Instruction/ maintenance manual of the product MIL-SM24004TG Milan Technology
Go to page of 424
8VHU0DQXDO 0,/607* 3RUW&RPER6)3 6ORWV *LJDELW(WKHUQHW0XOWL/DHU 0DQDJHPHQW6ZLWFK.
.
i Regulatory Approval - FCC Class A - UL 60950 - CSA C22.2 No. 60950 - EN60950-1 4 - CE - EN55022 Class A - EN55024 Canadian EMI Notice This Class A digital apparatus meet s all the requirements of the Canadian Interference-Causing Equipment Regulations.
ii Y ou can reach MiL AN T echnology technical support at: E-mail: support@milan.com T elephone: +1.408.744.2751 Fax: +1.408.744.2771 MiLAN T echnology 1329 Moffett Park Drive Sunnyvale, CA 94089 United S tates of America T elephone: +1.408.744.2775 Fax: +1.
iii Contents Chapter 1: Introd uction 1-1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5 Chapter 2: Initial Configu ration 2-1 Connecting to the Switch 2-1 Configuration Opt.
Contents iv System Log Configuration 3-19 Remote Log Configuration 3-20 Displaying Log Message s 3-22 Sending Simple Mail Transfe r Protocol Alerts 3-23 Resetting the System 3-25 Setting the System Cl.
Contents v Displaying LACP Settings and Status for the Local Side 3-77 Displaying LACP Settings and Status for the Remote Side 3-79 Setting Broadcast Storm Threshol ds 3-80 Configuring Port Mirroring .
Contents vi Mapping CoS Values to ACLs 3-137 Changing Priorities Based on ACL Rules 3-138 Multicast Filtering 3-140 Layer 2 IGMP (Snooping and Query) 3-140 Configuring IGMP Snooping and Qu ery Paramet.
Contents vii disconnect 4-18 show line 4-19 General Commands 4-20 enable 4-20 disable 4-21 configure 4-21 show history 4-22 reload 4-22 end 4-23 exit 4-23 quit 4-24 System Management Comma nds 4-24 De.
Contents viii logging facility 4-45 logging trap 4-46 clear logging 4 -46 show logging 4-47 SMTP Alert Commands 4-48 logging sendma il host 4-49 logging sendmail l evel 4-49 logging sendmail source-em.
Contents ix TACACS+ Client 4-74 tacacs-server host 4-74 tacacs-server port 4-74 tacacs-server key 4-75 show tacacs-server 4-75 Port Security Commands 4-76 port security 4-76 802.
Contents x show map access-list mac 4-109 match access-list mac 4-110 ACL Information 4-111 show access-list 4-111 show access-group 4-111 SNMP Commands 4-112 snmp-server community 4-112 snmp-server c.
Contents xi lacp system-priority 4-142 lacp admin-key (Ethernet Interface) 4-143 lacp admin-key (Port Channel) 4-144 lacp port-priority 4-144 show lacp 4-145 Address Table Commands 4-149 mac-address-t.
Contents xii switchport ingress-filtering 4-176 switchport native vlan 4-177 switchport allowed vlan 4-178 switchport forbidden vlan 4-179 Displaying VLAN Informa tion 4-180 show vlan 4-180 Configurin.
Contents xiii show ip igmp snooping 4-205 show mac-address-table mu lticast 4-206 IGMP Query Commands (Layer 2) 4-207 ip igmp snooping querier 4-207 ip igmp snooping query-count 4-207 ip igmp snooping.
Contents xiv.
xv Tables Table 1-1. Key Features 1-1 Table 1-2. System Defaults 1-5 Table 3-1 Web Page Configurati on Buttons 3-3 Table 3-2 Switch Main Menu 3-4 Table 3-3 Logging Levels 3-19 Table 3-4 HTTPS System Support 3-35 Table 3-5 802.
xvi T ables Table 4-27 Authentication Commands 4-68 Table 4-28 Authentication Sequence Commands 4-69 Table 4-29 RADIUS Client Commands 4-71 Table 4-30 TACACS+ Client Commands 4-74 Table 4-31 Port Security Commands 4-76 Table 4-32 802.
xvii Figures Figure 3-1 Home Page 3-2 Figure 3-2 Front Panel Indicators 3-3 Figure 3-3 System Information 3-9 Figure 3-4 Switch Info rmation 3-11 Figure 3-5 Displ aying Bridge Extension Configuration .
