Instruction/ maintenance manual of the product GSW-2692 LevelOne
Go to page of 390
LevelOne GSW-2692 24-Port 10/100M + 2G Combo L2 Stackable Switch User Manual V ersion 1.0-0608.
.
i Contents Chapter 1: Intr oduction 1- 1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5 Chapter 2: Initial Configuratio n 2-1 Connecting to the Switch 2-1 Configuration Opti.
Contents ii Managing F irmware 3-15 Downloading System Software from a Server 3-16 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Setti ngs from a Server 3-19 Console Port S.
Contents iii Enabling LACP on Selected Ports 3-70 Configuring LACP Parameters 3-73 Displaying LACP Port Counters 3-75 Displaying LACP Settings and Status for the Local Side 3-77 Displaying LACP Settin.
Contents iv Mapping DSCP Priority 3-131 Mapping IP Port Priority 3-132 Mapping CoS Values to ACLs 3-133 Multicast Filtering 3-135 Layer 2 IGMP (Snooping and Query) 3-135 Configuring IGMP Snoopin g and.
Contents v General Commands 4-19 enable 4-19 disable 4-20 configure 4-21 show history 4-21 reload 4-22 end 4-22 exit 4-23 quit 4-23 System Management Comma nds 4-24 Device Designation Commands 4-24 pr.
Contents vi clear logging 4-46 show logging 4-47 show log 4-48 SMTP Alert Commands 4-49 loggin g sen d m a i l ho st 4-49 logging sendmail l evel 4-50 logging sendmail source-email 4-51 logging sendma.
Contents vii TACACS+ Client 4-76 tacacs-server host 4-77 tacacs-server port 4-77 tacacs-server key 4-78 show tacacs-server 4-78 Port Security Commands 4-79 port security 4-79 802.
Contents viii snmp-server enable traps 4-106 show snmp 4-107 Interface Comma nds 4-108 interfac e 4-108 description 4-109 speed-duplex 4-109 negotiation 4-110 capabilities 4-111 flowcontrol 4-112 shut.
Contents ix spanning-tree cost 4-142 spanning-tree port-pri ority 4-143 spanning-tree edge-p ort 4-144 spanning-tree portfast 4-145 spanning-tree link-typ e 4-145 spanning-tree protoc ol-migration 4-1.
Contents x Priority Commands (Layer 3 and 4) 4-174 map ip port (Global Configuration) 4-174 map ip port (Interface Configuration) 4-175 map ip precedence (Global Configuration ) 4-175 map ip precedenc.
Contents xi Appendix A: Software Specifications A-1 Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3 Appendix B: Trouble shooting B- 1 Problems Accessing th.
Contents xii.
xiii Tables Table 1-1 Key Featur es 1-1 Table 1-2 System Defau lts 1-5 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-25 Table 3-4 HTTPS System Support 3-40 Table 3-5 802.
T ables xiv Table 4-27 Authentication Commands 4-71 Table 4-28 Authentication Sequence 4-71 Table 4-29 RADIUS Client Comma nds 4-73 Table 4-30 TACACS Commands 4-76 Table 4-31 Port Security Commands 4-79 Table 4-32 802.
xv Figures Figure 3-1 Home Page 3-2 Figure 3-2 Panel Display 3-3 Figure 3-3 System Information 3-8 Figure 3-4 Switch Information 3-10 Figure 3-5 Bridge Extension Configuration 3-11 Figure 3-6 Manual I.
Figures xvi Figure 3-43 LACP Configuration 3-71 Figure 3-44 LACP Port Configuratio n 3-74 Figure 3-45 LACP - Port Counters Information 3-76 Figure 3-46 LACP - Port Internal Info rmation 3-78 Figure 3-.
1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed i n this manual. The default configurati on can be used for most of the featur es provided by this switch.
Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced perf ormance enhancing features. Flow control eliminates the l oss of packet s due to bottlenecks caused by port saturation. Broadcast storm supp ression prevents broadcast traffic sto rms from engulfing the network.
Description of Softwa re Features 1-3 1 Port Mirroring – The switch can unobtrusi vely mirror tr affic fro m any port to a monitor port. Y ou can then att ach a protocol analyz er or RMON probe to this port to perform traf fic analysis and verify connect ion integrity .
Introduction 1-4 1 Vir tual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same col lision domain regardless of the ir physical location or connecti on point in the netwo rk. The switch suppo rts ta gged VLANs based on the IEEE 802.
System Defaults 1-5 1 System Defaults The switch’s system de faults are provided in the configuration file “Factory_Default_Con fig.cfg.” To reset the swi tch defaults, this f ile should be set as the startup config urati on file (page 3-20). The following t able lists some of the basic system defaul ts.
Introduction 1-6 1 Port Config uration Admin Status Enabled Auto-negotiation Enabled Flow Cont rol Disabled Rate Limiting Input and output limits Disabled Port T runking Static T runks None LACP (all .
System Defaults 1-7 1 System Log Status Enabled Messages Logged Levels 0-7 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler En abled (but no serv er defined ) SNTP Clock Synch.
Introduction 1-8 1.
2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in net work management agent. The agent of fers a variety of management option s, including SNMP , RMON and a web-based interface.
Initial Configuration 2-2 2 • Configure Class of Servi ce (CoS) priority queuing • Configure up to 4 static or LACP trunks • Enable port mirroring • Set broadcast storm cont ro l on any port .
Stack Operations 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a net wo rk connection, you must first config ure it with a val id IP address, s ubnet mask, and default gatewa y using a console connection, DHCP or BOOTP protocol .
Initial Configuration 2-4 2 Recovering from Stack Failure or Topology Change When a link or unit in the st ack fails, a trap message is sen t and a failure event is logged. The stack wil l be rebooted after an y system failure or topolog y change. It takes two to three min utes for the stack to reboo t.
Basic Configuration 2-5 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names us ing the “usern ame” command, record them and put them in a safe place. Passwords can consist of up to 8 al phanumeric characters and are case sensit ive.
Initial Configuration 2-6 2 Note: The IP address for this switch is obtained via DHCP by default. Before you can assign an IP address to the swi tch, you must obtain the following information from you.
Basic Configuration 2-7 2 5. W ait a few minutes, and the n check the IP configuration sett ings by typing the “show ip interface” command. Pre ss <Enter>. 6. Then save your conf iguration changes b y typing “copy run ning-config startup-con fi g.
Initial Configuration 2-8 2 T o conf igure a community string, compl ete the following step s: 1. From the Privileged Exe c level global configurat ion mode prompt, type “snmp-server community string mode ,” where “string” is the communi ty ac cess string and “mode” is rw (read/wri te) or ro (read only).
Managing System Fi les 2-9 2 2. Enter the name of the sta rt-up file. Press <En te r>. Managing System Files The switch’s flash memory suppo rts three types of system fil es that can be managed by the CLI program, We b interface, or SNMP .
Initial Configuration 2-10 2.
3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP W eb agent . Using a Web bro wser you can configure the switch and view statistics to moni tor net work activity . The Web agent can be accessed by any computer on the network usi ng a standard W eb browser (Internet Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access t he web-browser interface you must first ente r a user name and password. The administra tor has Read/W rite access to all co nfi gurati on p arameters and stat is tics. Th e defau lt use r name and p assword for the admi nis trator i s “ad min.
Panel Display 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down list. Once a configuration change has been made on a p age, be sure to click on the Apply button to confirm the new setting. The followi ng table summarizes the web page configuration buttons.
Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent, you can define sy stem paramet ers, manage and control the s witch, and all i ts port s, or monitor net work conditions. Th e following table brie fly describes the selection s avai lable from this program.
Main Menu 3-5 3 SSH 3-42 Host-Key Sett ings Gen erates the ho st key pair (public and private) 3-44 Settings Configures Secure Shell s erver settings 3-46 Port Secu rit y Configur e s pe r port secur ity , including st at us , respons e fo r security breach, and maximum allowed MAC addresses 3-47 802.
Configuring the Switch 3-6 3 Input Trunk Configuration Sets the i nput rate limit f or each trunk 3-84 Output Port Configuration Sets the output rate limit for each port 3-84 Output Trunk Configuratio.
Main Menu 3-7 3 Port Information Shows VLAN port type , and associate d primary or secondary VLANs 3-120 Port Configura tion Sets the private VLAN interface type , and associates the interfaces with a.
Configuring the Switch 3-8 3 Basic Configuration Displaying System Information Y ou can easily ident ify the system by displayi ng t he device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system.
Basic Configuration 3-9 3 CLI – S pecify the hostname, loca tion and cont act info rmation. Displaying Switch Hardware/Software Versions Use the Switch Information p age to display hardware/firmware version numb ers for the main board and management software, as well as the power status of the system.
Configuring the Switch 3-10 3 These additional p arameters are displayed for the CLI. • Unit ID – Unit number in stack. • Redundant Power Statu s – Displays the status of the redundant power supp ly. Web – Click System, Switch Information. Figure 3-4 Switch Info rmation CLI – Use the following command to di splay version information.
Basic Configuration 3-11 3 Displaying Bridge Extension Capabilities The Bridge MIB includes ext ensi ons for managed devices that support Multicast Filtering, T raf fic Classes, an d Virtual LANs. Y ou can access these extensions to display default sett ings for the key variables.
Configuring the Switch 3-12 3 CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to con fi gure an IP interface for management access over the network. The IP address for thi s switch is obt ain ed via DHCP by defa ult.
Basic Configuration 3-13 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN through whi ch the management st ation is attached, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gat eway , then click Apply .
Configuring the Switch 3-14 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP serv ices, you can confi gure the swi tch to be dynamically con figured by these s ervices. Web – Click System, IP Configura tion. S pecif y the VLAN to whi ch the management statio n is attached, set the I P Address Mode to DHCP or BOOTP .
Basic Configuration 3-15 3 Web – If the address assigned by DHCP is no longer funct ioning, you will not be able to renew the IP settings via the w e b interface. Y ou can only restart DHCP service via the web interface if the curren t address is still availabl e.
Configuring the Switch 3-16 3 Downloading System So ftware from a Serv er When downloading runtime code, you can specify the destination fil e name to replace the current image, or first download the file using a dif ferent name from the current runtime code fi le, and then set the new file as t he startup file.
