Instruction/ maintenance manual of the product OmniStack 6300-24 Alcatel
Go to page of 462
Part No. 060191-10, Rev. B April 2 0 04 Omn i S t a c k ® 6300-24 Use r s Guide.
An Alca tel service ag reemen t brings you r company the as suranc e of 7x24 no-ex cuses technical suppo rt. You’ll also r eceive regular softwar e updates to main tain and maximize your Alcatel product’s features and functionality and on-site hardwar e replac ement throug h our globa l network of highly qualified s ervice deliv ery part ners.
Wa rni ng This equipmen t has been te s te d and found to comply with the limits for Class A digital device pur suant to Part 15 of the FCC R ules. T hese limits are designe d t o p rovide reason able protection against har mful interfe rence when the equi pment is operated in a comme rcial e nvironme nt.
.
v Content s Chapter 1: In troduction 1-1 Key Fe atures 1-1 Descripti on of So ftware Feature s 1-2 Sys tem Defa ults 1-5 Chapter 2: In itial Configuratio n 2-1 Connec ting to th e Switch 2-1 Config ur.
Contents vi Teln et Settings 3-21 Config uring Ev ent Logg ing 3-23 Sys tem Logs 3-23 Sys tem Logs Configu ration 3-24 Rem ote Lo gs Con fi gurat io n 3-2 5 Send ing Simpl e Mail Tra nsfer Protoc ol A.
Contents vii Port Conf igurati on 3- 75 Displ aying C onnectio n Status 3-75 Config uring I nterface Con necti ons 3-77 Cre ating Trunk Grou ps 3-79 Static ally Confi guring a Trunk 3-80 Enabli ng LAC.
Contents viii Mappin g Protocols to VLANs 3-137 Class of Servic e Confi guration 3-139 Setti ng the Default P riority for I nterfac es 3-139 Map ping CoS Val ues to Egre ss Queu es 3-141 Sele cting th.
Contents ix Unders tandin g Comm and Mode s 4-5 Exec C ommands 4 -6 Conf igu rati on Co mmands 4-6 Comm and Li ne Proces sing 4-7 Comm and G roups 4-9 Line Comm ands 4-10 line 4-10 logi n 4-11 pas swo.
Contents x ip ss h time out 4-3 5 ip s sh authen tication-r etries 4 -36 ip ss h serv er-k ey si ze 4-3 6 del ete pu bli c-k ey 4-3 7 ip s sh crypto ho st-key ge nerate 4-37 ip ss h cryp to zer oiz e .
Contents xi whi chboo t 4 -66 boot sy stem 4-66 Authen tication Co mmands 4- 67 Authe ntication Sequence 4- 67 authe ntication login 4-68 authe ntication enabl e 4-69 RADIUS Client 4-70 radius-s erver.
Contents xii mat ch acce ss-li st ip 4-96 show ma rking 4 -97 MAC A CLs 4-9 8 acce ss-li st m ac 4- 98 per mit, deny (MAC ACL ) 4-99 sho w mac ac cess -list 4- 100 acc ess-list mac mask-prec edence 4-.
Contents xiii show d ns 4-127 show d ns ca che 4-128 clea r dns cac he 4-128 Int erf ace Co mmand s 4 -129 inter face 4-130 des cri ption 4-13 1 spee d-duplex 4-131 neg otiat io n 4-13 2 capa bilities.
Contents xiv spa nning-tree forward-ti me 4-163 spa nning-tree hello-tim e 4-164 spa nning-tree max-a ge 4-164 spanni ng-tree priority 4-1 65 spa nning-tree pathc ost metho d 4-166 spa nning-tree tran.
Contents xv GVRP and Bridge Extensio n Comm ands 4-192 bridge -ext gvrp 4-193 sho w bri dge- ext 4- 193 switc hport gvrp 4-194 show g vrp confi guratio n 4-194 garp ti mer 4-195 show g arp timer 4-196.
Contents xvi IGMP Query C omman ds (Layer 2) 4-222 ip ig mp snoo ping q uerier 4-222 ip ig mp snoo ping q uery-coun t 4-222 ip ig mp snoo ping q uery-interv al 4-223 ip ig mp snoo ping q uery-max- res.
xvii Tables Table 1-1. Key F eatures 1-1 Table 1-2. System Defaults 1-5 Table 3-4. Mai n Menu 3-3 Table 3-2. Config uration Options 3-3 Table 3-1. SNM Pv3 Securi ty Mo dels and Level s 3-32 Ta ble 3 -22. Comp ati ble O per atin g Sys tem s 3- 45 Ta ble 3- 30.
xviii T ables Table 4-27. A uthentica tion Seq uence 4-67 Table 4-2 8. RADIUS Comma nds 4-7 0 Table 4-29. TA CACS+ Com mands 4-73 Table 4-30. Port Se curity C ommands 4-75 Table 4-31. 802 .1X Port Authen tication Commands 4-76 Table 4-32. ACL Informati on 4-84 Table 4-33.
xix Ta ble 4- 67. Quali ty of S ervi ce Com mand s 4-2 10 Table 4-68. Mul ticast Fi ltering Commands 4- 218 Table 4-69. IGM P Snooping Commands 4-218 Table 4-70. IGM P Query Com mands ( Layer 2 ) 4-222 Ta ble 4- 71. Stati c Mul ticas t Ro utin g Comm and s 4-2 25 Table 4-72 .
xx T ables.
xxi Figu res Figure 3-1. Home Pa ge 3-2 Figure 3-3. Ports Pa nel 3-3 Fi gure 3-5 . Sys tem Info rmat io n 3-9 Figure 3-6. Switch Informa tion 3-10 Figure 3-7. Bridge Exentsion Config uration 3-12 Figure 3-8. IP Confi guratio n 3-13 Figure 3-9. Selecting DHCP Mode 3-14 Figure 3-10.
Figures xxii Fig ure 3 -36. ACL M ask C onfi gur atio n 3-68 Figure 3-37. ACL IP M ask Confi guration 3-70 Figure 3-38. ACL MAC Mask Configu ration 3-71 Figure 3-39. ACL Port Binding 3-73 Figure 3-12. Filte ring IP Ad dresses 3-74 Figure 3-40. Port In formation 3-75 Fig ure 3 -41.
Figures xxi ii Figure 3-84. Port Prio rity Configu ration 3-140 Figure 3-87. Traffic C lasses 3-142 Figure 3-88. Selec ting the Q ueue Mod e 3-143 Figure 3-89. Queue Sc heduling 3-144 Figure 3-90. IP Preceden ce/DSCP Priority Sta tus 3-145 Figure 3-92.
Figures xxiv.
1-1 Chapter 1: Introduction This sw itch provid es a broad r ange of feat ures for Lay er 2 switching . It includes a man agement ag ent that al lows you to con figure th e features listed in this m anual. The def ault config uration ca n be used fo r most of the f eatures pr ovided by this switch .
Introducti on 1-2 1 Description of S oftware Features The s witch provides a w ide range of a dvanc ed perf ormance enha ncing features . Flow co ntrol elimi nates the l oss of packets due t o bottlenecks cause d by port satura tion. Broa dcast stor m suppress ion prev ents broadcas t traffic storm s from eng ulf ing the net wor k.
Descripti on of Software Fe atures 1-3 1 Rate Limiting – Thi s feature co ntrols the m aximum rate for traffic transm itted or rece ived on an inter face. Ra te limiting is c onfigure d on interface s at the edg e of a netwo rk to limit tr af fic i nto or out o f the netwo rk.
Introducti on 1-4 1 older IEEE 802.1D ST P standard. It is intended as a c omplete replacement for STP , but ca n still interope rate with sw itches running the older stand ard by autom atically reconf iguring po rt s to STP -compliant mode if they d etect STP pro tocol messa ges from attac hed devices .
System Defa ults 1-5 1 Multicast Fi ltering – S pec ific multicas t traffi c can be assign ed to its own VLAN to ensur e that it does n ot interfer e with norm al netwo rk traf fi c and to gua rantee real-tim e delive ry by se tting t he requ ired prior ity level for the designa ted VLAN.
Introducti on 1-6 1 SNMP Comm unity Strin gs “pu blic” (r ead only) “privat e” (rea d/write) T raps Authe ntication tr aps: e nabled Link-u p-down ev ents: e nabled IP Filterin g Disabl ed Por.
System Defa ults 1-7 1 Virtual LA Ns Defau lt VLAN 1 PVID 1 Accep table F rame T ype All Ingres s Filter ing Disabl ed Switch port Mode (Egre ss Mode) Hybrid : tagged/u ntagge d frames GVRP (global) D.
Introducti on 1-8 1.
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configur ati on Options The swi tch includes a built-in ne twork m anageme nt agent. T he agent offers a var iety of m anageme nt opt ions, inc luding S NMP , R MON a nd a Web-base d interfa ce.
Initial Confi guration 2-2 2 • Set broadca st stor m cont rol on any port • Displa y system informatio n and stat istics Required Connections The swi tch provides an RS-232 serial por t that enab l e s a connect ion to a PC or termin al for monit oring and co nfigurin g the switch .
Basic C onfigurat io n 2-3 2 Remote Connections Prior to acces sing t he swi tch’s onboa rd age nt via a netw ork c onnection , you must fi rst conf igu re i t wi th a val id I P ad dre ss, s ubn et ma sk, a nd defa ult g at eway usin g a conso le connec tion, DHC P or BOOTP pr otocol.
Initial Confi guration 2-4 2 Setting Passwords Note: If this i s your first time to log into the CLI program, you s hould define new passwords for both default user names us ing the “u sername” c ommand, record them and put them in a saf e place. Passwo rds can con sist of up t o 8 alphanu meric cha racters an d are case s ensitive .
Basic C onfigurat io n 2-5 2 Before y ou can as sign an IP addr ess to the sw itch, yo u must obtain th e following infor mation from y our netwo rk admi nistrator : • I P addr ess for th e swit ch • Defau lt gateway for the netwo rk • Netwo rk mask for this network T o a ssign an IP add ress to t he switch, comple te the follow ing steps: 1.
Initial Confi guration 2-6 2 5. Wait a few min utes, an d then chec k the IP conf iguration se ttings by t yping the “sho w ip interface ” comman d. Press <E nter>. 6. The n save y our config uration ch anges by ty ping “copy running- config startup-co nfig.
Basic C onfigurat io n 2-7 2 T o configu re a c ommu nity st ring, co mplete the fo llowing steps: 1. Fr om the Privi leged Exe c level global configur ation mode pr ompt, type “snmp -server communi ty string mode , ” w here “string ” is the com munity ac cess strin g and “mode ” is rw (read/w rite) or ro (read on ly).
Initial Confi guration 2-8 2 2. Ent er the nam e of the start-up fi le. Press <E nter>. Managing Syste m Files Th e swi tch ’s fl ash m emory supp ort s t hre e ty pes of s yste m fi les t hat can be ma naged by the CL I program , Web interface , or SNMP .
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This sw itch pr ovides an emb edded H TTP Web agent. U sing a Web brows er you c an confi gure the switch and view sta tistics to monitor network activi ty . The W eb agent can be ac cessed by any comp uter on th e network u sing a standar d W e b browser (Interne t Explorer 5.
Config uring the Switch 3-2 3 Navigating the W eb Browser Interf ace T o a ccess the web-brows er interfac e you mu st first ente r a user name a nd password . The ad minist rator has Read/ W rite access to all co nfigurat ion parame ters and statist ics.
Navigati ng the Web Browser Int erface 3-3 3 Notes: 1. To ensu re proper screen refresh, be sure t hat I nternet Explorer 5.x is configured as follows: Under the menu “Tools / I n t ernet Options / .
Config uring the Switch 3-4 3 Jumbo Frame Enabl es jumbo f rame s upport 3-1 5 File 3-16 Firmwa re Manag es code i mage f iles 3-16 Config uration Manag es switch config uration file s 3-17 Line 3-1 8.
Navigati ng the Web Browser Int erface 3-5 3 Port S ecurity Config ures per p ort securit y , inclu ding st atus, resp onse fo r securi ty brea ch, and m aximum all owed M AC ad dresses 3-52 802.
Config uring the Switch 3-6 3 Port S tatistics Lis ts Ethe rnet and R MON port statist ics 3-93 Alcate l 3-98 AMAP Alcatel Mapp ing Ad jacency Pr otocol (AMAP) 3-9 8 Set tin gs Con fi gures AMAP param.
Navigati ng the Web Browser Int erface 3-7 3 Port C onfigur ation Specif ies def ault PVID and VL AN attribu tes 3 -133 Trunk Configura tion Sp ecifies def ault tru nk VID and VLAN attribute s 3-133 P.
Config uring the Switch 3-8 3 Basic Configuration Display ing Syste m Information Y ou ca n easily ident ify the sy stem by d i s playing t he device n ame, loca tion and contact inf ormatio n. Field Attributes • Syst em Name – Name ass igned to th e switch syst em.
Basic C onfigurat io n 3-9 3 We b – Click Sys tem, System Info rmation. S pecify the s ystem name, locati on, and conta ct informati on for th e system adminis trator , then c lick Apply . (This page also includes a T elnet butt on that all ows access to the Co mmand Line Interface vi a T elnet.
Config uring the Switch 3-10 3 Display ing Switch Har dware/Software Ve rsions Use the Switch Inf ormation page t o display ha rdware/ firmware ve rsion nu mbers for the main board and management software, as well as t he power status of the s ystem .
Basic C onfigurat io n 3-11 3 CLI – Use the followin g command to display v ersion inf ormation. Display ing Bridge Ext ension Capabil ities The Bridg e MIB includ es extens ions for m anaged dev ices that s upport Mult icast Fil terin g, T raf fic Cl as ses, and V irtu al L ANs.
Config uring the Switch 3-12 3 We b – Click System, Brid ge Extension. Fi gure 3- 7. Br idg e Ex ents io n Co nfig urat io n CLI – Enter th e following co mman d. Setting the Switc h’s IP Address Th is sec tio n descr ibe s how to co nf igur e an IP int er face fo r man agem ent ac cess over the network.
Basic C onfigurat io n 3-13 3 • IP A ddress Mo de – Sp ecifies wh ether IP fu nctionality is en abled vi a manual config uration (S tatic), Dyn amic Host Co nfigurati on Protocol (DHCP), or B oot Protocol (B O OTP). If DHCP/BOOTP is enabled, IP will not function until a re ply has been r eceived fr om the serv er.
Config uring the Switch 3-14 3 Using DHCP/BOOTP If your ne two r k provides DHCP/BOOTP services, you can configure the switch to be dyn ami call y conf ig ured b y thes e serv ices . We b – Cl ick System, IP C onfigur ation. S p ecify the V LAN to which the mana gement sta tion is attached, set the IP Ad dres s Mo de to DHCP or BOOTP .
Basic C onfigurat io n 3-15 3 CLI – Enter t he following command to re start DHCP serv ice. Enablin g Jumbo Frames The swi tch provid es more efficient throughpu t for large seq uent i a l data transfer s by suppo rting jumb o frames up to 9000 byt es.
Config uring the Switch 3-16 3 • Fi le N am e – The file nam e should not contain sla s h es ( or /), the lead ing letter o f the file name should not be a perio d (.), and the m aximu m length for file names on the TFT P server is 12 7 character s or 31 charac ters for files on the switch .
Basic C onfigurat io n 3-17 3 CLI – Enter th e IP address of the TFTP ser ver , sele ct “config” o r “opcode” fi le type, then ente r the sour ce and destinati on file names, set th e new file to start up the system, and then resta rt the switch.
Config uring the Switch 3-18 3 If you d ownload t o a new file name, then selec t the new file from th e drop- down bo x for S tartup Con figuratio n File, and pres s Apply Cha nges. T o use the ne w settings , reboo t the s ystem v ia th e Syst em/Res et menu.
