Instruction/ maintenance manual of the product 10/100 SMC Networks
Go to page of 318
T igerSwitch 10/100 24-P ort F ast Ether net Switch ◆ 24 10B ASE-T/ 100B ASE-TX auto MDI/MDI-X ports ◆ Optional 1000B ASE-X o r 100B ASE -FX mo dules ◆ 8.
.
38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 T igerSwitch 10/100 Manag ement Guide From SM C’ s T iger line of feat ure-rich workgro up LAN solutio ns May 2003 Pub.
Informati on furnished by SMC Net works, Inc. (SMC) is believed to be accu rate and reliable . However , n o respon sibility is as sumed by SMC for its us e, no r for any infri nge ment s of paten ts or o ther right s of thi rd part ies wh ich m ay r esult from i ts use .
v L IMITED W ARRANTY Limite d W arranty St atement: SMC Networks, Inc. (“SMC”) warrants it s products to be free from defects in workm anship and materi als, under n ormal use and service, for the applicable warranty term.
L IMITED W ARRAN TY vi FOREGO ING W ARRANTIE S AND R EMEDIES ARE EX CLUSIVE A ND A RE IN LI EU OF ALL OTH ER W ARRANTIES OR CO NDITIO NS, E XPRE SS OR IMP LIED , EITHER IN F ACT OR BY OPERA TION OF LA W , ST A TUTOR Y OR OTHER WISE, INCLUDING W ARR ANTIES OR CONDIT IONS OF ME RCHAN T ABILIT Y AN D FITNE SS FO R A P AR TICULA R PURPOSE.
i C ONTENTS 1 Switch Management . . . . . . . . . . . . . . . . . . . . . . 1-1 Connec ting to th e Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Configu r ation O ptions . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Required Connections .
C ONTENTS ii Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30 Displa ying Connectio n Status . . . . . . . . . . . . . . . . . . . 2-30 Configu ring Inter face Connect ions . . . . . . . . . . . . . . . 2-32 Settin g Broadcast St orm Threshol ds .
C ONTENTS iii Inter faces Attach ed to a Mul t icast R outer . . . . . . . . . . . 2-8 9 Specify ing Interfaces Attached to a Multicast R outer . . . 2-91 Disp layi ng Por t Memb ers of Mult icast S ervic es . . . . . . . 2-92 Adding M ulticast Addr esses to VLA Ns .
C ONTENTS iv exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Flash/F ile Commands . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS v show do t1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 SNMP Co m mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 4 snmp-s erver communit y . . . . . . . . . . . . . . . . . . . . . . . 3-54 snmp-s erver contact .
C ONTENTS vi show qu eue hol-prev ention . . . . . . . . . . . . . . . . . . . . 3-87 Inter face Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88 inter face . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89 descrip tion .
C ONTENTS vii switchp ort acceptabl e-frame-types . . . . . . . . . . . . . . 3-126 switchp ort ingress-fil tering . . . . . . . . . . . . . . . . . . . . 3-127 switchp ort native vlan . . . . . . . . . . . . . . . . . . . . . . . 3-128 switchp ort allowed vl an .
C ONTENTS viii A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troub leshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A -1 B Upgrading Firmware via the Serial Port . . . . . . . B-1 Restor ing Switch Default s .
1-1 C HAPTER 1 S WITCH M ANAGEMENT Connecting to the Switch Configuration Options This switch incl udes a built- in netwo rk management agent. The agent of fers a va riety of management options, including S NMP , RMON and a W eb-based interfac e.
S WIT CH M ANAGEMENT 1-2 The sw itch’s C LI co nfigur ation p r ogram, W eb interface, and SNMP agent allo w you to perf orm the following man agement fu nctions: • Set us er names and passwords f.
C ONNECTING TO THE S WIT CH 1-3 • RADIUS c lient supp ort • MAC f ilter ing se curi ty Required Connections The switc h provi des an RS-232 serial port that enables a connec tion to a PC or termina l for monit oring and c onfiguring t he switc h. A null-modem con s ole ca ble is provided with th e switch.
S WIT CH M ANAGEMENT 1-4 Note: When using Hy perTerminal with Micr osoft ® Window s ® 2000, m ake sure t hat you have Wind ows 2000 Servi c e Pack 2 or late r installed. Windo ws 2000 Service Pack 2 fix es the probl em of arrow key s not functi oning in H yperTerminal’s VT100 emulati o n.
B ASIC C ONFIGURATION 1-5 browse r (Internet Exp lorer 5.0 or abo ve, or Netsc ape Navigator 6.2 or abov e), or from a network computer using network management s oftware. Note: The onboard pro gram only provides ac cess to bas ic config uration fun ctions.
S WIT CH M ANAGEMENT 1-6 Setting Passwords Note: If this is your first tim e to lo g into th e CLI pr og ram, yo u shoul d defin e new pa sswor ds for bo th de fault user nam es using the “usernam e” command, re cord them and put them in a safe place.
B ASIC C ONFIGURATION 1-7 Setting an IP Address Y ou must establish IP address in formation for t he switch to obtain managemen t access throu g h the netwo rk. This can be done in either o f the followi ng ways: Manual — Y ou have to input the inf or matio n, includ ing IP address and subnet mas k.
S WIT CH M ANAGEMENT 1-8 • Default gat e way for the net work • Networ k mask fo r this ne twork T o assign an IP addres s to the swit ch, complete the foll owing steps: 1. From the Pr ivileged Exec lev el global config uration mode prom pt, type “int erface vlan 1” to ac cess the interf ace-config uration mo de.
B ASIC C ONFIGURATION 1-9 If t he “bootp” o r “dhcp” op tion is sa ved to th e startup- config file (step 6), then the s witch will st art broadc asting serv ice requests as soon a s it is po were d on.
S WIT CH M ANAGEMENT 1-10 6. Then s ave your con figuration changes by t yping “copy runnin g-config st artup-conf ig.” Enter th e startup fil e name and pres s <Enter >. Enabling SNMP Management Access The s witch can be configured to accept management c ommands from Si mple Network M anagement Proto c ol (SNM P) applications .
B ASIC C ONFIGURATION 1-11 The de fault stri ngs are: • public - wit h re ad-only access. Authorized m anagement stati ons are only able to retriev e MIB objects . • private - w ith rea d-wr ite acc ess . Autho rize d mana gement stati ons are able t o both retr ieve and modi fy MIB obj ects.
S WIT CH M ANAGEMENT 1-12 Trap Receiv ers Y ou can al so specify SNM P stations that are t o re ce ive traps from the swi tch. T o configu re a trap recei ver , complet e the following steps: 1.
M ANAGING S YSTE M F ILES 1-13 2. Enter the nam e of t he start-up fi le. Press <E nter>. Managing Sy stem Files The switch’s flash me mory sup p ort s three ty pes of sy stem fil es that can be manag ed by the CLI program, W eb interfac e, or SNMP .
S WIT CH M ANAGEMENT 1-14 also pro vides a facility to upload fir m ware files to the syste m direct ly thro ugh t he con sole po rt. See “ Upgradin g Firm ware vi a the Serial Po r t” on pag e B-1. Due to the size limit of the flash memory, the switch supports o nly one oper ation code file, and two diag nostic code files .
S YSTE M D EFAULTS 1-15 SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled Security Privileged Exec Level Usern.
S WIT CH M ANAGEMENT 1-16 Port Status Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled 10/100 Mbps Port Capability 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 M.
S YSTE M D EFAULTS 1-17 Virtual LANs Default VLAN 1 PVID 1 Acce ptable F rame Type All Ingress Filtering Disabled Switchport Mode (Egress Mode) Untagged frames Private VLAN No Private VLAN GVRP (globa.
S WIT CH M ANAGEMENT 1-18.
2-1 C HAPTER 2 C ONFIGUR ING THE S WI TC H Using the Web Interface This sw itch provide s an embedde d HTTP W eb agent. Usi ng a W eb browse r you can c onfigure the switch and v iew statis tics to monit o r netwo rk activity. The W eb agent can be access ed by any compu ter on t he ne twork usi ng a standa rd W eb brow ser (Int er net Explor er 5.
C ONFIGURING THE S WIT CH 2-2 Notes: 1. You are allowed three attem pts to en ter the c orrec t passwor d; on the th ird faile d attempt th e curre nt conne ction i s terminat ed. 2. If yo u log into the Web inte rface as guest (Normal Ex ec level), you can vie w page inf ormation but only change the gu est password .
N AVIGATI NG THE W EB B RO WS ER I NTER FA CE 2-3 Home Page When yo ur W eb browser connects wit h the switc h’s W eb agent , the ho me page i s displayed as shown below. The home page displ ays the Main M enu on the left side of the screen an d System Informati on on the r ight si de.
C ONFIGURING THE S WIT CH 2-4 new setting . The following table s ummarizes the W eb page conf iguration butt ons. Notes: 1. To ensure prope r screen refresh, be sure that Int ernet Explor er 5.
M AIN M ENU 2-5 Main Menu Using the onboard W eb agent, y ou can d efine syst em paramete rs, manage and co ntrol the switc h, and all its ports, or monit or networ k conditions . The followi ng table bri efly descr ibes the selec t ions av ailable from t his program.
C ONFIGURING THE S WIT CH 2-6 Trunk Broadcast Control Sets the broadcast storm threshol d f or each trunk 2-34 Mirror Sets the source and tar ge t ports for mirroring 2-37 Address Ta ble Static Addres.
M AIN M ENU 2-7 VLAN Trunk Configuration Specifies default trunk VID and VL AN attributes 2-65 Private VLAN Private VLAN Information Shows private VLANs and associated ports 2-69 Private VLAN Configur.
C ONFIGURING THE S WIT CH 2-8 IGMP IGMP Configuration Enables multicast filtering; configures parameters for multicast query 2-87 Multicast Router Port Information Displays the ports that are attached.
B ASIC C ONFIGURATION 2-9 Basic Configuration Displaying System Information Y ou can e asily ide ntify the sy stem by pr oviding a d escriptive name , location and contact information. Command A ttributes • System Na me – Name assig ned to th e switc h system.
C ONFIGURING THE S WIT CH 2-10 We b – Click System, Syst em Information. Specify the sys tem name, location, and con tact inform ation for the sy s tem administrator , then clic k Appl y. ( This p age a lso includes a T elnet butto n that allows access to the Command Line Interface via Telnet.
B ASIC C ONFIGURATION 2-11 CLI – Spec ify the ho stname, locat ion and cont act information . Setting the IP Address The IP address for this switch is unassigned by default. T o manually configure an address, y ou need to c hange the swit ch’s defaul t settings (IP addr ess 0.
C ONFIGURING THE S WIT CH 2-12 Comma nd Attrib utes • Management VLAN – Thi s is t he only VLAN through which you ca n manage the swit ch. By defau lt, all ports on the swi tch are memb ers of VLAN 1, so a managem ent station can be connec ted to any p ort on the switch.
