces . Command Mode No[...]

  • Página 398

    C OMMAND L INE I NTERFACE 4-156 Command Usage If no interface is specified, inform ation on all interfaces is displayed. F or a description of the items displayed by this comma nd, see “Showing P ort Statistics” on pag e 3-115. Example Console#show interfaces counters ethern et 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output:[...]

  • Página 399

    4-157 show interfaces switchport This comm and displays the administra tive and operational status of the specified interfaces. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting Shows all i[...]

  • Página 400

    C OMMAND L INE I NTERFACE 4-158 Table 4-41 Interfaces Switchport Statistics Field Description Broadcast threshold Shows if broadcast storm suppres sion is enabled or disabled; if enabled it also shows the th reshold level (page 4-152). Lacp status Shows if Link Aggregation Con trol Protocol has been enabled or di sabled ( page 4-167). Ingress/Egres[...]

  • Página 401

    M IR R OR P ORT C OMMANDS 4-159 Mirror Port Commands This section describes how to mir ror tr affic from a source port to a targ et port. port monitor This command configures a mir ror session. Use the no for m to clear a mir ror session. Syntax por t monitor interface [ rx | tx ] no por t monitor interface • interface - ethernet unit / port (sou[...]

  • Página 402

    C OMMAND L INE I NTERFACE 4-160 • The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port. • You can only create a single mirror session. Example The following exam ple configures the switc h to mirror receiv ed packets from port 6 to 11: show port monitor This comm and displays mirror infor [...]

  • Página 403

    R ATE L IMIT C OMMANDS 4-161 Example The following shows mirroring configured from port 6 to port 11: Rate Limit Commands This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is configured on interfaces at the edge of a netw ork to limit traffic into or out of the [...]

  • Página 404

    C OMMAND L INE I NTERFACE 4-162 rate-limit Use this command to define the rate lim it le vel for a specific interf ace. Use this command without spec ifying a rate to restore the default rate limit level. Use the no form to restore the default status of disabled. Syntax rate-limit { input | output } level [ rate ] no rate-limit { input | output } ?[...]

  • Página 405

    R ATE L IMIT C OMMANDS 4-163 • fastether net – F a st Ethernet g ranularity • gigabit ether net – Gigabit Ether net granularity • granularity – Sets rate limit granularity for the system. For Fast Ethernet, choose 512 Kbps, 1 Mbps, or 3.3 Mbps. For Gigabit Ethernet, only one granularity option is supported, 33.3 Mbps Default Setting F a[...]

  • Página 406

    C OMMAND L INE I NTERFACE 4-164 Example Link Aggregation Commands P or ts can be statically grouped into an ag g regate link (i.e., trunk) to increase the bandwidth of a netw or k connection or to ensure fault recov er y . Or you can use the Link Ag greg ation Control Protocol (LA CP) to automatically negotiate a trunk link between this switch and [...]

  • Página 407

    L INK A GG RE G A T I O N C OMMANDS 4-165 Guidelines for Creating Trunks General Guidelines – • Finish configuring port trunks be fore you connect the corresponding network cables between switch es to avoid creating a loop. • A trunk can have up to eight ports. • The ports at both ends of a connect ion must be configured as trunk ports. •[...]

  • Página 408

    C OMMAND L INE I NTERFACE 4-166 • However, if the port channel admin ke y is set, then the port admin key must be set to the same value for a port to be allowed to join a channel group. • If a link goes down, LACP port priority is used to select the backup link. channel-group This comm and adds a por t to a tr unk. Use the no for m to remo ve a[...]

  • Página 409

    L INK A GG RE G A T I O N C OMMANDS 4-167 lacp This command enables 802.3ad Link Ag g reg ation Control Protocol (LA CP) for the cur rent interface. Use the no for m to disab le it. Syntax [ no ] lacp Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP trunk must be c onfigure[...]

  • Página 410

    C OMMAND L INE I NTERFACE 4-168 Example The following shows LA CP enabled on ports 11-13. Because LA CP has also been enabled on the ports at the other end of the links , the sho w interfaces status por t-channel 1 command shows that T r unk 1 has been established. lacp system-priority This command configures a por t's LA CP system priority . [...]

  • Página 411

    L INK A GG RE G A T I O N C OMMANDS 4-169 • priority - This priority is used to determine link aggregation group (LAG) members hip, and to identify this device to other switches during LAG negotiations. (Range: 0-65535) Default Setting 32768 Command Mode Interface Configuration (Ethernet) Command Usage • Port must be configured with the same sy[...]

  • Página 412

    C OMMAND L INE I NTERFACE 4-170 lacp admin-key (Ethernet Interface) This command configures a por t's LA CP administration key . Use the no for m to restore the default setting . Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-key • actor - The local side an aggregate link. • partner - The remote side[...]

