Benutzeranleitung / Produktwartung ES4548D des Produzenten Accton Technology
Zur Seite of 588
P owered by Accton Manage ment G uide ES4524D ES4548D 24/48-Port Gigabit Ethe rnet Switch e-mail: info@direktronik.se tel: 08-52 400 700 fax: 08-520 18121.
.
Manage ment Guide ES4524D Gigabit Ethern et Switch Layer 2 Swit ch with 20 1 0/100/1000BAS E-T (RJ-45) Ports, and 4 G igabit Com bination P orts (R J-45/SFP) ES4548D Gigabit Ethern et Switch Layer 2 S.
ES452 4D ES454 8D F0.0.0.4 E1 12 006-CS-R01 1491000 30400 A.
v Contents Section I: G etting Started Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efaul ts 1-6 Chapter 2: Initial Configuration 2-1 Connectin g to t.
Contents vi Chapter 5 : Setting an IP A ddress 5-1 Setting th e Switch’s IP Address (IP Ve rsion 4) 5-1 Manual Conf igur atio n 5-2 Using DHCP/BOOTP 5-3 Setting th e Switch’s IP Address (IP Ve rsi.
Contents vii Config uring the SSH Server 12-12 Filter ing IP Addres ses for M anageme nt Access 12-13 Chapter 13 : Configuring Port Security 13-1 Chapter 14: Confi guring 802.1X Port Authentication 14-1 Displayi ng 802 .1X Globa l Settings 14-2 Config uring 802.
Contents viii Config uring Globa l Settings 2 2-6 Display ing Interfa ce Setting s 22-10 Config uring Inte rface Settin gs 22-13 Config uring Mul tiple Span ning T rees 22-15 Display ing Interfa ce Se.
Contents ix Chapter 28 : Multicast Filtering 28-1 Layer 2 I GMP (Snoop ing and Q uery) 28-1 Config uring IGMP Snooping and Quer y Paramete rs 28-2 Displ aying Interfa ces Attac hed to a M ulticast Rou.
Contents x end 33-4 exi t 33-4 quit 33-5 Chapter 34: Sy stem Managem ent Commands 34-1 host name 34-1 relo ad 34 -2 switch re number 3 4-2 jumbo f rame 34-3 show star tup- conf ig 34-3 show runn ing-c.
Contents xi Chapter 38: SM TP Alert Commands 38-1 logging se ndmai l host 38-1 logging se ndmai l level 38-2 logging se ndmai l source-ema il 38-2 logging se ndmai l destinatio n-email 38-3 logging se.
Contents xii radi us-server timeout 41-8 show rad ius-server 41-8 TACACS+ Client 41-9 tacacs-serv er host 41-9 tacacs-serv er port 41-9 tacac s-ser ver key 41-1 0 show ta cacs-se rver 4 1-10 Web Serve.
Contents xiii Chapter 44 : Access Control Lis t Commands 44-1 IPv4 ACLs 44-1 access -list ip 44-2 permit, deny (Stand ard IPv4 AC L) 44-2 permit, deny (Exte nded IPv4 ACL ) 44-3 show ip acces s-list 4.
Contents xiv lacp port-pri ority 46-8 show lacp 46-8 show port -channel loa d-balan ce 46-11 Chapter 47: Broadca st Storm Control Comm ands 47-1 switchp ort broadca st packet-rat e 47-1 Chapter 48: Mi.
Contents xv Chapter 52: VLAN Commands 52-1 GVRP an d Bridge Ext ension C ommand s 52-1 brid ge-ex t gv rp 52-2 show brid ge-ext 52-2 switchp ort gvrp 52-3 show gvrp conf igurati on 52-3 garp timer 52-.
Contents xvi Priority Co mmands (Layer 3 an d 4) 55-7 map ip port (Glo bal Configu ration) 55-7 map ip port (Interfa ce Conf iguration) 5 5-8 map ip preceden ce (Glob al Configura tion) 55-8 map ip pr.
Contents xvii ip doma in-lookup 58-5 show h osts 58-6 show dns 58-7 show d ns cach e 58-7 clear dn s cache 58-8 Chapter 59 : IPv4 Inter face Comman ds 59-1 ip addres s 59 -1 ip defaul t-gatewa y 59-2 .
Contents xviii Section IV: Appendices Appendix A: Soft ware Specificatio ns A-1 Soft ware F eat ures A- 1 Manage ment Featu res A-2 Stan dard s A-2 Manage ment Inform ation Bas es A-3 Appendix B: Trou.
xix Tables Table 1- 1 Key Featu res 1-1 Tab le 1-2 Sys tem D efaul ts 1-6 Table 3- 1 Web Page C onfigura tion Button s 3-3 Table 3- 2 Switch Main Men u 3-4 Table 9- 1 Logging Lev els 9-1 Table 11-1 SNMPv 3 Secu rity Mode ls and Level s 11-2 Table 11-2 Suppor ted Notificatio n Messages 11-1 3 Table 12-1 HTTPS System Support 12-6 Table 14 -1 8 02.
xx T ables Table 41 -5 RADIUS Client Com mands 41-5 Table 41 -6 TACACS+ Client Com mands 41-9 Table 41 -7 Web Server Comm ands 41-11 Table 41 -8 HTTPS System Support 41-13 Table 41 -9 Telnet Server Co.
xxi T ables Table 57-4 Static Multi cast Routing C ommands 57 -8 Table 58 -1 DNS Command s 58-1 Table 58 -2 show dns ca che - dis play des cription 58-7 Table 59 -1 IPv4 Configura tion Comm ands 59-1 .
xxii T ables.
xxiii Figures Figur e 3-1 Home P age 3-2 Figure 3 -2 Front Pane l Indi cators 3-3 Figur e 4-1 Syste m Inf ormat ion 4- 2 Figure 4 -2 Switch Informati on 4-4 Figure 4 -3 Displ aying Brid ge Extens ion .
xxiv Figures Figure 1 2-7 IP Filter 1 2-14 Figure 1 3-1 Port Security 13-2 Figure 1 4-1 802.1X G lobal Inf ormation 14-2 Figure 1 4-2 802. 1X Global C onfigurati on 14-3 Figure 1 4-3 802.
xxv Figures Figure 2 4-1 Private VLAN Status 24-1 Figure 2 4-2 Private VLAN Link Status 24-2 Figure 2 5-1 Protocol VLAN Config uration 25-2 Figure 2 5-2 Protocol VLAN Port Config uration 25-3 Figure 2.
xxvi Figures.
Section I: Getting Started This secti on provide s an overview of the switc h, and introdu ces some basic concep ts about netwo rk switche s. It also desc ribes the ba sic setting s required to acc ess th e ma nagem ent inte rfac e. Introduc tion . . .
Getting Started.
1-1 Chapter 1: Introduction This switc h provides a b road rang e of features f or Layer 2 swi tching. It inc ludes a manage ment agent that allows yo u to conf igure the feat ures listed in this manua l. The defau lt configur ation can be used for mos t of the featu res provided by this switch .
Introduction 1-2 1 Description of Software F eatures The sw itch prov ides a wide range o f adva nced pe rforman ce enha ncing features. Flow cont rol elimina tes the loss of packets due to bottle necks cau sed by port satura tion. Broadc ast storm sup pressi on prevents bro adcast traffic stor ms from engulfin g the networ k.
Description of Softw are Features 1-3 1 Port Configuration – Y ou can m anual ly configur e the speed an d duple x mode, a nd flow con trol used on specific por ts, or use auto-ne gotiation to de tect the con nection settings used by the attached device .
Introduction 1-4 1 Sp anning T ree Algorithm – The switch su pports these span ning tree prot ocols: S panning Tree Protocol (STP , IEEE 802.1D) – This pr otocol pr ovides loo p detec tion.
Description of Softw are Features 1-5 1 T r affic Priori tizatio n – This switch pr ioritizes each packet based on the req uired level of se rvice, using eight priorit y queues w ith strict or Weig hted Round Robin Queuing. It uses IEEE 802. 1p and 802 .
Introduction 1-6 1 System Defaults The switc h’s system defa ults are provide d in the config uration file “Fact ory_Def ault_Con fig.cfg .” To reset the s witch defau lts, this file s hould be se t as the start up configurat ion file (page 6-5).
System Defaults 1-7 1 SNMP SNMP Ag ent En abled Communi ty Strin gs “public ” (read on ly) “privat e” (read/w rite) Traps Authentic ation t raps: enab led Link-up-d own ev ents: ena bled SNMP .
Introduction 1-8 1 Traffic Prioritization Ingress P ort Prio rity 0 Queue M ode WR R Weighted Ro und R obin Queue: 0 1 2 3 4 5 6 7 Weight: 1 2 4 6 8 10 12 14 IP Preceden ce Priority Disabled IP DSCP Priority Disabled IP Port Priori ty Disabled IP S ett ings Router Re dunda ncy Multicast Filte ring Managem ent.
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in netwo rk managem ent age nt. The agen t offers a variety of m anagement option s, incl uding SN MP , RMO N and a web- based i nterface.
Initial Confi guration 2-2 2 • Configu re up to 32 static o r LACP trun ks per switc h • Enable po rt mirrorin g • Set br oadcast storm control on an y port • Displa y system info rmation and .
Basic Configur ation 2-3 2 Note: This sw itch supports four c oncurrent Telnet/SSH sessions. After configur ing the switc h’s IP parameters, yo u can acces s the onboa rd configur ation prog ram from any where withi n the attached net work.
Initial Confi guration 2-4 2 3. T y pe “usern ame guest passw ord 0 pa ss wo rd ,” for the Normal Ex ec level, where password is your new pass wor d. Pr ess < Ent er>. 4. T y pe “usern ame adm in password 0 pa s swo rd ,” for the Pr ivileged Exe c level, wher e password is yo ur new passw ord.
Basic Configur ation 2-5 2 3. T y pe “exit” to re turn to the globa l configurat ion mode p rompt. Pres s <Enter>. 4. T o set the IP ad dress of the defaul t gateway for the ne twork t o which the switch belongs , type “ip def ault-gatewa y gatew ay ,” where “gatewa y” is t he IP addres s of the defa ult gateway .
Initial Confi guration 2-6 2 T o configure an IPv6 link lo cal address for the switch, co mplete the foll owing steps: 1. From the G lobal Conf iguration mo de promp t, type “inter face vlan 1” to access the interfa ce-configur ation mode. Press <Ente r>.
Basic Configur ation 2-7 2 T o genera te an IPv6 global unicas t address fo r the switch usi ng a gener al network prefix, c omple te the following steps: 1.
Initial Confi guration 2-8 2 Dynamic Con figuration Obtaining an I Pv4 Addres s If you sel ect the “bootp” o r “dhcp” optio n, IP will be enable d but will not function unti l a BOOTP or DHCP reply has been recei ved. Y ou therefore need to use the “ip dhcp restart” com mand to start br oadcast ing service re quests.
Basic Configur ation 2-9 2 Obtaining an I Pv6 Addres s Link Loc al Address — There are se veral wa ys to dynami cally con figure IPv6 address es. The sim plest metho d is to automa tically gen erate a “link local” addres s (id enti fie d by an ad dres s p refix of F E80) .
Initial Confi guration 2-10 2 2. From the int erface pro mpt, type “ipv 6 address autoconfig” and press <E nter>. Enabling SNMP Management Access The switch ca n be confi gured to acc ept manage ment co mmands f rom Simple Network M anagem ent Protocol (SNMP) appl ications su ch as HP Ope nView .
Basic Configur ation 2-11 2 The defa ult stri ngs are : • public - with read-on ly acces s. Aut horized manageme nt st ations a re only able to ret rieve MIB obje cts. • private - w ith re ad-write ac cess. A uthorized manag ement st ations a re able t o both ret rieve and modif y MIB obje cts.
Initial Confi guration 2-12 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re manag ement acc ess for SNMP v3 clien ts, you need to first cr eate a view tha t defines th e portions of MIB that the client ca n read or write, assig n the view to a group , and then assign the user to a gr oup.
Managing System Files 2-13 2 Due to the size limit of the flash memor y , the swit ch suppor ts only two operat ion code file s. However, you can have as m any diagn ostic code files and conf iguration files as available f lash mem ory space al lows. The s witch ha s a total of 32 M bytes of flash memory for s ystem fi les.
Initial Confi guration 2-14 2.
Section II: Switch Management This secti on describe s the basic swi tch features, along with a de tailed description of how to conf igure each feature vi a a web browse r , an d a brief exam ple for the Comma nd Line Inte rface. Configuri ng the Swi tch .
Switch Management Configuri ng Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 9-1 Switch Clus tering . . . . . . .
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch prov ides an e mbedde d HTTP web ag ent. Us ing a we b browse r you c an configur e the switch and view statis tics to monit or network ac tivity . The web agen t can be acce ssed by any compu ter on the ne twork using a standard web browser (Interne t Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-br owser in terface yo u must first ente r a user nam e and password . The adm inistrato r has Rea d/Write acce ss to al l configur ation param eters and statistics.
Navigating the Web Brow ser Interface 3-3 3 Configurati on Options Configu rable param eters h ave a di alog b ox or a drop-dow n list. Once a configur ation change ha s been mad e on a page, be sur e to click o n the Apply butt on to confi rm the new set ting.
Configuring the Switch 3-4 3 Main Menu Using th e onboard web agent, you can define sy stem parame ters, ma nage and contro l the switch, and a ll its ports, or monitor network c onditions. The following table briefly des cribes the selectio ns availab le from this pr ogram.
Navigating the Web Brow ser Interface 3-5 3 SNMP 11 - 1 Configura tion Configure s comm unity strin gs and re lated trap functio ns 1 1 -3 Agent Sta tus Enables o r disab les SNMP 1 1 -2 SNMPv3 11 - 6.
Configuring the Switch 3-6 3 Trunk Me mbersh ip Specif ies ports t o group in to stati c trunks 17-2 LACP 17-1 Configura tion Allo ws ports to dynamic ally join trunks 17-5 Aggregat ion Port Config ur.
Navigating the Web Brow ser Interface 3-7 3 Port Conf iguratio n Configure s port sett ings fo r a specifie d MST ins tance 22-19 Trun k Co nfigu rati on Confi gures trun k set tin gs for a spec ifi ed MST inst anc e 22-19 VLAN 23-1 802.1Q V LAN GVRP Sta tus Enables G VRP VLA N regis tration pro tocol 23-4 802.
Configuring the Switch 3-8 3 IP DSCP Priority Se ts IP D ifferentiated S ervices C ode Point priority, mapping a DSCP tag to a c lass-of-ser vice value 26-9 IP Po rt P rior ity St at us Glob all y ena.
4-1 Chapter 4: Basic System Settings This cha pter descr ibes the ba sic functio ns requir ed to set up m anagem ent acces s to the swit ch, disp lay or upg rad e oper at ing soft ware , or res et th e sy stem. Displaying System Infor mation Y o u can easily identify the sy stem by displaying t he device name, loca tion and contact infor mation.
Basic System Settin gs 4-2 4 We b – Click Syste m, System Informa tion. S pecify the system name, location, and contac t informati on for the syst em administrato r , th en click Apply . (This page a lso includes a T elnet button that allows access to the Command Line Interface via T elnet.
Displayin g Switch Hardware/Softw are V ersions 4-3 4 CLI – S peci fy th e ho stna me, l ocat io n and cont act in format io n. Displaying Switch Hardw are/Software Ve rsions Use the Sw itch Inform .
Basic System Settin gs 4-4 4 • Boot-ROM Version – Version of Pow er-On Sel f-Test (POST ) and boot cod e. • Operation Code Version – Version nu mber of ru ntime cod e. • Role – Shows tha t this switch is oper ating as Mas ter or Slave . These addi tional param eters are dis played for the CLI.
Displaying Br idge Extension Capab ilities 4-5 4 Displaying Bridge Exten sion Capabilities The Bridg e MIB includ es extensio ns for manage d devices that suppor t Multicast Fil ter ing, T raf fic Cl asse s, a nd V irt ual LANs. Y ou ca n ac cess t hes e ext ensi ons t o dis play def ault sett ings fo r the key va riab les.
Basic System Settin gs 4-6 4 CLI – Enter the fo llowing com mand. Configuring Support for Jum bo Frames The switc h provides more efficient thro ughput for large seque ntial data transf ers by support ing jumbo fram es up to 92 16 bytes. Com pared to standa rd Ethernet frames that run only up to 1.
Renumbering the Sta ck 4-7 4 Renumbering the Stack If the units are no lo nger numbe red seque ntially after se veral topo logy cha nges or fai lur es, you ca n re set the unit numb ers u sin g the “ Ren umber ing ” co mmand.
Basic System Settin gs 4-8 4.
5-1 Chapter 5: Settin g an IP Address This chap ter describe s how to conf igure an IP v4 interface for man agement ac cess over the net work. This switch sup ports both IPv4 an d IPv6, an d can be man aged throug h either of these address types.
Setting an IP Addre ss 5-2 5 Manual Config uration We b – Click Sy stem, IP Co nfiguration. Select the VLAN t hrough whic h the manage ment station is attac hed, set the IP Address M ode to “S tatic,” Enter the IP address , subnet ma sk and gat eway , then click Apply .
Setting the Switc h’s IP Address (IP V ersion 4) 5-3 5 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switch to be dyna mic ally co nfi gur ed by th ese serv ices .
Setting an IP Addre ss 5-4 5 We b – If the address a ssigned by DHCP is no longer function ing, you will not be able to rene w the IP sett ings via the web i nterface . Y ou can o nly restart DHC P service vi a the web int erface if the current add ress is still av ailable.
Setting the Switc h’s IP Address (IP V ersion 6) 5-5 5 length, an d using the EUI- 64 form of the interface iden tifier to auto matically cre ate th e low- orde r 64 bit s in t he host port ion of the add ress . - You can also manually c onfigure the global unicast a ddress b y enterin g the full addr ess an d pref ix le ngth .
Setting an IP Addre ss 5-6 5 IP Addr ess • Auto Configuration – Ena bles stat eless autoc onfigura tion of IPv6 ad dresses o n an inter face a nd enab les IP v6 funct ionality on th e interfac e.
Setting the Switc h’s IP Address (IP V ersion 6) 5-7 5 length of the general prefix takes pr ecedenc e, and some of the addres s bits entered in the IPv6 Address field will be ignored. • Address Ty pe – Defines th e address type configur ed for this in terface.
Setting an IP Addre ss 5-8 5 Curr ent Addr ess T able • IPv6 Ad dress – IPv6 address assigned to this interface. In addition to the un icast add resses ass igned t o an interfa ce, a nod e is requ.
Setting the Switc h’s IP Address (IP V ersion 6) 5-9 5 We b – Click Sy stem, IPv 6 Configura tion, IPv6 Con figurat ion. Set the IP v6 default gateway , specify t he VLAN to c onfigure, en able IPv6, and set the M TU. Then enter a global uni cast or link-l ocal addres s and click Ad d IPv6 Addr ess.