B ASIC C ONFIGURATION 2-13 Manu al Configu ration We b – Cli c k Syst em, IP . Specify the management interface, IP address and default gateway, then click Apply.
C ONFIGURING THE S WIT CH 2-14 We b – Cli c k Syst em, IP . Specify the Manage m ent V LAN, and set the IP Add res s Mo de to DHC P or BOOTP . Click A pply to s ave y our change s.
C ONFIGURING U SER A UTHENTIC ATION 2-15 Renewing DCHP – DHCP may lease addr esses to c lients indef initely or f or a speci fic period o f time. If the address exp ires or the swi tch is moved to anot her network segment, you will lo se managem ent access to the s witch.
C ONFIGURING THE S WIT CH 2-16 The de fault gues t name is “g uest” with the password “guest.” The defaul t administr ator name is “admin” with th e password “ad min.” Note th at user names can only be assign ed via the CLI. Comma nd Attrib utes • User Name* – The name of th e user.
C ONFIGURING U SER A UTHENTIC ATION 2-17 Configuring RADIUS Logon Authentication Remot e Authen ticatio n Dial -in Us er Service (RADIUS) is a logon authent ication pro tocol that uses software running on a central serve r to control acce ss to RADIUS- compliant devi ces on the netwo rk.
C ONFIGURING THE S WIT CH 2-18 Comma nd Attrib utes • Auth enticati on – Select the aut hentica tion, or au thenti cation sequen ce requir ed: - Radius – Use r authenti cation is performed using a RADI US serve r only. - Local – User authen tication i s perfor med only loc ally by the switch.
C ONFIGURING U SER A UTHENTIC ATION 2-19 We b – Cli c k Syst em, Radius. T o c onfigure local or remote authen tication prefe rence s, spe cify the au thenticat ion s equen ce (i.e., one to two methods), fill in the param eters for RADI US authen tication if se lecte d, and click Ap ply.
C ONFIGURING THE S WIT CH 2-20 Managing Firmware Y ou can u p load/do wnload firmware t o or from a T FTP server . By saving runtime code to a file on a T FT P serve r , that file can later be downloade d to the swi tch to res t ore op eration. Comma nd Attrib utes • TFTP Server IP Address – The IP addr ess of a TFTP server .
M ANAGING F IR MWAR E 2-21 We b – Click System, Firm ware. Enter the IP addres s of the TFTP server , enter th e file nam e of the soft ware to d ownload , enter the Desti nation File Na me to overwrit e the curr ent file on t he switch then cl ick Transfer from Se rver .
C ONFIGURING THE S WIT CH 2-22 Saving or Restoring Configuration Settings Y ou can u pload/downloa d configurat ion setting s to/from a TFTP serve r. The configur ation file can be later down loaded to re store the swit ch’s se tting s. Comma nd Attrib utes • TFTP Server IP Address – The IP addr ess of a TFTP server .
M ANAGING F IR MWAR E 2-23 We b – Cli c k Syst em, Configurat ion. Ente r the IP addr ess of the TFTP server , enter the n ame of the file to download , select a fi le on the switch to overwrite or s pecify a new f ile name, and then click Transfer from Server .
C ONFIGURING THE S WIT CH 2-24 If yo u download the startup co nfiguration f ile under a new file name, yo u can set th is file as the startup file at a later time , and then re start the sw itch. Resetting the Sy stem We b – C lick System, Rese t. Cl ick th e Res et bu tton t o rest art th e switch.
D ISPLAYIN G B RIDGE E XTENSION C APABILI TIES 2-25 Comma nd Attrib utes • Extended Mu lticas t Filterin g Services – This swi tch does not suppor t the filtering of individual mul t icast addresses based on GMRP (G ARP Multicast Registratio n Protocol).
C ONFIGURING THE S WIT CH 2-26 We b – Click System, Br idge Exte nsion. CLI – Ent er the fol lowing command. Console#show bridge-ext 3-145 Max support vlan numbers: 127 Max support vlan ID: 4094 E.
E NABLIN G OR D ISABLIN G GVRP (G LOBAL S ETTING ) 2-27 Enabling or Disabling GVRP (Global S etting) GARP V LAN Registr ati on Prot ocol (GVRP) defin es a way f or switc hes to exchang e VLAN informatio n in order t o register VLAN memb ers on ports acr oss the net wor k.
C ONFIGURING THE S WIT CH 2-28 Displaying Switch Hardware/Sof tware Versions Use the Switch Info r mation page to disp lay ha rdwa re/ fir mware vers ion nu mbe rs for t he ma in bo ard and m anag emen t soft wa re, as well as th e power status of the system.
D ISPLA YING S WIT CH H AR DWAR E /S OFTWAR E V ERSIONS 2-29 We b – Click System, Switch Information. CLI – Us e the following c ommand to dis p lay ver s ion in for mation.
C ONFIGURING THE S WIT CH 2-30 Port Configuration Displaying Connection Status Y ou can u s e the Port Informat ion or Trun k Information p ages to displ ay the current connection status, inclu ding link st ate, speed/ duple x mode , flow cont rol, a nd au to-neg otia tio n.
P ORT C ONFIGURATION 2-31 • MAC Address – The physical layer address for th is port. - CLI only; to access this on the Web, see “S etting the IP Addre s s” on page -1 1. • Trunk Member – Shows if port is a trunk member. (P ort Infor mation only) • Creation – Shows i f a trunk is manu ally configure d.
C ONFIGURING THE S WIT CH 2-32 CLI – Thi s example s hows the c onnectio n status for P ort 13. Configuring Interface Connections Y ou can u se the Port Configurati on or T runk Conf iguration page .
P ORT C ONFIGURATION 2-33 • Flow Control* – Al lows yo u to manually enable or dis able flow control. • Autonegotiation (Port Capabilit ies) – Allows auto-ne gotiation to be enabl ed/disabled. When auto- neg otia tion is en able d, y ou n eed to spec ify the ca pabi liti es to be advertised.
C ONFIGURING THE S WIT CH 2-34 We b – Click Port, Por t Configur ation or T runk Configuration . Modif y the require d interface set tings, and click Apply.
P ORT C ONFIGURATION 2-35 Y ou can prot ect your network fro m broadcast storms by se tting a port or trunk thr eshold for broad c ast tr af fic. Any broadcast packet s excee ding the s pecified threshold will then b e droppe d. Command Usage • Broadcast Storm Control is enabl ed by default .
C ONFIGURING THE S WIT CH 2-36 We b – Cli c k Port , Port Broa dcast Control or T runk Broadcast Contr ol. Set the t hreshold fo r each port or trun k, and then cl ick Apply . CLI – Specify an inter face, and the n enter the threshold. The follo wing sets broadcast suppress ion at twe nty perc ent of th e port bandwi dth for Po rt 3.
P ORT C ONFIGURATION 2-37 Configuring Port Mirroring Y ou can mirror tr affic fr om any source port to a target port for real-time analysis. Y ou can then at tach a logic analyzer or RMON probe to the ta rg et port and study the t raffic cros sing the so urce port in a complete ly unobtru sive manne r.
C ONFIGURING THE S WIT CH 2-38 We b – Click P ort, M irror . Specify the s ource p ort, the t raffic type to be mi rrored , and the m onito r port, then c lick Add . CLI – Use the inte rfac e comman d to selec t the mo nitor po rt, the n use t he port m onitor com mand to sp ecify the so urce port.
A DDR ESS T ABLE S ETTINGS 2-39 Setting Static Addresses A static add ress can be assigned to a specifi c inter face o n this switc h. Static addres se s are bound to the assigned interface and will not be moved. W hen a static address is seen on another inter fac e, th e addr ess w ill be igno red and wil l no t be wri tten to the address table.
C ONFIGURING THE S WIT CH 2-40 We b – Click Ad dress T able, Static Addresses. Sp ecify the mode, th e interface, the MAC address and d urat ion, the n click Add Static Addre ss. CLI – This examp le adds an address t o the static addr ess table, and sets it to perman ent by de fault.
A DDR ESS T ABLE S ETTINGS 2-41 Comma nd Attrib utes • Interface – Indi cates a port o r trunk. • MAC Address – Physical address associ ated with thi s interfac e. • Address Table Sort Key – You can sort the i nformation displa yed based on i nterface (port or trunk) or MA C address.
C ONFIGURING THE S WIT CH 2-42 Changing the Aging Time Y ou can set the aging ti me for entri es in the dynamic address tabl e. Comma nd Attrib utes • Aging Time – The time after which a learned entry is disca rded. (Range: 2-172800 sec onds; Default : 300 seco nds) We b – Cli ck Addr ess Table, Address Agin g.
S PANNIN G T REE A LGORITH M C ONFIGURATION 2-43 device (except for the root d evice) whic h incurs th e lowest pat h cost when forwarding a packet from that device to the root device. Then it sel ects a designated brid ging device from each LAN which incurs the lowes t path cost w hen forwar din g a packet from that LAN t o the root device.
C ONFIGURING THE S WIT CH 2-44 The fol lowing global at tributes dis play statisti cal values and c annot be cha nged: • Configuration Changes – The n umber of times the Spanning Tree has been r econfigured. • Last Topology Change – Time sin c e the Spanning Tree was last re confi gure d.
S PANNIN G T REE A LGORITH M C ONFIGURATION 2-45 the net wor k. (Ref erence s to “p orts” in this se ction mean s “inter faces,” which include s both ports and trunks .) - D e f a u l t : 2 0 - Mi nimum: The higher of 6 o r [2 x (Hell o Time + 1)].
C ONFIGURING THE S WIT CH 2-46 CLI – This com mand displays glo bal ST A settings, fo llowed by settings for each port. Note: The current roo t port and c urrent ro ot cost disp lay as zero when th is device is not connec ted to t he network.
S PANNIN G T REE A LGORITH M C ONFIGURATION 2-47 Configuring the Global Settings for STA We b – Cli c k Spanni ng Tr ee, ST A Conf iguration. Modify the requir ed attributes, and click Apply. CLI – This examp le enables Spanning Tree Pr otocol, and then sets the in dicated attr ibutes.
C ONFIGURING THE S WIT CH 2-48 Comma nd Attrib utes The fol lowing attri butes are read-on ly and canno t be changed : • Port Status – Displays cu rrent state of thi s port within the Spanning Tree: - Disabled - The por t has been d isabled by the user or has faile d diag nost ics.
S PANNIN G T REE A LGORITH M C ONFIGURATION 2-49 • Designated Cost – The co st for a pac ket to trave l from thi s port to the ro ot in the cur rent Spa nning Tree conf igu ratio n.
C ONFIGURING THE S WIT CH 2-50 • Path Cost – This paramete r is used by the STP to dete rmin e the best p ath between d evices. Th erefore, lowe r values should be assigne d to po rts attach ed to faster media , and hig her val ues assigned to ports with slower me dia.