Figures xviii Figure 3-43 LACP - Aggregation Port 3-74 Figure 3-44 LACP - Port Counters Information 3-76 Figure 3-45 LACP - Port Internal Information 3-78 Figure 3-46 LACP - Port Neighbors Information.
Figures xix Figure 3-88 DNS Ge neral Configuration 3-148 Figure 3-89 DNS Static Host Table 3-150 Figure 3-90 DNS Cache 3-151.
Figures xx.
1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includ es a management agent that all ows you to configure the features listed in this manual. The default configuration can be used for most of the fe atures provided by this switch.
Introduction 1-2 1 Description of Software Features The switch provides a wide range of ad vanced performance enhancing features. Flow control eliminates the loss of pa ckets due to bottlenecks caused by port saturation. Broadcast storm suppression preven ts broa dcast traffic storms from engulfing the network.
Description of Softwa re Features 1-3 1 Port Mirroring – The switch can un obtrusively mirror traffic fro m any port to a monitor port. Y ou can then at tach a protoco l analyzer or RMON probe to this port to perform traf fic analysis and verify connection integrity .
Introduction 1-4 1 Multiple S panni ng Tree Protocol (MSTP , IEEE 802.1s) – This protocol is a direct extension of RSTP . It can provide an independent sp anning tree for different VLANs.
System Defaults 1-5 1 System Defaults The switch’s system de faults are provided in the configurati on file “Factory_Default_Config.cfg .” To reset the switch defaults, this fil e should be set as the startup configuration file (page 3-18 ). The following tabl e lists some of the basic system defaults.
Introduction 1-6 1 Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Contro l Disabled Port Capability 1000BASE-T – 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 1.
System Defaults 1-7 1 IP Settings IP Address 0.0.0.0 Subnet Mask 255.0.0.0 Default Gateway 0.0.0.0 DHCP Client: Enabled BOOTP Disabled DNS Server Lookup Disabled Multicast Filtering IGMP Snooping Snoo.
Introduction 1-8 1.
2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in network management agent. The agent offers a variety of management option s, including SNMP , RMON and a Web-based inte rface.
Initial Configura tion 2-2 2 • Enable port mirroring • Set broadcast storm cont rol on any port • Display system informat ion and statistics Required Connections The switch provides an RS-232 serial port t hat enables a connection to a PC or terminal for monitoring and configuri ng the switch.
Basic Configuration 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a network connection, you must first config ure it with a valid I P address, subnet mask, and default gateway u sing a console connection, DHCP or BOOTP protocol .
Initial Configura tion 2-4 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names using the “username” command, record them and put them in a safe place. Passwords can consist of up to 8 al phanumeric characters and are case sensi tive.
Basic Configuration 2-5 2 Before you can assign an IP address to t he switch, you must obt ain the following information from your net work administrator: • IP address for the switch • Default gateway for the network • Network mask for this network T o assign an IP address to the switch, complete th e following steps: 1.
Initial Configura tion 2-6 2 5. W ait a few minutes, and then check the IP configuration se ttings by typing the “show ip interface” command. Press <En ter>. 6. Then save your config uration changes by typing “copy run ning-config startup-confi g.
Basic Configuration 2-7 2 T o configure a community string, complete the following step s: 1. From the Privileged Exec leve l global configuration mode prompt, type “snmp-server community string mode ,” where “string” is the community ac cess string and “mode” is rw (read/write) or ro (read only).
Initial Configura tion 2-8 2 2. Enter the name of the start-up file. Pre ss <Enter>. Managing System Files The switch’s flash memory suppo rts three types of system files that can be mana ged by the CLI program, Web interface, or SNMP .
3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browse r you can configure the switch and view st atistics to monitor network activity . The Web agent can be accessed by any computer on the network using a st andard Web browser (Internet Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access the web-browser interface you must first enter a user name and password. The administra tor has Read/Write access to all confi guration parameters and statis tics. The default user name and p assword for the administrator is “admin.