Basic Configuration 3-17 3 T o del ete a file se lect System, Fil e, Delete. Sel ect the file name from the give n list by checking the tick box and click Apply .
Configuring the Switch 3-18 3 Saving or Restoring Configuration Settings Y ou can upload/do wnload configuration setti ngs to/from a TFTP server or copy fil es to and from switch unit s in a st ack. The configurati on files can be later do wn loaded to restore the switch’s settings.
Basic Configuration 3-19 3 Downloading Configuration Set tings from a Server Y ou can download the conf igurat ion file un der a new file name and then set i t as the startup fi le, or you can specify the current sta rtup configuration fi le as the destination file to directly replac e it.
Configuring the Switch 3-20 3 CLI – Enter the IP address of the TFTP server , specify the source file on the server , set the sta rtup file name on the switch, and then rest art the switch. T o selec t another configurati on file as the start -up configuration, use t he boot system command and then rest art the switch.
Basic Configuration 3-21 3 • Speed – Sets the t erminal line’ s baud rate f or transmit (to termi nal) and receiv e (from terminal ). Set the s peed to match t he baud rate o f the device conn ected to the serial port.
Configuring the Switch 3-22 3 CLI – Enter Line Configuration mode for the con sole, then specify the conne ction parameters a s required. T o display the current console port sett ings, use the show line comm and fro m the No rmal Exec level. Telnet Settings Y ou can access the onboard conf ig uration pr ogram over t he network using T elnet (i.
Basic Configuration 3-23 3 • Password Threshold – Set s the p assword intrusion threshold, which limits t he number of failed l ogon attempts. When the logon attempt threshold is reached, the system interfa ce becomes silent f or a specified amo unt of time (set by the Silent Time parameter) before al lowing the next log on at tempt.
Configuring the Switch 3-24 3 CLI – Enter Line Configuration mode for a virtu al t erminal, then specify the connection p arameters as required. T o display the current virtual te rmi nal settings, use the show li ne command from t he Normal Exec level.
Basic Configuration 3-25 3 • RAM Level – Limits log messages sav ed to the swi tch’s temporary RAM memory for all levels up to the specified level. For exa mple, if level 7 is specifi ed, all messages from level 0 to level 7 will be logged to RAM.
Configuring the Switch 3-26 3 Remote Log Configuration The Remote Logs pag e allows you to configure the l ogging of messages that are sent to syslog servers or other management stations. Y ou can also limit the error messages sent t o only those messag es below a specifi ed level.
Basic Configuration 3-27 3 CLI – Enter the syslog server host I P address, choose t he facility t ype and set the logging tr ap. Displaying Log Messages The Logs pa ge allows you to scro ll through t he logged sy stem and e vent message s. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.
Configuring the Switch 3-28 3 Sending Simple Mail Transfer Protocol Alerts T o al ert system administ rators of problems, the switch can use SMTP (Simple Mail T ransfer Protocol) to send emai l messages when triggered by log ging events of a specified le vel.
Basic Configuration 3-29 3 Web – Click System, Log, SMTP . Enable SMTP , specify a source email add ress, and select the minimum sev erity level. T o add an IP address to the SMTP Server List, type the new IP address in th e SMTP Server field and click Add.
Configuring the Switch 3-30 3 CLI – Enter the IP addres s of at least one SMTP serv er , set the syslog severity level to trigger an emai l message, and spe cify t he switch (s ource) a nd u p to f iv e recipi ent (destination) e mail addresses. Enable SMTP with the logg ing sendmail command to complete t he configuration.
Basic Configuration 3-31 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allo ws the swit ch to set it s internal clock based on periodic upda tes from a time server (SNTP or NTP). Mainta ining an accurate time on the switch enables the system lo g to record meaningful dates and times for event entries .
Configuring the Switch 3-32 3 CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current ti me and settings. Setting the Time Zone SNTP uses Coordinated Universal T ime (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Eart h’s prime meridian , zero degrees longitude.
Simple Network Manag ement Protocol 3-33 3 Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication protocol designed specifi cally for managing devices on a network. Equipment commonly managed with SNMP i ncludes switches, routers and host computers.
Configuring the Switch 3-34 3 Web – Click SNMP , Configuratio n. Add new communit y strings as required, select the access right s from the Access Mode drop-down list, t hen click Add. Figure 3-22 Configuring SN MP CLI – The following example adds the strin g “spiderman” with read/write access.
User Authentication 3-35 3 Web – Click SNMP , Configuration. Fill in the IP addres s and community string for each trap manager that will receive these messages, specify the SNMP versi on, mark the trap t ypes required, and then click Add .
Configuring the Switch 3-36 3 Command Attributes • Account List – Displays the current list of user account s and associated access levels. (Defaul ts: admin, and guest) • New Account – Displays configuratio n set tings for a new account. - User Name – The name of the user.
User Authentication 3-37 3 Configuring Local/Remote Logon Authentic ation Use the Authenticati on Settings menu to restrict mana gement access based on specified user name s and p asswords. Y ou can manually configure access right s on the switch, or you can use a remote access aut hentication server base d on RADIUS or T ACACS+ protocols.
Configuring the Switch 3-38 3 Command Attributes • Authentication – Select the authenticatio n, or authentication sequen ce required: - Local – User authentica tion is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server onl y.
User Authentication 3-39 3 Web – Click Security , Authent ication Setti ngs. T o configure local or remote authenticati on pref erences, specify the authenti cation sequence (i.e., one to three methods), fill in the parame te rs fo r RADI US o r T ACACS+ authentica ti on if sel e ct ed , and click Apply .
Configuring the Switch 3-40 3 Configuring HTTPS Y ou can configure the switch t o enable the Secure Hypertext T ransf er Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to th e switch’s we b int erface.
User Authentication 3-41 3 Web – Click Security , HTTPS Sett ings. Enable HTTPS a nd speci fy th e port number , then click Appl y . Figure 3-26 HTTPS Setti ngs CLI – This example enables the HTTP secu re server and modifies the port number .
Configuring the Switch 3-42 3 Configuring the Secure Shell The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments.
User Authentication 3-43 3 3. Import Client’ s Public Key to the Switch – Use the copy t f tp publ ic-key command (page 4-65) to copy a file contai nin g the public key for all the SSH client’ s granted management acces s to the switch.
Configuring the Switch 3-44 3 Generating the Host Key Pair A host public/pri vate key p air is used to provide secure communicati ons betwe en an SSH client and the switch.
User Authentication 3-45 3 Web – Click Security , SSH, Host-Key Setti ngs. Select the host-k ey type from the drop-down box, select the optio n to save the host key from memory to fla sh (if required) prior t o generating the key , and then click Generate.
Configuring the Switch 3-46 3 Configuring the SSH Server The SSH server incl udes basic sett ings for authe ntication. Field Attributes • SSH Server St atu s – Allows you to enable/ disable t he SSH server on th e switch. (Default: Disa bled) • Version – The Secure Shell vers ion number.
User Authentication 3-47 3 CLI – This exampl e enables SSH, set s the authen tication p arameters, and displa ys the current configuration. It shows that th e admini strato r has made a conne cti on via SHH, and then disables th is connection.
Configuring the Switch 3-48 3 • If a port is disabled (shut down) due to a security violation, it mus t be manu ally re-enabled from the Port/Port Confi gurat ion page (page 3-66). Command Attributes •P o r t – Port number. • Name – Descriptive text (page 4-109).
User Authentication 3-49 3 Configuring 802.1X Port Auth entication Network switches can provide open and easy access to net work resources by simply att aching a client PC.
Configuring the Switch 3-50 3 • The RADIUS server and clie nt a lso have t o su pport th e same EAP authe nticat i on type – MD5. (Some clients have native sup port in Windows, otherwise the dot1 x client must support i t.) Displaying 802.1X Global Settings The 802.
User Authentication 3-51 3 Configuring 802.1X Global Settin gs The 802.1X proto col provides client authentication . Command Attributes • 802.1X System Auth entication Control – Set s the global settin g for 802. 1X. (Default: Disabl ed) Web – Select Security , 802.
Configuring the Switch 3-52 3 • Max-Req – Sets the maximum number of times the swit ch port will retransmit an EAP request packet to the clie nt before it times out the aut hentication sessio n.
User Authentication 3-53 3 CLI – This example set s the 802.1X paramete rs on port 2. For a description of the additional fields displa yed in this exampl e, see “show dot1 x” on page 4-86 .
Configuring the Switch 3-54 3 Displaying 802.1X Statistics This switch can display st atistics for do t1x protocol exc hanges for any po rt. T able 3-5 802.1X Statistics Parameter Descripti on Rx EAPOL Start The number of EAPOL Start frames that have been rec eived by this Authenticat or .
User Authentication 3-55 3 Web – Select Security , 802.1X, S tatistics. Se lect the require d port and then click Query . Click Refresh to update the st atistics. Figure 3-33 802.1X Port Statistics CLI – This example displays the 802. 1X statistics fo r port 4.
Configuring the Switch 3-56 3 • IP address can be configured for SNMP, web and Telnet access respect ively. Each of these groups can include up to five dif ferent sets of ad dresses, eit her individual addresses or address ranges. • When entering addresses fo r the same group (i.
Access Control Li sts 3-57 3 CLI – This example allows SNMP access for a specific cli ent. Access Control Lists Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type).
Configuring the Switch 3-58 3 3. Explicit default ru le (permit any any) in the ingre ss IP ACL for ing ress ports. 4. Explicit default ru le (permit any any) in the ingress MAC ACL for ingress port s. 5. If no explicit rule is mat ched, the implicit defa ult is permit all.
Access Control Li sts 3-59 3 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules.
Configuring the Switch 3-60 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules.
Access Control Li sts 3-61 3 Web – S pecify the action (i. e., Permit or Deny). S peci fy the source and/or destination addre sses. Select the address type (Any , Host, or IP). If you select “Host,” enter a specific addre ss. If you select “IP ,” enter a subnet address and the mask for an address range.
Configuring the Switch 3-62 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destinatio n Address Ty pe – Use “Any.