Basic C onfigurat io n 3-19 3 • Password Th reshold – Sets the password intrusion thr eshold, w hich limits the num ber of failed l ogon at tempts.
Config uring the Switch 3-20 3 We b – Cl ick System , Line, Console. S pec ify the con sole port c onnect ion paramet ers as r equired, then click A pply . Figure 3-1. Console Port Settings CLI – Enter Li ne Configur ation mod e for the con sole, then s pecify the con nectio n paramet ers as requ ired.
Basic C onfigurat io n 3-21 3 Telnet Set tings Y ou ca n access the on boar d configur ation prog ram over th e network u sing T elne t (i.e., a virtual t erminal). M anag ement acc ess via T elne t can be e nabled/ disabled and other va rious param eters se t, i n cluding th e TCP por t number , timeouts, and a password .
Config uring the Switch 3-22 3 We b – Cl ick System, L ine, T eln et. S pe cify the con nection para meters for T elnet acces s, then click A pply . Figure 3-2. Telnet Settings CLI – Enter Li ne Configur ation mod e for a virtua l terminal, the n specif y the connectio n par ameters as required.
Configur ing Event Logging 3-23 3 Configuring Eve nt Logging The s witch a llows you to cont rol the logging of error messag es, includ ing th e type o f events that ar e recorde d in switch mem ory , lo gging to a rem ote System Log (syslog ) serv er , and disp lays a list of r ecent ev ent messa ges.
Config uring the Switch 3-24 3 We b – Cl ick System, L og, Logs. Figure 3-3. Logging Information CLI – T yp e "show log ging ram" to display lo g messag es in the RAM bu f fer . System Logs Configurati on The Sys tem Logs p ag e allows you t o configur e and limit s ystem me ssages th at are logged to flash or RA M memo ry .
Configur ing Event Logging 3-25 3 • RAM Level – Li mits log messa ges s aved t o the s witch’s tempor ary RAM mem ory for all l evels up to t he specified lev el. For example, if le vel 7 is specif ied, all messages fro m level 0 to level 7 will be logged to RAM.
Config uring the Switch 3-26 3 • Ho st IP Li st – Disp lays the list of remote ser ver IP ad dresses tha t recei ve the syslog m essa ges. The m aximum number o f host IP add resse s allowe d is five. • Host IP Address – S p ecifies a new server IP ad dress to a dd to the Ho st IP List.
Configur ing Event Logging 3-27 3 Sending Simple Mail Transf er Protocol Alerts T o a l e rt system adm inistrat ors of prob lems, the sw itch can us e SMTP (Si mple Mail T ransf er Protoco l) to send emai l message s when t riggered b y logging eve nts of a specif ied level.
Config uring the Switch 3-28 3 We b – Cl ick System, Log , SMTP . Enable SM TP , specify a s ource emai l address, and sele ct the minimum severity le vel. T o add an IP address to the SMTP Server List, typ e the new IP a ddress in the SM TP Server text box and t hen click Ad d.
Configur ing Event Logging 3-29 3 to com plete t he co nfiguration. Use the s how logging sendma i l command to disp lay t he cur re nt S MTP co nfi gur ati on. Resetti ng the Syste m We b – Click System, R es et. Click the Reset button to restar t the switch .
Config uring the Switch 3-30 3 This swi tch acts as an SNTP cl ient in unicast mode: Un icas t – T he sw it ch per io dica lly send s a requ est for a ti me up date to a co nfig ured time server . Y ou can configure u p to three time serve r IP addresse s.
Simple Ne twork Manageme nt Protocol 3-31 3 Setting the Time Zone SNT P us es Co ordi nat ed U nive rsal T ime (or UT C, f or merly Gre enwi ch M ean T im e, or GM T) based on the ti me at th e Earth’s prime m eridia n, zero deg rees lo ngitude.
Config uring the Switch 3-32 3 standard presentation o f the inf ormation contro lled by t he agent . SNMP d efines bo th the fo rmat of the MIB specificat ions an d the prot ocol u sed to a ccess t his inform ation over the n etwork. The swi tch includes an onboa rd agent tha t supports SNMP versions 1, 2c, and 3.
Simple Ne twork Manageme nt Protocol 3-33 3 Enabling SNMP Enables th e SNMP agent on the swit ch for all ve rsions (1, 2c, and 3). Command Attri butes • SNMP Agent Status – Enables SN MP on the s witch. Figure 3-7. Enabling the SNMP Agent CLI – The follow ing exa mple enal bes SNMP on the switch.
Config uring the Switch 3-34 3 We b – Click SNMP , Configuration. Add new community str ings as re quired, select t he acce ss ri ght s fr om the Ac ces s Mode drop-d ow n list , th en cli ck Add . Figure 3-18. SNM P Configuration CLI – The foll owing exa mple adds t he string “ spiderm an” with rea d/write ac cess.
Simple Ne twork Manageme nt Protocol 3-35 3 We b – Cl ick SNMP , Con figuratio n. Enter the IP ad dress and commu nity string fo r each m anagm ent station that w ill receiv e trap mess ages, sp ecify the UD P port an d SNMP ve rsion, an d then click A dd.
Config uring the Switch 3-36 3 A local en gine ID is auto maticall y generated that is unique to the switc h. This is referred to as the de fault engine ID. If the loca l engine ID i s deleted or changed, all SNMP users will b e cleared. You will n eed to reconfigure a ll existing u sers.
Simple Ne twork Manageme nt Protocol 3-37 3 • Level – Th e secu ri ty le vel used for the use r: - no AuthNo Priv – T here is no a uthent ication o r en cryption u sed in SNM P com municat ions. - Aut hNoPri v – SNMP com municat ions use a uthenticat ion, but the da ta is not encr ypted (onl y availabl e for the SN MPv3 sec urity mo del).
Config uring the Switch 3-38 3 CLI – Us e t he snmp -serve r user comma nd to conf igure a new user name an d assign i t to a group. Configurin g SNMPv3 Grou ps An SNMP v3 group se ts the ac cess policy for its assigne d users , restricting th em to specif ic read and w rite view s.
Simple Ne twork Manageme nt Protocol 3-39 3 We b – Click SNMP , SNMPv 3, Gr oups. Clic k New to configure a new group. In the New Group page , define a na me, as sign a security model a nd lev el, and then s elect read and write v iews. Cl ick Add to save the new gro up and return to t he Grou p s list .
Config uring the Switch 3-40 3 Setting SNMPv3 Views SNMPv 3 view s are used to restrict use r access to speci fied portio ns of the M IB tree. The pre defined view “defa ultview” inc ludes acces s to the en tire MIB tree. Command Attri butes • View Name – The n ame of the SNM P view.
User Authen tication 3-41 3 CLI – Us e t he snmp -ser ver vi ew comma nd to config ure a new vi ew . This e xample view in cludes the MIB- 2 interfaces t able, a nd the wildcard mask select s all index entri es.
Config uring the Switch 3-42 3 Command Attri butes • User Name* – The na me of the user. (Maximum length : 8 characters) • Access Lev el* – Specif ies the user l e vel. (Options: Normal and Pri vileged) • Password – Sp ecifies the user pa ssword.
User Authen tication 3-43 3 a database of multiple us er name /password pairs wit h associa ted privile ge levels for each us er that req uires man agement access t o the switch . RADIUS uses UDP while T ACACS + us es TCP . UDP only of fers best eff ort delivery , while TCP o f fer s a connect ion-orient ed transpo rt.
Config uring the Switch 3-44 3 • TACACS Settings - Server IP Address – Address of the TA CACS+ ser ver. (Defa ult: 10.11.12 .13) - Serv er Port Number – Network ( TCP) por t of TACACS+ server us ed for auth entication mess ages.
User Authen tication 3-45 3 CLI – S p ecify all the re quired param eters to en able logon authent ication. Configur ing HTTPS Y ou ca n configur e the switch to e nable th e Secure Hyp ertext T rans fer Proto col (HTTPS ) over the S ecure Soc ket Layer (SSL), prov iding se cure acce ss (i.
Config uring the Switch 3-46 3 • To spec ify a secure -site certifi cate, see “Re placing t he Default Se cure-site Certifi cate” on page 3-46. Command Attri butes • HTTPS Status – Al lows you to en able/dis able the HT TPS server fe ature on the switch.
User Authen tication 3-47 3 When you have obtained these, plac e them on your TFTP server , and u se the follow ing comm and at the sw itch's co mmand -line inte rface to repla ce the defau lt (unreco gnized ) certifica te with an autho rized on e: Note: The switch must be reset for the new cer tif ic ate to be activated.
Config uring the Switch 3-48 3 Other wise, you n eed to ma nually cr eate a kno wn hosts file on the mana gem ent station and place th e host pu blic key in i t. An entr y for a publ ic key in the k nown hosts file wou ld appea r similar to t he followi ng examp le: 10.
User Authen tication 3-49 3 2. The SSH server supports up to four c l ient s essions. The m aximum number of client sessions includes both current Telnet sessions and SSH sessions. Generatin g the Host Key Pair A host pub lic/priva te key pair i s used to p rovide sec ure com municat ions betw een an SSH cli ent and the swit ch.
Config uring the Switch 3-50 3 We b – Click Securit y , SSH Host-Key Settin gs. Select the h ost-key type fr om the drop-d own box, select the option to save the hos t key from me mory to flas h (if requir ed) prior to ge nerating the key , and then c l ick Genera te.
User Authen tication 3-51 3 Configurin g the SSH Server The SS H server inc ludes ba sic settings for auth entication . Field Attributes • SSH Server Status – Al lows you to enab le/disab le the SSH ser ver on the swit ch. (Defaul t: Enabled) • Version – Th e Sec ure Shel l ve rsi on nu mber .
Config uring the Switch 3-52 3 CLI – This exam ple ena bles SSH, s ets the au thentica tion parame ters, and dis plays the current c onfigura tion. It shows that the adminis trator h as mad e a conn ection via SHH, and then disabl es this con nection.
User Authen tication 3-53 3 Command Attri butes •P o r t – Port nu mber. •N a m e – D e scr ipti ve te xt (p age 4-1 31). • Action – Indica tes the act ion to be take n when a port se curity viol ation is detec ted: - None : No a ction shou ld be taken.
Config uring the Switch 3-54 3 Configur ing 802. 1x Port Authenticati on Ne twor k swit ches ca n prov id e open an d eas y a ccess to net work resou rces by simply at taching a clie nt PC.
User Authen tication 3-55 3 • The RA DIUS ser ver and c lient also have to s upport th e same EA P authent ication type – MD 5. (So me clients ha ve nativ e support i n Windows , otherw ise the dot 1x client m ust supp ort it.
Config uring the Switch 3-56 3 CLI – Thi s exam ple sh ows the default proto col sett ings for 802.1 x. For a descr iption of the add itional ent ries displa yed in the CLI , See “show d ot1x” on page 4- 81.
User Authen tication 3-57 3 Configurin g 802.1x G lobal Settings The dot 1x protoco l includes global paramet ers that co ntrol the clie nt authe ntication proc ess that run s between th e client and t he switch (i. e., authen ticator), as well as the clien t identity look up pro cess that ru ns betwee n the switch and aut henticatio n serv er .
Config uring the Switch 3-58 3 CLI – This enables re-aut hentication and sets al l of the global parameters for 802.1x . Configurin g Port Authorizatio n Mode When dot1x is e nabled, you n eed to specify the dot1x authenti cation m ode config ured for eac h port.
User Authen tication 3-59 3 We b – Click Se curity , 802.1x, Por t Configu ration. Select the authent ication mo de f rom the dr op- dow n b ox and cl ick Appl y . Figure 3- 29. 802.1X Po rt Config uration CLI – T his exam ple set s th e au the ntica ti on mo de t o en able 802.
Config uring the Switch 3-60 3 We b – Select S ec urity , 802.1x, S tatisti cs. Select th e required port a nd then click Query . Click Refre sh to update t he statis tics. Fi gure 3-31 . 802. 1X St atis tic s CLI – This exam ple display s the 802.
Ac cess C ont rol Li sts 3-61 3 Access Control Lists Acces s Contr ol Lists (AC L) provi de packet filtering for IP fram es (bas ed on address , protoc ol, Layer 4 pr otocol port n umber o r TCP control cod e) or any fram es (bas ed on M AC add ress or Ethernet type).
Config uring the Switch 3-62 3 Setting the ACL Name an d Type Use the ACL Config uration page to de signat e the name and type of an A CL. Command Attri butes • Name – Name of th e ACL.
Ac cess C ont rol Li sts 3-63 3 • SubM ask – A su bnet m ask con taining fo ur intege rs from 0 to 25 5, each separat ed by a per iod. The m ask uses 1 b its to indic ate “match” and 0 bits to indicate “i gnore.
Config uring the Switch 3-64 3 • Service T ype – Packet priority se ttings based on the follow ing criter ia: - Pre cedence – IP pre cedence l evel. (Ran ge: 0-7) - TOS – Type of Ser vice level. (Range: 0 -15) - DSC P – DSCP priorit y level.
Ac cess C ont rol Li sts 3-65 3 We b – S pecify the a ction (i.e., Permit or Deny ). S pec ify the sou rce and/ or destin ation addr esses. Se lect the addre ss type (A ny , Hos t, or IP). If you select “Host, ” ente r a s pecific ad dress. If you selec t “IP ,” e nter a subnet addre ss and the mas k for an addre ss range.
Config uring the Switch 3-66 3 Configurin g a MAC ACL Command Attri butes • Action – An ACL can contain al l pe rmit rules or a ll deny rules . (De fault : Perm it ru les) • Source /Destinati on.
Ac cess C ont rol Li sts 3-67 3 We b – S pecify the a ction (i.e., Permit or Deny ). S pec ify the sou rce and/ or destin ation addr esses. Se lect the ad dress type ( Any , H ost, or MA C). If you sele ct “Host, ” enter a specif ic addres s (e.
Config uring the Switch 3-68 3 Configur ing ACL Masks Y ou mus t specify ma sks that c ontrol the or der in which ACL rules ar e chec ked. The sw itch incl udes t wo sy stem def ault mask s t hat pas s/f ilt er p ac ket s ma tchi ng t he permi t/deny rule s specifie d in an ingre ss ACL.
Ac cess C ont rol Li sts 3-69 3 Configurin g an IP ACL Mas k This ma sk defines the fields to c heck in the IP header . Command Usage • Mas ks that inclu de an entry for a Layer 4 pr otocol sou rce port or d estina tion port can only be applie d to packets with a heade r length of exactly five bytes.
Config uring the Switch 3-70 3 We b – Con figure the m ask to ma tch the requ ired rules in th e IP ingre ss or egress ACLs. S et the mask to check f or any source or desti nation addr ess, a spe cific host addre ss, or an addr ess rang e.
Ac cess C ont rol Li sts 3-71 3 Configurin g a MAC ACL Mask This ma sk defines the fields to c heck in the pa cket head er . Command Usage Y ou mu st co nfig ure a mas k fo r an ACL rul e bef ore you can bind it to a por t.
Config uring the Switch 3-72 3 CLI – This e xampl e show s how t o creat e an I ngress MAC A CL and bind it t o a por t. You can then see that the order of th e rules ha ve been chan ged by the mask.
Filtering IP Addresses for Manage ment Access 3-73 3 We b – Click Security , A CL, P ort Bind ing. Ma rk the E nable field for the p ort yo u want to bind to an ACL for ing ress or egres s traffic, selec t the require d ACL from the drop-do wn list, then click Appl y .
Config uring the Switch 3-74 3 • When e ntering ad dresses fo r the same gr oup (i.e., SNM P, web or Telnet), the switch will not accept o verlapping address ranges. When enterin g addresses for differe nt gro ups, the swi tch will accep t overl apping addres s range s.