Navigating the Web Browser Inte rface 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply” bu tton to confirm the new setting.
Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent, you can define system parameters, man age and control the s witch, and all its p orts, or monitor network conditi ons. The following table brie fly describes the selections available from this program.
Navigating the Web Browser Inte rface 3-5 3 802.1X Port authentication 3-43 Information Displays global configu ration settings 3-44 Configuration Configures p rotocol parameters 3-46 Port Configurati.
Configuring the Switch 3-6 3 Address T able 3-88 Static Addresses Displays entries for interface , address or VLAN 3-88 Dynamic Addresses Displa ys or edits static entries in the Address T able 3-89 A.
Navigating the Web Browser Inte rface 3-7 3 Protocol VLAN 3-124 Configuration Creates a protocol group, spec ifying the supported protocols 3-124 Port Configuration Map s a protocol group to a VLAN 3-.
Configuring the Switch 3-8 3 DNS 3-146 General Configuration Enables DNS; configures domain name and domain list; and specifies IP address of name servers for dy namic lookup 3-147 Static Host Table C.
Basic Configuration 3-9 3 Basic Configuration Displaying System Information Y ou can easily identify the system by displaying the devi ce name, location and contact i nformation. Field Attributes • System Name – Name assigned to th e switch syst em.
Configuring the Switch 3-10 3 CLI – S pecify t he hostname, location and contact info rmation. Displaying Switch Hardware/Software Versions Use the Switch Information page to displ ay hardware/firmware version numbers for the main board and management software, as well as the power sta tus of the system.
Basic Configuration 3-11 3 Web – Click System, Switch Information. Figure 3-4 Switch Information CLI – Use the following command to display version informatio n. Displaying Bridge Extension Capabilities The Bridge MIB includes extensions for manag ed devices that support Multicast Filtering, T raffi c Classes, and Virtual LANs.
Configuring the Switch 3-12 3 • Configurable PV ID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration ” on page 3-111.
Basic Configuration 3-13 3 Setting the Switch’s IP Address This section describes how to configure an IP interface for manage ment access over the network. The IP address fo r this switch is obtained vi a DHCP by default. T o manually configure an address, you need to change the switch’s default settin gs (IP address 0.
Configuring the Switch 3-14 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN through which the management st ation is attac hed, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gateway , then click Apply .
Basic Configuration 3-15 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically con figured by these services. Web – Click Syste m, IP Configuration. S pecify the VLAN to which the management station is att ached, set the IP Address Mode to DHCP or BOOTP .
Configuring the Switch 3-16 3 CLI – Enter the following command to rest art DHCP service. Managing Firmware Y ou can upload/download fi rmware to or from a TFTP server . By saving runtime code to a file on a TFTP server , that fil e can later be downloaded to the switch to restore operation.
Basic Configuration 3-17 3 If you download to a new de stination file, then select the file from the drop-down bo x for the operation code used at st artup, and click Apply Changes. T o start the new firmware, reboot the system via the System/Reset menu.
Configuring the Switch 3-18 3 Downloading Config uration Settings from a Server Y ou can download the configuration file un der a new file name and then set it as the startup file , or you can specify the current st a rtup configuration file as the destination file to directly replace it.
Basic Configuration 3-19 3 If you downloa d the startup configurat ion file under a new file name, you can set this file as the sta rtup file at a later time, and then restart the switch.
Configuring the Switch 3-20 3 • RAM Level – Limits log messages saved to the swi tch’s temporary RAM memory for all levels up to the specified level. For exampl e, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM.
Basic Configuration 3-21 3 Command Attributes • Remote Log Status – Enables/disables the logg ing of debug or error messages to the remote l ogging process. (Default: Disabled ) • Logging Facility – Sets the facility type for remote logging of syslog messages.
Configuring the Switch 3-22 3 CLI – Enter the sy slog server host IP address, choose the faci lity type and set the logging tr ap. Displaying Log Messages Use the Logs page to scro ll through the logged system and event messages. The switch can store up to 2048 log entries in temporary ra ndom access memory (RAM; i.