Access Control Li sts 3-63 3 Binding a Port to an Access Control List After configurin g Access Control Lists (ACL), you should bi nd them to the ports that need to filter traf fic. Y ou can assi gn one IP access list to any port, but you can only assign one MAC access li st to all the port s on the switch.
Configuring the Switch 3-64 3 CLI – This example assigns an IP and MAC access list to port 1, an d an IP access list to port 3. Port Configuration Displaying Connection Status Y ou can use t he Port.
Port Configuration 3-65 3 Web – Click Port, Port In fo rma ti o n or T runk Inform at io n . Figure 3-40 Displayi ng Port/Trunk Information Field Attributes (CLI ) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 100 0BASE-T, or SFP) • MAC address – The physical layer address for this port.
Configuring the Switch 3-66 3 • Max MAC count – Shows the maximum number of MAC address that can be learned by a p ort. (0 - 1024 addresse s) • Port security action – Shows the response to take when a security viol ation is detected.
Port Configuration 3-67 3 • Flow Control – Allows automatic or manual selection of fl ow cont rol. • Autonegotiation (Port Capabili ties) – Allows auto-n egotiation to be enabl ed/ disabled. When auto -negotiation is enabl ed, you need to specify the capa bilities to be advertised.
Configuring the Switch 3-68 3 CLI – Select the interface, and the n enter the required settings. Creating Trunk Groups Y ou can create multipl e li nks between devices that work as one virt ual, aggregate link.
Port Configuration 3-69 3 • The ports at both ends of a trunk must be configured in an identic al mann er, including communi cation mode (i .e., sp eed, duplex mo de and fl ow control), VLAN assignments, and Co S settings. • All the ports in a trun k have to be treated as a whole when move d from/to, added or deleted from a VLAN.
Configuring the Switch 3-70 3 CLI – This example creates trunk 2 wi th ports 1 and 2. Just conne ct these ports to two stati c trunk ports on ano ther switch to form a tru nk.
Port Configuration 3-71 3 Command Attributes • Member List (Current) – Shows configured trunks (Unit, Port). • New – Includes entry fields f or creating new trunks. - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) Web – Click Port, L ACP , Configuration.
Configuring the Switch 3-72 3 CLI – The followi ng example enables LACP for ports 1 t o 6. Just connect these ports to LACP-enabled trunk port s on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-108 Console(config-if)#lacp 4-125 Console(config-if)#exit .
Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must me et the followin g criteria: • Ports must have the same LACP Sy stem Priority. • Ports must have the same LACP port Admin Key.
Configuring the Switch 3-74 3 Web – Click Port, L ACP , Aggregation Port. Set the System Priority , Admin Key , and Port Priority for the Port Actor .
Port Configuration 3-75 3 CLI – The following example configures LACP p arameters for port s 1-4. Ports 1-4 are used as active members of the LAG . Displaying LACP Port Counters Y ou can display st atistics for LACP protocol mess ages .
Configuring the Switch 3-76 3 Web – Click Port, LACP , Port Counters Inf ormation. Select a member port to display the corresponding info rmation. Figure 3-45 L ACP - Port Counter s Information CLI – The following example displ ays LACP counters.
Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side Y ou can display confi gurat ion settings and the operati onal state for th e loca l side of an link aggrega tion. T able 3-7 LACP Internal Configuration Informat ion Field Description Oper Key Current operational value of the key for the aggregation port.
Configuring the Switch 3-78 3 Web – Click Port, LACP , Port Internal Informati on. Select a port channel to di spl ay the corresponding info rmation. Figure 3-46 LACP - Port Internal Infor mation CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the local side of port channel 1.
Port Configuration 3-79 3 Displaying LACP Set tings an d Status for the Remote Side Y ou can display configurat ion settings and the operati onal state for the remote side of an link aggregat ion. Web – Click Port, L ACP , Port Neighbors In formation.
Configuring the Switch 3-80 3 CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the remote s ide of port channel 1.
Port Configuration 3-81 3 Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malf unctioning, or if application programs are no t well designed or properl y configured. If there is too much broadcast traf fic on your network, perfo rmance can be severely degraded or everything c an come to complete halt.
Configuring the Switch 3-82 3 CLI – S pecify any int erface, and then enter the thres hol d. The following disables broadcast storm contro l for port 1, and then set s broadcast suppressi on at 600 octets per seco nd for port 2 (which applies to all po rts).
Port Configuration 3-83 3 • Target Unit – The unit whose port will “duplica te” or “mirror” the traffic on the source port. • Target Port – The port that will mi rror the traffic o n the source port. Web – Click Port, Mirror Port Configuration.
Configuring the Switch 3-84 3 Rate Limit Granul arity Rate limit granulari ty is an additional fe atu re enabling the network manager great er control over traf fic on the network. The “rate li mit granularity” is multiplie d by the “rate limit level” (p age 3-84) to set the actual rate limit for an interface.
Port Configuration 3-85 3 Web – Click Port, Rate Limit, Input/Output Port/T runk Configuration. Enable the Rate Limit S tatus for the required interfaces, set th e Rate Limit Level, and cli ck Apply .
Configuring the Switch 3-86 3 T able 3-9 Po rt Statis tics Parameter Description Interface Stat istics Received Octets The total number of octets received on the interface, in cluding framing characters. Received Unicast Pack ets The number of subnetwo rk-unica st packets delivered to a highe r-layer protocol.
Port Configuration 3-87 3 Excessive Collisions A count of frames for which tr ansmission on a particular interfac e fails due to excessiv e collisions.
Configuring the Switch 3-88 3 Fragments The total number of frames received that were less than 64 octets in length (excluding framing bit s, but including FCS octe ts ) and had either an FCS or alignment error .
Port Configuration 3-89 3 Web – Click Port, Port S tatistics. Sel ect the required int erface, and click Query . Y ou can also use the Refresh butt on at the bottom of the p age to update the screen.
Configuring the Switch 3-90 3 CLI – This example shows stat istics for port 13. Address Table Settings Switches store th e addresses for al l known devices. Thi s information is used to pa ss traff ic directly between the inboun d and outbound ports.
Address T able Settings 3-91 3 Web – Click Address T able, S tatic Ad dresses. S pecify th e interface, the MAC address and VLAN, then click Add S tatic Address. Figure 3-53 Configurin g a Static Address Table CLI – This exampl e adds an address to the st atic address t able, but set s it to be deleted when t he switch is reset.
Configuring the Switch 3-92 3 Web – Click Address T able, Dynamic Add resses. S pecify the search type (i.e., mark the Interfac e, MAC Ad dress, or VLAN checkbox), select the met hod of sorting the displayed addresses, and the n click Query .
Spanning Tree Algorithm Configuration 3-93 3 Changing the Aging Time Y ou can set the aging ti me for entries in the dynamic add ress table. Command Attributes • Aging Status – Enables/disables the funct ion. • Aging Time – The time after which a learned entry is di scarded.
Configuring the Switch 3-94 3 Once a st able network topolo gy has been est ablished, al l bridges listen for Hello BPDUs (Bridge Protocol Data Unit s) transm itt ed from the Root Bridge. If a brid ge does not get a Hello BPDU af ter a predefined interval (Maximum Age), t he brid ge assumes that the link to th e Root Bridge is down.
Spanning Tree Algorithm Configuration 3-95 3 information that would make it return to a discard ing state; othe rwise, temporary data loops mi ght result. • Designated Root – The priority and MAC address of th e device in the Spanning Tree that this switch has accep ted as the root device.
Configuring the Switch 3-96 3 Web – Click S panning T ree, ST A, Informatio n. Figure 3-56 Displaying Spa nning Tree Information CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network.
Spanning Tree Algorithm Configuration 3-97 3 Configuring Global Settings Global setti ngs apply to the entire switch. Command Usage • Spanning Tree Protoco l* Uses RSTP for the internal stat e machine, but sends only 802.
Configuring the Switch 3-98 3 • Maximum Age – The maximum time (in sec onds) a device can wait without receiving a configurat io n message before attempting to reconfigure. All device ports (except for designated port s) should receive configuration messag es at regular inte rv als.
Spanning Tree Algorithm Configuration 3-99 3 Web – Click S p anni ng T ree, ST A, Configuration. Modify the required attributes, and click Apply . Figure 3-57 Config uri ng Spanning Tree CLI – This example enables S panning T ree Protocol, s et s the mode to RSTP , and then configures the ST A and RSTP parameters.
Configuring the Switch 3-100 3 Displaying Interface Settings The ST A Port Information and ST A Trunk I nformation pag es display the current status of ports an d trunks in th e S pann ing T ree. Field Attributes • Spanning Tr ee – Shows if STA has been enabled on th is in terface.
Spanning Tree Algorithm Configuration 3-101 3 • Trunk Member – Indicates if a port is a member of a tr unk. (STA Port Information only) These additional p arameters are only displayed fo r the CLI: • Admin status – Shows if this interface is enabled.
Configuring the Switch 3-102 3 • Admin Edge Port – You can enable this option if an int erface is attached to a LAN segment that is at th e end of a bridged LAN or to an end node. Since end nodes cannot cause f orwarding loops, they c an pass directly through t o the spanning tree forwarding state.
Spanning Tree Algorithm Configuration 3-103 3 Configuring Interface Settings Y ou can configure RSTP attributes for s pecific interfa ces, including po rt priority , pat h cost, link type, and edge port.
Configuring the Switch 3-104 3 • Admin Link Type – The link type attached to this interface. - Point-to-Point – A connection to exac tly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines i f th e interface is attached to a point-to-point link or to s hared media.
VLAN Configuration 3-105 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to iso late broadcast traff ic for each subnet into separate d omains. Th is switch provides a similar s ervice at Layer 2 by using VLANs to organize any group of network nod es into separate broadcast domains.
Configuring the Switch 3-106 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN- unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tag ging.
VLAN Configuration 3-107 3 these host s, and core switches in the network, enabl e GVRP on the links between these devices. Y ou should also determine security boundaries in th e network and disable GVRP on the boundary port s to prevent advertisement s from being propagated , or forbid those ports from jo in ing restricted VLANs.
Configuring the Switch 3-108 3 Enabling or Disab ling GVRP (Global Setting) GARP VLAN Registration Prot oco l (GVRP) defines a way for switches to exchange VLAN information in order to registe r VLAN members on ports across the network.