Setting an IP Addre ss 5-10 5 CLI – Th is e xampl e co nfig ures an I Pv6 g atewa y , spec ifi es th e mana geme nt interface, configur es a globa l unicast addr ess, and the n sets the MTU.
Setting the Switc h’s IP Address (IP V ersion 6) 5-11 5 We b – C lick Syst em, IPv6 Config uration, IPv 6 Gene ral Prefix . Click A dd to open the editing fiel ds for a prefix entry . Ente r a name for the general prefix, the value for the general pr efix, and the prefix lengt h.
Setting an IP Addre ss 5-12 5 - Con figuring a val ue of 0 disab les duplicat e addres s detectio n. - Dup licate address detection deter mines if a new unicas t IPv 6 addre ss alrea dy exists on t he networ k before it is assi gned to an interface.
Setting the Switc h’s IP Address (IP V ersion 6) 5-13 5 - PRO BE - A reach ability confir mation is ac tively sough t by resen ding neighb or solicitat ion messa ges every RetransT imer inter val until con firmation of reachab ility is receive d. - ?? ?? - Unknown s tate.
Setting an IP Addre ss 5-14 5 We b – Click Sy stem, IPv6 C onfigura tion, IPv6 ND N eighbor . T o confi gure the Neighbo r Detec tion prot ocol set tings, select a VLAN i nterface, set the numb er of attempts allow ed for dupl icate add ress detect ion, set the int erval for nei ghbor solicitation messa ges, a nd click Apply .
6-1 Chapter 6: Managing System Files This chap ter describe s how to upgr ade the sw itch ope rating software, save and restor e switch co nfigura tion files, an d set the sy stem start-u p files. Managing Firmware Y ou ca n upload/d ownload f irmware to or from a TFTP se rver .
Managing System Files 6-2 6 Downloading System Software fr om a Server When dow nloadin g runtime cod e, you can specify the destinatio n file name to replace th e current im age, or first dow nload th e file using a differen t name from the current ru ntime co de file, and then set the new f ile as the startup fi le.
Managing F irmware 6-3 6 T o delete a f ile select Syst em, File Manag ement , Delete. Select the file name from the given l ist by check ing the tick bo x and click Ap ply . Note th at the file curr ently designa ted as the startu p code cann ot be delete d.
Managing System Files 6-4 6 Saving or Restoring Conf iguration Settings Y ou ca n upload/ downlo ad configurat ion setting s to/from a TF TP server . The configur ation file can be later dow nloaded to restore the switch’s setting s.
Saving or Res toring Configurati on Settings 6-5 6 Downloading Configur ation Settings from a Server Y ou ca n downl oad the config uration file un der a new file name and then set it as the startup file, or you can spec ify the c urrent sta rtup conf iguration file as the destinat ion file to direct ly replace it.
Managing System Files 6-6 6 CLI – Enter the IP ad dress of t he TFTP s erver , specif y the sour ce file on t he ser ver , set the startup file name on the switch , and then res tart the switch . T o selec t another co nfiguration f ile as the start-u p configur ation, use the boot system command a nd then res tart the switch.
7-1 Chapter 7: Console Port Settings Y ou ca n acces s the onboar d configur ation prog ram by attaching a VT1 00 compatible de vice to the switch’s serial console por t. Manage ment acces s throug h the con sole po rt is contr olled by various parameters , includin g a passwor d, timeou ts, and basi c commu nication settings .
Console Port Setti ngs 7-2 7 We b – Click S ystem, Line, Cons ole. Specify the conso le port con nection para meters as req uired, th en click Apply . Figure 7-1 Conf iguring the Console Port CLI – Enter Line Co nfigurat ion mode for the console, t hen specify the conne ction parameter s as require d.
8-1 Chapter 8: Telnet Settings Y ou ca n acces s the onboar d configur ation prog ram over the ne twork using T elnet (i.e., a vir tual termin al). Man agemen t access via T elne t can be e nabled/di sabled and other va rious paramet ers set, includ ing the TCP port numbe r , tim eouts, and a password.
T elnet Setti ngs 8-2 8 Figure 8-1 Conf iguring th e Telnet In terfac e CLI – Enter Line Co nfigurat ion mode f or a virtual term inal, then spe cify the connection parameters as requir ed. T o displa y the curr ent virtual terminal s ettings, use the sho w line comma nd from t he Nor mal Exe c leve l.
9-1 Chapter 9: Configur ing Event Logg ing The sw itch allow s you t o control t he logg ing of err or messag es, incl uding th e type o f events that are re corded in sw itch memory , logging to a rem ote System Log (syslog ) server, and disp lays a list of recent even t messa ges.
Configuring Ev ent Logging 9-2 9 We b – Click Sy stem, Lo gs, System Logs. S pecify Syst em Log Status, set the lev el o f event messa ges to be l ogge d to RA M and f lash memory , th en cli ck Ap ply . Figure 9-1 Syste m Logs CLI – Enable system lo gging and t hen specif y the level of messa ges to be log ged to RAM an d flash memo ry .
Remote Log Confi guration 9-3 9 • Host IP Address – S p ecifies a new server IP address to add to the Ho st IP List. We b – Click System, Logs, Remote Logs. T o add an IP address to t he Host IP Lis t, type the new IP address in the Host IP Ad dress box , and then clic k Add.
Configuring Ev ent Logging 9-4 9 Displaying Log Message s Use the Log s page to scro ll through the lo gged syst em and event messag es. The switch can store up to 20 48 log entr ies in tempo rary rando m acces s memory (RAM; i.e., memor y flushed o n power res et) and up to 40 96 entries in permane nt flash memory .
Sending Simple Mail T ransfer Protocol Alerts 9-5 9 • SMTP Se rver List – S peci fies a li st of up t o t hree r eci pie nt SM TP se rver s. The switch attempts to connect to th e other listed se rvers if the fir st fails. Use the New SMTP Serv er text field an d the Add/Rem ove butto ns to configur e the list.
Configuring Ev ent Logging 9-6 9 CLI – Enter the IP ad dress of a t least on e SMTP se rver , set the s yslog seve rity level to trigger a n email me ssage, an d specify t he switch ( source) and up to five r ecipient (destina tion) email addr esses.
10-1 Chapter 10: Setting the Sys tem Clock Simple Network T ime Protocol (SNTP) allows the switch to set its int ernal clock based on pe riodic upd ates from a time s erver (SN TP or NTP). Main taining an accurate t ime on the s witch enabl es the syste m log to recor d meaningf ul dates an d times fo r event entri es.
Setting the System C lock 10-2 10 CLI – This examp le configu res the switch to operate a s an SNTP cli ent and then displays the curre nt time and se ttings.
11-1 Chapter 11: Simple Network Management Protoco l This chap ter describe s how to confi gure the Simp le Networ k Manag ement Protoc ol (SNMP) on the s witch. SNMP Overview SNMP is a com municat ion protoco l designe d spe cifically for manag ing dev ices on a network .
Simple Network Manag ement Protocol 11-2 11 securi ty models v1 an d v2c. The f ollowing table shows the s ecurity m odels an d levels ava ilable and the system default se ttings. Note: The predefined default groups and view c an be deleted from the system.
Setting Community Access Strings 11-3 11 CLI – The followi ng exampl e enables SN MP on the sw itch. Setting Community Acces s Strings Y o u may configur e up to five comm unity st rings autho rized for man agemen t access by clien ts using SN MP v1 and v 2c.
Simple Network Manag ement Protocol 11-4 11 Specifying Trap Manage rs and Trap Type s T raps indic ating status c hanges ar e issued by the switch to speci fied trap m anager s.
Specifying Trap Managers and Trap T ypes 11-5 11 Version 1 or 2c clients), or d efine a corres ponding “User Nam e” in the SNM Pv3 Users pag e (for Version 3 clients). (R ange: 1-32 c haracte rs, case sen sitive) • Trap UDP Port – Specifies th e UDP port num ber use d by the trap man ager.
Simple Network Manag ement Protocol 11-6 11 We b – Click SN MP , Configura tion. Enter the IP addres s and commu nity string for each management stat ion that will receive trap messages, specify the UDP port, SNMP trap ve rsion, t rap secu rity le vel (for v3 clients), trap info rm set tings (f or v2c/ v3 clients), an d then click Add.
Configuring SNMPv 3 Management Access 11-7 11 Setting a Local Engine ID An SNMP v3 eng ine is an independ ent SN MP agen t that res ides on t he switch .
Simple Network Manag ement Protocol 11-8 11 The en gine ID can be speci fied by ente ri ng 1 to 26 hex adec imal char acte rs. If less than 26 ch aracters ar e specified , trailing zer oes are add ed to the value. For example, the value “ 1234” is equiva lent to “12 34” followed by 22 zeroes .
Configuring SNMPv 3 Management Access 11-9 11 • Authen tication Passwo rd – A min imum of ei ght plain te xt charact ers is req uired. • Privacy Protocol – The en cryption algorithm use f or data privacy; on ly 56- bit DES is currentl y available.
Simple Network Manag ement Protocol 11-10 11 CLI – Us e th e snmp-s erver u ser comm and to conf igure a new user name an d assign it to a group. Configuring Remote SNMPv3 Users Each SNMP v3 user is defined by a uniq ue name. U sers must be co nfigured with a specific security le vel and ass igned to a group.
Configuring SNMPv 3 Management Access 11-11 11 • Privacy Protocol – The en cryption algorithm use f or data privacy; on ly 56- bit DES is currentl y available. • Privacy P asswor d – A minimum of eight plain text character s is required . We b – Click SNM P , SNMPv3, R emote User s.
Simple Network Manag ement Protocol 11-12 11 CLI – Us e th e snmp-s erver u ser comm and to conf igure a new user name an d assign it to a group. Configuring SNMPv3 Groups An SNMP v3 group se ts the acces s policy for its ass igned use rs, restrict ing them to specific read, write, and notify view s.
Configuring SNMPv 3 Management Access 11-13 11 T a ble 11-2 Support ed Notifica tion M essages Object La bel Objec t ID De scription RFC 1493 Traps newRoot 1.
Simple Network Manag ement Protocol 11-14 11 Private Tr aps - swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.95.2. 1.0.1 This trap is sent wh en the power state chan ges. swFanFai lureTra p 1.3 .6.1.4. 1.259.6.1 0.95.2.1.0 .17 This tr ap is sent when t he fan fail s.
Configuring SNMPv 3 Management Access 11-15 11 We b – Click SNMP , SNMPv3, Groups. Clic k New to configure a new group. In the New G roup page , define a name, assign a secur ity model and le vel, and then sel ect read, wr ite, and notify vi ews. Click Ad d to save the ne w group and return to th e Groups list.
Simple Network Manag ement Protocol 11-16 11 Setting SNMPv3 Views SNMPv 3 views are us ed to res trict user a ccess to specified por tions of the MIB tree. The prede fined view “defaultvi ew” include s access to th e entire MIB tree. Command Attributes • View Name – The nam e of the SNMP view.
Configuring SNMPv 3 Management Access 11-17 11 CLI – Us e th e snmp-s erver vi ew comma nd to config ure a new vi ew . Thi s examp le view incl udes the MIB-2 in terfaces ta ble, and the wild card mask select s all in dex entries. Console(config)#snmp-server view ifEntry.
Simple Network Manag ement Protocol 11-18 11.
12-1 Chapter 12: User Authentication This chap ter describe s how to conf igure the swi tch to authent icate use rs logging int o the sy stem f or manag emen t access using local or remo te aut henticati on me thods.
User Authenticatio n 12-2 12 We b – Click Sec urity , Use r Accounts. T o configure a new user accoun t, enter the user nam e, acces s level, a nd passwo rd, then click Add. T o chan ge the pass word for a specifi c user , enter the u ser name and new passwor d, confirm the password b y ent erin g it agai n, then cli ck A pply .
Configuring Loc al/Remote Logon Authentication 12-3 12 RADIUS uses UDP while T ACACS+ uses TCP . UDP on ly of fers best ef fort delivery , while TCP o ffers a connecti on-oriented transport.
User Authenticatio n 12-4 12 - ServerIndex – Speci fies one of five RADIU S servers th at may be con figured. The switch at tempts authenticat ion using the l isted sequ ence of serve rs. The process ends whe n a server eithe r approv es or denies ac cess to a us er.
Configur ing HTTPS 12-5 12 CLI – Specify all the required parameters to enable logon authent ication. Configuring HTTPS Y ou ca n config ure the switch to enable th e Secure Hyp ertext Transfer Proto col (HTTPS ) over the Secu re Socket Layer (SS L), providi ng secure access (i.
User Authenticatio n 12-6 12 - The client and ser ver gene rate sessi on keys for encryptin g and decr ypting dat a. • The c lient and serve r esta blish a secure encryp ted co nnection . A padlock icon should appear in the status bar for Internet Expl orer 5.
Configur ing HTTPS 12-7 12 obt ai n a uniq ue cer tif icat e and a pr ivat e key an d pa sswor d from a reco gniz ed certifica tion autho rity . Note: For maximum security, we recom mend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity.
User Authenticatio n 12-8 12 Configuring the Secure S hell The Berkl ey-standard includes rem ote acce ss tools orig inally desi gned for Un ix systems. Some of the se tools hav e also bee n implemen ted for Micr osoft Window s and other environm ents.
Configuri ng the Secure Shell 12-9 12 client’s gran ted manage ment ac cess to the swi tch. (Note th at these clie nts must be config ured loca lly on the sw itch via the Use r Accounts page as de scribed on page 12-1.) Th e clients are subs equently authentic ated using the se keys.
User Authenticatio n 12-10 12 Authenticating SSH v2 Clients a.The client fir st queries the sw itch to determine if D SA public key authe ntication us ing a preferr ed algorithm is acceptable. b.If the spec ified alg orithm is supp orted by the switch, it notifies the cli ent to procee d with the aut henticati on proces s.
Configuri ng the Secure Shell 12-11 12 We b – Click Security , SSH, Host-Key Settings. Sel ect the host-key type f rom the drop-down box, s elect the option to save the host key f rom memory to fla sh (if required ) prior to gener ating the key , and then c lick Genera te.
User Authenticatio n 12-12 12 Configuring t he SSH S erver The SSH se rver incl udes basic se ttings fo r authentica tion. Field Attributes • SSH Server Status – Allo ws you to enab le/disable the SSH serve r on the switch. (Def aul t: D isab led) • Version – The Secu re S hell vers ion numb er.
Filtering IP Add resses for Manageme nt Access 12-13 12 CLI – This examp le enables SSH, sets the auth enticatio n parameters, and displays the cur rent confi guration . It sho ws that t he adm inistrator h as mad e a conn ection via SHH, and then disables this connec tion.
User Authenticatio n 12-14 12 • End I P Addr ess – The en d address of a r ange. We b – Click Secur ity , IP Filter. Enter the IP addres ses or ran ge of address es that are allowe d manage ment acces s to an interface , and click Add IP Filtering En try .
13-1 Chapter 13: Configur ing Port Security Port securit y is a feature t hat allows you to configur e a switch por t with one or mor e device MA C addres ses that are authorize d to acces s the netw ork through that port.
Configuring Port Security 13-2 13 We b – Click Security , Port Security . Set the action to take when an invalid address is detected o n a port, mar k the checkb ox in the Status column to enabl e securit y for a port, set the maxi mum num ber of M AC addr esses all owed on a port, and click A pply .
14-1 Chapter 14: Config urin g 802.1X Po rt Authentication Netw ork switch es can pr ovi de ope n and eas y acce ss to ne twor k resou rces by simply attac hing a client PC.
Configuring 802.1 X Port Authentica tion 14-2 14 The oper ati on of dot1 x on the swit ch r equi res the f oll owin g: • Th e swi tch must have an IP addr ess assi gned. • The IP addr ess of the R ADIUS se rver must be specified . • 802.1X mus t be enabled globally for the switch.
Configuring 802.1X Global Settings 14-3 14 Configuring 802.1X Glob al Settings The 80 2.1X proto col pr ovi des po rt aut hent ica tion . The 80 2.1X pr oto col mus t be enabled globa lly for the swit ch syst em b efore por t sett ings are active. Command Attributes 802.
Configuring 802.1 X Port Authentica tion 14-4 14 • Max Reque st – Sets the maximum nu mber of times the switch p ort will retransmit an EAP request packet to the client bef ore it tim es out the aut henticatio n session .
Configuring Port Se ttings for 80 2.1X 14-5 14 CLI – Th is ex ampl e se ts the 802. 1X p aram eter s on p ort 2. For a des crip tio n of t he addition al fields disp layed in this e xample, see “show dot1 x” on page 43 -6.
Configuring 802.1 X Port Authentica tion 14-6 14 Displaying 802.1X Stat istics Thi s swit ch c an d isp lay s ta tist ics for dot1 x prot oco l exc han ges f or an y po rt. T a ble 14-1 8 02.1X St atistics Paramete r Descr iption Rx EAPO L Start The numb er of EAPOL Start fra mes that ha ve been re ceived b y this Authe nticator.
Displaying 8 02.1X Statistics 14-7 14 We b – Select Security , 802.1X, S tatisti cs. Select the required port and then click Query . Click Refresh to upd ate the sta tistics. Figure 14-4 8 02.1X Po rt Statistic s CLI – Th is ex ampl e di spl ays t he do t1x st atis tic s fo r po rt 4.
Configuring 802.1 X Port Authentica tion 14-8 14.
15-1 Chapter 15: Access Control Lists Access C ontrol Lists (AC L) provid e packet filtering f or IPv4 frame s (based on addr ess, prot ocol , Laye r 4 prot ocol port number or TCP co ntro l code ), IPv6 fra mes (based on add ress, next h eader ty pe, or flow l abel), or any f rames ( based o n MA C address or Ethern et type).
Access Co ntrol Lists 15-2 15 the “TC P” protocol is specifie d, then you ca n also filter pac kets bas ed on the TCP co ntrol code . • IPv6 Standard : IPv6 ACL mode that filters pac kets base d on the sou rce IPv6 addr ess.
Configuring a n Extended IPv4 ACL 15-3 15 We b – S pecify the action (i .e., Permit or Deny). Select the address type ( Any , Host, or IP). If you select “Host ,” enter a spe cific addr ess. If you se lect “IP ,” enter a subnet address and t he ma sk for an addr ess ra nge.
Access Co ntrol Lists 15-4 15 • Source/D estination Por t – Source/d estinatio n port numb er for the spe cified protocol type. (Range: 0-6553 5) • Source/D estination Por t Bit Mask – Decim al number represent ing the port bit s to match.
Configuring a n Extended IPv4 ACL 15-5 15 We b – S pecify the act ion (i.e., Perm it or Deny). Specify the sourc e and/or destinat ion addres ses. Select th e address type (Any , H ost, or IP). If you select “Host,” enter a spec ific addr ess. If y ou s elect “IP ,” e nter a s ubnet address and t he mask for an address r ange.