  • Página 413

    L INK A GG RE G A T I O N C OMMANDS 4-171 lacp admin-key (Port Channel) This command configures a port ch annel's LA CP administration key string . Use the no for m to re store the default setting. Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-key key - The por t channel admin k ey is u sed to identify [...]

  • Página 414

    C OMMAND L INE I NTERFACE 4-172 lacp port-priority This command configur es LA CP por t priority . Use t he no fo r m to res tor e the default setting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | partner } por t-priority • actor - The local side an aggregate link. • partner - The remote side of an aggregate link.[...]

  • Página 415

    L INK A GG RE G A T I O N C OMMANDS 4-173 show lacp This command di splays LA CP infor mation. Syntax show lacp [ port-channel ] { counter s | inter nal | neighbors | sysid } • port-channel - Local identifier for a link aggregation group. (Range: 1-4) • counters - Statistics for LACP protocol messages. • inter nal - Configuration settings and[...]

  • Página 416

    C OMMAND L INE I NTERFACE 4-174 Table 4-45 show lacp counters - display description Field Description LACPDUs Sent Number of valid LACPDUs trans mitted from this channel group. LACPDUs Received Number of valid LACPDUs recei ved on this channe l group. Marker Sent Number of valid Marker PDUs transmitted from thi s channel group. Marker Received Numb[...]

  • Página 417

    L INK A GG RE G A T I O N C OMMANDS 4-175 Console#show lacp 1 internal Channel group : 1 --------------------------------------- ---------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 --------------------------------------- ---------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin [...]

  • Página 418

    C OMMAND L INE I NTERFACE 4-176 Admin State, Oper State Administrati ve or operational values of th e actor’s state parameters: • Expired – The actor’s receive ma chine is in the expired state; • Defaulted – The actor’s rec eive machine is using defa ulted operational partner informat ion, administratively confi gured for the partner.[...]

  • Página 419

    L INK A GG RE G A T I O N C OMMANDS 4-177 Console#show lacp 1 neighbors Channel group 1 neighbors --------------------------------------- ---------------------------- Eth 1/1 --------------------------------------- ---------------------------- Partner Admin System ID : 32768, 00-0 0-00-00-00-00 Partner Oper System ID : 32768, 00-00 -00-00-00-01 Par[...]

  • Página 420

    C OMMAND L INE I NTERFACE 4-178 Address Table Commands These commands are use d to config ure the address table for filtering specified addresses, displa y ing curre nt en tries, clearing the table , or setting the aging time. Console#show lacp sysid Port Channel System Priority Sys tem MAC Address --------------------------------------- ----------[...]

  • Página 421

    A DDR ESS T ABLE C OMMANDS 4-179 mac-address-table static This command maps a static address to a destination por t in a VLAN . Use the no for m to remove an address . Syntax mac-address-table static mac-address interface inter face vlan vlan-i d [ action ] no mac-address-table static mac-address vlan vlan-id • mac-address - MAC address. • inte[...]

  • Página 422

    C OMMAND L INE I NTERFACE 4-180 • A static address cannot be learned on another port until the address is removed with the no form of this command. Example clear mac-address-table dynamic This comm and remov e s any learned en tr ies from the forwarding database and clear s the transmit and rece ive coun ts for any static or sy stem configured en[...]

  • Página 423

    A DDR ESS T ABLE C OMMANDS 4-181 show mac-address-table This command shows classes of entrie s in the bridge-forwarding database. Syntax show mac-address-table [ address mac-address [ mask ]] [ int erface interface ] [ vlan vlan-id ] [ sor t { address | vlan | interfa ce }] • mac-address - MAC address. • mask - Bits to match in the address. •[...]

  • Página 424

    C OMMAND L INE I NTERFACE 4-182 Example mac-address-table aging-time This command sets the agi ng time for entries in the addr ess table. Use the no for m to restore the defa ult aging time. Syntax mac-address-table aging-time seconds no mac-address-table aging-time seconds - Aging time. (Range: 10-1000000 seconds; 0 to disable aging) Default Setti[...]

  • Página 425

    S PANNING T RE E C OMMANDS 4-183 Command Mode Privileged Exec Example Spanning Tree Commands This section i ncludes commands th at configure the Spanning T ree Alg orithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. Console#show mac-address-table aging-ti me Aging time: 100 sec. Console# Table 4-50 Sp[...]

  • Página 426

    C OMMAND L INE I NTERFACE 4-184 spanning-tree This command enables the Spanning T ree Algorithm globally for the switch. Use the no form to disable it. Syntax [ no ] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tr ee Alg orithm (ST A) ca n be used to detect and disable network [...]

  • Página 427

    S PANNING T RE E C OMMANDS 4-185 Example This example shows ho w to enable the Spanning T ree Alg orithm for the switch: spanning-tree mode This command selects the spanning tr ee mode for this swit ch. Use the no for m to restore the default. Syntax spanning-tree mode { stp | rstp } no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.[...]