VLAN Configuration 3-109 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current T abl e shows t he current port members of each VLAN and whether or not the port supp orts VLAN t agging. Port s assigned to a large VLAN group that crosses several switches sh ould use VLAN tagging.
Configuring the Switch 3-110 3 Web – Click VLAN, 802.1Q VLAN, Current T able. Select any ID from t he scroll-down list. Figure 3-62 Disp laying Current VLANs Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no lea din g zeroes). • Type – Shows how this VLAN was added to the switch.
VLAN Configuration 3-111 3 Creating VLANs Use the VLAN S tat i c List to create or remove VLAN groups. T o propagate information abo ut VLAN group s used on this switch to ex ternal network de vices, you must specify a VLAN ID for each of thes e groups.
Configuring the Switch 3-112 3 CLI – This example creates a new VLAN. Adding Static Members to VLANs (VLAN Index) Use the VLAN S tat ic T able to con figure port members for the selected VL AN index. Assign ports a s t agged if they are co nnect ed to 802.
VLAN Configuration 3-113 3 • Membership Type – Select VLAN membership for each int erface by marking the appropriate radio button fo r a port or trunk: - Tagged : Interface is a member of the VLAN. All packet s transmitted by the port will be tagged, th at is, carry a t ag and t herefore c arry VLAN or CoS i nfo rmation.
Configuring the Switch 3-114 3 Adding Static Members to VLANs (Port Index) Use the VLAN S tat ic Membership by Port menu to assi gn VLAN groups to the selected interfa ce as a tagged member . Command Attributes • Interface – Port or trunk identif ier.
VLAN Configuration 3-115 3 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN beh avior fo r specifi c inte rface s, includi ng the d efaul t VLAN identifier (PVID), acce pted frame types, in gress fi ltering, GVRP status, and GARP timers.
Configuring the Switch 3-116 3 • GARP Leave Timer 10 – The interval a port waits before leav ing a VLAN group. This time shoul d be set to more than t wice the joi n time. This ensures that afte r a Leave or LeaveAll message has be en issued, t he applicants can rejoin before the port actually leave s the group.
VLAN Configuration 3-117 3 CLI – This exampl e set s port 3 to accept only t agged frames, assi gns PVI D 3 as th e native VLAN ID, enabl es GVRP , set s the GARP timers, and then se t s the switchport mode to hybrid. Private VLANs Private VLANs provide port-based security and isolation between p orts within the a ssigned VLAN.
Configuring the Switch 3-118 3 2. Use the Private VLAN Port Configurati on men u (page 3-121) to set the port type to promis cuous (i.e., the single channel t o the external network), or isolated (i.e., havi ng acc ess only to the promiscuous port in it s own VLAN).
VLAN Configuration 3-119 3 Configuring Private VLANs The Private VLAN Configuratio n pa ge is us ed to create/ remove primary , community , or isolated VLANs.
Configuring the Switch 3-120 3 Web – Click VLAN, Priva te VLAN, Associatio n. Sele ct the required prima ry VLAN from the scroll -down box, highlight one or more community VLANs in the Non-Association list bo x, and click Add to associate th ese entries with the select ed primary VLAN.
VLAN Configuration 3-121 3 Web – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private VLAN Port Info rmatio n CLI – This example shows the switch configured wit h prima ry VLAN 5 and community VLAN 6.
Configuring the Switch 3-122 3 • Community VL AN – A community VLAN conveys traffi c between community ports, and fro m community ports to thei r desig nated promiscuous port s. Set PVLAN Port T ype to “Host,” and then specif y the associated Community VLAN.
Class of Service Conf iguration 3-123 3 Class of Service Configuration Class of Service (CoS) al lows you to specif y which data packet s have greater precedence when traf fic is buf fered in the switc h due to congestion. Thi s switch supports Co S with four priority queu es for each port.
Configuring the Switch 3-124 3 Web – Click Priority , Default Port Priority or Defau lt T runk Priority . Modify the default priority for an y interface, then cli ck Apply . Figure 3-72 Po rt Priority Configuration CLI – This example assigns a defau lt priority of 5 to port 3.
Class of Service Conf iguration 3-125 3 Mapping CoS Values to Egress Que ues This switch processe s Class of Service (CoS) p riority tagge d traffi c by using four priority queues for each port, wit h servi ce schedules based on strict or We ighted Round Robin (WRR).
Configuring the Switch 3-126 3 Web – Click Priority , T raff ic Classes. The current mapping of CoS val ues t o output queues is displayed. Assign priorities to the traf fic classes (i.
Class of Service Conf iguration 3-127 3 Selecting the Queue Mode Y ou can set the switch to servi ce the queues based on a strict rule that requi res all traff ic in a higher pri ority queue to be processed before l ower priority queues a re serviced, or use W eighted Round-Robin (WRR) queuin g that specifies a relative weight of each queue.
Configuring the Switch 3-128 3 Web – Click Priorit y , Queue Sc hedu li ng. Hi ghl igh t a traf fic class (i .e., ou tpu t que ue), enter a weight, th en click Apply . Figure 3-75 Configuring Queue Scheduling CLI – The following example sho ws how to assign WRR weight s to each of the priority queues.
Class of Service Conf iguration 3-129 3 Selecting IP Precedence/DSCP Prio rity The switch allows you to choose betwe en using IP Precedence or DSCP priority . Select one of the methods or disabl e this feature. Command Attributes • Disabled – Disables both priority service s.
Configuring the Switch 3-130 3 Web – Click Priority , IP Precedence Priority . Select an entry from the IP Preceden ce Priority T able, enter a value i n the Class of Service V alue f ield, and then cl ick Apply .
Class of Service Conf iguration 3-131 3 Mapping DSCP Priority The DSCP is six bits wide , allowing coding for up to 64 dif ferent forwarding behaviors. The DSCP replaces the T oS bits, but it retain s backward compatibili ty with the three precede nce bits so that non-DSCP co mpliant, T oS-enabled devices, will not conflic t with the DSCP mapping.
Configuring the Switch 3-132 3 CLI – The following example global ly enables DSCP Priority service on t he swit ch, maps DSCP value 0 t o CoS value 1 (o n port 1), and the n displays th e DSCP Priority settings.
Class of Service Conf iguration 3-133 3 Click Priority , IP Port Priorit y . Enter the port number for a network application in t he IP Port Number box and the new CoS value in the Cla ss of Service box, and then click Apply .
Configuring the Switch 3-134 3 Command Attributes • Port – Port identifier. • Name 15 – Name of ACL. • Type – Type of ACL (IP or MAC). • CoS Pr iority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) • ACL CoS Prior ity Mapping – Displays the configured information.
Multicast Filt ering 3-135 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconf erencing or streaming audio.
Configuring the Switch 3-136 3 Configuring IGMP Sn ooping and Query P arameters Y ou can configure the switch t o forward multicast traff ic intelligently . Based on the IGMP query and report messages, th e switch forwards traf fic only to the port s tha t request multicast tr affic.
Multicast Filt ering 3-137 3 Web – Click IGMP Snooping, IGMP Configu ration. Adjust the IGMP set tings as required, and then clic k Apply . (The default settings are shown below .) Figure 3-82 IGMP Configura tion CLI – This exampl e modifies the se ttings for mul ticast filt ering, and then di splays the current st atus.
Configuring the Switch 3-138 3 Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Multicast Router List – Multicast routers dynamically discovered by this swit ch or those that are statical ly assigned to an interfa ce on this switch.
Multicast Filt ering 3-139 3 Web – Click IGMP Snoopi ng, S tatic Multicast Router Port Config uration. S pecify the interfaces att ached to a mult icast router , indicate the VLAN which will forward al l the corresponding mult icast traf fic, and then click Add.
Configuring the Switch 3-140 3 Displaying Port Members of Multicast Se rvices Y ou can display the port members associ ated with a specified VLAN and multica st service. Command Attributes • VLAN ID – Selects the VLAN for which to display port members.
Multicast Filt ering 3-141 3 Assigning Ports to Multicast Services Multicast f iltering can b e dynamically co nfigured usin g IGMP Snooping an d IGMP Query messages as described in “Config uring IGMP snooping and Query Parameters” on page 3 - 133.
Configuring the Switch 3-142 3 CLI – This example assigns a multic ast address to VLAN 1, and then disp lays all the known multicast services suppo rted on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.1.1.12 ethernet 1/12 4-182 Console(config)#exit Console#show mac-address-table multicas t vlan 1 4-184 VLAN M'cast IP addr.
4-1 Chapter 4: Command Line Interface This chapter descri bes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interface f.
Command Line Interfa ce 4-2 4 Note: The IP address for this switch is obtained via DHCP by default. T o access t he switch through a T elnet session, you must first set the IP address for the Master unit, and set the default gateway if you are managing the switch from a different IP subnet.
Entering Commands 4-3 4 Entering Commands This section describes how to ent er CLI commands. Keywords and Arguments A CLI command is a series of keywords an d arguments.
Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will displa y the first level of keywords for the current command class (Normal Exec or Privil eged Exec) or configuration cl ass (Global, ACL, Interface, Line or VLAN Dat abase).
Entering Commands 4-5 4 Partial Keyword Lookup If you terminat e a partial keyword with a qu estion mark, alternati ves that match t he initial letters are provi ded. (Remember not to leave a sp ace between the command and question mark.) For exampl e “ s? ” shows all the keywords starti ng with “s.
Command Line Interfa ce 4-6 4 Exec Commands When you open a new console session on the swit ch wit h the user name and password “guest,” the system enters the Normal Exec command mod e (or guest mode), displaying th e “Console>” command prompt.
Entering Commands 4-7 4 T o ent er the Global Configurati on mode, ente r the command configure in Privileged Exec mode. The s ystem prompt will change to “Consol e(config)#” which gives you access privilege to all Global Configuration comma nds. T o ente r the other modes, at the confi guration prompt type one of the fo llowing commands.
Command Line Interfa ce 4-8 4 Command Line Processing Commands are not case sensitive . Y ou can abbreviate commands and p arameters as long as t hey conta in enough letters to diff erentiate them f rom any other curre ntly available comma nds or paramet ers.
