Instruction/ maintenance manual of the product ES4625 Microsoft
Go to page of 674
P owered by Accton Manage ment G uide ES4625/ES4649 24/48-Port Giga bit Ethernet S tackable Layer 3 Sw itch.
.
Manage ment Guide Giga bit Ethernet Switch Layer 3 Swit ch with 20/4 4 RJ-45 Ports, 4 Combination Ports (SFP/RJ-45), 1 Exten der Modul e Slot, and 2 Sta cking P orts.
ES462 5 ES464 9 F3.1.1.2 1 E0420 05-R01 1491000 22900 A.
v Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efaul ts 1-6 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uratio.
Contents vi Display ing Switch Hard ware/Software Vers ions 3-13 Disp laying Bri dge Extensio n Capab ilities 3-15 Confi guring Support for Jumbo Frames 3-16 Setting t he Switc h’s IP Addre ss 3-17 .
Contents vii Config uring Port Set tings for 8 02.1X 3-69 Displayi ng 802.1X Statistics 3-72 Filter ing IP Addre sses for Ma nagement Access 3-74 Access Control Lis ts 3-76 Config uring Acces s Contro.
Contents viii Crea ting VLAN s 3-14 0 Adding Sta tic Members to VLANs (VLAN Index) 3-141 Adding Sta tic Members to VLANs (Port Index) 3-143 Configuri ng VLAN Beh avior for Inter faces 3-144 Configuri .
Contents ix Enabling the Server, Setting Exc luded Addr esses 3-188 Config uring Addres s Pools 3-1 90 Displayi ng Addr ess Bindi ngs 3-194 Config uring Rou ter Redunda ncy 3-195 Virtual R outer Redu .
Contents x Displ aying Li nk State Dat abase Info rmatio n 3-256 Displ aying Inform ation on Bo rder Routers 3-258 Displ aying Inf ormation on N eighbor Routers 3-2 59 Multi cast Rout ing 3-26 0 Confi.
Contents xi data bit s 4-17 parity 4- 17 speed 4- 18 stopbit s 4-18 discon nect 4-19 show lin e 4-19 General Commands 4-20 enable 4- 20 disabl e 4-21 configu re 4-22 show history 4-22 reload 4- 23 end.
Contents xii Event Lo gging Commands 4-43 logging on 4-43 logging histo ry 4-44 logging host 4-45 logging facility 4-45 loggi ng t rap 4-46 clear lo g 4-47 show log ging 4-47 show log 4-49 SMTP Alert .
Contents xiii radius-serv er key 4-73 radius-s erver retransm it 4-74 radius-s erver timeout 4-74 show radiu s-server 4- 75 TACACS+ Client 4-75 tacacs -server hos t 4- 76 tacacs -server port 4-76 tacacs -server key 4-77 show t acacs-se rver 4-77 Port Securi ty Commands 4-78 port sec urity 4-78 802.
Contents xiv show acces s-group 4-106 SNMP Com mands 4-1 07 snmp- serve r 4-10 7 show s nmp 4-108 snmp-serv er community 4-109 snmp-serv er contact 4-109 snmp-serv er location 4-110 snmp-serv er host .
Contents xv ip doma in-name 4-137 ip doma in-list 4-1 38 ip name -server 4-139 ip doma in-lookup 4-1 40 show h osts 4-141 show dns 4-141 show d ns cach e 4-142 clear dn s cache 4-142 Inte rfac e Comm .
Contents xvi spanni ng-tree ma x-age 4-173 spanni ng-tree pri ority 4-174 spanni ng-tree pat hcost method 4-175 spanni ng-tree tran smissi on-limit 4-175 spanni ng-tree ms t-configu ration 4-176 mst v.
Contents xvii show brid ge-ex t 4-202 switchpo rt gvrp 4-2 03 show g vrp configura tion 4-203 garp time r 4-204 show garp timer 4-205 Priority Com mands 4-206 Priority Co mmands (Layer 2) 4-206 queue .
Contents xviii ip igmp snoopin g query-in terval 4-231 ip igmp snoopin g query -max-res ponse-t ime 4-231 ip igmp snoopin g router-port -expire-tim e 4-232 Stati c Multicas t Routin g Command s 4-233 .
Contents xix ip spli t-horizo n 4-260 ip rip au thenticati on ke y 4-260 ip rip au thenticati on mode 4-261 show rip g lobals 4-262 show ip ri p 4-262 Open Shorte st Path Firs t (OSPF) 4-264 router os.
Contents xx nbr-timeout 4-3 01 report-int erval 4-301 flash-up date-interv al 4-302 prune -lifetime 4-3 02 defa ult -gat eway 4 -303 ip dvm rp 4-303 ip dvm rp metric 4-3 04 clear ip dvmrp ro ute 4-305.
Contents xxi Appendix A: Software Specification s A-1 Soft war e F eatu res A -1 Managem ent Featu res A-2 Standards A-2 Managem ent Inform ation Bases A-3 Appendix B: Troub leshooting B-1 Problems Ac.
Contents xxii.
xxiii Tables Table 1- 1 Key Featu res 1-1 Tab le 1-2 Sys tem Defa ult s 1-6 Table 3- 1 Web Page C onfigura tion Button s 3-3 Table 3- 2 Switch Main Men u 3-4 Table 3- 3 Logging Lev els 3-29 Table 3- 4 SNMPv3 Security Mod els and L evels 3-38 Table 3-5 Sup ported Notif ication Messa ges 3-49 Table 3-6 HTTPS Sys tem Support 3-58 Table 3- 7 802.
xxiv T ables Table 4-1 8 Logging Levels 4-44 Table 4-1 9 s how l ogging fla sh/ram - d isplay des cription 4-48 Table 4-2 0 show logging trap - disp lay des cription 4-48 Table 4-2 1 SMTP Alert Comm a.
xxv T ables Table 4- 63 Private VLAN C ommands 4-19 7 Table 4- 64 Protocol-based V LAN Comm ands 4-198 Table 4- 65 GVRP and Bridge Ext ensio n Commands 4-20 2 Table 4- 66 Priority Com mands 4 -206 Tab.
xxvi T ables Table 4-1 08 show i p dvmrp n eighbor - di splay d escriptio n 4-307 Table 4-1 09 PIM-DM Mul ticast Rou ting Com mands 4-308 Table 4-1 10 show i p pim nei ghbor - dis play des cription 4-.
xxvii Figures Figur e 3-1 Home P age 3-2 Figure 3-2 Front Panel Indi cators 3 -3 Figure 3 -3 System Informa tion 3-12 Figure 3 -4 Switch Inform ation 3-14 Figure 3 -5 Displaying Bridge Ext ension Con .
xxviii Figures Figure 3 -42 802.1X Port Con figurati on 3-70 Figure 3 -43 802.1X Port Stat istics 3-73 Figure 3-44 IP Filter 3-75 Figure 3 -45 Selecting ACL Ty pe 3-77 Figure 3 -46 ACL Configurati on .
xxix Figures Figure 3 -87 Traffic Cl asses 3-153 Figure 3- 88 Que ue Mode 3-15 4 Figure 3-89 Queue Sch edulin g 3- 155 Figure 3 -90 IP Precedence/DS CP Priority S tatus 3-156 Figure 3-91 IP Precedenc .
xxx Figures Figure 3-132 RI P Network Addresse s 3 -227 Figure 3-133 RIP Inte rface Settings 3-230 Figure 3-134 RIP Stati stics 3-232 Figure 3-135 O SPF General Config uration 3-237 Figure 3-136 O SPF.
1-1 Chapter 1: Introduction This switc h provides a b road rang e of featur es for Lay er 2 switchi ng and Laye r 3 routing. It in cludes a managem ent agen t that allows you to confi gure the features listed in this manual. Th e default c onfiguration can be use d for most of the feature s provided by this switc h.
Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a w ide range of a dvanc ed perfor mance enha ncing features . Broadca st storm s uppressio n preve nts broadcast traffic storms from engulf ing the network .
Description of Softw are Feat ures 1-3 1 DHCP Server and DHCP Relay – A DHCP server is prov ided to assign IP addresses to h ost devices. Since DHCP uses a broadcast mechanism, a DHCP server and i ts client must physica lly res ide on the same s ubnet .
Introduction 1-4 1 Sp anning T ree Algorithm – The switch su pports these span ning tree pr otocol s: S panning Tree Protocol (S TP , IEEE 80 2.1D) – Th is protoc ol provid es loop d etection and recov ery by al lowing two or more redundan t connect ions to be c reated between a pair of LAN seg ments.
Description of Softw are Feat ures 1-5 1 When th ese service s are enabl ed, the prior ities are m apped to a Clas s of Service value by the switch, and the traffic the n sent to the co rrespo nding outpu t queue. IP R ou tin g – The switch prov ides Laye r 3 IP routing.
Introduction 1-6 1 Multicast Filte ring – S p ecific mul ticast traffic can be as signed to i ts own VLAN to ensure t hat it does n ot interfere w ith normal network traffic and to guara ntee real-time delive ry by se tting the required prior ity level for the designa ted VLAN.
System Defaults 1-7 1 Authentic ation Privileged Exec Level Us ername “a dmin” Pass word “ adm in” Normal E xec Lev el Username “gues t” Pass wor d “gue st” Enable P rivilege d Exec from Nor mal Exec Lev el Pass word “ sup er” RADIUS A uthen tication Disabled T A CACS Aut henticatio n Disabled 802.
Introduction 1-8 1 Span nin g T ree Algorithm Status Enabled, RSTP (Defaults: All val ues ba sed on IEE E 802 .1w) Fast Forw arding (Edge Po rt) Disabled Address T able Aging Time 300 seco nds Virtual.
System Defaults 1-9 1 Multicast Filtering IGMP Sn ooping (La yer 2) Snooping : Enab led Querier: D isable d IGMP (Layer 3) Disabled Multicast Rou ting DVMRP Disabled PIM-D M Disabled System L og Statu.
Introduction 1-10 1.
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in ne twork mana gement agent. The agent offers a var iety of m anageme nt opti ons, inc luding S NMP , R MON a nd a web- based i nterfac e.
Initial Confi guration 2-2 2 • Configu re Spa nning T ree pa ramet ers • Configure Class of Se rvice (C oS) prio rity que uing • Configu re up to 6 stat ic or LACP t runks per sw itch, up to 32 .
Stack Operations 2-3 2 For a des cription of how to use t he CLI, se e “Usin g the Comma nd Line Interface” on page 4-1. For a lis t of all the CLI com mands and detailed inf ormation on using the CLI, ref er to “Com mand Gr oups” on page 4-10.
Initial Confi guration 2-4 2 • If more than one stack Master is selected usi ng the Mas ter/Slav e push bu tton on the switch’s front panel, th e system will select the unit with the lowest MAC address as the Mast er. • If the Mas ter unit fail s and anoth er unit takes o ver con trol of the stac k, the unit numbering will not change.
Stack Operations 2-5 2 the Maste r button is not depress ed on any unit. The stack re boots and resum es operat ions. How ever , note that the IP address will be the s ame for any c ommon VLANs ( with active port con nectio ns) that a ppear in both of th e new stack s egments.
Initial Confi guration 2-6 2 Consistent Runtime Code in Each S witch – The main board runtime firmware version fo r each uni t in the stack m ust be th e same as the Master unit’s ru ntime firmware. After Auto-ID assignme nt is comp leted, the M aster unit che cks the im age versions for consistency.
Basic Configur ation 2-7 2 Setting Passwo rds Note: If this is yo ur first time to log into the CLI pr ogram, you s hould define new passwords for both default user names us ing the “usernam e” command, record them and put them in a safe place . Passwo rds can con sist of up to 8 al phanum eric cha racters an d are case s ensitive .
Initial Confi guration 2-8 2 Before y ou can assign an IP addr ess to the swi tch, you m ust obtain th e following inform ation from y our netwo rk administ rator: • I P addr ess fo r the sw itch • Default ga teway for the netwo rk • Network mask for thi s network T o assig n an IP add ress to the switch, com plete the followin g steps: 1.
Basic Configur ation 2-9 2 5. W ait a few minutes, and then c heck the IP con figur ation settings by typin g the “show ip int erface” co mman d. Press <E nter>. 6. Then save y our con figuratio n changes by typing “copy runn ing-conf ig startup-co nfig.
Initial Confi guration 2-10 2 The defa ult s tri ngs are: • public - with read-on ly acc ess. A uthorize d mana geme nt stat ions are only able to ret rieve MIB obje cts. • private - w ith re ad-write access. Author ized ma nagem ent stat ions a re able t o both ret rieve and modify MIB obje cts.
Basic Configur ation 2-11 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re manag eme nt access for SNMPv3 cl ients, you ne ed to first creat e a view tha t defines the portions of MIB that the cli ent can read or writ e, assign t he view to a group , and then assign the use r to a group.
Initial Confi guration 2-12 2 Managing System Files The s wit ch’ s fl ash memory supp ort s th ree type s of s yste m fi les t hat can be mana ged by the CLI program, web interface, or SNMP . The switch’s file syst em allows files to be upload ed and dow nloade d, copied, deleted, a nd set as a start-up file.
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch prov ides an embed ded HT TP web agent. Using a web browse r you c an configur e the switch and view statistics to m onitor netw ork activ ity . The w eb agent can be acce ssed by any compu ter on the ne twork using a standar d web bro wser (Interne t Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Brow ser Interface T o acce ss the web- browser interfac e you mus t first enter a us er name a nd password . The ad ministra tor has Read/Write access to all co nfigurat ion parame ters and statistics. The default user nam e and passwo rd “admin” is used for the adminis trator .
Navigating the Web Brow ser Interface 3-3 3 Configurati on Options Configu rable parameters have a dialo g box or a drop -down list. O nce a co nfigur ation change ha s been m ade on a page, b e sure to click o n the App ly button to confirm the new set ting.
Configuring the Switch 3-4 3 Main Menu Using th e onboard web agent, you can def ine system parameter s, manag e and contro l the switch, and all its ports, or monit or networ k condition s. The foll owing table briefly des cribes the select ions availab le from th is program .
Navigating the Web Brow ser Interface 3-5 3 SNMPv3 3-4 2 Engine ID Sets t he SNM P v3 eng ine ID 3-43 Remote E ngine ID Sets the S NMP v3 engi ne ID on a remo te device 3-43 User s Conf igu res SN MP .
Configuring the Switch 3-6 3 LACP 3-93 Configura tion Allo ws po rts to dyna mically join trunk s 3-95 Aggregat ion Port Config ures para meters for link aggre gation gro up members 3-97 Port Coun ter.
Navigating the Web Brow ser Interface 3-7 3 Trun k Co nfigu rati on Confi gures trun k sett in gs for a spec ifie d MST i nstan ce 3-1 33 VLAN 3-135 802.
Configuring the Switch 3-8 3 QoS 3-161 Diff Ser v Con figu re Q oS cla ssif icat ion cr it eria and se rvic e poli ci es 3-1 61 Clas s Map Cr eates a clas s map f or a ty pe of t raf fi c 3-162 Policy.
Navigating the Web Brow ser Interface 3-9 3 ARP 3-210 General Se ts the pro tocol timeou t, and ena bles or disab les prox y ARP for the specif ied VL AN 3-21 1 Static Add resses Statica lly maps a ph.
Configuring the Switch 3-10 3 Routing P rotoco l 3 -206 RIP 3-224 General S ettings En ables or d isables RIP , sets the globa l RIP versio n and timer values 3-225 Network A ddress es Configure s the.
Navigating the Web Brow ser Interface 3-11 3 PIM-DM General S ettings En ables or d isables PIM-D M globally for the switch 3-271 Interface Setting s Enabl es or d isables PIM -DM p er interfac e, con.
Configuring the Switch 3-12 3 Basic Configuration Displaying Syste m Information Y o u can easi ly identif y the system by display ing the de vice nam e, locatio n and contac t informati on. Field Attributes • Syst em Name – Name assi gned to the sw itch syst em.
Basic Configur ation 3-13 3 CLI – S peci fy th e ho stnam e, l ocat ion and co nt act infor mat ion. Displaying Switch Hardware/Soft ware Versions Use the Sw itch Infor mation page to di splay ha rdware/ firmware ve rsion nu mbers for the main bo ard and m anagem ent software, as well as th e power status of the system .
Configuring the Switch 3-14 3 • Operation Code Version – Version nu mber of ru ntime cod e. • Role – Shows tha t this switch is operating as Master or Slave . These addi tional param eters are di splaye d for the CLI . • Unit ID – Unit number in sta ck.
Basic Configur ation 3-15 3 Displaying Bridge Extension Capa bilities The Bridg e MIB includ es extens ions for mana ged dev ices that support Mult icast Fil ter ing, T raf fic Cl asses , and Vi rtu al L ANs. Y ou can acces s the se ex tens ions to dis play def ault se tti ngs for t he key va riabl es.
Configuring the Switch 3-16 3 CLI – Enter the fo llowing co mman d. Configuring Suppor t for Jumbo Frames The switc h provides more efficient t hroughpu t for large seq uentia l data transfers by support ing jumb o frames up to 9216 bytes . Compared to standard E thernet frame s that run only up to 1.
Basic Configur ation 3-17 3 Setting the Switch’s IP Address Thi s sec tion desc ribe s how to confi gur e an in it ial I P int erf ace f or m anage ment access over th e network.
Configuring the Switch 3-18 3 Manual Co nfiguration We b – Click I P , General, Rout ing Interf ace. Select the VLAN th rough which t he manage ment station is at tached, set the IP Address Mode to “St atic,” and spec ify a “Primar y” interfac e.
Basic Configur ation 3-19 3 Using DHCP/BOOTP If your netw ork prov ides D HCP/ BOOTP servi ces, y ou can confi gure the stack t o be dyna mic ally co nfi gured by thes e serv ices . We b – Clic k IP , Ge neral, R outing Inter face. Specify the VLAN to which the mana gemen t st atio n is att ached, set th e IP Addr ess Mo de to D HCP or BO OTP .
Configuring the Switch 3-20 3 Renewing DCHP – DHC P may lea se addres ses to clie nts indefinitel y or for a specific period of time . If the addr ess expi res or the stac k is moved to another network segment, you will lose management access to the stack.
Basic Configur ation 3-21 3 Downloadi ng System Softw are from a Se rver When dow nload ing runtim e code, you can speci fy the destin ation file na me to replace th e curren t image, or first download the file us ing a different nam e from the current ru ntime co de file, and th en set the new file as the start up file.
Configuring the Switch 3-22 3 T o delete a f ile select Sy stem, File Ma nagemen t, Dele te. Select the fil e name from the given l ist by check ing the tick bo x and click Ap ply . Note that the file currentl y designa ted as the star tup code ca nnot be de leted.
Basic Configur ation 3-23 3 Saving or Restoring Confi guration Settings Y o u can up load/d ownload configura tion settin gs to/fr om a TFT P server, or copy files to and from sw itch units in a stack. The conf iguration file ca n be lat er down loaded to restor e the switch ’s settings.
Configuring the Switch 3-24 3 Downloadi ng Configuration Se ttings from a Se rver Y o u can dow nload the con figurat ion file under a new file nam e and then set it as the startup file, or you can sp ecify th e curre nt startup co nfigur ation file a s the destinat ion file to direct ly replac e it.
Basic Configur ation 3-25 3 CLI – Enter the IP ad dress of the TFT P server, specify th e source file on th e server, set the startup file name on the switch , and then restart the sw itch. T o selec t anothe r configurat ion file as th e start-up con figuratio n, use the boot system comma nd and then restart the switch .
Configuring the Switch 3-26 3 • Speed – Sets the termi nal line’s baud rate for trans mit (to termi nal) and rec eive (from termi nal). Set th e speed to match the ba ud rate of th e device co nnected to the serial po rt.
Basic Configur ation 3-27 3 CLI – Enter Line Co nfigurat ion mod e for the con sole, then spe cify the con nection parameter s as require d. T o disp lay the curr ent cons ole port sett ings, use t he show line command fr om the Normal Ex ec level.
Configuring the Switch 3-28 3 • Password 3 – Specifies a passw ord fo r the line c onnec tion. Wh en a conn ection is started on a line with pa ssword pr otection , the syste m prompt s for the pas sword. If you ente r the correc t passw ord, the sy stem sh ows a prom pt.
Basic Configur ation 3-29 3 Configuring Event Logging The sw itch allow s you to contr ol the l ogging of error messag es, includ ing th e type o f events that are re corded in switch memor y , logging to a remote Sy stem Log (syslog) server, and disp lays a list of recent ev ent mes sages.
Configuring the Switch 3-30 3 We b – Click Sy stem, Lo gs, Syst em Log s. Specify System Lo g S tatus, set the leve l o f event mess ages to be logg ed t o RAM an d fl ash m emory , th en cl ick Ap ply . Figu re 3 -17 Sys tem Lo gs CLI – Enable system lo gging an d then sp ecify the level of mes sages to be logge d to RAM an d flash memo ry .
Basic Configur ation 3-31 3 We b – Click System, Logs, Remote Logs. T o add an IP address to t he Host IP List, type the new IP addre ss in the Host IP Addres s box, and the n click Add. T o delete an IP addr ess, click the entry in th e Host IP List , and the n click Rem ove.
Configuring the Switch 3-32 3 Displaying Log Me ssages Use the Log s page to scro ll through th e logged sy stem an d event mes sages . The switch can store up t o 2048 lo g entries in tem porary random access mem ory (RAM ; i.e., memor y flushed o n power r eset) and up t o 4096 ent ries in perm anent flas h memory .
Basic Configur ation 3-33 3 • SMTP Se rver List – Spe cifi es a lis t of up t o thr ee r ecipi ent SMTP server s. T he switch attempts to connec t to the other lis ted server s if the first fa ils. Use the N ew SMTP Serv er text field an d the Add/R emove bu ttons to conf igure the list.
Configuring the Switch 3-34 3 CLI – Enter the IP ad dress of at least on e SMT P server, set t he syslo g severit y level to trigger a n email m essage, and speci fy the sw itch (sou rce) and up to five rec ipient (destina tion) email ad dresses . Enable SM TP with the logging se ndmail co mmand to compl ete the conf iguration.