Basic Configuration 3-23 3 CLI – This example shows that syste m logging is enabled, the message level fo r flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “debugging” (i.e., defau lt level 7 - 0), and lists one sample error .
Configuring the Switch 3-24 3 Web – Click System, Log, SMTP . Enable SMTP , specify a source email address, and select the minimum sev erity level. T o add an IP address to the SMTP Server List, type the new IP address in the SMTP Server field and click Add.
Basic Configuration 3-25 3 CLI – Enter the IP address of at least one SMTP server , set the syslog severity level to trigger an email message, and specify t he switch (source) and up to fiv e recipient (destination) email addresses. Enable SMTP with the loggin g sendmail command to complete the configu ration.
Configuring the Switch 3-26 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allows the switch to set its internal clo ck based on periodic upda tes from a time server (SNTP or NTP). Maintaini ng an accurate time on the switch enables the system log to record meaningfu l dates and times for event entries.
Basic Configuration 3-27 3 CLI – This example configures the switch to op erate as an SNTP client and then displays the current time and settings. Setting the Time Zone SNTP uses Coordinated Universa l Time (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Earth’ s pri me meridian, zero degrees longitude.
Configuring the Switch 3-28 3 CLI - This example shows how to set the time zone for the system clock. Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication protocol designed specificall y for managing devices on a network.
Simple Network Manag ement Protocol 3-29 3 Web – Click SNMP , Confi guration. Add new community strings as required, select the access rights fro m the Access Mode drop-down list, then cl ick Add. Figure 3-19 Configuring SNMP Community Strings CLI – The following example adds the string “spiderma n” with read/write access.
Configuring the Switch 3-30 3 Web – Click SNMP , Configuration. Fill in the IP address and community string fo r each trap manager that will receive these messages, sp ecify the SNMP version, mark the trap types req uired, and then click Add .
User Authentication 3-31 3 Command Attributes • User Name* – The name of the user. (Maximum length: 8 chara cters) • Access Level* – Specifi es the user level. (Options: Normal and Privileged) • Password – Specifies the user pa ssword. (Range: 0-8 characters plain text, case sensitive) * CLI only .
Configuring the Switch 3-32 3 RADIUS uses UDP while T ACACS+ uses TCP . UDP only offers best effort del ivery , while TCP of fers a connection-oriented tran sport. Also, note that RADIUS encrypts only the passwo rd in the access-request packet from the cl ient to the server , while T ACACS+ encrypts the entire body of the packet.
User Authentication 3-33 3 Note: The local switch user database has to be set up by manually entering user n ames and passwords using the CLI. (See “username” on page 4-26.) Web – Click Security , Authenticati on Settings. T o configure local or remote authentication preferenc es, specify the aut hentication sequence (i.
Configuring the Switch 3-34 3 CLI – S pecify all the required parameters to enable logon authenticati on. Configuring HTTPS Y ou can configure the switch to enable the Secure Hypertex t Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.
User Authentication 3-35 3 • The following web browsers and operating systems currently support HTTPS: • To specify a secure-si te certificate, see “Replacing the Default Secure-site Certificate” on page 3-35. Command Attributes • HTTPS Status – Allows you to enable/disa ble the HTTPS server feature on the switch.
Configuring the Switch 3-36 3 Note: For maximum security, we recommend you obtain a unique Secure Sockets Layer certificate at the earliest opportunity. This is because the default certificate for the switch is not unique to the hardware you have purchased.
User Authentication 3-37 3 T o use the SSH server , complete these steps: 1. Generate a Host Key Pair – On the SSH Host Key Settings page, create a ho st public/private ke y pair . 2. Provide Host Public Ke y to Clients – Many SSH client prog rams automatically import the host public key during th e init ial connection setup with the switch.
Configuring the Switch 3-38 3 e. The switch comp ares the decrypted bytes to the origina l bytes it sent. If the two sets match, this means that the client's private key corresponds to an authorized publ ic key , and the client is authen ticated.
User Authentication 3-39 3 Web – Click Security , SSH Host-Key Setting s. Select the host -key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key , and then click Generate.