  • Página 428

    C OMMAND L INE I NTERFACE 4-186 RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives an RSTP BPDU after the migr ation delay expires, RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port. Example The following example configures the switch to use Rapid Spanning T ree: spanning-tree forward-time This command[...]

  • Página 429

    S PANNING T RE E C OMMANDS 4-187 spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to re store the default. Syntax spanning-tree hello-time time no spanning-tree hello-tim e time - Time in seconds . (Range: 1-10 seconds). The maximum value is the lo wer of 10 or [(max-age [...]

  • Página 430

    C OMMAND L INE I NTERFACE 4-188 Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) a device can w ait without receiving a configuration message before attempting to reconfigure. All device ports (ex c e pt for designated ports) should receiv e configuration messages at regu lar inter vals . Any por t tha[...]

  • Página 431

    S PANNING T RE E C OMMANDS 4-189 Command Usage Bridge priority is used in sel ect ing the root device, root port, and designated port. The device with the highest priority becomes the ST A root device. Ho wever, if all devices ha ve the same priority , the device with the lo west MA C address will t hen become the root device . Example spanning-tre[...]

  • Página 432

    C OMMAND L INE I NTERFACE 4-190 spanning-tree transmission-limit This command configur es the minimu m interval between the transmission of consecuti ve RSTP BPDUs . Use the no for m to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds . (Rang e: 1-10) De[...]

  • Página 433

    S PANNING T RE E C OMMANDS 4-191 Default Setting • Ethernet – half duplex: 2,000 ,000; full duplex: 1,000,000; trunk: 500,000 • Fast Ethernet – half dupl ex: 200,000; full duplex: 100,000; trunk: 50,000 • Gigabit Ethernet – full duplex: 10,000; trunk: 5,000 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • [...]

  • Página 434

    C OMMAND L INE I NTERFACE 4-192 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (that is, lowest value) will be configured as an ac tive l[...]

  • Página 435

    S PANNING T RE E C OMMANDS 4-193 of frame flooding required to re build address ta bles during reconfiguration events, does not caus e the spanning tree to initiate reconfiguration when the interface changes state, and also overcom es other STA-related timeout problems . However, remember that Edge Port should only be enabled for ports con nected t[...]

  • Página 436

    C OMMAND L INE I NTERFACE 4-194 forwarding should only be enab led for ports connected to a LAN segment that is at the end of a bridged LAN or for an end-node device.) • This command is the same as spanning-tree edge-port , and is only included for backward compatibility with earlier products. Note that this command may be removed for future soft[...]

  • Página 437

    S PANNING T RE E C OMMANDS 4-195 Command Usage • Specify a point-to-point link if th e interface can only be connecte d to exactly one other br idge, or a shared link if it can be connected to two or more bridges. • When automatic detection is selected , the swit ch derives the link type from the duplex mode. A full-dupl ex interface i s consid[...]

  • Página 438

    C OMMAND L INE I NTERFACE 4-196 Example show spanning-tree This command shows the configuration for the spanning tree . Syntax show spanning-tree [ inte rface ] • interface - ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) - port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileg[...]

  • Página 439

    S PANNING T RE E C OMMANDS 4-197 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode: RSTP Spanning tree enabled/disabled: enab led Priority: 4096 0 Bridge Hello Time (sec.): 2 Bridge Max Age (sec.): 20 Bridge Forward Delay (sec.): 15 Root Hello Time (sec.)[...]

  • Página 440

    C OMMAND L INE I NTERFACE 4-198 VLAN Commands A VLAN is a g roup of ports that can be located anywhe re in the network, but communicate as though they bel ong to the same physical segment. This section describes commands used to create VLAN groups, add port members, speci fy how VLAN tag ging is used, and enable automatic VLAN registration for the [...]

  • Página 441

    VLAN C OMMANDS 4-199 Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configurat ion cha nges, you can display the VLAN settings by entering the show vlan command. •U s e t h e interface vlan command mode to define the port membership mode and add or remove po[...]

  • Página 442

    C OMMAND L INE I NTERFACE 4-200 • state - Keyword to be followed by the VLAN state. - active - VLAN is operational. - suspend - VLAN is suspended. Suspended VLANs do not pass packets. Default Setting By default only VLAN 1 exists and is active . Command Mode VLAN Database Configuration Command Usage • no vlan vlan-id deletes the VLAN. • no vl[...]

  • Página 443

    VLAN C OMMANDS 4-201 Configuring VLAN Interfaces interface vlan This comm and enters inte rface configuration mode for VLANs, whic h is used to configure VLAN parame ters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN . (Range: 1-4094, no leading zeroes) Default Setting None Command Mode Global Configura[...]