S PANNIN G T REE A LGORITH M C ONFIGURATION 2-51 Displaying the Interface Settings for STA We b – Click Spanning Tr ee, ST A Port Information or ST A T runk Inform ation.
C ONFIGURING THE S WIT CH 2-52 Configuring the Interface Settings for STA We b – Cli c k Spanni ng Tree, ST A Por t Conf iguration or ST A T runk Configu ration. Modify the req uired attributes , then click Apply. CLI – Thi s example s ets ST A at tributes fo r port 5.
VLAN C ONFIGURATION 2-53 VLANs h elp to sim p lify network mana gement by all owing you t o move d evices to a new VLAN with out having to change any physi cal connect ions.
C ONFIGURING THE S WIT CH 2-54 traffic to the same VLA N(s), either manually or d ynamically us ing GVRP . However , if you want a port on th is switch to parti c ipate in one or mo re VLANs, bu t non.
VLAN C ONFIGURATION 2-55 Automatic VLAN Registration – GVR P (GAR P VLAN Regi strati on Prot ocol ) defi nes a sys tem wher eby th e swit ch ca n autom ati cally learn the VLANs to wh ich each ends tation sh ould be ass igned. If an endst ation (or i ts networ k adapter) su ppor ts the IEEE 802.
C ONFIGURING THE S WIT CH 2-56 Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached direc tly to a singl e switch, you can assi gn ports to the same untagg ed VLAN.
VLAN C ONFIGURATION 2-57 *W eb Only We b – Click VL AN, VLAN Base In formation. CLI – Ent er the fol lowing command. Displaying Current VLANs The V LAN Curre nt T able sho ws the cu rrent po rt member s of each VLAN and whet her or no t th e port sup ports VLAN taggin g.
C ONFIGURING THE S WIT CH 2-58 • Status – Shows how this VLAN was adde d to the swi tch. - Dynamic GVRP : A utomat ically learned via GVRP. - Permanent : Added as a static entry. • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Sh ows the untagg ed VLAN por t member s.
VLAN C ONFIGURATION 2-59 • Ports / Channel groups – Shows the VLAN int erface members. CLI – Cur rent VLAN i nformation can be displayed with the follo wing command.
C ONFIGURING THE S WIT CH 2-60 • State (CLI) – Shows if this V LAN is enab led or disabled. - Active : VLAN is operat ional. - Suspend : VLAN is susp ended; i.e., doe s not pass packe t s. • Add – Adds a new VLAN group to the cu rrent l ist. • Remove – Remo ves a VLAN grou p from the curr ent li st.
VLAN C ONFIGURATION 2-61 Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Tab le to configu re port memb ers for the selected VLAN inde x. Assi gn po rts as tagge d if they ar e c onnecte d to 802.1Q VLA N complian t devices, or untag ged they are not connect ed to any VLAN-aware devic es.
C ONFIGURING THE S WIT CH 2-62 • Member ship Ty pe – Select V LAN membership for each inter face by markin g the appropriat e radio button for a po rt or trunk: - Tagged : Interface is a member o f the VLAN. A ll pac kets transmit ted by th e port will b e tagge d, that is, c arry a tag and there fore carry VL AN or CoS infor mation.
VLAN C ONFIGURATION 2-63 We b – Click VL AN, VLAN St atic T abl e. Select a VLAN ID from the scro ll-down list. Modify the VLAN name and status if requ ired. Select the member ship type by marki ng the appr opriate radio button in th e list of po rts or tr unks .
C ONFIGURING THE S WIT CH 2-64 Adding Static Members to VLANs (Port Index) Use the VLAN Stat ic Mem b ership by Port menu to assign VLAN groups to the sel ected in ter face add an inter face to the sel ected VLAN as a tagged memb er . Comma nd Attrib utes • Interface – Port or trunk iden tifier.
VLAN C ONFIGURATION 2-65 CLI – Thi s example ad ds Port 3 t o VLAN 1 as a tagged por t . Configuring VLAN Behavior for Interfaces Y o u can co nfig ure VL AN be havi or fo r spec ific i nter fac es, i nclud ing the de fault VLAN identifi er (PVID), acc epted frame t ypes, ingress filter ing, GVRP st atus, and GAR P timers.
C ONFIGURING THE S WIT CH 2-66 - If ing ress filtering is enabled, the interface wil l discard incomi ng f rames tagg ed fo r VLANs w hic h do n ot in clude this ingres s port i n their me mber se t. - Ingress filtering does not affect VLAN independent BPD U frames, such as GVRP or STP.
VLAN C ONFIGURATION 2-67 • GARP Leave Timer * – The int erval a port wait s before leaving a V L AN g r o up . T hi s t im e sh o ul d b e se t to m o re t h a n t w ic e t he join ti me. Th is ensu res tha t af ter a Leave or Leave A ll message has be en is sued, th e app lica nts can re joi n before the po rt actuall y leaves the group.
C ONFIGURING THE S WIT CH 2-68 We b – Click VLAN, VLA N Port Configur ation or VLAN T runk Configu ration. Fill in the requi red settings for each inte rface, click Apply.
C ONFIGURING P RIVAT E VLAN S 2-69 port s in their o wn commun ity VLAN, an d with thei r design ated promis cuous port s. (Note th at private VLANs and n ormal VLANs can ex ist simult aneously withi n the same s witch.) Each pr ivate VLAN con sists of two comp onent s: a prima ry VLA N and one or more comm unity VLANs.
C ONFIGURING THE S WIT CH 2-70 Comma nd Attrib utes • VLAN ID – ID of configur ed VLAN (1-4094, no lead ing zeroes ). • Primary VLAN – The primary VL AN with whi c h the selected VLAN is associated. (N ote that this d ispl ays as VL AN 0 if the selected VLAN is itself a prim ary VLAN.
C ONFIGURING P RIVAT E VLAN S 2-71 CLI – This ex ample shows the switch configured wi th primary VLAN 5 an d secondary VLAN 6. Por t 3 ha s been config ured as a promis cuous port an d mapped to VLA N 5, while por ts 4 and 5 have bee n configur ed as a host ports and are a ssociated w ith VLAN 6.
C ONFIGURING THE S WIT CH 2-72 We b – Click Private VLAN, Pri vate VLAN Co nfiguratio n. Ente r the VLAN ID numb er , select Prim ary or Community ty pe, then click Add. To r e move a private VLAN fr om the swi tch, highlig ht an entry in the Current list box and then click Rem ove.
C ONFIGURING P RIVAT E VLAN S 2-73 We b – Click Priv ate VLAN, Private VLAN Assoc iation. Sel ect the requir ed primar y VLAN from the scrol l-down box, highl ight one or more co m munit y V LANs in t he Non-Associ ation list box, and cl ick Add t o associate th ese entries wit h the selec ted primar y VLAN.
C ONFIGURING THE S WIT CH 2-74 Comma nd Attrib utes • Port/Trunk – The switch interf ace. • PVLAN Port Type – Displays pri vate VLAN po rt types.
C ONFIGURING P RIVAT E VLAN S 2-75 CLI – This ex ample shows the switch configured wi th primary VLAN 5 an d secondary VLAN 6. Por t 3 ha s been config ured as a promis cuous port an d mapped to VLA N 5, while por ts 4 and 5 have be en config ured as a host ports and associated with VLA N 6.
C ONFIGURING THE S WIT CH 2-76 • Primary VLAN – Conve ys traffi c between pr omiscuous p orts, and bet ween promis cuous port s and communit y ports wi thin the associated secondary VLANs. I f PVLAN type is “Prom iscuous,” the n specify the ass ociated prim ary VLAN.
C LASS OF S ERVICE C ONFIGURATION 2-77 CLI – This ex ample shows the switch configured wi th primary VLAN 5 an d secondary VLAN 6. Por t 3 ha s been config ured as a promis cuous port an d mapped to VLA N 5, while por ts 4 and 5 have be en config ured as a host ports and associated with VLA N 6.
C ONFIGURING THE S WIT CH 2-78 This switch uses W eighted Rou nd-Robin as the de fault mo de for each port. Up t o 8 separat e traffic cl asses are defined in IEEE 802. 1p. The defaul t priori ty levels are assigned according to recomme ndations i n the IEEE 80 2.
P ORT T RUNK C ONFIGURATION 2-79 Comma nd Attrib utes • WRR – Weighted Ro und-Robin share s bandwidth at the egres s port s by using scheduling weights of 1, 3, 12 and 48 for queue 0, 1, 2 a nd 3 resp ec tivel y.
C ONFIGURING THE S WIT CH 2-80 Command Usage Beside s balan cing the load a cross ea ch port in the tru nk, the ot her port s provide redundan cy by taking over the load if a por t in the trunk fails.
P ORT T RUNK C ONFIGURATION 2-81 • New – Se lects a pr edefi ned port gro up to add to the sp ecifi ed trunk. We b – Clic k Tr unk, T runk Configur ation. Enter a trunk ID o f 1-4 in the Trunk fiel d, sele ct any of the pr ede fine d port grou ps fr om the scro ll-down list, and click Add.
C ONFIGURING THE S WIT CH 2-82 CLI – Thi s example c reates t runk 1 with po rts 5 and 17. Just connec t these por ts to two stat ic trunk p orts on anothe r switch to form a trunk. Configuring SNMP SNMP (Simple Ne twork Management Protocol) is a communication protoc ol designed s pecifically for managing devices or ot her elemen ts on a network.
C ONFIGURING SNMP 2-83 submi t a vali d community st ring for auth entication . The op tions for conf iguring commun ity string s and relat ed trap func tions are descr ibed in the followin g sections. Setting Community Access Strings Y ou may c onfigure u p to five c ommunity s trings authorized f or management access.
C ONFIGURING THE S WIT CH 2-84 We b – Click SNMP , SNMP Configurati on. Add new community strings as require d, sele ct the acce ss rights fr om the Acce ss Mode drop -dow n lis t, then cl ick Ad d. CLI – The following e x ample adds the st ring “spiderman” with read/wri te acce ss.
C ONFIGURING SNMP 2-85 Command Usage • You ca n enable or disabl e authentic ation message s via the Web interf ace. • You can enable or dis able authentic ation messages or link-up -down messages via the CLI. Comma nd Attrib utes • Trap Manager Ca pability – Indicate s that th e swit ch suppo rts up to fi ve trap manage rs.
C ONFIGURING THE S WIT CH 2-86 We b – Click SNMP , SNMP Configur ation. Fill in the IP address and communi ty string for each T rap M anager that will receive th ese mess ages, mark Enable Aut henticati on T raps if requ ired, and t hen click A dd. CLI – This examp le adds a trap manager and en ables authenti cation traps.
M ULTI CA ST C ONFIGURATION 2-87 This switch uses I GMP (Internet Gr oup Managemen t Protocol) t o query for any attached hos ts that want to receive a specific multi cast service . It identifi es the ports co ntaining hos ts requestin g to jo in the serv ice and sen ds data out t o those por ts on ly.