Configuring the Switch 3-40 3 Configuring the SSH Server The SSH server incl udes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disa bled) • Version – The Secure Shell vers ion number.
User Authentication 3-41 3 CLI – This exampl e enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the admini strator has made a connection via SHH, and then disables this con nection.
Configuring the Switch 3-42 3 • If a port is disabled (shut down) due to a security vio lation, it must be manually re-enabled from the Port/Port Configuration page (page 3-67). Command Attributes • Port – Port number. • Name – Descriptive text (page 4-124).
User Authentication 3-43 3 CLI – This example select s the target port, sets the port security action to send a trap and disable the port, specifies a maximum address count, and then enables port security for the port.
Configuring the Switch 3-44 3 The operation of 802.1X on the switch requires the fol lowing: • The switch must have an IP address assigned . • RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. • 802.
User Authentication 3-45 3 Web – Click Security , 802.1X, Information. Figure 3-26 802.1X Information CLI – This example shows the default protocol setting s for 802.1X. For a description of the additiona l entries displayed in the CLI, See “show dot 1x” on page 4-84.
Configuring the Switch 3-46 3 Configuring 802.1X Global Settings The dot1x protocol includes global parameters tha t control the client authentication process that runs betwee n the client and the swi tch (i.e., authenticator), as well as the client identity lookup proc ess that runs between the switch and a uthentication server .
User Authentication 3-47 3 Web – Select Security , 802.1X, Configuration. Enable dot1x gl obally for the swi tch, modify any of the p arameters required, and then click Appl y . Figure 3-27 802.1X Configuration CLI – This enables re-authentication and set s all of the global parameters for 802.
Configuring the Switch 3-48 3 • Authorized – - Yes – Connected cl ient is authorized. - No – Connected cli ent is not authorized. - Blank – Displays nothing when dot1x is disabled on a port. • Supplicant – Indicates the MAC address of a connected client.
User Authentication 3-49 3 Web – Select Security , 802.1X, S tatistics. Se lect the required port and then click Query . Click Refresh to update the st atistics. Figure 3-29 802.1X Port Statistics Rx EAP Resp/Oth The number of valid EAP Response frames (other than Resp/Id frames) that have be en received by this Aut henticator .
Configuring the Switch 3-50 3 CLI – This example displays the 802.1X st atistics for port 4. Filtering IP Addresses for Management Access Y ou can create a list of up to 16 IP add resses or IP address group s that are allowed management access to the switch through the web interface, SNMP , or T elnet.
User Authentication 3-51 3 Web – Click Security , IP Filter . Enter the addresses that are allowed management access to an interface, and click Add IP Filtering Entry . Figure 3-30 IP Filter CLI – This example allows SNMP access for a specific cli ent.
Configuring the Switch 3-52 3 Access Control Lists Access Control List s (ACL) provide packet filt ering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type).
Access Control Li sts 3-53 3 Setting the ACL Name and Type Use the ACL Configuration p age to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 characters) • Type – There are three filtering modes: - Standard: IP ACL mode that filters packets based o n the source IP address.
Configuring the Switch 3-54 3 with the address for each IP packet entering the port(s ) to which this ACL has been assigned. Web – S pecify the action (i.e., Permit or Deny). Select the addre ss type (Any , Host, or IP). If you select “Host,” enter a specific addres s.
Access Control Li sts 3-55 3 • Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicate s a specific protocol number (0-255). (Options: TCP, UDP, Others; Default: TCP) • Src/Dst Port – Source/destination port number f or the speci fied protocol type.
Configuring the Switch 3-56 3 Web – S pecify the action (i.e., Permi t or Deny). S pecify the source and/or destination addresses. Sel ect the address type (Any , Host, or IP). If you select “Host,” enter a specific address. If you se lect “IP ,” enter a subnet address and the mask for an address range.
Access Control Li sts 3-57 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) • Source/Destination MAC – Us e .
Configuring the Switch 3-58 3 Web – S pecify the action (i.e., Permi t or Deny). S pecify the source and/or destination addresses. Sel ect the address type (Any , Host, or MAC). If you select “Host,” enter a specific a ddress (e.g., 1 1- 2 2-33-44-55-66).