Command Groups 4-9 4 Command Groups The system commands can be broken down into the functiona l groups shown bel ow . The access mode shown in the followi ng tables is indic ated by these abbreviati o.
Command Line Interfa ce 4-10 4 Line Commands Y ou can access the onboard config uration program b y attaching a VT100 compatib le device to the server’s serial port. These commands are used to set communication p arameters for the serial port or T elnet (i.
Line Comma nds 4-11 4 Command Usage T elne t is considered a virtual terminal connection and wil l be shown as “Vty” in screen displays such as show users . However , the serial communication paramet ers (e.g., dat abits) do not af fect T elnet connections.
Command Line Interfa ce 4-12 4 Example Related Commands username (4-26) password (4-12) password This command specifies the password for a line. Use the no form to rem ove the password.
Line Comma nds 4-13 4 timeout login response This command sets th e interval that the system waits for a user to log into the CLI. Use the no form to restore the default. Syntax timeout l ogin respons e [ seconds ] no timeout lo gin response seconds - Integer that specifies the timeout interval.
Command Line Interfa ce 4-14 4 Command Mode Line Configuration Command Usage • If user input is detec ted within the timeout int erval, the session is kept open ; otherwise the sessi on is terminated. • This command app lies to both the local consol e and Telnet con nections.
Line Comma nds 4-15 4 Related Commands silent-ti me (4-15) timeout login response (4-13) silent-time This command sets th e amount of time the management cons ole is inaccessible after the nu mber of uns uccessful logon atte mpt s exceeds the threshold set by the p assword-thresh command.
Command Line Interfa ce 4-16 4 Command Usage The databi ts command can be used to mask t he high bit o n input from devices that generat e 7 data bit s with parity . If p arity is being gene rated, specify 7 dat a bits pe r character . If no parity is re quired, specify 8 d ata bit s per character .
Line Comma nds 4-17 4 speed This command sets th e terminal line’ s baud rate. This command set s both the transmit (to t erminal) an d receive (f rom terminal) sp eeds. Use t he no form to restor e the default sett in g. Syntax speed bps no speed bps - Baud rate in bits per second.
Command Line Interfa ce 4-18 4 disconnect This command termina tes an SSH, T elnet, or console con nection. Syntax disconnec t session-id session-id – The session identifier for an SSH, T elnet or console connection.
General Comma nds 4-19 4 Example T o sh ow all lines, enter this command: General Commands enable This command activates Pri v il eged Exec mode. In privileged mode, add itional commands are avail able, and cert ain command s display addi tional informat ion.
Command Line Interfa ce 4-20 4 Default Setting Level 15 Command Mode Normal Exec Command Usage • “super” is the def ault password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on p age 4-27.
General Comma nds 4-21 4 configure This command activates Globa l Configuration mode. Y ou must enter this mode to modify any settings on the switch. Y ou must also enter Global Config uration mode prior to enabling some of the oth er configuration modes, incl uding Interface Configuration, Line Conf iguration, and VLAN Dat abase Configuration .
Command Line Interfa ce 4-22 4 The ! command repeats commands from the Execution command history buf fer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command hist ory buffer when you are in any of the configuration modes.
General Comma nds 4-23 4 exit This command returns to the previous conf iguration mode or exit the confi guration program. Default Setting None Command Mode Any Example This example shows how to return to the Pri vileged Exec mode from the Global Configuration mode, and then quit the CLI session : quit This command exit s the configuration program.
Command Line Interfa ce 4-24 4 System Management Commands These commands are used to control system l ogs, passwords, user n ames, browser configuration options, and di splay or confi gure a variety of other system information. Device Designation Commands prompt This command customi zes the CLI prompt.
System Management Comma nds 4-25 4 Example hostname This command specifies or modif ies the host name for this device . Use the no form to restore the de fault host name.
Command Line Interfa ce 4-26 4 username This command adds named users, requi res aut hentication at logi n, specifies or changes a user's pas swo rd (o r sp eci fy that no p assword is requ ired), or specifi es or changes a user's a ccess level.
System Management Comma nds 4-27 4 enable password After initiall y logg ing onto the system, you should se t the Privil eged Exec p asswo rd. Remember to record it in a safe place. Thi s command controls access to the Privileged Exec level f rom the Normal Exec level.
Command Line Interfa ce 4-28 4 IP Filter Commands management This command specif ies the cli ent IP addresses that are allowed mana gement access to the switch through various protocols.
System Management Comma nds 4-29 4 Example This example re stricts ma nagement access to t he indicated add resses. show managem ent This command displays the cli ent IP addresses that are allowed management access to the swi tch through various protocols.
Command Line Interfa ce 4-30 4 Web Server Commands ip http port This command specifies the TCP port number used by t he web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface.
System Management Comma nds 4-31 4 Example Related Commands ip http port (4 -3 0) ip http secure-server This command enables the secure hype rtext transfer protocol (HTTPS) over th e Secure Socket Layer (SSL), providing se cure access (i.e., an encrypt ed connection) to the switch’ s web interface.
Command Line Interfa ce 4-32 4 Example Related Commands ip http secure-port (4 -32) copy tf tp https-certi ficate (4-65) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’ s web interface. Use the no form to restore the default po rt.
System Management Comma nds 4-33 4 Telnet Server Commands ip telnet port This command specifi es the TCP port number used by t he T elne t interface. Use the no form to use the default port . Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface.
Command Line Interfa ce 4-34 4 Related Commands ip telnet port (4 -33) Secure Shell Commands The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments.
System Management Comma nds 4-35 4 The SSH server on this switch suppo rts both pas sword and public key authenticati on. If p assword authenticatio n is specified b y the SSH client, then the passwor.
Command Line Interfa ce 4-36 4 corresponding t o the public keys stored on t he switch can gai n access. The following exch anges take pl ace during this p rocess: a. The client sends it s public key to the switch. b. The switch compar es the client's public key to those st ored in memory .
System Management Comma nds 4-37 4 ip ssh timeout This command config ures the timeout for t he SSH server . Use the no form to restore the default sett in g. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation.
Command Line Interfa ce 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key size This command sets the SSH serve r key size. Use the no form to restore the default setting. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server k ey .
System Management Comma nds 4-39 4 Example ip ssh crypto host-key generate This command generates the host key p air (i.e., public and pri vate). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) ke y type.
Command Line Interfa ce 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from vol atile memory (RAM). Use the no ip ssh save host-key command to clear the host key from f lash memory. • The SSH server must be disabl ed before you can execute this command.
System Management Comma nds 4-41 4 Example show ssh This command displays the current SSH server connect ions. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.
Command Line Interfa ce 4-42 4 show public-key This command shows the public key fo r the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys.
System Management Comma nds 4-43 4 Event Logging Commands logging on This command controls logging of error messag es, sending debug or error messages to switch memory .
Command Line Interfa ce 4-44 4 logging history This command limi ts syslog mes sages saved to s witch memory based o n severity . The no form return s the logging of syslog messages to the default level. Syntax logging histo ry { flash | ram } leve l no logging history { flash | ram } • flash - Event hist ory stored in flash memory (i.
System Management Comma nds 4-45 4 logging ho st This command adds a syslog server host IP address that wi ll receive logging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server .
Command Line Interfa ce 4-46 4 logging tra p This command enables the logging of system messages to a remote server , or limits the syslog messages saved to a remote server based on severity . Use this command without a specif ied level to enable re mote logging.
System Management Comma nds 4-47 4 Related Commands show logging (4-47) show logging This command displays the conf iguration settings fo r logging messages to loca l switch memory , to an SMTP event handler , or to a remote syslog server .
Command Line Interfa ce 4-48 4 The following example dis plays settings for the trap fun ction. Related Commands show logging s endmail (4-52) show log This command displays the system and event messages stored in memory . Syntax show log { flash | ram } [ login ] [ tai l ] • flash - Event hi story stored in fl ash memory (i.
System Management Comma nds 4-49 4 Example The following example shows sampl e messages stored in RAM. SMTP Alert Commands These commands configure SMTP event handl ing, and forwarding of alert messages to th e specified SMTP serv ers and email reci pients.
Command Line Interfa ce 4-50 4 Command Mode Global Configurat ion Command Usage • You can specify up to three SMTP servers for event han din g. However, you must enter a separate command to speci fy each server.
System Management Comma nds 4-51 4 logging sendmail source- email This command sets th e email address used for the “From” field in al ert messages. Use the no form to delet e the source emai l address. Syntax [no] logging se ndmail sour ce-email email-address email-address - The source email address used in alert messages.
Command Line Interfa ce 4-52 4 logging s endmail This command enables SMTP even t hand ling. Use the no form to disable this function. Syntax [ no ] loggin g sendmail Default Setting Enabled Command Mode Global Configurat ion Example show logging sendmail This command displ ays the settings for the SMTP event handl er .
System Management Comma nds 4-53 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP). Maintaini ng an accurate time on the switch ena bles the system log to record meaningful dates and t imes for event entries.
Command Line Interfa ce 4-54 4 Example Related Commands sntp server (4-54) sntp poll (4 -55) show sntp (4-55) sntp server This command sets th e IP address of the se rvers to which SNTP time request s are issued. Use the this comman d with no arguments to clear all time servers from the current list.
System Management Comma nds 4-55 4 sntp poll This command sets th e interval between send ing time requests wh en the switch is set to SN TP client mode. Use the no f orm to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
Command Line Interfa ce 4-56 4 clock timezone This command sets th e time zone for the switch’ s internal clock. Syntax clock timezone name hour hours mi nute minutes { before-utc | af ter-utc } • name - Name of timezone, usua ll y an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC.
System Management Comma nds 4-57 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the syste m clock to 15:12:34, April 1st, 2004.
Command Line Interfa ce 4-58 4 Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The unit ID is displayed using the port status LED in dicators for ports 1 to 8. When the light unit command is ent ered, the LED corresponding to the switch’ s ID will flash for about 15 seconds.
System Management Comma nds 4-59 4 Example Related Commands show running-confi g (4-60) Console#show startup-config building startup-config, please wait.