C ONFIGURING THE S WIT CH 2-88 adjacen t multicast swi tch/rou ter to ensur e that it will co ntinue to rece ive the multicas t service. Note: Mult icast router s use this information, alo ng with a multi c ast r outing proto c ol suc h as DVMRP or PIM, to suppor t IP multic asting across the Inter net.
M ULTI CA ST C ONFIGURATION 2-89 We b – Click IGMP , IGMP Configur ation. Adjust the IGMP settin gs as requi red, and then c lick Apply. (The def ault s ettings are shown below .) CLI – Thi s exam ple modi fies the se tting s for mult icast filt erin g, an d then di splays th e curr ent statu s.
C ONFIGURING THE S WIT CH 2-90 Y ou can use the Mul t icast Router Port Inf ormation page to display the port s on this switch at tached to a neighbo ring multica st route r/ switch for e ach V LAN ID. Display ing Interface s Attached to a Multica st Router Command Attributes • VLAN ID – ID o f configured VL AN (1-4094).
M ULTI CA ST C ONFIGURATION 2-91 Specifying Interfaces Attached to a Multicast Router Depend ing on your n etwork connec tions, IGM P snooping may not always be able to lo cate the I G MP quer ier .
C ONFIGURING THE S WIT CH 2-92 CLI – Thi s example con figures port 11 as a multi cast router por t within VLAN 1. Displaying Port Members of Multicast Services Y ou can d isplay the por t members as sociated wit h a specified VLAN and mu lticast IP address .
M ULTI CA ST C ONFIGURATION 2-93 We b – Cl ick IG MP , IP Mu ltic ast R egis trat ion Table . Selec t the VLAN ID and mult ica st IP add res s. The switch will d isplay all th e port s that are propagating th is mu ltic ast se rvic e.
C ONFIGURING THE S WIT CH 2-94 Adding Multicast Addresses to VLANs Multic ast filterin g can be dynamic ally config ured using IGMP Snoo ping and IGMP Q uer y messa ges as de scri bed in “C onfi guring IGMP P arameters ” on page 2-87 .
M ULTI CA ST C ONFIGURATION 2-95 We b – Click IGMP , IGMP Member Port T able. Specify t he interface attached to a multicast service (vi a an IGMP-enabled switch or multic ast route r), indicate the VLA N that will pr opagate th e multi c ast ser vice, specify the multicast IP address, and then clic k Add.
C ONFIGURING THE S WIT CH 2-96 Showing Port Statistics Y ou can display st andard statistic s on network tr af fic from th e Interf aces Group and Etherne t -like MIBs , as well as a detailed breakdown of traffic bas ed on the RM OM MIB. Interfac es and Ethernet -like statist ics display err ors on the traffi c passing thr ough each p ort.
S HOWI NG P ORT S TATI STIC S 2-97 We b – Cli c k Sta t istic s, Port Statis tics. Select the required interface, and click Quer y. Y ou ca n also use th e Refresh but ton at the bottom of the page to upd ate th e screen .
C ONFIGURING THE S WIT CH 2-98 CLI – This exampl e shows st atistics for port 1. Rate Limit Configuration This fun ctio n allo ws the netwo rk ma nager to cont rol th e ma ximum rat e for tra f fic t ransmit ted or rec eived on an interfac e.
R ATE L IMIT C ONFIGURATION 2-99 Rate li miting ca n be applied t o individual por ts or tru nks. When an interface is configur ed with this feature, the tr af fic rate will be monit ored by the hard ware to verify co nformity. Non- conforming traffic i s dropped, conforming tr affic is forw arded without any changes .
C ONFIGURING THE S WIT CH 2-100 We b - Click Rate Limi t, Input/O utput Rat e Limit Port/ T r unk Confi g uration. Enable the Rate Limit Status for the requ ired inter faces , set the Rat e Limit to o ne of the opt ions sho wn in the prec eding table, and cl ick Appl y.
C ONFIGURI NG 802.1 X P ORT A UTHENTIC ATION 2-101 The IE EE 802.1x (dot1x) standard defines a p ort-based access contro l pr oced ure that pre vents unau thor ized a cce ss to a netw ork by requ iring us ers to fir st enter a user ID and p assword fo r authenti cation.
C ONFIGURING THE S WIT CH 2-102 Displaying 802.1x Global Settings The do t1x prot ocol inc ludes global p arameter s that co ntrol the client authentic ation proc ess that runs between the clien t and the switc h (i.e. , authenticat or), as well as the client identity lo okup proc ess that runs bet ween the switch and authe ntication server .
C ONFIGURI NG 802.1 X P ORT A UTHENTIC ATION 2-103 We b – Click dot1 x, dot1X I nform ation. CLI - This e x ample shows the de fault prot ocol setti ngs for dot 1x. Configuring 802.1x Global Settings The dot1x pro tocol includes global parame ters that c ontrol the client authentication proces s that runs between the client and the switch (i .
C ONFIGURING THE S WIT CH 2-104 identity lookup process that runs bet ween the s witch and authentication serv er. The configuration options for parameters are d escribed in this section.
C ONFIGURI NG 802.1 X P ORT A UTHENTIC ATION 2-105 We b – Select d ot1x, dot1X Co nfiguratio n. Enable do t1x global ly for the swit ch, modify any of the param eters requir ed, and then click Apply. CLI – Th is example enab les re-authen tication and sets all o f the global pa rameters fo r dot1x.
C ONFIGURING THE S WIT CH 2-106 • Mode – Sets the auth entication m ode to one of the foll owing option s: - Force-Auth orized – Configu res the port to grant acce ss to all client s, either dot 1x-aware or othe rwise. - Force-Unauthoriz ed – Configure s the port to deny acces s to all cli ents, either dot1x-aware or o therwise.
C ONFIGURI NG 802.1 X P ORT A UTHENTIC ATION 2-107 CLI – Th is examp le sets th e auth enticat ion m ode t o en able dot1x on port 2 . Displaying 802.
C ONFIGURING THE S WIT CH 2-108 We b – Selec t dot1x f ollowed by dot 1X statistic s . Selec t the requir ed port and t hen click Que ry. Click Re fresh to upd ate statisti cs. Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Authenticator.
C ONFIGURI NG 802.1 X P ORT A UTHENTIC ATION 2-109 CLI – Th is example disp lays the dot1x statistics for port 1. Console#show dot1x statistics Eth 1/1 Rx: E XPOL EAPOL EAPOL EAPOL EAP EAP EAP Start.
C ONFIGURING THE S WIT CH 2-110.
U SING THE C OMMAND L INE I NTER FA CE 3-1 C HAPTER 3 C OMMAND L INE I NTERFACE This chapter des cribes how t o use the C ommand Line In terface (CLI).
C OMMAND L INE I NTER FA CE 3-2 2. En ter the necessar y comm ands to co mplete your de sired tasks. 3. Wh en fini shed, exi t the s ession with the “ quit” or “exit” command. Aft er connecti ng to the system th rough the conso le port, t he lo gin screen displa ys: Telnet Connection T elnet oper ates over the IP t ransport protoco l.
U SING THE C OMMAND L INE I NTER FA CE 3-3 If your corporate ne twork is connec ted to another ne twork outside your off ice or to the Internet, you nee d to apply for a registered IP addr ess.
C OMMAND L INE I NTER FA CE 3-4 Entering Commands This s ect ion descr ibes how to e nter C LI c om mands . Keywords and Arguments A CLI comm and is a series of keyw ords and arg uments. Keyword s identi fy a command, and ar guments specify co nfiguration para m ete rs.
E NTER ING C OMMANDS 3-5 Command Completion If you ter min ate input with a T ab key, the CLI will prin t the remaini ng characters o f a partial keyword up t o the point of ambigu ity. In the “loggin g history” exampl e, typing log followed by a ta b will re sult in pri nting the comm and up to “ logging .
C OMMAND L INE I NTER FA CE 3-6 The comm and “ show i nter faces ? ” will d isplay the follo wing info rm at ion : Partial Keyword Lookup If yo u terminate a part ial keyword with a questi on mark, alternatives that match the initial lett ers are provid ed.
E NTER ING C OMMANDS 3-7 Understanding Command Modes The comman d set is divided into Ex ec and Configurati on classes. Exec com m ands ge nerally disp lay information on sys tem status or clea r stat istical cou nters. Conf iguration com mands, on t he other hand, modify interfac e parameter s or en able certain switching functi ons.
C OMMAND L INE I NTER FA CE 3-8 enable command, followed by t he privileged level pas s word “sup er” ( pag e 3-29) . T o enter Pr ivileged Ex ec mode, en ter the fol lowing command s and passwords : Configuration Commands Confi g uratio n commands are privileged level commands used to modi fy sw itch sett ings .
E NTER ING C OMMANDS 3-9 • Inter face Configu ration - Thes e commands modify the p ort config uration such as speed-duplex and ne gotiation . • Line Con figuration - These c ommands modify the co nsole port and Teln et configuratio n, and include command such as par ity and databits .
C OMMAND L INE I NTER FA CE 3-10 Command Line Processing Commands are not case sensiti ve. Y ou c an abbreviate c ommands and para meters as long as th ey contain enoug h letters to differen tiate them fr om any other cur r ently available comman ds or para meters.
C OMMAND G RO UP S 3-11 RADIUS Client Configures RADIUS client-server authentication for logon access 3-38 Port Authentication Configures IEEE 802.1x port access control 3-44 SNMP Activates authentica.
C OMMAND L INE I NTER FA CE 3-12 Note: Note that the acces s mode show n in the followi ng tab les is indic ated b y thes e abbr evi ation s: NE (Normal Exec) PE (Pri vile ged Ex ec) GC (Global Config.
G ENERAL C OMMANDS 3-13 General Commands enable Use thi s command to act ivate Privil eged Exec mode. In priv ileged mode, additional comm ands are av ailable , and certain commands displa y additional in for mation. See “Understand ing Command Modes” on page 3 -7.
C OMMAND L INE I NTER FA CE 3-14 Default Se tting Level 15 Command Mode Norm al Exec Command Usage • “su per” is th e defaul t password r equired t o change the comma nd m ode from N or mal Ex ec to Pr ivile ged Exec . (T o set this pas sword, see the enable password command on page 3-29.
G ENERAL C OMMANDS 3-15 Command Usage The “> ” characte r is appen ded to the en d of the prompt to indic ate that th e syste m is in n ormal access mo de. Example Related Commands enable (3- 13) configure Use t his comman d to activa te Global C onfiguration mode.
C OMMAND L INE I NTER FA CE 3-16 show history Use t his comman d to show the content s of t he command history buf fer. Default Se tting None Command Mode Normal Ex ec, Privileg ed Exec Command Usage The his tory buffer si ze is fixed at 10 Execution commands and 10 Configuratio n commands.