Basic Configur ation 3-35 3 CLI – Th is ex ampl e re number s al l uni t s in the st ac k. Resetting the Syste m We b – Click System, Reset . Click the Reset b utton to res tart the s witch. When prompted, confirm th at you want reset the switch. Figure 3 -22 Re settin g the Sys tem CLI – Us e th e rel oad c omman d to rest ar t the swit ch.
Configuring the Switch 3-36 3 We b – Sele ct SN TP , Conf igur ati on. Mo dify an y of t he requ ir ed pa ramet ers, and cl ick Apply . Figure 3 -23 S NTP Conf igurati on CLI – This examp le configu res the sw itch to operat e as an SNT P client and then displays the curre nt time an d setting s.
Simple Network Management Proto col 3-37 3 We b – Select SNTP , Clock T ime Zone. Set the of fset for your time zone rel ative to the UTC, an d click Ap ply . Figu re 3 -24 Cl ock T ime Zo ne CLI - This exam ple shows ho w to set the tim e zone for the system clock.
Configuring the Switch 3-38 3 The SNMP v3 sec urity st ructure c onsists of s ecurity mo dels, w ith each m odel ha ving it’ s own security levels. There are three sec urity models def ined, SNMPv1, SNMP v2c, and SNMPv3 . User s are as sign ed to “g roup s” tha t are de fin ed by a securi ty model an d specifi ed securit y levels.
Simple Network Management Proto col 3-39 3 Enabling the SNMP Agen t Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attributes SNM P Agen t St atus – Enables SN MP on the switc h. We b – Click SN MP , Agent S tatus.
Configuring the Switch 3-40 3 Web – Click SNM P , Configura tion. Add ne w commu nity strin gs as requi red, sele ct the access righ ts from th e Acces s Mode drop-d own l ist, then cl ick Ad d. Figure 3- 26 Co nfigur ing SNMP Comm unity Stri ngs CLI – The followi ng exam ple adds the string “sp iderman” with rea d/write ac cess.
Simple Network Management Proto col 3-41 3 To send an i nform to a SNM Pv2c hos t, compl ete these st eps: 1. En able the SNMP ag ent (p age 3- 39) . 2. Ena ble trap info rms as desc ribed in th e following pages . 3. Cre ate a view w ith the requi red notific ation mes sages (page 3 -52).
Configuring the Switch 3-42 3 • Enable Link-up and Link- down Traps 4 – Issu es a not ificatio n messag e whenev er a port link is established or broken.
Simple Network Management Proto col 3-43 3 Setting a Local Engine ID An SNMP v3 eng ine is an indepe ndent S NMP a gent t hat resid es on the switch . This engine prot ects against messag e replay , de lay , and r edirection .
Configuring the Switch 3-44 3 The en gine ID can be s pecif ied by ente ring 1 to 26 hex adeci mal ch arac ters . If les s than 26 ch aracters ar e specifi ed, trailing zeroes are added to the va lue. For example, the value “ 1234” is e quivalent to “1234” fol lowed by 22 zeroes.
Simple Network Management Proto col 3-45 3 • Privacy Protocol – The encryp tion alg orithm us e for d ata priv acy; on ly 56-bit DES is currentl y availabl e. • Privacy P assw ord – A minim um of eight plai n text char acters is requ ired. • Actions – Enables t he user to be assigned t o another SNMPv3 group.
Configuring the Switch 3-46 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user na me and assign it to a group. Configuring Rem ote SNMPv3 Users Each SNMP v3 user is defined by a un ique nam e. Users mu st be conf igured with a specific security level and a ssigned to a grou p.
Simple Network Management Proto col 3-47 3 • Privacy Protocol – The encryp tion alg orithm us e for d ata priv acy; on ly 56-bit DES is currentl y availabl e. • Privacy P assw ord – A minim um of eight plai n text char acters is requ ired. We b – Click SN MP , SNMPv 3, Remote Users.
Configuring the Switch 3-48 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user na me and assign it to a group. Configuring SNM Pv3 Groups An SNMP v3 group se ts the acces s policy fo r its assigne d users, res tricting th em to specific read, write, and notify views.
Simple Network Management Proto col 3-49 3 T ab le 3-5 Supporte d Noti fication M essag es Object La bel Objec t ID Description RFC 1493 Traps newRoot 1.3.6. 1.2.1.1 7.0.1 The newR oot trap in dicate s that the sendin g agent has becom e the new root of the S pannin g Tree; the trap is sent by a bridge soon afte r its election as the new root, e.
Configuring the Switch 3-50 3 Private Tr aps swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.6 4.2.1.0.1 This trap is sent wh en the power state chan ges. swFanFai lureTra p 1.3.6.1.4. 1.259. 6.10.6 4.2.1.0.17 This trap is sent when t he fan fail s.
Simple Network Management Proto col 3-51 3 We b – Click SNMP , SNMPv3, Groups. Click New to configure a new group. In the New G roup page , define a na me, assi gn a se curity m odel a nd lev el, and then s elect read, wr ite, and notify views. Cli ck Add to sav e the new gr oup and retur n to the Groups list.
Configuring the Switch 3-52 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict use r access to speci fied portio ns of the M IB tree. The prede fined view “defaultv iew” incl udes acces s to the en tire MIB tree. Command Attributes • View Name – The nam e of the SNMP view.
User Authent ication 3-53 3 CLI – Us e th e snmp-s erver vi ew comm and to co nfigure a ne w view . This exam ple view incl udes the MIB-2 in terfaces tabl e, and the wildc ard mask select s all ind ex entries.
Configuring the Switch 3-54 3 Command Attributes • Account List – Dis plays the cu rrent list of user accoun ts and ass ociate d access levels. (D efaults : admin, and gu est) • New Account – Displ ays configu ration set tings for a ne w accoun t.
User Authent ication 3-55 3 Configuring Local/Remote Logon Authentication Use the Authe ntication Setting s menu to r estrict m anagem ent a ccess based on specifie d user name s and passwo rds.
Configuring the Switch 3-56 3 • RADIUS Settings - Global – Provides g lobally ap plicable RADIUS se ttings. - ServerIndex – Speci fies one of five RADI US serv ers that may be configu red. The switch at tempts authent ication usin g the listed se quence of servers.
User Authent ication 3-57 3 We b – Click Security , Authentication Sett ings. T o configure lo cal or remote authenti cation pre ferenc es, specif y the aut henticat ion seque nce (i.e., on e to three methods), fill in t he parameters f or RADIUS or T ACA CS+ authentic ation if sel ected, and click Ap ply .
Configuring the Switch 3-58 3 Configuring HTTPS Y o u can conf igure the sw itch to enab le the Secur e Hyper text T ransf er Protocol (HTTPS ) over the S ecure Soc ket Layer (SSL), prov iding secu re acce ss (i.e., an encrypt ed con nectio n) to t he sw itch’s web interf ace.
User Authent ication 3-59 3 We b – C lick Sec urity , H TTPS Se ttings. En able HTTP S and specify th e port number, then c lic k A pply. Figure 3- 36 HT TPS S ettings CLI – This example ena bles the H TTP secure server an d modifies the p ort num ber .
Configuring the Switch 3-60 3 Configuring the Secure She ll The Berkl ey-standard includes r emote ac cess too ls original ly designe d for Unix systems.
User Authent ication 3-61 3 be config ured loca lly on the sw itch via the U ser Accou nts page as descr ibed on page 3-53.) Th e clients are subs equen tly authen ticated u sing these k eys.
Configuring the Switch 3-62 3 Field Attributes • Public-Key of Host-Key – T he pu bli c key for the h ost . - RSA (Versi on 1): The fir st field indic ates the size of the host key ( e.g., 1024 ), the second f ield is the encod ed public expone nt (e.
User Authent ication 3-63 3 CLI – Th is ex ampl e ge nera tes a hos t-ke y p air usin g bot h th e RSA and DSA algorithms, stores the keys to flash memory , and then displays the host’s p ublic keys. Configuring the SSH Server The SSH se rver inc ludes ba sic settings for authent ication .
Configuring the Switch 3-64 3 We b – Click Security , SSH, Settings. Enable SSH and adjust the authenticati on para meters as requir ed, then clic k Apply . Note that y ou must firs t generate t he host key pair on the SS H Ho st-Key Settings pag e befor e yo u can e nable the SSH server .
User Authent ication 3-65 3 Configuring Port Security Port securit y is a feature t hat allows you to conf igure a switch port with one or more device MA C addres ses that are autho rized to acc ess the ne twork th rough that port.
Configuring the Switch 3-66 3 We b – Click Security , Port Security . Set the action to take when an invalid addre ss is detected o n a port, mar k the chec kbox in the Status column to enable secu rity for a port, set the maxi mum number of MAC a ddresse s allowe d on a port, and click A pply .
User Authent ication 3-67 3 Configuring 802. 1X Port Authentication Netw ork switch es can pr ovid e open an d eas y access to netw ork resour ces by simply attac hing a client PC.
Configuring the Switch 3-68 3 • The RADI US ser ver and c lient also have to supp ort th e same EA P authenti cation type – MD 5. (Som e clients ha ve native su pport in Wi ndows , otherw ise the dot 1x client mus t support it.) Displaying 802 .1X Global Settings The 80 2.
User Authent ication 3-69 3 Configuring 80 2.1X Globa l Settings The 80 2.1X proto col pr ovid es por t auth enti cati on. The 802. 1X pro tocol must be enabled globa lly for the switch s yste m befor e port settin gs are active. Command Attributes 802.
Configuring the Switch 3-70 3 • Max Reque st – Sets th e maximum number of times th e switch port will retra nsmit an EAP reques t pack et to th e client b efore it times out the authen tication session .
User Authent ication 3-71 3 CLI – Th is ex ampl e se ts t he 80 2.1 X pa rame ters on po rt 2. For a de scri ptio n of the addition al fields disp layed in this examp le, see “sho w dot1x” on page 4-85 .
Configuring the Switch 3-72 3 Display ing 802.1X Statistics Thi s swit ch c an di spl ay st ati sti cs fo r do t1x prot ocol exch anges for any port . T ab le 3-7 802.1X S tatisti cs Paramete r Descr iption Rx EAPO L Start Th e numb er of EAPOL Start fra mes that ha ve bee n received b y this Au thenti cator .
User Authent ication 3-73 3 We b – Select Securi ty , 802.1X, S tatistics. Select the requir ed port and th en click Query . Click Refresh to update t he statis tics. Figure 3- 43 80 2.1X P ort Statis tics CLI – Th is ex ampl e dis pla ys th e dot 1x s tat is tics for p ort 4.
Configuring the Switch 3-74 3 Filteri ng IP Addresses for Management Access Y o u can cre ate a list of up to 16 IP add resses o r IP address grou ps that are all owed manage ment ac cess to the swi tch throu gh the web i nterface , SNMP , or T elne t.
User Authent ication 3-75 3 We b – Click Se curity , IP F ilter . Enter the IP ad dresses or range of add resses t hat are allowe d manage ment acc ess to an inter face, and cli ck Add IP Filter ing Entry . Figure 3-4 4 IP F ilter CLI – Th is ex ampl e re stri ct s mana geme nt ac cess for T eln et cl ie nts.
Configuring the Switch 3-76 3 Access Control Lists Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC addre ss or Et hernet ty pe).
Access C ontrol Lis ts 3-77 3 Setting the ACL Name and Ty pe Use the AC L Configur ation page to de signate th e name and type of an A CL. Command Attributes • Name – Name of the AC L.
Configuring the Switch 3-78 3 and comp ared with th e address for each IP pac ket ente ring the por t(s) to which thi s ACL ha s been as sign ed. We b – S pecify the action (i .e., Permit o r Deny). Select th e address type (Any , Host, or IP). If yo u sele ct “Hos t,” ent er a s pecific addres s.
Access C ontrol Lis ts 3-79 3 • Protocol – Speci fies the prot ocol type to m atch as TCP , UDP or Others, whe re others in dicates a s pecific p rotocol n umber (0- 255). (O ptions: T CP, UDP, Others; Default: TCP) • Source/D estination Por t – Source /destina tion port number for the specifie d protocol type.
Configuring the Switch 3-80 3 We b – S pecify the action (i.e., Permit or Deny ). S pecify the source an d/or destinat ion addres ses. Sele ct the addre ss type (Any , Host, or IP) . If you selec t “Host,” enter a spec ific ad dress. I f you selec t “IP ,” ent er a s ubnet address and the mask for an address r ange.
Access C ontrol Lis ts 3-81 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any combinati on of permit o r deny rules . • Source/D estination Address Type – Use “An.
Configuring the Switch 3-82 3 We b – S pecify the action (i.e., Permit or Deny ). S pecify the source an d/or destinat ion addres ses. Sele ct the addre ss type ( Any , Hos t, or MAC). If yo u select “Host,” enter a specifi c addres s (e.g., 1 1- 22-33-4 4-55-66 ).
Access C ontrol Lis ts 3-83 3 Configuring ACL Masks Y o u must spec ify masks that con trol the orde r in which A CL rules are ch ecked . The swi tch i ncl udes t wo s ystem def ault masks that p ass/ filt er p ack ets matc hing the permit /deny rule s specified i n an ingress AC L.
Configuring the Switch 3-84 3 Configuring an IP ACL Mask This mask d efines the fields to c heck in the IP header . Command Usage • Masks t hat include an entry fo r a Layer 4 prot ocol sou rce port or d estination port can only be applied to packets with a heade r length of exa ctly five bytes.
Access C ontrol Lis ts 3-85 3 We b – Configu re the mask to matc h the required rules in the IP ingre ss or egress ACLs. S et the mask to check for a ny source or destinat ion addres s, a spe cific host address , or an addres s rang e. Include other criteri a to search fo r in the rules, such as a protoc ol type or one of the servi ce type s.
Configuring the Switch 3-86 3 Configuring a MAC ACL Mask This mask d efines the fields to c heck in the packe t header. Command Usage Y o u must conf igure a ma sk for an ACL rule befor e you can bind i t to a port.
Access C ontrol Lis ts 3-87 3 CLI – This e xample s hows how t o create an Ingr ess M AC A CL and b ind it t o a por t. You can the n see that th e order of th e rules have be en chan ged by the mask.
Configuring the Switch 3-88 3 We b – Click Security , ACL, P ort Bi nding. M ark the Enab le field for the port you w ant to bind to an ACL for ingre ss or egres s traffic, select the r equired AC L from the drop-do wn list, then click Apply .
Port Configurati on 3-89 3 • Autonegotiation – Shows if au to-negotia tion is enab led or disa bled. • Media Type 6 – Shows the forced /preferred port type to use f or comb ination por ts 21-24. (Copper-Force d, SFP-Forced, SFP-P referred-Auto) • Trunk Me mber 6 – Sh ows if port is a trunk mem ber.
Configuring the Switch 3-90 3 • Broadcas t storm – Shows if broadca st sto rm cont rol is enable d or disabl ed. • Broadcas t storm lim it – Shows the br oadcast storm th reshold. (500 - 26214 3 packets per secon d) • Flow control 8 – Shows if flow contro l is enabled or disabled.
Port Configurati on 3-91 3 Configuring I nterface Connections Y o u can u se the Port Co nfigurat ion or Trunk C onfigur ation page to ena ble/disa ble an interface, set auto-ne gotiation an d the interf ace capabilitie s to adverti se, or manua lly fix the speed and duplex mode.
Configuring the Switch 3-92 3 We b – Cli ck Po rt, Port Conf igur ati on or T run k Con fig urat ion. Modif y t he re quir ed interface settings, and click Apply . Figure 3-5 4 Por t - Port Configur ation CLI – Select the interface, and then enter the requ ired settings.
Port Configurati on 3-93 3 Creating Tr unk Groups Y o u can crea te multipl e links betw een de vices that work as one vi rtual, aggr egate link. A por t trunk offers a dram atic inc rease in band width for ne twork se gments where b ottlenec ks e xist, a s well a s pr oviding a fault -tolera nt link b etwee n two devices (i.
Configuring the Switch 3-94 3 Statically Configuring a Trunk Command Usage • When co nfiguri ng stati c trunks, you m ay no t be able to link sw itches of different types, dependi ng on the m anufactu rer’s implemen tatio n. However , note that the static trunks on th is switch a re Cisco Ethe rChann el compatible.
Port Configurati on 3-95 3 CLI – This examp le creates trunk 1 with ports 9 and 10. Jus t connect these ports to two static trun k ports on ano ther switc h to form a tru nk.
Configuring the Switch 3-96 3 Command Attributes • Member Li st (Cur rent ) – Show s conf igured trunk s (Unit, Por t). • New – Include s entry field s for creatin g new trunk s. - Unit – Stack unit. (Range: 1-8) - Port – Port ident ifier.
Port Configurati on 3-97 3 Configuring LACP Pa rameters Dynami cally Creati ng a Port Chann el – Ports assigne d to a com mon port ch annel mu st meet the f ollowing c riteria: • Ports must have the same LACP Syste m Priority. • Ports must have th e same LACP port Admin Key.
Configuring the Switch 3-98 3 We b – Click Por t, LACP , Aggreg ation Port. Set the System Priority , Admi n Key , and Por t Prio rit y for the Por t Acto r .
Port Configurati on 3-99 3 CLI – The followi ng exam ple confi gures LACP parameters f or ports 1-10. Por ts 1-8 are used as active me mbers of t he LAG , ports 9 and 10 are se t to backu p mode.
Configuring the Switch 3-100 3 Displaying LACP Port Co unters Y o u can disp lay statistics f or LACP protocol mes sages . We b – Click Port, LACP , Port Counte rs Information.
Port Configurati on 3-101 3 Displaying LACP Settings and Status for the Lo cal Side Y o u can disp lay confi guration s ettings an d the oper ational state for the local sid e of an link aggreg ation.
Configuring the Switch 3-102 3 We b – Click Port, LACP , Port Internal Info rmation. Sele ct a port chan nel to display the corres ponding informa tion. Figure 3-59 LAC P - Po rt Inter nal Inform ation CLI – The followi ng exam ple displ ays the LACP configu ration sett ings and operat ional state for th e local side of port chan nel 1.
Port Configurati on 3-103 3 Displaying LACP Settings and Status for the Rem ote Side Y o u can disp lay confi guration s ettings an d the oper ational state for the remote si de of an link ag gregatio n. We b – Click Po rt, LACP , Port Ne ighbors In formation.
Configuring the Switch 3-104 3 CLI – The followi ng exam ple displ ays the LACP configu ration sett ings and operat ional state for th e remote side of port ch annel 1.
Port Configurati on 3-105 3 We b – Click Po rt, Port Broad cast Cont rol or Tr unk Broa dcast C ontrol. Chec k the Enabled box f or any interfac e, set the thresh old, and click Apply . Figure 3- 61 Po rt B roadcast Con trol CLI – S pecify any i nterface , and then enter the th reshold.
Configuring the Switch 3-106 3 Configuring Port Mirroring Y o u can mirr or traffic from any s ource port to a target port for re al-time an alysis. Y ou c an then attach a logic an alyzer o r RMON pr obe to th e target port and s tudy the traffic crossing the source port in a comple tely unob trusive mann er .
Port Configurati on 3-107 3 Configuring Rat e Limits This funct ion allows the netwo rk manag er to control the maximum rate for traffic transmi tted or recei ved on an in terface. Rate limiti ng is config ured on inte rfaces at the edge o f a networ k to limit traffic into or ou t of the switch .
Configuring the Switch 3-108 3 Showing Port Statistics Y o u can disp lay standard statistics on ne twork traffic fro m the Inte rfaces Grou p and Ethernet- like MIBs, as well as a detailed b reakdown of traffic based on the RMON MIB. Inter faces an d Etherne t-like statistics d isplay err ors on the tr affic passing throug h each port.
Port Configurati on 3-109 3 Transmit Discard ed Packets Th e numbe r of outbound pack ets w hich were cho sen to b e dis carded e ven though no errors had been detec ted to prevent th eir bein g transmit ted. One poss ible rea son for di scardin g such a packet could b e to free up buffer spa ce.
Configuring the Switch 3-110 3 Received Frame s The total number of frames (bad, bro adcast and m ulticast) re ceived . Broadcas t Frame s The to tal num ber of go od fram es receive d that were direc ted to the broadcas t addre ss. Note th at this does not include multic ast packe ts.
Port Configurati on 3-111 3 We b – Click Po rt, Port St atistics. Sele ct the requ ired interfac e, and click Q uery . Y ou can also use the Refres h button at the bott om of the page to update the sc reen.
Configuring the Switch 3-112 3 CLI – Th is e xampl e show s st at isti cs f or po rt 12 . Address Table Settings Switche s store the add resses fo r all known devi ces. This i nformatio n is used to pass traffic directly between the i nbound and outbo und ports.
Address T able Settings 3-113 3 We b – Clic k Address T able, St atic Addres ses. Specify the interf ace, the MA C addr ess and V LAN, t hen clic k Add S tatic Addr ess . Figure 3 -65 S tatic A ddresses CLI – This exam ple add s an addres s to the static add ress table, but sets it to be deleted when t he switch is re set.
Configuring the Switch 3-114 3 We b – C lick Addr ess T abl e, Dynam ic Add resses. Specify the s earch type (i.e., mark the Inte rfac e, M AC Add res s, or VLAN chec kbox) , s elec t th e meth od of sort in g th e displaye d addre sses, an d then click Q uery .
Spanning Tree Algorithm Configurati on 3-115 3 Changing the Aging Time Y o u can set the a ging time for entries i n the dyna mic add ress table. Command Attributes • Aging Status – Enab les/disa bles the aging fu nction. • Aging Time – The time afte r which a learned entry is di scarded .
Configuring the Switch 3-116 3 Once a stable network top ology has been esta blished, all br idges lis ten for Hello BPDUs (Bri dge Protoco l Data Units) transmitt ed from the R oot Bridge. If a bri dge does not g et a Hello BPD U after a predefi ned interv al (Maxim um Age), t he bridge assumes that t he link to the Root Bridge is down.
Spanning Tree Algorithm Configurati on 3-117 3 new root po rt is select ed from am ong the de vice por ts attache d to the netwo rk. (Refer ences to “por ts” in this se ction mea n “interface s,” wh ich includes both po rts and trun ks.
