Benutzeranleitung / Produktwartung TigerSwitch des Produzenten SMC Networks
Zur Seite of 518
T igerSwitch 10/100 24-P ort 10/100Mbps Stackable Managed Switch Management Guide ◆ 24 auto-MDI/MDI-X 10B ASE-T/100B ASE-TX ports ◆ 2 Gigabit RJ-45 ports shared with 2 SFP transcei ver slots ◆ 2 Gigabit stacking ports that act as Ethernet ports in standalone mode ◆ Stacks up to 8 units ◆ 12.
.
38 T esla Irvine, CA 92618 Phone: (949) 679-80 00 T igerSwitch 10/100 Management Guide From SMC’ s Tiger line of feature-rich workgroup LAN solutions November 2004 Pub.
Infor mation fur nished by SMC Netw orks, Inc . (SMC) is believed to be accu- rate and reliable . Howe ver, no resp onsib il ity is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use .
i L IMITED W ARRANTY Limited W arranty Statement: SMC Netw orks, Inc . (“SMC”) warr ants its products to be fr ee from defects in workmanship an d materials , under nor mal use an d ser vice, for the applic able warranty ter m.
L IMITED W AR RANTY ii WARRANTIES EX CLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS W ARR ANTED ABO VE, CUSTOMER’S SOLE REMEDY SHALL BE REP AIR OR REPLA CEMENT OF THE PRODUCT IN QUESTION , AT SMC’S OPTION .
iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Feature s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Description of Software Fea tures . . .
C ONTENTS iv Displaying Switch Hard ware/Software Vers ions . . . . . . . . . . . 3 -13 Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . . . 3-15 Setting the Switch’s IP Addr ess . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Manual Configura tion .
C ONTENTS v Filtering Addr esses for Management Access . . . . . . . . . . . . . . . 3-75 Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 -77 Configuring Access Cont rol Lists . . . . . . . . . . .
C ONTENTS vi Displaying Basic VLAN Inform ation . . . . . . . . . . . . . . . 3-147 Displaying Current V LANs . . . . . . . . . . . . . . . . . . . . . . . 3-148 Creating VLA Ns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 Adding Static Members to VLANs ( VLAN Index) .
C ONTENTS vii Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Entering Comm ands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Keywords and Argum ents . . . . . . . . .
C ONTENTS viii quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 32 System Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 Device Designation Co mmands . . . . . .
C ONTENTS ix clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 -64 show log . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS x RADIUS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99 radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 99 radius-server port . . . . . . . . . . . . . . . . . . .
C ONTENTS xi MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130 access-list ma c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-130 permit, deny (MAC ACL) . . . . . . . . . . . . . . . . .
C ONTENTS xii show rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-163 Link Aggregation Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-164 channel-group . . . . . . . . . . . . . . . . .
C ONTENTS xiii switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-202 switchport acceptable-frame -types . . . . . . . . . . . . . . . . . 4-203 switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . . . . 4-204 switchport native vlan .
C ONTENTS xiv map ip dscp (Inter face Configuration) . . . . . . . . . . . . . . . 4-233 show map ip port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-235 show map ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . 4- 236 show map ip dscp .
C ONTENTS xv Glossary Index.
C ONTENTS xvi.
xvii T ABLES Table 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System De faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Configuration Options . . . . .
T ABLES xviii Table 4-21 SMTP Alert Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 Table 4-22 Time Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 Table 4-23 System Sta tus Commands . . . . . . . . . . . .
T ABLES xix Table 4-58 Priority Comm ands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-222 Table 4-59 Default CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . 4-226 Table 4-60 Priority Command s (Layer 3 and 4) . . . . . . . . . .
F IGUR ES xx F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 3-3 System Information . .
F IGURES xxi Figure 3-37 ACL Configuration - Extend ed IP . . . . . . . . . . . . . . . . . 3 -83 Figure 3-38 ACL Configuration - MAC . . . . . . . . . . . . . . . . . . . . . . . 3-85 Figure 3-39 Binding a Port to an ACL . . . . . . . . . . . . . . .
F IGUR ES xxii Figure 3-74 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172 Figure 3-75 Configuring Queue Scheduling . . . . . . . . . . . . . . . . . . 3-173 Figure 3-76 IP Precedence/DSCP Priority St atus . . . . . .
1-1 C HAPTER 1 I NTRODUCTION This switch provides a broad range of featu res for Layer 2 switching. It includes a management agent that allows y ou to configure the features listed in this manual. The default config uration can be used for most of the features provided by this switch.
I NTR ODUCTION 1-2 Description of Software Features The switch provides a wide range of adva nced perfor mance enhancing features . Flow control eliminate s the loss of pac kets due to bottlenecks caused by port saturation. Broadcast stor m suppression prevents broadcast traffic stor ms from engulfing the netw ork.
D ESCRIPTION OF S OFTWARE F EATURES 1-3 Configuration Backup and Restore – Y ou can save the current configuration settings to a file on a TFTP ser ver , and later download this file to restore the switch configuration settings. Authentication – This switch authenticate s managem ent access via the console port, T elnet or web bro wser.
I NTR ODUCTION 1-4 Rate Limi ting – This featur e controls the maximum rate for tra ffic transmitted or re ceiv e d on an interf ace. Rate limiting is configured on interfaces at the edge of a netw ork to limit traffic into or out of the networ k.
D ESCRIPTION OF S OFTWARE F EATURES 1-5 Store-and-Forw ard Switching – T he switch copies ea ch frame into its memor y before forwarding them to another port. T his ensures that all frames are a s tandard Ether net size and hav e bee n verified for accuracy with the cyclic redundancy check (CR C ).
I NTR ODUCTION 1-6 switch to res t rict traffic to the VLAN groups to which a us er has been assigned. By segmenting your network into VLANs , you can: • Eliminate broadcast storms which se verely degrade performance in a flat network.
S YSTEM D EFAULTS 1-7 System Defaults The switch’ s system defaults are pr ovided in the configuration file “Factory_Default_Config.cfg .” To reset the switch defaults, this file should be set as the startup configuration file (page 3-23). The following table lists some of the basic system defaults .
I NTR ODUCTION 1-8 Web Management HTTP Server Enabled HTTP Port Numb er 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP Community Strings “public” (read on ly) “private” (read/w.
S YSTEM D EFAULTS 1-9 Virtual LA Ns Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames GVRP (glo bal) Disabled GVRP.
I NTR ODUCTION 1-10.
2-1 C HAPTER 2 I NITIAL C ONFIGURATION Connecting to the Switch Configuration Options The switch includes a built-in network management agent. T he agent offers a variety of management options , including SNMP , RMON (Groups 1, 2, 3, 9) and a W eb-based in terface.
I NITIAL C ONFIGURATION 2-2 The switch’ s W eb interface, CLI conf iguration program, and SNMP ag ent allow y ou to perfor m the following manag ement functions: • Set user names and passwords for.
C ONNECTING TO THE S WITCH 2-3 Attach a VT100-compatible terminal, or a PC r unning a ter minal emulation program to the switch. Y ou can use the console cable provided with this pac kag e, or use a null-mode m cable that complies with the wiring assignments shown in the Installation Guide.
I NITIAL C ONFIGURATION 2-4 F or a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI command s and detailed infor mation on using the CLI, refer to “Command Groups” on page 4-12.
S TACK O PERATIONS 2-5 Stack Operations Up to eight switches can be stac ked togethe r as described in the Installation Guide. One unit in the stac k acts as the Master for configuration tasks and fir mware upgr ade. All of the other units function in Slav e mod e.
I NITIAL C ONFIGURATION 2-6 Resilient IP Interface for Management Access The stack functions as one integr al system for management and configuration purposes.
B ASIC C ONFIGURATION 2-7 3. At the P assw ord prompt, also enter “admin. ” (T he password characters are not displa yed on the console screen.) 4. The session is opened and the CLI displays the “Console#” prompt indicating you ha ve access at the Privileged Exec level.
I NITIAL C ONFIGURATION 2-8 Setting an IP Address Y ou must establish IP address info rmation for the switch to obtain management access through the network. This can be done in either of the following wa ys: Manua l — Y ou have to input the inform ation, including IP address and subnet mask.
B ASIC C ONFIGURATION 2-9 3. T ype “exit” to retur n to the gl obal configuration mo de prompt. Press <Enter>. 4. T o set the IP address of the defau l t gateway for the netw ork to which the switch belongs , ty pe “ip default-gateway gate way , ” where “gateway” is the IP address of the default gateway .
I NITIAL C ONFIGURATION 2-10 • To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>. 3. T ype “end” to return to the Privileged Ex ec mode. Press <Enter>. 4. T ype “ip dhcp restart” to begi n broadcasting ser vice requests.
B ASIC C ONFIGURATION 2-11 Community Strings Community strings are used to cont rol manage ment access to SNMP stations , as well as to author ize SNMP stat ions to receive trap message s from the switch. Y ou therefore need to assign community strings to specified users or user g rou ps , and set the access level.
I NITIAL C ONFIGURATION 2-12 Trap Receivers Y ou can also specify SNMP stations that are to receiv e traps from the switch. T o configure a trap receiver , com plete the following steps: 1.
M ANAGING S YSTEM F ILES 2-13 2. Enter the name of the star t-up file. Press <Enter>. Managing System Files The switch’ s f lash memor y supports thr ee types of system files that can be managed by the CLI program, W eb inte rface, or SNMP .
I NITIAL C ONFIGURATION 2-14 Due to the size limit of the flash memor y , the switch supports only two operation code files . Howev er, you can ha ve as many diagnostic code files and configuration files as available flash me mor y space allows . In the system f lash memory , one file of each type must be set as the start-up file.
3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using the Web Interface This switch provides an embedded HTTP W eb agent. Using a W eb browser you can configure the s w itch and view statistics to monitor netw ork activity . The W eb agent can be accessed b y any computer on t he network using a standard W eb browser (I nter net Explorer 5.
C ONFIGURING THE S WITCH 3-2 Notes: 1. You are allowed three att e mpts to enter the correct pa ssword; on the third failed attempt the current connection is terminated. 2. If you log into the Web interface as guest (Normal E xec level), you can view the configuration settings or change the guest password.
N AVIGATING THE W EB B RO WS E R I NTERFACE 3-3 Navigating the Web Browser Interface T o access the web-bro wser interface you m u st first enter a user name and password. The administrator has R ead/W rite access to all configuration parameters and statistics .
C ONFIGURING THE S WITCH 3-4 Configuration Options Configurable parameters hav e a dial og box or a drop-down list. Once a configuration change has been made on a page, be sure to clic k on the Apply button to confir m the new settin g . T he following table summarizes the web page configuration buttons .
M AIN M ENU 3-5 Main Menu Using the onboard web agent, you can define system pa rameters , manage and control the switc h, and all its por ts , or monitor network conditions . The following table briefl y describes the selections available from this prog ram.
C ONFIGURING THE S WITCH 3-6 SNTP 3-42 Configuration Configu res SNTP client setting s, including broadcast mode or a spec ified list of servers 3-42 Clock Time Zone Sets the local time zone for the s.
M AIN M ENU 3-7 IP Filter Sets IP addresses of clients allowed management ac cess via th e Web, SNMP, and Telnet 3-75 Port 3-88 Port Informatio n Displays po rt connection status 3-88 Trunk Informatio.
C ONFIGURING THE S WITCH 3-8 Output Port Conf iguration Sets the output rate limit for each port 3-114 Output Trunk Configurati on Sets the output rate limit for each trunk 3-114 Port Statistics Lists.
M AIN M ENU 3-9 Static Membership by Port Configures m embership type for interfaces, including tagged, untagged or forbidden 3-154 Port Configuration Specifies defa ul t PVID and VLAN attributes 3-15.
C ONFIGURING THE S WITCH 3-10 Queue Scheduling Configures Weighted Rou nd Robin queueing 3-173 IP Precedence / DSCP Priority Sta tus Globally selec ts IP Preceden ce or DSCP Priority, or disables bo th.
B ASIC C ONFIGURATION 3-11 Basic Configuration Displaying System Information Y ou can easi ly identify the system by displa ying the device name, location and contact infor mation. Field Attributes • System Name – Name ass igned to the switch system.
C ONFIGURING THE S WITCH 3-12 We b – Click System, System Infor mat ion. Specify the system name, location, and contact infor mation for th e syste m administrator , then clic k Apply . (This pag e also includes a T elnet button th at allows access to the Command Line Interface via T elnet.
B ASIC C ONFIGURATION 3-13 CLI – Specify the hostname , location and contact infor mation. Displaying Switch Hard ware/Software Versions Use the Switch Information pag e to display hardware/firmware version numb er s fo r the main board and management software, as well as the powe r st atus of the system.
C ONFIGURING THE S WITCH 3-14 • Internal Power Status – Displays the status of the internal power supply. Management Softw ar e • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code.
B ASIC C ONFIGURATION 3-15 CLI – Use the following command to display v ersion infor mation. Displaying Bridge Extension Capabilities The Bridg e MIB includes extensions for manag ed devices that support Multicast Filtering, T raffic Classes, and Virtual LANs .
C ONFIGURING THE S WITCH 3-16 • Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID u sed in frame tags) a nd egress status (VLAN-Tagged or Un tagged) on each port. (Refer to “VLAN Configuration” on page 3-142.
B ASIC C ONFIGURATION 3-17 CLI – Enter the follo wing command. Setting the Switch’s IP Address This section describes how to config ure an IP interfa ce for manag ement access over the netw ork. T he IP addr ess for this switch is obtained via DHCP by default.
C ONFIGURING THE S WITCH 3-18 Requests will be broadcast periodically by the swit c h f o r a n I P a d d r e s s . (DHCP/BOOTP values can include the IP address , subnet mask, and default gatewa y.) • IP Address – Address of the VLAN interface that is allowed management access.
B ASIC C ONFIGURATION 3-19 CLI – Specify the management inte rfac e, IP address and de fault gateway . Using DHCP/BOOTP If your netw ork provides DHCP/BOO TP ser vices , you can configure the switch to be dynamically configured b y these ser vices .