Access Co ntrol Lists 15-6 15 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any com bination of permit or deny r ules. • Source/D estination Address Type – Use “Any.
Configuring a Stand ard IPv6 ACL 15-7 15 We b – S pecify the act ion (i.e., Perm it or Deny). Specify the sourc e and/or destinat ion addres ses. Select the address type (Any , Host, or MA C). If you sele ct “Host,” enter a sp ecific a ddress ( e.
Access Co ntrol Lists 15-8 15 • Source Prefix-Le ngth – A decimal value indicati ng how man y contiguou s bits (from the l eft) of the add ress compr ise the pre fix (i.e., the net work portio n of the address ). We b – S pecify the action (i .e.
Configuring a n Extended IPv6 ACL 15-9 15 • Dest inat io n Pref ix -Le ngth – A decimal value i ndicating h ow many c ontigu ous bits (from the l eft) of the add ress compr ise the pre fix (i.e., the net work portio n of the address ). • Next Header – Ident ifies the type o f heade r immedi ately fol lowing th e IPv6 header .
Access Co ntrol Lists 15-10 15 We b – S pecify the action (i .e., Permit or Deny). Select the address type ( Any or IPv6-pref ix). If y ou select “IPv6-pref ix,” enter a subne t addre ss and pr efix lengt h. Set any othe r required c riteria, such as ne xt header, DSCP , or flow label .
Binding a Port to an Ac cess Control Lis t 15-11 15 Binding a Port to an Acce ss Control List After configur ing the Acce ss Contro l Lists (ACL), yo u should bin d them to the por ts that need t o filter traffic. Y ou can onl y bind a port to on e ACL for eac h basic type – IPv4 ing ress, MAC i ngress, and IPv6 ingres s.
Access Co ntrol Lists 15-12 15.
16-1 Chapter 16: Port Configuration This chap ter describe s how to configure sw itch ports and di splay the cu rrent connect ion status. Displaying Connection S tatus Y o u can use the Por t Informa .
Port Configuration 16-2 16 Field Attributes (CL I) Basic informa tion: • Port type – Indi cates the port ty pe. (1000BAS E-T or SFP) • MAC address – The physi cal layer add ress for this port. (To ac cess this ite m on the web, see “ Setting the Swi tch’s IP Addr ess (IP Version 4)” on page 5 -1.
Displaying Con nection Status 16-3 16 CLI – This exam ple show s the connect ion status for Port 5. Console#show interfaces status ethernet 1/5 45-8 Information of Eth 1/13 Basic information: Port t.
Port Configuration 16-4 16 Configuring Interface Conn ections Y ou can u se the Po rt Conf iguration or Trunk Confi guration page to ena ble/disa ble an interface, set auto-ne gotiation an d the interfac e capabilities to adve rtise, or man ually fix the speed and du plex m ode.
Configuring In terface Connecti ons 16-5 16 We b – Cli ck P ort, Por t Conf ig urat ion o r T runk Confi gura tio n. Mo dif y th e requ ir ed interface settings, and click Apply . Figure 1 6-2 Po rt - Port C onfigurat ion CLI – Select the interface, and t hen ente r the required settings.
Port Configuration 16-6 16 Showing Port Statistics Y o u can displa y standard statis tics on netw ork traffic from the In terfaces Group and Ethernet- like MIBs, as well as a detailed bre akdown of traffic based on the RM ON MIB. Inter faces an d Ethernet-l ike statistics dis play errors on the traffic passing throug h each port.
Showing Port Statis tics 16-7 16 Transmit Discarded Pac kets The num ber o f outbou nd pack ets w hich were chosen to be discar ded even though no errors had been detected to preven t their b eing trans mitted. One poss ible rea son for di scarding s uch a pac ket cou ld be to fr ee up buffer spa ce.
Port Configuration 16-8 16 Received Frame s The total number of frames (b ad, broadc ast an d multicas t) received . Broadcas t Frame s The total number of good frames rec eived that were d irected to the broadcas t addre ss. Note th at this do es not incl ude mu lticast pac kets.
Showing Port Statis tics 16-9 16 We b – Click Po rt, Port S tatistics. Select the required interface, and c lick Query . Y ou can also use the Refres h button at the bottom of the page to updat e the screen.
Port Configuration 16-10 16 CLI – Th is e xampl e sh ows s ta tist ics for port 12. Console#show interfaces counters ethernet 1/12 45-9 Ethernet 1/12 Iftable stats: Octets input: 868453, Octets outp.
17-1 Chapter 17: Creating Trunk Groups Y o u can crea te multiple lin ks betwee n device s that work as o ne virtual, aggregate link. A por t trunk offers a dram atic incre ase in band width for networ k segmen ts where b ottlenec ks exi st, as well as provid ing a f ault-tolera nt link betwee n two switch es.
Creating Trunk Groups 17-2 17 Statically Configuring a T runk Command Usage • When co nfiguri ng static t runks, y ou may not be able to link sw itches of different ty pes, dependi ng on the man ufactu rer’s implemen tation. However, n ote that the st atic trunks on th is switch a re Cisco Ethe rChannel compatible.
Setting a Load -Balance Mode for Trunks 17-3 17 CLI – This examp le creates trunk 1 with ports 9 and 10. Just co nnect thes e ports to two static trun k ports on ano ther switch to form a trunk.
Creating Trunk Groups 17-4 17 • Destination MAC Address : All traffic w ith the sam e destinat ion MAC ad dress is output on t he sam e link in a trunk. Th is mode wo rks best for swit ch-to-swit ch trunk links wh ere traffic th rough the sw itch is dest ined for many differen t hosts.
Enabling LACP on Se lected Ports 17-5 17 CLI – The followi ng exam ple sets the load -balance m ethod to sou rce and destinat ion IP addre ss. Enabling LACP on Selec ted Ports Command Usage • To avoid c reating a loop in the networ k, be sure you enabl e LACP befor e connect ing the por ts, and also disconnect the ports befo re disab ling LACP.
Creating Trunk Groups 17-6 17 We b – Click Por t, LACP , Configur ation. Sele ct any of the swi tch ports from the scroll-dow n por t list and click Add. After you h ave com pleted adding ports to the member list, click Appl y . Figure 17-3 LACP Tru nk Config uration CLI – The follo wing examp le enabl es LACP for ports 1 to 6.
Configuring LACP Pa rameters 17-7 17 Configuring LACP Parame ters Dynami cally Creati ng a Port Chann el – Ports assigne d to a comm on port chann el must m eet the follo wing criter ia: • Ports must have the same LACP System Priority. • Ports must have the same LACP port Admin Key.
Creating Trunk Groups 17-8 17 We b – Click Port , LACP , Aggregat ion Port. Set the Sys tem Priority , Admin Key , and Por t Pri orit y fo r the Por t Act or .
Displaying L ACP Port Count ers 17-9 17 CLI – The followi ng exampl e configur es LACP param eters for por ts 1-10. Ports 1-8 are used as active me mbers of the LA G , ports 9 and 10 are set to ba ckup mod e. Displaying LACP Port Cou nters Y o u can displa y statistics for LAC P proto col messag es.
Creating Trunk Groups 17-10 17 We b – Click Port, LACP , Port Counte rs Information. Select a member port t o display the corres ponding information . Figure 17 -5 LAC P - Port C ounters I nformatio n CLI – The followi ng exam ple displays LACP coun ters for po rt channel 1.
Displaying LACP Setti ngs and Status for the Loc al Side 17-11 17 Displaying LACP Settings and Status for the Local Side Y o u can displa y configur ation setting s and the op erationa l state for the loca l side of an link aggreg ation.
Creating Trunk Groups 17-12 17 We b – Click Port, LACP , Port Internal In formation. Sele ct a port c hannel to displa y the corres ponding information . Figure 1 7-6 LA CP - Port Internal In formation CLI – The followi ng exam ple displays the LACP conf iguration settings and operat ional state for the lo cal side of por t channel 1.
Displaying L ACP Settings and Status for the Remote Si de 17-13 17 Displaying LACP Settings and Status for the Remote Side Y o u can displa y configur ation setting s and the op erationa l state for the remot e side of an link ag gregation. We b – Click Po rt, LACP , Port Neighbo rs Informa tion.
Creating Trunk Groups 17-14 17 CLI – The followi ng exam ple displays the LACP conf iguration settings and operat ional state for the re mote side of port chann el 1.
18-1 Chapter 18: Broad cast Storm Control Broadca st storms may occu r when a device on your net work is mal function ing, or if applicat ion progra ms are not we ll designed or properly co nfigured . If there is too much br oadcast traffic on your netwo rk, perfo rmance can be severel y degrad ed or everythi ng can com e to compl ete halt.
Broadcast Storm C ontrol 18-2 18 CLI – S pecify any i nterface , and then ent er the thresho ld. The fol lowing disab les broadca st storm control for po rt 1, and then sets b roadcast su ppression at 600 packets per sec ond for port 2.
19-1 Chapter 19: Configur ing Port Mirroring Y o u can mirr or traffic from any so urce port to a target po rt for real -time ana lysis. Y ou can then a ttach a logic analyz er or RMON probe to t he target port and study the traffic crossin g the source p ort in a com pletely unobt rusive m anner .
Configuring Port Mirroring 19-2 19 We b – Click Por t, Mirror Port Configurat ion. S pecify th e source po rt, the traffic type to be mirror ed, and the m onitor port, then click Add.
20-1 Chapter 20: Configuring Rate Limits This funct ion allows th e network manager to c ontrol the m aximum rat e for traffic transmi tted or recei ved on an inte rface. Rat e limiting is co nfigured on interfaces at the edge o f a network to limit traffic into or out of the switch .
Configuring Rate Limits 20-2 20 CLI - This exampl e sets the rate limit fo r input and o utput traffic passing thr ough port 1 to 600 M bps. Console(config)#interface ethernet 1/1 45-1 Console(config-.
21-1 Chapter 21: Address Table Settings Switche s store the add resses fo r all known devi ces. This inf ormatio n is used to pass traffic directly between the i nbound and outbound ports. All the addr esses learn ed by monito ring traffic are stor ed in the dynami c addres s table.
Address T abl e Settings 21-2 21 CLI – This exam ple adds an a ddress to the static address table, but sets it to be deleted when t he switch is re set. Displaying the Address Table The Dyna mic Addre ss T able con tains the MAC a ddresse s learned by monitorin g the source ad dress fo r traffic entering the switch.
Displaying the Address T able 21-3 21 We b – C lick Address T able, D ynamic Addresse s. S pecify the s earch t ype (i.e., mark the Inte rf ace, MAC A ddres s, or VL AN ch eckbo x), sel ect the metho d of sort ing the displaye d address es, and th en click Q uery .
Address T abl e Settings 21-4 21 Changing the Aging Time Y o u can set the a ging time fo r entries in the dy namic ad dress table. Command Attributes • Aging Status – Enab les/disabl es the aging f unction . • Aging Time – The time after whi ch a learned entry is disca rded.
22-1 Chapter 22: Spanning Tr ee Algorithm Conf iguratio n The S panning Tree Algorithm (ST A) ca n be used to det ect and disa ble network loops, and to provide ba ckup links betwe en switches , bridges or routers.
Spanning Tree Algorithm Configu ration 22-2 22 alternate r oute that ca n be used w hen a node or por t fails, and retaining the forwar ding database for ports insensit ive to chang es in the tree st ructure wh en reconf iguration oc curs. MSTP – When using STP or RSTP , it may be difficult to maint ain a stable path between a ll VLAN mem bers.
Displaying Global Settings 22-3 22 MSTP conn ects all bridge s and LAN segm ents with a singl e Comm on and Interna l S panning Tree (CIST). The CIS T is forme d as a result of the r unning spanni ng tree algorithm betwe en switc hes tha t suppor t the S TP , RSTP , MS TP prot ocols.
Spanning Tree Algorithm Configu ration 22-4 22 These addi tional param eters are on ly displayed for the CLI: • Spanning tree mode – Specifies th e type of spann ing tree us ed on this swi tch: - STP : Spann ing Tree Protoc ol (IEEE 802.1D ) - RSTP : Rapid Spa nning Tree ( IEEE 802.
Displaying Global Settings 22-5 22 We b – Click Sp anning T ree, ST A, Info rmation. Figure 22 -1 ST A Informa tion CLI – This command displays global ST A settings, followed by settings for each port .
Spanning Tree Algorithm Configu ration 22-6 22 Note: The current root por t and current root cost display as zer o when this device is not connected to the network. Configuring Global Setting s Global s ettings appl y to the entir e switch. Command Usage • Spannin g Tree Protoc ol 1 Uses RSTP for the internal state machi ne, but send s only 802.
Configuring Gl obal Settings 22-7 22 • Multiple S panning Tree Protoco l - To a llow multipl e spanning trees to op erate ov er the netwo rk, you mu st configur e a related se t of bridges w ith the same MSTP confi guration , allowing them to participat e in a spec ific set of spann ing tree in stances.
Spanning Tree Algorithm Configu ration 22-8 22 • Forward Delay – The maximum time (in seconds) this d evice will wai t before changin g states (i.e. , discarding to learning t o forwarding) . This dela y is required because e very devi ce must re ceive info rmation abo ut topolog y changes before it starts to forward frames.
Configuring Gl obal Settings 22-9 22 We b – Click Sp anning T ree, ST A, Configuratio n. Modify th e required attr ibutes, and click Apply . Figure 22-2 S TA Globa l Configur ation.
Spanning Tree Algorithm Configu ration 22-10 22 CLI – Th is e xampl e en able s S pan ning T re e Prot ocol, s et s th e mode to M ST , a nd then configu res the ST A an d MSTP paramet ers.
Displaying Interface Settings 22-11 22 • Desig nated Po rt – The port priority and numbe r of the port on the d esignated bridging device thro ugh which this switch m ust comm unicate with the root of the Span ning Tre e.
Spanning Tree Algorithm Configu ration 22-12 22 • Exte rnal path cost – The path cost f or the IST. This parameter is used b y the STA to d etermin e the best path b etween d evices. T herefo re, lower values sh ould be assi gned t o ports attached to fas ter med ia, and higher v alues a ssigned t o ports with slower media.
Configuring Inter face Settings 22-13 22 CLI – This examp le shows t he ST A attrib utes for port 5. Configuring Interface Sett ings Y ou ca n config ure RSTP and MSTP at tributes for sp ecific inter faces, incl uding port priority , path cost, link typ e, and edge port.
Spanning Tree Algorithm Configu ration 22-14 22 The follow ing interfa ce attributes ca n be con figured: • Spanning Tree – Ena bles/disables STA on this i nterface. (Default: Enabled ) • Priority – Defines th e priority us ed for this p ort in the Spanni ng Tree Protocol.
Configuring Mul tiple Spanning Trees 22-15 22 Migratio n button to man ually re-check the appropr iate BPDU for mat (RSTP or STP- comp ati ble) to s end o n th e se lect ed in terf aces . ( Defau lt : Dis abl ed) We b – Click Sp anning T ree, ST A , Port Configurati on or Trunk Config uration.
Spanning Tree Algorithm Configu ration 22-16 22 3. Add the VLANs that will share this MSTI (MSTP VLAN Configuration). Note: All VLANs are automatically added to the I ST (Instance 0). T o ensure that the MSTI maintains connectiv ity across the networ k, you mus t configure a relat ed set of bridges wi th the same MSTI s ettings.
Configuring Mul tiple Spanning Trees 22-17 22 CLI – This displays ST A settings for ins tance 1, follo wed by settings for each port. CLI – Th is ex ampl e se ts the prio rit y fo r MST I 1, and adds VLAN s 1-5 to this MSTI.
Spanning Tree Algorithm Configu ration 22-18 22 Displaying Interface Se ttings for MSTP The MSTP Po rt Information and MSTP Trunk Inform ation pages displa y the curren t status of por ts and tru nks in the sel ected MST instance. Field Attributes MST Instan ce ID – Inst ance ident ifier to configu re.
Configuring In terface Settin gs for MSTP 22-19 22 Configuring Interface Sett ings for MSTP Y ou ca n configur e the ST A inter face settin gs for an MST Instance using th e MSTP Port Confi guration and M STP Trunk Configu ration pages .
Spanning Tree Algorithm Configu ration 22-20 22 • Default: 128 • Range: 0- 240, in ste ps of 16 • Admin MST Path Cost – This parameter is used by the MSTP to determi ne the best path betwee n dev ices .
23-1 Chapter 23: VLAN Configuration In large netw orks, rou ters are use d to isolate br oadcast tr affic for each subne t into separate doma ins. This switc h provides a similar service at Layer 2 by using VLANs to organ ize any group of network no des into separ ate broadca st doma ins.
VLAN Configura tion 23-2 23 Note: VLAN-tagged frames c an pass throug h VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host th at does not support V LAN tagging.
Assigning Ports to VLANs 23-3 23 these hos ts, and core swit ches in the ne twork, enable GVRP on the links be tween these dev ices. Y ou sho uld also dete rmine se curity bound aries in th e network and disable G VRP on the bo undary po rts to prevent adv ertisem ents from bein g propagate d, or forbid thos e ports from jo ining restric ted VLANs.
VLAN Configura tion 23-4 23 Enabling or Disabling GV RP (Global Settin g) GARP VLAN Registra tion Protocol (G VRP) defines a way for switche s to exchange VLAN info rmat ion i n orde r to re gist er VL AN memb ers on port s acr oss th e netw ork .
Displayi ng Current VLAN s 23-5 23 CLI – Enter the fo llowing com mand. Displaying Current VLANs The VLAN Cu rrent T able sh ows the cur rent port me mbers of each VLAN and whether or not the port supp orts VLAN tagging. Por ts assigned to a larg e VLAN group th at crosses s everal switch es shou ld use VLAN tagging.
VLAN Configura tion 23-6 23 Command Attributes (CLI) • VLAN – ID of con figured VLAN (1-4093, no le ading zeroe s). • Type – Show s how this VLAN was added to the switch. - Dynamic : Automa tically le arned v ia GVRP. - Static : Added as a s tatic ent ry.
Adding Static Member s to VLANs (VLAN Ind ex) 23-7 23 We b – Click VL AN, 802.1Q VLAN, S tatic List. T o create a ne w VLAN, ente r the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lick Add . Figure 23 -4 VLA N Static L ist - Crea ting VL ANs CLI – Th is ex ampl e cr eate s a ne w VLA N.
VLAN Configura tion 23-8 23 Command Attributes • VLAN – ID of config ured VLAN (1 -4093). • Name – Name of t he VLAN (1 to 3 2 characters). • Status – Enabl es or disable s the specified VL AN. - Enable : VLAN is oper ational. - Disable : VLAN is suspe nded; i.