Configuring the Switch 3-118 3 • Root Forward Delay – The maximum time (in seconds ) this device will wait bef ore changin g states (i. e., discardi ng to learn ing to forwa rding). Thi s delay is requi red because e very de vice must receive in formatio n about to pology ch anges be fore it starts to forward frames.
Spanning Tree Algorithm Configurati on 3-119 3 Note: The current root por t and current root cost display as zero when th is device is not connected to the network.
Configuring the Switch 3-120 3 • Multiple S panni ng Tre e Protoco l - To a llow mul tiple spanni ng trees t o operat e over the ne twork, y ou must configur e a related se t of bridges w ith the same MSTP co nfigurati on, allowing them to participat e in a spec ific set of sp anning tre e instan ces.
Spanning Tree Algorithm Configurati on 3-121 3 • Forward Delay – The maximum time (in s econds) this d evice will wai t before changin g states (i. e., discardi ng to learn ing to forwa rding). Thi s delay is requi red because every de vice must receive in formatio n about to pology ch anges b efore it starts t o forward frame s.
Configuring the Switch 3-122 3 We b – Click Spanning T ree, ST A, Configura tion. Modify the required attributes , and click Apply . Figure 3- 69 STA Global Con figura tion.
Spanning Tree Algorithm Configurati on 3-123 3 CLI – Th is ex ampl e en able s S panni ng T ree Prot ocol , se ts the m ode t o MST , and then configu res the ST A an d MSTP parameters.
Configuring the Switch 3-124 3 • Oper Path Cost – The contribu tion of this port to the pa th cost of pa ths towards the spann ing tree ro ot which include this p ort. • Oper Link Type – Th e operatio nal point -to-point sta tus of the LAN se gment atta che d to t his i nter fac e.
Spanning Tree Algorithm Configurati on 3-125 3 • Intern al p ath cos t – The path c ost for the MST. See the pr ecedin g item. • Priority – Def ines the pr iority us ed for thi s port in t he Span ning Tree A lgori thm. If the path cost for all po rts on a swit ch is the sam e, the po rt with the hig hest pr iority (i.
Configuring the Switch 3-126 3 CLI – This examp le show s the ST A attributes for por t 5. Configuring I nterface Settings Y o u can conf igure RSTP and MSTP attribu tes for spec ific interface s, including port priority , path cost, link typ e, and edge port.
Spanning Tree Algorithm Configurati on 3-127 3 The follow ing interfa ce attribut es can be configure d: • Spanning Tree – Enables/dis ables STA on this interface. (Default: Ena bled) • Priority – Defines th e priority us ed for this por t in the Spanning Tre e Protocol.
Configuring the Switch 3-128 3 • Migratio n – If at any time the switch det ects STP BPDU s, includ ing Config uration or Topol ogy Change N otificat ion BPDU s, it will autom atically se t the selecte d interface t o forced S TP-comp atible m ode.
Spanning Tree Algorithm Configurati on 3-129 3 T o use mul tiple spann ing trees: 1. Set the spanning tree type to MSTP (ST A Configuratio n, page 3-1 19) . 2. Enter the spanning tree prior ity for the sele cted MST instance (MSTP VL AN Config uration).
Configuring the Switch 3-130 3 We b – Click Spanning T ree, MS TP , VLA N Configu ration. Se lect an instance identifier fro m the list, set the instance priority , and cl ick Apply . T o add the VL AN memb ers to an M STI instan ce, enter the in stance identi fier , the VLA N identifi er , and click Add.
Spanning Tree Algorithm Configurati on 3-131 3 CLI – Th is ex ampl e se ts the pr io rity for MSTI 1 , an d ad ds VL ANs 1 -5 t o th is MST I. ----------------------------------------------------- -.
Configuring the Switch 3-132 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MS TP T runk Inf ormation pages display th e current status of por ts and trunks in th e selected M ST instance. Field Attributes MST Instan ce ID – Inst ance ide ntifier to conf igure.
Spanning Tree Algorithm Configurati on 3-133 3 Configuring I nterface Settings for MSTP Y o u can conf igure the ST A i nterface settings for an M ST Instanc e using the MS TP Port Confi guration and MSTP T runk Con figuratio n pages.
Configuring the Switch 3-134 3 • Admin MST Path Cost – This parameter is used by the MST P to determine the best path betwee n devi ces. Theref ore, lower value s shou ld be ass igne d to port s attached t o faster m edia, and hi gher value s assigne d to ports w ith slower media.
VLAN Configurati on 3-135 3 VLAN Configuration IEEE 802.1Q VLANs In large netw orks, routers ar e used to isolat e broadc ast traffic for eac h subnet into separate doma ins. This swi tch provides a simi lar service at Laye r 2 by using VLANs to organ ize any group of networ k nodes in to separate broad cast domains.
Configuring the Switch 3-136 3 Note: VLAN-tagged frames c an pass throug h VLAN-awa re or VLAN-unaw are network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host th at does not support VLAN t agging.
VLAN Configurati on 3-137 3 these hos ts, and core swi tches in th e network , enable G VRP on the links betwe en these dev ices. Y ou sho uld also determine se curity bou ndarie s in the netw ork and disable G VRP on th e boundar y ports to prev ent advertis ements from being propagate d, or forbid thos e ports from joining rest ricted VLA Ns.
Configuring the Switch 3-138 3 Enabling or Di sabling GVRP (Gl obal Settin g) GARP VLAN Registra tion Protoco l (GVRP) defi nes a way for swi tches to exc hange VLAN infor mat ion i n order to reg ist er VLAN member s on por ts acros s the ne twor k.
VLAN Configurati on 3-139 3 CLI – Enter the fo llowing co mman d. Displaying Current VLANs The VLAN Cu rrent T a ble shows the current por t membe rs of each VLAN and whether or not the port su pports VLAN tagging. Ports assigned t o a large VLAN group th at crosses s everal sw itches shou ld use VLAN tagging.
Configuring the Switch 3-140 3 Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4093 , no leading zer oes). • Type – Show s how this VLAN was added to the switc h. - Dynamic : Automa tically le arned v ia G VRP. - Static : Added as a s tatic e ntry.
VLAN Configurati on 3-141 3 We b – Click VL AN, 802.1Q VLAN, St atic List. T o cre ate a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lic k A dd. Figure 3 -78 V LAN St atic List - Creati ng VLANs CLI – Th is ex ampl e cr eate s a ne w VLAN .
Configuring the Switch 3-142 3 Command Attributes • VLAN – ID of config ured VLAN (1-4093). • Name – Name of t he VLAN (1 to 32 characters). • Status – Enabl es or disab les the specif ied VLAN. - Enable : VLAN is oper ational. - Disable : VLAN is sus pended; i.
VLAN Configurati on 3-143 3 CLI – The followin g exam ple adds tagged and untagged ports to VLAN 2. Adding Static Members to VLANs (Po rt Index) Use the VLAN S tatic Membership by Port menu t o assign VLAN groups to the selected interface as a tagged me mber .
Configuring the Switch 3-144 3 Configuring VLAN Be havior for Interfac es Y ou can co nfi gure VL AN beh avio r for speci fic inte rfac es, i ncl udin g the de faul t VLA N identifier ( PVID), acce pted fram e types, in gress filte ring, GVR P status, and GA RP time rs .
VLAN Configurati on 3-145 3 Leave or Leave All mess age ha s been i ssued, the appli cants ca n rejoin b efore the port actua lly leave s the group. (Range: 60 -3000 cen tiseco nds; Defaul t: 60) • .
Configuring the Switch 3-146 3 CLI – Th is examp le sets por t 3 to accept only tagge d frames , assi gns PV ID 3 as the nati ve VL AN ID , ena bl es G V RP , se ts t he GA RP t im ers , a nd t hen se ts th e swi tchp or t mode to hybri d.
VLAN Configurati on 3-147 3 Configuring Upli nk and Downl ink Ports Use the P riva te V LAN Li nk S t atus pag e to set port s as down lin k or u pli nk po rt s. Ports design ated as d ownlin k ports can no t comm unicate w ith any other po rts on the swi tch ex cept f or th e upli nk por ts .
Configuring the Switch 3-148 3 Command Usage T o c onfigure protocol- based VLANs , follow these steps: 1. First con figure VLAN groups for the prot ocols you w ant to use (pag e 3-140). Although not m andat ory , we sug gest c onfiguring a separ ate VLA N for each major pr otocol run ning on yo ur networ k.
VLAN Configurati on 3-149 3 Mapping Protocols to VLANs Map a protocol group to a VLAN for e ach interface that will p articip ate in the gr oup. Command Usage • When c reating a p rotocol-bas ed V LAN, onl y ass ign inte rfaces u sing thi s configur ation scr een.
Configuring the Switch 3-150 3 CLI – The following maps the traffic entering Port 1 which mat ches t he protoco l type specified i n protocol group 1 to VLAN 3. Class of Service Config uration Class of Service (CoS) allows you to specif y which data packets have great er precede nce when traffic is buffered in the s witch due to congestion .
Class of Servi ce Configurati on 3-151 3 We b – Click Priority , De fault Port Pri ority or Default T runk Priority . Modify the default priority for any inte rface, then clic k Apply . Figure 3-8 6 De fault Port Priorit y CLI – Th is ex ampl e as signs a de faul t pri ori ty o f 5 t o por t 3.
Configuring the Switch 3-152 3 Mapping CoS Values to Egress Queues This switc h process es Class of Ser vice (Co S) priority tagged traffic by using ei ght priority qu eues for each port , with servic e sched ules base d on strict o r Weighted Round Ro bin (WRR ).
Class of Servi ce Configurati on 3-153 3 We b – Click Priority , T raffic Classes. Assign priorities to the traff ic classes (i .e., output que ues), then c lick Apply . Figure 3- 87 Traffic Clas ses CLI – Th e fo llow ing e xamp le s hows ho w to chan ge t he Co S assi gnme nt s to a one-to -one mappi ng.
Configuring the Switch 3-154 3 Selecting th e Queue M ode Y o u can set the s witch to service the queues bas ed on a st rict rule that requires al l traffic in a higher pr iority queue to be proce ssed b efore lower priority que ues are serviced, or use Weight ed Round -Robin (W RR) qu euing that specifies a re lative weight o f each queu e.
Class of Servi ce Configurati on 3-155 3 We b – Click Pr iority , Q ueue Sched uling. Selec t the inte rface, highli ght a traffic class (i.e., output queue), ent er a weigh t, then click App ly . Figure 3- 89 Q ueue S cheduling CLI – The followi ng exam ple shows how to ass ign WRR w eights to eac h of the priority qu eues.
Configuring the Switch 3-156 3 Layer 3/4 Priori ty Settings Mapping Layer 3/4 Pr iorities to CoS Va lues This swi tch suppo rts several com mon me thods of prioritizin g layer 3/4 traffic to meet applicat ion requirem ents.
Class of Servi ce Configurati on 3-157 3 Mapping IP Preceden ce The T ype of Servi ce (T oS) oct et in t he IPv4 header incl udes t hree pr eced ence bi t s defining eight different priority leve ls ranging from high est priority for netwo rk control pac ket s to lo west pri orit y fo r ro uti ne tr af fic .
Configuring the Switch 3-158 3 CLI – The followi ng exam ple globally enables IP Pr eceden ce service on the switch , maps IP Prec edence va lue 1 to CoS v alue 0 (on por t 1), and the n displays the IP Pre ceden ce set ting s.
Class of Servi ce Configurati on 3-159 3 We b – Clic k Prio rity, IP DS CP Pr iori ty . Sel ect an en try from the DS C P tab le, ent er a value in th e Class of Serv ice V alu e field, then click Apply .
Configuring the Switch 3-160 3 Mapping IP Port Priority Y o u can also map netwo rk applic ations to Cl ass of Ser vice value s based on th e IP port numb er (i.e., TCP/UD P port num ber) in the fram e header. Some of the more common TC P service ports include: HT TP: 80, FTP: 21 , T e lnet: 23 an d POP3: 1 1 0.
Quality of Service 3-161 3 CLI – The followin g exam ple globally ena bles IP Po rt Priority se rvice on the sw itch, maps HTTP traf fic (on port 1) to CoS value 0, and then displays th e IP Port Priorit y settings .
Configuring the Switch 3-162 3 Configuring Quality of Service Par ameters T o creat e a se rvice poli cy for a specifi c categ ory or ing ress traffic , follow these steps: 1. Use the “C lass Ma p” to design ate a clas s name for a specific ca tegory of traffic.
Quality of Service 3-163 3 Command Attributes Class Map • Modify Name and Des cription – Con figu res th e name an d a brie f desc ript ion of a class map . (Ran ge: 1-32 char acters for the name; 1-256 char acters fo r the descri ption) • Edit Rules – Opens the “Match C lass Se ttings” page for the sel ected clas s entry.
Configuring the Switch 3-164 3 We b – C lick QoS , DiffServ , th en click Ad d Class to c reate a new clas s, or Edit Rules to change the rules of an existin g class. Figure 3 -95 C onfigu ring Class Maps CLI - This exampl e create s a class map c all “rd-cla ss,” and sets it to m atch packets marked for DSCP service value 3.
Quality of Service 3-165 3 Creating QoS Policies This funct ion create s a policy m ap that can be attached to multiple inter faces. Command Usage • To configur e a Policy M ap, follow th ese steps : - Cre ate a Class M ap as de scribed on pa ge 3-162.
Configuring the Switch 3-166 3 Policy Rule Settings - Class Setting s - • Class N ame – Nam e of class ma p. • Action – Show s the service provi ded to ing ress traffic by setting a CoS, DSCP , or IP Prece dence val ue in a mat ching pack et (as spec ified in M atch Cla ss Setting s on page 3-162) .
Quality of Service 3-167 3 We b – Click QoS, Dif fServ , Policy Map t o display the li st of existing p olicy maps. T o add a new policy ma p click Add Po licy .
Configuring the Switch 3-168 3 CLI – This exam ple c reates a poli cy ma p called “rd-p olicy ,” sets the averag e bandwidth the 1 Mbps, the bur st rate to 15 22 bps, and the re sponse to reduce th e DSCP value for viol ating packets to 0.
Mult ica st Fi lteri ng 3-169 3 Multicast Filtering Multicast ing is used to s upport r eal-time applicat ions suc h as videoc onferenci ng or streaming audio.
Configuring the Switch 3-170 3 Based on t he group m ember ship inform ation lear ned from I GMP , a router /switch ca n determi ne which ( if any) mu lticast traffic needs to be forw arded to e ach of its ports.
Mult ica st Fi lteri ng 3-171 3 Configuring IG MP Snooping and Query Parame ters Y o u can conf igure the sw itch to forw ard mult icast traffic intel ligently . Based on the IGMP quer y and repo rt me ssa ges, t he sw itch for wards traf fic on ly t o the por ts that request multicast traffic.
Configuring the Switch 3-172 3 We b – Click IGMP Snooping, IGMP Co nfiguration. Adjust the IGMP settings as required , and then click Apply . (The default set tings are shown be low .) Figure 3 -98 I GMP Conf igurati on CLI – Th is examp le mo difies the settin gs for m ulticas t filterin g, and then disp lays t he current status .
Mult ica st Fi lteri ng 3-173 3 Displaying Interfaces Attac hed to a Mu lticast Router Multicast routers t hat are attached to ports on the sw itch use inf ormati on obtained fro m IGM P , alon g wi th a mult ica st ro uti ng pr otoc ol s uch as DV MRP or PIM, to supp ort IP m ulti casti ng acros s th e Int ern et.
Configuring the Switch 3-174 3 Specifying Static Inter faces for a M ulticast Route r Depend ing on you r networ k connect ions, IGM P sno oping m ay not alw ays be abl e to locate the IGMP quer ier .
Mult ica st Fi lteri ng 3-175 3 Displaying Port Members o f Multicast Se rvices Y o u can disp lay the port m ember s associa ted with a spe cified VLA N and mu lticast serv ice. Command Attribute • VLAN ID – Sele cts the VLAN fo r which to displ ay port me mbers.
Configuring the Switch 3-176 3 Assigning Po rts to Multica st Services Multicast filtering ca n be dynam ically conf igured usi ng IGMP Sn ooping an d IGMP Query me ssages as describ ed in “C onfiguring IGMP Snoop ing and Q uery Parame ters” on page 3 -171.
Mult ica st Fi lteri ng 3-177 3 Layer 3 IGMP (Query used wit h Multicast Routing) IGMP Snoo ping – IGM P Snoo ping is a Laye r 2 function (page 3-1 71) that ca n be used to prov ide mult icast filter ing when no other switc hes in the net work supp ort multicast routing.
Configuring the Switch 3-178 3 • Last Memb er Quer y In ter val – A mult icast cl ient sen ds an I GMP lea ve mes sage when it l eave s a group . Th e rout er t hen c hec ks to s ee if t his was th e la st ho st i n the grou p by sending an IGMP query and s tarting a tim er based on this comm and.
Mult ica st Fi lteri ng 3-179 3 We b – Click IP , IGMP , Interface Setti ngs. S pe cify each interface tha t will support IGMP ( Layer 3), s pecify the IGM P param eters f or eac h interf ace, then c lick App ly . Figure 3- 103 I GMP In terface S ettings CLI – Th is ex ampl e co nfig ures the I GMP p aram ete rs f or VLA N 1.
Configuring the Switch 3-180 3 Displaying Multicast G roup Informatio n When I GMP (La yer 3) is enab led on this switc h the cu rrent m ulticast g roups lea rned via IGMP can be displaye d in the IP/IG MP/Gr oup Informa tion page.
Configuring Doma in Name Service 3-181 3 Configuring Domain Name Service The Domain Naming System ( DNS) service on thi s switch allows host n ames to be mapped to IP addre sses using s tatic table entrie s or by redire ction to othe r name server s on the net work.
Configuring the Switch 3-182 3 We b – Select DN S, General C onfigura tion. Set th e default dom ain name or list of domain nam es, spe cify on e or more nam e server s to use to use for addre ss resolution , enab le domain lookup status , and click A pply .
Configuring Doma in Name Service 3-183 3 Configuring Sta tic DNS Host to Address Entries Y o u can man ually conf igure static en tries in the DN S table that are used to map domain names to IP addresse s.
Configuring the Switch 3-184 3 We b – Select DN S, S tatic Host T able. Enter a host name and on e or more corres ponding addres ses, the n cli ck Apply . Figu re 3 -106 DN S Stat ic Ho st T able CLI - Th is ex ample map s t wo ad dress to a host nam e, and the n conf ig ures a n al ias host nam e for the sam e add resse s.
Configuring Doma in Name Service 3-185 3 Displaying the DNS Cache Y o u can disp lay entries in the DNS cache tha t have been learned via the designa ted name se rvers. Field Attributes • No – The entry nu mber fo r each resour ce recor d. • Flag – Th e flag is alway s “4” indicat ing a cach e entry and therefore unr eliable .
Configuring the Switch 3-186 3 CLI - This examp le displays all the reso urce reco rds learne d from the designat ed name ser vers. Dynamic Host Configurati on Protocol Dynami c Host Conf iguration Pr otocol (DHC P) can dy namicall y allocate an IP a ddress a nd ot her confi guration informa tion to n etwork c lients when t hey boo t up.
Dynamic Ho st Configura tion Protocol 3-187 3 Command Usage Y ou must specify th e IP address for at least one DHCP server . Otherwise, the switch’ s DHCP relay agent wi ll not forwar d client request s to a DHCP server . Command Attributes • VLAN ID – ID of confi gured VLAN .
Configuring the Switch 3-188 3 Configuring the DHCP Server This switch includes a Dynamic Host Configuration Protocol ( DHCP) server that can assign temp orary IP addres ses to any attache d host reques ting service.
Dynamic Ho st Configura tion Protocol 3-189 3 We b – Click DHCP , Server , General. Enter a single address or an address range, and click Ad d. Figure 3-1 09 DH CP Serve r Gen eral Confi guratio n CLI – This examp le enabl es the DH CP and sets an exc luded add ress ran ge.
Configuring the Switch 3-190 3 Configuring Addre ss Pools Y o u must conf igure IP ad dress poo ls for each I P interface t hat will provid e address es to attached clients via the DHC P serve r . Command Usage • First conf igure addr ess pool s for the net work inter faces.
Dynamic Ho st Configura tion Protocol 3-191 3 • Client-Identifier – A unique desi gnation f or the client dev ice, eit her a text string (1-15 ch aracters) or hexade cimal val ue. Setting the Optional Parameter s • Default R outer – The IP ad dress o f the primar y and alternat e gat eway router.
Configuring the Switch 3-192 3 Configurin g a Networ k Address Pool We b – Click DHCP , Server , Pool Configuration. Cli ck the Configure but ton for any entry . Click the r adio butt on for “Net work.” E nter the I P address and sub net mask f or the netwo rk pool.
Dynamic Ho st Configura tion Protocol 3-193 3 Configurin g a Host Ad dress Pool We b – Click DHCP , Server , Pool Configuration. Cli ck the Configure but ton for any entry . Click the radio but ton for “Host.” Enter the IP a ddress, subnet mask , and hardwar e address for the client device.
Configuring the Switch 3-194 3 Displaying Addres s Bindings Y o u can disp lay the host devices which have acquire d an IP addr ess from th is switch’ s DHCP server . Command Attributes • IP A dd res s – IP a ddress as signed to hos t. • Mac Add res s – MAC addr ess of host.
Configuring Rout er Redundan cy 3-195 3 Configuring Router Redund ancy Router r edundanc y protoc ols use a virtu al IP addr ess to sup port a primar y route r and multipl e backup rou ters. The bac kup route rs can be config ured to take over the work load if the m aster rout er fails , or can also be co nfig ured to s hare t he tr af fi c loa d.
Configuring the Switch 3-196 3 • Se vera l vir tual master rout ers conf ig ured f or mutua l back up and l oad sha ri ng. Load sharin g can be a ccompl ished by assign ing a sub set of addr esses t o different host address pools using the DHCP server.
Configuring Rout er Redundan cy 3-197 3 • VRRP creates a virt ual MAC ad dress fo r the mast er router ba sed on a stan dard prefix, wit h the last octe t equal to the gr oup ID . When a ba ckup router takes ove r as the maste r, it cont inues to forwar d tra ffic add ressed to this virtual MAC address .