Command Line Interfa ce 4-60 4 show running-con fig This command displays the conf ig uration information curre ntly in use. Default Setting None Command Mode Privileged Exec Command Usage • Use thi.
System Management Comma nds 4-61 4 Example Related Commands show startup-con fig (4-58) Console#show running-config building running-config, please wait... .. ! phymap 00-90-cc-55-44-32 00-00-00-00-00 -00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00- 00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.
Command Line Interfa ce 4-62 4 show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this command, refer to “Displayi ng System Information” on page 3-8.
System Management Comma nds 4-63 4 Command Usage The session used to execute this comman d is indicated by a “*” symbol next to the Line (i.e., sessi on) index number . Example show version This command displ ays hardware and sof twa re version information for the system.
Command Line Interfa ce 4-64 4 Example Frame Size Commands jumbo frame This command enables suppo rt for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled.
Flash/File Co mmands 4-65 4 • Enabling jumbo frames will limit the maximum threshold for broad cast storm control to 64 packets pe r second. (See the switchport broadcast co mmand on page 4-114.) • The current settin g for jumbo frames can b e displayed with t he show system command (page 4-62).
Command Line Interfa ce 4-66 4 • public-key - Keyword that allows you to copy a SSH key from a TFTP server. (“Secure Shel l Commands” on page 4-34) • unit - Keyword that allows you to copy to/from a unit. Default Setting None Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command.
Flash/File Co mmands 4-67 4 The following example shows how to cop y the running configurati on to a startup file. The following example shows how to do wnload a configurati on file: This example shows how to copy a secure-site certificate from an TFTP server .
Command Line Interfa ce 4-68 4 delete This command deletes a file or image. Syntax delete [ un it :] filename filename - Name of the configuration file or image name. unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used f or system startup, then this fi le cannot be deleted.
Flash/File Co mmands 4-69 4 Command Usage • If you enter the command dir without a ny parameters, the system displ ays all files. • A colon (:) is required after the specified un it number.
Command Line Interfa ce 4-70 4 Example This example shows the informat io n displayed by the whichboot command. See the tabl e under the dir command for a description of the fil e information displaye d by this command. boot system This command specif ies the image used to st art up the sys tem.
Authentication Commands 4-71 4 Authentication Commands Y ou can confi gure this switch to authen ti cate users logging into the system for management access using l ocal or RADIUS authentication met hods. Y ou can also enable port-based au the ntication for network cli ent access using IEEE 802.
Command Line Interfa ce 4-72 4 • RADIUS and TACACS+ logon authen tication assigns a specif ic privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authenti c at ion server.
Authentication Commands 4-73 4 authenticati on is att empt ed on the TACACS+ serve r. I f t he TACACS+ se rv er is not available, the local user name and password is checked.
Command Line Interfa ce 4-74 4 • retransmit - Number of times the switch will try to aut henticate logon access via the RADIUS server. (Range: 1-30) • key - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
Authentication Commands 4-75 4 Default Setting None Command Mode Global Configurat ion Example radius-server retransmit This command sets th e number of retries.
Command Line Interfa ce 4-76 4 Example show radius-server This command displays the current sett ings for the RADIUS server . Default Setting None Command Mode Privileged Exec Example TACACS+ Client T.
Authentication Commands 4-77 4 tacacs-server host This command specifies the T ACACS+ server . Use the no form to restore t he default. Syntax t acacs-server host host_ip_addre ss no t acacs-server host host_ip_address - IP address of a T A CACS+ server .
Command Line Interfa ce 4-78 4 tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to r estore the default. Syntax t acacs-server key key_stri ng no t acacs-server key key_string - Encryption key used to authenticate log on access for the client.
Authentication Commands 4-79 4 Port Security Commands These commands can be used to enable port securi ty on a port. When using port security , the switch stop s learning new MAC ad dresses on the speci fied port when it has reached a co nfigured maximum nu mber .
Command Line Interfa ce 4-80 4 Command Usage • If you enable po rt se curity, th e switch stop s l earning new MAC addre sses on the specified port when it has reached a configured maximum number. Only incoming traffi c with source addresses already s tored in the dynamic or static address table wi ll be accepted.
Authentication Commands 4-81 4 802.1X Port Authentication The switch supports IEEE 802.1X (dot 1x) port-based access control that prevent s unauthorized access to the network by requiring users to first submit creden tials for authenticati on.
Command Line Interfa ce 4-82 4 dot1x default This command sets al l configurable dot1x global and port settings to their default values. Command Mode Global Configurat ion Example dot1x max-req This c.
Authentication Commands 4-83 4 Default force-authorized Command Mode Interface Configuration Example dot1x operation-mode This command allows singl e or multiple hosts (cl ients) to connec t to an 802.1X-authorized port. Use the no form with no keywords to restore the defau lt to single host.
Command Line Interfa ce 4-84 4 dot1x re-authenticate This command forces re-authenticat ion on all ports or a specif ic i nterface. Syntax dot1x re-authenticate [ inte rface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number.
Authentication Commands 4-85 4 Command Mode Interface Configuration Example dot1x timeout re-authperiod This command sets the time perio d after which a connected clie nt must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-aut hperiod seconds - The number of seconds.
Command Line Interfa ce 4-86 4 Example show dot1x This command shows general port aut henticat ion related set tings on the swit ch or a specific interface. Syntax show dot1x [ statistics ] [ interface interface ] • statistics - Displays dot1x status for each port.
Authentication Commands 4-87 4 • 802.1X Port Details – Displays the port access control parameters for each interface, incl uding the following i te ms: - reauth-enabled – Periodic re-authentication (page 4-84). - reauth-period – Time after which a connected client must be re-authenticated (pag e 4-85).
Command Line Interfa ce 4-88 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mod e Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes .
Access Contro l List Comman d s 4-89 4 Access Control List Commands Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type).
Command Line Interfa ce 4-90 4 IP ACLs access-list ip This command adds an IP access list and enters configurat ion mod e for st an dard or extended IP ACLs.
Access Contro l List Comman d s 4-91 4 Command Usage • When you create a new ACL or enter co nfiguration mode for an exist ing ACL, use the permit or deny command to add ne w rules to the bottom of the li st. To create an ACL, you must add at least one rule to the list.
Command Line Interfa ce 4-92 4 Example This example configures one pe rmit rule for the specific add re ss 10.1.1.21 and another rule for the address range 168.9 2.16.x – 168.92.31.x using a bit mask. Related Commands access-list ip (4-90) permit , deny (Extende d ACL) This command adds a rule to an Extende d IP ACL.
Access Contro l List Comman d s 4-93 4 Default Setting None Command Mode Extended ACL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are simi lar to a subne t mask, contai ning four inte gers from 0 to 255, each s eparated by a peri od.
Command Line Interfa ce 4-94 4 This permit s all TCP pack ets from c lass C addresses 192 .168.1.0 with t he TCP control code set to “SYN.” Related Commands access-list ip (4-90) show ip access-list This command displays the ru le s for configured IP ACLs.
Access Contro l List Comman d s 4-95 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one. • You must configure a mask for an ACL rule bef ore you can bi nd it to a port.
Command Line Interfa ce 4-96 4 Command Usage A packet matchi ng a rule within the specifi ed ACL is mapped to one of the output queues as s hown in the followin g table. For i nformation on mappin g the CoS values to o utput queues, see queue cos-map on page 4-171.
Access Contro l List Comman d s 4-97 4 MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL confi guration mode. Use the no form to remove the specified ACL. Syntax [ no ] access-li st mac acl_name acl_name – Name of the ACL.
Command Line Interfa ce 4-98 4 Related Commands permit, deny (MAC ACL) (4-98) mac access-g roup (4-99) show mac access-l ist (4-99) permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rule fi lters pac kets matching a specified MAC source or destinatio n address (i.
Access Contro l List Comman d s 4-99 4 Example This rule permits p ackets from any sou rce MAC address to the destination addre ss 00-90-cc-94-34-de where the Ethernet type is 0800. Related Commands access-list mac (4-97) show mac access-list This command displays the ru le s for configured MAC ACLs.
Command Line Interfa ce 4-100 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one.
Access Contro l List Comman d s 4-101 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS valu es to the rule. • A packet matching a rule wit hi n the specified ACL is mapped to o ne of the output queues as sho wn below.
Command Line Interfa ce 4-102 4 ACL Information show access-list This command shows all ACLs and associated rules, as well as al l the user-defi ne d masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interf ace (i.e., the ACL is active), the order i n which the rules are disp layed is determined by th e associated mask.
SNMP Commands 4-103 4 SNMP Commands Controls access to thi s switch from management st ations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the communi t y access string for the Simple Network Management Proto c ol .
Command Line Interfa ce 4-104 4 Example snmp-server contact This command set s the system cont act string. Use the no form to rem ove the system cont act informati on. Syntax snmp-server cont act string no snmp-server cont act string - S tring that describes the system contact information .
SNMP Commands 4-105 4 Related Commands snmp-server contact (4-104) snmp-server host This command specifies the recipient of a Simple Network Manag ement Protocol notificati on operation.
Command Line Interfa ce 4-106 4 Example Related Commands snmp-server enable trap s (4-106) snmp-serv er enable traps This command enables this devi ce to send Simple Network Mana gement Protocol traps (SNMP no ti fications). Use the no form to disabl e SNMP notifications.
SNMP Commands 4-107 4 show snmp This command checks the st atus of SNMP communications. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage This command provides information .
Command Line Interfa ce 4-108 4 Interface Commands These commands are used to display or set co mmunication para meters for an Ethernet port, aggregate d link, or VLAN. interface This command configures an in terface type and enter interf ace co nfiguration mode.
Interface Commands 4-109 4 Command Mode Global Configurat ion Example T o sp eci fy port 24, enter t he following command: description This command adds a description t o an interface.
Command Line Interfa ce 4-110 4 Default Setting • Auto-negotiat ion is enabled by default. • When auto-negoti ation is disabled, the default spe ed-duplex setting is 1 00half for 100BASE-TX ports and 1000full f or Gigabit Ethernet ports.
Interface Commands 4-111 4 • If autonegoti ation is disabled, auto-MDI /MDI-X pin signal configuratio n will also be disabled for the RJ-45 port s. Example The following example conf igures port 1 1 to use autonegotiation.