Adding Static Members to VLANs (Port Index) 23-9 23 CLI – The followin g exampl e adds tagged and untagged por t s to V LAN 2. Adding Static Members to VLANs ( Port Index) Use the VLAN S tatic M embership by Port menu to ass ign VLAN groups t o the selected interface as a tagged mem ber .
VLAN Configura tion 23-10 23 Configuring VLAN Behavio r for Interfaces Y ou can confi gur e VLAN behavi or fo r spe cif ic in terf aces , in clud ing th e defa ult VLAN identifier ( PVID), acce pted frame t ypes, ingress filtering, GV RP status, an d GARP time rs.
Configuring VL AN Behavior fo r Interfaces 23-11 23 • GARP L eave T imer 2 – The inter val a port w aits before l eaving a VL AN group. Th is time sh ould be s et to more than tw ice the joi n time. Th is ensures that after a Leave or LeaveA ll messag e has been i ssued, the ap plicant s can rejoin bef ore the port actually leaves the grou p.
VLAN Configura tion 23-12 23 CLI – Th is examp le sets port 3 to ac cept onl y tagged fr ames, as signs P VID 3 as the nati ve VLA N ID , e nab les GV RP , se ts t he G AR P ti mer s, a nd then se ts th e sw itc hpo rt mode to hybr id. Configuring IEEE 802.
Configuring IEEE 802.1 Q T unneling 23-13 23 When a dou ble-tagged pack et enters an other trun k port in an int ermedia te or core switch in the service p rovider ’s netw ork, the oute r tag is stripped for packet process ing. When the packet ex its another trunk p ort on the sam e core swi tch, the same SPVLAN tag is ag ain added to the packet.
VLAN Configura tion 23-14 23 3. After packet clas sification th rough the sw itching pro cess, the packe t is written to memor y wit h one t ag (an ou ter t ag ) or wi th t wo ta gs (b oth an oute r ta g an d inne r tag) . 4. The swit ch sends t he packet to the pro per egre ss port.
Configuring IEEE 802.1 Q T unneling 23-15 23 Configu ration Lim itations for QinQ • The native VLAN of uplink ports should not be used a s the SPVLAN. If the SPVL AN is the uplink port's native VLA N, the upl ink port mus t be an untagge d memb er of the SPVLAN.
VLAN Configura tion 23-16 23 Enabling QinQ Tunneling on the Switch The swit ch c an be con figur ed t o op erat e in nor mal V LAN mo de o r IE EE 80 2.1Q (QinQ) t unneling mod e which is used for passin g Layer 2 traffic acr oss a servic e provider ’s met ropolitan area net work.
Configuring IEEE 802.1 Q T unneling 23-17 23 Adding an I nterface t o a QinQ Tunnel Follow the guideline s in th e precedin g section to set up a QinQ tunnel on the swi tch. Use the VLAN Port Configura tion or VLAN Trunk Configur ation screen to set the access po rt on the edge switch to 802 .
VLAN Configura tion 23-18 23 Figure 2 3-1 Tunnel Port C onfigurati on CLI – This examp le sets port 1 to tunn el acces s mode, ind icates that the TPID used for 802.
24-1 Chapter 24: Configuring Private VLANs Private VLA Ns provid e port-bas ed security an d isolation between por ts within the assigne d VLAN. Data traffic on dow nlink po rts can only be forw arded to, and fr om, uplink p orts. (Note that pr ivate VL ANs and normal VLANs c an exi st simul taneously within the s ame switch.
Configuring Pri vate VLANs 24-2 24 Configuring Uplink and Do wnlink Ports Use the P riv ate V LAN Link S tatus p age t o set por ts as d ownli nk or up lin k por t s. Ports design ated as d ownlink po rts can no t commun icate with a ny other po rts on the switch except for the uplink ports.
25-1 Chapter 25: Configur ing Protocol-Based VLANs The net work dev ices requ ired to support multiple p rotoco ls cannot be easil y group ed into a common VLAN. This may require non-standard devices to pass traf fic between d ifferent VLANs in order to enco mpass all the dev ices participating in a specific protocol.
Configuring Prot ocol-Based VLANs 25-2 25 We b – Click VLA N, Proto col VLAN, Co nfiguration. Enter a protoc ol group ID, fram e type and p rotocol type , then click Ap ply . Figure 25-1 Protoc ol VLAN Con figuration CLI – The followin g creates protocol g roup 1, and th en specifies Ethernet fram es wit h IP and A RP pr otoc ol t ypes .
Mapping Protocol s to VLANs 25-3 25 We b – Click VL AN, Protocol VLA N, Port Con figuration. Sel ect a a port or trunk , enter a protoc ol group ID, the corresp onding VLAN ID, and click Apply .
Configuring Prot ocol-Based VLANs 25-4 25.
26-1 Chapter 26: Class of Se rvice Configuration Class of Service (CoS) allows you t o specify whi ch data packets have greater precede nce when traffic is buffered in the switc h due to cong estion. Th is switch supports Co S with eight priority queue s for each port.
Class of Serv ice Configurati on 26-2 26 We b – Click Priority , Default Port Priority or Defaul t Tr unk Priority . Modify the default priority for any inte rface, then c lick Apply . Figure 2 6-1 D efault Por t Priority CLI – Th is e xampl e as sign s a de faul t p rior ity of 5 to port 3.
Layer 2 Queue Settings 26-3 26 Mapping CoS Value s to Egress Queues This switc h process es Class of Ser vice (CoS) p riority tagged traffic by usi ng eight priority qu eues for each port, wit h service sch edules b ased on str ict or Weighted Round Ro bin (WRR ).
Class of Serv ice Configurati on 26-4 26 We b – Click Prior ity , T raf fic Classes. Assign priorities t o the traf fic classes (i.e., output que ues), then c lick Apply . Figure 2 6-2 Tr affic Class es CLI – Th e fo llo wing e xamp le s hows how t o ch ange t he C oS as sign ment s to a one-to -one mapping .
Layer 2 Queue Settings 26-5 26 Command Attributes • WRR - W eighted Round- Robin sha res bandwi dth at the egre ss ports by us ing schedul ing weight s 1, 2, 4, 6, 8, 10, 12 , 14 for queue s 0 throug h 7 respective ly . (This is th e default sel ection.
Class of Serv ice Configurati on 26-6 26 We b – Click Pr iority , Queu e Schedul ing. Select the interface, highlight a traffic clas s (i.e., output queue), ent er a weight , then click App ly . Figure 26-4 Q ueue Sch eduling CLI – The followi ng exam ple shows how to assign W RR weig hts to each of the priority qu eues.
Layer 3/4 Pri ority Settings 26-7 26 Layer 3/4 Priority Setti ngs Mapping Layer 3/4 Priori ties to CoS Values This swi tch supports seve ral comm on meth ods of prio ritizing laye r 3/4 traffic to meet applicat ion requirem ents.
Class of Serv ice Configurati on 26-8 26 Mapping IP Pr ecedence The T ype of Servi ce (T oS) oct et in t he IPv4 head er incl ude s three prec edenc e bit s defining eight different prior ity leve ls ranging from highes t priority for ne twork con trol pac ket s to lo west pri ori ty f or r out ine traf f ic.
Layer 3/4 Pri ority Settings 26-9 26 CLI – The followi ng exampl e globally ena bles IP Prece dence service on the sw itch, maps IP Prec edence va lue 1 to CoS val ue 0 (on port 1), and then disp lays the IP Pre ceden ce set ting s.
Class of Serv ice Configurati on 26-10 26 We b – Clic k P rior ity , IP DSC P Pr iori ty . Sel ect an e ntr y fr om t he D SC P tab le, ente r a value in th e Class of Servi ce V alue field, then click App ly .
Layer 3/4 Pri ority Settings 26-11 26 Mapping IP Por t Priori ty Y o u can also ma p network applicatio ns to Class of Service val ues based on the IP port numb er (i.e., TCP/UDP port numbe r) in the frame he ader . Some of the mor e common TC P service ports include: HTTP: 80, FTP: 21, T elnet : 23 and POP3 : 1 1 0.
Class of Serv ice Configurati on 26-12 26 CLI – The followin g exampl e globally ena bles IP Port Pr iority service on t he switch, maps HTTP traf fic (on port 1) to CoS value 0, and then displays th e IP Port Priorit y settings .
27-1 Chapter 27: Quality of Service The comm ands des cribed in this se ction are us ed to configur e Quality of Service (QoS) classi fication cri teria and serv ice policies.
Quality of Service 27-2 27 Configuring a Class Map A class map i s used for m atching packets to a spec ified class . Command Usage • To configur e a Class M ap, follow t hese step s: - Ope n the Class M ap page, an d click Add Cl ass. - When the Class C onfigurat ion p age ope ns, fill i n the “Class Name ” field, an d click Add.
Configur ing a Class Map 27-3 27 • IP Pre cedence – An IP Prece dence value . (Range: 0-7) • VLAN – A VLA N. ( Ran ge:1 -40 93) • Add – Adds specified cr iteria to the cl ass. Up to 16 ite ms are perm itted per cl ass. • Remo ve – Delete s the select ed criteri a from the cla ss.
Quality of Service 27-4 27 CLI - This exampl e creates a cl ass map ca ll “rd-class ,” and sets it to match packets marked for DSCP service value 3. Creating QoS Policies This funct ion create s a policy map t hat can be attached to multipl e interface s.
Creating QoS Poli cies 27-5 27 • Add Policy – Open s the “Poli cy Configur ation” pa ge. Enter a policy name and descript ion on this page , and click Add to open the “Policy Rul e Settings” pa ge. Enter the cr iteria used to service ing ress traffi c on this page .
Quality of Service 27-6 27 We b – Click QoS, Dif fServ , Policy Map to display t he list of exi sting policy map s. T o add a new policy map cl ick Add Polic y .
Attaching a Polic y Map to Ingress Queues 27-7 27 CLI – This exam ple cre ates a policy map cal led “r d-policy ,” sets the averag e bandwidth the 1 Mbps, the bur st rate to 1522 bps, and the respo nse to reduc e the DSCP value for viol ating packets to 0.
Quality of Service 27-8 27.
28-1 Chapter 28: Mult icast Filtering Multicast ing is used t o supp ort real- time applicat ions suc h as v ideocon ferencin g or streaming audio. A multicas t server does n ot have to establish a se parate conn ection with ea ch client.
Multi cast Fi lterin g 28-2 28 router/s witch to ens ure that mul ticast traffic is passed to all appropr iate interfac es within the switch. S t atic IGMP Host In terface – For mult icast applicati ons that you n eed to control more caref ully , you can manually assign a multic ast servic e to specific in terfaces on the switch (page 28-7).
Layer 2 IGMP (Snoop ing and Query) 28-3 28 • IGM P Ve rsio n — Sets t he protocol vers ion for compat ibility with oth er devices on the netw ork. (Range : 1-2; Defau lt: 2) Notes: 1. All syst ems on the subnet must support the same vers ion. 2. Some attributes are only enabled f or IGMPv2, including IGMP Report Delay and IGMP Query Timeout.
Multi cast Fi lterin g 28-4 28 Displaying Int erfaces Attached to a Multicast Router Multicast routers that are attached to ports on the swit ch use inform ation obtained fro m IGM P , alon g wi th a mult ica st r outi ng prot ocol suc h as D VMRP or PI M, t o supp ort IP m ulti cast ing acr oss t he I nter net .
Layer 2 IGMP (Snoop ing and Query) 28-5 28 Specifying Stat ic Interfaces for a Multicast Router Depend ing on you r network co nnection s, IGMP snooping may not al ways be a ble to locate the IGMP queri er .
Multi cast Fi lterin g 28-6 28 Displaying Port Members of Multicast Services Y o u can displa y the port mem bers ass ociated wi th a specifie d VLAN and multicast serv ice. Command Attribute • VLAN ID – Sele cts the VLAN fo r which to display port mem bers.
Layer 2 IGMP (Snoop ing and Query) 28-7 28 Assigning Ports to Multicas t Services Multicast filtering ca n be dynamic ally configur ed using IGM P Snoopin g and IGMP Query me ssages as described i n “Confi guring IGM P Snooping an d Query Parame ters” on page 28-2.
Multi cast Fi lterin g 28-8 28 CLI – Th is exa mple ass igns a m ulticast address to VLA N 1, and then di splays al l the kno wn mul tic ast serv ices su ppor ted on VL AN 1.
29-1 Chapter 29: Configuring Domain N ame Service The Domain Naming System ( DNS) service on thi s switch allows host names to be mapped to IP address es using s tatic table entries or by redirection t o other nam e server s on the netw ork.
Configuring Dom ain Name Serv ice 29-2 29 We b – Select DNS, General Con figuration. Set the defau lt domain na me or list of domain nam es, spe cify one or more name s ervers to us e to use for add ress resolution , enable domain looku p status, and cl ick Apply .
Configuring Stat ic DNS Host to Add ress Entries 29-3 29 Configuring Static DNS Ho st to Address Entr ies Y o u can man ually config ure static entries i n the DNS table that are use d to map domain names to IP addresse s.
Configuring Dom ain Name Serv ice 29-4 29 We b – Select DNS, S tatic H ost T able. Enter a host name an d one or more corres ponding a ddresse s, then click Ap ply . Figure 29-2 D NS Static Host T able CLI - Th is ex ampl e map s two ad dres s to a hos t na me, a nd th en co nfi gures an alia s host nam e for the sam e addre sses.
Displayi ng the DNS Cach e 29-5 29 Displaying the DNS Cach e Y o u can displa y entries in the D NS cac he that have b een learned via the des ignated name se rvers. Field Attributes • No – The entry nu mber for ea ch resource record. • Flag – Th e flag is alway s “4” indicatin g a cache ent ry and ther efore unreliab le.
Configuring Dom ain Name Serv ice 29-6 29 CLI - This examp le displays all the resour ce record s learned f rom the desig nated name ser vers. Console#show dns cache 58-7 NO FLAG TYPE IP T TL DOMAIN 0 4 CNAME 207.46.134.222 5 1 www.microsoft.akadns.net 1 4 CNAME 207.
30-1 Chapter 30: Switch Clustering Switch Clustering is a method of grou ping s witches togeth er to en able c entralized manage ment th rough a single un it. Switch es that s upport clustering can be grouped together regardles s of physica l location or switch type, as long as they a re connect ed to the sam e local net work.
Switch Clus tering 30-2 30 We b – Click Cluster , Configuration. Figure 30 -1 Clus ter Confi guration CLI – This example first enables c lustering on th e switch, set s the switch a s the cluster Co mmand er , a nd then con figures the c luster IP pool .
Cluster Member Information 30-3 30 We b – Click C luster , Membe r Configurat ion. Figure 3 0-2 C luster Mem ber Conf iguration CLI – Th is ex ampl e cr eate s a ne w cl uste r Memb er b y spe cif ying the Cand idat e switch MAC addres s and setti ng a Member ID.
Switch Clus tering 30-4 30 CLI – This exam ple show s informat ion about clus ter Memb er switche s. Cluster Candidate Informa tion Displa ys informat ion about disc overed s witches in the network t hat are alread y cluster M embers or are availa ble to become c luster Me mbers.
Section III:Command Line Interface This s ection p rovides a detailed descrip tion of t he C ommand Line In terface, along with exa mples for al l of the comm ands. Using th e Command Li ne Inter face . . . . . . . . . . . . . . . . . . . . . . . . . .
Command Line In terface Domain Na me Servic e Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 8-1 IPv4 Inte rface Comman ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59-1 IPv6 Inte rface Comman ds .
31-1 Chapter 31: Using the Command Line Interface This chap ter describe s how to use t he Comm and Line Inter face (CL I). Accessing the CLI When acc essing the managem ent inter face for the sw itch.
Using the Command Line Interface 31-2 31 T o acce ss the switc h through a T e lnet sessi on, you mus t first set the IP address for the switch , and set the default gatew ay if you ar e manag ing the switch from a different IP su bnet.
Entering Com mands 31-3 31 Entering Commands Thi s sect ion de scri bes how to ente r CLI co mmand s. Keywords and Argument s A CLI comma nd is a serie s of keywords and argumen ts. Keywords id entify a comm and, and argu ments speci fy configura tion parameters .
Using the Command Line Interface 31-4 31 Showing Com mands If you ente r a “?” at the com mand pr ompt, the sys tem will di splay the f irst level of keywords for the curren t comman d class (N ormal Exec or Privilege d Exec) or configuration c lass (Global, ACL, DHCP , Interface, Line, Router , VLAN Dat abase, or MSTP).
Entering Com mands 31-5 31 Partial Keyword Lookup If you termi nate a partial keyw ord with a question m ark, alternat ives that match the initial lette rs are provide d. (Rem ember not to l eave a space bet ween the c ommand and quest ion mark.) For examp le “ s? ” shows all the keyw ords starti ng with “s.
Using the Command Line Interface 31-6 31 Understanding Command Modes The comm and set is d ivided into Exec and Conf iguration clas ses. Exe c command s general ly display inf ormatio n on system status or clear statist ical count ers.
Entering Com mands 31-7 31 Configurati on Commands Configu ration comm ands ar e privileged level com mands us ed to modify s witch settings . These comm ands modif y the running co nfiguration onl y and are not saved when the sw itch is reb ooted.
Using the Command Line Interface 31-8 31 T o enter the other mode s, at the con figuratio n prompt type one of the foll owing comm ands. U se the exit or end command to retur n to the Priv ileged Exec mode.
Entering Com mands 31-9 31 Command Line Processi ng Comma nds are not ca se sens itive. Y ou can ab breviate commands and parameter s as long as they contain enoug h letters to differentiate them from any ot her curre ntly availabl e comman ds or parame ters.
Using the Command Line Interface 31-10 31.
32-1 Chapter 32: CLI Command Groups The syst em comm ands ca n be b roken do wn into th e functiona l groups s hown be low . T a ble 32-1 Comma nd Group Index Comman d Grou p De scription Page General.
CLI Command Groups 32-2 32 The access mode sho wn in the fol lowing tables is in dicated by the se abbrev iations: ACL (Access Control Li st Configu ration) MST (Multiple S panning Tree) CM (Class M a.
33-1 Chapter 33: General Commands This chap ter describe s general system co mmand s that apply to using the C LI. enable Thi s com mand a cti vate s Pri vil eged Exec mode . In pri vile ged mode, addi tio nal comm ands are available, and cer tain comman ds disp lay additi onal inform ation.
General Command s 33-2 33 Example Related Commands disable (3 3-2) enable pass word (41-2) disable This command r eturns to Normal Ex ec mode from priv ileged mode. In normal access m ode, y ou can only display b asic in formatio n on the sw itch's conf iguration or Etherne t statistics.
sho w hist ory 33-3 33 Example Related Commands end (33-4 ) show history This comm and show s the conte nts of the comm and histor y buffer . Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage The hist ory buf fer si ze is fix ed at 10 E xecut io n com mands and 10 Configur ation com mands.