Configuring the Switch 3-198 3 Command Attributes ( VRRP Group C onfiguration Detail ) • Associat ed IP Table – IP interfaces as sociat ed with this vi rtual rou ter group. • Associat ed IP – IP addre ss of the virt ual router, o r seconda ry IP addr esses assigne d to the current VLAN interf ace that are supporte d by this VRRP group.
Configuring Rout er Redundan cy 3-199 3 We b – Click I P , VRR P , Grou p Configu ration. Select the VLAN ID, en ter the VRID group num ber , and click Add.
Configuring the Switch 3-200 3 Click the Ed it button for a gr oup entry to open the de tailed configur ation windo w . Enter the IP address o f a real interfa ce on this rou ter to mak e it the maste r virtual router fo r the group. Otherwis e, enter the vi rtual add ress for an ex isting gr oup to make it a b ackup router .
Configuring Rout er Redundan cy 3-201 3 CLI – This example creates VR RP group 1, set s this switch as t he master virtual router by assigning the primary i nterface address for the selected VLAN to the virtual IP address.
Configuring the Switch 3-202 3 CLI – This example displays count ers for protocol er rors for all the VRRP groups configured on this switch. Displaying VRRP Group Statisti cs The VRRP Group St atistics page display s counte rs for VRRP pr otocol eve nts and errors t hat h ave occ urred on a s pecific VRRP i nterfac e.
Configuring Rout er Redundan cy 3-203 3 We b – Click I P , VRR P , Gr oup S tatistics. Select the VLAN and v irtual router group. Figure 3-117 VRRP Grou p Stati stics CLI – This example displays VRRP protocol statistics for gr oup 1, VLAN 1.
Configuring the Switch 3-204 3 IP Routing Overview This switc h supports IP ro uting and ro uting path mana geme nt via static routin g definitions (page 3-222) and dynam ic routing su ch as RIP (page 3 -224) or OS PF (page 3-234 ).
IP Routing 3-205 3 IP Swit chin g IP Switchi ng (or pac ket forwar ding) e ncompasse s tasks requi red to forward packe ts for both Lay er 2 and Lay er 3, as wel l as tradition al routing.
Configuring the Switch 3-206 3 the high throug hput an d low latency of swi tching b y enab ling th e traffic to b ypass the routing en gine once the path calcu lation has been perfor med.
IP Routing 3-207 3 Basic IP Interf ace Configuration T o a llow rou ting between different I P su bnets, you must enabl e IP Ro uting as described in this sect ion. Y ou also nee d to yo u define a VLAN for each IP subnet that will b e connected dir ectly to this switch.
Configuring the Switch 3-208 3 Configuring I P Routing Interfaces Y o u can speci fy the IP sub nets connec ted to this router by m anually as signin g an IP addr ess to e ach V LAN, or b y usi ng t h.
IP Routing 3-209 3 We b - Click IP , General, Routing Inte rface. S pecify an IP interf ace for each VLAN that will sup port rout ing to other sub nets.
Configuring the Switch 3-210 3 Address Resolut ion Protocol If IP routin g is enabled (page 3-207), the router us es its routing table s to make routing de cisions, and use s Address Re solution Protoco l (ARP) to forward tra ffic from one hop to the next .
IP Routing 3-211 3 Basic ARP Config uration Y o u can use th e ARP Gener al configur ation men u to specif y the timeout for ARP cac he en tri es, or to enab le P roxy ARP f or speci fic VLAN inte rf aces. Command Usage • The aging time dete rmines ho w long dyna mic entr ies remai n the cach e.
Configuring the Switch 3-212 3 Configuring Sta tic ARP Addresses For devices that do not re spond to ARP requests, tr affic will be dropped because the IP addres s cann ot be mapped to a phys ical addre ss. If this oc curs, you ca n manuall y map an IP address t o the corres ponding physical ad dress in the ARP .
IP Routing 3-213 3 Displaying Dyna mically Learned ARP Entries The ARP c ache cont ains ent rie s th at ma p IP a ddre sse s to t he co rres pondi ng physica l address. M ost of these en tries will be dynamically le arned through re plies to broadcast messa ges.
Configuring the Switch 3-214 3 CLI - This exampl e shows all ent ries in the ARP c ache. Displaying Local ARP Entries The A RP cac he al so cont ains en tri es for loca l int erfa ces, incl udin g sub net, host , and broadca st add resse s. Command Attributes • IP A dd res s – IP a ddress of a local entry i n the cach e.
IP Routing 3-215 3 CLI - This router uses the T ype speci fication “ other” to indica te local cac he entries in the ARP cach e. Disp la ying AR P S tat ist ics Y o u can disp lay statistics for ARP messag es cross ing all interf aces on this router .
Configuring the Switch 3-216 3 CLI - This exampl e provid es detailed statisti cs on commo n IP-rel ated prot ocols. Displaying Stat istics for IP Protocols IP Statistics The Intern et Protocol (IP) p.
IP Routing 3-217 3 Datagram s Forw arded The numb er of in put datag rams f or which th is entit y was not their fin al IP destinatio n, as a result of w hich a n attempt was m ade to find a rou te to forwar d them to that fin al destina tion.
Configuring the Switch 3-218 3 We b - Click IP , S tatisti cs, IP . Figure 3-1 25 IP Statistic s CLI - See the exam ple on page 3-215 . ICMP Statistic s Internet C ontrol Mess age Prot ocol (ICM P) is a networ k layer protoc ol that trans mits mess age p acket s to repor t e rrors in proces sing IP pac ket s.
IP Routing 3-219 3 We b - Click IP , S tatisti cs, ICMP . Figure 3 -126 ICMP S tatistics CLI - See the exam ple on page 3-215 . Timestamps Th e number of ICMP Timestam p (reques t) mess ages r eceived/se nt. Timestamp Re plies The number of ICM P Timestam p Reply m essag es receive d/sent .
Configuring the Switch 3-220 3 UDP Statistics User Datagr am Protoco l (UDP) pro vides a da tagram mode of packet-swit ched commu nic ation s. I t u ses IP as t he un derl ying tran spo rt me chani sm, prov idin g access to I P-like services.
IP Routing 3-221 3 TCP Statistics The Transmission C ontrol Prot ocol (TCP) provides hi ghly reliab le host-to- host connect ions in packet-s witche d netwo rks, a nd is used in c onjuncti on wit h IP to support a wide varie ty of Interne t protoc ols.
Configuring the Switch 3-222 3 Configuring Sta tic Routes Thi s ro uter can d ynam icall y co nfig ure rout es to oth er net wor k segm ent s us ing dynamic r outing pro tocols (i.e., R IP or OSPF) . However, you can also manua lly enter static ro utes in the routing table.
IP Routing 3-223 3 Displaying the Rout ing Table Y o u can di splay all the route s that can b e acce ssed v ia the lo cal networ k interf aces, via static routes , or via a dyna micall y learned ro ute.
Configuring the Switch 3-224 3 CLI - This exampl e shows rout es obtained f rom vario us method s. Configuring t he Routing Information Protocol The RIP pro tocol is the m ost widely use d routing pr otocol. The RIP protoc ol uses a distance-v ector-bas ed approa ch to rout ing.
IP Routing 3-225 3 routing loops may occur , and its small h op cou nt limitation of 15 r estricts its use to smaller net work s. Moreov er , RIP (version 1) wastes v aluable net work band width by pro pagating routing informat ion v ia bro adcasts; it also consid ers to o few network variables to make the best rout ing decision .
Configuring the Switch 3-226 3 We b - C lick Rout ing Protoc ol, RIP , General Se ttings. Enab le or disable R IP , set the RIP version used on pre viously uns et interfac es to RIPv1 or RIPv2, set the ba sic update time r, and then c lick Apply .
IP Routing 3-227 3 Specifying Network I nterfaces for R IP Y ou must spe cif y netw ork inte rfac es t hat will be in clud ed i n th e RIP rout ing proc ess.
Configuring the Switch 3-228 3 Configuring Netw ork Interface s for RIP For each inte rface that participates in the RIP routi ng proces s, you mus t specify the protocol messag e type ac cepted (i .e., RIP v ersion) a nd the mes sage typ e sent ( i.e.
IP Routing 3-229 3 Protocol Messa ge A uthentic ation RIPv1 is n ot a secure pr otocol. An y device se nding prot ocol mess ages fro m UDP port 5 20 will b e consi dered a route r by its neighb ors. Mal icious or unw anted protocol messag es can be eas ily propag ated thr oughout the netwo rk if no authen ticatio n is required .
Configuring the Switch 3-230 3 • Authen tication K ey – S pecifies the key to use for authe nticating RIPv2 packets. For auth entication to function pr operly, bo th the sendi ng and rec eiving in terface must use th e same pa sswor d. (Range : 1-16 cha racters, cas e sensit ive) We b - C lick Rout ing Protocol , RIP , Interface Set tings.
IP Routing 3-231 3 Displaying RIP Information a nd Statistics Y o u can disp lay basic i nformat ion about t he curren t global co nfiguratio n setting s for RIP , statistics abou t rou te cha nges an d que ries, i nformati on abou t the interf aces on thi s rout er th at are us ing R IP , and i nfor mati on abou t kno wn RIP pe er dev ices .
Configuring the Switch 3-232 3 We b - C lick Rout ing Protoc ol, RIP , S tatistics. Figure 3 -134 R IP Sta tistics.
IP Routing 3-233 3 CLI - The informa tion displa yed by the RI P S tatistics scree n via the we b interface can be acce ssed from the C LI using the f ollow ing comm ands.
Configuring the Switch 3-234 3 Configuring t he Open Shortest Path First Protocol Open Sho rtest Path Firs t (OSPF) is more sui ted for larg e area networ ks which experienc e freque nt change s in the links. It also han dles subn ets much be tter than RIP .
IP Routing 3-235 3 • OSPFv2 is a co mpatible upgr ade to OSPF . It involves enhancem ents to protoco l messag e authenti cation, a nd the addit ion of a point- to-multipo int interf ace which allows OSPF to run ove r non-broad cast networks , as well as su pport for overlappi ng area r anges.
Configuring the Switch 3-236 3 • AS Boundary Router 24 – Allo ws this router to exchang e routing inform ation with b ounda ry router s in other auto nomo us systems to which it may be attached. I f a router is enab led as a n ASB R, the n eve ry ot her rout er i n the autonom ous s ystem can l earn about exte rnal rou tes from this de vice.
IP Routing 3-237 3 We b - C lick Rout ing Protocol , OSPF , G eneral Co nfiguration. Enable OSPF , specify the Route r ID, configu re the other global param eters as re quired, an d click Appl y .
Configuring the Switch 3-238 3 Configuring O SPF Areas An autono mous sys tem must be configu red with a backbone ar ea, design ated by area ident ifier 0.0.0. 0. By defau lt, all other areas are created as normal transit are as. Rout ers i n a norma l area may imp ort or ex port routi ng in forma tio n about indi vidu al nodes.
IP Routing 3-239 3 • Routes t hat can be ad vertised with NSSA external LSAs include network destinat ions outside the AS learne d via OSPF, the default ro ute, static route s, routes der ived from other rout ing protoc ols such as RIP, or direct ly conne cted network s that are not ru nning OSPF .
Configuring the Switch 3-240 3 We b - C lick Rout ing Protoc ol, OSPF , Area Con figuratio n. Set any are a to a stub or NSSA as required, specify the cos t for the defa ult summary ro ute sent into a stub, and click Ap ply . Figur e 3- 136 OSP F Area Conf igur atio n CLI - This exampl e configur es area 0.
IP Routing 3-241 3 Configuring Area Ranges (Ro ute Summariz ation for ABRs ) An OSPF area can inc lude a large number of nodes. If the Area B order Router (ABR) has to ad vertise route info rmation for each of th ese nodes, thi s wastes a l ot of bandw idth and proce ssor time.
Configuring the Switch 3-242 3 We b - C lick Rout ing Protoc ol, OSPF , Area Ran ge Configur ation. S pec ify the area identifie r , the base address and ne twork mas k, sele ct whet her or n ot to adver tise the summ ary route to ot her areas , and then clic k Apply .
IP Routing 3-243 3 Configuring O SPF Interfaces Y o u should specify a rou ting interfa ce for any local subnet that needs to comm unicate w ith othe r network s egme nts located on this ro uter or elsew here in t he network.
Configuring the Switch 3-244 3 - On sl ow links, the router ma y send pa ckets m ore quic kly than dev ices can receive t hem. To avoid this p roblem , you ca n use the transmit delay to f orce the router to wait a spec ified interva l between transmi ssions.
IP Routing 3-245 3 - You can assig n a unique pa ssword t o each netwo rk (i.e., au tonom ous system ) to impro ve the secu rity of the rout ing databas e. Howe ver, the pas sword must be used cons istentl y on all neighbo ring rou ters through out a netw ork.
Configuring the Switch 3-246 3 Chan ge any of the in terf ace- spec ifi c prot ocol par amete rs, an d then click Ap ply . Figure 3-139 OS PF In terface Configura tion - Detailed CLI - Th is ex ampl e co nfi gures the int erfa ce p ara met ers f or V LAN 1.
IP Routing 3-247 3 Configuring Virtua l Links All OSPF areas mus t connect to th e backbone . If an area does n ot h ave a direct phy sical conn ection to the backbone , you can co nfigur e a vir tual link t hat provid es a log ical path to the back bone.
Configuring the Switch 3-248 3 We b - Click R outing Pr otocol, OSP F , Virtual Link C onfigur ation. T o create a new virtual l ink, spec ify the A rea ID and N eighbor R outer ID, co nfigure th e link attribute s, and click Ad d.
IP Routing 3-249 3 Configuring Netw ork Area Address es OSPF pro tocol broadca st mess ages (i.e., Li nk S tate Advertisem ents or LSAs) are restricte d by area to limit their impact on n etwork pe rforman ce.
Configuring the Switch 3-250 3 We b - C lick Rout ing Protocol , OSPF , N etwork Area Ad dress C onfigura tion. Conf igur e a b ackbo ne area t hat is conti guous wit h al l the oth er a reas in yo ur network , configure a n area for all of th e other OSPF interfaces, then click App ly .
IP Routing 3-251 3 CLI - This exampl e configur es the back bone area and one tra nsit area. Console(config-router)#network 10.0.0.0 2 55.0.0.0 area 0.0.0.0 4-271 Console(config-router)#network 10.1.1.0 2 55.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf 4-282 Routing Process with ID 10.
Configuring the Switch 3-252 3 Configuring Sum mary Addresse s (for Extern al AS Routes) An Autono mous Syst em Boun dary Rout er (ASBR) ca n redistribut e routes le arned from oth er protocols into all attach ed autono mous sys tems.
IP Routing 3-253 3 CLI - Th is ex ample Th is ex ampl e cre ates a su mmary addr ess f or al l route s contained in 192.168.x. x. Redistributing External Routes Y o u can conf igure this ro uter to impo rt exte rnal routing informa tion from othe r routing pr otocols int o the autono mous system.
Configuring the Switch 3-254 3 We b - Click R outing Pr otocol, OSP F , Redist ribute. Specify the proto col type to import, the m etric type an d path cost, th en click Add . Figure 3-1 43 O SPF Redis tribute Confi guration CLI - This exampl e redistrib utes route s learned from RIP as Type 1 external routes .
IP Routing 3-255 3 Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. We b - Click Routing Protocol, OSPF , N SSA Settings. Create a new NSSA or modify the routing b ehavior for an existi ng NSSA, and click App ly . Figure 3 -144 OSPF NSSA Se ttings CLI - This exampl e configur es area 0.
Configuring the Switch 3-256 3 Displaying Link State Data base Informati on OSPF route rs advertise rou tes using Link S tate Advertiseme nts (LSAs). The full col lect ion of L SAs c ollec ted by a rout er in terf ace f ro m the att ach ed are a is k nown as a link st ate dat abase.
IP Routing 3-257 3 We b - Click R outing Pr otocol, OSP F , Link State Database Inform ation. Specify parameter s for the LSAs you w ant to dis play , then c lick Query . Figure 3 -145 OSPF Lin k State Datab ase Inform ation CLI - The CLI provide s a wide r selection o f display op tions for viewing the Link St ate Database.
Configuring the Switch 3-258 3 Displaying Inform ation on Border Routers Y o u can di splay ent ries in the local rou ting table fo r Area Bo rder Rou ters (ABR) and Autonomo us System Boundar y Routers (ASBR) known by this devi ce. Field Attributes • Dest inat ion – Identifier for t he destinat ion route r.
IP Routing 3-259 3 Displaying Inform ation on Neighbor Routers Y o u can disp lay about ne ighborin g router s on each interface w ithin an OSP F area. Field Attributes • ID – Nei ghbor’s router ID. • Priority – Neighbor’s route r priority.
Configuring the Switch 3-260 3 Multicast Routing This route r can route m ulticas t traffic to different subne tworks us ing either Distance V ec tor Multi cast Routi ng Protocol (DV MRP) or Protocol-Ind epend ent Multic asting - Dense Mo de (PIM -DM).
Multic ast Rou ting 3-261 3 Displaying the Mult icast Routing Table Y o u can disp lay inform ation on each multic ast route t his router has learned via DVMRP or PIM. The r outer learns m ulticast routes from n eighbor ing routers, and also adv ertises thes e routes to its neighbors .
Configuring the Switch 3-262 3 We b – Click IP , Multica st Routing, Mult icast Routing T able. Click Det ail to display addition al informa tion for any en try .
Multic ast Rou ting 3-263 3 CLI – This examp le show s that mult icast forwar ding is enab led. The m ulticast routing table displays on e entry for a mu lticast source rout ed by DVM RP , and another sou rce rout ed via PIM. Console#show ip mroute 4-297 IP Multicast Forwarding is enabled.
Configuring the Switch 3-264 3 Configuring DVMRP The Distance- V ec tor Multicas t Routing Pr otocol (DVM RP) beha ves some what similarly to RIP . A router su pporting DVMR P perio dically floo ds its attached netw orks to pass inform ation about suppo rted multica st service s along to new route rs and hosts.
Multic ast Rou ting 3-265 3 Command Usage Broadca sting period ically flo ods the netw ork with traf fic from a ny active mul ticast serv er . If IGMP snoopin g is disabl ed, multic ast traffic is flooded to all ports on the router.
Configuring the Switch 3-266 3 which th is device ha s received pr obes , and is used to ver ify whethe r or not thes e neighbo rs are s till active members of the mu lticast tr ee.
Multic ast Rou ting 3-267 3 We b – Click Routing Pr otocol, DVMRP , General Settings. Enable or disable DVMRP . Set th e global parame ters that control neigh bor time out, the exc hange of routing inf ormation, or the prune lifetime, and cl ick Apply .
Configuring the Switch 3-268 3 DVMRP Interface Settings • VLAN – Selec ts a VLA N inte rf ace on t his rou ter. • Metric – Sets the metric f or this inte rface used t o calculate di stance vectors.
Multic ast Rou ting 3-269 3 Displaying Neigh bor Information Y o u can disp lay all the neigh boring DVMRP ro uters. Command Attributes • Neighbor Addres s – The IP addre ss of th e networ k device immedi ately ups tream for this multicast deli very tree.
Configuring the Switch 3-270 3 Displaying the Routing Tab le The router lea rns so urce-routed informa tion from ne ighboring DVMRP r outers an d also adv ertises lear ned routes to its neighbors . The router merely recor ds path inf orma tion it h as l earn ed on its own or f rom other rout ers.
Multic ast Rou ting 3-271 3 CLI – Th is ex ampl e dis pla ys k nown DV MRP r oute s. Configuring PI M-DM Protocol -Indepe ndent Mul ticasting (PIM) provi des two different modes of ope ration: sparse mod e and dense mode.
Configuring the Switch 3-272 3 We b – Click Rou ting Protoco l, PIM-DM, G eneral Set tings. Ena ble or disabl e PIM-DM glo bally for the router , and click Ap ply . Figure 3-1 54 P IM-DM General S etting s CLI – This examp le enables PIM-DM globally and d isplays th e current statu s.
Multic ast Rou ting 3-273 3 • Trigger Hello Int erval – Confi gures the maximu m time before transmitt ing a triggered PI M hello mes sage after the rou ter is reboot ed or PIM is ena bled on an interface.
Configuring the Switch 3-274 3 We b – Click Routing Protocol, PIM-DM, Interfa ce Settings. Select a VLAN, enable or disable PI M-DM for the se lected interface, modify any of th e protocol para meters as required , and click Ap ply .
Multic ast Rou ting 3-275 3 Displaying Interfa ce Information Y o u can dis play a summ ary of the current in terface statu s for PIM-DM , including the number of neighbor ing PIM rout ers, and the address o f the design ated PIM ro uter. Command Attributes • Inte rfac e – A VLA N interfac e on this router.
Configuring the Switch 3-276 3 We b – Click Rout ing Protocol, PIM-DM, Ne ighbor Informati on. Figure 3 -157 PIM-DM Ne ighbo r Inform ation CLI – This examp le display s the only neig hboring PIM-DM ro uter.
4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Com mand Li ne Interface (CLI). Note: You can only access the console interface through the Master unit in the stack.
Command Line I nterface 4-2 4 Note: The IP address for this switc h is obtained via DHCP by default. T o acce ss the stack through a T elne t sessio n, you mu st first set the IP add ress for the Maste r unit, and set the defaul t gateway if you are mana ging the switch fro m a different IP su bnet.
Entering Co mmands 4-3 4 Entering Commands Thi s sect ion desc ri bes how t o ente r CLI com mands. Keywords and Argument s A CLI comma nd is a ser ies of keywor ds and argu ments. Keywo rds identif y a comm and, and argu ments spec ify configu ration parame ters.
Command Line I nterface 4-4 4 Showing Com mands If you ente r a “?” at the co mman d prompt, the system will displa y the first le vel of keywords for the cu rrent comm and clas s (Norm al Exec or Privi leged Exe c) or configuration c lass (Global, ACL, DHCP , Interface, Line, Router , VLAN Dat abase, or MSTP).