C ONFIGURING THE S WITCH 3-20 CLI – Specify the manage ment interface, and set the IP a ddress mode to DHCP or BOOTP , and t hen enter the “ip dhcp restart” command . Rene w ing DC HP – DHCP may lease addresses to clients indefinitely or for a specific period of time.
B ASIC C ONFIGURATION 3-21 Managing Firmware Y ou can upload/download fir mware to or from a TFTP server, o r copy files to and from switch units in a stac k. By saving r untime code to a file on a TFTP ser ver , that file can later be downloaded to the switch to restore operation.
C ONFIGURING THE S WITCH 3-22 Downloading System So ftware from a Server When downloading r untime c ode, you can specify the destination file name to replace the cur rent imag e, or first download the file using a different name from the current r unt ime code file, and then set the new file as the startup file.
B ASIC C ONFIGURATION 3-23 If you do wnload to a new destinati on file, g o to the System/File/Set Start-Up menu, mark the operation code file used at startup , and click Apply . T o star t the new fir mware , reboot the system via the System/R eset menu.
C ONFIGURING THE S WITCH 3-24 CLI – T o do w n l oa d n ew f i rm w ar e f orm a T F T P s erv er , e nt e r th e I P address of the TFTP ser ver , select “opc ode” as the file type, then enter the source and destination file names .
B ASIC C ONFIGURATION 3-25 - running-config to startup-config – Copies the running config to the startup config. - running-config to tftp – Copies the running configuration to a T FTP server. - startup-config to file – Copies the startup configuration to a file on the switch.
C ONFIGURING THE S WITCH 3-26 Downloading Configuration Settings from a Server Y ou can download the configuration f ile under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to dire ctly re place it.
B ASIC C ONFIGURATION 3-27 If you do wnload to a new file name us ing “tftp to startup-config” or “tftp to file, ” the file is automatically set as the star t-up configuration file. T o use the new settings , reboot the system via the System/R eset menu.
C ONFIGURING THE S WITCH 3-28 Console Port Settings Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the switch’ s se rial console port. Manag ement access through the console port is controlled by v arious parameters, including a password, timeouts , and basic commun ication settings .
B ASIC C ONFIGURATION 3-29 • Speed – Sets the ter minal line’ s baud rate for transmit (to terminal) and receive (from term inal). Set the speed to match the baud rate of the device connected to the serial por t.
C ONFIGURING THE S WITCH 3-30 CLI – Enter Line Configuration mode for the console , then specify the connection parameters as required. T o display the current console por t settings , use the show li ne command from the Normal Exec level. Telnet Settings Y ou can access the onboard configuration prog ram over the netw ork using T elnet (i.
B ASIC C ONFIGURATION 3-31 • Telnet Port Number – Sets the TCP por t number for T elnet on the switch. (Default: 23) • Login Timeout – Sets t he inter val th at the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session.
C ONFIGURING THE S WITCH 3-32 We b – Click System, Line , T elnet. Spec ify the connection parameters for T elnet acce ss, then clic k Apply . Figure 3-14 Enabling Telnet CLI – Enter Line Configuration mode for a virtual ter minal, then specify the connection parameters as required.
B ASIC C ONFIGURATION 3-33 Configuring Event Logging The switch allows y ou to control the log ging of error messag es, inc luding the type of events that are recorded in switch memory , log ging to a remote System Log (syslog) ser ver , and di splays a list of recent ev e nt message s .
C ONFIGURING THE S WITCH 3-34 • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all leve ls up to th e specified level. For ex ample, if level 7 is speci fied, all messages from le vel 0 to level 7 wi ll be logged to RAM.
B ASIC C ONFIGURATION 3-35 We b – Click System, Log, System Logs . Specify System Log St atus, set the level of ev ent messages to be log ged to RAM and flash memor y , then click Apply . Figure 3-15 System Logs CLI – Enable system log ging and then specify the level of messages to be log g ed to RAM and flash memor y .
C ONFIGURING THE S WITCH 3-36 The facility type is used by the sysl og server to dispatch log messages to an appropriate service. The attribute specifies the facili ty type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch.
B ASIC C ONFIGURATION 3-37 We b – Cl ick S ys tem , Lo g, Remot e Lo gs. T o add an I P a ddr ess to t he Hos t IP List, type the new IP address in th e Host IP Address bo x, and then click Add. T o delete an IP address, clic k th e entr y in the Host IP List, and then click R emove.
C ONFIGURING THE S WITCH 3-38 Displaying Log Messages The Logs pag e allows y ou to scroll through the log ged system and event messages . T he switch can store up to 2048 log entries in temporar y random access memory (RAM; i.e ., me mor y f lushed on po wer reset) and up to 4096 entries in per manent flash memor y .
B ASIC C ONFIGURATION 3-39 Sending Simple Mail Transfer Protocol Alerts T o alert system administr ators of problems, the switc h can use SMTP (Simple Mail T ransfer Protocol) to se nd email messages when trig g ered by log ging events of a specified level.
C ONFIGURING THE S WITCH 3-40 We b – Click System, Log, SMTP . Enable SMTP , specify a source email address , and select the mini mum severit y level. T o add an IP address to the SMTP Ser ver List, type the new IP address in the SMTP Server field and click Add.
B ASIC C ONFIGURATION 3-41 CLI – Enter the IP addres s of at least one SMTP server , set the syslog severity lev el to trig ger an email mess age, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the log g ing sendmail command to complete the configuration.
C ONFIGURING THE S WITCH 3-42 CLI – Use the reloa d command to restart the switch. When prompted, confir m that you want to reset the switch. Note: When restarting the syste m, it will always run the Power-On Self-Test.
B ASIC C ONFIGURATION 3-43 • SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the t ime from the first server, if this fails it attempts an up date from the next server in the sequence. We b – Sele ct SNTP , Config uration.
C ONFIGURING THE S WITCH 3-44 Setting the Time Zone SNTP uses Coordinated Univ ersal Ti me (or UTC, formerly Greenwic h Mean Time, or GMT) based on the ti me at the Earth’ s prime meridian, zero deg rees longitude.
S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-45 Simple Network Management Protocol Simple Netw ork Manag ement Protoc ol (SNMP) is a communication protocol designed specifically fo r managing devices on a network. Equipment commonly managed with SN MP includes switches, routers and host computers .
C ONFIGURING THE S WITCH 3-46 • Access Mode - Read-Only – Specifies read-only acces s. Authorized management stations are only able to retri eve MIB objects. - Read/Write – Specifies read-write acces s. Authorized management stations are able to both re trieve and modify MIB objects.
S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-47 Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP addres s of the host (the targeted recipient).
C ONFIGURING THE S WITCH 3-48 CLI – This example adds a trap manager and enables both authentication and link-up , li nk-down traps . User Authentication Y ou ca n restrict manag eme nt access to this switch using the follo wi ng options: • User Acco unts – Manually con figure access rights on the switch for specified users.
U SER A UTHENTICATION 3-49 Command Attributes • Account List – Displ ays the current list of user accounts and associated access levels. (D efaults: admin, and guest ) • New Account – Displays conf iguration settings for a new account. - User Name – The name of the user.
C ONFIGURING THE S WITCH 3-50 CLI – Assign a user name to access-level 15 (i.e ., administrator), then specify the passw ord. Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passw ords.
U SER A UTHENTICATION 3-51 Command Usag e • By default, manag ement access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.
C ONFIGURING THE S WITCH 3-52 • RADIUS Settings - Global – Provides globally appl icable RADIUS s ettings. - ServerIndex – Specifies one of five RA DIUS s ervers that may be configured. The switch attempts authentication using the lis ted sequence of servers.
U SER A UTHENTICATION 3-53 We b – Click Securi ty , A uthentication Settings . T o configure local or remote authentication preferences , specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or T ACA CS+ authentication if selected, and click Apply .
C ONFIGURING THE S WITCH 3-54 CLI – Specify all the required paramete rs to enable log on authentication. Configuring HTTPS Y ou can configure the switch to enable the Secure Hypertext T ransfer Protocol (HTTPS) ov er the Secure So cket Layer (SSL), pro viding sec ure access (i.
U SER A UTHENTICATION 3-55 • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https:// device [: port_number ] • When you start HTTPS, the connect ion is established in this way: - The client authenticates the server using the server’s digital certi ficate.
C ONFIGURING THE S WITCH 3-56 We b – Click Security , HTTPS Settings . Enable HTTPS and specify the port number, then click Apply . Figure 3-26 HTTPS Settings CLI – This example enables the HTTP secur e ser ver and mod ifies the port number .
U SER A UTHENTICATION 3-57 When you hav e obtained these, place them on your TFTP se r ver , and use the following command at the switch's command-line interface to replac e the default (unrecognized) certif icate with an authorized one: Note: The switch must be reset for the ne w certificate to be activated.
C ONFIGURING THE S WITCH 3-58 Command Usag e The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then th.
U SER A UTHENTICATION 3-59 3. Import Client’ s Public Key to the Switch – Use the cop y tftp public-key command (page 4-89) to copy a file containing the public key for all the SSH client’ s g ranted management access to the switch.
C ONFIGURING THE S WITCH 3-60 e. T he switch compares the decr ypted bytes to the original bytes it sent. If the two sets match, this mean s that the client's pri vate ke y corresponds to an authorized pu blic key , and the client is authenticated.
U SER A UTHENTICATION 3-61 the client to select either DES (5 6-bit) or 3DES (168-bit) for data encryption. • Save Host-Key from Memory to Flash – Saves the host key from RAM (i.e., volatil e memory to flash memory. Otherwise, the host key pair is stored to RAM by default.
C ONFIGURING THE S WITCH 3-62 CLI – This example g enerates a host-key pair using both the RSA and DSA alg orithms , stores the keys to flash memor y , and then displays the host’ s public keys . Configuring the SSH Server The SSH se r ver includes basic settings for authentication.
U SER A UTHENTICATION 3-63 • SSH Authentication Retries – Spec ifies the number of authentication attempts that a client is allowed before authentication fails and the client has to resta rt the authentica tion process. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Specifies the SSH server key size.
C ONFIGURING THE S WITCH 3-64 CLI – This example enables SSH, sets the authentication parameters , and display s the cur rent configur ation. It shows that the administrator has made a connection via SHH, and then disables this connection.
U SER A UTHENTICATION 3-65 already in the address table will be retained and will not ag e out. Any other device that attempts to u se the port will be prevented fr om accessing the switch. Command Usag e • A secure port has the following restrictions: - It cannot use port monitoring.
C ONFIGURING THE S WITCH 3-66 We b – Click Securi ty , P ort Security . Set the action to tak e when an inv alid address is dete cted on a port, mark the checkbo x in the Status column to enable security for a port, set the maximum number of MA C addres ses allow e d on a port, and click Apply .
U SER A UTHENTICATION 3-67 This switch uses the Extensible Authentication Protocol ov er LANs (EAPOL) to exc hang e authentication protocol messages with the client, and a remote RADIUS authe ntication ser ver to v erify u ser identity and access rights .
C ONFIGURING THE S WITCH 3-68 • The RADIUS server and 802.1X clie nt support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) • The RADIUS server and client al so have to support the same EAP authentication type – MD5.
U SER A UTHENTICATION 3-69 CLI – This example sho ws the default gl obal setting for 802.1X. Configuring 802.1X Global Settings The 802.1X protocol includes por t au thentication. The 802.1X protocol must be enabled globally for the swit ch system before port settings are active .
C ONFIGURING THE S WITCH 3-70 CLI – This example enables 802.1X globally for the switch. Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that r uns betwee n the client and the switc h (i.
U SER A UTHENTICATION 3-71 • Max-Req – Sets the maximum number of times the swit ch port will retransmit an EAP reque st packet t o the client before it times out the authentication session.
C ONFIGURING THE S WITCH 3-72 CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields di splayed in this exam ple, see “show dot1x” on page 4-115.
U SER A UTHENTICATION 3-73 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol ex changes for any port. Table 3-5 802.1X Statistics Parameter Description Rx EAPOL Start Th e number of E APO L Start frames that have been received by this Authen ticator.
C ONFIGURING THE S WITCH 3-74 We b – Select Security , 802.1X , Statistics. Select the required por t and then click Query . Click R efresh to update the statistics . Figure 3-33 Displaying 802.1X Port Statistics CLI – This example displays the 802.
U SER A UTHENTICATION 3-75 Filtering Addresses for Management Access Y ou create a list of up to 16 IP addr esses or IP address groups that are allow ed manag ement access to the switch through the w eb interface, SNMP , or T elnet. Command Usag e • The management interfaces are open to all IP addresses by default.
C ONFIGURING THE S WITCH 3-76 • Start IP Address – A single IP address, or the starti ng address of a range. • End IP Address – The end address of a range. • Add/Remove Filtering Entry – Adds/removes an IP add ress from the list. We b – Click Security , IP Filter.
A CCESS C ONTR OL L ISTS 3-77 CLI – This example allows SNMP access for a specific client. Access Control Lists Access Control Lists (A CL) provide packet filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control co de) or any frames ( based on MA C addres s or Ethernet type).
C ONFIGURING THE S WITCH 3-78 Command Usag e The following restrictions apply to A CLs: • Each ACL can have up to 32 rules. • The maximum number of ACLs is 88. • However, due to resource restrictions, th e average number of rules bound to the ports should not exceed 20.
A CCESS C ONTR OL L ISTS 3-79 - MAC : MAC ACL mod e that filters packets base d on the source or destination MAC address and the Ethernet frame type (RFC 1060).
C ONFIGURING THE S WITCH 3-80 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain any comb ination of permit or deny rules.
A CCESS C ONTR OL L ISTS 3-81 We b – Spec ify the action (i.e., P er mit or Deny). Select the addr ess type (Any , Host, or IP). If you select “Hos t,” enter a specific address . If you select “IP , ” enter a subnet address and the mask for an address range.
C ONFIGURING THE S WITCH 3-82 to specify a range of addresses with the Address and SubMask fields. (Options: Any, Host, IP; Default: Any) • Source/Destination Address – Source or destination IP address. • Source/Destination Subnet Mask – Subnet mask for source or destination address.