Command Line Interfa ce 4-112 4 Example The following example configures Et hernet port 5 cap abilities t o 100half, 100full and flow cont rol. Related Commands negotiation (4-1 10) speed-duplex (4 -109) flowcontrol (4-1 12) flowcontrol This command enable s flow contro l.
Interface Commands 4-113 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-1 10) capabilities (flowcon trol, symmetri c) (4-1 1 1) shutdown This command disables an int erfac e. T o rest art a disabled interfac e, use the no form.
Command Line Interfa ce 4-114 4 switchport broad cast packet-rate This command confi gures broadcast storm contro l. Use the no form to disa ble broadcast storm contro l. Syntax switchport broadcast octet-rate rate no switchport broadcast rate - Threshold level as a rate; i.
Interface Commands 4-115 4 Command Mode Privileged Exec Command Usage S tat istics are only initia lized for a power reset. This command set s the base value for displayed st atistics to zero for t he current management session.
Command Line Interfa ce 4-116 4 Example show interfaces counters This command displays inte rface statis tics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit.
Interface Commands 4-117 4 Example show interfaces switchport This command displays the admi nistrative and opera tional statu s of the specified interface s. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit.
Command Line Interfa ce 4-118 4 Example This example shows the configu ration setting for port 24. Console#show interfaces switchport ethe rnet 1/24 Broadcast threshold: Enabled, 32000 octets/second L.
Mirror Port Commands 4-119 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion.
Command Line Interfa ce 4-120 4 Example The following example conf igures the switch to mirro r received packet s from port 6 to 1 1: show port mo nitor This command displays mirror informa ti on. Syntax show port monit or [ interface ] interface - ethernet unit / port (source port) • unit - Stack unit.
Rate Limit Co mmands 4-121 4 Rate Limit Commands This function allows th e network manager to cont ro l the maximum rate for traf fic transmitted or received on an i nterface. Rate li miting is configured on interfaces at the edge of a network to limit traffic i nto or out of the network.
Command Line Interfa ce 4-122 4 Example rate-limit granularity Use this command to define t he rate li mit granul arity for the Fast Ethernet port s, and the Gigabit Etherne t ports.
Link Aggregation Commands 4-123 4 Command Usage • For Fast Ethern et interfaces, the rate limit granularity can be se t to 512 Kbps, 1 Mbps, or 3.3 Mbps. • For Gigabit Ethernet interfaces, the rat e limit granulari ty is 33.3 Mbps. Example Link Aggregation Commands Ports can b e statical ly grouped into an aggregate link (i .
Command Line Interfa ce 4-124 4 Guidelines for Cre a tin g Tru nk s General Guidelines – • Finish configuri ng port trunks b efore you connect the corresponding n etwork cables between swit ches to avoid creating a loop. • A trunk can have up to eight port s.
Link Aggregation Commands 4-125 4 Example The following example creat es trunk 1 and then adds port 1 1: lacp This command enables 802.3ad Link Aggrega tion Control Protoco l (LACP) for the current inte rface.
Command Line Interfa ce 4-126 4 Example The following shows LACP enabled on port s 1 1-13. Because LACP has also been enabled on the port s at the other end of the links , the show in terfaces status port-cha nnel 1 command shows that T runk 1 has been established.
Link Aggregation Commands 4-127 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined wit h the switch’s MAC address to form the LAG identifier.
Command Line Interfa ce 4-128 4 • Once the remote side of a link ha s been established, LACP operation al settings are already in use on that side. Configuring LACP sett ings for the partner only ap.
Link Aggregation Commands 4-129 4 lacp port-priori ty This command configures LACP port priori ty . Use the no form to restore th e default setting. Syntax lacp { actor | pa r t n e r } port-priority priority no lacp { actor | pa r t n e r } port-priority • actor - The local side an aggregat e link.
Command Line Interfa ce 4-130 4 Default Setting Port Channel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel : 1 --------------------------------------- -----------.
Link Aggregation Commands 4-131 4 Console#show lacp 1 internal Port channel : 1 --------------------------------------- ---------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ----------.
Command Line Interfa ce 4-132 4 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 ------------------------------.
Address T able Co mmands 4-133 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearin g the t able, or setting the agi ng time.
Command Line Interfa ce 4-134 4 mac-address-table static This command maps a st atic address to a desti nat ion port in a VLAN. Use the no form to remove an address. Syntax mac-address-t able st atic mac-address interface interf ace vlan vlan-id [ ac tion ] no mac-address-t able st atic mac-address vlan vlan-id • mac-address - MAC address.
Address T able Co mmands 4-135 4 clear mac-address-table dynamic This command removes any learned entrie s from the forwarding databa se and clears the transmit and receive count s for any static or system configured entries.
Command Line Interfa ce 4-136 4 means to match a bit and “1” means to ignore a bit . For example, a mask of 00-00-00-00-00-00 mean s an exact matc h, and a mask o f FF-FF-FF-FF-FF -F F means “any.” • The maximum number of address entries is 8191.
Spanning Tree Commands 4-137 4 Spanning Tree Commands This section includes co mmands that configure the S panning T ree Algorithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. spanning-tree This command enables the S panning T ree Alg orithm globall y for the switch.
Command Line Interfa ce 4-138 4 an ST A-compliant switch, bridge or router) in your netwo rk to ensure that only one route exist s between any two stati ons on the network, and provide backup links which auto matically t ake over when a primary link goes down.
Spanning Tree Commands 4-139 4 spanning-tree forward-time This command confi gures the spanni ng tree bridge forward t ime globally fo r this switch. Use the no form to restore the defaul t. Syntax sp anning-tree forward-time seconds no spanning-tree forward-time seconds - T ime in seconds.
Command Line Interfa ce 4-140 4 Command Usage This command sets the t ime interval (in seconds) at which the root devi ce transmits a configurati on message. Example spanning-tree max-age This command configures the sp anning tree bridge maximum age glob ally for this switch.
Spanning Tree Commands 4-141 4 spanning-tree priority This command confi gures the span ning tree priority globally for thi s switch. Use the no form to restore the def ault. Syntax sp anning-tree priority priority no spanning-tree priority priority - Priority of the bridge.
Command Line Interfa ce 4-142 4 Command Usage The path cost met hod is used to determine the best p ath between devices . Therefore, lower values should be assigned to ports att ached to fast er media, and higher values assign ed to ports with slower medi a.
Spanning Tree Commands 4-143 4 Default Setting • Ethernet – ha lf duplex: 2,00 0,000; full du plex: 1,000,00 0; trunk: 500,000 • Fast Ethernet – half duplex: 2 00,000; full d uplex: 100,000; t.
Command Line Interfa ce 4-144 4 Example Related Commands spanning-t ree cost (4-142) spanning-tree edge-port This command specifi es an interface as an edge port.
Spanning Tree Commands 4-145 4 spanning-tree portfast This command sets an in terface to fast f orwarding. Use the no form to disabl e fast forwarding.
Command Line Interfa ce 4-146 4 Default Setting auto Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • Specify a po int-to-point link if the interf ace can only be connected to exac tly one other bridge , or a shared link if i t can be connected to two or more bridges.
Spanning Tree Commands 4-147 4 show spanning-tree This command shows the configuratio n for th e spanning tree . Syntax show sp anning-tree [ interface ] interface • ethernet unit / port - unit - Stack unit.
Command Line Interfa ce 4-148 4 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode: RSTP Spanning tree enabled/disabled: enab led Priority: 4096 0 Bridge Hello Time (sec.
VLAN Commands 4-149 4 VLAN Commands A VLAN is a group of port s that can be l ocated anywhere in the network, but communicate as though t hey belong to the same physical segme nt.
Command Line Interfa ce 4-150 4 Example Related Commands show vlan (4-157) vlan This command config ures a VLAN. Use the no form to restore the defau lt settings or delete a VLAN. Syntax vlan vlan-id [ name vlan -name ] media ethernet [ st ate { active | suspend }] no vlan vlan-id [ nam e | st ate ] • vlan-id - ID of configured VLAN.
VLAN Commands 4-151 4 Configuring VLAN Interfaces interface vlan This command enters interf ace configuration mode for VLANs, whic h is used to configur e VLA N parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN.
Command Line Interfa ce 4-152 4 switchport mode This command confi gures the VLAN membership mode for a port. Use the no form to restore the de fault. Syntax switchport mode { trunk | hybrid | private-vlan } no switchport mode • trunk - Specifies a port as an end-point for a VLAN trun k.
VLAN Commands 4-153 4 Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usage When set to receive all frame types, any received fra mes that are untagged are assigned to the def ault VLAN.
Command Line Interfa ce 4-154 4 Example The following example shows how to set the interface to port 1 and then enable ingress filtering : switchport native vlan This command configures the PVID (i.e., def au lt VLAN ID) for a port. Use the no form to restore the default.
VLAN Commands 4-155 4 switchport allowed vlan This command confi gures VLAN groups on t he selected int erface. Use the no form to restore the de fault. Syntax switchport allowed vlan { add vlan-list [ ta g g e d | untagged ] | remove vlan-list } no switch port allowed vl an • add vlan-list - List of VLAN identifiers to add.
Command Line Interfa ce 4-156 4 switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan { ad d vlan-list | remove vlan-list } no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add.
VLAN Commands 4-157 4 show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name | private-vl an private-vlan-type ] • id - Keyword to be fo ll ow ed by the VLA N ID. - vlan-id - ID of the configured VL AN. (Range: 1-4094, no le ading zeroes) • name - Keyword to be fo ll ow ed by the VLA N na m e .
Command Line Interfa ce 4-158 4 Configuring Private VLANs Private VLANs provide port-based security and isolation between port s within the a ssigned VLAN. This switch support s two types of private VLANs: primary/ secondary associated group s, and stan d-alone isolated VLANs.
VLAN Commands 4-159 4 3. Use the switchport mode private-vlan command to config ure ports as promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e., community port). 4. Use the switchport private-vlan host-association c ommand t o assign a port to a secondary VLAN.
Command Line Interfa ce 4-160 4 an associated “primary” VLAN tha t contains promiscuous ports. When usi ng an isolated VLAN, it must be config ured to contain a single promi scuous port. • Port membership for private VLANs is stati c. Once a port has been assig ned to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP.