Access Control Li sts 3-59 3 Configuring ACL Masks Y ou can specify optional masks that control the o rder in which ACL rules are checked. The switch includes two system default masks that p ass/filter packets matching the permit/den y rules specified in an ingress ACL.
Configuring the Switch 3-60 3 Configuring an IP ACL Mask This mask defines the fields to check in the IP header . Command Usage • Masks that include an entry for a Laye r 4 protocol source port or destination port can only be a pplied to packets with a header length of exactl y five bytes.
Access Control Li sts 3-61 3 Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address , a specific host address, or an address range. Include ot her criteri a to search for in the rule s, such as a protocol type or one of the servic e types.
Configuring the Switch 3-62 3 Configuring a MAC ACL Mask This mask defines the fields to check in the p acket header . Command Usage Y ou must configure a mask for an ACL rule before you can bind it to a port.
Access Control Li sts 3-63 3 CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask.
Configuring the Switch 3-64 3 Web – Click Security , ACL, Port Bindi ng. Mark the Enable field fo r the port you want to bind to an ACL for ingress or egress traf fic, select the require d ACL from the drop-down list, then click Ap ply .
Port Configuration 3-65 3 • Forced Mode 1 – Shows the forced/preferre d port type to use for combination ports 21-24. (Copper-Forced, Copper-Preferred-Au to, SFP-Forced, SFP-Preferred-Auto) • Trunk Member 1 – Shows if port is a trunk member. • Creation 2 – Shows if a trunk is manua lly configured or dynamically set via L ACP.
Configuring the Switch 3-66 3 • Broadcast storm – Shows if broadcast storm control is enabled or dis abled. • Broadcast storm limit – Shows the broadcast storm threshold. (500 - 262143 pac kets per second) • Flow control – Shows if flow control is enabled or disabl ed.
Port Configuration 3-67 3 Configuring Interface Connections Y ou can use the Port Configuratio n or Trunk Configuratio n page to enable/disab le an interface, set auto-negoti atio n and the interface capabilitie s to advertise, or manually fix the speed, duplex mode, and flow control.
Configuring the Switch 3-68 3 • Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups” on page 3-69. Note: Auto-negotiation must be disabled before you can configure or force the interface to use the Speed/Duplex Mode or Flow Control options.
Port Configuration 3-69 3 Creating Trunk Groups Y ou can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramati c increase in bandwidth for network segments where bottlenecks exist, as well as providi ng a fault-tolerant link between two switches.
Configuring the Switch 3-70 3 Statically Config uring a Trunk Command Usage • When configuring static trunks, you may not be able to link switches of different types, depending on t he manufacturer’s implementation. However, note that the s tatic trunks on this switc h are Cisco EtherChannel compatible.
Port Configuration 3-71 3 CLI – This example creates trunk 2 with port s 1 and 2. Just connect these ports to two stati c trunk ports on another switch to form a trunk.
Configuring the Switch 3-72 3 Web – Click Port, LACP , Config uration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply . Figure 3-42 LACP T runk Configurati on CLI – The following example enables LACP for ports 1 to 6.
Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must me et the following criteria: • Ports must have the same LACP System Priority . • Ports mus t have the same LACP port Admin Key.
Configuring the Switch 3-74 3 Web – Click Port, LACP , Ag gregation Port. Set the System Priority , Admin Key , and Port Priority for the Port Actor .
Port Configuration 3-75 3 CLI – The following example configures LACP p arameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports 5 and 6 are set to b ackup mode.
Configuring the Switch 3-76 3 Displaying LACP Port Counters Y ou can display statistic s for LACP protocol messages. Web – Click Port, LACP , Port Counters Information .
Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side Y ou can display configuration setti ngs and t he operational state for the loca l side of an link a ggregation. T able 3-7 LACP Internal Configuration Informati on Field Description Oper Key Current operational value of the key for the aggregation port.
Configuring the Switch 3-78 3 Web – Click Port, LACP , Port Internal Informati on. Select a port channel to display the corresponding informa tion. Figure 3-45 LACP - Port Internal Information CLI – The following example displays th e LACP configuration settings and operational st ate for the local side of port channel 1.