A CCESS C ONTR OL L ISTS 3-83 For example, use the code value and mask below to catc h packets with the following flags set: - SYN flag valid, use control-code 2, control bitmask 2 - Both SYN and ACK valid, use c ontrol-code 18, control bitmask 18 - SYN valid and ACK invalid, use control-code 2, control bitmask 18 We b – Specify the action (i.
C ONFIGURING THE S WITCH 3-84 3. P er mit all TCP packets from cla ss C addresses 192.168.1.0 with the TCP control code set to “SYN .” Configuring a MAC ACL Command Attributes • Action – An ACL can contain any comb ination of permit or deny rules.
A CCESS C ONTR OL L ISTS 3-85 We b – Specify the action (i.e ., Permit or Deny). Specify the source and/ or destination addresses . Select the addr ess type (Any , Host, or MA C). If you select “Host, ” enter a specific ad dress (e.g ., 11-22-33-44-55-66).
C ONFIGURING THE S WITCH 3-86 Binding a Port to an Access Control List After configuring Access Control Lists (A CL), you should bind them to the por t s th at n eed to filt er traf fic. Y ou can ass ig n one IP a cce ss l is t to any port, but you can only assign one MAC access list to a ll the por ts on the switch.
A CCESS C ONTR OL L ISTS 3-87 We b – Click Security , ACL, P ort Binding. Mark the Enabled fie ld for the port you w ant to bind to an A CL, select the required ACL from the drop-down list, then clic k Apply .
C ONFIGURING THE S WITCH 3-88 Port Configuration Displaying Connection Status Y ou can use the Port Infor mation or T r unk Infor mation pages to display the current connection status, includ ing link state, speed/duplex mode, flow control, and auto-neg otiation.
P ORT C ONFIGURATION 3-89 We b – Click P ort, Port Infor mation or T runk Infor mation. Figure 3-40 Displaying Port/Trunk Inform ation Field Attributes (CLI) Basic Infor mation: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physi cal layer address for this port.
C ONFIGURING THE S WITCH 3-90 - 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-duplex operation - 1000full - Sup.
P ORT C ONFIGURATION 3-91 CLI – This example shows the connection status f or Port 5. Configuring Interface Connections Y ou can use the Port Configuration or T r unk Configuration page to enable/disable an interface, set auto-neg otiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
C ONFIGURING THE S WITCH 3-92 • Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotia ti on is enabled, you need to specify the c apabilities to be adve rtised . When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.
P ORT C ONFIGURATION 3-93 We b – Click P or t, P or t Configuration or T r unk Configuration. Modify the required interface settings, and clic k Apply . Figure 3-41 Port/Trunk Configuration CLI – Select the interface , and then enter the required settings .
C ONFIGURING THE S WITCH 3-94 automatically negotiate a tr unked link with LA CP-configured ports on another device. Y ou can configure any number of ports on the switch as LA CP , as long as they are not already conf i g u r e d a s p a r t o f a s t a t i c t r u n k .
P ORT C ONFIGURATION 3-95 Statically Configuring a Trunk Command Usag e • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
C ONFIGURING THE S WITCH 3-96 We b – Click P ort, T r unk Membership . Enter a tr unk ID of 1-4 in the T r unk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding port s to the member list, click Apply .
P ORT C ONFIGURATION 3-97 CLI – This example creates tr unk 2 with ports 1 and 2. Just connect these ports to two static trunk por ts on another switch to for m a tr unk.
C ONFIGURING THE S WITCH 3-98 • A trunk formed with another switch using L ACP will automatically be assigned the next available trunk ID. • If more than eigh t ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
P ORT C ONFIGURATION 3-99 CLI – The following example enables LA CP for por ts 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to for m a tr unk.
C ONFIGURING THE S WITCH 3-100 Note: If the port channel admin key (lac p admin key, page 4-171) is not set (through the CLI) when a channel group is formed (i.
P ORT C ONFIGURATION 3-101 We b – Click P ort, LA CP , Ag g reg ation P ort. Set the System Priori ty , Admin Key , and P or t Priority for t he P or t Actor.
C ONFIGURING THE S WITCH 3-102 CLI – The following example configures LACP parameters for por ts 1-4. P or ts 1-4 are used as active members of the LA G .
P ORT C ONFIGURATION 3-103 Displaying LACP Port Counters Y ou can display statistics for LA CP protocol messages. We b – Click P ort, LACP , P ort Counters Infor mation.
C ONFIGURING THE S WITCH 3-104 CLI – The follo wing example displa ys LA CP counters . Displaying LACP Settings a nd Status for the Local Side Y ou can display configuration settin gs and the operational state for the local side of an link ag g reg ation.
P ORT C ONFIGURATION 3-105 LACP Port Priority LACP port priority assigned to th is interface within the ch annel group. Admin State, Oper State Administrati ve or operational values of the act or’s .
C ONFIGURING THE S WITCH 3-106 We b – Click P ort, LA CP , P ort Inter nal Infor mation. Select a por t channel to display the corresponding infor mation. Figure 3-46 LACP - Port Internal Information CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the local side of port channel 1.
P ORT C ONFIGURATION 3-107 Displaying LACP Settings a nd Status for the Remote Side Y ou can display configuration settin gs and the operational state for the remote side of an link ag g regation. Table 3-8 LACP Nei ghbor Configuration Infor mation Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the us er.
C ONFIGURING THE S WITCH 3-108 We b – Click P ort, LA CP , P ort Neighbors Infor mation. Select a por t channel to display the corresponding infor mation. Figure 3-47 LACP - Port Neighbors Informat ion CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the remote side of por t channel 1.
P ORT C ONFIGURATION 3-109 Setting Broadcast Storm Thresholds Broadcast stor ms may occur when a device on your network is malfunctioning, or if application pr ograms are not well designed or properly configur ed. If there is to o muc h broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
C ONFIGURING THE S WITCH 3-110 We b – Click P ort, Port/T r unk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and click Apply .
P ORT C ONFIGURATION 3-111 CLI – Specify any interfa c e, and th en enter the threshold. The following disables broadcast stor m control fo r por t 1, and then sets broadcast suppression at 600 octets per second fo r port 2 (which applies to all por ts).
C ONFIGURING THE S WITCH 3-112 Command Attributes • Mirror Sessions – Displays a list of current mirror sessions. • Source Unit – The unit whose port traffic will be monitored.
P ORT C ONFIGURATION 3-113 Configuring Rate Limits This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on a por t. Rate limiting is configured on ports at the edg e of a network to limi t traffic coming into or out of the networ k.
C ONFIGURING THE S WITCH 3-114 CLI - This example sets and displays Fa st Ethernet and Gigabit Ether net granularity . Rate Limit Configuratio n Use the rate limit configurati on pag es to apply rate limiting . Command Usag e • Input and output rate limit can be enabl ed or disabled for individual interfaces.
P ORT C ONFIGURATION 3-115 We b – Click P or t, Rate Limit, Input/Ou tput P ort/T r unk Configuration. Enable the Rate Limit Status for the required interfaces, set the Rat e Limit Level, and clic k Appl y .
C ONFIGURING THE S WITCH 3-116 Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as MC EliteView. Table 3-9 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets receiv ed on the interface, including framing characters.
P ORT C ONFIGURATION 3-117 Transmit Mult icast Packets The total number of pa ckets that higher-level protocols requested be transmitted, a n d which were addressed to a multicast address at this su b-layer, including those that were discarded or not sent.
C ONFIGURING THE S WITCH 3-118 Multiple Collision Frames A count of successfull y transmit ted frames for which transmission is inhibited by more than one collision. Carrier Sense Er rors The number of times that the carrier se nse condition was lost or never asserted when attempting to transmit a frame.
P ORT C ONFIGURATION 3-119 Multicast Frames The total number of good frames received that were directed to this mu lticast address. CRC/Alignment Errors The number of CRC /alignment e rrors (FCS or alignment errors).
C ONFIGURING THE S WITCH 3-120 We b – Click P ort, Port Statistics . Select the require d interface, and click Quer y . Y ou can also use the Refresh button at the bottom of the page to update the screen.
P ORT C ONFIGURATION 3-121 CLI – This example shows statistics for port 13. Console#show interfaces counters ethern et 1/13 4-155 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 34.
C ONFIGURING THE S WITCH 3-122 Address Table Settings Switches store the addresses for all known devices . This infor mation is used to pass traffic directly betwee n the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table.
A DDR ESS T ABLE S ETTINGS 3-123 We b – Click Address T able, Static Addresses . Specify the interface, the MA C address and VLAN , then click Add Static Address . Figure 3-53 Configuring a Static Address Table CLI – This example adds an address t o th e static address table, but sets it to be deleted when the switch is reset.
C ONFIGURING THE S WITCH 3-124 • MAC Address – Physical addres s associated with this interface. • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort th e information displayed based on MAC address, VLAN or interface (port or trunk).
S PANNING T REE A LGORITHM C ONFIGURATION 3-125 Changing the Aging T ime Y ou can se t the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the function. • Aging Time – The time after which a learned entry is discarded.
C ONFIGURING THE S WITCH 3-126 The spanning tree alg orithms supported by this switch include these vers ions: • STP – Spanning Tree Protocol (IEEE 802.
S PANNING T REE A LGORITHM C ONFIGURATION 3-127 that can be used when a node or por t fails , and retaining the forwarding database for ports insensitive to c h anges in the tree str ucture when reconfiguration occurs .
C ONFIGURING THE S WITCH 3-128 • Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root.
S PANNING T REE A LGORITHM C ONFIGURATION 3-129 • Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i .e., discarding to learning to forwarding ). This delay is re quired because ever y device must receive information about topology changes befo re it starts to forward frames.
C ONFIGURING THE S WITCH 3-130 CLI – This command displays global STA settings , follow ed by settings for each port . Note: The current root port and current r oot cost display as zero when this device is not connected to the network.
S PANNING T REE A LGORITHM C ONFIGURATION 3-131 Configuring Global Settings Global settings apply to the entire switch. Command Usag e • Spanning Tree Algorithm 6 Uses RSTP for the internal state machine, but sends only 802.
C ONFIGURING THE S WITCH 3-132 • Priority – Bridge priority is used i n se lecting the root de vice, root port, and designa ted port. The device wi th the highest priority becomes the STA root device. However, if all de vices have the same priority, the device with the lowest MAC add ress will then become the root devic e.
S PANNING T REE A LGORITHM C ONFIGURATION 3-133 • Forward Delay – The maximum time (in seconds) this device will wai t before changing states (i.e., discardi ng to learning to forwarding). This delay is required because every device must re ceive information about topology changes before it starts to forward frames.
C ONFIGURING THE S WITCH 3-134 We b – Click Spanning T ree, ST A, Conf iguration. Modify the re quired attributes , and click Apply . Figure 3-57 STA Configuration CLI – This example enables Spanning T ree Protocol, sets the mode to RSTP , and then config ures the STA a nd RSTP parameters .
S PANNING T REE A LGORITHM C ONFIGURATION 3-135 Displaying Interface Settings The STA P ort Infor mation and STA T runk Infor mation pages display the cur rent status of ports and tr unks in the Spanning T ree. Field Attributes • Spanning Tree – Shows if STA has been enabled on this interface.
C ONFIGURING THE S WITCH 3-136 • Designated Port – The port priority and number of the port on the designated brid ging device th rough which this switch must communicate with the root of the Spanning Tree. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.
S PANNING T REE A LGORITHM C ONFIGURATION 3-137 • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only) These additional parameters ar e only displa yed for the CLI: • Admin status – Shows if this interface is enabled.
C ONFIGURING THE S WITCH 3-138 • Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state .
S PANNING T REE A LGORITHM C ONFIGURATION 3-139 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP attributes fo r specific interfaces, including port priority , path cost, link type, and edge port.
C ONFIGURING THE S WITCH 3-140 contradictory information. Port addr ess table is cleared, and the port begins learning addresses. - Forwarding - Port forwards packets, and continues learning addresses. • Trunk – Indicates if a port is a member of a trunk.
S PANNING T REE A LGORITHM C ONFIGURATION 3-141 - D e f a u l t – - Ethernet – Half duplex: 2,000,00 0; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half duplex : 200,000; full duplex: 100,000; trunk: 50,000 - Gigabit Ethernet – Full duplex: 10,000; trunk: 5,000 • Admin Link Type – The link type atta ched to this interface.
C ONFIGURING THE S WITCH 3-142 We b – Click Spanning T ree, ST A, Port Configuration or T runk Configuration. M odify the required attributes , then click Apply . Figure 3-59 STA Port Configuration CLI – This example set s STA attribu tes for por t 7.
VLAN C ONFIGURATION 3-143 VLANs help to simplify network mana g ement by allowing you to mo ve devices to a new VLAN without ha ving to change any physical connections .
C ONFIGURING THE S WITCH 3-144 Note: VLAN-tagged frames can pass thr ough VLAN-aware or VLAN-unaware network interconne ction devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging.
VLAN C ONFIGURATION 3-145 Automatic VLAN Registration – GVRP (GARP VLAN R egistration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each end station should be a ssigned. If an end station (or its netw ork adapter) suppor ts the IEEE 802.
C ONFIGURING THE S WITCH 3-146 F orwarding T agged/Untagged F rames If you w ant to create a small por t-based VLAN for devices attached directly to a single switch, y ou can assign ports to the same untag ged VLAN .
VLAN C ONFIGURATION 3-147 Enabling or Disabling GVR P (Global Setting) GARP VLAN Re gistration Protocol (GVR P) defines a way for switc hes to ex chang e VLAN infor mation in or der to register VLAN members on ports across the network.
C ONFIGURING THE S WITCH 3-148 • Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch. We b – Click VLAN , 802.1Q VLAN , Basic Infor mation. Figure 3-61 VLAN Basic Information CLI – Enter the follo wing command.
VLAN C ONFIGURATION 3-149 • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP : Automatically learned via GVRP. - Permanent : Added as a static entry. • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members.
C ONFIGURING THE S WITCH 3-150 • Status – Shows if this VLAN is enabled or disabled. - Active : VLAN is operational. - Suspend : VLAN is suspended; i.e., does not pa ss packets. • Ports / Channel groups – Shows the VLAN interface members. CLI – Current VLAN infor mation can be displayed with the following command.