G ENERAL C OMMANDS 3-17 example, the !2 com mand repe ats the sec ond command in the Execu tion history buffe r ( config ). reload Use th is c ommand to r estart t he system. Note: When the system is restart ed, it will always run the Power-On Self-Test .
C OMMAND L INE I NTER FA CE 3-18 Command Mode Global Co nfiguration, I nterface Configur ation, Line Confi g uration, VLAN Database Conf iguration Example This example shows how to ret ur n to the Pri.
F LASH /F ILE C OMMANDS 3-19 quit Use thi s comman d to exit the configurat ion program. Default Se tting None Command Mode Normal Ex ec, Privileg ed Exec Command Usage The qui t and exit comm ands can both ex it the configur ation program.
C OMMAND L INE I NTER FA CE 3-20 copy Use thi s comman d to move (up load/download ) a code image or conf iguration f ile between the swit ch’s Flash memory an d a TFTP serve r. When you save the system code or confi guration set tings to a file on a TFTP server , that f ile can later be downloaded to the switch t o re store syst em ope ration.
F LASH /F ILE C OMMANDS 3-21 Command Usage • The sy stem prompts for data re quired to com plete th e copy command. • The de stination file name should no t contain sl ashes ( o r /), the le ading letter o f the file name should not b e a period (.
C OMMAND L INE I NTER FA CE 3-22 The f ollowing exam ple shows ho w to copy the running configuration to a startup file. The fol lowing example shows how to download a conf iguration file: delete Use this command to dele te a file or image. Syntax delete filename filename - Na me of the co nfiguration file or image na me.
F LASH /F ILE C OMMANDS 3-23 Command Usage • If the file type is used for syst em startup, th en this fi le cannot be del eted . • “Fact ory_Default _Config.cfg” c annot be d eleted. Example This example sho ws how to de lete the test2.cfg configurat ion file from F lash memo ry.
C OMMAND L INE I NTER FA CE 3-24 Command Usage • If you en ter the co mmand dir with out any par ameter s, the system d isplays al l files. • Fi le inf ormat ion i s shown bel ow: Example The fo llo win g exa mple show s how to displ ay al l file inf or mat ion : whichboot Use thi s comman d to display which files booted.
F LASH /F ILE C OMMANDS 3-25 Example This ex ample shows t he informati on displayed by the whic hboot command. See the table un der the dir command f o r a descr iption of the file information d isplayed by t h is co mmand. boot system Use t his command to specify the fi le or image used to star t up the system.
C OMMAND L INE I NTER FA CE 3-26 Example Related Commands dir (3- 23) whichbo ot (3-24) System Management Commands These commands are used to con trol system logs , passwords, us er name s, browser con figuration options, an d display or configure a vari ety of other system information .
S YSTEM M ANA GEMEN T C OMMANDS 3-27 hostname Use t his comman d to specify or modify the host nam e for thi s devi ce. Use the no for m to re store th e defa ult host name .
C OMMAND L INE I NTER FA CE 3-28 Syntax userna me name { access-le vel level | nopasswor d | passwor d { 0 | 7 } password } no userna me name • name - The name of the us er. (Maximu m len gth: 8 charact ers, case sensitive. M aximum users : 16) • access-l evel level - Spec ifies the user level.
S YSTEM M ANA GEMEN T C OMMANDS 3-29 Example This exam ple sho ws how th e set the access leve l and passwor d for a user . enable password After initially l ogging ont o the system , you shoul d set the Privil eged Exec pa ssword. Rememb er to record it in a safe place.
C OMMAND L INE I NTER FA CE 3-30 p a s s w or d t o c ha n g e t h e co mm an d m o d e fr o m N o r m a l E x e c t o Privil eged Exec wi th the enable command (page 3-13). • The en crypted pa ssword is requ ired for com patibility with legacy password settings (i.
S YSTEM M ANA GEMEN T C OMMANDS 3-31 Related Commands ip htt p server (3- 31) ip http server Use this comm and to all ow this de vice to be mon itor ed or config ured from a br owser .
C OMMAND L INE I NTER FA CE 3-32 show startup-config Use thi s comman d to display th e configurat ion file stored in non-vol atile mem ory that is used to start up the sys tem.
S YSTEM M ANA GEMEN T C OMMANDS 3-33 Example Related Commands show ru nning-con fig (3-34) Console#show startup-config building startup-config, please wait.
C OMMAND L INE I NTER FA CE 3-34 show running-config Use this co mmand to display the co nfiguration informatio n current ly in use. Default Se tting None Command Mode Privil eged Exec Command Usage .
S YSTEM M ANA GEMEN T C OMMANDS 3-35 Example Related Commands show s tartup -conf ig (3-3 2) Console#show running-config building running-config, please wait.
C OMMAND L INE I NTER FA CE 3-36 show system Use this co mmand to disp lay system infor matio n. Default Se tting None Command Mode Normal Ex ec, Privileg ed Exec Command Usage • For a descri ption of t he items sh own by this co mmand, ref er to “Displaying System Information” on page -9.
S YSTEM M ANA GEMEN T C OMMANDS 3-37 show users Shows all active cons ole and T elnet ses sions, inclu ding user name , idle t ime, and IP add ress of T elnet clie nt. Default Se tting None Command Mode Normal Ex ec, Privileg ed Exec Command Usage The se ssion used to execute thi s command is indicated by a “*” symbol ne xt to the Line (i.
C OMMAND L INE I NTER FA CE 3-38 Command Usage See “Displaying Switch H ardware/Software V ersions” on page -28 for d etailed inform ation on software items. The meaning of hardware items are as follows: • Serial Number – Serial numbe r of the main board.
A UTHE NTIC ATI ON C OMMANDS 3-39 authentication login Use t his comman d to define the login authentica tion method and prece dence. Use th e no for m t o re stor e the de fault. Syntax authenti cation logi n {[ local ] [ radius ]} no authenti cation logi n • loca l - Use lo cal passwo rd only.
C OMMAND L INE I NTER FA CE 3-40 Command Usage • RADIUS uses UDP whic h only offers best-e ffor t deliv ery. Also, note th at RADIUS en crypts on ly the pas sword in the access-r equ est packet fro m the clie nt to the server . • RADIUS logon authentication assi gn s a specific privilege level for eac h user name and pa ssword pair.
A UTHE NTIC ATI ON C OMMANDS 3-41 Command Mode Global Co nfiguration Example radius-server port Use this command to set the RA DIUS serv er netw ork port . Use th e no form to rest ore the defa ult. Syntax radius-serve r port port_number no radius-server port port_number - RADIUS server U DP port use d for authenticati on messages.
C OMMAND L INE I NTER FA CE 3-42 radius-server key Use thi s command to set th e RADIUS enc ryption key . Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate logon access for cl ient.
A UTHE NTIC ATI ON C OMMANDS 3-43 Command Mode Global Co nfiguration Example radius-server timeout Use this command to set the interv al betw een tran smittin g auth entication requests t o the RADI US server . Use the no for m to restor e the defaul t.
C OMMAND L INE I NTER FA CE 3-44 Command Mode Privil eged Exec Example Port Authentication Commands The switc h supports IEEE 802 .1x (dot1x) port-based ac cess control that pre vents unauth orized acce ss to the n etwork by requ iring users to first ente r a user ID and pass word fo r authent ication .
P ORT A UTHE NTIC ATI ON C OMMANDS 3-45 authentication dot1x Sets the d efault authe nticati on serve r type. Use the no for m to restor e the defaul t.
C OMMAND L INE I NTER FA CE 3-46 dot1x default Sets all configurabl e dot 1 x globa l an d por t set tings to the ir def ault valu es. Syntax dot1x default Command Mode Global Co nfiguration Example d.
P ORT A UTHE NTIC ATI ON C OMMANDS 3-47 dot1x port-control Sets t he dot1x mode on a por t interface. Use the no form to rese t to th e defaul t. Syntax dot1x port-control { auto | force-a uthori zed | force-unauthorized } no dot1x port-control • auto – Require s a dot1x-awar e connected client to b e author ized by the RADIUS se rver.
C OMMAND L INE I NTER FA CE 3-48 dot1x re-authenticate Forces re-authentication on all ports or a specific interface. Syntax dot1x re-authent icate [ interfac e ] inter face • ethernet unit / port - unit - This is device 1.
P ORT A UTHE NTIC ATI ON C OMMANDS 3-49 dot1x timeout quiet-period Sets the ti me that a switc h port wai ts after the Max Reque st Count has b een exceed ed b efor e atte mpti ng to acqu ire a new clie nt. U se the no for m of th is command to reset th e default.
C OMMAND L INE I NTER FA CE 3-50 Example dot1x timeout tx-period Sets the ti me perio d duri ng an authent icati on session that th e switc h waits befo re re-trans mitting an EAP packet . Use the no form to r ese t to t he de fault v alue . Syntax dot1x timeout tx-period secon ds no dot1x timeout tx-period secon ds - Number o f second s.
P ORT A UTHE NTIC ATI ON C OMMANDS 3-51 show dot1x Use this command to show general port authe nticati on rel ated settings o n the switc h or a specific i nter face. Syntax show dot1x [ stati stics ] [ inter face inter face ] inter face • ethernet unit / port - unit - This is device 1.
C OMMAND L INE I NTER FA CE 3-52 • 802.1X Po rt Details – Displays de tailed por t access con trol sett ings for each i nterface as described in the pr eceeding p ages, including adminstrative sta.
P ORT A UTHE NTIC ATI ON C OMMANDS 3-53 Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 3600 quiet-period: 350 tx-period: 300 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1X Port Summary Port Name Status Mode Authorized 1 disabled ForceAuthorized n/a 2 enabled A uto n/a .
C OMMAND L INE I NTER FA CE 3-54 SNMP Commands Contr ols access to this switch fro m managem ent stations usi ng the Simple Network Managem ent Protocol (SNMP ), as well as the e rror types se nt to trap ma nagers. snmp-server community Use thi s command to defi ne the communit y access s t rin g for the Simpl e Netwo rk Man ageme nt Pr otoc ol.
SNMP C OMMANDS 3-55 • rw - Specifies read-write acce ss. A uthorized management stati ons are able t o both retr ieve and modi fy MIB obj ects. Default Se tting • pub lic - Read-only access. Au thorized manag ement stations are only able to re trieve MIB objec ts.
C OMMAND L INE I NTER FA CE 3-56 Example Related Commands snmp-s erver locati on snmp-server location Use t his comman d to set the system location string. Use the no form to remove the locati on string. Syntax snmp-server l ocation tex t no snmp-server l ocation text - String that d escribes th e system location.
SNMP C OMMANDS 3-57 snmp-server host Use this command to speci fy the rec ipien t of a Simple Netw ork Managem ent Protocol notification o p erati on. Use the no for m to remo ve the sp ecif ied h ost.