Po rt Co nfi gura tio n 3-75 3 Port Configuratio n Display ing Connect ion Status Y ou ca n use the Port Inf orma tion or T runk Inf ormati on pages to displa y the cu rrent conne ction statu s, inc luding link state, speed/ duplex mode , flow control, and auto-n egotiation .
Config uring the Switch 3-76 3 Field Attributes (CLI) Basic info rmation: • Port type – Indicates th e port type. (1000BAS E-T, 1000BASE -SX, 1000BASE -LX or 100BASE- FX) • MAC address – The ph ysical lay er address f or this por t. (To acces s this item on the web , see “Settin g the Switch ’s IP Address ” on page 3-12.
Po rt Co nfi gura tio n 3-77 3 CLI – This e xample sho ws the conn ection s t atu s for Port 5. Configur ing I nterface Connections Y ou can use the Po rt Confi guration or T runk Confi guration p a.
Config uring the Switch 3-78 3 ( The cu rrent sw itch chip o nly suppo rts symmet ric pau se frames . ) - FC - Supp orts flow cont rol Flow co ntrol can eli minate fra me loss by “ blocking” traffic from en d stations or segm ents con nected dir ectly to the sw itch when its buffer s fill.
Po rt Co nfi gura tio n 3-79 3 CLI – Select the interfac e, and then ent er the requ ired settin gs. Creati ng Trunk Groups Y ou ca n create mu ltiple links betwee n device s that work as o ne virtual , aggregat e link.
Config uring the Switch 3-80 3 • The por ts at both en ds of a trunk m ust be co nfigured i n an identical manner , includ ing comm unication m ode (i.e ., speed, d uplex mode and flow control), VL AN assignm ents, and CoS setting s. • All the p orts in a trunk ha ve to be treated as a whole when move d from/t o, added or d eleted fr om a VLAN.
Po rt Co nfi gura tio n 3-81 3 CLI – This exampl e cr eate s trun k 2 wit h port s 1 an d 2. Jus t conn ect th ese po rt s to two static trun k ports on ano ther swi tch to form a t runk.
Config uring the Switch 3-82 3 We b – Cl ick Port, LACP , C onfigurati on. Select any of the switc h ports from the scro l l- down port list and c lick Add . After y ou have comp leted adding ports to the member lis t, clic k Apply . Fi gure 3-4 3. LAC P Co nfi gu rati on CLI – The fo llowing ex ample ena bles LAC P for ports 1 to 6.
Po rt Co nfi gura tio n 3-83 3 Configurin g LACP Parameters Dynam ically Creat ing a Port Chann el – Ports assigne d to a co mmon port ch annel mu st meet th e following c riteria: • Ports must have the same LACP System Priority . • Ports must have the same LACP port Ad min Key.
Config uring the Switch 3-84 3 We b – Cl i c k Port, LACP , Aggr egation Po rt. Set the Sys t e m Priority , Admin Key , and Po rt Pr iori ty f or the Port Acto r .
Po rt Co nfi gura tio n 3-85 3 CLI – The follow ing exa mple conf igures LAC P p a rameters f or ports 1-6. Ports 1-4 are us ed as active m embers of the LAG ; ports 5 and 6 are set to b ackup mo de. Displaying LACP Port Counters Y ou ca n display statist ics for LACP protocol messag es.
Config uring the Switch 3-86 3 We b – Click Port, L ACP , Port Counte rs Informatio n. Select a member po rt to display the co rrespondi ng informa tion. Figure 3-46 . LACP P ort Counters Information CLI – The follow ing exa mple disp lays LACP c ounters for port cha nnel 1.
Po rt Co nfi gura tio n 3-87 3 We b – Click Port, LACP , Port Internal In formation. Se lect a port c hannel to disp lay the co rrespondi ng informa tion. Figure 3-48. LACP Settings - Local Side LACP Port Priori ty LACP port pr iority assig ned to thi s interf ace wit hin the cha nnel grou p.
Config uring the Switch 3-88 3 CLI – The follow ing exa mple disp lays the LACP configu ration sett ings and opera tional state for th e local side o f port chan nel 1. Display ing LACP Settings and Status for th e Remote Side Y ou ca n display co nfigurat ion setting s and the op erationa l st ate f or the rem ote side of an link ag gregatio n.
Po rt Co nfi gura tio n 3-89 3 We b – Cl ick Port, LACP , Por t Neighbo rs Information . Select a port c hannel to displa y the corres ponding informa tion. Figure 3-50. LACP Port Settings - Remote Side CLI – The follow ing exa mple disp lays the LACP configu ration sett ings and opera tional state for th e remote si de of port ch annel 1.
Config uring the Switch 3-90 3 Setting Broadcast Storm Thr esholds Broad cast storms may oc cur when a de vice on yo ur networ k is malfunc tioning, or if applic ation prog rams are no t well designe d or prope rly confi gured.
Po rt Co nfi gura tio n 3-91 3 CLI – S p ecify any i nterface , and then e nter the thre shold. The f ollowing disables broad cast stor m control fo r port 1, and the n sets broadc ast supp ression at 6 00 packets per sec ond for po rt 2.
Config uring the Switch 3-92 3 We b – Clic k Por t, Mi rror . S peci fy the so urce port , th e traf fic type to be mi rro red , and the mon itor port, the n click Add. Figure 3-52 . Mirror Port Configur ation CLI – Use the interfac e command to select th e monito r port, then us e the port moni to r comm and to s peci fy th e sour ce por t.
Po rt Co nfi gura tio n 3-93 3 We b - Click Rate Limit, Input/Output Port/ T runk Configur ation. Set the Input Rate Limit S tatu s or Output Rate Limit S tatus, th en set the ra te limit for the ind ividual inter faces, and cli ck Apply . Figure 3-53.
Config uring the Switch 3-94 3 St a tistical V alu es T able 3-54. Displayin g Port Statistics Param eter Descr iption In terf ace St atis tic s Receiv ed Octets The total numbe r of octets receiv ed on the interfac e, includin g fram ing charac ters.
Po rt Co nfi gura tio n 3-95 3 Exces sive Co llisions A cou nt of frame s for w hich transm ission on a parti cular in terface fai ls due to exc essive coll isions. This co unter doe s not incre ment w hen the interfa ce is oper ating in full-du plex mode .
Config uring the Switch 3-96 3 We b – Cl ick Port, Port S tatistics. Se lect the requ ired interfac e, and click Query . Y o u can also use the Re fresh button at the bot tom of the page to u pdate the sc reen.
Po rt Co nfi gura tio n 3-97 3 Figure 3- 55. Displayin g Port Statistics.
Config uring the Switch 3-98 3 CLI – T his exam ple shows st ati sti cs f or port 13. Alcatel Mapping Adjacency Proto col (AMAP) The AM AP p rotocol en ables a switch to disc over t he topo l o gy of o ther AMA P-aware devices in the netw ork. The pr otocol allow s each swi tch to det ermine if othe r AMAP-aw are swit ches are ad jacent to it .
Alcatel Mappi ng Adjacency Prot ocol (AMAP) 3-99 3 • Common – The por t has detect ed an adjac ent switch and perio dically send s “Hello ” packets to determi ne that it is still pr esent. • Passive – A p ort enters th is state if ther e is no respon se to a Disc overy “hel lo” packe t.
Config uring the Switch 3-100 3 We b – Click Alcatel , AMAP , Informati on. Figure 3-57. AMAP Infor mation CLI – There is n o equvilent CLI comm and to dis play detect ed devic es. Address Table Settings Switche s store the ad dresse s for all known d evices.
Address T able Sett ings 3-101 3 We b – Cl ick Address T able, S tatic Addr esses. S peci fy the inter face, the MA C add res s and VLAN , t hen cl ic k Add S tat ic A ddr ess. Figure 3-58. Setting a Stat i c A ddress Table CLI – This e xample add s an addres s to the static add ress table, but s ets it to be deleted wh en the switch is reset.
Config uring the Switch 3-102 3 We b – Click Ad dress T a ble, Dy namic Add resses. S pec ify the s earch type (i.e., ma rk t he In terf ace, MAC Addr ess, or VLAN chec kbo x), sel ect the meth od of sor tin g t he displa yed addre sses, an d then click Query .
Spanning Tree Algorithm Con figuration 3-103 3 We b – Cli ck A ddr ess T able, Add res s Agi ng. S pecif y t he ne w agi ng t ime, cli ck A pply . Figure 3 -60.
Config uring the Switch 3-104 3 Once a stab le network t opology has been esta blished, a ll bridges lis ten for Hello BPDU s (Bridge Prot ocol Data Units) transmit ted from the Root Bridge. I f a bridge does no t get a Hello B PDU after a predef ined int erval (Maxi mum Age), t he bridge assumes tha t the link t o the Root Bridge is down.
Spanning Tree Algorithm Con figuration 3-105 3 • Forward De l ay – Th e maximu m time ( in seconds) the root de vice w i ll wait befor e chang ing states (i.e., discar ding to learn ing to forwa rding). Thi s delay is req uired becau se every de vice mu st receiv e informa tion about topology ch anges b efore it starts t o forward frames.
Config uring the Switch 3-106 3 • Root Hold Time – The in terval (in secon ds) dur ing which no more th an two bridge config uration pr otocol data un its sha ll be transm itted by this nod e. • Max ho ps – Th e max numb er of hop co unts for the M ST region .
Spanning Tree Algorithm Con figuration 3-107 3 Configur ing Globa l Settings Globa l settings ap ply to the en tire switch. Command Usage • Spann ing Tree Protoc ol Uses RS TP for the int ernal state mac hine, but s ends only 802 .1D BPDUs . This crea tes one spa nning tree ins tance for the entire net work.
Config uring the Switch 3-108 3 • Priority – Bridg e priority is us ed in sele cting the roo t device , root port, a nd designa ted port. The device with th e h ighest prior i ty becomes th e STA root device . However, if all devices have the same p r iority, the device with the lowest MAC add res s wi ll t hen b eco me the roo t de vi ce.
Spanning Tree Algorithm Con figuration 3-109 3 Co nfig urat ion Set ting s fo r RS TP The follow ing attribu tes apply to bot h RSTP and MSTP: • Path Co st Method – The path co st is used to determin e the best pat h between devices . The pa th cost meth od is used to de termine the range o f values th at can be a ssigned to e ach int erface.
Config uring the Switch 3-110 3 We b – Cl ick S panning T ree, ST A, Con figuratio n. Modify the re quired attr ibutes, and click Ap ply . Figure 3-63.
Spanning Tree Algorithm Con figuration 3-111 3 CLI – T his exa mple enab les S pan ning T ree Pr ot ocol , se t s th e mod e to MST , and then conf igures the ST A an d MSTP paramet ers.
Config uring the Switch 3-112 3 • Oper Link Type – Th e operat ional point -to-point sta tus of the LAN segme nt att ac hed t o thi s in terf ace . Thi s par ame ter i s det er mined by ma nual conf ig urat ion o r by auto- detection, as describ ed for Admin L ink Type in ST A Port Confi guration on page 3- 114.
Spanning Tree Algorithm Con figuration 3-113 3 • Inte rnal p ath cost – The pat h cost for the MS T. See the pr oceedi ng item. • Priority – De fines th e priority used for t his port in the Span ning Tr ee Algori thm. If the path co st for all ports on a swi tch is the sam e, the po rt with the hig hest pri ority (i.
Config uring the Switch 3-114 3 CLI – This exam ple sho ws the ST A attrib utes for port 5 . Configur ing I nterface Settings Y ou ca n configur e RSTP a nd MST P attri butes for sp ecific inter faces, inc luding port priorit y , path cost , link type, a nd edge por t.
Spanning Tree Algorithm Con figuration 3-115 3 • Priority – Defines the priority used for th is port in t he Spanning Tree Pro tocol. If the path cost for all ports on a switch are the sa me, the p ort with the hig hest priority (i.e., lowest value) will be configured as an active l ink in the Spanning Tree.
Config uring the Switch 3-116 3 We b – Click S pannin g Tr ee, ST A, Port Configuration or T runk Configuratio n. Modify the requ ired attribut es, then cl i c k Apply . Fi gur e 3- 66. STA Po rt Conf ig ura tio n CLI – This exam ple sets ST A attributes for port 7.
Spanning Tree Algorithm Con figuration 3-117 3 T o ensure that the MSTI ma i ntains connectiv ity across the netwo rk, you m ust configure a related set of bri dges with the sa m e MSTI settings. Command Attri butes • MST Inst ance – Ins tance ident ifier of this spannin g tree.
Config uring the Switch 3-118 3 CLI – This di splays ST A settings f or inst ance 1, followed by settings for each port. CLI – This exam ple sets the priori ty for MSTI 1, and a dds VLANs 1- 5 to this MSTI .
Spanning Tree Algorithm Con figuration 3-119 3 Display ing Interface Sett ings for MSTP The MS TP Port Informa tion and MS TP T r unk Infor mation pages display the cu rrent status of por t s a nd trunks in the selected M ST instanc e. Field Attributes • MST Inst ance ID – Instance identi fier to configure.
Config uring the Switch 3-120 3 CLI – This di splays ST A settings f or inst ance 0, followed by settings for each port. The s ettings for instance 0 are g lobal settings t hat ap ply to t he IST ( p a ge 3-1 04), the set tin gs f or o ther in st ances onl y ap ply to t he l oca l sp anni ng t re e.
Spanning Tree Algorithm Con figuration 3-121 3 Configur ing I nterface Settings for MSTP Y ou ca n configure t he ST A int erface set tings for an MS T Instance us ing the MSTP Port Conf iguration and MST P T r unk Con figuratio n p ages .
Config uring the Switch 3-122 3 We b – C lick S panning T ree , MSTP , Po rt Config uration or Trunk Confi guration. Enter the prior ity and path cos t for an interfa ce, and click Ap ply . Figure 3-69 . MSTP Port Configurat i o n CLI – This exam ple sets the MST P attribu tes for port 4.
VLAN Con figuration 3-123 3 VLAN s inherent ly provide a high level of network se curity si nce traffic must pas s throug h a configur ed Layer 3 lin k to reach a di f feren t VLAN. This switch supp orts the fo llowing VLAN features: • Up to 255 VLAN s based on the IEEE 80 2.
Config uring the Switch 3-124 3 Port Overlapping – Port over lapping can be used to al low acce ss to com monly shar ed networ k resources among di f ferent VLAN gro ups, such as fi l e s ervers or printers . Unt agged VL ANs – Untagged (or sta tic) VLANs ar e typical l y u sed to reduc e broad cast traffic and t o increase se curity .
VLAN Con figuration 3-125 3 Note: If you have host devices that do not suppo rt GVRP, you should configure static or untagged VLANs for the switch port s connected to these devices (as described in “Adding St atic Members t o VLANs (VL AN Index)” on page 3-130).
Config uring the Switch 3-126 3 We b – Click VLAN, 802.1Q VLAN, GVRP S tatus. Enable or disable GVRP , and click Apply . Fig ure 3-72. GV RP Status CLI – This exam ple ena bles GV RP for the sw i tch . Display ing Basic VLAN I nformation The VLAN Basic Info rmation p age displays basic informati on on the VLAN type suppo rted by the sw itch.
VLAN Con figuration 3-127 3 CLI – Enter th e following co mman d. Display ing Curr ent VLANs The VLAN C urrent T a ble show s the curr ent port mem bers of each VLAN and wheth er or not the por t supports VLAN taggi ng. Ports assign ed to a large VL AN group that cross es severa l switches s hould use VLAN tagging .
Config uring the Switch 3-128 3 We b – Click VLAN, 802.1Q VLAN , Current T able. Select any ID fr om the scroll-down lis t. Fi gur e 3- 74. VLAN C urr ent Tab le Command Attri butes (C LI) • VLAN – ID of con figured VL AN (1-4094 , no leading zer oes).