VLAN C ONFIGURATION 3-151 • State (CLI) – Enables or disables the specified VLAN. - Active : VLAN is operational. - Suspend : VLAN is suspended; i.e., does not pa ss packets. • Add – Adds a new VLAN group to the current list. • Remove – Removes a VLAN group from the curr ent list.
C ONFIGURING THE S WITCH 3-152 Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port membe rs for the selected VLAN index. Assign ports as tag g ed if they are connected to 802.1Q VLAN compliant devices , or untag ged they are not connected to any VLAN-aware devices .
VLAN C ONFIGURATION 3-153 • Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - Tagged : Interface is a member of th e VLAN. All packets transmitted by the port will be tagged, that is, carry a tag and therefore carry VLAN or CoS information.
C ONFIGURING THE S WITCH 3-154 We b – Click VLAN , 80 2.1Q VLAN , Static T able. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required . Select the membership type by marking the a ppropriate radio button in the list of ports or tr unks .
VLAN C ONFIGURATION 3-155 • Member – VLANs for which the selected interface is a tagged member. • Non-Member – VLANs for which the sele cted interface is not a tagged member. We b – Open VLAN , 802.1Q VLAN , Static Membership by P or t. Select an interface from the scroll-do wn box (P or t or T r unk).
C ONFIGURING THE S WITCH 3-156 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavior for specific interface s , including the default VLAN identifier (PVID), acce pt ed frame types , ingress filtering, GVRP status , and GARP timers .
VLAN C ONFIGURATION 3-157 - If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member , these frames will be flooded to all other ports (except for those VLANs explici tly forbidden on this port).
C ONFIGURING THE S WITCH 3-158 • Mode – Indicates VLAN membership mode f or an interface. (Default: Hybrid) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify t h e source VLAN.
VLAN C ONFIGURATION 3-159 CLI – This example sets por t 3 to ac ce pt only tag ged frames, assigns PVID 3 as the nativ e VLAN ID , enables GVRP , sets the GARP timers , and then sets the switc hpor t mode to hybrid. Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN .
C ONFIGURING THE S WITCH 3-160 T o configure priv ate VLANs , follow these steps: 1. Use the Priv ate VLAN Configurati on menu (page 3-161) to designate one or more isolated and commun ity VLANs , and the primary VLAN that will channel traffic outside of the VLAN groups .
VLAN C ONFIGURATION 3-161 We b – Click VLAN , Priv ate VLAN , Infor mation. Select the desired port from the VLAN ID drop-down menu. Figure 3-67 Private VLAN Information CLI – This example shows the switch configured with primar y VLAN 5 and secondar y VLAN 6.
C ONFIGURING THE S WITCH 3-162 • Type – There are three types of VLANs within a private VLAN: - Primary VLANs – Conveys traffic between promiscuous ports, and to community ports wi thin secondary VLANs. - Community VLANs - Conveys traffic betw een community ports, and to their associat ed promiscuous ports.
VLAN C ONFIGURATION 3-163 Associating VLANs Each community or isolated VLAN mu st be associated with a primar y VLAN . Command Attributes • Primary VLAN ID – ID of primary VLAN (1-4094). • Association – Community or isolated VLANs associated with the selected primary VLAN .
C ONFIGURING THE S WITCH 3-164 Displaying Private VLAN Interface Information Use the Pri vate VLAN P or t Infor mation and Priv ate VLAN T runk Infor mation menus to display the interfaces associated with priv ate VLANs . Command Attributes • Port/Trunk – The switch interface.
VLAN C ONFIGURATION 3-165 We b – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private VLAN Port Information CLI – This example shows the switch configured with primar y VLAN 5 and comm unity VLAN 6.
C ONFIGURING THE S WITCH 3-166 - Host – The port is a community port and can only communicate with other ports in its own community VLAN , and with the designated promiscuous port (s). - Promiscuous – A promiscuous port ca n communicate with all interfaces within a priv ate VLAN .
VLAN C ONFIGURATION 3-167 We b – Click VLAN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Ty pe for each port that will join a private VLAN. For promiscuous ports, set the associated primary VLAN. For host ports, set the associated sec ondary VLAN.
C ONFIGURING THE S WITCH 3-168 Class of Service Configuration Class of Ser vice (CoS) allo ws you to specify whic h data pack ets have g reater precedence when traffic is buffered in the switch due to congestion. Th is switch supports CoS with four priority queues for eac h port.
C LASS OF S ER VICE C ONFIGURATION 3-169 Command Attributes • Default Priority 9 – The priority that is assigned to untagged frames received on the specified interface. (Range: 0-7, Default: 0) • Number of Egress Traffic Class es – The number of queu e buffers provided for each port.
C ONFIGURING THE S WITCH 3-170 Mapping CoS Values to Egress Queues This switch processes Class of Servic e (CoS) priority tag ged traffic by using four priority queues for ea ch port, with ser vice schedules based on strict or W eighted Round R obin (W RR).
C LASS OF S ER VICE C ONFIGURATION 3-171 Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class 10 – Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) We b – Click Priority , T raffic Classes .
C ONFIGURING THE S WITCH 3-172 Selecting the Queue Mode Y ou can set the switch to ser vice the queues based on a strict ru le that requires all traffic in a higher priori ty queue to be proc essed before lower priority que ues are ser viced, or use W eighted R ound-Robin (WRR) queuing that specifies a relative w eight of each queue.
C LASS OF S ER VICE C ONFIGURATION 3-173 Setting the Service Weight for Traffic Classes This switch uses the W eighted R ound Robin (WRR) algorithm to deter mine the frequency at which it ser vi ces each priority queue.
C ONFIGURING THE S WITCH 3-174 CLI – The following example sho ws how to assign WRR weights to eac h of the priority queues . Layer 3/4 Priority Se ttings Mapping Layer 3/4 Prio rities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements .
C LASS OF S ER VICE C ONFIGURATION 3-175 Selecting IP Precedence/DSCP Priority The switch allows you to choos e be tween using IP Precedence or DSCP priority . Select one of the me thods or disable this feature. Command Attributes • Disabled – Disables both priority services .
C ONFIGURING THE S WITCH 3-176 Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. • Class of Service Value – Maps a CoS value to the selected IP Precedence value. Note that “0” represents low priority and “7” represent high priority.
C LASS OF S ER VICE C ONFIGURATION 3-177 CLI – The following example globally enables IP Precedence ser vice on the switch, maps IP Precedence valu e 1 to CoS v alue 0 (on por t 1), and then displa ys the IP Precedence settings .
C ONFIGURING THE S WITCH 3-178 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. • Class of Service Value – Maps a CoS value to the selected DSCP Priority value. Note that “0” represents low priority and “7” represent high priority.
C LASS OF S ER VICE C ONFIGURATION 3-179 CLI – The following example globally enables DSCP Priority ser vice on the switch, maps DSCP v alue 0 to CoS value 1 (on por t 1), and then displays the DSCP Priority settings.
C ONFIGURING THE S WITCH 3-180 We b – Click Priority , IP P or t Priority Status . Set IP P o rt P riority Status to Enabled. Figure 3-79 IP Port Priority Status Click Priority , IP Port Priority . Enter the port number for a network application in the IP P or t Number box and the new CoS value in the Class of Ser vice box, and then click Apply .
C LASS OF S ER VICE C ONFIGURATION 3-181 CLI – The following example globally enables IP P or t Priority ser vice on the switch, maps HTTP traffic on por t 5 to CoS value 0, and then displays all the IP P or t Priority settings for that por t.
C ONFIGURING THE S WITCH 3-182 • ACL CoS Priority Mapping – Displays the configured information. * F or in for mation on config uring A C Ls , see pag e 3-77. We b – Click Priority , A CL CoS Priority . Enable mapping for any port, select an A CL from the scroll-down list, then click Add.
M ULTICAST F ILTERING 3-183 Multicast Filtering Multicasting is used to support real-time applications such as videoconf erencing or streaming audio . A multicast ser ver does not hav e to establish a separate connection with each client.
C ONFIGURING THE S WITCH 3-184 Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If mult icast routing is not supported on other switches in y our network, you can use IGMP Snooping and Qu.
M ULTICAST F ILTERING 3-185 multicasti ng, one of these devi ces is elected “queri er” and assumes the role of querying the LAN for grou p members. It then propagates the service requests on to any upstream multicast switch/router to ensure that it will continue to r eceive the multicast service.
C ONFIGURING THE S WITCH 3-186 Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. We b – Click IGMP Snooping, IGMP C onfiguration. Adjust the IGMP settings as required, and then click Apply .
M ULTICAST F ILTERING 3-187 Displaying Interfaces Atta ched t o a Mul ticast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP , along with a mu lticast routing protocol suc h as D VMRP or PIM, to support IP multicasting across the Internet.
C ONFIGURING THE S WITCH 3-188 CLI – This exam ple shows that P ort 11 ha s been statically configured as a port attached to a m ulticast router . Specifying Static Interfaces for a Multicast Router Depending on your netw ork connections, IGMP snooping ma y not always be able to locate the IGMP querier .
M ULTICAST F ILTERING 3-189 We b – Click IGMP Snooping, Static Mult icast Router P ort Configuration. Specify the interfaces attached to a m ulticast router , indicate the VLAN which will forward all the corresponding multicast traffic, an d then click Add.
C ONFIGURING THE S WITCH 3-190 We b – Click IGMP Snooping, IP Multic ast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from the scroll-down lists . T he switch will display all the in terfaces that are propagating this multicast ser vice.
M ULTICAST F ILTERING 3-191 Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Quer y messages as descri bed in “Configuring IGMP snooping and Quer y P arameters” on page 3-133.
C ONFIGURING THE S WITCH 3-192 We b – Click IGMP Snooping, IGMP Member Port T able. Specif y the interface attached to a m ulticast ser v ice (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast ser vice, specify the multicast IP address , and click Add.
4-1 C HAPTER 4 C OMMAND L INE I NTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manag ement interf ac.
C OMMAND L INE I NTERFACE 4-2 After connecting to the system throug h the console port, the login screen displays: Telnet Connection T elnet operates over the IP transpor t protocol. In this environment, your management station and any network de vice you want to manage over the network m ust have a v alid IP address .
U SING THE C OMMAN D L INE I NTERFACE 4-3 2. At the prompt, enter the user name and system password. The CLI will display the “Vty- n #” prompt for the administra tor to show that you are using privileged access mode (i.e ., Privileged Exec), or “Vt y - n >” for the guest to sho w that you are using nor mal access mode (i.
C OMMAND L INE I NTERFACE 4-4 Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keyw ords and arguments . Keywords identify a command, and argu ments specif y configuration parameters.
E NTERING C OMMANDS 4-5 Command Completion If you ter minate input with a T ab key , the CLI w ill print the remaining characters of a partial keyw ord up to the point of ambiguity . In the “log ging histor y” example, typing log follo wed by a tab w ill result in printing the command up to “ logging .
C OMMAND L INE I NTERFACE 4-6 Showing Commands If you enter a “?” at the command prompt, the system will display the first level of ke y words for the current command class (Nor mal Exec or Privileged Exec) or conf ig uration class (Gl obal, A CL, Interface, Line or VLAN Database).
E NTERING C OMMANDS 4-7 The command “ show interfaces ? ” will display the following informati on: Partial Keyword Lookup If you t e r minate a partial keyw ord with a question mark, alt e rnatives t hat match the initial letters are pro vided. (Remember not to leave a space between the command and question mark.
C OMMAND L INE I NTERFACE 4-8 Understanding Command Modes The command se t is divided into Ex ec and Configuration classes. Exec commands generally display infor mation on system status or clear statistical counters . Configuration commands , on the other hand, modify interface para meters or enable cert ain switching functions .
E NTERING C OMMANDS 4-9 Privileged Exec mode from within Nor m al Exec mode, b y entering the enab le comm and, followed b y the privileged level password “super” (page 4-37).
C OMMAND L INE I NTERFACE 4-10 • Line Configuration - These commands modify the console port and Telnet configuration, and include com mand such as parity and databits . • VLAN Configuration - Includes the command to create VLAN groups. T o enter the Global Configurat ion mode, ent er the command configure in Privileged Exec mode.
E NTERING C OMMANDS 4-11 Command Line Processing Commands are not case sensiti ve. Y ou can abbreviate commands and parameters as long as they contain e nough le tters to differentiate them from any other cur rently av ailable co mmands or parameters .
C OMMAND L INE I NTERFACE 4-12 Command Groups The system commands can be broken do wn into the functional g roups shown belo w . Table 4-4 Command Groups Command Group Description Page Line Sets commu.
C OMMAND G RO UP S 4-13 The acce ss mode shown in the following tables is indicated by these abbreviations: NE (Nor mal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) .
C OMMAND L INE I NTERFACE 4-14 Line Commands Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the ser ver’ s ser ial por t. These commands are used to set communication pa rameters for the se rial port or T elnet (i.
L INE C OMMANDS 4-15 line This command id entifies a specific lin e for configuration, and to process subsequent line configuration commands . Syntax line { console | vty } - console - Console te rminal li ne. - vty - Virtual terminal for remote console access (i.
C OMMAND L INE I NTERFACE 4-16 login This command e nables password c hecking at login. Use the no for m to disable password checking and allo w connections without a password. Syntax login [ local ] no login local - Selects local passw ord checki ng .
L INE C OMMANDS 4-17 Example Related Commands username (4-36) password (4-17) password This command spec ifies the password for a line . Use the no for m to remov e the password.
C OMMAND L INE I NTERFACE 4-18 configuration file from a TFTP serv er. There is no need for y ou to manually con figure encrypted passwords. Example Related Commands login (4-16) passw ord-thresh (4-20) timeout login response This command sets the inter val that the system waits for a user to log into the CLI.
L INE C OMMANDS 4-19 Example T o set the timeout to two minutes , enter this command: Related Commands silent-time (4-21) exec-timeout (4-14) exec-timeout This command sets the inter val that the system waits until user input is detected. Use the no for m to restore the defa ult.
C OMMAND L INE I NTERFACE 4-20 Example T o set the timeout to two minutes , enter this command: Related Commands silent-time (4-21) timeout login response (4-13) password-thresh This command sets the password intr usion threshold which limits the number of failed logon attempts.