C OMMAND L INE I NTER FA CE 3-58 The snmp -serve r host co mmand is used in conjunction with the snmp-server enable trap s command. Use th e snmp-server ena ble tra ps command to spe cify which SNMP notifi catio ns are sent globa lly.
SNMP C OMMANDS 3-59 Default Se tting Issue authentica tion and link-u p-down traps . Command Mode Global Co nfiguration Command Usage If yo u do not ent er a n sn mp-server enable t raps command, no noti fications controlled by this comm and are s ent.
C OMMAND L INE I NTER FA CE 3-60 Command Mode Normal Ex ec, Privileg ed Exec Command Usage This c ommand prov ides informati on on the co mmunity acce ss stri ngs, count er informati on for SNMP inp ut and output prot ocol data units, and whethe r or not SNMP logg ing has been enabl ed with th e snmp -server enab le traps comma nd.
IGMP S NOOPING C OMMANDS 3-61 IGMP Snooping Commands This switch uses I GMP (Internet Gr oup Managemen t Protocol) t o query for any attached hos ts that want to receive a specific multi cast service . It identifi es the ports co ntaining hos ts requestin g a service and sends data o ut to t hose p orts on ly.
C OMMAND L INE I NTER FA CE 3-62 Default Se tting Enab led Command Mode Global Co nfiguration Example The follo wing ex ample enabl es IGMP snoopi ng. ip igmp snooping query-count Use t his comman d to configur e the quer y count. Use the no fo r m to res tore the de fault.
IGMP S NOOPING C OMMANDS 3-63 res po nse -t im e . If the countdown fin ishes, and t he client st ill has no t re sponde d, th en tha t cli ent is cons ide red t o hav e left the mult icast group.
C OMMAND L INE I NTER FA CE 3-64 query-count , bu t a client has not r esponded, a cou ntdown timer is started usin g an initial value set by t his command. If the countd own f inish es, an d the cli ent st ill ha s not resp onde d, the n that c lient is co nsidered to have left t he multicast group.
IGMP S NOOPING C OMMANDS 3-65 Command Usage T h e s w i t c h m u s t b e u s i n g I G M P v 2 f o r t h i s c o m m a n d t o t a k e effe ct. Example The f ollowing sho ws how to c onfigure t he de.
C OMMAND L INE I NTER FA CE 3-66 • Some c ommands are onl y enabled for I GMPv2, incl uding ip igmp query-max -response-time and ip igm p query-timeout . Example The fol lowing configure s the switch to use IGMP V ersi on 1: show ip igmp snooping Use t his comman d to show the IGMP snoo ping con figuration.
IGMP S NOOPING C OMMANDS 3-67 show mac-address-table multicast Use thi s command t o show known multicast addr esses. Syntax show mac-addr ess-table multicast [ vlan vl an-id ] [ user | igmp-snooping ] • vlan-id - VLAN ID (1 to 4094) • user - Displ ay only the user-configur ed multicast entries.
C OMMAND L INE I NTER FA CE 3-68 Line Commands Y ou can access the onb oard configurat ion program by attachin g a VT100 compatible de vice to t he server’ s seri al port. Th ese commands ar e used to set comm unicati on parame ters for t he serial port o r T e lne t (i.
L INE C OMMANDS 3-69 line Use th is command t o identify a specific li ne for configuratio n, and to pr ocess subseq uent line configuratio n commands. Syntax line { console | vty } • cons ole - Console te rminal line. • vty - Virtual terminal for remote console acc ess.
C OMMAND L INE I NTER FA CE 3-70 login Use this co mmand to enable pass word checking at login . Use the no form to disab le password chec king and allow connecti ons without a password. Syntax logi n [ local ] no login loca l - Selects l ocal password che cking.
L INE C OMMANDS 3-71 • This command co ntrols login au thenti cation via th e switch itself . To con figur e use r nam es and pa sswo rds for remote authent ication ser vers, you m ust use th e RADIUS softwar e install ed o n those se rver s.
C OMMAND L INE I NTER FA CE 3-72 Command Usage • Whe n a conn ecti on is start ed on a l ine wi th pass word prot ection, the sys tem prompts fo r the pass word.
L INE C OMMANDS 3-73 Command Mode Line Conf iguration Command Usage • I f user input i s detected wi thin the tim eout interval , the sess ion is kept open ; othe rwise the se ssion i s termi nat ed. • This command ap plies to bo th the lo cal consol e and Telne t conne ctions .
C OMMAND L INE I NTER FA CE 3-74 Command Usage • Whe n the logo n attemp t thresh old is re ached, the syste m interf ace beco mes s ilent for a sp ecif ied a moun t of time befo re allowi ng the next logon attempt. (Us e the silent-ti me command to set this interv al.
L INE C OMMANDS 3-75 Command Mode Line Conf iguration Example T o set the si lent time to 60 seco nds, enter thi s command: Related Commands passwo rd-thresh (3- 73) databits Use this command to set th e numbe r of data bits pe r character that are in terp reted an d gen erated by the co nsole port.
C OMMAND L INE I NTER FA CE 3-76 Example T o specif y 7 data bits , ent er this co mmand: Related Commands parit y (3-76) parity Use t his command to define ge neration of a parit y bit.
L INE C OMMANDS 3-77 speed Use this command to set the ter minal l ine's b aud rate . This comma nd sets bot h the trans m it (t o terminal) and receive (fr om terminal ) speeds. Us e the no fo rm to restor e the de fault sett ing. Syntax speed bps no speed bps - B a u d r a t e i n b i t s p e r s e c o n d .
C OMMAND L INE I NTER FA CE 3-78 stopbits Use this command to set the numb er of th e stop bits transm itte d per byt e. Use the no for m to rest ore the default se tting.
IP C OMMANDS 3-79 Example T o show a ll lines, ent er this command: IP Commands There are no IP add r esses assigned to this switch by defaul t. Y ou must ma nually co nfigur e a new ad dress t o manage th e swit ch ove r your ne twork.
C OMMAND L INE I NTER FA CE 3-80 ip address Use thi s command to set th e IP ad dres s for thi s device. Use the no form to restore the default I P address. Syntax ip addr ess { ip-addre ss netmask | bootp | dhcp } no ip address • ip-address - IP address • netmask - Network mask fo r the associate d IP subnet.
IP C OMMANDS 3-81 • You can start br oadcasting BOOTP or DHCP re quests by enteri ng an ip dhcp restar t command, or by rebo oting the switch. Note: Only on e VLAN int erface c an be assig ned an IP addr ess (the de fault is V LAN 1). Thi s defines the managemen t VLAN, the only VLA N through whi ch you can gain management access to the sw itch.
C OMMAND L INE I NTER FA CE 3-82 • If the BOOTP or DHCP server has be en moved to a different domai n, th e netw ork por tion of the a ddr ess prov ided to the client will be based on this new dom ain. Example In the following e x ample, the device is reassign ed the same address.
IP C OMMANDS 3-83 Command Usage A gateway must be de fined if the management stat ion is located in a di f ferent IP segment. Example The fol lowing example defines a def ault gateway for t his device: Related Commands show ip redirects (3- 84) show ip interface Use thi s comman d to display th e settings of an IP interface.
C OMMAND L INE I NTER FA CE 3-84 show ip redirects Use th is command to show th e default gat eway configured f or thi s devi ce. Default Se tting None Command Mode Privil eged Exec Example Related Commands ip defaul t-gateway (3- 82) ping Use thi s command to send ICM P echo request pa ckets to another node on the netwo r k.
IP C OMMANDS 3-85 Command Mode Normal Ex ec, Privileg ed Exec Command Usage • Use th e pin g comma nd to se e if anot her si te on th e netwo rk can be re ached. • Follo wing are some resu lts of the ping co mmand: - Normal response -T he normal res ponse occur s in one to te n secon ds, depen ding on network traffic .
C OMMAND L INE I NTER FA CE 3-86 HOL Blocking Preventi on Commands If head-o f-line (HOL) Blocking Pre vention is enabl ed it prevents the for warding of dat a to a port t ransmit queue that is blocke d. This allows for a more efficient tr ansfer of packe ts across th e networ k.
HOL B LOCK I NG P RE V E N TI O N C OMMANDS 3-87 Syntax queue hol-preve ntion no queue hol-prevent ion Default Se tting Enab led Command Mode Global Co nfiguration Command Usage • If HOL Blocking Pr evention is disabl ed on this switch.T he transmi t queue may be complet ely filled with frames awaiting servic e.
C OMMAND L INE I NTER FA CE 3-88 Example This ex am ple dis plays the curren t status. Interface Commands These commands are use d to display or set comm unication para meters fo r an Et hernet port, aggregate d link, or VLAN.
I NTER FA CE C OMMANDS 3-89 interface Use th is c ommand to c onfigu re an inter face type an d en ter interf ace config uration mo de. Use the no for m to remove a trunk. Syntax int er fa ce inter fac e no interface por t-channel channe l-id inter face • ethernet unit / port - unit - This is device 1.
C OMMAND L INE I NTER FA CE 3-90 description Use this command to add a description t o an interface. Use the no form to remo ve the de scri ption. Syntax descript ion string no description string - Comme nt or a de script ion to help you remem ber what is attache d to this in te r face.
I NTER FA CE C OMMANDS 3-91 • 10fu ll - Forces 10 Mbp s full-duple x operation • 10hal f - Forces 10 Mbps half-d uplex oper ation Default Se tting • Auto- negotiation is enabled by def ault.
C OMMAND L INE I NTER FA CE 3-92 negotiation Use this command to e nable autonegotiation for a given interface. Use the no form to disab le autonego tiation.
I NTER FA CE C OMMANDS 3-93 capabilities Use thi s comman d to advertis e the port cap abilit ies of a given inter face durin g autone gotiati on. U se th e no for m wi th parame ters to remov e an advertis ed capability , or the no form with out para m ete rs to rest ore the defaul t values.
C OMMAND L INE I NTER FA CE 3-94 Command Usage When aut o-negotiatio n is enabled with the negotiation command, the switc h will negoti ate the best set tings for a li nk base d on the capa bilites command. W h en auto-negotiatio n is disa bled, you mu st manually specify the l ink attribut es with the speed-duplex and flowcontrol comm ands.
I NTER FA CE C OMMANDS 3-95 Command Usage • Flo w control can el iminate frame lo ss by “blo cking” traffic fro m end stations or segments connected directly to the sw itch when its b u ffers fil l. When enabled , back press u re is used for half-d uplex operati on and IEEE 8 02.
C OMMAND L INE I NTER FA CE 3-96 shutdown Use this command to disable an interface. T o restart a disabled inter face, use th e no form. Syntax shutdo wn no shut down Default Se tting All interfaces are enable d.