  • Página 444

    C OMMAND L INE I NTERFACE 4-202 Example The following example shows how to se t the interface conf iguration mode to VLAN 1, and then assign an IP address to the VLAN: Related Commands shutdown (4 -151) switchport mode This command configures the VLAN membership mode for a port . Use the no for m to restore the defa ult. Syntax switchport mode { tr[...]

  • Página 445

    VLAN C OMMANDS 4-203 Example The following shows how to set the configuration mode to por t 1, and then set the switchport mode to hy brid: Related Commands switchport acceptable-frame-types (4 -203) switchport acceptable-frame-types This command configures the acce ptab le frame types for a port. Use the no for m to restore the defa ult. Syntax sw[...]

  • Página 446

    C OMMAND L INE I NTERFACE 4-204 Related Commands switchport mode (4 -202) switchport ingress-filtering This comm and enables ing ress filtering for an inte rface. Use the no for m to restore the default. Syntax [ no ] switchport ing ress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage ?[...]

  • Página 447

    VLAN C OMMANDS 4-205 switchport native vlan This command configures the PVID (i.e ., default VLAN ID) for a port. Use the no for m to restore the default. Syntax switchport nativ e vlan vlan- id no switchport nativ e vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1 Command Mode Interface Configura[...]

  • Página 448

    C OMMAND L INE I NTERFACE 4-206 switchport allowed vlan This command configur es VLAN g rou ps on the selected interface. Use the no for m to restore the defa ult. Syntax switchport allowed vlan { add vlan-list [ tagged | untagged ] | remo ve vlan-list } no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan[...]

  • Página 449

    VLAN C OMMANDS 4-207 • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows ho w to add VLANs 1, 2, 5 and 6 to the allowed list as tag ged VLANs for por t 1: switchport forbidden vlan This command conf[...]

  • Página 450

    C OMMAND L INE I NTERFACE 4-208 Example The following example shows ho w to prevent port 1 from being added to VLAN 3: Displaying VLAN Information show vlan This comm and shows VLAN infor mation. Syntax show vlan [ id vlan-id | name vlan- name | priv ate-vlan private-vl an-type ] • id - Keyword to be follo wed by the VLAN ID. • vlan-id - ID of [...]

  • Página 451

    VLAN C OMMANDS 4-209 Example The following example shows ho w to display infor mation for VLAN 1: Configuring Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN . This switch suppor ts two types of pri vate VLAN ports: promiscuous, and comm unity port s . A promiscuous port can communicate[...]

  • Página 452

    C OMMAND L INE I NTERFACE 4-210 T o configure priv ate VLANs , follow these steps: 1. Use the priv ate-vlan command to designate one or more community VLANs and the primar y VLAN that will channel traffic outside the community groups. 2. Use the priv ate-vlan a ssociation command to map the secondar y (i.e., community) VLAN (s) to the pr imar y VLA[...]

  • Página 453

    VLAN C OMMANDS 4-211 VLANs , and ser ves to channel traffic betw een community VLANs and other locations. • isolated – Specifies an isolated VLAN. Ports assigned to an isolated VLAN can only commun icate with promiscuous ports within their own VLAN. Default Setting None Command Mode VLAN Configuration Command Usage • Private VLANs a r e used [...]

  • Página 454

    C OMMAND L INE I NTERFACE 4-212 • primar y-vlan-id - ID of primar y VLAN . (Range: 1-4094, no leading zeroes). • secondar y-vlan-id - ID of secondar y (i.e, comm unity) VLAN . (Range: 1-4094, no leading zeroes). Default Setting None Command Mode VLAN Configuration Command Usage Secondar y VLANs provide security fo r group members . T he associa[...]

  • Página 455

    VLAN C OMMANDS 4-213 switchport mode private-vlan Use this command to set the pri vate VLAN mode for an interf ace. Use the no for m to restore the defa ult setting . Syntax switchport mode priv ate-vlan { host | pr omiscuous } no switchport mode priv ate-vlan • host – This port type can communicate with all other host ports assigned to the sam[...]

  • Página 456

    C OMMAND L INE I NTERFACE 4-214 switchport private-vl an host-association Use this command to associate an in terface wit h a secondar y V LAN . Use the no for m to remove t his association. Syntax switchport priv ate-vlan host-association second ar y-vlan-id no switchport priv ate-vlan host-association secondar y -vlan-id - ID of secondar y (i.e, [...]

  • Página 457

    VLAN C OMMANDS 4-215 Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage Promiscuous ports assigned to a pr imar y VLAN can commu nicate with any other promiscuous ports in th e same VLAN , and with the gr oup members within any as sociated se condar y VLANs. Example show vlan private-vlan Use this comma[...]

  • Página 458

    C OMMAND L INE I NTERFACE 4-216 Example GVRP and Bridge Extension Commands GARP VLAN Registrati on Protocol defines a way for switc hes to ex chang e VLAN infor mation in orde r to automatic ally registe r VLAN members on interfaces across the netw or k. T his section describes how to enable GVRP for individual interfaces and globally for the switc[...]