General Command s 33-4 33 prompt Thi s com mand c usto miz es t he CL I pro mpt. Use the no form to restor e the defaul t prompt. Syntax prompt string no prompt string - Any alphanum eric string to use for the C LI prompt.
quit 33-5 33 Command Mode Any Example This examp le shows ho w to return to t he Privilege d Exec mode from the Glob al Configu ration mode , and then qui t the CLI ses sion: quit This c ommand exits the configu ration pr ogram.
General Command s 33-6 33.
34-1 Chapter 34: System Management Commands This secti on describ es comman ds used to configure inf ormation t hat unique ly identifie s the switch , and display o r configur e a variety of other system informat ion. hostname This comm and speci fies or mod ifies the host name fo r this device .
System Management C ommands 34-2 34 reload This com mand re starts the system . Note: When the system is restarted, it will always run the Power-On Self- Test. It will also retain all configuration info rmation stored in non-volatile m emory by the copy runni ng-confi g startu p-config command.
jumb o fra me 34-3 34 jumbo frame This comm and enabl es suppo rt for jumbo fram es. Use the no form t o disa ble it . Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mode Global Co nfigur.
System Management C ommands 34-4 34 Command Usage • Use this command in conj unction wi th the show runn ing-config command to compar e the inform ation in runn ing memo ry to the inform ation store d in non-volatile memory. • This co mmand displays settings f or key c ommand m odes.
show runn ing-config 34-5 34 Related Commands show runni ng-con fig (34-5) show running-config This comm and disp lays the con figuratio n informatio n currently i n use.
System Management C ommands 34-6 34 - Mul tiple spanni ng tree inst ances (na me and inte rfaces) - IP ad dres s - La yer 4 precede nce sett ings - Spa nning tree settings - Any configure d settings fo r the console po rt and Telne t Example Related Commands show startu p-config (34 -3) building running-config, please wait.
show sys tem 34-7 34 show system This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descr iption of th e items show n by this com mand, re fer to “D isplaying System In formatio n” on page 4-1.
System Management C ommands 34-8 34 Command Mode Normal Exec, Priv ileged Exec Command Usage The sess ion use d to ex ecute thi s com mand is indicate d by a “ *” symb ol next t o the Line (i.e ., session ) index num ber . Example show version Thi s comma nd dis play s hard ware an d sof twar e ver sio n infor mat ion for the sys tem .
show vers ion 34-9 34 Example Console#show version Unit1 Serial Number: 0000E8900000 Hardware Version: R01 EPLD Version: 1.02 Number of Ports: 24 Main Power Status: Up Redundant Power Status: Not present Agent (master) Unit ID: 1 Loader Version: 0.0.0.
System Management C ommands 34-10 34.
35-1 Chapter 35: File Management Commands Thes e comma nds ar e used to manag e sof twar e and config ura tion f ile s on the switch . Managing Firmw are Firmware can be uploade d and dow nloaded to o r from a TFTP serv er . By saving runtime cod e to a file on a TFTP s erver , that file can later be down loaded to the switch to restore oper ation.
File Manag ement Commands 35-2 35 copy This comm and mov es (upload/ downloa d) a code im age or confi guration file between t he switch’s flash m emory and a TFTP server. When you save t he system code or con figuratio n settings to a file on a TFTP serv er , that file can later be downloa ded to the switch to rest ore system operatio n.
copy 35-3 35 • To repl ace the st ar tup co nfig urat ion, you mus t use st artu p-c onfi g as the destinat ion. •U s e t h e copy file unit command to copy a lo cal file to another switch in t he stack. U se t he copy u nit file command to copy a file from another sw itch in the stack.
File Manag ement Commands 35-4 35 The follow ing exampl e shows how to downloa d a configur ation file: This examp le shows ho w to copy a se cure-sit e certificate from an TFTP s erver . It then r eboots the switch to act ivate t he cer tificate: This examp le shows ho w to copy a pub lic-key used by SSH from an TF TP server.
dir 35-5 35 Command Mode Privileged Exec Command Usage • If the file type i s used for sys tem startup, th en this file cannot be dele ted. • “ Fact ory_ Defa ult _Conf ig. cfg” can not be de let ed. • A colon (:) is required af ter the specifi ed unit num ber.
File Manag ement Commands 35-6 35 • Fi le i nfor mat ion i s sh own b elow: Example The follow ing exampl e shows how to display al l file informa tion: whichboot This c ommand displays which files were bo oted wh en the syste m powe red up. Syntax whichboot [ unit ] unit - S tack unit.
boot system 35-7 35 boot system This comm and speci fies the file or image use d to start up the sy stem. Syntax boot syst em [ unit : ] { boot-rom | con fig | opcode } : filename The type of file or i mage to set as a default includes: • boot-rom * - B oot R OM.
File Manag ement Commands 35-8 35.
36-1 Chapter 36: Line Commands Y ou ca n acces s the onboar d configur ation prog ram by attaching a VT1 00 compatible de vice to the server ’s seria l port. These co mman ds are used to set communicati on para meters for th e serial port or T elnet (i.
Line Commands 36-2 36 Command Mode Global Co nfigurati on Command Usage T elnet is co nsidered a vir tual termina l connecti on and will be sh own as “VTY” in scree n displays such as show us ers . Ho wever , the serial communicat ion parameter s (e.
password 36-3 36 • This co mmand c ontrols login au thentica tion via t he sw itch itself . To conf igure user na mes a nd pass words for remo te aut henticati on serv ers, you must us e the RADIUS or TACACS software instal led on those servers.
Line Commands 36-4 36 Related Commands login ( 36-2) password -thresh (36- 5) timeout login response This com man d se ts th e inte rva l th at the sys tem waits for a u ser to log into the CLI .
password-thr esh 36-5 36 Default Sett ing CLI: No timeout T elnet: 10 minutes Command Mode Line Co nfigurati on Command Usage • If user input is detected w ithin the timeo ut interv al, the sessi on is kept ope n; otherwise the session is terminat ed.
Line Commands 36-6 36 Related Commands silent-tim e (36-6) silent-time This comm and sets the am ount of tim e the manage ment co nsole is inacc essible after the numbe r of unsuc cessfu l logon attem pts exceed s the thresh old set by the password -thre sh command.
parity 36-7 36 Command Usage The da tab i ts comman d can be used t o mask th e high bit on i nput from devices that g enerate 7 data bi ts with parity . If parity is bei ng gene rated, specify 7 data bi ts per char acter . If no par ity is required, specify 8 data bi ts per charact er .
Line Commands 36-8 36 speed This command set s the ter minal line’ s baud rate . This command set s both the transmi t (to termina l) and receiv e (from te rminal) sp eeds. Use the no form to re stor e the defaul t setting. Syntax speed bps no speed bps - Baud rate in bits per second.
disconnect 36-9 36 Example T o speci fy 2 stop bits, enter th is comma nd: disconnect Thi s com mand t ermi nate s an SSH, T el net, or c onsol e co nnect ion . Syntax disconnect sessio n-i d sessio n-i d – The s ession identifier for an SSH, T elnet or con sole connection.
Line Commands 36-10 36 Example T o show all lines, ente r this comm and: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Sile.
37-1 Chapter 37: Event Logging Command s Thi s sec tio n desc ribe s co mmand s use d to con figur e ev ent logg ing on the swi tch. logging on This comm and cont rols loggin g of error mess ages, se nding deb ug or error messag es to a logging pr ocess.
Event Logging Comma nds 37-2 37 Related Commands logging hi story ( 37-2) logging trap (37-4) clear log (37-5) logging history This com mand limi ts syslog me ssages sa ved to sw itch memor y based on s everit y . The no form re turns the logging of sys log messages to t he default le vel.
logging host 37-3 37 Example logging host This comm and adds a syslog ser ver host IP address that will receiv e logging messag es. Use the no form to remove a s yslog serv er host. Syntax [ no ] logging host host_ip_ address host_ip_address - The IP address of a syslog server .
Event Logging Comma nds 37-4 37 Command Usage The comm and spec ifies the facilit y type tag sent in sys log messag es. (See RFC 3164. ) This type has no effect on the ki nd of messag es reporte d by the switch . Howeve r , it may be used by the syslog ser ver to sort message s or to store mes sages in the co rrespo nding database .
clear log 37-5 37 clear log This c ommand clears mess ages fro m the l og buffer. Syntax clear lo g [ f lash | ram ] • flas h - Event hist ory store d in flash memo ry (i.e., perm anent mem ory). • ram - Event histor y stored in tem porary R AM (i.
Event Logging Comma nds 37-6 37 Example The f ollo win g exam ple s hows th at sy stem logg ing is enab led , the mes sag e lev el for flash mem ory is “erro rs” (i.e., defau lt level 3 - 0) , and the mes sage level for RAM is “debugg ing” (i.
show log 37-7 37 show log This comm and disp lays the log m essages s tored in local memory . Syntax show log { flash | ra m } • flas h - Event hist ory store d in flash memo ry (i.e., perm anent mem ory). • ram - Event histor y stored in tem porary R AM (i.
Event Logging Comma nds 37-8 37.
38-1 Chapter 38: SMTP Alert Commands These com mands configure SM TP event han dling, and forwa rding of aler t messag es to the spec ified SMTP se rvers and email recipi ents. logging sendmail host This co mmand sp ecifies SMTP se rvers tha t will be s ent alert m essage s.
SMTP Alert Comm ands 38-2 38 Example logging sendmail level This command sets the severit y threshold used to trigger alert mess ages. Syntax logging s endmail level level leve l - One of the system message levels (page 9-1). Messages sent include the selected level down to level 0.
logging sendmail destination-ema il 38-3 38 Command Usage Y o u may use an sym bolic em ail addre ss that identif ies the switch , or the address of an admini strator r esponsi ble for the sw itch. Example logging sendmail destina tion-email This comm and speci fies the em ail recipie nts of alert messa ges.
SMTP Alert Comm ands 38-4 38 Example show logging sendmail This command displays the settings for the SMTP event handler . Command Mode Normal Exec, Priv ileged Exec Example Console(config)#logging sendmail Console(config)# Console#show logging sendmail SMTP servers ----------------------------------------- ------ 192.
39-1 Chapter 39: Time Commands The syste m clock can be dynamic ally set by p olling a set of spe cified time servers (NTP or SNTP ). Mai ntain ing an ac cura te t ime on t he sw itc h enab les the syst em l og to record meaningful d ates and times f or event e ntries.
Time Commands 39-2 39 Example Related Commands sntp s erver (3 9-2) sntp p oll ( 39-3) show sn tp (39-3) sntp server This comm and sets the IP address of the se rvers to w hich SNTP time requests are issued. U se the this com mand wi th no argum ents to clear all time servers from the current l ist.
sntp poll 39-3 39 Related Commands snt p cli ent (3 9-1) sntp p oll ( 39-3) show sn tp (39-3) sntp poll This comm and sets the in terval betwe en send ing time reques ts when the swi tch is set to SNTP client mode. Use the no form to res tore to the default.
Time Commands 39-4 39 Example clock timezone This command set s the t ime zone for t he switch’ s intern al clock. Syntax clock timezone name hou r hours minute minutes { before-utc | after-utc } • name - Nam e of timezo ne, usua lly an acron ym. (Range : 1-29 cha racters) • hours - Num ber of hour s before/ after UTC .
calendar s et 39-5 39 calendar set This comm and sets the sys tem cloc k. It may be used if there is no t ime serve r on your net work, or if you hav e not co nfigured the switc h to recei ve signal s from a time serv er . Syntax calenda r set hour mi n sec { day mont h ye ar | m onth da y yea r } • hour - H our in 24-hour fo rmat.
Time Commands 39-6 39.
40-1 Chapter 40: SNMP Commands Controls a ccess to th is switch fr om management st ations usin g the Simple Ne twork Manage ment Protoc ol (SNMP ), as well as the error types sent to trap mana gers.
SNMP Commands 40-2 40 snmp-server This comm and enabl es the SNMPv3 eng ine and ser vices for all man agement cli ents (i.e., versi ons 1, 2c, 3). Use the no form to dis able the ser ver .
snmp-server c ommunity 40-3 40 Example snmp-server community This comm and define s the SNMP v1 and v2c com munit y access strin g. Use the no form to rem ove the sp ecified co mmunity s tring.
SNMP Commands 40-4 40 • private - Read/wr ite acce ss. Aut horized m anagem ent stat ions are a ble to bo th ret rieve and modif y MIB obje cts. Command Mode Global Co nfigurati on Example snmp-server contact This comm and sets the sys tem con tact string.
snmp-s erver host 40-5 40 Command Mode Global Co nfigurati on Example Related Commands snmp- server contac t (40-4) snmp-server host This comm and speci fies the rec ipient of a Simp le Network M anagem ent Protoc ol notificat ion operati on. Use the no form to rem ove the sp ecified host .
SNMP Commands 40-6 40 • SNMP Version: 1 • UDP Port: 162 Command Mode Global Co nfigurati on Command Usage • If you do not en ter an snmp- server hos t comm and, no notifica tions are se nt. In ord er to co nfigure the swi tch to s end S NMP not ifications , you m ust en ter at least one snm p-serve r host com mand.
snmp-server enable traps 40-7 40 support s. If the snm p-serve r host co mmand doe s not spec ify the S NMP version, the default is to send SNMP ve rsion 1 not ifications. • If you specif y an S NMP Version 3 host, then t he com munity s tring i s interpret ed as an SNMP user name .
SNMP Commands 40-8 40 conjunc tion with the cor respond ing entries in th e Notify View ass igned by the snmp-s erver gro up comm and (page 4 0-11). Example Related Commands snmp- server ho st (40-5 ) snmp-server engine-id This comm and conf igures an iden tification s tring for the S NMPv3 eng ine.
show snmp engine -id 40-9 40 • A local eng ine ID is au tomatical ly generat ed that is un ique to th e switch. Th is is referred to as the defau lt engine ID. If the local engi ne ID is dele ted or changed, all SNMP users will be clear ed. You will need to reconfigure all existin g users (page 4 0-14).
SNMP Commands 40-10 40 snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove an SNM P view . Syntax snmp-s erver view view-nam e oid-tree { included | excluded } no snmp-s erver vi ew view-n ame • view-name - Name of an SNMP v iew.
show snmp vie w 40-11 40 sho w sn mp v iew This c ommand shows informati on on the SNM P view s. Command Mode Privileged Exec Example snmp-server group This comm and adds a n SNMP grou p, mappin g SNMP user s to SNMP view s. Use the no form to remove an SNMP group.
SNMP Commands 40-12 40 • writeview - Defines the view for write ac cess. (1-6 4 charact ers) • notifyvie w - Defines the view for notificati ons. (1-64 ch aracters) Default Sett ing • Default gr oups: pu blic 1 (read on ly), private 2 (read/write ) • readvi ew - Every obj ect belonging to the Inte rnet OID space (1.
show snmp group 40-13 40 show snmp group Four def ault groups are pr ovided – SNMP v1 read-o nly acce ss and read /write access, and SNMP v2c read -only acces s and read /write acc ess.
SNMP Commands 40-14 40 snmp-server user Thi s com mand a dds a use r t o an S NMP gr oup , res tri ctin g th e us er to a spe cif ic SNMP Re ad, Write, or No tify View .
show snmp user 40-15 40 Command Usage • The SNM P engine ID is used to comp ute the auth enticatio n/privacy di gests from the password. You should ther efore conf igure the en gine ID with the snmp-s erver engin e-id comm and befor e using this config uration co mmand.
SNMP Commands 40-16 40 T ab le 40-5 sh ow snm p user - di splay d escription Field Descr iption EngineId String identifying the engin e ID. User Nam e Na me of u ser conne cting to th e SNMP a gent. Auth ent icat ion Pr ot ocol T he aut hen tica tion proto col used w ith SN MPv 3.
41-1 Chapter 41: User Auth entication C ommands Y o u can config ure this swi tch to authen ticate use rs logging into the sys tem for manage ment ac cess using l ocal or remot e authen tication me thods. User Account Commands The bas ic com mands required for ma nageme nt acc ess ar e liste d in this section .
User Authenticatio n Commands 41-2 41 • access- level leve l - Specifies the user level. The devic e has two prede fined pri vilege levels: 0 : Normal Exec, 15 : Privileged Ex ec. • nopasswor d - No password is require d for thi s user to l og in.
Authentication Seq uence 41-3 41 Default Sett ing • The defau lt is level 15. • The defau lt passw ord is “supe r” Command Mode Global Co nfigurati on Command Usage • You c annot set a null passwor d.
User Authenticatio n Commands 41-4 41 • t aca cs - Use TACACS server pas sword. Default Sett ing Local Command Mode Global Co nfigurati on Command Usage • RADIUS uses UDP while T ACACS+ uses TCP . UDP on ly of fers best ef fort delivery , while TCP offers a co nnection- oriented tr ansport.
RADIUS Clie nt 41-5 41 Command Usage • RADIUS uses UDP while T ACACS+ uses TCP . UDP on ly of fers best ef fort delivery , while TCP offers a co nnection- oriented tr ansport.
User Authenticatio n Commands 41-6 41 radius-ser ver host This comm and speci fies prim ary and bac kup RADI US server s and auth entication par amet ers that ap ply t o each se rver .
RADIUS Clie nt 41-7 41 Command Mode Global Co nfigurati on Example radius-ser ver key This comm and sets the R ADIUS en cryption key . Use the no form to rest ore the default. Syntax radi us-s erve r key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client.
User Authenticatio n Commands 41-8 41 radius-ser ver timeout This comm and sets the in terval betwe en transmi tting auth entication requests to the RADIUS server .
T AC ACS+ Clie nt 41-9 41 TACACS+ Client T erminal Acce ss Controller Access Con trol System (T ACA CS+) is a logon authenti cation pro tocol that us es software ru nning on a cent ral server to control access t o T ACACS -aware de vices on t he networ k.
User Authenticatio n Commands 41-10 41 Default Sett ing 49 Command Mode Global Co nfigurati on Example tacacs-server key This comm and sets the T ACACS+ enc ryption k ey .
Web Server Commands 41-11 41 Web Server Commands This secti on describ es comman ds used to configure we b brows er managem ent access t o the switch . ip http port This comm and speci fies the TC P port numbe r used by the we b browse r interface . Use t he no form to us e the defaul t port.
User Authenticatio n Commands 41-12 41 Command Mode Global Co nfigurati on Example Related Commands ip http port (41- 1 1) ip http secure-s erver This comm and enable s the secur e hypertex t transfer prot ocol (HTTPS) over the Secure Socket Lay er (SSL ), providing secur e access (i.
Web Server Commands 41-13 41 • The follo wing web br owsers a nd opera ting system s current ly support H TTPS: • To specify a secure-si te certificate, see “Replac ing the Defa ult Secure-si te Certific ate” on page 12 -6. Also refer to the copy comm and on page 35-2.