Entering Co mmands 4-5 4 The comman d “ show interf aces ? ” will d isplay the follo wing information: Partial Keyword Lookup If you termi nate a partial keyword with a questio n mark, alte rnatives that matc h the initial lette rs are provi ded. (Re membe r not to leave a space betwe en the comm and and quest ion mark.
Command Line I nterface 4-6 4 Understanding Command Modes The comm and set is divided into Ex ec and Co nfigurati on classe s. Exec com mand s general ly display i nformat ion on sys tem status or cl ear statistical co unters. Configu ration co mman ds, on the o ther han d, mod ify interfac e parameter s or enab le certain switch ing func tions.
Entering Co mmands 4-7 4 Configurati on Commands Configu ration com mand s are privi leged level co mmand s used to m odify sw itch settings . These comm ands modi fy the running co nfigur ation only and are not saved when the sw itch is reb ooted.
Command Line I nterface 4-8 4 T o enter the other m odes, at the configura tion prom pt type one o f the followi ng comm ands. U se the exit or end command to return to th e Privileged Exec mode.
Entering Co mmands 4-9 4 Command Line Processi ng Comma nds are not case sens itive. Y ou ca n abbrevia te comm ands and parameters as long as they contain en ough lette rs to differentiat e them from a ny other c urrently availabl e comma nds or parame ters.
Command Line I nterface 4-10 4 Command Groups The syst em com mands can be b roken down into the fun ctiona l groups shown below . T able 4-4 C omman d Gro up Index Comman d Grou p De scription Pa ge .
Line Commands 4-11 4 The access mode sho wn in the fo llowing table s is indicate d by these ab brevia tions: NE (Nor mal Exec ) MST (Multip le S panning Tree) PE (Privileg ed Exec) ACL (Access Contro.
Command Line I nterface 4-12 4 line This comm and id entifies a s pecific li ne for con figura tion, and to process subse quent line conf iguration co mmand s. Syntax line { conso le | vty } • console - Console t erminal line . • vty - Vi rtua l ter min al fo r re mote c onso le ac ces s (i.
Line Commands 4-13 4 Command Usage • There are three authe ntication modes pr ovided by the switch its elf at login : - log in sele cts auth entication by a single global pass word as specified by the password li ne configur ation com mand. When usi ng this meth od, the management in terface st arts in No rmal Exec (NE) mode.
Command Line I nterface 4-14 4 • The enc rypted pass word is re quired for compat ibility wit h legacy pa ssword settings (i.e., plain text or encrypt ed) wh en reading t he configur ation file during sys tem bo otup or w hen dow nloading t he conf iguration f ile from a TFTP server .
Line Commands 4-15 4 exec-time out This comm and se ts the interval th at the syst em waits until user input is de tected. Use t he no form to re store the d efault. Syntax exec-tim eout [ seconds ] no exec-time out seconds - Integer that specifies the ti meout interval.
Command Line I nterface 4-16 4 Command Usage • When th e logon att empt thr eshold is rea ched, the system interface become s silent for a specified am ount of time before all owing the nex t logon a ttempt. (Use the silent-time com man d to set this in terv al .
Line Commands 4-17 4 databits This comm and sets the num ber of d ata bits per character that are inte rpreted and generat ed by the co nsole po rt. Use the no form to res tore th e defau lt va lue. Syntax da tab i ts { 7 | 8 } no databit s • 7 - Seven data b its per char acter.
Command Line I nterface 4-18 4 Command Usage Commu nication protoco ls provid ed by devices such as termina ls and mode ms often require a sp ecific parity bi t setting. Example T o specify no parity , enter this command: speed This command set s the ter minal line’ s baud rate.
Line Commands 4-19 4 Default Sett ing 1 stop bit Command Mode Line Co nfigurat ion Example T o spec ify 2 stop bits, enter this comm and: disco nnect Thi s comm and t ermi nate s an S SH, T elne t, o r co nsol e conn ect ion. Syntax disconnect sessio n-id sessio n-i d – The session identifier for an SSH, T elnet or console connection.
Command Line I nterface 4-20 4 Example T o show all lines, en ter this co mmand: General Commands enab le Thi s com mand a cti vates Priv il eged E xec m ode. In pr ivi leg ed mode , ad dit ional comm ands are availabl e, and c ertain comm ands display a dditiona l informa tion.
General Co mmands 4-21 4 Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “super ” is the d efault p assword required to ch ange th e comma nd m ode from Normal Exec to Pr ivileged Exec. (To s et this password, s ee the enable password c omman d on page 4-2 8.
Command Line I nterface 4-22 4 configure This c ommand activ ates Gl obal C onfigu ration mo de. Y ou must enter this m ode t o modify an y setting s on the swi tch.
General Co mmands 4-23 4 The ! comman d re peat s co mmand s fro m the Exec utio n com mand hi st ory bu ff er when yo u are in Norm al Exec or Privi leged Exec M ode, and commands from the Configu ration comm and history buffer wh en you are in an y of the con figuratio n mode s.
Command Line I nterface 4-24 4 exit Thi s comma nd retu rns to the pre viou s conf igur atio n mode or exit s the co nfi gurat ion program. Default Sett ing None Command Mode Any Example This examp le.
System Management Commands 4-25 4 System Management Co mmands Thes e co mmands a re u sed t o con trol sys tem l ogs, pa sswor ds, u ser names, brow ser configur ation op tions, and display or co nfigure a va riety of othe r system i nformat ion. Device Designation Commands prompt This comm and cu stomize s the CLI prom pt.
Command Line I nterface 4-26 4 Command Mode Global Co nfigurat ion Example hostname This comm and sp ecifies or m odifies th e host na me for this de vice. Us e the no form to restor e the defaul t host name . Syntax hostnam e name no hostname name - The name of this host.
System Management Commands 4-27 4 User Access Commands The bas ic com mands requi red for mana gement access ar e listed in this secti on. This switc h also incl udes othe r options for password ch ec.
Command Line I nterface 4-28 4 Command Usage The encry pted passwor d is requir ed for compat ibility with leg acy passwo rd settings (i.e., plain t ext or encryp ted) when rea ding t he c onfigura tion file during system bo otup or when dow nloadi ng the con figuratio n file from a T FTP serve r .
System Management Commands 4-29 4 Related Commands enable (4-20) aut hent icat ion en able (4-71 ) IP Filt er Commands managem ent This comm and sp ecifies the client IP addr esses that are allow ed manage ment access t o the switch through v arious prot ocols.
Command Line I nterface 4-30 4 • You can delete an add ress rang e just by specifyin g the start add ress, or by specifyi ng both t he start add ress and en d address . Example Thi s exam ple res tri cts m anage ment ac cess to the in dica ted ad dres ses.
System Management Commands 4-31 4 Web Server Commands ip http port This comm and speci fies the TCP port num ber used by the web br owser inter face. Use t he no form to us e the defa ult port. Syntax ip http port port- number no ip http port port-number - The TCP p ort to be used by the browser interface.
Command Line I nterface 4-32 4 Example Related Commands ip htt p port (4 -31) ip http sec ure-server This comm and enabl es the se cure hype rtext transfe r protocol (HTTPS) ove r the Secure Socket Layer (SSL ), pro viding s ecure a ccess (i .e., an encrypted conn ection) to the swit ch’s web interfac e.
System Management Commands 4-33 4 Example Related Commands ip http secu re-port (4-33) copy tftp https-certif icate (4-64) ip http sec ure-port This comm and specif ies the UD P port numbe r used for HTTP S connectio n to the switch’ s web interface.
Command Line I nterface 4-34 4 Telnet Ser ver Commands ip telnet s erver This command allows this device to be monitored or configured from T elnet. It also specifie s the TCP port num ber used by the T elnet interface. Use the no for m wit hout the “port ” keyword to disable thi s functio n.
System Management Commands 4-35 4 Thi s sect ion de scri bes th e comma nds use d to con figur e the SS H serve r . Howev er , note that y ou also nee d to install a SSH cl ient on the managem ent station whe n using thi s protocol to configure t he switch.
Command Line I nterface 4-36 4 10.1.0 .54 1024 35 156 84995401867 6692593339 4677505 46173253136 7489083654 7254 15020245 5931998 68544358361 6519999233 2978176 6065830956 10 82591321289 0233 76546801.
System Management Commands 4-37 4 ip ssh se rver This comm and enable s the Secur e Shell (SSH) ser ver on this swi tch. Use the no form to disa ble this se rvice. Syntax [ no ] i p ssh server Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • The SSH server suppo rts up to four client ses sions.
Command Line I nterface 4-38 4 Command Usage The ti meo ut specifies th e interval the swit ch will wait for a response from the client duri ng the SSH neg otiation pha se. Onc e an SSH ses sion has been establishe d, the timeo ut for user inpu t is contro lled by the ex ec-timeout comm and for vty se ssions.
System Management Commands 4-39 4 Default Sett ing 768 bits Command Mode Global Co nfigurat ion Command Usage • The serve r key is a pr ivate key t hat is never shared outsi de the swi tch. • The host ke y is shared w ith the SSH c lient, and is fixed at 1024 bi ts.
Command Line I nterface 4-40 4 Command Usage • This co mmand stores the hos t key p air in mem ory (i. e., RAM ). Use the i p ssh save ho st-key co mm and to s ave the h ost key pai r to fl ash mem ory . • Some S SH client pr ograms automatic ally add the public key t o the known hosts file as part of the con figurat ion process .
System Management Commands 4-41 4 ip ssh sa ve host- key This comm and sa ves the hos t key from R AM to flash m emory . Syntax ip ssh save ho st-key [ dsa | rsa ] • dsa – DSA ke y type. • rsa – RSA key type. Default Sett ing Saves both the DSA an d RSA key .
Command Line I nterface 4-42 4 show pub lic-key Thi s com mand s hows the publ ic ke y for the s pec ifi ed use r or for the host . Syntax show p ublic-key [ user [ usernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys .
System Management Commands 4-43 4 • When a n RS A key is displa yed, the first fi eld indica tes the size of the host k ey (e.g., 10 24), the sec ond field is the e ncoded public expo nent (e.
Command Line I nterface 4-44 4 Default Sett ing None Command Mode Global Co nfigurat ion Command Usage The logging process co ntrol s error mes sages save d to switch m emory . Y o u can use the logging history comm and to co ntrol the type of error m essage s that are st ored.
System Management Commands 4-45 4 Default Sett ing Flash: error s (level 3 - 0) RAM: w arnings (lev el 7 - 0) Command Mode Global Co nfigurat ion Command Usage The messa ge l evel spec ifi ed f or fl ash memor y mus t be a hi gher pri orit y ( i.e., numer ically lo wer) than that specifi ed for RAM.
Command Line I nterface 4-46 4 Default Sett ing 23 Command Mode Global Co nfigurat ion Command Usage The comm and spec ifies the fac ility type tag sent in syslog mes sages . (See RFC 3164. ) This type has no effect on th e kind of mes sages rep orted by the switch .
System Management Commands 4-47 4 clear log This c omman d clea rs mess ages from t he lo g buffer . Syntax clear lo g [ f lash | ram ] • flas h - Event hi story sto red in flash m emory (i.e ., perman ent memo ry). • ram - Event histor y stored in temporary RAM (i.
Command Line I nterface 4-48 4 Example The f ollo win g exampl e shows th at sys tem lo ggin g is en able d, th e mess age le vel fo r flash mem ory is “erro rs” (i.e., def ault leve l 3 - 0), and the m essage l evel for RAM is “debugg ing” (i.
System Management Commands 4-49 4 show log This comm and disp lays the lo g messag es store d in local mem ory . Syntax show log { flash | ra m } • flas h - Event hi story sto red in flash m emory (i.e ., perman ent memo ry). • ram - Event histor y stored in temporary RAM (i.
Command Line I nterface 4-50 4 logging se ndmail h ost This co mmand specifies SMTP servers t hat wi ll be sent a lert me ssage s. Use the no form to r emove an SMTP serv er . Syntax [ no ] logging sendmail host ip_addres s ip_address - IP address of an SMTP server that will be sent alert messages for event handling.
System Management Commands 4-51 4 Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to t he configured email recipient s. (For examp le, using Level 7 wil l report all even ts from le vel 7 to level 0.
Command Line I nterface 4-52 4 Command Usage Y o u can speci fy up to five re cipients for aler t messa ges. How ever , you mus t enter a se parate comm and to spe cify eac h recipien t. Example logging se ndmail This comm and enable s SMTP even t handling .
System Management Commands 4-53 4 Time Commands The syste m clock can be dynam ically set by polling a set of specif ied time ser vers (NTP or SNTP) . Mai nt ain ing a n ac cura te ti me on the swi tch enabl es t he sy stem log to record meaningful d ates and times f or event ent ries.
Command Line I nterface 4-54 4 Example Related Commands sntp ser ver (4-5 4) sntp poll (4-55) show sn tp (4-55 ) sntp serv er This comm and sets the IP address of th e server s to which SN TP time reques ts are issued. U se the this com mand w ith no arg uments to clear all time serve rs from th e current l ist.
System Management Commands 4-55 4 sntp poll This comm and se ts the interval betw een send ing time requests when the switch i s set to SNTP client mode. U se the no form to resto re to the d efault. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
Command Line I nterface 4-56 4 cloc k time zon e This command set s the t ime zone for t he switch’ s internal clock. Syntax clock timezone name hou r hours minute minutes { before-utc | af ter-utc } • name - Nam e of timezo ne, us ually an acr onym.
System Management Commands 4-57 4 Default Sett ing None Command Mode Privileged Exec Example This examp le show s how to set the system clock to 15: 12:34, Feb ruary 1st , 2002.
Command Line I nterface 4-58 4 Command Usage • Use this comm and in co njunctio n with the s how running-conf ig command to compar e the inform ation in runn ing mem ory to the information stored in non-volatile memory. • This co mmand displays settings for ke y comm and mo des.
System Management Commands 4-59 4 Related Commands show runni ng-con fig (4- 59) show runn ing-config This comm and disp lays the con figurat ion inform ation cu rrently in us e.
Command Line I nterface 4-60 4 - IP a ddre ss conf igured f or VLA Ns - La yer 4 prece dence set tings - Rou ting prot ocol configu ration settings - Spa nning tree settings - Any configure d setting .
System Management Commands 4-61 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descr iption of th e items sh own by this comma nd, refer to “ Display ing System In formatio n” on page 3- 12.
Command Line I nterface 4-62 4 show us ers Shows all act ive cons ole an d T e lnet s essions, includi ng use r nam e, idle time, a nd IP address of T elnet cl ient. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Usage The sess ion use d to execut e this co mman d is indi cated by a “* ” symb ol next t o the Line (i.
System Management Commands 4-63 4 Example Frame Size Commands jumbo frame This comm and enabl es suppo rt for jumbo frames. Use the no form to di sabl e it.
Command Line I nterface 4-64 4 Example Flash/File Commands These c omman ds a re use d to m anage the system code or co nfigurat ion fi les. copy This comm and mov es (uplo ad/downl oad) a cod e image or configurat ion file between t he switch’s flas h memory and a TFTP se rver .
Flash/File Commands 4-65 4 Default Sett ing None Command Mode Privileged Exec Command Usage • The sy stem prompts for data requi red to comple te the copy co mmand. • The de stination f ile nam e shoul d not con tain slashe s ( or /) , the lead ing letter of the file na me should no t be a pe riod (.
Command Line I nterface 4-66 4 The follow ing exam ple shows how to copy t he runni ng configu ration to a s tartup file. The follow ing exam ple shows how to dow nload a co nfiguratio n file: This examp le show s how to cop y a secure- site certifica te from an TFTP server.
Flash/File Commands 4-67 4 delete This comm and dele tes a file or im age. Syntax delete [ un it :] filename • filename - Name of co nfiguratio n file or code i mage.
Command Line I nterface 4-68 4 Command Usage • If y ou enter the co mmand dir witho ut an y par amet ers, the system dis plays all files. • A colon (:) is required af ter the spec ified unit n umber.
Flash/File Commands 4-69 4 Example This examp le show s the inform ation dis played by th e whichboot command. See the table un der the dir comman d for a des criptio n of the file inform ation disp laye d by this co mmand. boot syste m This comm and sp ecifies the file or imag e used to start u p the system .
Command Line I nterface 4-70 4 Authentication Commands Y o u can conf igure thi s switch to au thentica te users logging in to the syste m for manage ment ac cess usin g local or rem ote auth enticatio n method s. Y ou can al so enable po rt-based authent ication for net work clien t access u sing IEEE 802.
Authentication Co mmands 4-71 4 • RADIUS and TACACS+ logon authentication assigns a specif ic privilege level for eac h user name and passw ord pair . The user name , pass wor d, and privilege l evel must be configur ed on the au thentic ation serv er.
Command Line I nterface 4-72 4 authenti cation is at tempted on the TACA CS+ se rver. If the TAC ACS+ s erver is not avai lable, the loca l user nam e and pass word is ch ecked .
Authentication Co mmands 4-73 4 • key - Encryption key used to authenticate logon access for client. Do not use blank spaces i n the string. (Maximum length: 20 characters) Default Sett ing • auth.
Command Line I nterface 4-74 4 Command Mode Global Co nfigurat ion Example radius- server r etransmit This c omman d sets th e numb er o f retrie s. Use the no form to res tore the defa ult.
Authentication Co mmands 4-75 4 show radi us-server This comm and disp lays the cur rent sett ings for the R ADIUS server . Default Sett ing None Command Mode Privileged Exec Example TACACS+ Client T .
Command Line I nterface 4-76 4 tacacs-se rver host This command specifies the T ACACS+ server . Use the no form to restore the default. Syntax t aca cs-serv er host host_ ip_addr ess no tacacs-serv er host host_ip_address - IP addr ess of a T ACACS+ server .
Authentication Co mmands 4-77 4 tacacs-se rver key This comm and sets the T ACACS + encrypti on key . Use t he no form to restor e the default. Syntax t aca cs-serv er key ke y_st ring no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the client.
Command Line I nterface 4-78 4 Port Security Commands These com mands can be use d to enable po rt secur ity on a port. When using po rt securi ty , the sw itch st ops learn ing new M AC ad dresses on the s pecified port whe n it has r eache d a conf igur ed max imum num ber .
Authentication Co mmands 4-79 4 Command Usage • If you e nable port se curity , the sw itch s tops learni ng new MAC addre sses on the spec ified port whe n it has reac hed a con figured m aximum number . Only incomin g traffic w ith sour ce addre sses al ready st ored in th e dynam ic or stat ic address table will be ac cepted .
Command Line I nterface 4-80 4 802.1X Port Authenti cation The switch su pports IEEE 802.1 X (dot1x) port-b ased ac cess contro l that prev ents unautho rized ac cess to the ne twork by r equiring users to first submit c reden tials for authenti cation.
Authentication Co mmands 4-81 4 dot1x default This c omman d sets a ll confi gurable d ot1x g lobal and po rt set tings t o the ir defau lt values. Command Mode Global Co nfigurat ion Example dot1x ma.
Command Line I nterface 4-82 4 Default force-au thorized Command Mode Interfa ce Conf iguration Example dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X-a utho rize d port . Use th e no form with no keyw ords to re store the de fault to single h ost.
Authentication Co mmands 4-83 4 dot1x re-aut henticate This comm and for ces re-auth enticatio n on all ports or a spe cific interfac e. Syntax dot1x re- authentic ate [ interface ] inte rface • etherne t unit / port - unit - S tac k uni t. (Ra nge: 1-8) - port - Port num ber.
Command Line I nterface 4-84 4 Example dot1x timeout re-auth period This comm and se ts the time pe riod after wh ich a conne cted clie nt must be re-authe nticated . Syntax dot1x ti meout re-a uthperiod seconds no dot1x timeou t re-authperiod secon ds - The number of sec onds.
Authentication Co mmands 4-85 4 show dot 1x Thi s comm and s hows gener al po rt au the ntica ti on rel ate d sett in gs on the s witc h or a specific interface. Syntax show d ot1x [ statistics ] [ in terfac e interf ac e ] • statistics - Displa ys dot 1x statu s for each port.
Command Line I nterface 4-86 4 - Max Count – The maximum numbe r of hosts allo wed to access t his port (page 4 -82). - Port -co ntro l – Shows the dot 1x mode on a port as auto, force-au thorized , or force- unautho rized (pag e 4-81). - Sup plicant – M AC addr ess of author ized client .
Access Contr ol List Commands 4-87 4 Access Control List Com mands Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 protoc ol port num ber or TCP c ontrol cod e) or any frame s (based on MAC address or Et hernet type ).
Command Line I nterface 4-88 4 The follow ing restric tions apply to ACLs: • This swi tch supp orts ACLs for both ing ress and e gress filtering. H oweve r, you ca n only bind on e IP ACL an d one MAC ACL to any por t for ingres s filtering, and one IP ACL an d one MAC ACL to a ny port for eg ress filter ing.
Access Contr ol List Commands 4-89 4 IP ACLs access-l ist ip This co mmand adds an IP a ccess l ist and e nters c onfigura tion mo de for standard or extende d IP ACLs .
Command Line I nterface 4-90 4 Example Related Commands permit , deny 4-90 ip ac cess-g roup (4 -98) show ip acc ess -list (4-9 3) permit , deny (Standard ACL ) This comm and adds a rule to a St andard IP AC L. The rul e sets a filter condit ion for packets eman ating from the specifie d source.
Access Contr ol List Commands 4-91 4 permit , deny (Extended ACL) This comm and adds a r ule to an Exten ded IP ACL. The rule sets a filter condi tion for packets with spec ific sour ce or desti nation IP ad dresses, protoc ol types, sour ce or destinat ion protoc ol ports, or TCP con trol codes .
Command Line I nterface 4-92 4 Command Usage • All new rule s are appen ded to th e end of the list. • Address bitmask s are simi lar to a s ubnet m ask, con taining fou r integer s from 0 to 25 5, each sepa rated by a per iod. The binary mask uses 1 b its to i ndicate “match” and 0 bits to indicat e “ignore .
Access Contr ol List Commands 4-93 4 Related Commands acce ss- list i p (4 -89) show ip access-list This comm and disp lays the ru les for confi gured IP ACL s. Syntax show ip acce ss-list { standard | exte nded } [ ac l_na me ] • standar d – Specifie s a standard I P ACL.