  • Página 459

    GVRP AND B RIDGE E XTENSION C OMMANDS 4-217 bridge-ext gvrp This command enables GVRP globally for the switch. Use the no for m to disable it. Syntax [ no ] bridge-ext gvr p Default Setting Disabled Command Mode Global Configuration Command Usage G V R P d e f i n e s a w a y f o r s w i t c h e s t o e x c h a n ge V L A N i n f o rm a t i o n i n[...]

  • Página 460

    C OMMAND L INE I NTERFACE 4-218 Example switchport gvrp This co mmand enables GVR P for a por t. Use the no for m to disab le it. Syntax [ no ] s wi t ch p ort g vrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended [...]

  • Página 461

    GVRP AND B RIDGE E XTENSION C OMMANDS 4-219 show gvrp configuration This command shows if GVRP is e nabled. Syntax show gvrp configuration [ inter face ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26) • port-channel channel-id (Range: 1-4) Default Setting Shows both global and interfac e-s[...]

  • Página 462

    C OMMAND L INE I NTERFACE 4-220 Default Setting • join: 20 centiseconds • leave: 60 centiseconds • leaveall: 1000 centiseconds Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Group Address Registration Protocol i s u s e d b y G V R P a n d G M R P t o register or deregister client attrib utes for clie nt servi[...]

  • Página 463

    GVRP AND B RIDGE E XTENSION C OMMANDS 4-221 show garp timer This comm and shows the GARP timers for the selected interface. Syntax show gar p timer [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting Shows all GARP timers . C[...]

  • Página 464

    C OMMAND L INE I NTERFACE 4-222 Priority Commands The com mands described in this section allow you to specify which data packets ha ve g reater precedence when tr affic is buffered in the switch due to congestion. T his switch supports CoS with four priority queues for each port. Data packets in a port’ s high-pri ority queue will be transmitted[...]

  • Página 465

    P RIORITY C OMMANDS 4-223 queue mode This command sets the queue mode to strict pri ority or W eighted Round-R obin (WRR) for the class of se r vice (CoS) priority queues . Use the no for m to restore the defa ult value . Syntax queue mode { strict | wr r } no queue mo de • strict - Services the e gress queues in sequential order, transmitting al[...]

  • Página 466

    C OMMAND L INE I NTERFACE 4-224 Example The following ex ample sets the queue mode t o strict priority service mode: switchport priority default This command sets a priority for incoming untag ged frames. Use the no for m to restore the default value . Syntax switchport priority defa ult default-priority-id no switchport priority default default-pr[...]

  • Página 467

    P RIORITY C OMMANDS 4-225 Therefore, any inbound fr ames that do not have priority tags will be placed in queue 0 of th e output port. (Note that if the output port is an untagged mem ber of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission.) Example The following example shows ho w to set a default priority on p[...]

  • Página 468

    C OMMAND L INE I NTERFACE 4-226 Related Commands show queue bandwidth (4 -227) queue cos-map This command assigns cl ass of ser vice (CoS) v alues to the priority qu eues (i.e., hardware output queues 0 - 3). Use the no for m set the CoS map to the defaul t values . Syntax queue cos-map queue_id [ cos1 ... cosn ] no queue cos-map • queue_id - The[...]

  • Página 469

    P RIORITY C OMMANDS 4-227 Example The fol lowing example shows ho w to map CoS v alue s 0, 1 and 2 to egre ss queue 0, value 3 to egress queue 1, values 4 and 5 to eg ress queue 2, and va lues 6 and 7 to eg ress queue 3: Related Commands show queue cos-map (4 -228) show queue mode This command show s the cur rent queue mod e. Default Setting None C[...]

  • Página 470

    C OMMAND L INE I NTERFACE 4-228 Command Mode Privileged Exec Example show queue cos-map This command shows the class of service priority map . Syntax show queue cos-map [ inter face ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting Non[...]

  • Página 471

    P RIORITY C OMMANDS 4-229 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP por t mapping (i.e., class of ser vice mapping for TCP/UDP sock ets). Use the no form to disable IP port mapping . Syntax [ no ] map ip por t Table 4-60 Priority Co mmands (Layer 3 and 4) Command Func tion Mode Page map ip port Ena[...]

  • Página 472

    C OMMAND L INE I NTERFACE 4-230 Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP P o rt, IP Preceden ce or IP DSCP , and default switchport priority . Example The following example shows ho w to enable TCP/UDP por t mapping globally: map ip port (Interface Configuration) This command[...]

  • Página 473

    P RIORITY C OMMANDS 4-231 Example The following example shows how to map HTTP traffic to CoS value 0: map ip precedence (Global Configuration) This command e nables IP precedence ma pping (i.e., IP T ype of Ser vice). Use the no form to disabl e IP precedence mapping . Syntax [ no ] map ip pr ecedence Default Setting Disabled Command Mode Global Co[...]