VLAN Con figuration 3-129 3 Creating VLANs Use the VLAN S tatic Li st to create or rem ove VLAN groups. T o pro pagate inform ation abo ut VLAN g roups used on thi s switch t o extern al netw ork devic es, you must sp ecify a VLAN ID for each of th ese groups.
Config uring the Switch 3-130 3 CLI – T his exam ple crea tes a new VLAN . Adding Stat ic Members t o VLANs (VLAN Index) Us e th e VLA N S ta tic T able to conf igur e po rt membe rs fo r t he se le cted VLAN i nde x. Assign p orts as tagged i f they are c onnected t o 802.
VLAN Con figuration 3-131 3 • Memb ersh ip Ty pe – Select VLAN mem bership for each interfac e by marking th e appro priate radi o button fo r a port or trunk : - Tagged : Interface is a member of the VLAN. All pack ets transm itted by the p ort wil l b e ta gged , t hat is, car ry a tag a nd ther efor e ca rry VLAN or CoS i nfo rmat ion .
Config uring the Switch 3-132 3 Adding Stat ic Members t o VLANs (Port I ndex) Use the VLAN S tatic M embership by P ort menu to ass ign VLAN gr oups to the select ed interf ace as a tagged me mbe r . Command Attri butes • In terf ace – Port or tr unk identifier.
VLAN Con figuration 3-133 3 Configur ing VLAN Behavior for Int erfaces Y ou can conf igur e VLA N beha vior for sp eci fic inte rf aces , incl ud ing th e defa ul t VLA N identif ier (PVID), ac cepted fra me types, in gress filte ring, GVR P status, and GA RP tim ers .
Config uring the Switch 3-134 3 • GARP Leave Timer * – The interval a port wa its before leaving a VLAN group. Th is time sh ould be s et to mo re than twice the join tim e. This en sures t hat after a Leave or Lea veAll mes sage has bee n issued , the appli cants can rejoin befor e the port actual ly leaves the gr oup.
VLAN Con figuration 3-135 3 CLI – Th is exam ple sets p ort 3 to accept only tagge d frames , assi gns P VID 3 as the na tive VL AN ID , ena bl es G V RP , s ets t he GA RP t im ers, a nd t hen se ts th e s wit chp ort mode to hybr id .
Config uring the Switch 3-136 3 Configurin g Uplink and Do wnlink Ports Us e th e Pri vate VL AN Li nk S t atu s p age to s et po rt s as dow nli nk o r up lin k por t s. Ports desi gnated as downlin k ports can not comm unicate w ith any other po rts on the sw itch e xcep t fo r the up li nk por ts .
VLAN Con figuration 3-137 3 Configurin g Protocol Group s Create a pr otocol gr oup for on e or more pro tocols. Command Attri butes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Ty pe – Fram e type us ed by this prot ocol.
Config uring the Switch 3-138 3 • Wh en a fra me en ters a p ort t ha t ha s bee n as sign ed t o a proto col VLAN , i t is proc essed in the fol lowing ma nner: - If t he frame is t agged, it will be proces sed ac cording to the standa rd rules app lied to tagge d frames.
Class of Ser vice Configu ration 3-139 3 Class of Servic e Configuration Class of Service ( CoS) allows you to speci fy which data pack ets have gre ater prec edence when traffic is buffered in the s witch due to conges tion. This swi tch suppo rts CoS with eig ht priority que ues for ea ch port.
Config uring the Switch 3-140 3 We b – Cli ck Priority , Default Port Pri ority or Default T runk Priority . Modify the d efault prior ity for any interface, then click Apply . Figure 3-84. Port Priority Configuration CLI – T his exam ple assi gns a def aul t pri ority of 5 to port 3.
Class of Ser vice Configu ration 3-141 3 Mapping CoS Values to Egr ess Queues This sw itch process es Clas s of Service (Co S) priori ty t agge d traffic by usin g eight priorit y queues f or each por t, with servi ce sched ules base d on strict o r Weighted Round R obin (WRR ).
Config uring the Switch 3-142 3 We b – Cl ick Priority , T raffic Clas ses. Mark a n interface an d click Select to displa y the curr ent mappi ng of CoS value s to outp ut queues. As sign priori ties to the traffic classes (i.e., out put queue s) for the se lected inter face, the n click Appl y .
Class of Ser vice Configu ration 3-143 3 Selecting the Queue Mode Y ou ca n set the sw itch to service the que ues based o n a strict rul e that requir es all traffic in a higher priority qu eue to be.
Config uring the Switch 3-144 3 We b – Cl ick Priority , Queu e Schedul ing. Select the interfac e, highligh t a traf fic cl ass (i.e., out put queue ), enter a weigh t, then cl i c k Apply . Figure 3-89 . Queue Scheduling CLI – The follow ing exa mple show s how to ass ign WRR weights to eac h of the priorit y queues.
Class of Ser vice Configu ration 3-145 3 Mapping Layer 3/4 Prio ri ties to CoS Values This sw itch suppo rts several c ommon me thods of prioritizin g layer 3/4 traf fi c to meet applic ation requ irements.
Config uring the Switch 3-146 3 Mapping IP Pr ecedence Th e T ype of Se rvi ce (T oS) octe t in th e IPv4 head er incl ude s thr ee pre ceden ce bi t s defining eight differen t priority le vels ranging from high est prior ity for netwo rk control p ack et s to lowe st p ri ori ty fo r r out ine tra ff ic .
Class of Ser vice Configu ration 3-147 3 CLI – The follow ing exa mple glob ally enables I P Preceden ce service on the swit ch, maps IP P recedenc e value 1 to CoS v alue 0 (on p ort 1), and the n displays the IP Pre ced ence se tti ngs .
Config uring the Switch 3-148 3 Note: IP DSCP s ettings apply to all interfaces. We b – Cl ick Prio ri ty , IP DS CP Pr iori ty . S elec t a n en tr y fr om t he D SC P tab le , ent er a value in the Class of Se rvice V alue field, then click App ly .
Class of Ser vice Configu ration 3-149 3 Mapping IP Port Pri ority Y ou ca n also map ne twork app lications t o Class of S ervice val ues based on the IP port numb er (i.e., TCP/U DP port nu mber) in the fram e header . Some of the more comm on TCP servi ce ports include: HT TP: 80, FTP : 21, T elnet: 2 3 and POP3: 1 10.
Config uring the Switch 3-150 3 CLI – The follow ing exam ple global ly enables IP Po rt Priority se rvice on the sw itch, maps H TTP traffic o n port 5 to CoS value 0 , and th en disp lays all t he IP Port Prior ity settings for that por t.
Class of Ser vice Configu ration 3-151 3 We b – Click Pri ority , ACL CoS Priorit y . Enable mappin g for any port, select an ACL from the scroll-down lis t, then cli ck Apply . Figure 3- 96. ACL CoS Pri ority CLI – T his exam ple assi gns a CoS val ue of ze ro to p acket s matc hing rul es w it hin the speci fied ACL on port 24.
Config uring the Switch 3-152 3 Command Attri butes • Port – Po rt identifier. •N a m e 1 – Name of AC L. • Type – Ty pe of ACL (IP or MAC ). • Preceden ce – IP Precede nce value. ( Range: 0-7) • DSCP – Differ entiated Se rvices Code P oint value.
Quality of Serv ice 3-153 3 Quality of Serv ice The com mands described in this secti on are used to c onfigure Qu ality of Se rvice (QoS) cl assificatio n criteria an d service polic ies.
Config uring the Switch 3-154 3 Use the Policy Ma p p ag e to specif y a policy map. Then use th e Class Ma p p a ge to con fi gure a pol icy m ap. A nd f inall y , us e the set and police comm ands to specif y the match criteria, wh ere the: - se t - class ifies the service that an IP packet w i ll receive.
Quality of Serv ice 3-155 3 Web – C lick QoS , Diff S erv , th en click Ad d Class t o create a new cl ass, or Edit Rules to cha nge the rule s of an exist i n g class. Fig ure 3-98. Conf iguring Cla ss Maps CLI - This exam ple create s a class m ap call “rd-c lass,” and s ets it to m atch packets marked for DSCP service value 3.
Config uring the Switch 3-156 3 Creating QoS Policies This fun ction crea tes a polic y map that ca n be attached to mu ltiple int erfaces. Creat e a policy map , specify t he name of th e policy m ap, and then u se the class paramet ers to c onfigu re poli cies for traffic tha t matc hes c riteria defined in a c lass map.
Quality of Serv ice 3-157 3 Policy T able - Policy Na me — Nam e of policy ma p. - Class Name — Nam e of clas s map. - Action — Classific ation of IP t raffic by CoS, DSCP , or IP Precedence. - Meter — Defines the maximum through put, burst r ate, and th e action that results fr om a poli cy v iol ati on.
Config uring the Switch 3-158 3 We b – Click QoS, Dif fServ , Policy Map t o display the li st of exi sting policy map s. T o add a ne w policy ma p click Add Po licy .
Quality of Serv ice 3-159 3 CLI – This e xample c reates a pol icy ma p called “rd- policy , ” sets t he aver age bandwi dth the 1 Mbps, the burst rate to 15 22 bps, and th e respons e to drop an y violati ng packets.
Config uring the Switch 3-160 3 Multicast Filteri ng Mult i c asting i s used to s upport real-time applic ations s uch as videoc onfere ncing or stream ing aud io. A multic ast server does not have to establis h a separate co nnection with each client.
Mul ticast F ilterin g 3-161 3 Configurin g IGMP Snoo ping and Qu ery Parameters Y ou ca n configur e the switch to forward m ulticast tra f fic in telligentl y . Base d on the IGMP qu ery and re por t me ssage s, t he sw it ch f orwar ds t raf fi c on ly t o t he por t s th at reque st multic ast traffic.
Config uring the Switch 3-162 3 We b – Click IGMP Snooping, IGMP Configuration. Adju st the IGMP settings a s requir ed, and then click Apply . (The default set tings are s hown belo w .) Figure 3-10 1. IGMP Configur ation CLI – Th is exam ple mo difies the settin gs for multicas t filterin g, and then disp lays the current status.
Mul ticast F ilterin g 3-163 3 We b – Click IGMP Snooping, Multi cast Router Port Information . Select the required VL AN ID fr om the sc rol l- down li st t o disp lay th e asso ciat ed mu lti cast rout ers .
Config uring the Switch 3-164 3 We b – Click IGMP Snooping, S tatic Multica st Ro uter Port Configu ration. S pecify the interfa ces attached to a mu lticast r outer , ind icate th e VLAN which will forward al l the corres ponding multica st tr af fic, and then cli ck Add.
Mul ticast F ilterin g 3-165 3 We b – Clic k IGMP Snoo ping, IP Mu lticast Regis tration T a ble. Selec t a VLAN ID and the IP add ress for a multicast service from the scrol l-down lis ts. T he switch will displa y all the inte rfaces tha t are propagatin g this mult icast serv ice.
Config uring the Switch 3-166 3 Command Attri bute • In terf ace – Act ivates the Po rt or Trunk sc roll down l ist. • VLAN ID – Sele cts the VL AN to propagat e all multica st traffic comi ng from the attac hed multicast router/s w i tch.
Configuri ng Domain Name Se rvice 3-167 3 Configur ing Genera l DNS Server Par ameter s Command Usage • T o e nable DNS service on thi s switch, fi rst configur e one or m ore name ser vers, and then e nable dom ain looku p status. • T o a ppend dom ain names to incompl ete hos t names rec eived from a D NS clien t (i .
Config uring the Switch 3-168 3 We b – Select DN S, General Configura tion. Set th e default do main nam e or list of dom ain names, specify on e or more na me server s to use to use for addre ss reso lution, enab le doma in lookup status , and click A pply .
Configuri ng Domain Name Se rvice 3-169 3 Configur ing Sta tic DNS Host to Address Entrie s Y ou ca n manuall y configur e static entries i n the DNS table that are use d to map dom ain names t o IP addres ses.
Config uring the Switch 3-170 3 We b – Select DN S, S tatic H ost T able. Enter a host n ame and on e or more corres ponding addres ses, t hen cl ick Appl y . Figu re 3-107. D NS Static Ho st Table CLI - T his exa mple ma p s tw o addr ess to a hos t na me, a nd t hen conf igur es a n al ia s host n ame for th e same add resse s.
Configuri ng Domain Name Se rvice 3-171 3 Display ing the DNS Cache Y ou ca n display en tries in the DN S cache t hat have b een learn ed via the des ignated name s erver s. Field Attributes •N o – The ent ry number for each res ource rec ord. • Flag – Th e flag is alw ays “4” indic ating a cach e entry and therefor e unreliab l e .
Config uring the Switch 3-172 3 CLI - This examp le displa ys all the reso urce reco rds learne d from the designat ed name s erver s. Console#show dns cache 4-128 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46.134.222 51 www.microso ft.akadns.net 1 4 CNAME 207.
4-1 Chapter 4: Command Line Interface This chap ter desc ribes how to use the Co mmand Li ne Interf ace (CLI). Using the Comm and Line Interface Acces sing the CLI When a ccessi ng the manag emen t in.
Command L ine Interface 4-2 4 T o a ccess the switch thr ough a T e lnet sessi on, you m ust first se t the IP addr ess for the swit ch, and se t the default gateway i f you are man aging th e switch fr om a different IP su bnet.
Enteri ng Commands 4-3 4 Entering Comma nds Th is sec tio n descr ibe s how to en ter CL I com mand s. Keywords a nd Arguments A CLI comm and is a s eries of keywor ds and argu ments. Keywo rds identif y a com mand, and ar guments spec ify configu ration parame ters.
Command L ine Interface 4-4 4 Showing Com mands If you ent er a “?” at the co mman d prompt, th e system will disp lay the first le vel of keywor ds for the cu rrent com mand clas s (Norm al Exec or Pri vileged Exe c) or config uration clas s (Globa l, ACL, Interfa ce, Line, VLAN Database, or MSTP ).
Enteri ng Commands 4-5 4 Partial Ke yword Looku p If you term inate a partia l keywor d with a quest ion mark, al ternatives that matc h the initial let ters are pro vided. (Re membe r not to leave a space betwe en the comm and and que stion mar k.) For exam ple “ s? ” shows al l the keyw ords starting wi th “s.
Command L ine Interface 4-6 4 Exec Comm ands When y ou open a new consol e session on the switc h with the use r name an d p ass word “ gue st, ” th e sy stem ente rs t he N ormal Exe c co mmand mode (or gues t mode ), dis play ing the “Con sole >” c omm and pr ompt .
Enteri ng Commands 4-7 4 T o enter th e Global Configu ration m ode, e nter the comm and co nfigure in Privileged Exec mode. The system prompt will change to “Co nsole(config)#” which gives y ou acces s privilege to all Globa l Configur ation com mands.
Command L ine Interface 4-8 4 Ctrl-F Shifts c ursor t o the right one ch aracter . Ctrl-K Delete s all ch aracters fr om the cursor to t he end of the lin e. Ct rl-L Re peat s cu rren t co mmand lin e on a ne w li ne. Ctrl-N Enters the next com mand l ine in the h istory buffer .
Comman d Groups 4-9 4 Command Group s The sy stem c ommands can b e broken down int o the fun ctiona l groups show n belo w . T able 4 -4. Comm and G roups Comm and Grou p Descr iption Page Line Sets .
Command L ine Interface 4-10 4 The acc ess mode shown in th e following table s is indicate d by these ab brevia tions: NE (N orm al Exec ) IC (Inter face C onfigur ation) PE (Privileg ed Exec ) LC (L.