L INE C OMMANDS 4-21 Example T o set the passw ord threshold to fiv e attempts, enter this command: Related Commands silent-time (4-21) timeout login response (4-13) silent-time This command sets the .
C OMMAND L INE I NTERFACE 4-22 databits This command sets the number of data bits per character that are interpreted and ge nerated by the console port. Use the no form to restore the default value. Syntax databits { 7 | 8 } no databits - 7 - Seven data bi ts per character.
L INE C OMMANDS 4-23 parity This command de fines the genera tion of a parity bit. Use the no for m to restore the defaul t setting. Syntax parity { none | even | odd } no parity - none - No parity - .
C OMMAND L INE I NTERFACE 4-24 Default Setting 9600 Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the dev ice connected to the serial port. Some baud rates availa ble on devices connected to the port might not be suppor ted.
L INE C OMMANDS 4-25 disconnect This command ter minates an SSH, T elnet, or console connection. Syntax disconnect session-id sessio n-id – The se ssion identifier for an SSH, T elne t or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection.
C OMMAND L INE I NTERFACE 4-26 Example T o show all lines , enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabl.
G ENERAL C OMMANDS 4-27 General Commands enable This command activates Privileged Exec mode. In privileg ed mode, additional comm ands are available, and certain comman ds display additional infor mation. See “Und erstanding Command Modes” on page 4-8.
C OMMAND L INE I NTERFACE 4-28 Command Mode Nor mal Exec Command Usage • “super” is the default password r e quired to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on page 4-37.
G ENERAL C OMMANDS 4-29 Example Related Commands enable (4-27) configure This command activa tes Global Config uration mode. Y ou must ent er this mode to modify any settings on the switch.
C OMMAND L INE I NTERFACE 4-30 Command Usage The histor y buffer size is fixed at 10 Ex ecution commands and 10 Configuration commands . Example In this example, the sho w histor y command lists the c.
G ENERAL C OMMANDS 4-31 Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: end This comm and returns to Privileg ed Exec mode . Default Setting None Command Mode Global Configuration, Interface Configuration, Line C onfiguration, and VLAN Database Configuration.
C OMMAND L INE I NTERFACE 4-32 Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode , and then quit the CLI session: quit This command exits the configuration prog ram.
S YSTEM M ANAGEMENT C OMMANDS 4-33 System Management Commands These commands are use d to control sy stem logs , passwords , user names, browser configuration options , and disp lay or configure a va riety of other system infor mation.
C OMMAND L INE I NTERFACE 4-34 prompt This command customizes the CLI prompt. Use the no for m to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt.
S YSTEM M ANAGEMENT C OMMANDS 4-35 Example User Access Commands The basic comm ands required for management access are listed in this section. This sw itch also includes ot her options for passw ord c.
C OMMAND L INE I NTERFACE 4-36 username This command adds nam ed users , requires authentication at login, specifies or changes a user's password (or spec ify that no password is required), or specifies or change s a user's access level. Use the no form to remov e a user name.
S YSTEM M ANAGEMENT C OMMANDS 4-37 Command Usage The en cr ypted password is requir ed for compatibility with leg acy passw ord settings (i.e ., plain text or encr ypted) when reading the configuration file duri ng system bootup or when downloading the configuration file from a TFTP se r ver .
C OMMAND L INE I NTERFACE 4-38 Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-27). • The encrypted password is required for compatibility with le gacy password settings (i.
S YSTEM M ANAGEMENT C OMMANDS 4-39 management This command spec ifies the client IP address es that are al lowed management access to the switch th rough various protocols .
C OMMAND L INE I NTERFACE 4-40 • You can delete an address range just by specifying the sta rt address, or by specifying both the start address and end address.
S YSTEM M ANAGEMENT C OMMANDS 4-41 Example Web Server Commands Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address --------------------------------------- -------- 1. 192.168.1.19 192.168.1.19 2. 192.168.
C OMMAND L INE I NTERFACE 4-42 ip http port This command spec ifies the TCP port number used by the web bro wser interface. Use the no form to use the default port. Syntax ip http por t port-num ber no ip http por t port-number - T h e T C P p o rt t o b e u s e d b y t h e b r o w s e r i n te r f a c e .
S YSTEM M ANAGEMENT C OMMANDS 4-43 Example Related Commands ip http port (4-42) ip http secure-server This command enables the secure hy pertext transfer protocol (HTTPS) ov er the Secure Soc ket Layer (SSL), providing se cure access (i.e ., an encr ypted connection) to the switch’ s w eb interface.
C OMMAND L INE I NTERFACE 4-44 5.x and Netscape Navigator 6.2 or later versions. • The following web browsers and operating systems currently support HTTPS: • To specify a secure-site certific ate, see “Replacing the Defa ult Secure-site Certificate” on page 4-56.
S YSTEM M ANAGEMENT C OMMANDS 4-45 Command Mode Global Configuration Command Usage • You cannot configure the HTTP an d HTTPS servers to use the same port.
C OMMAND L INE I NTERFACE 4-46 Default Setting 23 Command Mode Global Configuration Example Related Commands ip telnet ser ver (4-46) ip telnet server This comm and allows this device to be monitored or configured from T elnet. Use the no for m to disable this function.
S YSTEM M ANAGEMENT C OMMANDS 4-47 Secure Shell Commands The Berkle y-standard includes remote access tools originally designed for Unix systems . Some of these tools hav e also been implemented for Microsoft Windows and other envir onments .
C OMMAND L INE I NTERFACE 4-48 The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then the password can.
S YSTEM M ANAGEMENT C OMMANDS 4-49 2. Provide Host Public Key to Clie nts – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it.
C OMMAND L INE I NTERFACE 4-50 a. The cli ent sends its public key to the switch. b. The switch compares the client's publ ic key to those stored in memor y . c. If a match is found, the switc h uses the public key to encr ypt a random sequence of bytes , and sends this string to the client.
S YSTEM M ANAGEMENT C OMMANDS 4-51 Example Related Commands ip ssh crypto host-key generate (4-53) show ssh (4-56) ip ssh timeout This command configures the timeout for the SSH ser ver .
C OMMAND L INE I NTERFACE 4-52 ip ssh authentication-retries This command configures the number of times the SSH ser ver a ttempts to reauthenticate a user .
S YSTEM M ANAGEMENT C OMMANDS 4-53 Command Usage • The server key is a privat e key that is never shared outside the switch . • The host key is shared with the SS H clie nt, and is fixed at 102 4 bits. Example delete public-key This command deletes the specified user’ s public key .
C OMMAND L INE I NTERFACE 4-54 Command Mode Privileged Exec Command Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save host-key command to save the host key pair to flash memory. • Some SSH client programs automati cally add the public key to the known hosts file as part of the c onfiguration process.
S YSTEM M ANAGEMENT C OMMANDS 4-55 Command Usage • This command clears the host key fr om volatile memory (RAM). Use the no ip ssh save host-k ey command to clear the host key from flash memory. • The SSH server must be disabl ed before you can execute this command.
C OMMAND L INE I NTERFACE 4-56 show ip ssh This command displays the connection settings us ed when authenticating client access to the SSH ser ver . Command Mode Privileged Exec Example show ssh This command displ ays the current SSH ser ver connections .
S YSTEM M ANAGEMENT C OMMANDS 4-57 show public-key This command shows the public k ey fo r the specified user or for the host. Syntax show public-k ey [ user [ user name ]| host ] user name – Name of an SSH us er . (Rang e: 1-8 characters) Default Setting Shows all public k e ys .
C OMMAND L INE I NTERFACE 4-58 Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is spec ified , then the public keys for all users are displayed. • When an RSA key is displayed, the first field indicates the size of the host key (e.
S YSTEM M ANAGEMENT C OMMANDS 4-59 Event Logging Commands logging on This command controls log ging of er ror messag es , sending debug or er ror messages to switch memor y .
C OMMAND L INE I NTERFACE 4-60 Example Related Commands log ging histor y (4-60) clear log ging (4-6 4) logging history This command limits syslog messages sav ed to switch memory based on severity . The no for m returns the log ging of syslog messages to the default level.
S YSTEM M ANAGEMENT C OMMANDS 4-61 Default Setting Flash: er rors (level 3 - 0) RAM: warnings (level 7 - 0) Command Mode Global Configuration Command Usage The me ssage level specified for f lash memor y must be a higher priority (i.e., numerically low er) than that specifie d for RAM.
C OMMAND L INE I NTERFACE 4-62 Command Usage • By using this command more than once you can build up a list of host IP addresses. • The maximum numbe r of host IP addresses allowed is five. Example logging facility This command sets the facili ty type fo r remote log ging of syslog messages .
S YSTEM M ANAGEMENT C OMMANDS 4-63 logging trap This command enables the log ging of system messages to a remote ser ver , or limits the syslog messages sav ed to a remote ser ver based on seve rity . Use this command withou t a specified le vel to enable remote log ging .
C OMMAND L INE I NTERFACE 4-64 clear logging This command c lears messages from the log buffer . Syntax clear log ging [ fla s h | ram ] - flash - Event history stored in fl ash memory (i.e., permanent memory). - ram - Event history stored in temporary RAM (i .
S YSTEM M ANAGEMENT C OMMANDS 4-65 - sendmail - Displays settings for the SMTP event handl er (page 4-71). - trap - Displays settings for the trap function. Default Setting None Command Mode Privileged Exec Example The following example shows that system logg ing is enabled, the message level for flash memor y is “er rors” (i.
C OMMAND L INE I NTERFACE 4-66 The following example displays se ttings for the trap f unction. Related Commands show log ging sendmail (4-71) show log This command disp lays the system a nd event me ssag es stored in mem or y . Syntax show log { fla sh | ram } [ login ] [ tail ] - flash - Event history stored in fl ash memory (i.
S YSTEM M ANAGEMENT C OMMANDS 4-67 - tail - Shows event history starting from the most recent entry. - login - Shows the login record only. Default Setting None Command Mode Privileged Exec Command Us.
C OMMAND L INE I NTERFACE 4-68 SMTP Alert Commands These commands config ure SMTP event handling, and forwarding of alert messages to the specified SMTP ser vers and email recipients . logging sendmail host This command specifies SMTP ser vers that will be sent aler t messages .
S YSTEM M ANAGEMENT C OMMANDS 4-69 • To send email alerts, the switch fi rst opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection.
C OMMAND L INE I NTERFACE 4-70 logging sendmail source-email This command sets the email address used for the “From” fi eld in alert messages. Use the no for m to delete the source email ad dress . Syntax [no] log ging sendmail source-e mail email-address email-address - The source email address used in alert messag es.
S YSTEM M ANAGEMENT C OMMANDS 4-71 Command Mode Global Configuration Command Usage Y ou can specify up to fi ve recipients for al er t messages . Howev er, y ou must enter a separate command to spe cify each recipient. Example logging sendmail This command e nables SMTP event handling .
C OMMAND L INE I NTERFACE 4-72 Example Time Commands The system clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP). Maintaining an accurate time o n the switch enables the s ystem log to record meani ngful dates and times for event entries .
S YSTEM M ANAGEMENT C OMMANDS 4-73 sntp client This co mmand enables SNT P client requests for time synchronization from NTP or SNTP time se rvers specifi ed with the sntp ser vers command.
C OMMAND L INE I NTERFACE 4-74 sntp server This command sets the IP address of the ser ver s to which SNTP time requests are issued. Use the this comm and with no arguments to clear al l time ser vers from the current list. Syntax sntp ser ver [ ip1 [ ip2 [ ip3 ]]] ip - I P a d d r e s s o f a n t i m e s e rv e r ( N T P o r SN T P ) .
S YSTEM M ANAGEMENT C OMMANDS 4-75 sntp poll This command sets the inter v al betw een sending time requests when the switch is set to SNTP client mode. Use the no for m to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Inter val betw een time requests.
C OMMAND L INE I NTERFACE 4-76 Example clock timezone This command sets the ti me zone for the switch’ s internal cloc k. Syntax clock timezone name hour hours minute minutes { befor e-utc | after-utc } • name - Name of timezone, usually an acronym.
S YSTEM M ANAGEMENT C OMMANDS 4-77 Example Related Commands show sntp (4-75) calendar set This command sets the sy stem clock. It may be used if there is no time ser ver on your netw ork, or if you ha ve not configured the switch to receive signals from a time server .
C OMMAND L INE I NTERFACE 4-78 show calendar This command displa ys the system clock. Default Setting None Command Mode Nor mal Exec , Privileged Exec Example System Status Commands Console#show calen.
S YSTEM M ANAGEMENT C OMMANDS 4-79 light unit This command di splays the unit ID of a switc h using its front-panel LED indicators . Syntax light unit [ unit ] - unit - specifies a unit in a switch st.
C OMMAND L INE I NTERFACE 4-80 • This command displays settings for key com mand modes. Each mode group is separated by “!” symbols, and includ es the configuration mode command, and corresponding commands.
S YSTEM M ANAGEMENT C OMMANDS 4-81 Example Related Commands show running-config (4-82) Console#show startup-config building startup-config, please wait.
C OMMAND L INE I NTERFACE 4-82 show running-config This comm and displays the configur ation infor mation cur rently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use thi.
S YSTEM M ANAGEMENT C OMMANDS 4-83 Example Console#show running-config building running-config, please wait... .. ! phymap 5a-a5-aa-55-44-32 00-00-00-00-00 -00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00- 00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.
C OMMAND L INE I NTERFACE 4-84 Related Commands show startup-config (4-79) show system This command di splays system infor mation. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage • For a description of the items sh own by this command, refer to “Displaying System Info rmation” on page -11.
S YSTEM M ANAGEMENT C OMMANDS 4-85 Example show users Shows all activ e consol e and T elnet sessions, including user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.
C OMMAND L INE I NTERFACE 4-86 Example show version This com mand displays hardware and soft ware version infor mation for the system. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage See “Displaying Switch Hardware/S oftware V ersions” on page 3-13 for detailed infor mation on the items displayed by this command.
S YSTEM M ANAGEMENT C OMMANDS 4-87 Example Frame Size Commands jumbo fram e This command enables support for jumbo frames . Use the no for m to disable it.