Command Line I nterface 4-94 4 • You must configur e a mask for an ACL r ule befor e you ca n bind it to a p ort or set the queu e or frame pr iorities associate d with the rule. Example Related Commands mas k (IP A CL ) (4-9 4) ip ac cess-g roup (4 -98) mask (IP ACL ) This co mmand defines a mask f or IP AC Ls.
Access Contr ol List Commands 4-95 4 Command Usage • Packe ts crossing a po rt are che cked agains t all the rule s in the ACL unt il a match is found. The order i n which the se pack ets are checked i s determ ined by the mask , and not the or der in whic h the ACL rules were enter ed.
Command Line I nterface 4-96 4 This s hows how to create a stand ard ACL with an in gress m ask to de ny acc ess to the IP hos t 171.69.1 98.102, and permi t access to an y others . This show s how to crea te an exte nded ACL with an egres s mask to drop packets leaving ne twork 171 .
Access Contr ol List Commands 4-97 4 This is a mo re compreh ensive ex ample. It deni es any TC P packets in which the SYN bit is ON , and permi ts all other packets. It then sets the ingress m ask to ch eck the deny rul e first, and finally binds po rt 1 to this AC L.
Command Line I nterface 4-98 4 Related Commands mas k (IP A CL ) (4-9 4) ip acces s-group This comm and bind s a port to an I P ACL. Use the no f orm to remove t he port. Syntax [ no ] ip access-group acl_na me { in | out } • acl_name – Name o f the ACL.
Access Contr ol List Commands 4-99 4 MAC ACLs access-l ist mac This comm and adds a MAC acce ss list and enters MAC ACL con figuratio n mode. Use t he no form to re move the sp ecified ACL . Syntax [ no ] access-list mac acl_nam e acl_name – Name of the ACL.
Command Line I nterface 4-100 4 Related Commands permit , deny (4-100 ) mac acce ss-g roup (4-1 05) show mac a ccess -list ( 4-101 ) permit , deny (MAC ACL) This comm and adds a rule to a MAC ACL . The rule filte rs packets matching a specifie d MAC so urce or de stination a ddress (i.
Access Contr ol List Commands 4-101 4 • vid-bi tmask 29 – VLAN bitm ask. (Ran ge: 1-4093 ) • protocol – A specific Ether net pr otocol n umber. (Rang e: 600 -fff hex. ) • protoc ol - bitmas k 29 – Protoc ol bitmask . ( Range : 600-fff hex .
Command Line I nterface 4-102 4 access-l ist mac mas k-preced ence This comm and ch anges to MA C Mask m ode used t o configur e acces s control mask s. Us e th e no form to de lete the mask table. Syntax [ no ] access-list ip m ask-pre cedenc e { in | ou t } • in – Ingr ess ma sk for ingres s ACLs .
Access Contr ol List Commands 4-103 4 • vid-bitm ask – VLAN ID of rule must match this bitmask. • ethertype – Ch eck the Ethe rnet typ e field .
Command Line I nterface 4-104 4 This examp le creates an Egress M AC ACL. show ac cess-list m ac mask-prec edence This comma nd shows the ingress or egress rule masks fo r MAC ACLs. Syntax show a ccess -list ma c m ask-pre cedenc e [ in | out ] • in – Ingr ess ma sk p receden ce for ingress AC Ls.
Access Contr ol List Commands 4-105 4 mac access -group This comm and bind s a port to a MAC ACL. Use the no f orm to remove the port. Syntax mac a ccess-group acl_na me { in | out } • acl_name – Name o f the ACL. (Max imum le ngth: 16 char acters) • in – Indi cates that th is list applies to in gress p ackets .
Command Line I nterface 4-106 4 ACL Information show ac cess-list This co mmand shows a ll ACLs and associa ted rule s, as we ll as al l the us er-defin ed masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to a n interface (i.e .
SNMP Commands 4-107 4 SNMP Command s Controls a ccess to this switch fr om management st ations using the Simple Netwo rk Manage ment Prot ocol (SNMP ), as well as t he error ty pes sent to trap manager s.
Command Line I nterface 4-108 4 Example show sn mp This comm and ca n be used to check the statu s of SNMP co mmuni cations. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Us.
SNMP Commands 4-109 4 snmp- server com munity This comm and define s the SNMP v1 and v2c commu nity acces s string. U se the no form to rem ove the sp ecified co mmun ity string.
Command Line I nterface 4-110 4 Related Commands snmp -serve r loca tion (4 -1 1 0) snmp- server loc ation This comm and se ts the system lo cation st ring. Use th e no form to remove the location string . Syntax snmp-s erver locat ion tex t no snmp-s erver lo cation text - St ring that describes the system location.
SNMP Commands 4-111 4 to us ing th e snmp -server host command. (Maximum le ngth: 32 charac ters) • version - Specifies whethe r to send no tifications as SNMP Ve rsion 1, 2c or 3 tr aps .
Command Line I nterface 4-112 4 To send an info rm to a SNMPv3 hos t, complete thes e steps: 1. En able t he S NMP ag ent (pag e 4- 107) . 2. Allo w the swit ch to send SNMP traps; i.
SNMP Commands 4-113 4 SNMP notifications, you must enter at least one snmp-s erver en able t raps comm and. If you en ter the com mand wi th no keywo rds, bot h authen tication and link-u p-down no tificati ons are ena bled. If you en ter the com mand w ith a keywo rd, only the not ificatio n type relate d to that keyw ord is ena bled.
Command Line I nterface 4-114 4 • A remote en gine ID is req uired whe n using SNMP v3 infor ms. (See snmp-s erver ho st on pa ge 4-110.) Th e remo te engi ne ID is used to comput e the secu rity digest for authe nticating and enc rypting p ackets s ent to a user on the remot e host.
SNMP Commands 4-115 4 snmp- server vie w This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove a n S NMP view. Syntax snmp-s erver view view-na me oid-tree { includ ed | exclude d } no snmp-s erver vi ew view -name • view-name - Name of an SNMP view.
Command Line I nterface 4-116 4 show sn mp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp- server group This comm and adds a n SNMP grou p, mapp ing SNMP us ers to SNM P views. Use the no form to remove an SNMP gro up.
SNMP Commands 4-117 4 Default Sett ing • Default gr oups: pu blic 30 (read onl y), pr iv ate 31 (read /write) • readvi ew - Every obj ect belonging to the Intern et OID space (1.3 .6.1). • writevie w - Nothing is defined. • notifyvie w - Nothi ng is de fine d.
Command Line I nterface 4-118 4 show sn mp group Four def ault groups are pr ovided – SNM Pv1 rea d-only ac cess and r ead/writ e access, and SNM Pv2c read -only ac cess and re ad/wri te access .
SNMP Commands 4-119 4 snmp- server use r Thi s com mand a dds a use r to an SN MP grou p, r estr ic ting the user t o a s pec ifi c SNMP Re ad, Write, or No tify View .
Command Line I nterface 4-120 4 the user res ides. Then u se the snm p-serve r user command to specify t he user and t he IP addr ess for the rem ote devi ce where t he user re sides. The remote ag ent’s SNMP engine ID is used to co mpute aut henticat ion/privac y digests from the user’s password.
DHCP Co mmands 4-121 4 DHCP Commands Thes e comma nds ar e used t o confi gur e Dynami c Host Confi gura tion Proto col (DHCP) client, rel ay , and server functions . Y ou can configur e any VL AN in terface to be automaticall y assigned an IP address via DHCP .
Command Line I nterface 4-122 4 Command Usage This c ommand is use d to i nclude a clien t identif ier in all comm unicati ons w ith the DHCP serve r .
DHCP Co mmands 4-123 4 DHCP Relay ip dhcp res tart relay This command enables DHCP re lay for the s pecified VLAN. Use the no form to disable i t. Syntax [ no ] ip dhcp relay Default Sett ing Disabled.
Command Line I nterface 4-124 4 ip dhcp rela y server This comm and sp ecifies the addresse s of DHC P server s to be used by the switch’s DHCP relay agent. Us e the no form to clear all a ddresses. Syntax ip dhcp relay ser ver address 1 [ address2 [ address 3 .
DHCP Co mmands 4-125 4 servic e dhcp This command enable s the DHCP server on this s witch. Use the no form to disable the DHCP server . Syntax [ no ] service dhcp Default Sett ing Enabled Command Mode Global Co nfigurat ion Command Usage If the DHCP server is running, you mus t resta rt it to imp lement any configur ation chang es.
Command Line I nterface 4-126 4 Default Sett ing All IP pool addr esses m ay be assig ned. Command Mode Global Co nfigurat ion Example ip dhcp po ol This command configures a DHCP address pool and enter DHCP Pool Configu ration mode . Use the no form to rem ove the a ddress pool.
DHCP Co mmands 4-127 4 network This command confi gures the subnet n umber and mask fo r a DHCP address pool. Use t he no form to re move th e subnet n umber an d mask. Syntax network networ k-numb er [ mask ] no network • net work- numb er - The IP ad dress of the DHCP add ress pool.
Command Line I nterface 4-128 4 Command Mode DHCP Pool Configuration Usage Guidelines The IP addr ess of the ro uter sho uld be on the sa me su bnet as the cl ient. Y ou can speci fy up to two ro uters. Ro uters are lis ted in order of prefere nce (st arting with ad dress1 as th e most pr efer red r outer ).
DHCP Co mmands 4-129 4 Usage Guidelines • If DNS IP se rvers are not confi gured for a DHCP client, the clien t cannot correlat e host name s to IP addr esses. • Servers are listed in ord er of preferen ce (st arting with addr ess1 as the mo st preferre d server ).
Command Line I nterface 4-130 4 Example Related Commands next-s erver (4-1 29) netbios-na me-serve r This com mand configur es Ne tBIOS Wi ndows I nternet Naming Servic e (WINS) name serv ers tha t are av aila ble t o Micro sof t DHCP clien ts . Use th e no for m to remove the NetBIOS n ame server list.
DHCP Co mmands 4-131 4 netbios-nod e-type This command confi gures the NetBIOS node typ e for Microsof t DHCP client s. Use the no f orm to remo ve t he NetB IOS nod e ty pe .
Command Line I nterface 4-132 4 Command Modes DHCP Pool Configuration Example The follow ing exam ple leases an address to clients usin g this pool for 7 days. host Use this comm and to spe cify the IP addres s and net work ma sk to ma nually bi nd to a DHCP client.
DHCP Co mmands 4-133 4 Example Related Commands client-id entifier (4-133 ) hardwar e-addre ss (4- 134) client-iden tifier This command specifies the client identifier of a DHCP client. Use the no form to remov e the client iden tifier. Syntax client-identifier { text text | hex hex } no client-identifier • text - A text strin g.
Command Line I nterface 4-134 4 hardware-addres s This command specifie s the hardware address of a DHCP client . This command is valid for ma nual bindi ngs only .
DHCP Co mmands 4-135 4 Usage Guidelines •A n ad dress sp ecifies t he client’s IP address . If an aste risk (*) is use d as the address paramet er, the DHCP server clears all auto matic bindings. •U s e t h e no host command to delet e a m anual bind ing .
Command Line I nterface 4-136 4 DNS Commands Thes e comma nds ar e used t o confi gur e Domain Naming Syste m (DNS) servic es. Y ou can ma nual ly co nfi gure en tr ies in the DNS domai n nam e to IP addres s mapp ing table, config ure defa ult domain na mes, or specify one or more name serv ers to use for domain name to addr ess translati on.
DNS Commands 4-137 4 Command Usage Servers or other netw ork devices may su pport one or m ore conn ections vi a multiple IP address es. If more t han one IP ad dress is associated with a host name usi ng this com mand, a D NS client can try each ad dress in successi on, until it establishes a c onnection with the tar get de vice.
Command Line I nterface 4-138 4 Default Sett ing None Command Mode Global Co nfigurat ion Example Related Commands ip d omai n-l ist ( 4-1 38) ip name-s erver (4-1 39) ip d omai n-l ookup (4- 140) ip domain- list This comm and de fines a list of do main na mes that ca n be append ed to inco mplete host nam es (i.
DNS Commands 4-139 4 Example This examp le adds t wo doma in names t o the curren t list and then displays t he list. Related Commands ip d omai n-na me (4-1 37) ip name-s erver Thi s com mand sp ecif ies the ad dres s of o ne or more domai n name s erv ers to use for name-to -addres s resolu tion.
Command Line I nterface 4-140 4 Example Thi s exam ple adds two doma in-n ame se rver s to the l ist an d then displ ays th e lis t. Related Commands ip d omai n-na me (4-1 37) ip d omai n-l ookup (4- 140) ip domain- lookup This comm and enabl es DNS ho st name -to-addre ss trans lation.
DNS Commands 4-141 4 Related Commands ip d omai n-na me (4-1 37) ip name-s erver (4-1 39) show hos ts This comm and disp lays the static host name -to-add ress ma pping table. Command Mode Privileged Exec Example Note that a host name will be displayed as an a lias if it is mapped to th e same address (es) as a prev iously con figured en try .
Command Line I nterface 4-142 4 show dns cache This comm and disp lays ent ries in the D NS cache . Command Mode Privileged Exec Example clear dns cac he This comm and clea rs all entries in the DNS cache. Command Mode Privileged Exec Example Console#show dns cache NO FLAG TYPE IP TTL DOMAIN 2 4 CNAME 66.
Interface Co mmands 4-143 4 Interface Commands Thes e comma nds ar e used t o displ ay or set commun ica tion p ara mete rs for an Ethernet p ort, aggregate d link, or VLAN. interface This comm and conf igures an interfac e type and en ter interfa ce configu ration mo de.
Command Line I nterface 4-144 4 Command Mode Global Co nfigurat ion Example T o spec ify port 4, en ter the followi ng comman d: descri ption This comm and adds a desc ription to an interface.
Interface Co mmands 4-145 4 Default Sett ing • Auto-ne gotiation is enabled by default. • When aut o-negot iation is disa bled, the default spe ed-dupl ex settin g is: - Gigab it Ethe rnet por ts .
Command Line I nterface 4-146 4 • If aut onegotiation is di sabled, auto-MDI/MDI- X pin signal c onfiguration will also be disa bled for th e RJ-45 ports.
Interface Co mmands 4-147 4 Related Commands negotiat ion (4-145 ) speed-d uplex (4 -144) flo wcon tro l (4-1 47) flowcontrol 32 This comm and enabl es flow control.
Command Line I nterface 4-148 4 media-type This co mman d forces the por t type s electe d for c ombinat ion ports 21-24/45- 48. U se the no form to restore the defaul t mode. Syntax media-type mode no media-type • mode - copper- forced - Always uses the built -in RJ-45 port .
Interface Co mmands 4-149 4 switchpo rt broadcast pa cket-rate This comm and co nfigures broadcas t storm co ntrol. Use the no f orm t o disable broadca st st orm cont rol. Syntax switchpo rt bro adcast packet-ra te rate no switchport broadc ast rate - Threshold level as a rate; i.
Command Line I nterface 4-150 4 Command Mode Privileged Exec Command Usage S t atistics are only initializ ed for a power r eset. This comman d sets the base value fo r displaye d statistics t o zero for the current managem ent ses sion.
Interface Co mmands 4-151 4 Example show inte rfaces counte rs This c omman d disp lays in terface statistics. Syntax show i nterface s cou nters [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range : 1-8) - port - Port num ber.
Command Line I nterface 4-152 4 Example show inte rfaces swi tchport This comm and disp lays the adminis trative an d operat ional status of th e specifie d int er face s. Syntax show i nterface s swi tchport [ interfac e ] interfa ce • etherne t unit / port - unit - Stack un it.
Interface Co mmands 4-153 4 Example This examp le show s the configu ration setting for po rt 4. Console#show interfaces switchport ethern et 1/4 Broadcast threshold: Enabled, 500 packets/second LACP .
Command Line I nterface 4-154 4 Mirror Port Commands This secti on descr ibes how to mirror traffic from a so urce port to a target port . port monitor This c omman d conf igures a mir ror sess ion.
Mirror Por t Commands 4-155 4 Example The follow ing exam ple configur es the sw itch to mi rror all packets from po rt 6 to 1 1: show port monitor This c omman d disp lays mir ror inf ormati on. Syntax sh ow port moni tor [ in terf ac e ] inte rface - ethernet unit / port (source port) • unit - Stack un it.
Command Line I nterface 4-156 4 Rate Limit Commands This funct ion allows the netwo rk manag er to control the maximum rate for traffic transmi tted or recei ved on an in terface. Rate limiti ng is config ured on inte rfaces at the edge of a network to limit tr affic into or out of the network.
Link Aggregati on Commands 4-157 4 Link Aggregation Comma nds Ports can be statica lly groupe d into an aggr egate lin k (i.e., trunk ) to increa se the bandwidth of a network co nnect ion or to ens ure fault rec overy .
Command Line I nterface 4-158 4 Dynami cally Crea ting a Port Ch annel – Ports assi gned to a co mmon po rt chann el must meet the follow ing criter ia: • Ports mu st have the same LACP system priori ty. • Ports must have the same port admi n key (Ethernet Interface).
Link Aggregati on Commands 4-159 4 lacp Thi s com mand enab les 8 02. 3ad Li nk A ggr egati on Co ntro l Pr ot ocol (LAC P) f or th e cur ren t inte rf ace.
Command Line I nterface 4-160 4 lacp system- priority This c ommand config ures a port's LACP s ystem priority . Use the no form to restore the defaul t setting. Syntax lacp { actor | pa r tn er } system -prior ity prio rit y no lacp { actor | pa r t n e r } system -prio rity • actor - Th e local side an ag gregat e link.
Link Aggregati on Commands 4-161 4 lacp admin-ke y (Ethernet Inter face) This c ommand conf igures a port's LAC P adm inistration key . Use the no f orm to restore t he default setting. Syntax lacp { actor | pa r tn er } admin -key key [ no ] lacp { ac tor | pa r t n e r } admin-key • actor - Th e local side an ag gregat e link.
Command Line I nterface 4-162 4 Default Sett ing 0 Command Mode Interface C onfigur ation (Por t Channel ) Command Usage • Ports are on ly allowed to join the sam e LAG if (1) th e LACP sys tem prio rity matches, ( 2) the LACP port a dmin key matches, and (3) th e LACP port channel key matc hes (if con figured) .
Link Aggregati on Commands 4-163 4 Example show la cp This c omman d disp lays LA CP inf ormati on. Syntax show la cp [ port-chan nel ] { counter s | internal | neighb ors | sys- id } • port-cha nnel - Local ident ifier for a link ag gregat ion group.
Command Line I nterface 4-164 4 Console#show lacp 1 internal Port channel: 1 ----------------------------------------- -------------------------------- Oper Key: 3 Admin Key: 0 Eth 1/ 2 --------------.
Link Aggregati on Commands 4-165 4 Console#show lacp 1 neighbors Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 ---------------------------.
Command Line I nterface 4-166 4 Address Table Command s Thes e comma nds ar e used t o confi gur e the addr ess tabl e for filte ring spec ifi ed addr esse s, dis play ing cu rren t entr ies , clea ring the t able , or set tin g the agi ng tim e.
Address T able Commands 4-167 4 mac-addr ess-table stati c This comm and maps a static ad dress to a destination port in a VLAN. Use the no form to rem ove an a ddress.
Command Line I nterface 4-168 4 clear mac -address- table dynamic This comm and rem oves any l earned en tries from the forward ing databa se and clears the transmi t and rece ive counts for any static or system configur ed entr ies.
Address T able Commands 4-169 4 means t o match a bi t and “1” means to ignore a bi t. For exam ple, a mas k of 00-00-0 0-00-0 0-00 means an exact m atch, an d a mask of FF-FF-FF -FF-FF-FF m eans “any .” • The maxi mum nu mber of add ress ent ries is 819 1.
Command Line I nterface 4-170 4 Spanning Tree Command s This secti on include s comm ands that con figure th e S panning Tree Algorithm (S T A) globally fo r the switch , and com mands tha t configur e ST A for th e selected i nterface .
Spanning Tree Commands 4-171 4 span nin g-t ree Thi s com mand en able s the S p anni ng T ree Algo rit hm glo bal ly for th e swit ch. Use th e no form to disab le it.
Command Line I nterface 4-172 4 memb ers may be inadverte ntly disa bled to prev ent netwo rk loops, thus isolating group memb ers. Wh en op erating multipl e VLANs , we r ecommen d selecti ng the MST P option.
Spanning Tree Commands 4-173 4 Command Usage This command set s the maximum time (in s econds) the r oot device wil l wait before changin g states (i.e., discardi ng to lear ning to fo rwarding) . This del ay is required becaus e every dev ice must re ceive inf ormatio n about topol ogy changes before i t starts to forwar d frames .
Command Line I nterface 4-174 4 Default Sett ing 20 seco nds Command Mode Global Co nfigurat ion Command Usage This comm and sets the ma ximum t ime (i n second s) a d evice ca n wait wit hout receivin g a conf iguration m ess age befo re attem pting t o reconfi gure.
Spanning Tree Commands 4-175 4 spanning-tre e pathcost m ethod This comm and co nfigures the path cost met hod used fo r Rapid Sp anning T ree an d Multiple S panning Tr ee.
Command Line I nterface 4-176 4 spanning-tre e mst-configura tion This comm and chang es to Mult iple S panning Tree (MST) con figuratio n mode. Default Sett ing • No VLANs ar e mappe d to any MST in stance. • The regi on name is set the switch ’s MAC address .
Spanning Tree Commands 4-177 4 and the sa me instan ce (on each bridge) with t he same s et of VLANs. Also , note that RS TP treats eac h MSTI re gion as a sing le node, con necting al l regions to the Commo n Spanning Tree. Example mst priority This c ommand conf igures t he prio rity of a spanni ng tree instanc e.
Command Line I nterface 4-178 4 Default Sett ing Switch’s MAC ad dress Command Mode MST Conf iguration Command Usage The MST re gion name an d revision numbe r (page 4-178) are us ed to designa te a unique M ST regio n. A bridge (i.e., spanning- tree comp liant dev ice suc h as th is sw itch ) can only belo ng to one MST regi on.