Line Command s 4-11 4 Default Sett ing Th ere is no def ault line . Command Mod e Globa l Configur ation Command Usage T e lnet is consid ered a virtua l ter minal conn ection and w ill be shown as “V ty” in scre en displays such as sh ow users . Ho wever , the seri al comm unicat ion paramet ers (e.
Command L ine Interface 4-12 4 Command Usage • There a re three authe nticati on modes provided by the switch i tself at login : - lo gin selects auth enticati on by a sing le global pa ssword as specified b y the password l ine confi guration c ommand.
Line Command s 4-13 4 Command Usage • When a con nection is s tarted o n a line with passw ord pr otection , the sy stem promp ts for the pa ssword .
Command L ine Interface 4-14 4 Example T o s et the timeo ut to two minu tes, enter this comma nd: exec-time out This com mand se t s th e interval th at the syst em waits until u ser input is de tected.
Line Command s 4-15 4 Command Mod e Line C onfigur ation Command Usage • When the logon at tempt thr eshold is r eached, the system interface becom es silent fo r a specified amount o f ti me before all owing th e next logon attempt. (Use the s i lent-time com ma nd to set th is in terv al .
Command L ine Interface 4-16 4 databi ts This com mand se t s th e number o f data bits per charact er that are in terpreted and gener ated by the co nsole po rt. Use the no form to res tore th e defau lt va lue. Syntax d ata b its { 7 | 8 } no dat abits • 7 - Seve n data bits per ch aracter.
Line Command s 4-17 4 Command Usage Comm unica tion protoco ls provid ed by devi ces such as termina ls and mode ms often requ ire a specific parit y bit setting . Example T o specify no parity , enter this command: spe ed This com mand se t s th e termina l line’s baud rate.
Command L ine Interface 4-18 4 Defaul t S ett ing 1 stop bit Command Mod e Line C onfigur ation Example T o s pecify 2 stop bi ts, enter this com mand : disco nnect Use this comman d to termina te an SSH , T elnet, or co nsole co nnection.
General C ommands 4-19 4 Command Mod e Normal Exec, Privileged Exec Example T o s how all lines, enter this co mmand : General Comma nds ena ble Th is co mmand act iva tes Priv il eged E xec mode . In pri vil eged mode , ad dit ion al com mands a re availa ble, and c ertain com mands display a dditiona l informa tion.
Command L ine Interface 4-20 4 Defaul t S ett ing Level 15 Command Mod e Normal Exec Command Usage • “sup er” is the d efault p asswor d requir ed to ch ange th e comm and m ode from Normal Exec to Privileged Exec. (To set this p assword, see the enable password command on page 4-26 .
General C ommands 4-21 4 prior to en abling som e of the oth er configu ration mo des, includi ng Interf ace Configu ration, Lin e Configur ation, VLAN Dat a base Co nfiguration, and Multipl e S panning T ree C onfigur ation. See “Und erstanding Comm and Mode s” on page 4-5.
Command L ine Interface 4-22 4 mode s. I n thi s examp le, the !2 c ommand repeats the se cond com mand in the Ex ecut ion hi sto ry buf fer ( config ). reload This com mand re starts t h e system. Note: When the syst em is restarted, it will always run the Power-On Self-Test.
System Manage ment Commands 4-23 4 Default Sett ing None Command Mod e Any Example This exam ple sho ws how to retur n to the Privi l e ged Exec m ode from the G lobal Configu ration m ode, and then quit the C LI session : quit This c omman d exits t he con figuration program .
Command L ine Interface 4-24 4 Device Designation Co mmands prompt This com mand cu stomize s the CLI pr ompt. Use the no form t o restore t he default prompt . Syntax prompt string no prompt string - Any al phanumeric string to use for the CLI prompt.
System Manage ment Commands 4-25 4 hostna me This com mand sp ecifies or modifies t he host na me for this de vice. Us e the no form to rest ore the defa ult host name .
Command L ine Interface 4-26 4 •{ 0 | 7 } - 0 mean s plain p assword, 7 means en crypte d passwo rd. • password pa sswor d - The authent ication pas sword for the user. (Maxi mum leng th: 8 charac ters plain t ext, 32 encr ypted, cas e sensit ive) Defaul t S ett ing • The def ault acces s level is No rmal Exec.
System Manage ment Commands 4-27 4 Command Mod e Globa l Configur ation Command Usage • You c annot s et a n ull pass word. Yo u wi ll have to enter a pass word to chan ge the com mand m ode from Nor mal Exec to Priv ileged Exec with the enabl e comm and ( page 4- 19) .
Command L ine Interface 4-28 4 Command Mod e Globa l Configur ation Command Usage • If anyo ne tries t o access a man agemen t interfac e on the sw itch from an inv alid addr ess, the sw itch will reject the c onnec tion, enter an event messa ge in the system log, and sen d a trap m essage to the trap ma nager.
System Manage ment Commands 4-29 4 Example Web Server Com mands ip http port This com mand sp ecifies the TCP port num ber used by the Web brow ser interfac e. Us e the no form to us e the defa ult port. Syntax ip http port po rt-numb er no ip http port port-number - The TCP port to be u sed by the browse r inte rface.
Command L ine Interface 4-30 4 Example Related Commands ip http ser ver (4-30) ip http server This c omman d allow s this devic e to b e mon itored o r conf igured f rom a brows er .
System Manage ment Commands 4-31 4 • When you start HTTP S, the connection is established in this way: - The client aut henticates the serve r using the server’s digi tal certifica te. - The client and server ne gotiate a se t of securi ty protoco ls to use for th e conne ction.
Command L ine Interface 4-32 4 Command Usage • You can not conf i g ure the HTT P and HTTPS servers t o use the sa me port. • If you ch ange the HTT PS port num ber, clien ts attem pting to connec.
System Manage ment Commands 4-33 4 The SS H server o n this switch su ppor t s bot h p a ssword and public key auth entication . If password au thentica tion is spe cified by the S SH client , then th.
Command L ine Interface 4-34 4 00609 0253948 4084827178 1943722 884025331 1595213 4861022 9029789827 2135326 71 31629 4325328 1891504530 6393916 643 steve@1 92.168.1 .19 4. Set the Op tional Parame ters – Set ot her optional par ameters, inclu ding the authent ication ti meout, the number of retries, an d the server k ey size.
System Manage ment Commands 4-35 4 Example Related Commands ip ssh cry pto ho st-key g enera te (4-37 ) show ssh (4-39 ) ip ss h timeout Use th is command to co nfigure the ti meout for the SSH server . Use the no form to restor e the defaul t setting.
Command L ine Interface 4-36 4 ip ss h authent ication-retrie s Use this comman d to config ure the num ber of times the SSH se rver attemp t s to rea uthe nt icat e a user .
System Manage ment Commands 4-37 4 delete public-key Us e this co mma nd to del ete t he spec if ied us er ’ s pu blic ke y . Syntax delete public-key userna me [ ds a | rs a ] • user name – Nam e of an SSH user . (Range : 1-8 charac ters) • dsa – DSA pu blic key type.
Command L ine Interface 4-38 4 Related Commands ip ssh cry pto ze roiz e (4-3 8) ip ssh s ave hos t-key (4 -38) ip ss h crypto zeroize Use this comman d to clea r the host key fr om memo ry (i.e. RAM ). Syntax ip ssh cr ypto zero ize [ dsa | rsa ] • dsa – DSA ke y type.
System Manage ment Commands 4-39 4 Example Related Commands ip ssh cry pto ho st-key g enera te (4-37 ) show ip ssh Use this comman d to disp lay the conne ction set tings used w hen aut henticat ing client ac cess to the SSH server .
Command L ine Interface 4-40 4 show pub lic-key Use this comman d to show th e public key for the spec ified user or for the host . Syntax show public-key [ user [ us ernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Defaul t S ett ing Shows al l public ke ys.
System Manage ment Commands 4-41 4 Example Event L ogging Comma nds loggin g on This com mand co ntrols loggi ng of error messag es, sending debug or er ror mes sages t o sw itch me mory .
Command L ine Interface 4-42 4 Command Usage The loggi ng proce ss contro ls error mes sages save d to switc h memo ry . Y ou can use the logging hist ory c ommand to c ontrol the type o f error me ssages that ar e stored.
System Manage ment Commands 4-43 4 Command Mod e Globa l Configur ation Command Usage Th e mes sage lev el s pec ifi ed f or f las h memo ry m ust be a hi gher p ri ori ty ( i.e ., numeri cally lowe r) than that speci fied for RAM. Example loggin g host This com mand ad ds a syslo g server ho st IP addres s that will re ceive logg ing mes sages.
Command L ine Interface 4-44 4 Command Mod e Globa l Configur ation Command Usage The com mand sp ecifies the fac ility type tag sent in syslog m essages .
System Manage ment Commands 4-45 4 Command Mod e Privileged Exec Example Related Commands show lo gging (4-4 5) show log ging This com mand disp lays the logging con figurat ion, along w ith any syst em and ev ent messa ges st ored i n memory .
Command L ine Interface 4-46 4 The follow ing ex ample displ ays settin gs for the tra p function . Related Commands show lo gging sen dmail (4-4 9) SMTP Alert Commands Co nfig ures SMTP e vent handl ing , and for wardi ng of ale rt me ssa ges to the s peci fie d SMTP s ervers and em ail recipien t s .
System Manage ment Commands 4-47 4 loggin g sendmail h ost This co mmand specifi es SMTP server s that w ill be sent alert me ssage s. Use the no form to remove an SMTP s erver . Syntax [ no ] logging sendmail host ip_addr ess ip_address - IP ad dress of an SMTP server that will be sent alert messages for event handling.
Command L ine Interface 4-48 4 Command Mod e Globa l Configur ation Command Usage The specified level indicates an event threshold. All event s a t this level or higher will be sent to the confi gured email rec ipients. (For example, u sing Level 7 wil l report al l events fr om level 7 t o level 0.
System Manage ment Commands 4-49 4 Command Mod e Globa l Configur ation Command Usage Y ou ca n specify up to five recipien ts for alert mes sages. Ho wever , you mus t ente r a separate com mand to spe cify eac h recipien t. Example loggin g sendmail This com mand en ables SMTP ev ent hand ling.
Command L ine Interface 4-50 4 Time Comm ands The sys tem clock can be dynam ically set by polling a set of speci fied time ser vers (NT P or SNT P). sntp c lient This com mand en ables SNTP c lient reques t s for time synchron ization from N TP or SNTP tim e server s specified w ith the sntp se rvers co mman d.
System Manage ment Commands 4-51 4 Example Related Commands sntp se rver (4 -51) sntp poll ( 4-52) show sn tp (4-52 ) snt p serv er This com mand se t s th e IP address of the server s to which SN TP time reques t s are issued. Use the th is comma nd with no a rguments to cle ar all time ser vers from th e current list.
Command L ine Interface 4-52 4 sntp p oll This com mand se t s th e interval bet ween se nding time requests when the switch i s set to SNTP client mode. Use the no form to re store to th e default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
System Manage ment Commands 4-53 4 clo ck ti mezon e This com mand se t s th e time zone for the swit ch’s internal c l o ck. Syntax clock timez one nam e hour hour s mi nute minutes { befo re-utc | af ter- utc } • nam e - Name of tim ezone , usually an acr onym.
Command L ine Interface 4-54 4 Defaul t S ett ing None Command Mod e Privileged Exec Example This exam ple sho ws how to s et the syst em clock to 15:12:34, Februar y 1st, 2002.
System Manage ment Commands 4-55 4 Command Usage • Use th is comm and in co njunctio n with the s how running- config command to com pare the infor mation in r unning mem ory to the informati on stored in non-vola tile memory . • This command displa ys setti ngs for ke y comm and mo des.
Command L ine Interface 4-56 4 Example Related Commands show ru nning- config (4-57) Console#show startup-co nfig building startup-config , please wait.
System Manage ment Commands 4-57 4 show runn ing-config This com mand disp lays the configura tion inform ation cu rrently in us e. Default Sett ing None Command Mod e Privileged Exec Command Usage .
Command L ine Interface 4-58 4 Example Related Commands show star tup-conf ig (4-54) Console#show running-co nfig building running-config , please wait.
System Manage ment Commands 4-59 4 show sy stem This command displays system in f o r ma t ion. Default Sett ing None Command Mod e Normal Exec, Privileged Exec Command Usage • For a de scription of the items sh own by th is comma nd, refer to “D isplay i n g System Informa tion” on page 3- 8.
Command L ine Interface 4-60 4 show us ers Shows all a ctive c onsole and T elnet session s, inc luding u ser na me, idle time, and I P addre ss of T el net client. Defaul t S ett ing None Command Mod e Normal Exec, Privileged Exec Command Usage The s ession used to execut e this co mman d is indi cated by a “* ” symb ol next t o the Line ( i.
System Manage ment Commands 4-61 4 Example Frame Size Com man ds jumbo frame This com mand en ables sup port for jumbo frames . Use the no form to di sabl e it.
Command L ine Interface 4-62 4 Example Flash/File Comm ands These comm ands a re use d to m anage the system code or co nfigurati on files. copy This com mand m oves (up load/dow nload) a cod e image o r configurat ion file betwe en the swi tch’s f las h memo ry and a TFTP se rver .
Flash/F ile Command s 4-63 4 Default Sett ing None Command Mod e Privileged Exec Command Usage • The s ystem prompts for data r equired to complete th e copy command. • The de stinati on file nam e shoul d not con tain slas hes ( or / ), the lead ing letter of the file na me sh ould not be a pe riod (.
Command L ine Interface 4-64 4 The follow ing exam ple shows how to do wnload a co nfiguratio n file: This exam ple sho ws how to cop y a secure- site certi ficate from an TFTP server . It then reboots t he sw itch to activa te the certifi cate: This exam ple show s how to cop y a public-key used by SSH fr om an TFTP se rver .
Flash/F ile Command s 4-65 4 Command Usage • If th e file ty pe is used fo r system star tup, then thi s file cannot be deleted. • “ Fac tor y_De faul t_Co nfi g.c fg” cann ot be de let ed. Example This exa mple s hows h ow to del ete the t est2.
Command L ine Interface 4-66 4 Example The follow ing ex ample shows how to disp lay all file in formatio n: whichboo t This c omman d disp lays w hich f iles wer e boot ed wh en the syste m powe red up. Defaul t S ett ing None Command Mod e Privileged Exec Example This exam ple sho ws the infor mation d isplayed by the whichboot com mand.
Authentication C ommands 4-67 4 Default Sett ing None Command Mod e Globa l Configur ation Command Usage • A colo n (:) is required after the spec ified file ty pe.
Command L ine Interface 4-68 4 authen tica tion login This co mmand defines the lo gin authe ntication metho d and precede nce. Us e the no form to re store the d efault. Syntax authenti cation lo gin {[ local ] [ radius ] [ tacacs ]} no authent ication login • lo cal - Use local password .
Authentication C ommands 4-69 4 authen tica tion ena ble This com mand de fines the au thentica tion metho d and pre cedence to use when chang ing from Exec comma nd mode to Priv ileged Exec com mand m ode with th e enable co mmand (see page 4-19 ). Use the no form to res tore the defa ult.
Command L ine Interface 4-70 4 RADIUS Client Remo te Authent ication Dial- in User Servi ce (RADIUS ) is a logon authe ntication protoc ol that uses software runn ing on a cent ral serve r to contro l access to RADIU S-aware devices o n the network .
Authentication C ommands 4-71 4 Command Mod e Globa l Configur ation Example rad ius-serve r key This com mand se t s th e RADIUS encrypti on key . Use the no form to rest ore the defaul t. Syntax rad ius -ser ver key ke y_string no radius-server key key_string - Encryption key used to authenticate logon access f or client.
Command L ine Interface 4-72 4 radius- serve r timeout This com mand se t s th e interval bet ween tra nsmittin g authenti cation req uests to the RADIUS server .