C OMMAND L INE I NTERFACE 4-88 using jumbo frames significantly reduce s the per-packet overhead required to process protoc ol encapsulation fields. • To use jumbo frames, both the so urce and destination end nodes (such as a computer or server) must support this feature.
F LASH /F ILE C OMMANDS 4-89 copy This comm and moves (upload/download ) a code image or configuration file between the switc h’ s flash memor y and a TFTP ser ver . When you sa ve the system code or configuration settin gs to a file on a TFTP ser ver , that file can later be downloaded to the sw itch to restore system operation.
C OMMAND L INE I NTERFACE 4-90 • The destination file name should not contain slashes ( or /), the leading letter of the file name s hould not be a period (.), and the maximum length for file names on th e TFTP server is 127 characters or 31 characters for files on the switch .
F LASH /F ILE C OMMANDS 4-91 The foll owing example shows how to c opy the running configuration to a startup file. The following example shows how to download a configuration file: This example sho ws how to copy a secu re-site cer tificate from an TFTP ser ver .
C OMMAND L INE I NTERFACE 4-92 delete This command de letes a file or image. Syntax delete [ unit :] filename filename - Name of the configuration file or image name. unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted.
F LASH /F ILE C OMMANDS 4-93 - boot-rom - Boot R OM (or diagnostic) image file. - config - Switch configuration file. - opcode - Run-time operati on code image file.
C OMMAND L INE I NTERFACE 4-94 whichboot This command displays which files were booted when the system pow ered up . Syntax whichboot [ unit ] unit - Specifies the unit number . Default Setting None Command Mode Privileged Exec Example This example shows the information displa yed by the whichboot command.
A UTHENTICATION C OMMANDS 4-95 - unit * - Specifies the unit number. * The colon (:) is required. Default Setting None Command Mode Global Configuration Command Usage • A colon (:) is required after the specified file type. • If the file contains an error, it cannot be set as the default file.
C OMMAND L INE I NTERFACE 4-96 Authentication Sequence authentication login This command defines the login authentication method and precedence . Use the no for m to restore the default. Syntax authentication login {[ local ] [ radius ] [ tacacs ]} no authentication login • local - Use local password.
A UTHENTICATION C OMMANDS 4-97 access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair.
C OMMAND L INE I NTERFACE 4-98 Command Mode Global Configuration Command Usage • RADIUS uses UDP while T A CA CS+ us es TCP . UDP only offers best effort delivery , while TCP offers a connection-oriented transpor t.
A UTHENTICATION C OMMANDS 4-99 RADIUS Client Re mote Authentication Dial-in User Ser vice (RADIUS) is a log on authentication protocol that uses soft w are r unning on a central ser ver to control access to RADIUS-aware devices on the netw ork.
C OMMAND L INE I NTERFACE 4-100 • port_number - RAD IU S se r ver UDP port used for authentication messages. (Range: 1-65535) • timeout - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) • retransmit - Number of times the switch will try to authenticate logon access via the RADIUS server.
A UTHENTICATION C OMMANDS 4-101 Example radius-server key This command sets the RADIUS encryption key . Use the no for m to restore the default. Syntax radius-ser ver key key _s t r i ng no radius-ser ver key key _s t r i n g - Encr yption key used to au thenticate logon access for client.
C OMMAND L INE I NTERFACE 4-102 Command Mode Global Configuration Example radius-server timeout This command sets the inter v al be tween transmitting authentication requests to t he RADIUS ser ver .
A UTHENTICATION C OMMANDS 4-103 Example TACACS+ Client T er minal Access Controller Access Control System (TA CA CS+) is a log on authentication protocol that uses soft w are r unning on a central ser ver to control access to T ACA CS-aw are devices on the network.
C OMMAND L INE I NTERFACE 4-104 tacacs-server host This command spec ifies the T ACA CS+ server . Use the no fo r m t o r e s t o r e the default. Syntax tacacs-ser ver host host_ip_address no tacacs-ser ver host host_ip_address - IP addres s of a TA CA CS+ ser ver .
A UTHENTICATION C OMMANDS 4-105 Example tacacs-server key This command sets the T ACA CS+ encryption key . Use the no for m to restore the default. Syntax tacacs-ser ver key ke y _ s tr i n g no ta cacs-server k ey key _s t r i n g - Encr yption key used to au thenticate logon access for the client.
C OMMAND L INE I NTERFACE 4-106 Example Port Security Commands These commands can be used to enable por t security on a port. W hen using port security , the switch stops learning new MA C addresses on the specified port when it has reached a configur ed maximum n umber .
A UTHENTICATION C OMMANDS 4-107 port security This command enables or configur es por t security . Use the no form without any keyw ords to disable port security . Use the no for m with the appropriate keyw ord to restore the default settings for a response to security violation or for the maxi mum nu m ber of allow e d addresses .
C OMMAND L INE I NTERFACE 4-108 • You can also manually add secure addresses with the mac-address-table static command. • A secure port has the following restrictions: - Cannot use port monitoring. - Cannot be a multi-VLAN port. - Cannot be connected to a ne twork interconne ction device.
A UTHENTICATION C OMMANDS 4-109 dot1x system-auth-control This command enables 802.1X por t auth entication globally on the switch. Use the no form to restore the default.
C OMMAND L INE I NTERFACE 4-110 Command Mode Global Configuration Example dot1x default This command sets all configurable do t1x global and port settings to their default values .
A UTHENTICATION C OMMANDS 4-111 Example dot1x port-control This command sets the dot1x mode on a port interface. Use t he no for m to restore the default. Syntax dot1x por t-control { auto | force-authorized | force-unauthorized } no dot1x por t-control • auto – Requires a dot1x-awar e connecte d client to be authorized by the RADIUS server.
C OMMAND L INE I NTERFACE 4-112 dot1x operation-mode This command allows single or multiple hosts (cli ents) to connect to an 802.1X-authorized port. Use the no for m with no keyw ords to restore the default to single host. Use the no f or m with the mult i-host max-count keyw ords to restore the default maximum count.
A UTHENTICATION C OMMANDS 4-113 dot1x re-authenticate This comm and forces re-a uthentication on all por ts or a specific interface. Syntax dot1x re-authenticate [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number.
C OMMAND L INE I NTERFACE 4-114 dot1x timeout quiet-period This co mmand sets the time that a swit ch port waits after the M ax Request Count has been exceeded before attemp ting to acquire a new client. Use the no for m to reset the default. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period seconds - T he number of seconds .
A UTHENTICATION C OMMANDS 4-115 Example dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-tra nsmi tting an EAP packet. Use the no for m to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - T he number of seconds .
C OMMAND L INE I NTERFACE 4-116 Command Mode Privileged Exec Command Usage This command displays the following infor mation: • Global 802.1X Parameters – Shows whether or not 802.
A UTHENTICATION C OMMANDS 4-117 - Max Count – The maximum number of hosts allowed to access this port (page 4-112). - Port-control – Shows the dot1x mode on a port as auto , force-authorized, or fo rce-unauthori zed (page 4-111). - Supplicant – MAC addre ss of authorized client.
C OMMAND L INE I NTERFACE 4-118 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes .
A CCESS C ONTR OL L IST C OMMANDS 4-119 Access Control List Commands Access Control Lists (A CL) provide packet filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control co de) or any frames (based on MA C address or Ether net type).
C OMMAND L INE I NTERFACE 4-120 • This switch supports ACLs for ingres s filtering only. However, you can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering. In other words, only two ACLs can be bound to an interface - Ingress IP ACL and Ingress MAC ACL.
A CCESS C ONTR OL L IST C OMMANDS 4-121 access-list ip This command adds an IP access list and enters configurat ion mode for standard or extend ed IP A CLs .
C OMMAND L INE I NTERFACE 4-122 Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To cr eate an ACL, you must add at least one rule to the list.
A CCESS C ONTR OL L IST C OMMANDS 4-123 Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing f our integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.
C OMMAND L INE I NTERFACE 4-124 [ precedence pr eced ence ] [ tos tos ] [ dscp dscp ] [ source-por t spo rt [ end ]] [ destination-por t dpo rt [ end ]] [ control-flag control-flags flag-bitmask ] • protocol-number – A specific protocol number. (Range: 0-255) • source – Source IP address.
A CCESS C ONTR OL L IST C OMMANDS 4-125 • The control-code bitmask is a decimal number (representing an equivalent bit mask) th at is applied to the control code. Enter a decimal number, where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit.
C OMMAND L INE I NTERFACE 4-126 Related Commands access-list ip (4-121 ) show ip access-list This comm and displays the r u les for configured IP A CLs. Syntax show ip access-list { standard | extended } [ acl_name ] • standard – Specifies a standard IP ACL.
A CCESS C ONTR OL L IST C OMMANDS 4-127 Command Mode Interface Configuration (Ethernet) Command Usage • A port can only be bound to one ACL. • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one.
C OMMAND L INE I NTERFACE 4-128 map access-list ip This command sets the output queue for pac kets matching an A CL r ule. The speci fied CoS value is only used to map the matching packet to an output queue; it is not writte n to the pac ket itself. Use the no for m to remov e the CoS mapping .
A CCESS C ONTR OL L IST C OMMANDS 4-129 show map access-list ip This command sho ws the CoS valu e mapped to an IP A CL for the cur rent interface. ( T he CoS value determines the output queue for pac kets matching an A CL r ule.) Syntax show map access-list ip [ interface ] interface • ethernet unit / port - unit - This is device 1.
C OMMAND L INE I NTERFACE 4-130 MAC ACLs access-list mac This command adds a MA C access list and ent ers MAC A CL configuration mode. Use the no form to remov e the specified A CL. Syntax [ no ] access-list mac acl_name acl_name – Name of the A CL.
A CCESS C ONTR OL L IST C OMMANDS 4-131 Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To cr eate an ACL, you must add at least one rule to the list.
C OMMAND L INE I NTERFACE 4-132 • address- bitmask 2 – Bitmask for MAC address (in hexidecim al format). • vid – VLAN ID. (Range: 1-4094) • vid-end – Upper bound of VID range. (R ange: 1-4094) • protocol – A specific Ethernet protocol number.
A CCESS C ONTR OL L IST C OMMANDS 4-133 show mac access-list This comm and displays the r u les for configured MAC A CLs. Syntax show mac access-list [ acl _ name ] acl_name – Name of the A CL.
C OMMAND L INE I NTERFACE 4-134 Command Usage • A port can only be bound to one ACL. • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. Example Related Commands show mac access-list (4-133) show mac access-group This command shows the ports assigned to MAC ACLs.
A CCESS C ONTR OL L IST C OMMANDS 4-135 Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS values to the rule. • A packet matching a rule within the specified ACL is mapped to one of the output queues as shown below.
C OMMAND L INE I NTERFACE 4-136 Command Mode Privileged Exec Example Related Commands map access-list mac (4-134) ACL Information show access-list This command shows all A CLs and asso ciated r ules , as well as all the user -defined masks . Command Mode Privileged Exec Command Usage Once the A C L is bound to an interfac e (i.
A CCESS C ONTR OL L IST C OMMANDS 4-137 Example show access-group This command shows the port assignments of A CLs . Command Mode Pr ivi le g ed Exe cu tive Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.
C OMMAND L INE I NTERFACE 4-138 SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protoc ol (SNMP), as well as the er ror ty pes sent to trap manag ers . snmp-server community This command defines the comm unity access string for the Simple Network Management Protocol.
SNMP C OMMANDS 4-139 • rw - Specifies read/write access. Au thorized management stations are able to both retrieve and modify MIB objects. Default Setting • public - Read-only access. Authoriz ed management st ations ar e only able to retrieve MIB objects.
C OMMAND L INE I NTERFACE 4-140 Example Related Commands snmp-ser ver location (4-140) snmp-server location This command sets the system location string . Use the no f or m to re m ove the location string . Syntax snmp-ser ver location text no snmp-server location text - String that describe s the system location.
SNMP C OMMANDS 4-141 snmp-server host This command specifie s the recipien t of a Simple Netw ork Management Protocol notificati on operation. Use the no form to re mov e the spec ified host.
C OMMAND L INE I NTERFACE 4-142 enable tra ps command and the snmp-serve r host command for that host must be enabled. • Some notification types cannot be controlled with the snmp-server enable traps command. For example, so me notification types are always enabled.
SNMP C OMMANDS 4-143 Command Usage • If you do not enter an snmp-s erver enable traps command, no notifications controlle d by this command are sent. In order to configure this device to send SNMP notifications, you must enter at least one snmp-server enable t raps command.
C OMMAND L INE I NTERFACE 4-144 Example Console#show snmp System Contact: Joe System Location: Room 23 SNMP traps: Authentication: enabled Link-up-down: enabled SNMP communities: 1.
I NTERFACE C OMMANDS 4-145 Interface Commands These commands are used to display or set communication parameters for an Ethernet por t, ag g reg ated link, or VLAN .
C OMMAND L INE I NTERFACE 4-146 interface This command c onfigures an interface type and enter interface configuration mode. Use the no for m to remov e a tr unk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit / port - unit - Stack unit.
4-147 Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 24. speed-duplex This command configures the speed an d duplex mode of a given interface when autoneg otiation is disabled. Use the no for m to restore the default.
C OMMAND L INE I NTERFACE 4-148 • When using the negotiation command to enable auto-negotiation, the optimal settings will be de termined by the capabilities command. To set the speed/duplex mod e under auto-negotiation, the required mode must be specified in the capabilities list for an interface.
4-149 Example The following example configures por t 11 to use autoneg otiation. Related Commands capabilities (4 -149) speed-duplex (4 -147) capabilities This command advertises the port capabilities of a giv en interface during autoneg otiation.
C OMMAND L INE I NTERFACE 4-150 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When auto-neg otiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command.
4-151 Command Usage • Flow control can eliminate frame loss by “blocking” traffi c from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pres sure is used for half-duplex operation and IEEE 802.
C OMMAND L INE I NTERFACE 4-152 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disabl e a port due to abnor mal behavior (e.g ., excessi ve collisions), and then reenable it afte r the problem has been resolv ed.
4-153 Example The following shows ho w to config ure broadcast storm control at 600 packets per second: clear counters This command clear s statistics on an in terface. Syntax clear counter s interface interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-154 show interfaces status This command displays the status for an int erface. Syntax show interfaces s tatus [ interface ] interface - ethernet unit / port - unit - Stack unit.