  • Página 474

    C OMMAND L INE I NTERFACE 4-232 map ip precedence (Interface Configurat ion) This command sets IP prec edence priority (i.e ., IP T ype of Ser vice priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-va lue cos cos-value no map ip precedence • preceden ce-value - 3-bit precedence value . (Range: 0-7) ?[...]

  • Página 475

    P RIORITY C OMMANDS 4-233 map ip dscp (Global Configuration) This command e nables IP DSCP mapping (i.e ., Differentiate d Ser vices Code P oint mapping). Use the no for m to disable IP DSCP mapping . Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Port[...]

  • Página 476

    C OMMAND L INE I NTERFACE 4-234 Default Setting The DSCP default values are defined in the follo wing table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and def[...]

  • Página 477

    P RIORITY C OMMANDS 4-235 show map ip port Use this command to show the IP port priority map . Syntax show map ip port [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Example The followin[...]

  • Página 478

    C OMMAND L INE I NTERFACE 4-236 show map ip precedence This co mmand shows the IP precedence priori ty map . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec [...]

  • Página 479

    P RIORITY C OMMANDS 4-237 show map ip dscp This command shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Example Related Commands m[...]

  • Página 480

    C OMMAND L INE I NTERFACE 4-238 Multicast Filtering Commands This switch uses IGMP (Interne t Gr oup Management Protocol) to quer y for any attac hed hosts that w ant to re ceive a spec ific multicast ser vice. It identifies the ports containing hosts requesting a ser vice and sends data out to those ports only . It then propagates the service requ[...]

  • Página 481

    M ULTICAST F ILTERING C OMMANDS 4-239 ip igmp snooping This command enables IGMP snooping on this switch. Us e the no for m to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping . ip igmp snooping vlan static This command adds a port to a mu lticas[...]

  • Página 482

    C OMMAND L INE I NTERFACE 4-240 Command Mode Global Configuration Example The following shows how to statica lly configure a multicast g roup on a port: ip igmp snooping version This command configures the IG MP snooping version. Use the no for m to restore the default. Syntax ip igmp snooping version { 1 | 2 } no ip igmp snooping v er sion • 1 -[...]

  • Página 483

    M ULTICAST F ILTERING C OMMANDS 4-241 show ip igmp snooping This command shows the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping and Quer y P arameters” on pag e 4 -184 for a description of the displayed items . Example The following shows the cur ren t IGMP snooping [...]

  • Página 484

    C OMMAND L INE I NTERFACE 4-242 Command Mode Privileged Exec Command Usage Member types displayed includ e IGMP or USER, de pending on selected options. Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: IGMP Query Commands (Layer 2) Console#show mac-address-table multicas t vlan 1 igmp-snooping VLAN M'[...]

  • Página 485

    M ULTICAST F ILTERING C OMMANDS 4-243 ip igmp snooping querier This command enables the switch as an IGMP querier . Use the no for m to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will ser ve as querier if elected. The querier is responsible for as[...]

  • Página 486

    C OMMAND L INE I NTERFACE 4-244 Command Usage The quer y count defines how long the querier waits for a response from a multicast client before taki ng action. If a querier has sent a number of queries defined by this command, but a client has not responded, a countdown timer is started using the time defined by ip igmp snooping quer y-max- r espon[...]

  • Página 487

    M ULTICAST F ILTERING C OMMANDS 4-245 ip igmp snooping query-max-response-time This command configur es the quer y repor t dela y . Use the no for m to restore the default. Syntax ip igmp snooping quer y-max-r esponse-time seconds no ip igmp snooping quer y-max-response-time seconds - The re por t delay adv er tised in IGMP queries . (Rang e: 5-25)[...]

  • Página 488

    C OMMAND L INE I NTERFACE 4-246 ip igmp snooping router-port-ex pire-time This command configur es the quer y timeout. Use the no for m to restore the default. Syntax ip igmp snooping router-por t-expire-time seconds no ip igmp snooping router-port-expir e-time seconds - The time the switch waits after the previous querier stops before it considers[...]

  • Página 489

    M ULTICAST F ILTERING C OMMANDS 4-247 Static Multicast Routing Commands ip igmp snooping vlan mrouter This comm and statically configures a multicast router port. Use the no for m to remov e the configuration. Syntax [ no ] ip igmp snooping vlan vlan-id mrouter interface • vlan-id - VLAN ID (Range: 1-4093) • interface - ethernet unit / port - u[...]

  • Página 490

    C OMMAND L INE I NTERFACE 4-248 Example The following shows how to configure port 11 as a multicast router port within VLAN 1: show ip igmp snooping mrouter This command di splays infor mati on on statically configured and dynamically lear ned multicast router por ts . Syntax show ip igmp snooping mrouter [ vlan vlan-id ] vlan-id - VLAN ID (Range: [...]