Spanning Tree Commands 4-179 4 max-hops This comm and co nfigures the maximum numbe r of hops in the regi on befor e a BPDU is discarde d. U se the no fo rm to restor e the defaul t. Syntax max-h op s hop-numb er hop-number - M aximum hop num ber for multiple spanning tree.
Command Line I nterface 4-180 4 span nin g-t ree co st This comm and co nfigures the spanning tree path cost for th e specified i nterface . Use t he no form to re store the d efault. Syntax spanning-tree cost co st no spanning-tree co st cost - T he path cos t for the p ort.
Spanning Tree Commands 4-181 4 spanning-tre e port-priority This c ommand conf igures t he prio rity fo r the s pecified interf ace. Us e the no form to restore t he default . Syntax spanning-tree port-priority prio rity no spanning-tree port -priority priority - The priority for a por t.
Command Line I nterface 4-182 4 devices such as workstat ions or servers, re tains t he curre nt forwa rding databas e to redu ce the amo unt of fra me floodi ng requ ired to re build addr ess tables .
Spanning Tree Commands 4-183 4 Related Commands spanning-tr ee edg e-port (4-181) spanning-tre e link-type This c ommand conf igures t he link type for Ra pid Sp anning Tree and Multipl e S panning Tree.
Command Line I nterface 4-184 4 The recom mende d range is - - Ether net: 200, 000-20, 000,00 0 - Fas t Ether net: 20,00 0-2,000 ,000 - Gigab it Ethern et: 2,000-20 0,000 - 10 Gi gabi t Ethe rne t: 20.
Spanning Tree Commands 4-185 4 Command Mode Interface C onfigur ation (Eth ernet, Por t Channel ) Command Usage • This comm and de fines the pri ority for the us e of an inter face in the mul tiple spannin g-tree.
Command Line I nterface 4-186 4 show sp anning-tree This c ommand shows the c onfigura tion fo r the c ommon spanning tree (CST) or for an instance withi n the multiple sp anning tree (MST). Syntax show s panning-tree [ in terface | mst instance_id ] • int er face • etherne t unit / port - unit - Stack un it.
Spanning Tree Commands 4-187 4 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode: MSTP Spanning tree enable/disable: enable Instance: 0 Vlans configuration: 1-4093 Priority: 32768 Bridge Hello Time (sec.
Command Line I nterface 4-188 4 show sp anning-tree ms t configuration This c ommand shows the c onfigu ration of the multiple spanning tree. Command Mode Privileged Exec Example VLAN Commands A VLAN is a gro up of ports that ca n be located anywher e in the netwo rk, but comm unicate as t hough the y belong to the same ph ysical segment.
VLAN Commands 4-189 4 vlan databas e This comm and ente rs VLAN databa se mode. Al l comman ds in this mod e will take effect imm ediately . Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • Use the VLAN databa se co mmand mode to ad d, chan ge, an d delete VLANs .
Command Line I nterface 4-190 4 Command Usage • no vlan v lan-id deletes the VL AN. • no vlan v lan-id name rem oves th e VLAN nam e. • no vlan v lan-id state re turns the VL AN to the defau lt state (i.e ., active). • You can con figure up to 255 VLANs on the switch .
VLAN Commands 4-191 4 Example The follow ing exam ple shows how to set the i nterface configura tion mode to VLAN 1, and t hen assi gn an IP addres s to the VLAN : Related Commands shutdown (4 -148) switchpo rt mode This comm and conf igures the VLAN me mbership mode for a port .
Command Line I nterface 4-192 4 switchpo rt accepta ble-frame-type s This co mmand configur es the a cceptable f rame ty pes for a port. Us e the no form to restore t he default . Syntax switchpo rt acceptable -frame-ty pes { all | tag g e d } no switchp ort acceptable -frame-ty pes • all - The por t accepts al l frames, tag ged or unta gged.
VLAN Commands 4-193 4 • If ingress filtering is enable d and a po rt rece ives frame s tagged for VLA Ns for whi ch i t is not a memb er, t hese fra mes wi ll b e di scar ded. • Ingress filt ering does no t affect VLAN independen t BPDU fram es, suc h as GVRP or STA.
Command Line I nterface 4-194 4 switchpo rt allowed v lan This c ommand config ures V LAN gr oups on the se lected interfac e. Us e the no form to restor e the defaul t.
VLAN Commands 4-195 4 switchpo rt forbidden vlan This c ommand config ures for bidden VLANs . Use the no form to re move the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan -list | remove vlan-li st } no switchp ort forbi dden vlan • add vlan-l ist - Lis t of VLAN ide ntifi ers to ad d.
Command Line I nterface 4-196 4 show vl an This comma nd shows VLAN information . Syntax show v lan [ id vlan-id | name vlan-n ame ] • id - Key word to be foll owed by the VLAN ID. vlan-i d - ID of t he conf ig ured VL AN. (Rang e: 1- 4093, no le adi ng zero es) • name - Keyw ord to be follow ed by the VLAN name.
VLAN Commands 4-197 4 Configuring Pri vate VLANs Private VLA Ns prov ide port-bas ed secu rity and isolat ion betw een ports within the assigne d VLA N. This sectio n descr ibes c omma nds use d to c onfigure priva te VlA Ns. pvlan This comm and enab les or con figures a p rivate VLAN .
Command Line I nterface 4-198 4 show pv lan This comm and displ ays the con figured privat e VLAN. Command Mode Privileged Exec Example Configuring Prot ocol-based VLANs The net work d evices r equired to sup port mult iple pro tocols c annot b e easil y group ed into a common VLAN.
VLAN Commands 4-199 4 3. Then map the protoco l for each inte rface to the ap propriat e VLAN using the protocol-vlan protoco l-group com mand ( Interface C onfigur ation mod e). protocol-vla n protocol-group ( Confi guring Gr oups) Thi s comman d creat es a pr otocol group , or to ad d speci fic protoc ols t o a group.
Command Line I nterface 4-200 4 Command Mode Interface C onfigur ation (Eth ernet, Por t Channel ) Command Usage • When cre ating a pro tocol-based VLAN, only assign inte rfaces vi a this comm and.
VLAN Commands 4-201 4 show inte rfaces protoco l-vlan protocol -group This comm and show s the mapp ing from pr otocol gr oups to VLAN s for the selec ted int er face s. Syntax show interface s protocol-vlan prot ocol-group [ interface ] inte rface • etherne t unit / port - unit - Stack un it.
Command Line I nterface 4-202 4 GVRP and Bridge Extens ion Commands GARP VL AN Regist ration Pro tocol define s a way for sw itches to exchang e VLAN informat ion in order to automatica lly registe r VLAN mem bers on int erfaces ac ross the netwo rk.
GVRP and Bridge Extens ion Commands 4-203 4 Command Mode Privileged Exec Command Usage See “Dis play ing Bas ic VLA N I nfor mati on” on p age 3-138 an d “Di spl ayin g Bridge E xtension C apabilities ” on page 3-15 for a descri ption of the displaye d ite ms .
Command Line I nterface 4-204 4 Default Sett ing Shows bo th global an d interface- specifi c configur ation. Command Mode Normal Exec, Priv ileged Exec Example garp timer This comm and se ts the values for the join, leave an d leavea ll timers. U se the no form to r estore the time rs’ default v alues.
GVRP and Bridge Extens ion Commands 4-205 4 Example Related Commands show garp t imer ( 4-205) show ga rp timer This c omman d show s the GARP time rs for the se lected interfac e. Syntax sh ow garp time r [ interface ] inte rface • etherne t unit / port - unit - Stack un it.
Command Line I nterface 4-206 4 Priority Commands The comm ands des cribed in this secti on allow yo u to specif y which data pack ets have grea ter preced ence whe n traffic is buffered in the switch du e to conges tion. This switch su pports CoS with e ight priority qu eues for each port.
Priority Co mmands 4-207 4 Default Sett ing Weighted R ound Robin Command Mode Global Co nfigurat ion Command Usage Y o u can set the sw itch to se rvice the qu eues ba sed on a stric t rule that requ.
Command Line I nterface 4-208 4 • This switch provide s eight priorit y queues for eac h port. It is con figured to use Weigh ted Round Ro bin, whi ch can be view ed with the show queue bandwidth comma nd.
Priority Co mmands 4-209 4 queue cos -map This comm and as signs clas s of service (CoS) val ues to the prior ity queues (i.e., hardwar e output queues 0 - 7). Us e the no form set the Co S map to the defa ult values. Syntax queue cos- map queue _id [ co s1 .
Command Line I nterface 4-210 4 show que ue mode This c ommand shows the c urrent queue mo de. Default Sett ing None Command Mode Privileged Exec Example show que ue bandwi dth This command dis plays the weighted r ound-robin (WRR) bandwid th allocati on for the eight p riority queu es.
Priority Co mmands 4-211 4 Default Sett ing None Command Mode Privileged Exec Example Priorit y Commands (Layer 3 and 4) map ip port (Gl obal Co nfiguratio n) This co mmand en ables I P port mapping (i.e., class of ser vice map ping for TCP/UDP socke ts).
Command Line I nterface 4-212 4 Example The follow ing exampl e shows how to enable TC P/UDP port mapp ing globally : map ip port (Inte rface Confi guration) This command set s IP port p riority (i.e., TCP/UDP port priority ). Use the no form to remove a sp ecific setti ng.
Priority Co mmands 4-213 4 • IP Prece dence and IP DSCP c annot bo th be enab led. En abling one of these priority types will a utomatically dis able the other type.
Command Line I nterface 4-214 4 map ip ds cp (Globa l Configurat ion) This comm and enabl es IP DSC P mapping ( i.e., Differentiat ed Services Code Point mapping) .
Priority Co mmands 4-215 4 Default Sett ing The DS CP def ault value s are de fine d in the f ollo win g ta ble. N ote th at all the DSCP values t hat a re not specified are m apped to CoS val ue 0.
Command Line I nterface 4-216 4 Default Sett ing None Command Mode Privileged Exec Example The follow ing shows t hat HTT P traffic has been mapped t o CoS value 0: Related Commands map ip port ( Glob.
Priority Co mmands 4-217 4 Example Related Commands map ip prec edence (G lobal Conf iguration ) (4- 212) map ip prec edenc e (Interface Configurat ion) (4-2 13) show ma p ip dscp This comm and show s the IP DSC P priorit y map. Syntax show m ap ip dscp [ inte rface ] inte rface • etherne t unit / port - unit - Stack un it.
Command Line I nterface 4-218 4 Related Commands map ip dscp ( Global Co nfigurat ion) (4-21 4) map ip d scp (I nt erfa ce Co nfigu rati on) (4-2 14) Quality of Service Comm ands The comm ands des cribed in this section ar e used to configure Di fferentiated Services ( DiffServ) class ificatio n criteri a and serv ice policies .
Quality of Servic e Commands 4-219 4 any tr affic that exceeds the s pecified rate, or jus t redu ce the DS CP servi ce le vel for traf fic ex ceed ing the sp ecif ie d rat e. 7. Use the servic e-policy c omma nd to as sign a policy m ap to a specific interfac e.
Command Line I nterface 4-220 4 Related Commands show clas s map (4- 225) matc h This c omman d define s the criteria used to c lassify traffic. U se the no form to delete the matc hing crit er ia.
Quality of Servic e Commands 4-221 4 This examp le creat es a class m ap call “rd _class# 2,” and se ts it to match packets mark ed f or IP Prec edenc e se rvic e val ue 5: This examp le creat es .
Command Line I nterface 4-222 4 average bandwidth to 100 ,000 Kbps, the bu rst rate to 1522 bytes, an d configur e the respons e to drop an y violating packets. class This comm and d efines a t raffic classific ation upon which a policy ca n act, and en ters Policy Ma p Class con figuratio n mode.
Quality of Servic e Commands 4-223 4 set This comm and service s IP traffic by setting a CoS, DSCP , or IP Preced ence value in a matc hing pack et (a s specif ie d by the match com mand on pag e 4-220 ). Use the no form to remo ve the traf fic class ification.
Command Line I nterface 4-224 4 Command Usage • You can configure up to 63 policer s (i.e., class maps) for Fa st Ethernet and Gigabit Ethe rnet ingre ss ports, and up to 225 polic ers for 10G Eth ernet ingress po rts. • Policing is b ased on a t oken b ucket, where buck et depth (i.
Quality of Servic e Commands 4-225 4 Example This examp le applie s a servic e policy to an in gress inte rface. show cl ass-map Thi s com mand dis play s th e QoS clas s ma ps whic h def ine matc hing cri ter ia u sed f or classifyin g traf fic. Syntax show c lass- map [ class- map-nam e ] class-map-name - Name o f t he cla ss ma p.
Command Line I nterface 4-226 4 Example show pol icy-map inte rface Thi s comma nd dis play s the ser vic e polic y ass igned t o the sp ecif ied int erf ace. Syntax show po licy-ma p interface interface input interfa ce • etherne t unit / port - unit - Stack un it.
Multicast Filte ring Commands 4-227 4 IGMP Snooping Commands ip igmp sn ooping This comm and enables I GMP sn ooping o n this swi tch. Use t he no form to disa ble i t. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfigurat ion Example The follow ing exam ple enab les IGMP sno oping.
Command Line I nterface 4-228 4 Default Sett ing None Command Mode Global Co nfigurat ion Example The follow ing shows h ow to statical ly configur e a multicas t group on a port: ip igmp sn ooping versio n This c ommand config ures the IGMP snoo ping v ersion.
Multicast Filte ring Commands 4-229 4 Command Usage See “Con figuring I GMP Sno oping a nd Que ry Param eters” o n page 3-171 for a descrip tion of the di splayed items. Example The fo llowing shows the c urrent I GMP s nooping configu ration: show ma c-address-tab le multicast This comm and sh ows know n multicast address es.
Command Line I nterface 4-230 4 IGMP Query Commands (Layer 2) ip igmp sn ooping qu erier This co mmand enable s the s witch as an IG MP quer ier . Use t he no form to disable it.
Multicast Filte ring Commands 4-231 4 Command Mode Global Co nfigurat ion Command Usage The que ry c ount de fines ho w lo ng the querier waits for a res ponse from a multicas t client before taking a ction.
Command Line I nterface 4-232 4 Default Sett ing 10 seco nds Command Mode Global Co nfigurat ion Command Usage • The swit ch must be us ing IGMPv2 for this command to t ake effect. • This comm and de fines the time after a quer y, during w hich a resp onse is expecte d from a mu lticast c lient.
Multicast Filte ring Commands 4-233 4 Example The follow ing shows h ow to con figure th e default time out to 300 seconds: Related Commands ip i gmp s noo ping vers ion ( 4-22 8) Static Multi cast Routing Commands ip igmp sn ooping vlan mrouter This comm and statica lly configures a multic ast router port.
Command Line I nterface 4-234 4 Example The fo llowing s hows h ow to configure port 1 1 as a mu lticast rout er port w ithin VL AN 1: show ip igmp snoopin g mrouter This comm and d isplays inf ormation on statical ly configur ed and dy namica lly learned multicast router por ts.
Multicast Filte ring Commands 4-235 4 ip igmp This comm and enabl es IGMP on a VLAN inte rface. Use the no form of th is comm and to disable IGMP on the specifie d interface.
Command Line I nterface 4-236 4 Command Usage The r obust nes s valu e is use d in calc ulat ing t he appr opr iat e range for ot her IGMP v ariables , such as the Group Mem bership Interval ( ip ig mp last-memb-query-i nterval , page 4-237) , as well as the O ther Querier Pr esent Interval, and t he St artup Query C ount (RFC 2236).
Multicast Filte ring Commands 4-237 4 ip igmp ma x-resp-interva l Thi s com mand co nfi gures the maxim um re spons e tim e adv erti sed i n IGMP queri es. Use t he no form of this command to re store the defa ult. Syntax ip ig mp max-r esp-i nterval seco nds no ip igmp max-re sp-interval seconds - The report delay a dvertised in IGMP quer ies.
Command Line I nterface 4-238 4 Command Mode Interface C onfigur ation (VLAN) Command Usage • A mul ticast cl ient send s an IGMP leave me ssage when it leav es a gr oup. T he router the n checks t o see if this wa s the last hos t in the group by se nding an IGMP que ry and sta rting a timer based on this comman d.
Multicast Filte ring Commands 4-239 4 show ip igmp interface This comm and show s the IG MP config uration for a specific VLA N interfac e or for a ll int er face s.
Command Line I nterface 4-240 4 Example The follow ing exampl e clears al l multicast group entries for VLAN 1: show ip igmp groups This command displays information on multicast groups acti ve on this switch. Syntax show ip igmp groups [ gro up-address | interf ace vlan vlan-id ] • grou p-ad dre ss - IP ad dress of the multicast group.
IP Interface Co mmands 4-241 4 IP Interface Commands There are no IP addre sses assi gned to thi s router by de fault. Y ou mu st manu ally configur e a new add ress to man age the router over your netw ork or to conn ect the router t o existing I P subne ts.
Command Line I nterface 4-242 4 ip addr ess This command set s the IP address for the currently selecte d VLAN interface. Us e the no form t o rest ore th e defa ult IP addres s.
IP Interface Co mmands 4-243 4 periodic ally by this de vice in an ef fort to lear n its IP addr ess. (BOOT P and DHCP values can include the IP address, de fault gateway, and subnet mask). • You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restar t client comm and , or by rebooti ng the r outer.
Command Line I nterface 4-244 4 Related Commands show ip red irec ts (4-2 44) ip rou tin g (4 -2 49) ip rou te (4-25 0) show ip interface This command dis plays the setti ngs of an IP in terface.
IP Interface Co mmands 4-245 4 ping This comm and se nds ICMP echo reque st packets to anothe r node on the netwo rk. Syntax ping host [ count count ][ size size ] • host - IP ad dress or IP al ias of t he host . • count - Nu mber of pack ets to se nd.
Command Line I nterface 4-246 4 Address Resolut ion Protocol (ARP) arp This comm and adds a static entry in the Address R esolution Pr otocol (AR P) cach e. Use t he no form to r emove an entry from the cache. Syntax arp ip-addr ess hard ware-add ress no arp ip-a ddre ss • ip-a ddre ss - IP addres s to map t o a specified ha rdwar e address .
IP Interface Co mmands 4-247 4 arp-time out This comm and sets the agi ng time for dynamic en tries in the Ad dress Resolutio n Protocol (ARP) cache . Use the no form to restore the default. Syntax arp-timeou t seco nds no arp-timeo ut seconds - The time a dynami c entry remains in the AR P cache.
Command Line I nterface 4-248 4 Command Usage This comm and disp lays inform ation abou t the ARP cache. The first line shows the cache timeout . It also show s each cach e entry , including the corres ponding IP address , MAC addr ess, type (s tatic, dynam ic, other), and VLAN in terfac e.
IP Routing Co mmands 4-249 4 IP Routing Commands After you configu re networ k interfaces for this router, you mus t set the paths use d to send tra ffic between differe nt interfac es. If you ena ble routing on this dev ice, traffic will auto matically be forwarde d betwe en all of the loca l subnet works .
Command Line I nterface 4-250 4 Command Usage • The comm and affec ts both stat ic and dy namic uni cast routing . • If IP routing is enabled, all IP pa ckets ar e routed usin g either stat ic routing or dynamic r outing via RIP or OSP F, and oth er packet s for all non- IP protocol s (e.
IP Routing Co mmands 4-251 4 clear ip route This comm and rem oves dyna mically le arned entr ies from the IP routing table. Syntax clear ip route { network [ netmask ] | * } • network – Network or subne t address. • netma sk - Net work m ask for the associ ated IP s ubnet.
Command Line I nterface 4-252 4 Example show ip host-route This comm and disp lays the in terface as sociated w ith know n routes. Command Mode Privileged Exec Example Consol e#sh ow ip ro ute Ip Addr ess Netmask Next Hop Pro tocol M etri c Interf ace ------ ---- ---- - ------ ---- ----- -- ---- ---- ----- --- ---- --- ---- -- --- ---- -- 0.
IP Routing Co mmands 4-253 4 show ip traffic This comm and disp lays statistics fo r IP , ICM P , UDP , TCP and AR P protocols. Command Mode Privileged Exec Command Usage For a descr iption of the in formation shown by this comm and, see “D isplaying S tatistics for IP Proto cols” on page 3-2 16.
Command Line I nterface 4-254 4 Routing Infor mation Protocol (RIP) router rip Thi s com mand e nab les Ro uti ng I nfor mati on Pr otoc ol ( RIP) rou ting for all IP int erf aces on th e ro uter .
IP Routing Co mmands 4-255 4 timers basic This c ommand conf igures t he R IP upda te timer, timeout t imer , and garb age- coll ec tio n tim er. Use t he no form to rest ore the de faults.
Command Line I nterface 4-256 4 network This command specifie s the network inte rfaces that will be included in the RIP routing pr ocess. Use the no form to remove an entry . Syntax [ no ] ne two rk subnet-add ress subnet- addres s – IP address of a netw ork direct ly conn ected to this r outer .
IP Routing Co mmands 4-257 4 Command Usage This comm and ca n be used to co nfigure a static ne ighbor wit h which this router w ill exchange inf ormati on, rather tha n relying on broadcas t messages generated by the RIP pr otocol. Example vers ion This comm and speci fies a RIP ve rsion us ed globally by the router.
Command Line I nterface 4-258 4 ip rip receive v ersion This command specif ies a RIP version to receiv e on an interface. Use the no form to restore t he default value. Syntax ip rip receiv e versio n { none | 1 | 2 | 1 2 } no ip rip receive version • none - Does no t accept incoming RIP packets.
IP Routing Co mmands 4-259 4 ip rip send version This comm and speci fies a RIP ve rsion to sen d on an int erface. Use the no form to restore t he default value. Syntax ip rip send ver sion { non e | 1 | 2 | v2-broadca st } no ip rip send version • none - Do es not tr ansmi t RI P up dates .
Command Line I nterface 4-260 4 ip split-horiz on This comm and en ables split-ho rizon or poison-re verse (a variation) on an interface . Use t he no form to dis able split- horizon. Syntax ip split-horizon [ poison-reverse ] no ip split-horizon poison-reverse - E nables poison -reverse on the curre nt inte rface.