User Authenticatio n Commands 41-14 41 Related Commands ip ht tp secu re-s erve r (41 -12 ) Telnet Server Commands This secti on describ es comman ds used to configure T elnet man agement access t o the switch . ip tel net server This command allows this device to be monitored or configured from T elnet.
Secure Shell Com mands 41-15 41 Secure Shell Command s Thi s sect ion de scri bes the comma nds us ed to co nfig ure th e SSH ser ver . Note th at you al so need to ins tall a SSH client on the manage ment station wh en using this protocol to configure t he switch.
User Authenticatio n Commands 41-16 41 2. Provide Host Public Key to Client s – Many SSH client p rograms automatically import the host public key during the i nitial connec tion setup with the switc h. Otherwi se, you n eed to manu ally create a known h osts file on the manage ment station and place the ho st public key in it.
Secure Shell Com mands 41-17 41 c.If a matc h is found, the s witch use s its secret key to gen erate a rand om 256-bit string as a ch allenge, enc rypts this string with the user ’ s public ke y , and send s it to the cli ent.
User Authenticatio n Commands 41-18 41 Example Related Commands ip ssh cryp to host-k ey genera te (41-20) show ss h (41-22) ip ssh t imeout This comm and conf igures th e timeout for the SSH se rver .
Secure Shell Com mands 41-19 41 ip ssh aut hentication-ret ries This comm and conf igures the num ber of time s the SSH serve r attempts to rea uthe ntic ate a us er .
User Authenticatio n Commands 41-20 41 delete publ ic-key This comm and dele tes the spec ified user ’ s public ke y . Syntax delete public-key userna me [ dsa | rsa ] • usernam e – N ame of an SSH user . (Range: 1-8 c haracters ) • dsa – DSA pu blic key type.
Secure Shell Com mands 41-21 41 Related Commands ip ssh crypt o zeroize (4 1-21) ip ssh sav e host-ke y (41-21 ) ip ssh cr ypto zero ize This comm and clea rs the host key f rom mem ory (i.e. RAM ). Syntax ip ssh cryp to zero ize [ dsa | rsa ] • dsa – DSA ke y type.
User Authenticatio n Commands 41-22 41 Example Related Commands ip ssh cryp to host-k ey genera te (41-20) show ip ssh This comm and disp lays the con nection se ttings use d when au thenticating client access to th e SSH server . Command Mode Privileged Exec Example show ssh This comm and disp lays the curr ent SSH server connectio ns.
Secure Shell Com mands 41-23 41 show public-key Thi s com mand s hows the publ ic ke y fo r th e sp ecifi ed u ser or fo r th e ho st. Syntax show p ublic-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys .
User Authenticatio n Commands 41-24 41 Example IP Filter Commands This secti on describ es comman ds used to configure I P manage ment acces s to the switch . management This comm and speci fies the clien t IP address es that a re allowed ma nagemen t access t o the switch through vari ous protoc ols.
IP Filter Com mands 41-25 41 Command Mode Global Co nfigurati on Command Usage • If anyo ne tries to a ccess a m anag ement inter face on the switch from an in valid address , the swit ch will rej ect the con nection, enter an ev ent messa ge in th e system l og, and sen d a trap mess age to the trap manager .
User Authenticatio n Commands 41-26 41 Example Console#show management all-client Management Ip Filter HTTP-Client: Start IP address End IP address ----------------------------------------- ------ 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.
42-1 Chapter 42: Port Security Commands These com mands can be used t o enable port se curity on a po rt. When us ing port securi ty , the swi tch stops l earning n ew MA C address es on th e specifi ed port w hen it has r eache d a conf igur ed max imum nu mber .
Port Security Commands 42-2 42 Command Usage • If you e nable p ort se curity, t he switch stops l earning n ew MA C add resses on the spec ified port whe n it has reac hed a configu red max imum numb er. Only incomin g traffic wi th source address es already stored in the dyna mic or st atic address table will be ac cepted .
43-1 Chapter 43: 802.1X Port Authentication The switch su pports IEEE 802 .1X (dot 1x) port-base d access co ntrol tha t prevents unautho rized acce ss to the ne twork by requ iring user s to first subm it creden tials for authenti cation.
802.1X Port Authentication 43-2 43 dot1x default This comm and sets all conf igurable dot1x globa l and port sett ings to their def ault values. Command Mode Global Co nfigurati on Example dot1x max-r.
dot1x oper ation-mode 43-3 43 • force- authorized – Confi gures the p ort to gr ant access to all c lients, eit her dot1x- aware or othe rwise. • force-unau thorized – C onfigur es the port to de ny access t o all clients, either dot1x -aware or otherwise .
802.1X Port Authentication 43-4 43 Example dot1x re-authenticate This comm and forces re-authen tication on all ports or a specific interface. Syntax dot1x re- authenticat e [ interface ] interfa ce • etherne t unit / port - unit - S tack unit. (Ran ge: A lway s 1) - port - Por t nu mber .
dot1x timeout quie t-period 43-5 43 • The con nected clien t is re-authe nticated after the inter val specified by the dot1x ti meout re-aut hperiod co mman d.
802.1X Port Authentication 43-6 43 Command Mode Interface C onfigur ation Example dot1x timeout tx-period This comm and sets the time tha t an interface on t he switch w aits during an authenti cation sessi on before re -transmitti ng an EAP packe t. Use the no form to reset to th e default val ue.
show dot1x 43-7 43 Command Usage This command displays the following information: • Global 8 02.1X Par ameters – Shows whet her or not 80 2.1X port authenti cation is globa lly enab led on the sw itch. • 802.1X Po rt Summary – Dis plays the por t access control para meters fo r each inter face that h as enabled 80 2.
802.1X Port Authentication 43-8 43 • Request Coun t– Numb er of EAP Reques t pa ckets sent to the Su pplicant without re ceiving a r esponse. • Identifi er(Server)– Identi fier carri ed in the most r ecent EAP Success, Failure or R equest pack et receive d from the Authen tication Ser ver.
44-1 Chapter 44: Access Cont rol List Commands Access C ontrol Lists (AC L) provid e packet filtering f or IPv4 frame s (based on addr ess, prot ocol , Laye r 4 prot ocol port number or TCP co ntro l code ), IPv6 fra mes (based on add ress, next h eader ty pe, or flow l abel), or any f rames ( based o n MA C address or Ethernet type).
Access C ontrol Lis t Commands 44-2 44 access-lis t ip This co mmand ad ds an IP acce ss list an d enter s configu ration mo de for standard or extende d IPv4 AC Ls.
IPv4 ACLs 44-3 44 Default Sett ing None Command Mode S tandard IPv4 ACL Command Usage • New rules are append ed to the end of the list. • Address bitmask s are simil ar to a subn et mask, containi ng four inte gers from 0 to 25 5, each separa ted by a p eriod.
Access C ontrol Lis t Commands 44-4 44 • host – Keywo rd followe d by a specific IP address. • precede nce – IP pre cedence lev el. (Ran ge: 0-7) • tos – Type of Ser vic e l evel . (Ran ge: 0-15 ) • dscp – DSCP p rior ity lev el. (Ran ge: 0-63 ) • sport – Prot ocol 1 sour ce port num ber.
IPv4 ACLs 44-5 44 Example This e xample accepts a ny incom ing pac kets if the sourc e addre ss is wi thin su bnet 10.7.1.x . For example, if th e rule is matched; i.e ., the rule (10.7.1. 0 & 255.255 .255.0) equals the masked ad dress (1 0.7.1.2 & 25 5.
Access C ontrol Lis t Commands 44-6 44 ip access-g roup This comm and bind s a port to an IPv4 ACL. Use t he no form to r emove the port. Syntax [ no ] ip access-group acl_na me in • acl_name – Name o f the ACL. (Max imum length: 16 c haracters ) • in – Indicat es th at this l ist app lies to i ngress packets .
IPv6 ACLs 44-7 44 IPv6 ACLs The com mands in thi s secti on conf igure A CLs b ased on IPv6 address es, ne xt header type , and flow la bel. T o confi gure IPv6 AC Ls, first crea te an access l ist co.
Access C ontrol Lis t Commands 44-8 44 Example Related Commands permit , deny (44-8) ipv6 a ccess-g roup (44-1 1) show ipv6 a ccess-l ist (44 -10) permit , deny (Standard IPv 6 ACL) This comm and adds a rule to a S tandard IPv6 ACL . The rule sets a filter co ndition for packets ema nating from the specif ied source .
IPv6 ACLs 44-9 44 permit , deny (Extended IPv6 ACL) This co mmand ad ds a rule to an Ex tended IPv 6 ACL. The rule s ets a filter c ondition for packets with spe cific des tination IP addresse s, next heade r type, or flo w label. Use t he no form to r emove a rule.
Access C ontrol Lis t Commands 44-10 44 e.g., in a hop- by-hop op tion. A flow is un iquely ide ntified by the co mbina tion of a sou rce address and a non-zero f low label.
IPv6 ACLs 44-11 44 Command Mode Privileged Exec Example Related Commands permit , deny (44-8) ipv6 a ccess-g roup (44-1 1) ipv6 access-group This comm and bind s a port to an IPv6 ACL. Use t he no form to r emove the port. Syntax [ no ] ipv6 acces s-group acl_na me in • acl_name – Name o f the ACL.
Access C ontrol Lis t Commands 44-12 44 Example Related Commands ipv6 a ccess-g roup (44-1 1) MAC ACLs The com mands in this secti on confi gure A CLs b ased on hardwa re addr esses, packet form at, and Ethernet type.
MAC ACLs 44-13 44 • An ACL c an co ntai n up to 3 2 ru les. Example Related Commands permit , deny (44-13 ) mac a ccess-g roup ( 44-15) show mac a ccess -list (44 -14) permit , deny (MAC ACL) This comm and adds a rule to a MAC ACL . The rule filters packets matching a specifie d MAC sour ce or dest ination addr ess (i.
Access C ontrol Lis t Commands 44-14 44 • source – Source M AC addres s. • destinat ion – Dest ination MAC ad dress ra nge with b itmask. • address - bitmas k 2 – Bit mask for MAC ad dre ss (i n hexi deci mal format ). • vid – VLAN ID.
MAC ACLs 44-15 44 Example Related Commands permit , deny 44-13 mac a ccess-g roup ( 44-15) mac access-group This comm and binds a po rt to a MAC AC L. Use the no form to remove the p ort. Syntax mac a ccess-group acl_ name in • acl_name – Name o f the ACL.
Access C ontrol Lis t Commands 44-16 44 Example Related Commands mac a ccess-g roup ( 44-15) ACL Information Thi s sect ion de scri bes command s used t o disp lay ACL info rmat ion. show access-list This comm and show s all IPv4 AC Ls and asso ciated rules .
ACL Informati on 44-17 44 Example Console#show access-group Interface ethernet 1/2 IP standard access-list david MAC access-list jerry Console#.
Access C ontrol Lis t Commands 44-18 44.
45-1 Chapter 45: Inte rface Commands Thes e comma nds ar e used t o disp lay or set comm unic atio n par amet ers for an Ethernet p ort, aggregate d link, or VLAN. interface This comm and conf igures an inte rface type and enter inter face configu ration mode .
Interface Com mands 45-2 45 Command Mode Global Co nfigurati on Example T o speci fy port 4, enter t he following command: description This comm and adds a description to an interfac e.
negotiation 45-3 45 Default Sett ing • Auto-ne gotiation is enabled by default. • When aut o-negoti ation is disa bled, the def ault speed- duplex set ting is: -Gig abit Ether net ports – 1000 f.
Interface Com mands 45-4 45 • If aut onegotiation is d isabled, auto-MDI/MDI- X pin signal configuration will also be disa bled for th e RJ-45 por ts.
flowcontrol 45-5 45 Example The follow ing exampl e configur es Etherne t port 5 capabilit ies to 100half and 100fu ll. Related Commands negotiat ion (45-3) speed-d uplex (45- 2) flowco ntrol (45-5) flowcontrol This comm and enabl es flow contr ol. Use the no form to disa ble f low con trol .
Interface Com mands 45-6 45 Related Commands negotiat ion (45-3) capabilitie s (flowcontr ol, symmet ric) (45-4) media-type This co mmand f orces the port type sel ected for comb ination por ts 21-24/4 5-48. Use the no form to restor e the default mode.
clear count ers 45-7 45 Command Usage This comm and allows you to disabl e a port due to ab normal beh avior (e.g., exces sive collisi ons), and the n reenable it after the problem ha s been resolved. Y ou m ay also wan t to disable a po rt for secur ity reasons.
Interface Com mands 45-8 45 show interfaces status This comm and disp lays the status for an interface . Syntax show in terface s status [ in terf ace ] interfa ce • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Por t nu mber .
show interf aces counters 45-9 45 show interfaces counter s This c ommand displays inte rface statist ics. Syntax show i nterface s cou nters [ inte rface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : Always 1) - port - Port num ber.
Interface Com mands 45-10 45 show interfaces switchp ort This comm and disp lays the admi nistrative an d operat ional status of th e specified int erfa ce s. Syntax show i nterface s switc hport [ inte rface ] interfa ce • etherne t unit / port - unit - Stack un it.
show interfaces switc hport 45-11 45 VLAN memb ershi p mode Indi cat es mem bers hip mode as Tr unk or Hyb rid ( page 5 2-8 ). Ingress ru le Shows if i ngress filtering is enabled o r disab led (page 52-9). Acceptab le fram e type Shows if a ccepta ble VLAN frames in clude all ty pes or tagged fra mes only (page 52-9).
Interface Com mands 45-12 45.
46-1 Chapter 46: Link Ag gregation Commands Ports can be statica lly grouped i nto an aggreg ate link (i.e. , trunk) to incr ease the bandwidth of a network co nnection or to ensure fa ult recove ry .
Link Aggregation Commands 46-2 46 • Al l the po rts i n a trun k have to be trea ted as a whol e when mov ed fro m/to , added or de leted from a VLAN via the spe cified port -channe l. • STP, VLAN , and I GMP sett ings can o nly be m ade for the entire tr unk via t he specifi ed port-cha nnel.
port channe l load-balance 46-3 46 port channel load-balanc e This c ommand sets the load-dis tribution method among ports in aggreg ated link s (for bot h static a nd dyna mic tr unks).
Link Aggregation Commands 46-4 46 - src-dst- ip : All traffic wit h the same so urce and de stination I P address is output on the sam e link in a trun k. This m ode work s best for switch- to-router tru nk li nks w her e traf fic thro ugh the sw itc h is r ecei ved f rom an d dest in ed fo r many dif fer ent ho sts.
lacp syst em-priority 46-5 46 Example The follow ing shows L ACP enabl ed on ports 10-1 2. Because LA CP has al so been enabled on the ports at the oth er end of the lin ks, the show i nterfaces s t atus port-chann el 1 comm and show s that Trunk1 has bee n established.
Link Aggregation Commands 46-6 46 Command Mode Interface C onfigur ation (Ether net) Command Usage • Port must be configur ed with the s ame system priority to join the same LAG. • System priority is comb ined with t he switch’ s MAC addr ess to form th e LAG ide nti fier .
lacp admin- key (Port Channel) 46-7 46 • Once the re mote sid e of a link has been establis hed, LACP op erational settings are already in use on that side.
Link Aggregation Commands 46-8 46 lacp port-priority This comm and conf igures LAC P port priorit y . Use the no form to rest ore the defaul t setting. Syntax lacp { actor | par t n e r } port-priority priority no lacp { actor | pa r t n er } po rt-p rior ity • actor - Th e local side an ag gregate link .
sho w lac p 46-9 46 Default Sett ing Port Ch annel: a ll Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel: 1 ----------------------------------------- -------------------.
Link Aggregation Commands 46-10 46 T able 46-3 show lacp internal - display d escripti on Field Descr iption Oper Key Cu rrent o perational value of th e key for the agg regation p ort. Admin Ke y Cu rrent a dministrativ e value o f the key fo r the agg regatio n port.
show port-c hannel load-bal ance 46-11 46 show port-channel load-b alance This comm and show s the settin g of the aggre gated link load -balanc e method. Default Sett ing None Command Mode Privileged Exec Partner A dmin Port Num ber Current admini strative va lue of the port nu mber for th e protoco l Partner.
Link Aggregation Commands 46-12 46 Example Console#show port-channel load-balance Source and destination IP address Console#.
47-1 Chapter 47: Broad cast Storm Control Comm ands These com mand s can be us ed to enab le broa dcast storm contro l on a port. Y ou can protect yo ur network f rom broad cast storm s by setting a threshold for broadcas t traffic for each po rt. Any broa dcast packe ts exceeding the specified threshold will then b e dropp ed.
Broadcast Storm C ontrol Command s 47-2 47.
48-1 Chapter 48: Mirror Port Commands This secti on describ es how to mir ror traffic from a so urce port to a target port. port monitor This c ommand config ures a m irror session.
Mirror Por t Commands 48-2 48 Example The follow ing exampl e configur es the swit ch to mirror al l packets from port 6 to 1 1: show port monitor This command displays mirror informa tion. Syntax sh ow port mon itor [ in terf ace ] interfa ce - ether net unit / port (source port) • unit - Stack un it.
49-1 Chapter 49: Rate Lim it Comm ands This funct ion allows th e network manager to c ontrol the m aximum rat e for traffic transmi tted or recei ved on an inte rface. Rat e limiting is co nfigured on interfaces at the edg e of a n etwork to limit tra ffic into or ou t of the network .
Rate Limit Command s 49-2 49.
50-1 Chapter 50: Address Table Commands Thes e comma nds ar e used to conf igur e the ad dres s ta ble fo r fil teri ng spe cifi ed addr esse s, di spla yin g curr ent en tri es, cle arin g the t abl e, or setti ng th e agin g time . mac-address-table stati c This comm and maps a static ad dress to a desti nation por t in a VLAN.
Address T able Commands 50-2 50 Command Usage The static add ress for a host de vice can be assigned to a specific po rt within a specifi c VLAN. Use this command t o add static addres ses to the MA C Address T able.
show mac-addr ess-table 50-3 50 show mac-address-table This comm and show s classes o f entries in the br idge-fo rwarding da tabase. Syntax show mac -addres s-t able [ address mac-addr ess [ ma sk ]] [ interf ace interface ] [ vlan vlan-id ] [ sort { address | vlan | interface }] • mac-a ddress - MAC a ddress.
Address T able Commands 50-4 50 mac-address-table agin g-time This comm and sets the agi ng time for entries in the add ress table. Us e the no form to restor e the default ag ing time. Syntax mac-ad dress-table agi ng-time se conds no mac-add ress -t abl e agin g-ti me seconds - Aging time.
51-1 Chapter 51: Spanning Tree Commands This secti on include s command s that conf igure the Sp anning T ree Algorithm (ST A) globally fo r the switch , and comm ands that co nfigure ST A for the select ed interface .