VLAN Commands 4-161 4 switchport mode private-vlan Use this command to set the private VLAN mode for an interface. Use the no form to restore the default sett ing. Syntax switchport mode private-vlan { host | promiscuou s } no switchport mo de private-vlan • host – This port type can subsequentl y be assigned to a community or isolated VLAN.
Command Line Interfa ce 4-162 4 Command Mode Interface Co nfiguration (Ethe rnet, Port Ch annel) Command Usage All ports assi gned to a secondary (i.e., community ) VLAN can pass traf fic between group members, but must co mmunicate with resources out side of the group via promiscuous portsin the associat ed primary VLAN.
VLAN Commands 4-163 4 switchport privat e-vlan mapping Use this command to map an interface t o a pri mary VLAN. Use th e no form to remove this mapping. Syntax switchport privat e-vlan mapping prima ry-vlan-id no switchport private-vlan mapping primary-vlan-id – ID of primary VLAN.
Command Line Interfa ce 4-164 4 Example GVRP and Bridge Extension Commands GARP VLAN Registration Protoco l def ines a way for switches to exch ange VLAN information in order to automatical ly register VLAN members o n interfaces across the network.
GVRP and Bridge Extension Commands 4-165 4 Example show bridge-ext This command shows the configuratio n for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage .
Command Line Interfa ce 4-166 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp conf iguration [ interfa ce ] interface • ethernet unit / port - unit - Stack unit.
GVRP and Bridge Extension Commands 4-167 4 Command Usage • Group Address Registration Protocol is used b y GVRP and GMRP to register or deregister client attri butes for client services withi n a bridged LAN. The default values fo r the GARP timers are independent of the media access method or da ta rate.
Command Line Interfa ce 4-168 4 Related Commands garp timer (4-166) Priority Commands The commands described in this secti on allow you to specify which dat a packet s have greater precedence when traf fic is bu f fered in the switch due to cong estion.
Priority Commands 4-169 4 queue mode This command sets th e queue mode to strict priorit y or Weighted Round -Robin (WRR) for the class of se rvice (CoS) pri orit y queues.
Command Line Interfa ce 4-170 4 Default Setting The priority is not set, and the default value for unt agged frames recei ved on the interface is zero. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and default switchp ort pri ority.
Priority Commands 4-171 4 Command Mode Global Configurat ion Command Usage WRR controls bandwid th sharing at the egress port by defining scheduling weights.
Command Line Interfa ce 4-172 4 Command Usage • CoS values assigned at the ingre ss port are also used at the egress port. • This command sets the CoS priority for all interfaces.
Priority Commands 4-173 4 Example show queue cos-map This command shows the class of se rvice priority map. Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit.
Command Line Interfa ce 4-174 4 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP port mapping (i .e., class of service mapping for TCP/UDP sockets).
Priority Commands 4-175 4 map ip port (Interface Configuration) This command set IP port priority (i. e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port number cos cos-value no map ip port port-number • port-number - 16-bit TCP/UDP port number.
Command Line Interfa ce 4-176 4 Example The following example shows how to en able IP precedence mapping globa lly: map ip precedence (Interface Config uration) This command sets IP preced ence priority (i.e. , IP T ype of Service priority). Use the no form to restore the def ault tabl e.
Priority Commands 4-177 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Dif ferentiate d Services Code Point mapping).
Command Line Interfa ce 4-178 4 Default Setting The DSCP default values are defi ned in the following t able. Note that all the DSCP values that are not specif ied are mapped to CoS value 0.
Priority Commands 4-179 4 Default Setting None Command Mode Privileged Exec Example The following s hows that HTTP traf fic has been mapp ed to CoS value 0: Related Commands map ip port (Global Configu ration) (4-174) map ip port (Interface Config uration) (4-175) show map ip precedence This command shows the IP precedence priorit y map.
Command Line Interfa ce 4-180 4 Example Related Commands map ip port (Global Configu ration) (4-174) map ip precedence (Interface Conf iguration) (4-176) show map ip dscp This command shows the IP DSCP priori t y map. Syntax show map ip dscp [ in terface ] interface • ethernet unit / port - unit - Stack unit.
Multicast Filter ing Commands 4-181 4 Example Related Commands map ip dscp (Global Conf iguration) (4-177) map ip dscp (Interface Config uration) (4-177) Multicast Filtering Commands This switch uses IGMP (Internet Group Manage ment Protocol) to query for any attache d host s tha t want to rece ive a specif ic mul ticast servi ce.
Command Line Interfa ce 4-182 4 ip igmp snoopi ng This command enables IGMP sno opi ng on t his swi t ch. Use the no form to disab le i t. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping.
Multicast Filter ing Commands 4-183 4 ip igmp snoo ping ver sion This command confi gures the IGMP snooping ve rsion. Use the no form to restore the default.
Command Line Interfa ce 4-184 4 Example The following s hows the current IGMP snooping configu ration: show mac-address -table multicast This command shows kn own multicast addresse s.
Multicast Filter ing Commands 4-185 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the swit ch as an I GMP queri er . Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch will serve as querie r if elected.
Command Line Interfa ce 4-186 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count defines how lon g the querier waits for a respon se from a multicast cli ent before taking ac tion.
Multicast Filter ing Commands 4-187 4 ip igmp snoopi ng qu ery-max-response-time This command configures the que ry report delay . Use the no form to resto re the default. Syntax ip igmp snoopi ng qu ery-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s.
Command Line Interfa ce 4-188 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this comma nd to take ef fect.
Multicast Filter ing Commands 4-189 4 Command Usage Depending on your network connect ions, IGMP snooping may not always be able to locate the IGMP querier .
Command Line Interfa ce 4-190 4 IP Interface Commands An IP addresses may be used for management access to the swi tch over your network. The IP address for th is switch is obtain ed via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on.
IP Interface Commands 4-191 4 • If you select the bootp or dhcp option, IP is en abled but wi ll not fun ction until a BOOTP or DHCP reply has been rece ived. Requests will be br oadcast periodically b y this device in an effort to lea rn its IP address.
Command Line Interfa ce 4-192 4 ip dhcp restart This command submit s a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request fo r any IP interface that has been set to BOOTP or DHCP mode via the ip address command.
IP Interface Commands 4-193 4 show ip re directs This command shows the default gateway configured for th is device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4-191) ping This command sends ICMP echo reques t p ackets to another node on the network.
Command Line Interfa ce 4-194 4 Example Related Commands interface (4-108) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms Ping statistics for 10.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802. 1X), HTTPS, SSH, Port Security Access Control List s IP , MAC (up to 88 lists) DHCP Client P.
Software Specifications A-2 A Additional Featu res BOOTP client SNTP (Simple Network T ime Protoco l) SNMP (Simple Network Ma nagement Protocol) RMON (Remote Monitoring, group s 1,2,3,9) SMTP Email Al.
Management Inform ation Bases A-3 A Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674 ) Extensible SNMP Age nts MIB (RFC .
Software Specifications A-4 A.
B-1 Appendix B: Troubleshooting Problems Accessing the Management Int erface T abl e B-1 T roubleshooting Cha rt Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cabling between the management s tation and the s witch.
T roubleshootin g B-2 B Using System Logs If a fault does occur , refer to the Install ation Guide to ensure that the probl em you encountered is actual ly caused by the switch. If the problem app ears to be caused by the switch, follow these s teps: 1.
Glossary-1 Glossary Access Control List (ACL) ACLs can limit netwo rk tr af fic and restrict ac cess to certain users or devices by checking each p acket for certain IP or MAC (i.
Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VL AN information in order to register necessary VLAN members on p orts along the S panning T ree so that VL ANs defined in each switch can work automati cally over a S panning T ree net work.
Glossary-3 Glossary IGMP Snooping Listening to IGMP Query and IGMP Re port packet s transferred between IP Multicast Routers and IP Multicast host group s to identif y IP Mult icast group members.
Glossary Glossary-4 MD5 Message-Digest Algorithm An algorithm that is used to crea te digit al signatures . It is intended for use wi th 32 bit machines and is safe r than the MD4 algori t hm, which has been broken.
Glossary-5 Glossary Remote Monitoring (RMON) RMON provides comprehensi ve net work monitoring cap abilities. It eliminates the polling requi red in st andard SNMP , and can set alarms on a variety of traf fic conditions, in cluding specific error types.
Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a dat agram mode for p acket-switched communi catio ns. It uses IP as the underlying transpo rt mechanism to provide access to I P-like services. UDP packet s are delivered just like IP p ackets – con nect ion-less datagrams th at may be discarded before reachi ng their target s.
Index-1 Numerics 802.1X, port authe ntication 3-49 A acceptable frame type 3-115, 4-152 Access Control List See ACL ACL Extended IP 3-58, 4-89, 4-90, 4-92 MAC 3-58, 4-89, 4-97, 4-97–4-99 Standard IP.
Index-2 Index IGMP groups, display ing 3-140, 4-184 Layer 2 3-135, 4-181 query 3-135, 4-185 query, Layer 2 3-136, 4-185 snooping 3-135, 4-182 snooping, config urin g 3-136, 4-181 ingress filtering 3-1.
Index-3 Index Q queue weights 3-127, 4-170 R RADIUS, logon a uthentication 4-73 rate limits, setting 3-8 3, 4-121 remote logging 4-46 restarting th e s y st e m 3-30, 4-22 RSTP 3-93, 4-138 global conf.
Index-4 Index W Web interface access requirements 3-1 configuration but tons 3-3 home page 3-2 menu lis t 3-4 panel display 3-3.
.
GSW-2692 E072006-R01.
An important point after buying a device LevelOne GSW-2692 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought LevelOne GSW-2692 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data LevelOne GSW-2692 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, LevelOne GSW-2692 you will learn all the available features of the product, as well as information on its operation. The information that you get LevelOne GSW-2692 will certainly help you make a decision on the purchase.
If you already are a holder of LevelOne GSW-2692, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime LevelOne GSW-2692.
However, one of the most important roles played by the user manual is to help in solving problems with LevelOne GSW-2692. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device LevelOne GSW-2692 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center