IP Routing Co mmands 4-261 4 • For auth entication to function pr operly , both the se nding and receiving interfa ce must be co nfigured w ith the sa me passw ord. Example This examp le sets an authe nticati on password of “small” to ve rify inco ming routin g messag es and to tag outg oing rou ting mess ages.
Command Line I nterface 4-262 4 show rip g lobals This c omman d disp lays g lobal co nfigurat ion s ettings for R IP . Command Mode Privileged Exec Example show ip rip This c omman d disp lays in formation abo ut inter faces configur ed fo r RIP .
IP Routing Co mmands 4-263 4 Example Console #show i p rip con figurat ion Interfa ce Sen dMode R eceiveM ode Poison Aut hent ication ------- ----- --- ------- ----- --- - ------- ---- - ----- ----- ---- -- ----- ----- ------ 10.1.0. 253 ri p1Co mpatibl e RIPv1Orv 2 SplitH orizo n noAuthe ntica tion 10.
Command Line I nterface 4-264 4 Open Shortest Path First (OS PF) T a ble 4-8 9 Open Shortest Path Fir st Com mand s Comman d Function M ode Page General C onfigu ration router ospf E nables or disable.
IP Routing Co mmands 4-265 4 router ospf This c ommand enables Open Shorte st Path F irst (OS PF) rou ting for a ll IP int erfaces on th e rout er . Use the no form to disable it.
Command Line I nterface 4-266 4 Command Usage • The rout er ID must be unique fo r every rout er in the auton omous sy stem. Usi ng th e de faul t se tti ng bas ed on the low est i nte rfac e add ress ensu res that each rou ter ID is unique . Also, no te that y ou can not set t he rout er ID to 0.
IP Routing Co mmands 4-267 4 default-inform ation originate This comm and gener ates a def ault extern al route into an autono mous sys tem. Use the no form t o disa ble th is fe atur e.
Command Line I nterface 4-268 4 Related Commands ip route (4-250) redistribute (4-270) timers spf Thi s comm and c onfi gure s th e hol d ti me be tween maki ng two con secut ive shor test path first (SPF) ca lculations. Us e the no form to restore the default val ue.
IP Routing Co mmands 4-269 4 Default Sett ing Disabled Command Usage • Th is comm and can be used t o adver tis e rout es bet ween ar eas. • If routes a re se t to be adv ertised, the rout er will is sue a T ype 3 sum mary LSA for each address r ange speci fied with th is comma nd.
Command Line I nterface 4-270 4 summar y-address This comm and aggr egates r outes lear ned from ot her protoc ols. Use the no f orm to rem ove a sum ma ry add ress. Syntax [ no ] su mmary-ad dress summar y-addr ess net mask • summary-a ddress - Summar y addres s covering a range of ad dresses.
IP Routing Co mmands 4-271 4 Default Sett ing redistr ibution - none protocol - R IP and static metric-v alue - 0 type -me tric - 2 Command Usage • This route r supports redistribu tion for bo th RIP and stati c routes.
Command Line I nterface 4-272 4 Command Usage • An area ID un iquely def ines an OS PF broad cast are a. The area ID 0.0.0.0 indicate s the OSP F backb one for an autonomou s syst em. Each router mu st be connec ted to the bac kbone via a direct connect ion or a virtua l link.
IP Routing Co mmands 4-273 4 Command Usage • Al l ro uter s in a st ub mus t be conf igur ed wit h t he sa me ar ea I D. • Routing table spac e is saved in a stub by bloc king T ype-4 AS su mmary LSA s and Type 5 ex ternal LSAs .
Command Line I nterface 4-274 4 Command Usage • Al l ro uter s in a NSSA mus t be confi gured wit h th e sam e area ID. • An NSSA is simi lar to a s tub, becaus e when t he ro uter is an ABR, it ca n send a defa ult route f or other areas in the AS into the NSSA using t he default- info rma tio n-o rig in ate keyword.
IP Routing Co mmands 4-275 4 • authenti cation - S pec ifies the authe nticati on mode. If no optiona l parameter s follow this keyword, then plain text authen tication is use d along with the passwor d speci fied by the a uthenti cation-key .
Command Line I nterface 4-276 4 Default Sett ing area-id : None router-id : None hel lo-i nter val : 10 second s ret ran smit-i nter val : 5 seco nds transm it-dela y : 1 second dead -int erva l : 40 seconds aut henti cat ion- key : None messag e-diges t-key : None Command Usage • Al l area s must be conn ected t o a backb one ar ea (0.
IP Routing Co mmands 4-277 4 Command Mode Interface C onfigur ation (VLAN) Default Sett ing No au th en tica tio n Command Usage • Before s pecifying pl ain-text pa ssword authent ication for an interface , configur e a passwor d with the ip ospf authen tication-k ey com mand.
Command Line I nterface 4-278 4 Example This e xample sets a pass word for the spe cified in terface. Related Commands ip ospf authentication (4-276) ip ospf message-d igest-key This comm and en ables mess age-di gest (MD5) authent ication on th e specifi ed interface an d to assig n a key-id and key to be u sed by neig hboring rou ters.
IP Routing Co mmands 4-279 4 Related Commands ip ospf authentication (4-276) ip ospf cost This comm and expl icitly sets the co st of sendi ng a packet on an interface. Use the no form to restore the default value. Syntax ip o spf cos t cost no ip ospf cost cost - Link m etric for thi s interface.
Command Line I nterface 4-280 4 Example Related Commands ip ospf hello-interval (4-280) ip ospf hel lo-interva l This co mman d speci fies th e interv al betw een sen ding he llo pack ets on an interface . Use t he no form to re store the d efault value .
IP Routing Co mmands 4-281 4 Default Sett ing 1 Command Usage • Set the priority to zero to prevent a router from being elect ed as a D R or BD R. If set to any value othe r than zero, the router with th e highest p riority will become the DR and the router wi th the next highest pr iority becom es the BDR.
Command Line I nterface 4-282 4 ip ospf trans mit-delay This command set s the es timated time to s end a link-s tate u pdate packet o ver an int erf ace. Use the no form to restor e the defaul t value. Syntax ip ospf trans mit-del ay seco nds no ip ospf transmit-del ay secon ds - S ets the estimated time requ ired to send a link- state upda te.
IP Routing Co mmands 4-283 4 show ip ospf border-routers This c ommand shows entries in the rou ting table that le ad to an Area Border Rou ter (ABR) or Autonomo us System Bound ary Router (ASBR ).
Command Line I nterface 4-284 4 show ip ospf databas e This c ommand shows inform ation a bout d ifferent O SPF Lin k St a te A dvertise ments (LSAs) st ored in this router ’s d atabase.
IP Routing Co mmands 4-285 4 Command Mode Privileged Exec Examples The follow ing shows o utput fo r the show ip ospf dat abase command. Consol e#sh ow ip os pf datab ase Displa ying R outer Li nk State s(Area 1 0.1. 0.0) Link ID ADV Rou ter Age Seq# Checksum ----- ---- ------ - ------ ------ -- --- --- ---- ----- -- --- ------ -- 10.
Command Line I nterface 4-286 4 The follow ing shows o utput whe n using th e asbr-s ummary keyword. Consol e#sh ow ip os pf datab ase as br-sum mary OSPF Ro uter w ith id(1 0.
IP Routing Co mmands 4-287 4 The follow ing shows o utput whe n using th e dat abase- summary keywo rd. Console#show ip ospf database database-summary Area ID (10.
Command Line I nterface 4-288 4 The follow ing shows o utput whe n using th e externa l keywor d. Consol e#sh ow ip os pf datab ase ex ternal OSPF Rou ter wi th id( 192.16 8.5. 1) (Auto nomo us syst em 5) Displa ying A S Exte rnal Lin k Stat es LS age: 43 3 Option s: (No T OS-c apabil ity) LS Type : AS Ext ernal Li nk Link Sta te ID: 1 0.
IP Routing Co mmands 4-289 4 The follow ing shows o utput whe n using th e network keywo rd. Consol e#sh ow ip os pf datab ase ne twork OSPF Ro uter w ith id(1 0.
Command Line I nterface 4-290 4 The follow ing shows o utput whe n using th e rout er keywor d. Consol e#sh ow ip os pf datab ase ro uter OSPF Ro uter w ith id(1 0.
IP Routing Co mmands 4-291 4 The follow ing shows o utput whe n using th e summar y keyword . Number o f TOS me trics Type of Service me tric – T his rou ter only su pports TOS 0 (or no rmal s ervice) Metrics Cost of the link Consol e#sh ow ip os pf datab ase su mmary OSPF Ro uter w ith id(1 0.
Command Line I nterface 4-292 4 show ip ospf interface This comma nd displays summary in formation for OSPF interfa ces. Syntax show ip ospf interfa ce [ vlan vlan -id ] vlan-i d - VLAN I D (Range: 1-40 93) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.
IP Routing Co mmands 4-293 4 show ip ospf neighbor This c omman d disp lays in formation abo ut neigh boring route rs on each i nterface wit hin an OS PF ar ea. Syntax show ip ospf neighbor Command Mode Privileged Exec Example Console#show ip ospf neighbor ID Pri State Address --------------- ------ ---------------- - -------------- 10.
Command Line I nterface 4-294 4 show ip ospf summary- address This co mmand dis plays all s ummary addre ss infor mation. Syntax show ip osp f summary -address Command Mode Privileged Exec Example This examp le show s a summ ary address and ass ociated net work ma sk.
Multicast Routi ng Commands 4-295 4 Multicast Routing Comman ds This route r uses IGMP sn ooping an d quer y to determi ne the ports con nected to downstr eam mu lticast hosts , and to propagate this .
Command Line I nterface 4-296 4 Default Sett ing No static mult icast router ports are config ured. Command Mode Global Co nfigurat ion Command Usage Depend ing on your net work conn ection s, IGMP snooping may not alway s be able to loca te the IGMP querier .
Multicast Routi ng Commands 4-297 4 General Multicas t Routing Commands ip multica st-routing This comm and enables I P multicas t routin g. Use th e no form to disa ble IP mu lticast routing.
Command Line I nterface 4-298 4 Command Usage This c omman d disp lays infor mation for mu lticast routin g. If n o option al parameter s are select ed, detailed info rmation for each entr y in the multic ast address table is display ed.
Multicast Routi ng Commands 4-299 4 DVMRP Multicast Routing Commands router dvmrp This comm and enabl es Distance-Vector Multicast Rou ting (DVMR P) global ly for the router and to enter rou ter config uration mod e. Use the no form to disable DV MRP multicast routing.
Command Line I nterface 4-300 4 Example Related Commands ip dvmrp (4 -303) show rout er dvmrp (4 -305) probe-interva l This comm and sets the in terval for se nding neig hbor prob e messag es to the multicast group add ress for all DV MRP ro uters. Use t he no form to restore th e default va lue.
Multicast Routi ng Commands 4-301 4 nbr-timeout This comm and sets the in terval to wai t for mess ages from a DVMRP neig hbor bef ore de clar ing it dead. Use the no for m to restore the defa ult value. Syntax nbr-timeout seconds no nbr-timeo ut secon ds - Interval before declaring a neighbor dead .
Command Line I nterface 4-302 4 flash-upda te-interval This co mmand specifi es how often to se nd trigge r updat es, whi ch reflec t chang es in the netwo rk topolo gy .
Multicast Routi ng Commands 4-303 4 default-gate way This comm and speci fies the de fault DVM RP gatew ay for IP multic ast traffic. Use the no form to remove the default gateway . Syntax defaul t-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway .
Command Line I nterface 4-304 4 Command Usage T o fully en able DVMR P , you need to ena ble mult icast routi ng globall y for the router w ith the ip multicast-routing c ommand (p age 4-297), enabl e.
Multicast Routi ng Commands 4-305 4 clear ip dv mrp route This comm and clea rs all dyna mic routes l earned by DVMRP . Command Mode Privileged Exec Example As show n belo w , this com mand clears everyt hing fro m the ro ute table e xcept f or the default rout e.
Command Line I nterface 4-306 4 show ip dvmrp route This comm and disp lays all entri es in the DVMR P rout ing table. Command Mode Normal Exec, Priv ileged Exec Example DMVRP routes are sh own in the.
Multicast Routi ng Commands 4-307 4 show ip dvmrp neighbo r This comm and disp lays all of th e DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example show ip dvmrp interface This comm and displays the DVM RP confi guration for interfa ces whi ch have enabled DVMRP .
Command Line I nterface 4-308 4 PIM-DM Multicast Routing Commands router pim This comm and enabl es Protoco l-Indepe ndent M ulticast - Den se Mode (P IM-DM) globally fo r the router an d to enter router confi guration mode. Use the no form to disable PI M-DM mu lticast routing .
Multicast Routi ng Commands 4-309 4 ip pim den se-mode This comm and enabl es PIM-DM on the spe cified inter face. Use the no form to disable PI M-DM on th is interface.
Command Line I nterface 4-310 4 ip pim hel lo-interval This comm and conf igures the frequen cy at which PI M hello m essages ar e transmi tted. U se the no form to restor e the defaul t value. Syntax ip p im he llo- inte rv al seco nds no pim hello-interval secon ds - Interval between se nding PIM he llo messages.
Multicast Routi ng Commands 4-311 4 ip pim trigge r-hello-interval This comm and conf igures the maximum time befor e transmit ting a trigg ered PIM Hello mes sage after the rou ter is reboot ed or PIM is enab led on an i nterface. Use the no f orm to resto re the defau lt value.
Command Line I nterface 4-312 4 Command Usage The multica st interfac e that first receives a m ulticast stre am from a particu lar sour ce f orwar ds th is t raf fic t o all othe r PIM i nte rfac es on t he rou ter .
Multicast Routi ng Commands 4-313 4 Default Sett ing 2 Command Mode Interface C onfigur ation (VLAN) Example show route r pim This comm and disp lays the gl obal PIM co nfigurati on setting s. Command Mode Normal Exec, Privileged Exec Example show ip pim interface This c ommand displ ays in formation about interfac es co nfigured for PIM.
Command Line I nterface 4-314 4 show ip pim neighbor Thi s comma nd dis play s inf ormat ion ab out PI M nei ghbor s. Syntax show ip pim neighbor [ ip-address ] ip-address - IP address of a PIM neighbor . Default Sett ing Displays i nformat ion for all know n PIM neigh bors.
Router Redundan cy Commands 4-315 4 Virtual Router Redundancy Protocol Commands T o configu re VRR P , sel ect an inte rface on one r outer in the gr oup to ser ve as the mast er v irt ual r oute r . Thi s phys ical int erf ace i s use d as the v irt ual a ddr ess fo r t he router gr oup.
Command Line I nterface 4-316 4 Command Usage • The interf aces of all rou ters part icipating in a vi rtual ro uter group mus t be within th e same IP subn et. • The IP addr ess assi gned to th e virtual rou ter must already be con figured on the router that will be the O wner.
Router Redundan cy Commands 4-317 4 • When a VR RP pack et is received from anot her router in the group, its aut hent icat ion key i s comp ared to t he st rin g conf igu red o n th is ro uter . I f the keys m atch, the me ssage is a ccepted . Othe rwise, the p acket is disc arded.
Command Line I nterface 4-318 4 vrrp time rs adverti se This comm and se ts the interval at wh ich the ma ster virtua l router sen ds advert isements comm unica ting its state as the mas ter .
Router Redundan cy Commands 4-319 4 Default Sett ing Preempt: Enabled Delay: 0 seconds Command Mode Interf ace (VLAN) Command Usage • If preem pt is enabled, and this back up rou ter has a prior ity higher th an the curren t acting master, it will tak e over as the new mas ter.
Command Line I nterface 4-320 4 Example This examp le disp lays the full listing of status in formatio n for all groups. This examp le disp lays the brief listing of status informat ion for all groups. Console#show vrrp Vlan 1 - Group 1, state Master Virtual IP address 192.
Router Redundan cy Commands 4-321 4 show vrrp interface This comm and disp lays status inf ormation f or the speci fied VRRP interface . Syntax show v rrp interf ace vlan vlan- id [ brief ] • vlan-i d - Ident ifier of con figured VLA N interfac e. (Range : 1-4093) • brief - D isplays summ ary inf orma tion for all V RRP groups on this r outer .
Command Line I nterface 4-322 4 show vrrp ro uter counters This comm and disp lays cou nters for err ors foun d in VRRP prot ocol packets. Command Mode Privileged Exec Example Note that un known er rors indi cate VR RP packets receiv ed with an un known or unsuppor ted v ersion numbe r .
Router Redundan cy Commands 4-323 4 clear vrrp router counters This com mand clea rs VR RP syst em statistics . Command Mode Privileged Exec Example clear vrrp inter face counte rs This comm and clea rs VRRP sy stem stati stics for th e specified gr oup and interface.
Command Line I nterface 4-324 4.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS +, Port (802.1X), HTTPS, S SH, Port Security Acce ss Cont rol L ist s IP , MA C ( up to 32 lists) DHCP C.
Software Specifi cations A-2 A Multicast Ro uting DVMRP , PIM-DM IP R outing ARP , Proxy ARP S tat ic rout es RIP , RIPv2 and O SPFv2 dynami c routing VRRP ( Vi rtual Route r Redu ndan cy Prot ocol ) .
Management Infor mation Bases A-3 A DHCP Relay (RFC 951) DHCP Server (RFC 2131) DVMRP (RFC 1075) HTTPS ICMP (RFC 792) IGMP (RFC 1 1 12) IGMPv2 (RFC 2236) OSPF (RFC 2 328, 1587 ) PIM-DM (dra ft-ie tf-i.
Software Specifi cations A-4 A RMON MIB (RFC 2819) RMON I I Probe Configu ration G roup (RFC 20 21, partial imple mentation) SNMPv2 IP MIB (RFC 201 1) SNMP Fr amewor k MIB (RFC 341 1) SNMP-MPD MIB ( R.
B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Interface T able B -1 T rou bles hooti ng Cha rt Sympt om Act io n Cannot co nnect using T elne t, web brow ser, or SNMP software • Be su re the swit ch is po wered up. • Check netwo rk cabling betwee n the manageme nt sta tion and th e switc h.
T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer t o the Inst allati on Guide to ensur e that the pr oblem you encount ered is ac tually cause d by the sw itch. If the pr oblem a ppears to be c aused by th e swit ch, fol low t hese st ep s: 1.
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it netw ork traf fi c and rest ric t acce ss to cer tai n users or dev ices by checkin g each packet for certain IP or MAC (i.e. , Layer 2) in formation . Address Reso lution Protocol (ARP) ARP conv erts between IP add resses an d MAC (i.
Glossary Glossar y-2 Distance Ve ctor Multicast Routi ng Protocol (DVMRP) A distance-ve ctor-styl e routing prot ocol use d for routing multicast datagrams through th e Internet. DVMRP co mbines m any of the fea tures of RIP w ith Reverse Path Forward ing (RPF).
Glos sary -3 Glossary IEEE 802.1Q VLAN T agging—Defines Ethernet f rame tags which ca rry VLAN information. It allows switches to assign end stations to different virtual LA Ns, and def ines a standard wa y for VLAN s to com municat e across sw itched networ ks.
Glossary Glossar y-4 IP Multicast Filtering A process whereb y this switch ca n pass mu lticast traffic alon g to participating h osts. IP Precedence The T ype of Servi ce (T oS) oct et in t he IPv4 h.
Glos sary -5 Glossary Network Time Prot ocol (NTP) NTP prov ides the m echanis ms to synch ronize ti me across t he networ k. The tim e server s operate in a hierarchi cal-mas ter-sla ve configur ation in orde r to synch ronize local clo cks within the subnet and to natio nal time stand ards via w ire or radio.
Glossary Glossar y-6 Dense Mo de is desi gned for net works wh ere the prob ability of a multicast client is high a nd fre quent flooding of mu lticast t raffic ca n be j ustified.
Glos sary -7 Glossary Telnet Defines a r emote communicati on facility fo r interfaci ng to a ter minal device over TCP/IP . Termin al Access Con troller Ac cess Cont rol System Plus (TACACS+) TACACS+.
Glossary Glossar y-8.
Index-1 Numerics 802.1X, po rt authenticatio n 3-67, 4-80 A accepta ble fram e type 3-144 , 4-192 Acce ss Cont rol L ist Se e ACL ACL Extende d IP 3-77 , 4-87 , 4-89 , 4-91 MAC 3-77, 4-87 , 4-99 , 4- .
Index-2 Index Dynami c Host Conf iguration Pr otocol See DHC P E edge port , STA 3-125, 3-127, 4-18 1 event logg ing 4-43 F firmware displayi ng ver sion 3-13 , 4-62 upgrading 3-21, 4-64 G GARP VLAN R.
Index-3 Index MSTP 4- 171 global s ettings 3-128, 4- 170 interface s ettings 3 -126, 4-170 multicast filtering 3 -169, 4-226 multicast groups 3 -175, 3-18 0, 4-2 29 displayi ng 3-180, 4 -229 static 3-.
Index-4 Index interface pr otocol se ttings 3-228 , 4-256–4 -261 specifyi ng inte rfaces 3-227, 4- 256 sta tist ics 3-231, 4-263 router r edundan cy protocol s 3-195, 4- 314 VRRP 3-196 , 4-315 routi.
Index-5 Index interface c onfigurat ion 3-144 , 4-192–4 -195 private 3-1 46, 4- 197 protocol 3- 147, 4-1 98 VRRP 3-196 , 4-315 authenti cation 3-198 , 4-3 16 configur ation setti ngs 3-19 6, 4-315 g.
Index-6 Index.
.
ES4625 ES4649 E042005-R 01 14910002 2900A.
An important point after buying a device Microsoft ES4625 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Microsoft ES4625 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Microsoft ES4625 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Microsoft ES4625 you will learn all the available features of the product, as well as information on its operation. The information that you get Microsoft ES4625 will certainly help you make a decision on the purchase.
If you already are a holder of Microsoft ES4625, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Microsoft ES4625.
However, one of the most important roles played by the user manual is to help in solving problems with Microsoft ES4625. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Microsoft ES4625 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center