I NTER FA CE C OMMANDS 3-97 switchport broadcast percent Use t his comman d to config ure broadcast storm contr ol. Use the no form to disab le broadcast storm contr ol. Syntax switchport broadcast p ercent level no switchport broadcast leve l - T hreshold leve l as a pe rcentage o f bandw idth.
C OMMAND L INE I NTER FA CE 3-98 clear counters Use this command to clear st atistics o n an inter face. Syntax clear counters inter face inter face • ethernet unit / port - unit - This is device 1.
I NTER FA CE C OMMANDS 3-99 show interfaces status Use this command to displ ay the status for an interface. Syntax show inter faces status inter face inter face • ethernet unit / port - unit - This is device 1.
C OMMAND L INE I NTER FA CE 3-100 Example show interfaces counters Use th is c ommand to di splay s tatistics for an in terface . Syntax show inter faces counters inter face inter face • ethernet unit / port - unit - This is device 1. - port - Por t numb er.
I NTER FA CE C OMMANDS 3-101 Command Usage If no i nterface is specified , information on all interfaces is displ ayed. For a de scription o f the items di splayed by thi s comma nd, see “Showing Por t Statistic s” on page -96.
C OMMAND L INE I NTER FA CE 3-102 show interfaces switchport Use thi s comman d to display adv anced interface conf iguration settin gs. Syntax show inter fac es switch port [ inter face ] inter face • ethernet unit / port - unit - This is device 1.
I NTER FA CE C OMMANDS 3-103 • Gvrp status – Shows if G ARP VLA N Regi strati on Prot ocol is enabled or disabled (p age 3-140). • Allowed Vlan – Shows the VLANs th is interface has joined, where “( u)” indicates untag ged and “(t)” indica tes tagged (page 3-12 9).
C OMMAND L INE I NTER FA CE 3-104 This exa mpl e shows the confi gura tion fo r port 3 when set to promis cuous mode for private V LANs. Rate Limit Commands This fun ctio n allo ws the netwo rk ma nager to cont rol th e ma ximum rat e for tra f fic t ransmit ted or rec eived on an interfac e.
R ATE L IMIT C OMMANDS 3-105 rate-limit Use this command to set the rate limi t. Use the no form to re move the rate limi t. Syntax rate-l imit {input | output} per cent per cent no rat e-l imit inpu t • inp ut - Sets th e rate limit for inbound tr affic.
C OMMAND L INE I NTER FA CE 3-106 Example This e xample sets the rate limi t for in put and output traffi c on po rt 2 to 3 12K when operat ing at 10 Mbps or 3.
A DDR ESS T ABLE C OMMANDS 3-107 mac-address-table static Use this command to m ap a static address to a dest ination port. Use the no for m to remove an addr ess. Syntax mac-addres s-table s tatic mac-addr es s { inter face | discard } [ action ] no mac-addr ess-table s tatic mac- addr ess [ discar d ] • mac-address - MAC addr ess.
C OMMAND L INE I NTER FA CE 3-108 • Stat ic addresses will not be remove d from t he addres s tabl e when a g iven interface l ink is down. • St atic address es are bound to th e assigned interface and will no t be moved.
A DDR ESS T ABLE C OMMANDS 3-109 show mac-address-table Use this command to view classes o f entri es in th e brid ge-for wa rding da taba se. Syntax show mac-addr ess-table [ address mac-addr ess [ mask ]] [ int er fa ce inter fac e ] [ vlan vla n-id ] [ sort { address | vlan | int er fa ce }] • mac-address - MAC addr ess.
C OMMAND L INE I NTER FA CE 3-110 Example mac-address-table aging-time Use th is c ommand to s et the aging time for e ntrie s in t he add res s tabl e. Use the no fo rm to rest ore the d efault aging t ime. Syntax mac-addres s-table aging-tim e seconds no mac-addres s-table aging-time second s - Ti me in se conds (2 -172 800).
S PANNING T RE E C OMMANDS 3-111 show mac-address-table aging-time Use this command to sho w the aging time fo r entr ies in th e address table. Default Se tting None Command Mode Privil eged Exec Exa.
C OMMAND L INE I NTER FA CE 3-112 spanning-tree Use this co mmand to enable the Sp an nin g Tree Algor ithm glob ally for the swit ch. Use the no form to d isable it.
S PANNING T RE E C OMMANDS 3-113 Example The fol lowing example shows how to enable the Spannin g T ree Algorith m for the s witch: spanning-tree forward-time Use t his comman d to config ure the sp anning tree b ridge forw ard time glob ally for this sw itch .
C OMMAND L INE I NTER FA CE 3-114 Example spanning-tree hello-time Use th is command to configure t he spanning tree brid ge hello ti me globall y for this switch. Us e the no form to restore the defau lt. Syntax spanning-tre e hello-time time no spanning-tre e hello-time time - Time in secon ds.
S PANNING T RE E C OMMANDS 3-115 spanning-tree max-age Use this command to confi gure the span ning tree bridge maximum age glob ally for this switch. Use the no fo r m to re store the default. Syntax spanning-tre e max-age se con ds no spanning-tre e max-age second s - Ti me in seco nds.
C OMMAND L INE I NTER FA CE 3-116 spanning-tree priority Use th is command to config ure the span ning tree prio rity gl obally for this switch . Use the no fo rm to rest ore the def ault. Syntax spanning-tre e priority pr iority no spanning-tre e priority priority - Priority of the br idge.
S PANNING T RE E C OMMANDS 3-117 The recomm ende d range i s: - E thernet: 50- 600 - F ast Ethernet: 10-6 0 - G igabit Etherne t: 3-10 Default Se tting • Ether net – half d uplex: 100; fu ll duple.
C OMMAND L INE I NTER FA CE 3-118 Default Se tting 128 Command Mode Interf ace Configurat ion (Ethernet, Por t Channel) Command Usage • This command d efines the priority for the use of a po rt in the spanni ng-tree a lgorithm.
S PANNING T RE E C OMMANDS 3-119 Command Mode Interf ace Configurat ion (Ethernet, Por t Channel) Command Usage • Thi s command i s used t o enable/disable the fast spanni ng-tree mode for th e selec ted port. In this mod e, ports skip the Blocked, Listen ing and Learning states and proceed str aight to Forwarding .
C OMMAND L INE I NTER FA CE 3-120 Command Mode Privil eged Exec Command Usage For a de scription of the items displayed under “Bridg e-group information, see “Managing Global Se t tings” on page -43. For a descrip tion of the item s displayed for specific interfac es, see “Managing ST A Interface Settings” on page -47.
VLAN C OMMANDS 3-121 VLAN Commands A VLA N is a g roup of por ts that can be locate d anywhere in the netwo rk, but co mmunic ate as tho ugh the y belo ng to the sam e physi cal segment .
C OMMAND L INE I NTER FA CE 3-122 vlan database Use t his command to enter VLAN d atabase mode . All command s in this m ode will take e ffe ct im mediate ly. Default Se tting None Command Mode Global Co nfiguration Command Usage • Use the VLAN dat abase command m ode to add, ch ange, and dele te VLANs.
VLAN C OMMANDS 3-123 Related Commands show vlan (3-131) vlan Use thi s comman d to configur e a VLAN. Us e the no fo rm to restor e the de fault sett ings or de lete a VLAN. Syntax vlan vla n-id [ name vlan-name ] m edia ether net [ state { active | suspend }] no vlan vlan-id [ name | state ] • vlan-id - ID o f configured VLAN.
C OMMAND L INE I NTER FA CE 3-124 • VLAN 1 cannot be s uspended, bu t any other VLAN will be suspen ded. • You ca n configu re up to 127 VLANs on t he switch. Example The fol lowing examp le adds a VL AN, using vlan- id 105 and n ame RD5. T he VLAN is activated by default.
VLAN C OMMANDS 3-125 Example The f ollowing exam ple shows ho w to set the interface config uration mode to VLAN 1, and then assign an IP add r ess to the VLAN: Related Commands shut down (3-9 6) switchport mode Use t his command to configure the VLAN member ship mode for a port.
C OMMAND L INE I NTER FA CE 3-126 Example The fo llowing shows how t o set the c onfiguration mo de to port 1, and then set the sw itchport mode to trunk: switchport acceptable-frame-types Use thi s command to conf igure th e acceptable fr ame types for a port.
VLAN C OMMANDS 3-127 switchport ingress-filtering Use this co m mand to enab le ingress filterin g for an interface. Use the no form to rest ore the defa ult.
C OMMAND L INE I NTER FA CE 3-128 switchport native vlan Use t his comman d to config ure the PVI D (i.e., defa ult VLAN I D) for a port . Use th e no form to restore the default . Syntax switchport native vlan vlan- id no switchport native vlan vlan-id - Defaul t VLAN ID f or a port.
VLAN C OMMANDS 3-129 switchport allowed vlan Use thi s command to conf igure VLAN group s on the se lected interface . Use th e no f or m t o r estor e t he defa ult. Syntax switchport al lowed vlan { add vlan | rem ov e vlan } no switchport allow ed vlan • add vlan - VLAN identi fier to ad d.
C OMMAND L INE I NTER FA CE 3-130 Example The fol lowing examp le shows how t o add VLANs 1, 2, 5 and 6 to the allowed list as ta gged V LANs for port 1: switchport forbidden vlan Use this comma nd to co nfigu re for bidde n VLANs. Use the no for m to remov e the list of fo rbidden VLAN s.
VLAN C OMMANDS 3-131 Example The fol lowing examp le shows how t o prevent p ort 1 from being added to VLAN 3: show vlan Use thi s comman d to show VLA N information. Syntax show vlan [ id vlan-id | name vlan-name ] • id - Keyword to be followed by the VLAN I D.
C OMMAND L INE I NTER FA CE 3-132 Example The fol lowing example shows how to display information for VLAN 1: Private VLAN Commands Private VLAN s provid e port-b ased s ecurity and is olati on betw een ports with in the assi gned VLAN . This switch suppo rts two ty pes of private V LAN ports: pr omiscu ous, and communi ty ports .
P RIVAT E VLAN C OMMANDS 3-133 T o configure priv ate VLANs, follow the s e step s: 1. Use the pr ivate-vlan command to designate o ne or more communi ty VLANs an d the prim ary VLAN that will channel traffic ou tsid e the commu nity gro ups. 2. Use the pr ivate-vlan a ssociation command to map the secondar y (i.
C OMMAND L INE I NTER FA CE 3-134 private-vlan Use th is c ommand to c reate a pr imary or secondary (i .e., communi ty) private VLAN. Use the no form to remove the specifie d private VLAN. Syntax private-vl an vlan-id { community | primary } no private-vlan vlan- id • vlan-id - ID of privat e VLAN.
P RIVAT E VLAN C OMMANDS 3-135 Example private vlan association Use this command to as sociate a primary VLAN with a s econdary (i.e., community) VLAN.
C OMMAND L INE I NTER FA CE 3-136 Example switchport mode private-vlan Use th is c ommand to s et the privat e VLAN mode for an interface. Use the no form to re store the default setting.