Authentication C ommands 4-73 4 TACACS+ Client T ermina l Access Contro l ler Acc ess Control System (T ACA CS+) is a logon authent ication p rotocol tha t uses software running o n a central s erver to con trol acces s to T A CACS-a ware de vices on the network.
Command L ine Interface 4-74 4 Command Mod e Globa l Configur ation Example tacac s-server k ey This com mand se t s th e T ACA CS+ enc ryption k ey . Use t he no form t o restore th e defaul t. Syntax t aca cs-se rver key key_st ring no tacacs-serv er key key_string - Encryption key used to authenticate logon access f or the client.
Authentication C ommands 4-75 4 Po rt S ec u ri t y Com ma nds These comman ds can be use d to disa ble the learni ng functi on or manual ly spec ify secur e addres ses for a port . Y ou may wan t to leave po rt security o f f for an ini tial trainin g period (i.
Command L ine Interface 4-76 4 • To use po rt secur ity, first allow the switch to dynam ically learn t he <sou rce MAC ad dress, VLAN> pa i r f or frames received o n a port for an initial trai ning period , and then e nable port s ecurity to st op addre ss learnin g.
Authentication C ommands 4-77 4 authen tica tion dot1x default This com mand se t s th e default au thentica tion serve r type. Use t he no form to restor e the defaul t.
Command L ine Interface 4-78 4 dot1x max -r eq This co mmand sets the maximum numb er of tim es the s witch p ort will re transmi t an EAP reques t /ide nti ty pack et t o the client before it ti me s out the authentication session . Us e the no for m to r estore t he def ault.
Authentication C ommands 4-79 4 dot1x opera tion-m ode This command allows single or multiple hosts (clie nts) to connect to an 802 .1X -aut hori zed po rt . Use th e no form with no ke yword s to restor e the defa ult to single host. U se t he no form w i th the multi-host max -count keywords to restore t he defa ult maxim um count.
Command L ine Interface 4-80 4 dot1x re-au thenti cati on This com mand en ables peri odic re-au thentica tion globally for all ports. Use the no form to di sable re- authenti cation.
Authentication C ommands 4-81 4 Command Mod e Globa l Configur ation Example dot1x time out tx-perio d This com mand se ts the time t hat the switch waits dur ing an authe ntication session befor e re-transmitt ing an EAP p ac ket. Use the no form to reset to the def ault value.
Command L ine Interface 4-82 4 Command Usage This command displays the following information: • Globa l 802.1X P arameter s – Disp lays the gl obal port ac cess co ntrol para meters that c an be c.
Access Contr ol List Command s 4-83 4 Example Access Control List Commands Acces s Contr ol Lists (AC L) provi de packet filtering for IP fram es (bas ed on address , protoc ol, Layer 4 pr otocol port n umber o r TCP control cod e) or any fram es (bas ed on MAC address or Ethernet type ).
Command L ine Interface 4-84 4 • MAC ACL mode (MA C-ACL) filt ers packe ts based on th e source or des tination MAC ad dress and the Ethernet frame type ( RFC 1060 ). The follow ing restric tions appl y to ACLs: • This sw itch supp orts ACLs for both i ngress a nd egress filtering.
Access Contr ol List Command s 4-85 4 IP ACLs acce ss-list i p This co mmand adds an IP a ccess l ist and e nters c onfigura tion mo de for standard or extende d IP ACLs .
Command L ine Interface 4-86 4 Command Usage • An egre ss ACL m ust contai n all deny ru les. • When you cr eate a new ACL or e nter conf iguration mode for an existing ACL, use the permit or deny command to a dd new rules t o the bottom o f the l ist.
Access Contr ol List Command s 4-87 4 Example This exam ple con figures on e permit rule for the spe cific addre ss 10.1. 1.21 and anot her rule for the ad dress ran ge 168.9 2.16.x – 1 68.92.31. x using a b itmask. Related Commands ac cess- lis t ip (4 -85) permit , den y (Exten ded ACL) This com mand ad ds a rule to an Exten ded IP ACL.
Command L ine Interface 4-88 4 Defaul t S ett ing None Command Mod e Ex tend ed AC L Command Usage • All new ru les are ap pended to th e end of the list . • Addre ss bitma sks are s imilar to a s ubnet m ask, con taining fou r integer s from 0 to 25 5, e ach sepa rated by a per iod.
Access Contr ol List Command s 4-89 4 This per mits all TCP packets from c lass C addr esses 192 .168.1.0 wi th the TCP control code set to “SYN.” Related Commands ac cess- lis t ip (4 -85) show ip access -list This com mand disp lays the rules for conf igured IP ACL s.
Command L ine Interface 4-90 4 Command Mod e Globa l Configur ation Command Usage • A mas k can only be use d by all ingres s ACLs or a l l eg ress ACL s. • The pre cedence of the ACL ru les applied t o a packet is no t determin ed by orde r of the rules, but instead by the order o f the masks ; i.
Access Contr ol List Command s 4-91 4 Default Sett ing None Command Mod e IP Ma sk Command Usage • Packe ts crossin g a port are che cked agai nst all the rule s in the ACL u ntil a match is found. The order in which t hese pack ets are checked i s determ ined by the ma sk, and no t the order in whi ch the ACL rul es were ent ered.
Command L ine Interface 4-92 4 This s hows how t o crea te a standard AC L w ith an in gress m ask to de ny acc ess to the IP hos t 171.69 .198.102, and perm it access to any othe rs. This show s how to cr eate an ex tended ACL with an egres s mask to drop packets leavin g network 171.
Access Contr ol List Command s 4-93 4 This is a mo re compreh ensive ex ample. It d enies any T CP packets in which the SYN bit is O N, and perm its all other packets. It then sets the ingre ss mask to ch eck the deny r ule first, and finally bind s port 1 to this A CL.
Command L ine Interface 4-94 4 Related Commands mas k (IP ACL ) (4-9 0) ip ac cess-grou p This com mand bind s a port to an I P ACL. Use the no form to r emove the po rt. Syntax [ no ] ip ac cess-gr oup acl _name { in | ou t } • acl_nam e – Name o f the ACL.
Access Contr ol List Command s 4-95 4 Related Commands ip a ccess -grou p (4-94) map a ccess-list ip This com mand se t s th e output queu e for packets match ing an A CL rule. The specif ied CoS val ue is only us ed to map the matching packet to an outp ut queue ; it is not writ ten to the pack et itself.
Command L ine Interface 4-96 4 show ma p acce ss-list ip This com mand s hows the Co S value m apped to an IP ACL fo r the current i n terface. (The Co S value deter mines the output queu e for packets match ing an A CL rule.) Syntax show ma p acces s-list ip [ interf ace ] int erfac e • etherne t unit / port - unit - Th is is devic e 1.
Access Contr ol List Command s 4-97 4 Command Usage • Y ou m ust c onfi gur e an ACL m ask befo re y ou c an c hange fr ame prior iti es based on an AC L rule. • Traffic priorities may be include d in the IEEE 802.1p priority tag. T his t a g is also inc orporated a s part o f the over all IEEE 802.
Command L ine Interface 4-98 4 MAC ACLs acce ss-list mac This com mand ad ds a MAC a ccess list and enters MA C ACL con figuratio n mode. Us e the no form to re move the sp ecified ACL . Syntax [ no ] acce ss-li st mac acl_nam e acl_name – Name of the ACL.
Access Contr ol List Command s 4-99 4 • To remove a ru le, use the no permit or no den y command followe d by the exact te xt of a previ ously conf igured rul e.
Command L ine Interface 4-100 4 • any – An y MAC sour ce or des tin ati on ad dres s. • host – A spec ific MAC ad dress. • sour ce – Sour ce MAC a ddress. • dest i n ation – De stination M AC addr ess range with bitmas k. • addr ess- bitmas k* – Bitmask for MAC ad dress (in he xidecim al format).
Access Contr ol List Command s 4-101 4 Command Mod e Privileged Exec Example Related Commands permi t, deny 4-99 mac acce ss-g roup (4-1 04) acce ss-list mac mask-pre cedenc e This com mand ch anges to M AC Ma sk mode us ed to config ure acces s control mask s.
Command L ine Interface 4-102 4 mask (MAC ACL) This com mand defines a mask f or MAC ACL s. This m ask def ines the fi elds to ch eck in the packe t header .
Access Contr ol List Command s 4-103 4 Example This exam ple sho ws how to cre ate an Ingre ss MAC A CL and bind it to a p ort. You can th en see that the or der of the ru les have b een change d by the m ask. This exam ple creat es an Egre ss MAC AC L.
Command L ine Interface 4-104 4 show ac cess-li st mac mas k-precede nce This c omman d show s the ingress or eg ress r ule mas ks for MAC ACLs. Syntax show access -list m ac m ask-pre cedenc e [ in | out ] • in – In gress m ask p receden ce for ingr ess AC Ls.
Access Contr ol List Command s 4-105 4 Related Commands show mac acce ss-list (4-10 0) show mac acce ss-group This com mand sh ows the por ts assigne d to MA C ACLs . Command Mod e Privileged Exec Example Related Commands mac acce ss-g roup (4-1 04) map a ccess-list mac This com mand se t s th e output queu e for packets match ing an A CL rule.
Command L ine Interface 4-106 4 Example Related Commands queue cos-m ap (4-20 0) show m ap acce ss-list ma c (4-106) show ma p acce ss-list mac This c omman d show s the CoS value m apped to a M AC A CL f or the c urrent interfa ce. (The Co S value deter mines th e output queu e for packets match ing an ACL rule.
Access Contr ol List Command s 4-107 4 Default Sett ing None Command Mod e Inter face Config uration (E thernet) Command Usage Y ou mus t configur e an ACL m ask before yo u can cha nge frame priorities based o n an ACL rule .
Command L ine Interface 4-108 4 Example show ac cess-gro up This c omman d show s the port a ssignm ents of AC Ls. Command Mod e Privileged Exec utive Example SNMP Command s Controls access to this switch from management statio ns using th e Simple Network Man agement Pr otocol (SNM P), as well as the error ty pes sent to trap mana gers.
SNMP Command s 4-109 4 snmp- server community This com mand de fines the co mmun ity access string for th e Simple Netw ork Man agement Pr otocol. Us e the no form to remo ve the sp ecifie d communit y strin g.
Command L ine Interface 4-110 4 Example snmp- server contact This com mand se t s th e system contact string . Use the no form to remov e the system c ontact in formation. Syntax snmp -server contact st ring no snm p-serve r cont a ct string - S tring that describe s the system con t act information.
SNMP Command s 4-111 4 Example Related Commands snm p-serve r contact (4-1 10) snmp- server hos t This com mand sp ecifies the recipient of a S imple Net work Man agemen t Protocol notific ation oper ation. Use the no form to re move th e specifi ed host.
Command L ine Interface 4-112 4 Example Related Commands snm p-server enable traps (4- 1 12 ) snmp- server ena ble traps This com mand en ables this dev ice to send Sim ple Netwo rk Managem ent Proto col traps (SNM P notifications ). Use the no form to disabl e SNMP notificat ions.
SNMP Command s 4-113 4 show sn mp This com mand ch ecks the s t atu s of SNMP co mmunic ations. Default Sett ing None Command Mod e Normal Exec, Privileged Exec Command Usage This com mand pr ovides i.
Command L ine Interface 4-114 4 snmp-server Use this c omman d to enable the SN MP v3 en gine. Use th e no form to disabl e the engine. Defaul t S ett ing Enabled Command Mod e Globa l Configur ation Example snmp-server engine-id Use th is comma nd to confi gure an iden tification s tring for th e SNMP v3 en gine.
SNMP Command s 4-115 4 show snmp engine-id Us e this comma nd to sh ow th e SNMP en gine ID. Command Mod e Privileged Exec Example Th is ex ampl e sh ows the defa ult engi ne I D. snmp-server view Use this command to add an SNMP view that cont r ols user access to the MIB .
Command L ine Interface 4-116 4 Examples This view includes M IB-2. This vi ew includ es the MIB-2 interfa ces table, i fDescr . The wildcard is used to selec t all the index values in this table. This vi ew includes the MIB- 2 interfaces t abl e, and the m ask selec t s all index ent ries.
SNMP Command s 4-117 4 snmp-server group Us e th is co mmand to a dd a n SN MP gr oup, mapp ing SNMP user s to SNMP view s. Us e the no form to r emove an SNMP group.
Command L ine Interface 4-118 4 Example Console#show snmp group groupname: r&d security model: v3 readview: v2defaultview writeview: daily notifyview: none storage-type: permanent row status: acti.
SNMP Command s 4-119 4 snmp-server user Use th is comma nd to add a u ser to an SN MP group , restricting t he user to a sp ecific SNMP R ead and a Writ e V iew .
Command L ine Interface 4-120 4 Example DHCP Commands Th ese com mand s are us ed to co nfig ure Dy nami c Hos t Conf igura ti on Pro toc ol (DHC P) client. Y ou c an configur e any VLAN interface t o be automat ically assign ed an IP address via DHCP .
DHCP C ommands 4-121 4 Command Mod e Interfa ce Configur ation (VLAN ) Command Usage This c omman d is u sed to include a clien t identif ier in all comm unicati ons w ith the DHCP serv er . The ide ntifier ty pe depends on the requireme nts of your DHCP server .
Command L ine Interface 4-122 4 DNS Commands Th ese com mand s are us ed to co nfig ure Do mai n Nami ng Syst em (DN S) ser vice s. Y ou can m anual ly confi gur e ent rie s in t he DNS doma in na me .
DNS Command s 4-123 4 Command Usage Serve rs or other ne twork dev ices may su pport one o r more conn ection s via mult iple IP address es. If mor e than one IP ad dress is a ssociated with a host nam e using this com mand, a DNS client can try each ad dress i n s uccessi on, until i t establish es a c onnec tion w ith the target de vice.
Command L ine Interface 4-124 4 Defaul t S ett ing None Command Mod e Globa l Configur ation Example Related Commands i p dom ain- lis t ( 4-124 ) ip name -server (4 -125) i p dom ain- look up ( 4-12 6) ip dom ain-list This com mand de fines a list o f domain na mes tha t can be appe nded to inco mplete host na mes (i.
DNS Command s 4-125 4 Example This exam ple add s two dom ain name s to the curren t list and then displays t he list. Related Commands i p dom ain- name (4-1 23) ip nam e-server Th is co mmand s pec ifi es t he ad dres s of o ne o r mor e doma in name s erv ers to use for nam e-to-addr ess reso lution.
Command L ine Interface 4-126 4 Example Th is exa mple a dds two domai n-n ame se rver s to th e list and th en dis play s th e list . Related Commands i p dom ain- name (4-1 23) i p dom ain- look up ( 4-12 6) ip dom ain-lookup This com mand en ables DN S host name -to-ad dress trans lation.
DNS Command s 4-127 4 Example This e xampl e enabl es DN S and t hen di splays the configurat ion. Related Commands i p dom ain- name (4-1 23) ip name -server (4 -125) show hos ts This com mand disp lays the static host nam e-to-add ress ma pping table.
Command L ine Interface 4-128 4 Example show dns cache This com mand di splays en tries in th e DNS cache . Command Mod e Privileged Exec Example clear dns cac he This com mand clea rs all entri es in the DNS cache. Command Mod e Privileged Exec Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
Interface C ommands 4-129 4 Example Interface Comm ands Th ese com mand s are us ed to di spla y or set commun ica tio n par amet ers fo r an Etherne t port, aggregat ed link, or VLAN . Console#clear dns cache Console#show dns cache NO FLAG TYPE IP TTL DOMAIN Console# T able 4-42 .