Spanning Tree Commands 51-2 51 spanning-tree This comm and ena bles the Spanning Tree Algorithm g lobally fo r the switch . Use the no form to d isable it.
spanning-tree forward-ti me 51-3 51 Command Usage • Spannin g Tree Protoc ol Uses RSTP for the i nternal state machine, but sends only 802.1D BPDUs. - This creates one spanning t ree instan ce for the en tire network .
Spanning Tree Commands 51-4 51 Default Sett ing 15 seco nds Command Mode Global Co nfigurati on Command Usage This co mmand set s the maximum ti me (in se conds) t he root device wil l wait before changing sta tes (i.e., disc arding to learning to forward ing).
spanning-tr ee max-age 51-5 51 spanning-tree max-age Thi s comma nd conf igu res th e span ning tre e brid ge maxi mum age gl obal ly for th is switch. Use the no fo rm to res tore the defa ult. Syntax spanning-tree m ax-age se conds no spanning-tree max-age seconds - T ime in seconds.
Spanning Tree Commands 51-6 51 Default Sett ing 32768 Command Mode Global Co nfigurati on Command Usage Bridge prior ity is used in se lecting the root device, ro ot port, and des ignated port. The de vice with th e highest prio rity (i.e., lowe r numeri c value) beco mes the ST A root device.
spanning-tree transmission- limit 51-7 51 spanning-tree transmiss ion-limit This c ommand configur es the minimu m inte rval bet ween the transm ission of consecutive RSTP/MST P BPDUs.
Spanning Tree Commands 51-8 51 mst vlan Thi s com mand ad ds VLA Ns to a sp anni ng tr ee i nst anc e. Us e th e no form t o remove the spec ified VLAN s. Using t he no form without a ny VLAN param eters to re move all VLANs. Syntax [ no ] mst instance_i d vlan vlan-r ang e • instance _id - Insta nce identi fier of the spann ing tree.
mst priority 51-9 51 mst priority This c ommand configur es the priorit y of a s panning tree ins tance. Use the no form to restor e the default. Syntax mst instance_id prior ity priority no mst instance_ id prio ri ty • instance _id - Insta nce identi fier of the spann ing tree.
Spanning Tree Commands 51-10 51 Command Usage The MST re gion name an d revision number (page 51- 10) are used to designa te a unique M ST region. A bridge (i.e., spann ing-tree compliant device suc h as th is s witc h) ca n only bel ong to one MST reg ion.
max-hops 51-11 51 max-hops This comm and conf igures the maximum nu mber of hops i n the region bef ore a BPDU is discarde d. Use the no form to re store the de fault. Syntax max-h op s hop-numb er hop-number - M aximum hop number for multiple spanning tree.
Spanning Tree Commands 51-12 51 spanning-tree cost This comm and conf igures the spanning tree path cost for the spec ified inter face. Use t he no form to re store the d efault. Syntax spanning-tree cost co st no spanning-tree co st cost - T he path cost for the por t.
spanning-tree po rt-priori ty 51-13 51 spanning-tree port-priority This c ommand configur es the priorit y for the spec ified inter face. Us e the no form to restore t he default. Syntax spanning-tree port-priority prio rity no spanning-tree port -priority priority - The priority for a por t.
Spanning Tree Commands 51-14 51 cause fo rwardin g loops, they ca n pass d irectly throu gh to the sp anning tre e forwar ding state. Sp ecifying Edge Ports provi des quicke r converg ence for devices.
spanning-tree l ink-type 51-15 51 Example Related Commands spanning-tr ee edg e-port ( 51-13) spanning-tree link-type This c ommand configur es the link typ e for Rapid S panning Tree and Multipl e S panning Tree. Use the no f orm to re store the de fault.
Spanning Tree Commands 51-16 51 spanning-tree mst cost This comm and conf igures the path cost on a spanning instance in the M ultiple S panning Tree. Use the no f orm to re store the de fault. Syntax spanning-tree mst instanc e_id cost cost no spanning-tree m st instance_ id cos t • instance _id - Insta nce identi fier of the spa nning tree .
spanning-tree ms t port-priori ty 51-17 51 spanning-tree mst port-pri ority This comm and conf igures the interface prio rity on a spannin g instance in the Multiple S panning Tree.
Spanning Tree Commands 51-18 51 Command Mode Privileged Exec Command Usage If at any time the sw itch detects STP BPD Us, including Configurat ion or T opology Change Noti fication BPDUs, it will automatica lly set the s elected interface t o forced STP- compatible mode .
show spanning -tree 51-19 51 • For a descr iption of th e items disp layed und er “Spannin g-tree info rmation, ” see “Conf igur ing Globa l Set tin gs” on pag e 22-6. For a desc ript io n of the ite ms displaye d for spec ific interfaces , see “Displ aying Inter face Set tings” on page 22-1 0.
Spanning Tree Commands 51-20 51 show spanning-tree mst configuration This c ommand shows the c onfiguratio n of t he mul tiple spanni ng tree. Command Mode Privileged Exec Example Console#show spannin.
52-1 Chapter 52: VLAN Commands A VLAN is a gro up of ports that ca n be located anywhere in th e network , but comm unicate as tho ugh they be long to the s ame phys ical segm ent.
VLAN Commands 52-2 52 bridge-ext gvrp This command enables GVRP g lobally for th e switch. Use the no form to disable i t. Syntax [ no ] bridg e-ex t gvr p Default Sett ing Disabled Command Mode Globa.
GVRP and Bridge Extens ion Commands 52-3 52 switchport gvrp This comm and enable s GVRP for a port. Use th e no form to disabl e it. Syntax [ no ] s witchport gvrp Default Sett ing Disabled Command Mode Interface C onfigur ation (Ether net, Port Ch annel) Example show gvrp configurati on This c ommand shows if G VRP is enabled .
VLAN Commands 52-4 52 garp timer This comm and sets the val ues for the join, leave and l eaveall timer s. Use th e no form to r estore the time rs’ defaul t values. Syntax garp t imer { join | leave | leaveall } t imer_ valu e no garp timer { join | le ave | leavea ll } •{ join | leave | leavea ll } - Which timer to set.
Editing VLAN Groups 52-5 52 show garp timer This c ommand shows the G ARP timers for the selected interf ace. Syntax sh ow garp time r [ interface ] inte rface • etherne t unit / port - unit - Stack un it.
VLAN Commands 52-6 52 Command Usage • Use the VLAN databa se com mand mo de to add, chan ge, an d delete VLANs . After finishi ng config uration ch anges, yo u can displa y the VLAN set tings by entering the sh ow vlan command.
Configuring VLAN Inte rfaces 52-7 52 Example The follow ing exam ple adds a VL AN, using VL AN ID 105 an d name R D5. The VLA N is activa ted by default .
VLAN Commands 52-8 52 Example The follow ing exampl e shows how to set the inter face con figuratio n mode to VLAN 1, and t hen assign an IP addres s to the VLAN: Related Commands shutdown (4 5-6) switchport mode This comm and conf igures the VLAN member ship mode for a port.
Configuring VLAN Inte rfaces 52-9 52 switchport acceptabl e-frame-types This co mmand co nfigures the acc eptable fram e types f or a por t. Use the no fo rm to restore t he default. Syntax switchpo rt acceptable-fra me-types { all | ta g g ed } no switchp ort acceptable-fr ame-types • all - The por t accepts all frames, tag ged or untagg ed.
VLAN Commands 52-10 52 • If ingress filtering i s enabled a nd a po rt receives frames tag ged for VLANs for whi ch i t is not a memb er, these fr ames wil l be disc arde d. • Ingress filt ering does no t affect VLAN inde penden t BPDU frame s, such as GVRP or STA.
Configuring VLAN Inte rfaces 52-11 52 switchport allowed vlan This c ommand configur es VLAN grou ps on the select ed interf ace. Us e the no form to restor e the default.
VLAN Commands 52-12 52 switchport for bidden vlan This c ommand configur es forbidd en VLAN s. Us e the no form to re move the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan-li st | remo ve vlan-list } no switchp ort forbid den vlan • add vlan-l ist - Lis t of VLA N ide nti fier s to add .
Configuring IEEE 802.1 Q T unneling 52-13 52 Configuring IEEE 802.1Q Tunneling IEEE 802.1Q tunneling ( QinQ tunne ling) uses a sing le Service Prov ider VLAN (SPV LAN) fo r cust ome rs wh o ha ve mu lti ple VLAN s.
VLAN Commands 52-14 52 dot1q-tunne l system-tunn el-control This com ma nd s ets th e sw itc h to ope rate in Q inQ mod e. U se t he no form to disab le QinQ op erating mod e.
Configuring IEEE 802.1 Q T unneling 52-15 52 Example Related Commands show dot1 q-tunne l (52- 16) show int erfaces swi tchport (45- 10) switchpo rt dot1q-tunnel tp id This comm and se ts the T ag Pr otocol Iden tifier (TP ID) value of a tunnel port. Us e the no form to restore the default setting.
VLAN Commands 52-16 52 show dot 1q-tunnel Thi s comma nd dis play s inf ormat ion ab out Q inQ tu nnel port s. Command Mode Privileged Exec Example Related Commands switch port dot 1q-tunnel mode (52-14) Displaying VLAN Informa tion Thi s sect ion de scri bes command s used t o disp lay VL AN inf orma tion .
Displaying VLAN Informati on 52-17 52 show vlan This c ommand shows VLAN i nformation. Syntax show v lan [ id vl an-id | name vlan-n ame ] • id - Key word to be follow ed by the VLAN ID. vlan-i d - ID of the co nfigured VL AN. (Range : 1-4093, no leading zer oes) • name - Keyw ord to be followe d by the VLAN name.
VLAN Commands 52-18 52.
53-1 Chapter 53: Private VLAN Commands Private VLA Ns provid e port-bas ed security an d isolation between por ts within the assigne d VLAN . This section describes comm ands u sed to configu re private VlAN s. pvlan This comm and enab les or config ures a priva te VLAN.
Private VLAN Commands 53-2 53 show pvlan This comm and displ ays the config ured private VL AN. Command Mode Privileged Exec Example Console#show pvlan Private VLAN status: Enabled Up-link port: Ether.
54-1 Chapter 54: Protocol-b ased VLAN Commands The net work dev ices requ ired to support multiple p rotoco ls cannot be easil y group ed into a common VLAN. This may require non-standard devices to pass traf fic between d ifferent VLANs in order to enco mpass all the dev ices participating in a specific protocol.
Protocol-based VLAN C ommands 54-2 54 • protocol - Protocol typ e. The only op tion for the llc_oth er frame type is ipx_raw . The option s for all other fra mes types i nclude: ip, ipv6, arp, rarp, and user-de fined (0801- FFFF hexade cimal). Default Sett ing No protoc ol groups are con figured.
show protocol -vlan protoc ol-group 54-3 54 - If the f rame is untag ged and th e protocol type matches, the frame is forwarded to the approp riate VLAN . - If the f rame is unta gged but the protoco l type does not match, the f rame is forwarded to the default VLAN for this interfac e.
Protocol-based VLAN C ommands 54-4 54 show interfaces protoco l-vlan protocol-grou p This comm and show s the mapp ing from proto col groups to VLA Ns for the selected int erfa ce s. Syntax show interface s protocol-vlan protoco l-group [ interf ace ] interfa ce • etherne t unit / port - unit - Stack un it.
55-1 Chapter 55: Class of Service Commands The comm ands des cribed in thi s section all ow you to sp ecify which data packets have grea ter preced ence whe n traffic is buffered in the sw itch due to con gestion. This switch suppor ts CoS with e ight priority qu eues for each port.
Class of Serv ice Commands 55-2 55 queue mode This comm and sets the que ue mode t o strict prior ity or Weighted Roun d-Rob in (WR R) for the clas s of servi ce ( CoS) prio rit y queu es.
Priority Co mmands (Layer 2) 55-3 55 switchport pri ority default This comm and sets a prio rity for incomi ng untagged frames. Use th e no form to restore t he default val ue. Syntax switchport priority default de fault-prior ity-id no switchport priority default default-priority-id - The pri ority number for untagged i ngress traffic.
Class of Serv ice Commands 55-4 55 queue bandwidth Thi s com mand a ssig ns we ight ed r ound -ro bin ( WRR) w eig ht s to the eigh t cla ss o f service (Co S) priori ty queues. Use the no form to restore th e default weig hts. Syntax queue bandwidth weight1.
Priority Co mmands (Layer 2) 55-5 55 Default Sett ing This switc h supports Class of Service by using eight priority que ues, with Weighted Ro und Robin queuing for each port. Eight se parate traffic classes are defi ned in IEEE 802.1p. T he defau lt priority levels a re assign ed accor ding to recomm endatio ns in the IEEE 80 2.
Class of Serv ice Commands 55-6 55 show queue bandwidth This command dis plays the weighted r ound-robin (WRR) bandwid th allocati on for the eight p riority queues . Default Sett ing None Command Mode Privileged Exec Example show queue cos-map This co mmand sho ws the cl ass of se rvic e prio rity map .
Priority Command s (Layer 3 and 4) 55-7 55 Priority Commands (Laye r 3 and 4) This secti on describ es comman ds used to configure L ayer 3 and La yer 4 traffic priority on the switch. map ip port (Global Confi guration) This co mmand en ables IP p ort mapp ing (i.
Class of Serv ice Commands 55-8 55 map ip port (Interface Configu ration) This command set s IP port p riority (i.e., TCP/UDP port priority ). Use the no form to remove a sp ecific setti ng. Syntax map ip port port-num ber cos cos- value no map ip port po rt-number • port -num ber - 16-bit TCP/U DP port numb er.
Priority Command s (Layer 3 and 4) 55-9 55 Example The follow ing exampl e shows how to enable IP precedence mappin g globally: map ip precedence (Inter face Config uration) This co mmand se ts IP preced ence prior ity (i.e., I P T y pe of Se rvice priori ty).
Class of Serv ice Commands 55-10 55 map ip dscp (Global Configuration ) This comm and enable s IP DSCP m apping (i.e., Differentiated Serv ices Code Point mapping) .
Priority Command s (Layer 3 and 4) 55-11 55 Default Sett ing The DS CP def ault value s are de fin ed in the fol lowi ng t abl e. Not e that al l the DSCP values t hat are not s pecified a re mapp ed to CoS va lue 0.
Class of Serv ice Commands 55-12 55 Default Sett ing None Command Mode Privileged Exec Example The follow ing shows t hat HTTP traffic h as been ma pped to CoS va lue 0: Related Commands map ip port (.
Priority Command s (Layer 3 and 4) 55-13 55 Example Related Commands map ip prec edence (Gl obal Confi guration) (55-8) map ip prec edence (Int erface C onfiguration ) (55-9) show map ip dscp This comm and show s the IP DSC P priority m ap. Syntax show m ap ip d scp [ in terface ] inte rface • etherne t unit / port - unit - Stack un it.
Class of Serv ice Commands 55-14 55 Related Commands map ip dscp ( Global Co nfiguratio n) (55-10) map ip d scp ( Int erfa ce Co nfi gura tion ) (5 5-10 ).
56-1 Chapter 56: Quality of Service Commands The comm ands des cribed in this se ction are us ed to confi gure Differentia ted Services ( DiffServ) class ificatio n criteria an d service po licies. Y ou can classify traffic base d on acces s li st s, IP Prec edenc e or DSCP v alue s, or VLA Ns.
Quality of Service Co mmands 56-2 56 Notes: 1. You can configure up to 16 rules per Class Map. Y ou can also include multiple classes in a Policy Map. 2.
match 56-3 56 match This c ommand defines the cr iteria u sed to classify traffic. U se the no form to del ete the matc hing cri ter ia. Syntax [ no ] match { access- list ac l-name | ip dscp dsc p | ip pre cedence ip-p rece dence | vlan vlan } • acl-nam e - Name of the access con trol list.
Quality of Service Co mmands 56-4 56 policy-map This c ommand create s a poli cy map t hat c an be a ttached to multiple interfaces , and ent ers Poli cy Ma p co nfig urat io n mode. Use the no for m to delete a po licy map an d return t o Glob al con figuration mode.
set 56-5 56 Default Sett ing None Command Mode Policy Map Configuration Command Usage • Use th e policy-ma p comm and to sp ecify a po licy map and enter Po licy Map configur ation m ode. T hen use the class command t o enter Policy Map Class configur ation m ode.
Quality of Service Co mmands 56-6 56 Command Mode Policy M ap Cl ass Conf iguration Example This ex ample cr eates a policy called “rd_ policy ,” uses the class c omma nd to s pecify the pr evious.
service-pol icy 56-7 56 Example This ex ample cr eates a policy called “rd_ policy ,” uses the class c omma nd to s pecify the pr eviously defined “r d_class ,” uses t he set comma nd to c las.
Quality of Service Co mmands 56-8 56 show class-map Thi s co mmand dis play s th e Qo S cl ass maps wh ich defi ne ma tchi ng c ri teri a us ed f or classifyin g traf fic. Syntax show c lass- map [ class- map-na me ] class-map-name - Name o f t he cl ass m ap.
show policy- map interface 56-9 56 Example show policy-map interfac e This c ommand displays the service policy a ssigned to t he spe cified in terface. Syntax show po licy-ma p interface interface input inte rface • etherne t unit / port - unit - Stack un it.
Quality of Service Co mmands 56-10 56.
57-1 Chapter 57: Multicast Filtering Commands This switc h uses IGMP (Int ernet Grou p Manage ment Prot ocol) to query for any attached ho sts that w ant to receive a spe cific mult icast se rvice. It identifies the po rts containing hosts reques ting a se rvice a nd sends data out to those po rts only .
Multicast Filter ing Commands 57-2 57 ip igmp snoop ing vlan static This comm and adds a po rt to a multic ast group. Use the no form to remove th e port.
IGMP Snooping Com mands 57-3 57 Example The follow ing configur es the switc h to use IGMP V ersion 1: show ip igmp snooping This c ommand shows the IGM P snoo ping c onfiguration .
Multicast Filter ing Commands 57-4 57 Example The follow ing shows t he multica st entries lear ned through IGMP snoo ping for VLAN 1: IGMP Query Commands This secti on describ es comman ds used to c onfigure L ayer 2 IGMP qu ery on the switch. ip igmp snoop ing querier This co mmand e nables the swi tch as an IGMP qu erier.
IGMP Query Commands 57-5 57 ip igmp snoop ing query-count This c ommand configur es the query count. Use th e no form to res tore the defa ult. Syntax ip igmp s nooping query-count count no ip igmp sn.
Multicast Filter ing Commands 57-6 57 Example The fo llowing shows how to configu re th e query i nterval to 100 seco nds: ip igmp snoop ing query-m ax-response-time This c ommand configur es the query report delay . U se t he no form to restore th e default.
IGMP Query Commands 57-7 57 ip igmp snoop ing router- port-expire -time This c ommand configur es the query timeout . Use the no form to resto re the defaul t.