P RIVAT E VLAN C OMMANDS 3-137 Example switchport private-vlan host-association Use this command to as sociate an interface with a secondary VLAN. Use th e no form to remo ve this ass ociatio n. Syntax switchport pri vate-vlan host -association secondary-vlan-id no switchport priv ate-vlan host-assoc iation secondary-vlan-id - ID of secondar y (i.
C OMMAND L INE I NTER FA CE 3-138 switchport private-vlan mapping Use this command to map an inte r face to a primary VLAN. Use the no form to remo ve this mappi ng. Syntax switchport pri vate-vlan ma pping primary-vlan-id no switchport priv ate-vlan map ping primary-v lan -id - ID of pri mary VLAN.
P RIVAT E VLAN C OMMANDS 3-139 show vlan private-vlan Use th is comma nd to show the privat e VLAN configu r ati on settings on this swit ch. Syntax show vlan private-vl an [ community | primary ] • com muni ty - Displays all co mmunity V LANs, along with thei r associate p rimary VLAN a nd assigned ho st interfa ces.
C OMMAND L INE I NTER FA CE 3-140 GVRP and Bridge E xtension Commands GARP V LAN Registr ati on Prot ocol defin es a way for switc hes to exchan ge VLAN information in order to automatic ally regist er VLAN m embers o n int erface s across the netwo rk.
GVRP AND B RIDG E E XTENSION C OMMANDS 3-141 Default Se tting Disab led Command Mode Interf ace Configurat ion (Ethernet, Por t Channel) Command Usage GVRP c an only be enab led for ta gged port s. Y ou must se t switchport mode to “trunk” t o configure a t agged port.
C OMMAND L INE I NTER FA CE 3-142 Example garp timer Use this command to set th e values for the join , leave and leave all timers. Use the no form to rest ore the t imers' defau lt values.
GVRP AND B RIDG E E XTENSION C OMMANDS 3-143 experi encin g diffic ulties w ith GMRP or GVR P regist ration/ deregi stratio n. • Tim er values are appl ied to GVRP for all t h e port s on all VLANs.
C OMMAND L INE I NTER FA CE 3-144 Command Mode Normal Ex ec, Privileg ed Exec Example Related Commands garp time r (3-142 ) bridge-ext gvrp Use thi s command to enable GVRP .
GVRP AND B RIDG E E XTENSION C OMMANDS 3-145 Example show bridge-ext Use thi s command t o show th e configurat ion for bri dge extens ion commands. Default Se tting None Command Mode Privil eged Exec.
C OMMAND L INE I NTER FA CE 3-146 Priority Commands Class of Serv ice (CoS) allows data pac kets that have greate r preceden ce to receive hi gher service prio rity when traffic is buffered in the swi t ch due to congestio n. This sw itch suppor ts CoS with four pr iorit y queues for each port.
P RIORI TY C OMMANDS 3-147 queue mode Use thi s command to set th e queue mo de to strict prior ity or W eighted R ound-Robin (WRR ) for the f our class of s ervice (CoS) priori ty queues.
C OMMAND L INE I NTER FA CE 3-148 Command Mode Privil eged Exec Example Mirror Port Commands This sec tion describes how to mirror traffic from a source port to a target port. port monitor Use t his comman d to config ure a mirro r sessi on. Use the no for m to clear a mirro r sessio n.
M IRR OR P ORT C OMMANDS 3-149 Default Se tting No mir ror sessio n is define d. When enabl ed, the def ault mirr oring is for bo th receive d and transmit ted packets .
C OMMAND L INE I NTER FA CE 3-150 Default Se tting Shows all session s. Command Mode Privil eged Exec Command Usage This c ommand disp lays the current ly configur ed source p ort, destinat ion port, and mirr o r mode (i.
P ORT T RUNKI NG C OMMANDS 3-151 Guidelines for Creating Trunks • Finis h configur ing po rt trunks b efore yo u connect t he corres ponding networ k cables betwe en switches to avoid creatin g a loop. • A t runk can contain up to eight 1 0/100 Mbps ports or u p to two 1000 Mbps port s.
C OMMAND L INE I NTER FA CE 3-152 port-group Use th is command to add a pr edefined port group to a trunk. Use the no form to remove a port group fr om a tr unk.
P ORT T RUNKI NG C OMMANDS 3-153 Example The fol lowing example creates trunk 1 and then adds port 1 and 13: Console(config)#interface port-channel 1 Console(config-if)#port-group 1 Console(config-if).
C OMMAND L INE I NTER FA CE 3-154.
A-1 A PPENDIX A T ROUBLESHOOTING Troubleshooting Chart Troubleshooting Chart Symptom Action Cannot connect using Telnet, Web browser, or SNMP software • Be sure to have configured the agent with a valid IP address, subnet mask and default gateway. • Be sure that your managemen t station has access to management VLAN (default is VLAN 1).
T R OUBLESHOOTI NG A-2 Cannot access the on-board configuration program via a serial port connection • Be sure to have set the terminal emulator progra m to VT100 compatible, 8 data bits, 1 stop bit, no p ar ity and 9600 bps. • Check that the null-modem serial cable conforms to the pin-out connections provided in Appendix B.
B-1 A PPENDIX B U PGRADING F IRMWARE VIA THE S ERIAL P ORT The s witch contai ns three fi r mware comp onents that can be upgrad ed; the diagn ostics ( or Boot- ROM ) code , runti me ope ratio n code and th e loader code.
U PGRA DING F IR MWAR E VIA THE S ERIAL P ORT B-2 4. When t h e swi t ch in itialization sc reen appears, e nter firmware-do wnload mode by pressin g <Esc> immediate ly after the diag nostic test re sults. Screen te xt similar to that sho wn below di splays: 5.
B-3 9. If us ing Windo ws HyperT erminal, click the “ Tr ansfer” butto n, and the n click “Send File....” Se lect the XModem Protocol an d then use the “Brows e” button to select the required firmware code fi le from your PC system. The “Xmode m file send” windo w display s the prog ress of t he download pr ocedure.
U PGRA DING F IR MWAR E VIA THE S ERIAL P ORT B-4 For exa mple , the foll owin g scre en text sh ows the down load procedu re for a runt ime code file: 13. Set your PC’ s terminal em ulation softwar e baud rate back to 9600 baud. Pr ess <Ente r> to reset communic ations with the switch.
R ESTORING S WITCH D EFAULTS B-5 2. Enter <0> to acce ss the File Manager menu . The following screen will appear: 3. En ter <S > and set th e Factory _Defaul t_confi g.cfg file as the startup configuration file. 4. Ent er <q> and th en <x> to return to t he main me nu.
U PGRA DING F IR MWAR E VIA THE S ERIAL P ORT B-6 5. Ent er <G> to bo ot the sy stem. [0]FileManager: [1]Test Mode Set: [x] Exit ! Enter Selection:x [1]Image Update [2]System Parameters [3]Chang.
Glossary-1 G LOSSARY 10BAS E-T IEEE 802.3 specification for 10 Mbps Ethe r net over two pairs of Category 3, 4, or 5 UTP c able. 100BASE-TX IEEE 802.3u specification for 100 Mbps F ast Ethe rnet over two pairs of Category 5 UTP cable. 1000BAS E-T IEEE 802.
G LOSSA RY Glossary-2 Collision Dom a in Single CSMA/CD LAN segment. CSMA/CD Carrier Sense Multiple Access/Collision De te ct is the communication method employed by Ethernet and Fast Ethernet. Dynamic Host Control Protocol (DHCP) Provides a framework for p assing configuration information to hosts on a TCP/IP network.
G LOSSAR Y Glossary-3 Full D uplex T ransmission method that allows switch and network card to transmit and receive concurrently, effectively doubling the bandwidth of that link.
G LOSSA RY Glossary-4 LANs, and defines a standard way for VL AN s to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of se r vice (QoS) in Ethernet networks. The standard uses packet tags that de fine up to eight traffic classes and allows switches to transmit pac k ets based on the tagged prior ity va lue.
G LOSSAR Y Glossary-5 IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host g r oups to identify IP Multicast group members. Internet Control Message Protocol (ICMP) Commonly used to send echo messages (i .
G LOSSA RY Glossary-6 Management Infor mation B ase (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device.
G LOSSAR Y Glossary-7 into or o ut of the netw ork. Traffic that falls w ithi n the rate lim it is transmi tted, while p ackets th at exceed the acceptable amou nt of traff ic are drop ped.
G LOSSA RY Glossary-8 Virtual LAN (VLAN) A Virtual LAN is a c ollection of network nodes that share the same collision domain regardless of their physical loc ati on or connection point in the network.
C-1 A PPENDIX C P IN A SSIGNME NTS Console Port Pin Assignments The DB -9 serial port on the switch’s front p anel is used to connec t to th e switch fo r out-of-b and consol e configurati on. The on board menu-d riven con figuration program ca n be acces s ed fr om a terminal , or a PC runn ing a terminal emulation prog ram.
P IN A SSIGNM ENTS C-2 DB-9 Port Pin Assignments Console Port to 9-Pin DTE Port on PC Console Port to 25-Pin DTE Port on PC EIA Circuit CCITT Signal Description Switch’s DB9 DTE Pin # PC DB9 DTE Pin # BB 104 RxD (R e ceived Data) 2 2 BA 103 TxD (Transmitted Data) 3 3 AB 102 SGND (Signal Ground) 5 5 No other pins are used.
Index-1 A address table 2-38 B BOOTP 2-13 broadcast storm, threshold 2-34 C Class of Service configuring 2-77 queue mapping 2-77 community string 2-83 configuration settings, saving or restoring 2-22 .
I NDEX Index-2 R RADIUS, logon authentication 2-17 rate limit configuration 2-98 restarting the system 2-24 S serial port configuring 3-61 , 3-68 , 3-86 SNMP community string 2-83 enabling traps 2-84 .
.
38 T esla Irvine, C A 9261 8 Phone: (949 ) 679-800 0 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Canada (2 4 hours a day , 7 da ys a w ee k) (800) SMC-4-YOU; (94 9) 679 -8000; Fax: (949 ) 679- 1481 From E urope (8:00 AM - 5:30 PM UK Time) 44 (0) 118 974 870 0; Fax: 44 (0) 118 974 87 01 INTERNET E-mail a d dre sses: techsupp ort@smc.
An important point after buying a device SMC Networks 10/100 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought SMC Networks 10/100 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data SMC Networks 10/100 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, SMC Networks 10/100 you will learn all the available features of the product, as well as information on its operation. The information that you get SMC Networks 10/100 will certainly help you make a decision on the purchase.
If you already are a holder of SMC Networks 10/100, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime SMC Networks 10/100.
However, one of the most important roles played by the user manual is to help in solving problems with SMC Networks 10/100. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device SMC Networks 10/100 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center