4-155 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1 -26) • port-channel channel-id (Range: 1-4) Default Setting Shows the counters f or all interfaces .
C OMMAND L INE I NTERFACE 4-156 Command Usage If no interface is specified, inform ation on all interfaces is displayed. F or a description of the items displayed by this comma nd, see “Showing P ort Statistics” on pag e 3-115.
4-157 show interfaces switchport This comm and displays the administra tive and operational status of the specified interfaces. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number.
C OMMAND L INE I NTERFACE 4-158 Table 4-41 Interfaces Switchport Statistics Field Description Broadcast threshold Shows if broadcast storm suppres sion is enabled or disabled; if enabled it also shows the th reshold level (page 4-152). Lacp status Shows if Link Aggregation Con trol Protocol has been enabled or di sabled ( page 4-167).
M IR R OR P ORT C OMMANDS 4-159 Mirror Port Commands This section describes how to mir ror tr affic from a source port to a targ et port. port monitor This command configures a mir ror session.
C OMMAND L INE I NTERFACE 4-160 • The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port. • You can only create a single mirror session.
R ATE L IMIT C OMMANDS 4-161 Example The following shows mirroring configured from port 6 to port 11: Rate Limit Commands This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on an interface.
C OMMAND L INE I NTERFACE 4-162 rate-limit Use this command to define the rate lim it le vel for a specific interf ace. Use this command without spec ifying a rate to restore the default rate limit level. Use the no form to restore the default status of disabled.
R ATE L IMIT C OMMANDS 4-163 • fastether net – F a st Ethernet g ranularity • gigabit ether net – Gigabit Ether net granularity • granularity – Sets rate limit granularity for the system. For Fast Ethernet, choose 512 Kbps, 1 Mbps, or 3.3 Mbps.
C OMMAND L INE I NTERFACE 4-164 Example Link Aggregation Commands P or ts can be statically grouped into an ag g regate link (i.e., trunk) to increase the bandwidth of a netw or k connection or to ensure fault recov er y .
L INK A GG RE G A T I O N C OMMANDS 4-165 Guidelines for Creating Trunks General Guidelines – • Finish configuring port trunks be fore you connect the corresponding network cables between switch es to avoid creating a loop. • A trunk can have up to eight ports.
C OMMAND L INE I NTERFACE 4-166 • However, if the port channel admin ke y is set, then the port admin key must be set to the same value for a port to be allowed to join a channel group. • If a link goes down, LACP port priority is used to select the backup link.
L INK A GG RE G A T I O N C OMMANDS 4-167 lacp This command enables 802.3ad Link Ag g reg ation Control Protocol (LA CP) for the cur rent interface. Use the no for m to disab le it.
C OMMAND L INE I NTERFACE 4-168 Example The following shows LA CP enabled on ports 11-13. Because LA CP has also been enabled on the ports at the other end of the links , the sho w interfaces status por t-channel 1 command shows that T r unk 1 has been established.
L INK A GG RE G A T I O N C OMMANDS 4-169 • priority - This priority is used to determine link aggregation group (LAG) members hip, and to identify this device to other switches during LAG negotiations.
C OMMAND L INE I NTERFACE 4-170 lacp admin-key (Ethernet Interface) This command configures a por t's LA CP administration key . Use the no for m to restore the default setting . Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-key • actor - The local side an aggregate link.
L INK A GG RE G A T I O N C OMMANDS 4-171 lacp admin-key (Port Channel) This command configures a port ch annel's LA CP administration key string .
C OMMAND L INE I NTERFACE 4-172 lacp port-priority This command configur es LA CP por t priority . Use t he no fo r m to res tor e the default setting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | partner } por t-priority • actor - The local side an aggregate link.
L INK A GG RE G A T I O N C OMMANDS 4-173 show lacp This command di splays LA CP infor mation. Syntax show lacp [ port-channel ] { counter s | inter nal | neighbors | sysid } • port-channel - Local identifier for a link aggregation group. (Range: 1-4) • counters - Statistics for LACP protocol messages.
C OMMAND L INE I NTERFACE 4-174 Table 4-45 show lacp counters - display description Field Description LACPDUs Sent Number of valid LACPDUs trans mitted from this channel group. LACPDUs Received Number of valid LACPDUs recei ved on this channe l group.
L INK A GG RE G A T I O N C OMMANDS 4-175 Console#show lacp 1 internal Channel group : 1 --------------------------------------- ---------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 -------.
C OMMAND L INE I NTERFACE 4-176 Admin State, Oper State Administrati ve or operational values of th e actor’s state parameters: • Expired – The actor’s receive ma chine is in the expired state; • Defaulted – The actor’s rec eive machine is using defa ulted operational partner informat ion, administratively confi gured for the partner.
L INK A GG RE G A T I O N C OMMANDS 4-177 Console#show lacp 1 neighbors Channel group 1 neighbors --------------------------------------- ---------------------------- Eth 1/1 -------------------------.
C OMMAND L INE I NTERFACE 4-178 Address Table Commands These commands are use d to config ure the address table for filtering specified addresses, displa y ing curre nt en tries, clearing the table , or setting the aging time.
A DDR ESS T ABLE C OMMANDS 4-179 mac-address-table static This command maps a static address to a destination por t in a VLAN . Use the no for m to remove an address . Syntax mac-address-table static mac-address interface inter face vlan vlan-i d [ action ] no mac-address-table static mac-address vlan vlan-id • mac-address - MAC address.
C OMMAND L INE I NTERFACE 4-180 • A static address cannot be learned on another port until the address is removed with the no form of this command. Example clear mac-address-table dynamic This comm .
A DDR ESS T ABLE C OMMANDS 4-181 show mac-address-table This command shows classes of entrie s in the bridge-forwarding database. Syntax show mac-address-table [ address mac-address [ mask ]] [ int erface interface ] [ vlan vlan-id ] [ sor t { address | vlan | interfa ce }] • mac-address - MAC address.
C OMMAND L INE I NTERFACE 4-182 Example mac-address-table aging-time This command sets the agi ng time for entries in the addr ess table. Use the no for m to restore the defa ult aging time. Syntax mac-address-table aging-time seconds no mac-address-table aging-time seconds - Aging time.
S PANNING T RE E C OMMANDS 4-183 Command Mode Privileged Exec Example Spanning Tree Commands This section i ncludes commands th at configure the Spanning T ree Alg orithm (ST A) globally for the switch, and commands that configure ST A for the selected interface.
C OMMAND L INE I NTERFACE 4-184 spanning-tree This command enables the Spanning T ree Algorithm globally for the switch. Use the no form to disable it.
S PANNING T RE E C OMMANDS 4-185 Example This example shows ho w to enable the Spanning T ree Alg orithm for the switch: spanning-tree mode This command selects the spanning tr ee mode for this swit ch. Use the no for m to restore the default. Syntax spanning-tree mode { stp | rstp } no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.
C OMMAND L INE I NTERFACE 4-186 RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives an RSTP BPDU after the migr ation delay expires, RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port.
S PANNING T RE E C OMMANDS 4-187 spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to re store the default. Syntax spanning-tree hello-time time no spanning-tree hello-tim e time - Time in seconds .
C OMMAND L INE I NTERFACE 4-188 Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) a device can w ait without receiving a configuration message before attempting to reconfigure. All device ports (ex c e pt for designated ports) should receiv e configuration messages at regu lar inter vals .
S PANNING T RE E C OMMANDS 4-189 Command Usage Bridge priority is used in sel ect ing the root device, root port, and designated port. The device with the highest priority becomes the ST A root device. Ho wever, if all devices ha ve the same priority , the device with the lo west MA C address will t hen become the root device .
C OMMAND L INE I NTERFACE 4-190 spanning-tree transmission-limit This command configur es the minimu m interval between the transmission of consecuti ve RSTP BPDUs . Use the no for m to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds .
S PANNING T RE E C OMMANDS 4-191 Default Setting • Ethernet – half duplex: 2,000 ,000; full duplex: 1,000,000; trunk: 500,000 • Fast Ethernet – half dupl ex: 200,000; full duplex: 100,000; tru.
C OMMAND L INE I NTERFACE 4-192 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command defines the priority for the use of a port in the Spanning Tree Algorithm.
S PANNING T RE E C OMMANDS 4-193 of frame flooding required to re build address ta bles during reconfiguration events, does not caus e the spanning tree to initiate reconfiguration when the interface changes state, and also overcom es other STA-related timeout problems .
C OMMAND L INE I NTERFACE 4-194 forwarding should only be enab led for ports connected to a LAN segment that is at the end of a bridged LAN or for an end-node device.) • This command is the same as spanning-tree edge-port , and is only included for backward compatibility with earlier products.
S PANNING T RE E C OMMANDS 4-195 Command Usage • Specify a point-to-point link if th e interface can only be connecte d to exactly one other br idge, or a shared link if it can be connected to two or more bridges. • When automatic detection is selected , the swit ch derives the link type from the duplex mode.
C OMMAND L INE I NTERFACE 4-196 Example show spanning-tree This command shows the configuration for the spanning tree . Syntax show spanning-tree [ inte rface ] • interface - ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number.
S PANNING T RE E C OMMANDS 4-197 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode: RSTP Spanning tree enabled/disabled: enab led Priority: 4096 0 Bridge Hello Time (sec.
C OMMAND L INE I NTERFACE 4-198 VLAN Commands A VLAN is a g roup of ports that can be located anywhe re in the network, but communicate as though they bel ong to the same physical segment.
VLAN C OMMANDS 4-199 Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configurat ion cha nges, you can display the VLAN settings by entering the show vlan command.
C OMMAND L INE I NTERFACE 4-200 • state - Keyword to be followed by the VLAN state. - active - VLAN is operational. - suspend - VLAN is suspended. Suspended VLANs do not pass packets. Default Setting By default only VLAN 1 exists and is active . Command Mode VLAN Database Configuration Command Usage • no vlan vlan-id deletes the VLAN.
VLAN C OMMANDS 4-201 Configuring VLAN Interfaces interface vlan This comm and enters inte rface configuration mode for VLANs, whic h is used to configure VLAN parame ters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN .
C OMMAND L INE I NTERFACE 4-202 Example The following example shows how to se t the interface conf iguration mode to VLAN 1, and then assign an IP address to the VLAN: Related Commands shutdown (4 -151) switchport mode This command configures the VLAN membership mode for a port .
VLAN C OMMANDS 4-203 Example The following shows how to set the configuration mode to por t 1, and then set the switchport mode to hy brid: Related Commands switchport acceptable-frame-types (4 -203) switchport acceptable-frame-types This command configures the acce ptab le frame types for a port.
C OMMAND L INE I NTERFACE 4-204 Related Commands switchport mode (4 -202) switchport ingress-filtering This comm and enables ing ress filtering for an inte rface.
VLAN C OMMANDS 4-205 switchport native vlan This command configures the PVID (i.e ., default VLAN ID) for a port. Use the no for m to restore the default. Syntax switchport nativ e vlan vlan- id no switchport nativ e vlan vlan-id - Default VLAN ID for a port.
C OMMAND L INE I NTERFACE 4-206 switchport allowed vlan This command configur es VLAN g rou ps on the selected interface. Use the no for m to restore the defa ult. Syntax switchport allowed vlan { add vlan-list [ tagged | untagged ] | remo ve vlan-list } no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add.
VLAN C OMMANDS 4-207 • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface.
C OMMAND L INE I NTERFACE 4-208 Example The following example shows ho w to prevent port 1 from being added to VLAN 3: Displaying VLAN Information show vlan This comm and shows VLAN infor mation. Syntax show vlan [ id vlan-id | name vlan- name | priv ate-vlan private-vl an-type ] • id - Keyword to be follo wed by the VLAN ID.
VLAN C OMMANDS 4-209 Example The following example shows ho w to display infor mation for VLAN 1: Configuring Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN . This switch suppor ts two types of pri vate VLAN ports: promiscuous, and comm unity port s .
C OMMAND L INE I NTERFACE 4-210 T o configure priv ate VLANs , follow these steps: 1. Use the priv ate-vlan command to designate one or more community VLANs and the primar y VLAN that will channel traffic outside the community groups. 2. Use the priv ate-vlan a ssociation command to map the secondar y (i.
VLAN C OMMANDS 4-211 VLANs , and ser ves to channel traffic betw een community VLANs and other locations. • isolated – Specifies an isolated VLAN. Ports assigned to an isolated VLAN can only commun icate with promiscuous ports within their own VLAN.
C OMMAND L INE I NTERFACE 4-212 • primar y-vlan-id - ID of primar y VLAN . (Range: 1-4094, no leading zeroes). • secondar y-vlan-id - ID of secondar y (i.e, comm unity) VLAN . (Range: 1-4094, no leading zeroes). Default Setting None Command Mode VLAN Configuration Command Usage Secondar y VLANs provide security fo r group members .
VLAN C OMMANDS 4-213 switchport mode private-vlan Use this command to set the pri vate VLAN mode for an interf ace. Use the no for m to restore the defa ult setting .
C OMMAND L INE I NTERFACE 4-214 switchport private-vl an host-association Use this command to associate an in terface wit h a secondar y V LAN . Use the no for m to remove t his association. Syntax switchport priv ate-vlan host-association second ar y-vlan-id no switchport priv ate-vlan host-association secondar y -vlan-id - ID of secondar y (i.
VLAN C OMMANDS 4-215 Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage Promiscuous ports assigned to a pr imar y VLAN can commu nicate with any other promiscuous ports in th e same VLAN , and with the gr oup members within any as sociated se condar y VLANs.
C OMMAND L INE I NTERFACE 4-216 Example GVRP and Bridge Extension Commands GARP VLAN Registrati on Protocol defines a way for switc hes to ex chang e VLAN infor mation in orde r to automatic ally registe r VLAN members on interfaces across the netw or k.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-217 bridge-ext gvrp This command enables GVRP globally for the switch. Use the no for m to disable it. Syntax [ no ] bridge-ext gvr p Default Setting Disabled C.