Command L ine Interface 4-130 4 interfac e This com mand co nfigures an interface ty pe and ente r interface c onfigura tion mode . Us e the no form to remove a t runk. Syntax in terf ace in te rfac e no interface por t-channel c hanne l - id int erfac e • etherne t unit / port - unit - Th is is devic e 1.
4-131 4 desc ription This com mand ad ds a desc ription to an interfac e. Use the no f orm to r emove the descr iption. Syntax description st ring no description string - Comment or a description to help you remember what is att ached to this interface.
Command L ine Interface 4-132 4 Command Usage • To force operation to the sp eed and dup lex mod e spec ified in a s peed-duple x com mand, use t he no nego tiation co mmand to d isable aut o-negoti ation on the se l e cted inte rface.
4-133 4 Example The fo llowin g exam ple co nfigures p ort 1 1 to u se aut onegotiati on. Related Commands capab ilities (4 -133) speed -duple x (4-131) capa bilities This c omman d adver tises t he por t capabil i ti es of a given interfa ce dur ing autoneg otiatio n.
Command L ine Interface 4-134 4 Example The fol lowing exa mple c onfigure s Ethernet port 5 capabil ities to 10 0half, 10 0full and fl ow cont ro l. Related Commands negoti ation (4-132 ) speed -duple x (4-131) flo wcon tro l (4-1 34 ) flowcontrol This com mand en ables flow control.
4-135 4 Example The follow ing exam ple enab les flow con trol on port 5. Related Commands negoti ation (4-132 ) cap abilities ( flowcontro l, symmetri c) (4-133) combo -forced-mode This c omman d for ces th e port t ype se lected for com binati on por t s 2 1 - 24 .
Command L ine Interface 4-136 4 Defaul t S ett ing All interface s are enabl ed. Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Command Usage This com mand all ows you to disa ble a port due t o abnorm al behavio r (e.g., exces sive collisi ons), and the n reenable i t af ter the problem has been reso lved.
4-137 4 Example Th e fol lo wing s how s how to conf igur e br oadc ast stor m c ontr ol at 600 p acket s per secon d: clear coun ters This com mand clea rs statistics on a n interfac e. Syntax clea r counter s inte rfa ce int erfac e • etherne t unit / port - unit - Th is is devic e 1.
Command L ine Interface 4-138 4 show inte rfaces s tatus This com mand disp lays the status for an inter face. Syntax show interface s status [ in terf ac e ] int erfac e • etherne t unit / port - unit - Th is is devic e 1.
4-139 4 show inte rfaces counte rs This com mand disp lays i nterfac e statist ics. Syntax show interf aces counters [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) Default Sett ing Shows t he counte rs for all interfa ces.
Command L ine Interface 4-140 4 show inte rfaces s witchpo rt This com mand disp lays t he admini strative an d operat ional status of th e specifie d in ter fac es . Syntax show interf aces sw itchport [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1.
Mirror Po rt Command s 4-141 4 Mirror Port Comm ands This sect ion des cribes how to mirror tra f fic from a source port to a target por t. port mon itor This c omman d co nfigures a mir ror se ssion.
Command L ine Interface 4-142 4 Command Usage • You can mirror tra ffic from an y source p ort to a dest ination port for real-tim e analysi s. You can then attac h a logic analyz er or RMON probe to th e dest i n ation por t and study the tra ffic crossin g the sou rce po rt in a comp letely unobt rusive m anner.
AMAP Configuration 4-143 4 Example The follow ing sh ows mirrori ng configu red from po rt 6 to port 1 1: AMAP Configurati on The AM AP protocol discove rs adjacent sw itches by sending a nd receiving AM AP “Hello ” packets on act ive S panni ng T ree po rts.
Command L ine Interface 4-144 4 amap enable This com mand en ables AMAP on th e switch. U se the amap disa ble command to disabl e the featu re. Syntax amap { enable | disable } • enable – En able.
AMAP Configuration 4-145 4 Command Mod e Global Configuration Example amap common tim er This co mman d sets t he time (in sec onds) t hat swi tch po rt s in the Common state w ait befo re send ing a “Hello” packet to an adjace nt switc h.
Command L ine Interface 4-146 4 Rate Limit Comm ands This fun ction allows the netwo rk manag er to contr ol the maxim um rate for traf fi c transm itted or rec eived on a n interface. Rate limit ing is config ured on inte rfaces a t the edge of a network to li mit traffic into or out of the network.
Link Aggr egation Commands 4-147 4 Link Aggregation Commands Ports can be s t a tically groupe d into an a ggregate l ink (i.e., trunk ) to increa se the bandwi dth of a networ k connect ion or to ens ure fault rec overy .
Command L ine Interface 4-148 4 Dynam ically Cr eating a Por t Channel – Ports as signed to a common po rt chann el must m eet the follo wing criter ia: • Ports must have th e same LACP syste m priority . • Ports must have the s ame port admin key (Ethernet Interfa ce).
Link Aggr egation Commands 4-149 4 lacp Th is co mma nd ena bl es 80 2.3 ad Li nk A ggr egat io n Con tro l Pr otoc ol (LAC P) f or the cur ren t in ter fac e.
Command L ine Interface 4-150 4 Example The follow ing sh ows LACP en abled on po rts 1 1-1 3. Becaus e LACP has also been enabled on the ports at the ot her end of the links, the s how interf aces status port-ch annel 1 com mand s hows th at T r unk1 has bee n establishe d.
Link Aggr egation Commands 4-151 4 Command Usage • Port mu st be conf igured w ith the same sy stem pri ority to join t he same LA G. • Syst em priority i s combined with the sw itch’s MAC ad dress to for m the LAG i dent ifi er. T his id entif ie r i s used to ind icat e a spec ifi c LAG dur ing LACP negot iations w ith other syst ems.
Command L ine Interface 4-152 4 • Once th e remote si de of a link has been estab lished , LACP opera tional settings are already in use on th at side.
Link Aggr egation Commands 4-153 4 lacp port-prio rity This com mand co nfigures L ACP port pr iority . Use the no form to res tore the defa ult setting. Syntax la cp { ac tor | pa r tn e r } port-priority prior i ty no lacp { acto r | par t n e r } po rt-p rior ity • actor - Th e local side an aggrega te link.
Command L ine Interface 4-154 4 Defaul t S ett ing Port Ch annel: all Command Mod e Privileged Exec Example Console#show lacp 1 cou nters Channel group : 1 ----------------------- --------------------.
Link Aggr egation Commands 4-155 4 T able 4- 49. LA CPD Us Field De scripti on Oper K ey Curren t oper ational val ue of th e key for the agg regation port. Admin Key Current admi nistrativ e value o f the ke y for the a ggreg ation port. LACPD Us Int ernal Nu mber o f seconds before invalidatin g received LACP DU inform ation.
Command L ine Interface 4-156 4 T able 4-50 . LAC P Neighbo urs In formation Field D escrip tion Partne r Admin S ystem ID LAG pa rtner ’s sys tem ID ass igned by the use r . Partne r Oper Sy stem ID L AG pa rtner ’s system ID ass igned by t he LAC P protoco l.
Address T able C ommands 4-157 4 Address Table Commands Th ese com mand s are us ed to co nfig ure t he addr ess tabl e for fi lter ing s peci fi ed add res ses , displ ayi ng cu rren t entr ies , cle arin g the t abl e, or set ting t he agi ng ti me.
Command L ine Interface 4-158 4 Command Usage The static add ress for a h ost device ca n be assig ned to a spec ific port w i thi n a specif ic VLAN. Use th is comman d to add static addr esses to the MAC Addre ss T able.
Address T able C ommands 4-159 4 Default Sett ing None Command Mod e Privileged Exec Command Usage • The M AC Addre ss Table co ntains the M AC addre sses asso ciated wit h each interfa ce.
Command L ine Interface 4-160 4 Example show ma c-addres s-table a ging-time Th is comm and sho ws th e agin g time for ent rie s in th e addr ess t ab le.
Spanning T ree C ommands 4-161 4 spa nnin g-t ree This com mand enables the S p a nning Tr e e Algorithm globa lly for the sw itch. Us e the no form to di sable it.
Command L ine Interface 4-162 4 Example This exam ple sho ws how to ena ble the S panning Tree Algorithm for the switc h: spann ing-tree mode This com mand se lects the spanning tree mod e for this sw itch.
Spanning T ree C ommands 4-163 4 • Multip le Span ning T ree Prot ocol - To a llow mu ltiple spann ing trees t o operate ov er the net work, you must config ure a relat ed set of bridge s with the sa me MSTP co nfigurat ion, allowi ng the m to p articipa te in a spe cific set of s panning tree instanc es.
Command L ine Interface 4-164 4 spann ing-tree hello-ti me This com mand co nfigures the spanning tr ee bridge he llo time glob ally for thi s switch. Us e the no form to re store the d efault. Syntax sp anning -tree hello-time time no spanning-tree he llo-time time - T ime in seconds.
Spanning T ree C ommands 4-165 4 Command Usage This com mand sets the ma ximum time ( in second s) a d evice ca n wait wit hout rece iving a co nfigurat ion mess age be fore attem pting t o reconf igure. All de vice ports (exc ept for design ated p ort s ) should rece ive confi guration message s at regu l a r intervals.
Command L ine Interface 4-166 4 spann ing-tree pathco st method This com mand co nfigures the path cost m ethod use d for Rapid S panning T r ee an d Multip le S panning T ree.
Spanning T ree C ommands 4-167 4 Example spann ing-tree mst-configu ration Us e th is co mmand to chan ge t o Mul ti ple S pan ning T ree ( MST) conf igu rat ion mode . Default Sett ing • No VLAN s are mappe d to any MS T instance. • The reg ion name is set the sw itch’s MAC address .
Command L ine Interface 4-168 4 Command Usage • Use t his com mand to gr oup VLAN s in to spanni ng tree inst ances. M STP gener ates a uniqu e spann i n g tree for ea ch instanc e.
Spanning T ree C ommands 4-169 4 • You can se t this switch to ac t as the MSTI root dev ice by specifyi ng a priority of 0, or as the MSTI a lternate device by specifyi ng a p riority o f 1638 4. Example name This c omman d co nfigures t he nam e for the multiple spanning tree r egion in which this switc h is located .
Command L ine Interface 4-170 4 Command Mod e MST Con figuration Command Usage The MS T region nam e (page 4-169 ) and revision number ar e used to designa te a uniq ue MST reg ion. A bridge (i.e., spanning- tree comp liant dev ice suc h as this s wit ch ) can on ly belo ng to one MS T reg ion .
Spanning T ree C ommands 4-171 4 spann ing-tree spann ing-disab led This com mand disa bles the sp a nning tree a lgorithm for the specif ied interfa ce.
Command L ine Interface 4-172 4 • Path c ost takes pr ecede nce over po rt priority. • When the s pan ning -tr ee pa thco st m eth od ( page 4-16 6) i s se t to sh ort, the max imum v alue for path cost is 65,53 5. Example spann ing-tree port-priority This c omman d co nfigures t he prio rity fo r the specified interf ace.
Spanning T ree C ommands 4-173 4 Default Sett ing Disabled Command Mod e Inter face Config uration (E thernet, Por t Channel ) Command Usage • You can enable th is option if an in terface is at tached to a LA N segm ent that is at the end of a bridged LA N or to an end node.
Command L ine Interface 4-174 4 • Sinc e end-node s cannot ca use forwa rding loop s, they ca n be passed t hrough the sp anning tre e state chan ges more q uickly th an allowed by standar d conve rgence t ime.
Spanning T ree C ommands 4-175 4 Example spa nnin g-t ree ms t cos t This com mand co nfigures the path cost on a s panning instanc e in the Multip le S panning Tree.
Command L ine Interface 4-176 4 spann ing-tree mst port-priority This com mand co nfigures the interfac e priority on a spanning instan ce in the Multip le S panning T ree.
Spanning T ree C ommands 4-177 4 Command Mod e Privileged Exec Command Usage If at any time th e switch det ects STP BPDUs, inc luding Conf iguration or T opology Change Noti fication BPDUs, it will automatic ally set the selected interfa ce to forced ST P-compatibl e mode.
Command L ine Interface 4-178 4 • For a de scription of the item s displaye d under “Sp anning- tree inform ation, ” see “Co nfiguring G lobal Se ttings” on pa ge 3-107. For a descri ption of the item s displaye d for speci fic interface s, see “Disp laying Interface Se ttings” o n page 3- 111.
VLAN Command s 4-179 4 Command Mod e Privileged Exec Example VLAN Commands A VLAN is a g roup of ports that ca n be locat ed anyw here in the ne twork, but com municat e as though the y belong to the same physical segment.
Command L ine Interface 4-180 4 vlan data bas e This com mand en ters VLAN da tabase mode. All comman ds in this mod e will t a ke effect im mediat ely . Defaul t S ett ing None Command Mod e Globa l Configur ation Command Usage • Use t he VLAN data base co mmand mode to ad d, chan ge, an d delete VLANs .
VLAN Command s 4-181 4 Command Mod e VLAN Database Confi guration Command Usage • no vlan vlan-id dele tes the VLAN. • no vlan vlan-id name remove s the VLAN nam e. • no vlan vlan-id stat e returns the VL AN to the defau lt state (i.e ., active).
Command L ine Interface 4-182 4 Defaul t S ett ing None Command Mod e Globa l Configur ation Example The follow ing ex ample shows how to se t the interface configu ration mode to VLAN 1 , and then as.
VLAN Command s 4-183 4 Related Commands switch port a cceptable -frame-t ypes (4 -183) swit chport acc eptable-frame -types This co mmand config ures the a cceptable f rame ty pes for a port.
Command L ine Interface 4-184 4 Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Command Usage • Ingres s filtering onl y affect s tagged fra mes.
VLAN Command s 4-185 4 Example The follow ing exam ple shows h ow to set the PV ID for port 1 to VLAN 3: swit chport allo wed vlan This c omman d conf igures V LAN groups o n the selected interfac e.
Command L ine Interface 4-186 4 Example The follow ing exam ple shows how to ad d VLANs 1, 2, 5 a nd 6 to the allow ed list as t a gged VLAN s for port 1: swit chport forbid den vlan This c omman d conf igures f orbidden VLANs . Use the no form to remove th e list of forbidde n VLAN s.
VLAN Command s 4-187 4 Display ing VLAN Infor mation show vlan This c omman d show s VLAN infor mation. Syntax show vlan [ id vla n-id | nam e vlan-n ame ] • id - Key word to be fol lowed by the VLAN ID. - vlan -id - ID of th e configu red VLAN. (Range : 1-409 4, no lead ing zeroe s) • name - Key word to be fol lowed by the VLAN nam e.
Command L ine Interface 4-188 4 When a fram e is received at a port, it s VLAN m ember ship can then be de termined based on the protoc ol type in us e by the inbou nd packets. T o configu re pro tocol-based VLANs , follow thes e steps: 1. Fi rst configu re VLAN grou p s for th e protoco ls you want to use (page 4-180) .
VLAN Command s 4-189 4 Example The follow ing creat es protoco l group 1, an d specifie s Ethernet fr ames with I P and ARP protoc ol types: protocol -vlan protocol-g roup (Confi guring Inte rfaces) This com mand maps a pr otocol gro up to a VLAN for the current inte rface.
Command L ine Interface 4-190 4 Example The follow ing ex ample maps the t raf fi c entering P ort 1 which m atches the p rotocol type spec ified in proto col group 1 to VLAN 2. show proto col-vlan protoc ol-group This com mand sh ows the fr ame and prot ocol type associat ed with protoc ol groups.
VLAN Command s 4-191 4 Command Mod e Privileged Exec Example This show s that traffic en tering Port 1 tha t matches the specif ications fo r protocol group 1 will be mappe d to VLAN 2: Configur ing Pri vate VLANs Private VLA Ns prov ide port- based secu rity and isol ation betw een ports with i n the assigne d VLA N.