  • Página 491

    IP I NTERFACE C OMMANDS 4-249 IP Interface Commands An IP addresses ma y be used for ma nagem ent access to the switch ov er your netw ork. The IP address for this switch is obtained via DHCP b y default. Y ou can manually configure a specific IP address , or direct the device to obtain an addr ess from a BOOTP or DHCP ser ver when it is pow ered o[...]

  • Página 492

    C OMMAND L INE I NTERFACE 4-250 Default Setting DHCP Command Mode Interface Configuration (VLAN) Command Usage • You must assign an I P address to this device to gain management access over the network. You can ma nually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses c on[...]

  • Página 493

    IP I NTERFACE C OMMANDS 4-251 ip dhcp restart This comm and submits a BOOT P or DHCP clie nt request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires the server to reassign[...]

  • Página 494

    C OMMAND L INE I NTERFACE 4-252 ip default-gateway This command e stablishes a static ro ute between this switch and devices that exist on another network segment. Use the no for m to remov e the static route. Syntax ip default-gateway gat ewa y no ip default-gateway gat eway - IP address of the defa ult gateway Default Setting No static route is e[...]

  • Página 495

    IP I NTERFACE C OMMANDS 4-253 Example Related Commands show ip redirects (4 -253) show ip redirects This command shows the default gateway confi gured for this device . Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4 -252) ping This command sends ICMP echo request pack ets to another node on the net[...]

  • Página 496

    C OMMAND L INE I NTERFACE 4-254 Default Setting This command has no default for the host. Command Mode Nor mal Exec , Privileged Exec Command Usage • Use the ping command to see if another s i te on the network can be reached. • Following are some results of the ping command: - Normal response - The normal response occurs in one to ten seconds,[...]

  • Página 497

    A-1 A PPENDI X A S OFTWARE S PECIFICATIONS Software Features Authentication Local, RADIUS , TA CA CS , Port (802. 1X), HTTPS , SSH, P or t Security Access Control Lists IP , MA C (up to 88 lists) DHCP Client Port Configuration 100B ASE-TX: 10/100 Mbps , half/full duplex 1000B ASE- T : 1000 Mbps, full duplex Flo w Co ntro l Full Duplex: IEEE 802.3x [...]

  • Página 498

    S OFTWARE S PECIFICATIONS A-2 Spanning T ree Pr otocol Spanning T ree Protocol (STP , IEEE 802.1D) Rapid Spanning T ree Prot ocol (RSTP , IEEE 802.1w) VLAN Suppor t Up to 255 groups; por t-based or tag g ed (802.1Q), GVRP for automatic VLAN learning, priv ate VLANs Class of Ser vice Supports four levels of priority and W eighted R ound Robin Queuei[...]

  • Página 499

    S OFTWARE S PECIFICATIONS A-3 RMON Groups 1, 2, 3, 9 (Statistics , Histor y , Alar m, Event) Standards IEEE 802.1D Spanning T ree Pr otocol and traffic priorities IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Spanning T ree Protocol IEEE 802.1X Port Authentication IEEE 802.3-2002 Ether net, Fast Ether net, Gig abit Ether net IEEE 802[...]

  • Página 500

    S OFTWARE S PECIFICATIONS A-4 Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-lik e MIB (R FC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) F orwarding T able MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP MIB (RFC 2011) IP Multicas[...]

  • Página 501

    B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connec t using Telnet, web browser, or SNMP software • Be sure the switch is powered up . • Chec k network cabling between the m anagement statio n and the switch. • Check that you have a valid net work connection[...]

  • Página 502

    T R OUBLESHOOTING B-2 Cannot connec t using Secure Shell • If you cannot conn ect using SSH, you may have exce eded the maximum number of concurrent Te lnet/SSH sessions permitted. Try connecting again at a later time. • Be sure the control paramete rs for the SSH server are properly configure d on the switch, and that the SSH client software i[...]

  • Página 503

    U SING S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem y ou encountered is actually caused by the swi tch. If the problem appears to be caused b y the switch, follo w these ste ps: 1. Enable log ging . 2. Set the er ror messag es repor ted to include all categ ories . 3. Designat[...]

  • Página 504

    T R OUBLESHOOTING B-4[...]

  • Página 505

    Glossary-1 G LOSSARY Access Control List (ACL) A CLs can limit network traffic and re strict access to certain users or devices by c hecking each pack et for certain IP or MAC (i.e., La yer 2) infor mation. Boot Prot ocol (BOOTP) BOOTP is used to provide bootup infor mation for network devices , including IP address infor mation, th e address of th[...]