C OMMAND L INE I NTERFACE 4-218 Example switchport gvrp This co mmand enables GVR P for a por t. Use the no for m to disab le it. Syntax [ no ] s wi t ch p ort g vrp Default Setting Disabled Command M.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-219 show gvrp configuration This command shows if GVRP is e nabled. Syntax show gvrp configuration [ inter face ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-220 Default Setting • join: 20 centiseconds • leave: 60 centiseconds • leaveall: 1000 centiseconds Command Mode Interface Configuration (Ethernet, Port Channel) Comma.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-221 show garp timer This comm and shows the GARP timers for the selected interface. Syntax show gar p timer [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number.
C OMMAND L INE I NTERFACE 4-222 Priority Commands The com mands described in this section allow you to specify which data packets ha ve g reater precedence when tr affic is buffered in the switch due to congestion. T his switch supports CoS with four priority queues for each port.
P RIORITY C OMMANDS 4-223 queue mode This command sets the queue mode to strict pri ority or W eighted Round-R obin (WRR) for the class of se r vice (CoS) priority queues .
C OMMAND L INE I NTERFACE 4-224 Example The following ex ample sets the queue mode t o strict priority service mode: switchport priority default This command sets a priority for incoming untag ged frames. Use the no for m to restore the default value .
P RIORITY C OMMANDS 4-225 Therefore, any inbound fr ames that do not have priority tags will be placed in queue 0 of th e output port. (Note that if the output port is an untagged mem ber of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission.
C OMMAND L INE I NTERFACE 4-226 Related Commands show queue bandwidth (4 -227) queue cos-map This command assigns cl ass of ser vice (CoS) v alues to the priority qu eues (i.e., hardware output queues 0 - 3). Use the no for m set the CoS map to the defaul t values .
P RIORITY C OMMANDS 4-227 Example The fol lowing example shows ho w to map CoS v alue s 0, 1 and 2 to egre ss queue 0, value 3 to egress queue 1, values 4 and 5 to eg ress queue 2, and va lues 6 and 7 to eg ress queue 3: Related Commands show queue cos-map (4 -228) show queue mode This command show s the cur rent queue mod e.
C OMMAND L INE I NTERFACE 4-228 Command Mode Privileged Exec Example show queue cos-map This command shows the class of service priority map . Syntax show queue cos-map [ inter face ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number.
P RIORITY C OMMANDS 4-229 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP por t mapping (i.e., class of ser vice mapping for TCP/UDP sock ets).
C OMMAND L INE I NTERFACE 4-230 Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP P o rt, IP Preceden ce or IP DSCP , and default switchport priority .
P RIORITY C OMMANDS 4-231 Example The following example shows how to map HTTP traffic to CoS value 0: map ip precedence (Global Configuration) This command e nables IP precedence ma pping (i.e., IP T ype of Ser vice). Use the no form to disabl e IP precedence mapping .
C OMMAND L INE I NTERFACE 4-232 map ip precedence (Interface Configurat ion) This command sets IP prec edence priority (i.e ., IP T ype of Ser vice priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-va lue cos cos-value no map ip precedence • preceden ce-value - 3-bit precedence value .
P RIORITY C OMMANDS 4-233 map ip dscp (Global Configuration) This command e nables IP DSCP mapping (i.e ., Differentiate d Ser vices Code P oint mapping).
C OMMAND L INE I NTERFACE 4-234 Default Setting The DSCP default values are defined in the follo wing table. Note that all the DSCP values that are not specified are mapped to CoS value 0.
P RIORITY C OMMANDS 4-235 show map ip port Use this command to show the IP port priority map . Syntax show map ip port [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-236 show map ip precedence This co mmand shows the IP precedence priori ty map . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack unit.
P RIORITY C OMMANDS 4-237 show map ip dscp This command shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-238 Multicast Filtering Commands This switch uses IGMP (Interne t Gr oup Management Protocol) to quer y for any attac hed hosts that w ant to re ceive a spec ific multicast ser vice. It identifies the ports containing hosts requesting a ser vice and sends data out to those ports only .
M ULTICAST F ILTERING C OMMANDS 4-239 ip igmp snooping This command enables IGMP snooping on this switch. Us e the no for m to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping .
C OMMAND L INE I NTERFACE 4-240 Command Mode Global Configuration Example The following shows how to statica lly configure a multicast g roup on a port: ip igmp snooping version This command configures the IG MP snooping version. Use the no for m to restore the default.
M ULTICAST F ILTERING C OMMANDS 4-241 show ip igmp snooping This command shows the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping and Quer y P arameters” on pag e 4 -184 for a description of the displayed items .
C OMMAND L INE I NTERFACE 4-242 Command Mode Privileged Exec Command Usage Member types displayed includ e IGMP or USER, de pending on selected options.
M ULTICAST F ILTERING C OMMANDS 4-243 ip igmp snooping querier This command enables the switch as an IGMP querier . Use the no for m to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will ser ve as querier if elected.
C OMMAND L INE I NTERFACE 4-244 Command Usage The quer y count defines how long the querier waits for a response from a multicast client before taki ng action.
M ULTICAST F ILTERING C OMMANDS 4-245 ip igmp snooping query-max-response-time This command configur es the quer y repor t dela y . Use the no for m to restore the default. Syntax ip igmp snooping quer y-max-r esponse-time seconds no ip igmp snooping quer y-max-response-time seconds - The re por t delay adv er tised in IGMP queries .
C OMMAND L INE I NTERFACE 4-246 ip igmp snooping router-port-ex pire-time This command configur es the quer y timeout. Use the no for m to restore the default.
M ULTICAST F ILTERING C OMMANDS 4-247 Static Multicast Routing Commands ip igmp snooping vlan mrouter This comm and statically configures a multicast router port.
C OMMAND L INE I NTERFACE 4-248 Example The following shows how to configure port 11 as a multicast router port within VLAN 1: show ip igmp snooping mrouter This command di splays infor mati on on statically configured and dynamically lear ned multicast router por ts .
IP I NTERFACE C OMMANDS 4-249 IP Interface Commands An IP addresses ma y be used for ma nagem ent access to the switch ov er your netw ork. The IP address for this switch is obtained via DHCP b y default.
C OMMAND L INE I NTERFACE 4-250 Default Setting DHCP Command Mode Interface Configuration (VLAN) Command Usage • You must assign an I P address to this device to gain management access over the network. You can ma nually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.
IP I NTERFACE C OMMANDS 4-251 ip dhcp restart This comm and submits a BOOT P or DHCP clie nt request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command.
C OMMAND L INE I NTERFACE 4-252 ip default-gateway This command e stablishes a static ro ute between this switch and devices that exist on another network segment.
IP I NTERFACE C OMMANDS 4-253 Example Related Commands show ip redirects (4 -253) show ip redirects This command shows the default gateway confi gured for this device .
C OMMAND L INE I NTERFACE 4-254 Default Setting This command has no default for the host. Command Mode Nor mal Exec , Privileged Exec Command Usage • Use the ping command to see if another s i te on the network can be reached.
A-1 A PPENDI X A S OFTWARE S PECIFICATIONS Software Features Authentication Local, RADIUS , TA CA CS , Port (802. 1X), HTTPS , SSH, P or t Security Access Control Lists IP , MA C (up to 88 lists) DHCP Client Port Configuration 100B ASE-TX: 10/100 Mbps , half/full duplex 1000B ASE- T : 1000 Mbps, full duplex Flo w Co ntro l Full Duplex: IEEE 802.
S OFTWARE S PECIFICATIONS A-2 Spanning T ree Pr otocol Spanning T ree Protocol (STP , IEEE 802.1D) Rapid Spanning T ree Prot ocol (RSTP , IEEE 802.1w) VLAN Suppor t Up to 255 groups; por t-based or tag g ed (802.
S OFTWARE S PECIFICATIONS A-3 RMON Groups 1, 2, 3, 9 (Statistics , Histor y , Alar m, Event) Standards IEEE 802.1D Spanning T ree Pr otocol and traffic priorities IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Spanning T ree Protocol IEEE 802.
S OFTWARE S PECIFICATIONS A-4 Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-lik e MIB (R FC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) .
B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connec t using Telnet, web browser, or SNMP software • Be sure the switch is powered up . • Chec k network cabling between the m anagement statio n and the switch.
T R OUBLESHOOTING B-2 Cannot connec t using Secure Shell • If you cannot conn ect using SSH, you may have exce eded the maximum number of concurrent Te lnet/SSH sessions permitted.
U SING S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem y ou encountered is actually caused by the swi tch. If the problem appears to be caused b y the switch, follo w these ste ps: 1.
T R OUBLESHOOTING B-4.
Glossary-1 G LOSSARY Access Control List (ACL) A CLs can limit network traffic and re strict access to certain users or devices by c hecking each pack et for certain IP or MAC (i.
G LOSSAR Y Glossary-2 Dynamic Host Control Protocol (DHCP) Provides a framew ork for passing conf iguration infor mation to hosts on a TCP/IP netwo rk. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allo cation of reusable ne tw ork add resses and additional configuration options .
G LOSSAR Y Glossary-3 IEEE 802.1D Specifies a general method for the operation of MA C bridg es , including the Spanning T ree Protocol. IEEE 802.1Q VLAN T ag ging—Defines Ethernet frame tags which carr y VLAN infor mation.
G LOSSAR Y Glossary-4 IGMP Query On each subnetw ork, one IGMP-capable devi ce will act as the querier — that is , the device that asks all hosts to repor t on the IP multicast g roups they wish to join or to which they already belong . The elec ted querier will be the device with the lo west IP address in the subnetw ork.
G LOSSAR Y Glossary-5 Link Aggregation See Port T r unk. Link Ag g regation Contr ol Protocol (LAC P) Allows ports to automatically negotiate a tr unked link with LA CP-configured por ts on another device. Management Infor mation Base (MIB) An acronym for Management Infor mati on Base.
G LOSSAR Y Glossary-6 Port Mirroring A method whereby data on a targ et por t is mirrored to a monitor port for troubleshooting with a logi c analyzer or RMON probe .
G LOSSAR Y Glossary-7 Simple Network Management Protocol (SNMP) The application protocol in the Intern et suite of protocols which offers network management services. Simple Network Ti me Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Netw ork Time Protocol (NTP) ser ver .
G LOSSAR Y Glossary-8 User Datagram Protocol (UDP) UDP provides a dat a gram mode for pa cket-s witched communications . It uses IP as the underlying transpor t mechanism to pro vide access to IP-like ser vices . UDP packets are deli vered ju st like IP pac kets – connection-less datag rams that may be discarded before reaching their targets .
Index-1 Numerics 802.1X, port authentication 3-66 A acceptable fr ame type 3-156 , 4-203 Access Cont rol List See ACL ACL Extend ed IP 3-78 , 4-119 , 4-120 , 4-123 MAC 3-79 , 4-119 , 4-130 , 4-130 –.
I NDEX Index-2 G GARP VLAN Regist ration Protocol See GVRP gateway, default 3-18 , 4-252 GVRP global setting 4-217 interface configuration 3-15 7 , 4-218 GVRP, global se tting 3-14 7 H hardware version, displaying 3-13 , 4-86 HTTPS 3-54 , 4-43 HTTPS, secure server 3-54 , 4-43 I IEEE 802.
I NDEX Index-3 path cost 3-128 , 3-137 method 3-13 3 , 4-189 STA 3-128 , 3-137 , 4-189 port authentication 3-66 port priority configuring 3-168 , 4-222 default ingress 3-168 , 4-224 STA 3-137 , 4-191 .
I NDEX Index-4 STA 3-125 , 4-183 edge port 3-138 , 3-141 , 4-192 global settings, configuring 3-131 , 4-184 – 4-190 global settings, displaying 3-127 , 4-196 interface settings 3-135 , 4 -190 – 4-.
.
38 T esla Irvine, CA 92618 Phone: (949) 679-8 000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. and Canada (2 4 hours a day , 7 days a week) (800) SMC-4-Y OU; Phn: (949) 679 -8000; Fax: (949) 679-1481 From Europe: Contact details can be found on www .smc-europe.
Ein wichtiger Punkt beim Kauf des Geräts SMC Networks TigerSwitch (oder sogar vor seinem Kauf) ist das durchlesen seiner Bedienungsanleitung. Dies sollten wir wegen ein paar einfacher Gründe machen:
Wenn Sie SMC Networks TigerSwitch noch nicht gekauft haben, ist jetzt ein guter Moment, um sich mit den grundliegenden Daten des Produkts bekannt zu machen. Schauen Sie zuerst die ersten Seiten der Anleitung durch, die Sie oben finden. Dort finden Sie die wichtigsten technischen Daten für SMC Networks TigerSwitch - auf diese Weise prüfen Sie, ob das Gerät Ihren Wünschen entspricht. Wenn Sie tiefer in die Benutzeranleitung von SMC Networks TigerSwitch reinschauen, lernen Sie alle zugänglichen Produktfunktionen kennen, sowie erhalten Informationen über die Nutzung. Die Informationen, die Sie über SMC Networks TigerSwitch erhalten, werden Ihnen bestimmt bei der Kaufentscheidung helfen.
Wenn Sie aber schon SMC Networks TigerSwitch besitzen, und noch keine Gelegenheit dazu hatten, die Bedienungsanleitung zu lesen, sollten Sie es aufgrund der oben beschriebenen Gründe machen. Sie erfahren dann, ob Sie die zugänglichen Funktionen richtig genutzt haben, aber auch, ob Sie keine Fehler begangen haben, die den Nutzungszeitraum von SMC Networks TigerSwitch verkürzen könnten.
Jedoch ist die eine der wichtigsten Rollen, die eine Bedienungsanleitung für den Nutzer spielt, die Hilfe bei der Lösung von Problemen mit SMC Networks TigerSwitch. Sie finden dort fast immer Troubleshooting, also die am häufigsten auftauchenden Störungen und Mängel bei SMC Networks TigerSwitch gemeinsam mit Hinweisen bezüglich der Arten ihrer Lösung. Sogar wenn es Ihnen nicht gelingen sollte das Problem alleine zu bewältigen, die Anleitung zeigt Ihnen die weitere Vorgehensweise – den Kontakt zur Kundenberatung oder dem naheliegenden Service.