Command L ine Interface 4-192 4 • Enteri ng the pvl an comman d without an y parame ters ena bles the priva te VLAN. Enterin g no pvlan di sabl es the pri vat e VLA N. Example This exam ple ena bles the priv ate VLAN , and then sets port 24 as the uplink and ports 1-8 as th e downl i n ks.
GVRP and Bridge Ex tension Command s 4-193 4 bridge-e xt gvrp This com mand en ables GVR P globall y for the switc h. Use the no for m to disable i t. Syntax [ no ] bri dge -ex t gvr p Default Sett in.
Command L ine Interface 4-194 4 switchpo rt gvrp This com mand en ables GVR P for a port. Use the no form to disable it. Syntax [ no ] switchpor t gvrp Defaul t S ett ing Disabled Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Example show gv rp configura tion This c omman d sh ows if G VRP is ena bled.
GVRP and Bridge Ex tension Command s 4-195 4 garp tim er This com mand se ts th e values for the join, lea ve and leavea ll timers. U se the no form to restore the timers’ default values .
Command L ine Interface 4-196 4 show ga rp timer This c omman d sh ows the GAR P time rs for the se lected interfac e. Syntax sh ow ga rp ti mer [ interfac e ] int erfac e • etherne t unit / port - unit - Th is is devic e 1. - port - Port number. • port-ch annel c hannel-id (R ange: 1-6) Defaul t S ett ing Shows all G ARP t imers.
Priority Command s 4-197 4 Priority Comma nds The com mands described in this sect ion allow y ou to specif y which data pack ets have gr eater prec edence w hen traffic is buffered in the switch du e to conges tion. This switch s upports CoS w i th eight prio rity queues for e ach port.
Command L ine Interface 4-198 4 Command Mod e Interfa ce Config uration (E thernet, Por t Channel ) Command Usage • The pre cedence for priority m apping is I P Port, IP Pre cedence or IP DSCP, and def ault switch port prior ity. • The def ault priorit y applies for an untagge d frame re ceived on a port set to accep t all frame t ypes (i.
Priority Command s 4-199 4 Command Usage Y ou ca n set the swit ch to servi ce the queu es based on a st rict rule that requ ires all traffic in a higher p riority que ue to be proces sed befor e lower priorit y queues ar e serviced , or use Weighte d Round-R obin (WR R) queui ng that sp ecifies a relative w eight of e ach queue .
Command L ine Interface 4-200 4 queue cos-ma p This c omman d as signs class of service (Co S) val ues to the p riority queues (i.e., hardw are outp ut queues 0 - 7) . Use the no form set t he CoS map to th e default valu es. Syntax queue co s-map qu eue_id [ cos1 .
Priority Command s 4-201 4 Related Commands show queue cos-m ap (4- 202) show que ue mode This c omman d sh ows the curre nt que ue mo de. Default Sett ing None Command Mod e Privileged Exec Example show que ue band width This command d isplays the weight ed round-robin ( WRR) bandwidth allocation for the eigh t priority queu es.
Command L ine Interface 4-202 4 show que ue cos -map Th is command shows th e clas s of serv ice pr iorit y map. Syntax show queue cos-ma p [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1.
Priority Command s 4-203 4 map i p port (Global C onfigura tion) Use th is command to en able IP port mapping (i.e., class of service mappin g for TCP/UDP soc kets).
Command L ine Interface 4-204 4 Example The follow ing exam ple shows h ow to map HT TP traffic to CoS va l u e 0: map ip pr ecedence (Glob al Conf igurati on) This com mand en ables IP pre ceden ce mapping (i.e., IP T yp e of Service ). Use the no form to di sable IP pr ecedenc e mappin g.
Priority Command s 4-205 4 Default Sett ing The list bel ow show s the defaul t priority map ping. Command Mod e Inter face Config uration (E thernet, Por t Channel ) Command Usage • The pre cedence for priority m apping is I P Port, IP Pre cedence or IP DSCP, and def ault switch port prior ity.
Command L ine Interface 4-206 4 Example The follow ing exam ple shows how to en able IP DSCP mapping globally : map i p dscp (Int erfa ce Co nfigu rati on) This command s ets IP DSCP prior ity (i.e., Differ entiated Services Code Point priority) . Use the no form to res tore th e defau lt table.
Priority Command s 4-207 4 Example The follow ing exam ple shows how to map IP DSCP val ue 1 to CoS valu e 0: map a ccess-list ip This com mand se t s th e output queu e for packets match ing an A CL rule. The specif ied CoS val ue is only us ed to map the matching packet to an outp ut queue ; it is not writ ten to the pack et itself.
Command L ine Interface 4-208 4 show ma p ip port Use th is command to sh ow the IP port priority map. Syntax sh ow map ip por t [ interface ] int erfac e • etherne t unit / port - unit - Th is is devic e 1.
Priority Command s 4-209 4 Command Mod e Privileged Exec Example Related Commands map ip pr ecedenc e (Global C onfigura tion) (4-204 ) map ip pr ecedenc e (Interface Configur ation) (4-2 04) show ma p ip dsc p This com mand sh ows the IP DS CP prio rity map.
Command L ine Interface 4-210 4 Example Related Commands map ip ds cp (Globa l Configur ation) (4-20 5) map ip dscp (I nter face Conf igu rati on ) (4 -206 ) Quality of Serv ice Commands The com mands described in this secti on are used to c onfigure Q oS classi fication cri ter ia and s ervi ce p oli cies .
Quality of Se rvice Commands 4-211 4 T o create a s ervice policy fo r a spec ific categ ory or ing ress traff ic , follow these st eps: 1. U se the clas s-map comm and to de signate a c lass nam e for a spe cific categ ory of traffic, and ent er the Clas s Map conf iguration mode.
Command L ine Interface 4-212 4 • The cl ass map is us ed with a po licy map (pag e 4-213 ) to create a ser vice policy (page 4-2 16) for a spec ific interfa ce that de fines pack et class ification, serv ice tagg ing, a nd band width policin g.
Quality of Se rvice Commands 4-213 4 Example This exam ple creat es a clas s map calle d “rd-class, ” and sets it to m atch packets marked for DSCP service value 3: policy -map This c omman d creat es a p olicy m ap th at can be attache d to m ultiple interfa ces, and ent er s Pol icy Map conf igur at ion m ode.
Command L ine Interface 4-214 4 class This com mand d efines a t raffic classif ication u pon which a policy ca n act, an d enters Policy Ma p Class con figurat ion mode. Us e the no for m to delete a c lass ma p and ret ur n to Poli cy Ma p conf igur ati on mod e.
Quality of Se rvice Commands 4-215 4 Default Sett ing None Command Mod e Policy Map Class C onfigurat ion Example This exam ple sets the DS CP va lue to 3 for all traffic as signed to t his policy cl ass. police This com mand de fines an p olicer for cla ssified tra f fic.
Command L ine Interface 4-216 4 Example This exam ple creat es a police r that sets the ma ximum bu rst rate to 20 Kb ytes, the aver age rate to 15 22 bps, and th e respo nse to drop an y violating pack ets. servic e-policy This com mand ap plies a pol icy map def i n ed by the policy-map comm and to a particular in terface.
Quality of Se rvice Commands 4-217 4 Command Mod e Privileged Exec Example show pol icy-map This command d isplays the QoS pol icy map s which define cla ssification c riteria for incom ing traffic, and m ay include policers for bandwidth li mitations.
Command L ine Interface 4-218 4 Command Mod e Privileged Exec Example Multicast Filteri ng Commands This sw itch uses IG MP (Interne t Group Mana gem ent Protoco l) to query for an y attached hosts th at want to rece ive a s pecific multicas t serv ice.
Multic ast Filteri ng Commands 4-219 4 Default Sett ing Enabled Command Mod e Globa l Configur ation Example The follow ing exam ple enab les IGMP snoopin g. ip igm p snooping v lan stati c This com mand ad ds a port t o a multicast group. Us e the no form to remove th e port.
Command L ine Interface 4-220 4 ip igm p snooping v ersion This c omman d conf igures t he IGM P snoo ping v ersion. Use th e no form to restore the defa ult.
Multic ast Filteri ng Commands 4-221 4 Example The fo llowing shows the c urrent I GMP s nooping configu ration: show ma c-addres s-table m ulticast This com mand sh ows know n multic ast address es.
Command L ine Interface 4-222 4 IGMP Query Commands (Layer 2) ip igm p snooping qu erier This co mmand enab les the s witch a s an IG MP qu erier . Use the no form to disabl e it.
Multic ast Filteri ng Commands 4-223 4 Default Sett ing 2 times Command Mod e Globa l Configur ation Command Usage The q uery c ount de fines how lo ng the querier waits for a res ponse from a mult icast cli ent befor e taking a ction.
Command L ine Interface 4-224 4 ip igm p snoopi ng query-max- response -time This c omman d co nfigures t he que ry rep ort de lay . Use t he no for m to restor e the defaul t. Syntax ip igmp snoopin g query-m ax-respons e-time seco nds no ip igmp snoo ping query-max-res ponse-time seconds - The report delay a dvertised in IGMP quer ies.
Multic ast Filteri ng Commands 4-225 4 Default Sett ing 300 sec onds Command Mod e Globa l Configur ation Command Usage The swi tch must us e IGMPv2 for this comm and to take effect.
Command L ine Interface 4-226 4 Command Usage Depend ing on your network c onnection s, IGMP snooping ma y not alway s be able to loca te the IGMP querier .
IP Interface C ommands 4-227 4 IP Interface Com mands There a re no IP add resses as signed to t his switch b y default. Y o u must ma nually conf i g ure a new a ddress to m anage the switch ov er your ne twork or to co nnect the switch to existin g IP subnets.
Command L ine Interface 4-228 4 Command Usage • You mu st assign an IP addres s to this dev ice to gain m anagem ent acce ss over the network or to connec t the switch to existing IP su bnet s. You can man ually config ure a spec ific IP addres s, or direc t the devic e to obtain a n addr ess from a BOO TP or DHC P s erver.
IP Interface C ommands 4-229 4 Example The follow ing ex ample def i n es a default g ateway f or this devic e: Related Commands sho w ip red irec ts (4-2 30) ip dhc p restart Use this command to submit a BOOT P or DCHP client request.
Command L ine Interface 4-230 4 Command Mod e Privileged Exec Example Related Commands sho w ip red irec ts (4-2 30) show ip redirects This com mand sh ows the def ault gate way confi gured for t his device .
IP Interface C ommands 4-231 4 Command Usage • Use th e ping comm and to s ee if an othe r si te on t he net work can be r eac hed. • Followi ng are som e result s of the ping com mand: - Normal r esponse - The norm al respons e occurs i n one to ten sec onds, depen ding o n netwo rk traf fic.
Command L ine Interface 4-232 4.
A-1 Appendix A: Software Specifications Software Featur es Authen tication Local, R ADIUS, T ACACS, Port (802.1x), HTTPS, SSH, Por t Security Access Control List s IP , M AC ( up t o 32 lists ) AMAP A.
Software Speci fications A-2 A VLAN Su pport Up to 25 5 groups; port -based, pro tocol-ba sed, or tagged (802.1Q) , GVRP for aut omatic V LAN l earning, p rivate VLANs Class of Se rvice Suppo rts eigh.
Management Inf ormation Base s A-3 A IEEE 80 2.1D S panning T ree Pr otocol and tr aff ic pr iorities IEEE 802. 1p Priority tags IEEE 80 2.1s Multiple S panning T r ee Protocol IEEE 80 2.
Software Speci fications A-4 A SNMP T arget M IB, SNMP Notifi cation MIB (RFC 2573) SNMP User- Based SM MI B (RFC 2574) SNMP V iew Base d ACM MIB (RFC 2 575) SNMP Community MIB (RFC 257 6).
B-1 App endix B: Tr ouble shooting T able B-1. T ro ublesh ooting Chart Symp tom A cti on Cann ot connect using T e lnet, We b brow ser , or SNMP softw are • Be sure you have c onfigured the age nt with a valid IP address, subne t mask and defau lt gatew ay.
T roublesh ooting B-2 B.
Gl ossary -1 Glossa ry Acces s Cont rol List (ACL) ACLs can l imit netwo rk tr af fic an d rest ric t acce ss to ce rt ai n user s or dev ices by check ing each packet for certain IP or MAC (i.
Glossary Glossa ry-2 GARP VLAN Registration Protocol (GVRP) Defines a way for swi tches to exc hange V LAN inform ation in orde r to register neces sary VLAN m ember s on ports alo ng the S pann ing T ree so that VLANs define d in each sw itch can w ork autom atically over a S panning T ree ne twor k.
Gl ossary -3 Glossa ry IEEE 802 .3x De fine s Et hern et f rame st art /st op r equ est s and ti mers used for fl ow c ont rol o n full-d uplex links. IGMP Snoo ping Listen ing to IGMP Que ry and IGMP R eport packets transfe rred betwee n IP Multicas t Route rs and IP M ulticast ho st groups to ident ify IP Mu lticast gro up mem bers.
Glossary Glossa ry-4 Mana gement Inf o rmat ion Base (MI B ) An acro nym for Mana gement Informat ion Base. It is a set of database objec t s that contains inform ation a bout a spec ific devi ce. MD5 An alg orit hm th at i s used to crea te d igit al si gnat ures .
Gl ossary -5 Glossa ry Remote Monitoring (RMON) RMON provides compreh ensive ne twork mo nitoring c ap a bilities. It eli minates the polling r equired in stand ard SNMP , and can set alar ms on a varie ty of traffic conditi ons, includin g specific e rror types.
Glossary Glossa ry-6 Trivial File Transfer Pro tocol (TFT P) A TCP/IP pr otocol com monly use d for softwar e download s. User Data gram Protocol (UDP) UDP provide s a da t agr am m ode for pack et-swi tched com munic ations. I t uses IP as the under lying trans port m echanism to provide ac cess to IP -like service s.
Index-1 Numerics 802.1x, port authe ntication 3-54, 4-76 A accep table fram e type 3-133 , 4-183 Ac cess Co ntro l Li st Se e ACL ACL Extende d IP 3- 62, 4-83 , 4-85 , 4-87 MAC 3-6 2, 4- 84, 4-98 , 4-.
Index-2 Index H har dwar e ve rsi on, disp layi ng 3-10 , 4-60 HTTPS 3- 45, 4-30 HTT PS, secur e se rver 3-45, 4- 30 I IEEE 80 2.1D 3-103, 4- 162 IEEE 802.
Index-3 Index proble ms, tr oublesh ooting B-1 protoc ol mig ration 3-115 , 4-17 6 Q queue weight s 3-143, 4-199 R RADIU S, logon aut henticat ion 3-42 , 4-70 rate limits, sett ing 3-92, 4 -146 rem ot.
Index-4 Index V VLAN s 3 -122–3- 136, 4-179– 4-192 adding st atic mem bers 3-1 30, 3-13 2, 4-185 crea ting 3-129, 4 -180 des cri pti on 3-12 2 displa ying b asic inf orma tion 3-126, 4-19 3 displa.
.
F1.0.0.6 E042004-R02 060191-10.
An important point after buying a device Alcatel OmniStack 6300-24 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Alcatel OmniStack 6300-24 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Alcatel OmniStack 6300-24 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Alcatel OmniStack 6300-24 you will learn all the available features of the product, as well as information on its operation. The information that you get Alcatel OmniStack 6300-24 will certainly help you make a decision on the purchase.
If you already are a holder of Alcatel OmniStack 6300-24, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Alcatel OmniStack 6300-24.
However, one of the most important roles played by the user manual is to help in solving problems with Alcatel OmniStack 6300-24. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Alcatel OmniStack 6300-24 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