  • Página 506

    G LOSSAR Y Glossary-2 Dynamic Host Control Protocol (DHCP) Provides a framew ork for passing conf iguration infor mation to hosts on a TCP/IP netwo rk. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allo cation of reusable ne tw ork add resses and additional configuration options . Extensible Authentication Prot[...]

  • Página 507

    G LOSSAR Y Glossary-3 IEEE 802.1D Specifies a general method for the operation of MA C bridg es , including the Spanning T ree Protocol. IEEE 802.1Q VLAN T ag ging—Defines Ethernet frame tags which carr y VLAN infor mation. It allows switches to a ssign endstations to different virtual LANs , and defines a standard wa y for VLANs to communicate a[...]

  • Página 508

    G LOSSAR Y Glossary-4 IGMP Query On each subnetw ork, one IGMP-capable devi ce will act as the querier — that is , the device that asks all hosts to repor t on the IP multicast g roups they wish to join or to which they already belong . The elec ted querier will be the device with the lo west IP address in the subnetw ork. Internet Group Manageme[...]

  • Página 509

    G LOSSAR Y Glossary-5 Link Aggregation See Port T r unk. Link Ag g regation Contr ol Protocol (LAC P) Allows ports to automatically negotiate a tr unked link with LA CP-configured por ts on another device. Management Infor mation Base (MIB) An acronym for Management Infor mati on Base. It is a set of database objects that contains inform at ion abo[...]

  • Página 510

    G LOSSAR Y Glossary-6 Port Mirroring A method whereby data on a targ et por t is mirrored to a monitor port for troubleshooting with a logi c analyzer or RMON probe . T his allows data on the target por t to be studied unobstructively . Port Trunk Defines a network link agg regation and tr unking method which specifies how to create a single high-s[...]

  • Página 511

    G LOSSAR Y Glossary-7 Simple Network Management Protocol (SNMP) The application protocol in the Intern et suite of protocols which offers network management services. Simple Network Ti me Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Netw ork Time Protocol (NTP) ser ver . Updates can be requested fr[...]

  • Página 512

    G LOSSAR Y Glossary-8 User Datagram Protocol (UDP) UDP provides a dat a gram mode for pa cket-s witched communications . It uses IP as the underlying transpor t mechanism to pro vide access to IP-like ser vices . UDP packets are deli vered ju st like IP pac kets – connection-less datag rams that may be discarded before reaching their targets . UD[...]

  • Página 513

    Index-1 Numerics 802.1X, port authentication 3-66 A acceptable fr ame type 3-156 , 4-203 Access Cont rol List See ACL ACL Extend ed IP 3-78 , 4-119 , 4-120 , 4-123 MAC 3-79 , 4-119 , 4-130 , 4-130 – 4-133 Standard IP 3-78 , 4-119 , 4-120 , 4-122 address table 3-122 , 4-178 aging time 3-125 , 4-182 B BOOTP 3-19 , 4-249 BPDU 3-126 broadcast storm, [...]

  • Página 514

    I NDEX Index-2 G GARP VLAN Regist ration Protocol See GVRP gateway, default 3-18 , 4-252 GVRP global setting 4-217 interface configuration 3-15 7 , 4-218 GVRP, global se tting 3-14 7 H hardware version, displaying 3-13 , 4-86 HTTPS 3-54 , 4-43 HTTPS, secure server 3-54 , 4-43 I IEEE 802.1D 3-126 , 4-185 IEEE 802.1w 3-126 , 4-185 IEEE 802.1X 3-66 , [...]

  • Página 515

    I NDEX Index-3 path cost 3-128 , 3-137 method 3-13 3 , 4-189 STA 3-128 , 3-137 , 4-189 port authentication 3-66 port priority configuring 3-168 , 4-222 default ingress 3-168 , 4-224 STA 3-137 , 4-191 port security, configuring 3-64 , 4-106 port, statistics 3-115 , 4-155 ports autonegotiation 3-92 , 4-148 broadcast storm t hreshold 3-109 , 4-152 cap[...]

  • Página 516

    I NDEX Index-4 STA 3-125 , 4-183 edge port 3-138 , 3-141 , 4-192 global settings, configuring 3-131 , 4-184 – 4-190 global settings, displaying 3-127 , 4-196 interface settings 3-135 , 4 -190 – 4-195 , 4-196 link type 3-138 , 3-141 , 4-194 path cost 3-128 , 3-137 , 4-190 path cost method 3-133 , 4-189 port priority 3-13 7 , 4-191 protocol migra[...]

  • Página 517

    [...]

  • Página 518

    38 T esla Irvine, CA 92618 Phone: (949) 679-8 000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. and Canada (2 4 hours a day , 7 days a week) (800) SMC-4-Y OU; Phn: (949) 679 -8000; Fax: (949) 679-1481 From Europe: Contact details can be found on www .smc-europe.com or www .smc.com INTERNET E-mail addresses: techsupport@smc.com european.techsupp ort@sm[...]