Multicast Filter ing Commands 57-8 57 Static Multicast Routing C ommands ip igmp snoop ing vlan mrout er This comm and statically c onfigures a multicast ro uter port.
Static Multicast Ro uting Commands 57-9 57 show ip igmp snooping mrouter This comm and di splays infor mation on s tatically co nfigured and dynami cally lear ned multicast router ports.
Multicast Filter ing Commands 57-10 57.
58-1 Chapter 58: Domain Na me Service Commands Thes e comma nds ar e used t o conf igur e Domai n Nami ng Syst em (DN S) ser vice s. Y ou can m anual ly confi gure entr ies i n the DNS dom ain name to.
Domain Name Ser vice Commands 58-2 58 Command Usage Servers or other netw ork devices may suppo rt one or more co nnection s via multiple IP address es. If more than one IP addr ess is asso ciated with a ho st name usin g this comm and, a DN S client can try each addr ess in succes sion, until it establishes a conn ection with t he target device.
ip doma in- nam e 58-3 58 ip domain-name This comm and define s the defaul t domain name appe nded to inco mplete ho st names ( i.e., host nam es passed from a client that ar e not forma tted with dot ted notation). Use the no form to re move the cu rrent dom ain name.
Domain Name Ser vice Commands 58-4 58 Default Sett ing None Command Mode Global Co nfigurati on Command Usage • Domain names are ad ded to the end of the list one at a time.
ip domain-l ookup 58-5 58 Command Usage The listed name server s are querie d in the specif ied sequence until a respons e is receive d, or the end of th e list is reached with no respon se. Example Thi s exam ple ad ds two doma in- nam e server s to the lis t and th en dis play s the l ist.
Domain Name Ser vice Commands 58-6 58 Example This e xample enables DNS and then displays the configur ation. Related Commands ip domain -name ( 58-3) ip name-s erver (58- 4) show hosts This comm and disp lays the static hos t name-t o-address m apping table.
show dns 58-7 58 show dns This comm and disp lays the con figuratio n of the DNS se rvice. Command Mode Privileged Exec Example show dns cach e This comm and disp lays entrie s in the DNS ca che. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
Domain Name Ser vice Commands 58-8 58 clear dns cache This comm and clea rs all entries in the DNS cac he. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG T.
59-1 Chapter 59: IPv4 Interface Commands An IP addre sses ma y be used for m anagem ent access t o the switch o ver your network. An IPv4 a ddress for this s witch is obt ained via DHCP by defaul t. Y ou can manuall y configur e a specific IPv 4 address or direct the dev ice to obtain an addr ess from a BOOTP or DHCP server when it is powered on.
IPv4 Interface Comm ands 59-2 59 numbers, 0 to 255, separa ted by peri ods. Anything out side this f ormat will not be accept ed by the co nfiguration p rogram . • If you select th e bootp or dhcp opt ion, IP is enabl ed but w ill not fun ction unt il a BOOTP or DH CP reply has been rece ived.
ip dhcp restart 59-3 59 • An defaul t gateway ca n only be su ccessf ully set whe n a network interface t hat directly co nnects t o the gatew ay has been configure d on the swi tch.
IPv4 Interface Comm ands 59-4 59 show ip interface Thi s com mand d ispl ays the s ett ing s of a n IP v4 in terf ace. Command Mode Privileged Exec Example Related Commands show ip red irects (59-4) show ipv6 i nte rfac e (60- 10) show ip redirects This command shows the IPv4 default gateway configured fo r this dev ice.
ping 59-5 59 ping This comm and sends (IPv4) ICM P echo requ est packets to anoth er node on the network . Syntax ping host [ count count ][ size size ] • host - IP ad dre ss or IP alias of the ho st. • count - Nu mber of pack ets to send. (Range: 1-16, defau lt: 5) • size - Num ber of byte s in a packet .
IPv4 Interface Comm ands 59-6 59.
60-1 Chapter 60: IPv6 Interface Commands An I Pv6 addr ess ca n ei ther be manual ly conf igur ed or dyna mic ally gen erat ed. Y ou may also ne ed to a establish an IPv6 defa ult gatewa y between t his device and manage ment stati ons that exist on anothe r network segme nt.
IPv6 Interface Comm ands 60-2 60 ipv6 enable Thi s com mand e nab les I Pv6 on an inte rf ace t hat h as n ot b een co nfi gured wit h an explici t IPv6 addres s. Use the no form to di sable IPv6 on an interface that has not been conf igured w ith an explicit IPv6 addres s.
ipv6 genera l-prefix 60-3 60 ipv6 general-prefix This co mmand de fines an IPv6 g eneral pr efix for the network addres s segme nt. Use the no for m to remo ve the IPv6 gen eral pref ix.
IPv6 Interface Comm ands 60-4 60 show ipv6 general-prefi x This comm and disp lays all conf igured IPv 6 general pr efixes. Command Mode Normal Exec, Priv ileged Exec Example This examp le disp lays a single I Pv6 genera l prefix conf igured fo r the switch.
ipv6 address 60-5 60 Command Usage • The g eneral p refix n ormally a pplies t o all interfaces , and is theref ore sp ecified at the glob al configur ation level .
IPv6 Interface Comm ands 60-6 60 ipv6 address autoconfig This comm and enabl es stateless au toconf iguration of IP v6 addres ses on an interface an d enable s IPv6 on th e interface.
ipv6 address eui- 64 60-7 60 Related Commands ipv6 a ddress (60-4) show ipv 6 in terf ace ( 60- 10) ipv6 address eui-64 This comm and conf igures an IP v6 addres s for an interfac e using an EUI-64 interface I D in the low ord er 64 bits and enabl es IPv6 on the interface.
IPv6 Interface Comm ands 60-8 60 universal /local bit in the address an d inserting t he hexade cimal numb er FFFE between the upper a nd lower thr ee bytes of the of the MAC ad dress. For exam ple, if a device had an EUI-4 8 address of 28 -9F-18-1C -82-35, th e global/lo cal bit m ust fi rst be inverted to mee t EUI-64 requi rements (i.
ipv6 address l ink-local 60-9 60 ipv6 address link-loca l This comm and conf igures an IP v6 link-loc al address f or an interfa ce and enable s IPv 6 on t he i nte rfac e. Us e th e no form with out any argument s to re move all manuall y configur ed IPv6 add resses fro m the interfac e.
IPv6 Interface Comm ands 60-10 60 Related Commands ipv6 e nable (60-2) show ipv6 i nte rfac e (60- 10) show ipv6 interf ace This comm and disp lays the usa bility and co nfigured settings for IPv6 interfa ces.
show ipv6 inter face 60-11 60 This examp le displa ys a brief summ ary of IPv 6 address es configur ed on the s witch. Related Commands show ip in terface (59- 4) IPv6 IP v6 is m arked “en able” i.
IPv6 Interface Comm ands 60-12 60 ipv6 default-gateway This comm and sets a n IPv6 defa ult gatewa y to use wh en the m anagem ent station in located on a different netwo rk segment . Use t he no for m to rem ove a pr evio usly configur ed default gateway .
ipv6 m tu 60-13 60 Example The follow ing shows t he default gat eway co nfigured fo r this device: Related Commands show ip red irects (59-4) ipv6 mtu This comm and sets the si ze of the ma ximum tran smissio n unit (MTU ) for IPv6 packets sent on an i nterface .
IPv6 Interface Comm ands 60-14 60 show ipv6 mtu This comma nd displays the maximu m transmissio n unit (MTU) cache for destinat ions that have returne d an ICMP pack et-too-bi g messag e along with an accept able MTU to this switc h.
show ipv6 traffic 60-15 60 Example The follow ing exampl e shows statis tics for all IPv6 un icast and m ulticast tra ffic, as well as ICMP , UDP and TCP statisti cs: Console#show ipv6 traffic IPv6 St.
IPv6 Interface Comm ands 60-16 60 router solicit 0 router advert 0 redirects 0 neighbor solicit 0 neighbor advert 0 Ipv6 icmp output sent output 6 unreach routing 0 unreach admin 0 unreach neighbor 0 .
show ipv6 traffic 60-17 60 hop count ex ceede d N umber of pack ets disc arded becau se its time-to- live (TTL ) field was decr emented to zero. unknown protoc ol The num ber of loc ally-add ressed da tagrams r eceived successf ully but dis carded because of an unknown o r unsupp orted p rotocol.
IPv6 Interface Comm ands 60-18 60 Ipv6 mcas t mcast receive d T he number of multica st packets received by the interfa ce. mcast sen t The num ber of mu lticast p ackets tra nsmitted b y the inte rface.
show ipv6 traffic 60-19 60 router sol icit The n umber of ICMP Rou ter Soli cit messag es receive d by the i nterfac e. router adv ert The n umber of ICMP Rou ter Advert isemen t message s received by the in terface . redirects The num ber of Re direct m essages r eceived.
IPv6 Interface Comm ands 60-20 60 clear ipv6 traffic This command resets IPv6 traf fic counters. Command Mode Privileged Exec Command Usage This comm and rese ts all of the counter s displaye d by the show ip tr affic comm and. Example UDP Stat istics input The t otal numb er of UDP datagr ams delive red to UD P users .
ping ipv6 60-21 60 ping ipv6 This comm and sends ICMP echo request packets to an IPv6 no de on the netwo rk. ping ipv6 addres s { ipv6-add ress | host-n ame } [ size dat agram -si ze | repe at repe at.
IPv6 Interface Comm ands 60-22 60 Example Related Commands ping (59 -5) ipv6 neighbor This c ommand config ures a s tatic ent ry in the IPv6 neighb or dis covery ca che.
ipv6 nd dad attempts 60-23 60 • If the spec ified entry wa s dynamic ally learned through the IPv6 neighb or discov ery process , and alread y exists in the neighbor di scovery cache, it is convert ed to a static en try.
IPv6 Interface Comm ands 60-24 60 in a “pendin g” state. D uplicate addr ess dete ction is auto matically re started when the interf ace is adminis tratively re- activated. • An int erfa ce t hat is re -ac tivat ed r esta rt s dupl icat e add res s det ect ion for a ll unicast I Pv6 addr esses on the inter face.
ipv6 nd ns i nterval 60-25 60 ipv6 nd ns interval This c ommand configur es the interv al betwee n tr an sm itt ing IPv6 neigh bor solicitation m essages on an interfac e.
IPv6 Interface Comm ands 60-26 60 show ipv6 neighbors This c ommand displ ays info rmation i n the IPv6 neighbor discov ery ca che. Syntax show ipv 6 neighbors [ vlan vlan -id | ipv6-add ress ] • vlan-i d - VLAN I D (Range: 1-4 093) • ipv6-a ddress - The I Pv6 addres s of a neighbo r device.
clear ipv 6 neighbors 60-27 60 Related Commands show mac -addres s-table (50-3) clear ipv6 neighbors This comm and dele tes all dynam ic entries i n the IPv6 nei ghbor disc overy cac he.
IPv6 Interface Comm ands 60-28 60.
61-1 Chapter 61: Switch Cluster Commands Switch Clustering is a method of grou ping s witches togeth er to en able c entralized manage ment thro ugh a single unit. A switch cluster has a “Co mmand er” unit that is used to manag e all other “Membe r” switc hes in th e cluster .
Switch Clus ter Commands 61-2 61 • Configured switch clusters are maint ained across power resets and network changes. Example cluster commander This comm and enabl es the swit ch as a cluste r Command er . Use the no form to disable t he switch as cl uster Co mmander.
cluster member 61-3 61 Command Mode Global Co nfigurati on Command Usage • An “intern al” IP addr ess pool is used t o assign IP addresses to Member switch es in the clust er. Internal cluster IP ad dresses a re in the form 10. x.x. member-I D .
Switch Clus ter Commands 61-4 61 rcommand This comm and prov ides access to a cluster Member CLI for configur ation. Syntax rcommand id < member- id > membe r-id - The ID number of the Member switch.
show cluster memb ers 61-5 61 show cluster members This c ommand shows the c urrent switch cluster m ember s. Command Mode Privileged Exec Example show cluster candidate s This c ommand shows the d iscove red Cand idate s witches in the networ k.
Switch Clus ter Commands 61-6 61.
Section IV:App endices This section provid es additional informat ion on the following topics. Software Spe cifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troubles hooting . . . . . . . . . . . . . . . .
Appendices.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS +, Port (802.1X), HTTPS, S SH, Port Security Acce ss Co ntrol List s 32 ACLs (96 M AC rules , 96 IP rule.
Software Specifi cations A-2 A Multicast Filt ering IGMP S nooping Switch Clusterin g 36 gr oup s Addi tio nal Feat ures CIDR (Classless In ter-Domain Routing) SNTP (Simpl e Network Time Protocol) SNM.
Management Infor mation Bases A-3 A IGMPv2 (RFC 2236) IPv4 IGMP (RFC 3228) RADIUS+ (RFC 2 618) RMON (R FC 2819 grou ps 1,2,3,9) SNMP (RFC 1 157) SNMPv2 c (RFC 2571) SNMP v3 ( RFC DR AFT 3414, 3410 , 22 73, 341 1, 341 5) SNTP (RFC 2030) SSH (V ersion 2.
Software Specifi cations A-4 A T ACACS+ Authentication Client MIB TCP MIB (RFC 2012) T rap (R FC 1215 ) UDP MIB ( RFC 2013).
B-1 Appe ndix B: Trou blesho oting Problems Accessing th e Management Inte rface T able B -1 T r ouble shoot ing Cha rt Sympt om A ctio n Cannot co nnect using T elne t, web brow ser, or SNMP software • Be sure the s witch i s powered up. • Check netwo rk cabl ing betwee n the man ageme nt station and the s witch.
T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer to the I nstallati on Guide to ensure that th e problem you encount ered is act ually cause d by the switc h. If the prob lem appear s to be caused by th e swit ch, fol lo w these st ep s: 1.
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it net work traf f ic and re stri ct ac cess to ce rt ai n users or devi ces by checkin g each packet for certain IP or MA C (i.
Glossary Glossar y-2 Extended U niversal Id entifier (EUI) An addres s format u sed by IPv6 to identify the host portion of th e network address . The i nte rfac e iden tif ier in EUI co mp ati ble ad dres ses i s base d on th e lin k-la yer ( MAC) address of an interfac e.
Glos sary -3 Glossary IEEE 802.1Q VLAN T agging—Defines Ethernet f rame tags wh ich carry VLAN informa tion. It allows switches to a ssign endstati ons to different virt ual LANs, an d define s a standard wa y for VLANs t o comm unicate ac ross sw itched net works.
Glossary Glossar y-4 IP Multicast Filtering A process whereby th is switch ca n pass multica st traffic along to partic ipating hosts. IP Precedence The T ype of Servi ce (T oS) oct et in t he IPv4 he.
Glos sary -5 Glossary Port Authentica tion See IEEE 802.1X. Port Mirroring A method w hereby da ta on a target port is mirrore d to a monitor port for troubles hooting w ith a lo gic ana lyzer or R MON probe. This allows data on the target port to be st udied unobstruc tively .
Glossary Glossar y-6 Secure Shell (SSH) A secure r eplaceme nt for remote ac cess func tions, includ ing T elnet . SSH can authenti cate use rs with a crypto graphic key , and encr ypt data connec tions betw een manage ment clients and the switc h.
Glos sary -7 Glossary User Datagram Protocol (UDP) UDP provi des a da tagram m ode for pack et-switc hed comm unicati ons. It use s IP as the under lying trans port mech anism to prov ide access t o IP-like ser vices.
Glossary Glossar y-8.
Index-1 Numerics 802.1Q tu nnel 23-12 , 52-13 desc rip tion 23 -12 interface c onfigurat ion 23-17, 52-14–5 2-15 mode sel ecti on 2 3-17 TPID 23-17, 52-15 802.
Index-2 Index E edge port , STA 22-12, 22-14, 51-1 3 event logg ing 37-1 F firmware displ aying versio n 4-3, 34-8 upgrading 6-2, 3 5-2 G GARP VLAN Registration Protoc ol See GVRP gateway, IPv4 defaul.
Index-3 Index TACACS+ s erver 12-2 , 41-9 logon auth entication , sequenc e 1 2-3, 41-3, 41 -4 M main menu 3-4 Management Info rmation Base s (MIB s) A -3 mirror p ort, co nfigurin g 1 9-1, 48- 1 MSTP.
Index-4 Index path cost met ho d 2 2-8 , 51- 6 port pri orit y 22-1 2, 51- 13 protocol migrati on 22-14, 51-17 tra nsmi ssi on li mit 22- 8, 51- 7 standards , IEEE A-2 startup f iles creating 6-5, 35-.
.
ES452 4D ES454 8D E11200 6-CS-R01 1491000 30400 A.
Ein wichtiger Punkt beim Kauf des Geräts Accton Technology ES4548D (oder sogar vor seinem Kauf) ist das durchlesen seiner Bedienungsanleitung. Dies sollten wir wegen ein paar einfacher Gründe machen:
 
                Wenn Sie Accton Technology ES4548D noch nicht gekauft haben, ist jetzt ein guter Moment, um sich mit den grundliegenden Daten des Produkts bekannt zu machen. Schauen Sie zuerst die ersten Seiten der Anleitung durch, die Sie oben finden. Dort finden Sie die wichtigsten technischen Daten für Accton Technology ES4548D - auf diese Weise prüfen Sie, ob das Gerät Ihren Wünschen entspricht. Wenn Sie tiefer in die Benutzeranleitung von Accton Technology ES4548D reinschauen, lernen Sie alle zugänglichen Produktfunktionen kennen, sowie erhalten Informationen über die Nutzung. Die Informationen, die Sie über Accton Technology ES4548D erhalten, werden Ihnen bestimmt bei der Kaufentscheidung helfen.
Wenn Sie aber schon Accton Technology ES4548D besitzen, und noch keine Gelegenheit dazu hatten, die Bedienungsanleitung zu lesen, sollten Sie es aufgrund der oben beschriebenen Gründe machen. Sie erfahren dann, ob Sie die zugänglichen Funktionen richtig genutzt haben, aber auch, ob Sie keine Fehler begangen haben, die den Nutzungszeitraum von Accton Technology ES4548D verkürzen könnten.
Jedoch ist die eine der wichtigsten Rollen, die eine Bedienungsanleitung für den Nutzer spielt, die Hilfe bei der Lösung von Problemen mit Accton Technology ES4548D. Sie finden dort fast immer Troubleshooting, also die am häufigsten auftauchenden Störungen und Mängel bei Accton Technology ES4548D gemeinsam mit Hinweisen bezüglich der Arten ihrer Lösung. Sogar wenn es Ihnen nicht gelingen sollte das Problem alleine zu bewältigen, die Anleitung zeigt Ihnen die weitere Vorgehensweise – den Kontakt zur Kundenberatung oder dem naheliegenden Service.