Port Configuration 3-79 3 Displaying LACP Settings and Status for the Remote Side Y ou can display configuration setti ngs and t he operational state for the remote side of an link aggregat ion. Web – Click Port, L ACP , Port Ne ighbors Information.
Configuring the Switch 3-80 3 CLI – The following example displays th e LACP configuration settings and operational st ate for the remote side of port channel 1. Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on yo ur network is malfunctioning, or if application programs are not we ll designed or properly configured.
Port Configuration 3-81 3 Web – Click Port, Port/T runk Broadcast Control. Check the Enabled box for any interface, set the threshol d and click Apply . Figure 3-47 Port Broadcast Control CLI – S pecify any interface, and then enter the threshold.
Configuring the Switch 3-82 3 Configuring Port Mirroring Y ou can mirror traf fic from any source port to a target port for real-time analysis. Y ou can then attach a logic analyzer or RMON prob e to the target port an d study the traffic cross ing the source port in a completely unobtrusive manner .
Port Configuration 3-83 3 Configuring Rate Limits This function allows th e network manager to control th e maximum rate for traffic transmitted or received on an interface. Rat e limiting is confi gured on interfaces at the edge of a network to limit traf fic coming out of the switch.
Configuring the Switch 3-84 3 Showing Port Statistics Y ou can display standa rd statistics on network traf fic from the Interfaces Group and Ethernet-like MIBs, as wel l as a detaile d breakdown of traffi c based on the RMON MIB. Interfaces and Ethernet-like st atistics display er rors on the traffi c passing through each port.
Port Configuration 3-85 3 Tr ansmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent th eir being transmitted. One possible reason for discarding such a packet could be to free up buffer space .
Configuring the Switch 3-86 3 Received Frames The total number of frames (bad, b roadcast and multicast) received. Broadcast Frames Th e total number of good frames received that were directed to the broadcast addres s. Note that this does not include multicast packe ts.
Port Configuration 3-87 3 Web – Click Port, Port S tatistics. Select th e required i nterface, and click Query . Y ou can also use the Refresh bu tton at the bottom of the page to upda te the screen.
Configuring the Switch 3-88 3 CLI – This example shows statistic s for port 13. Address Table Settings Switches store th e addresses for all known devices. This i nformation is used to pass traffic directly be tween the inbound a nd outbound ports. All the addresses learned by monitoring traf fic are stored in the dynamic address table.
Address T able Settings 3-89 3 • VLAN – ID of configured VLAN (1-4094). Web – Click Address T able, St atic Addresses. S pecify the i nterface, the MAC address and VLAN, then click Add S tati c Address. Then set this as a permanent address or to be deleted on reset.
Configuring the Switch 3-90 3 Web – Click Addre ss T able, Dynamic Addresses . Sp ecify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and the n click Query . Figure 3-52 Dy namic Addresses CLI – This example also displays the address table entries for port 1.
Spanning Tree Algorithm Configuration 3-91 3 Changing the Aging Time Y ou can set the aging time for entrie s in the dynamic address tab le. Command Attributes • Aging Status – Enables or disables the aging time. • Aging Time – The time after which a learned entry is discarded.
Configuring the Switch 3-92 3 Once a st able network topology has been e stablished, all bridges listen for Hello BPDUs (Bridge Protocol Dat a Units) transmitted from the Ro ot Bridge. If a bridge does not get a Hello BPDU afte r a predefined interval (Maximum Age), the brid ge assumes that the link to the Root Bridge i s down.
Spanning Tree Algorithm Configuration 3-93 3 • Hello Time – Interval (in seconds) at which the root device transmits a configurati on message. • Forward Delay – The maximum ti me (in seconds) the root dev ice will wait befo re changing states (i.
Configuring the Switch 3-94 3 information that would make it return to a di scarding state; otherwise, temporary data loops mi ght result. • Root Hold Time – The interval (in seconds) during whi ch no more than two bridge configurati on protocol data units shall be transmitted by this node.
Spanning Tree Algorithm Configuration 3-95 3 CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network.
Configuring the Switch 3-96 3 Configuring Global Settings Global setti ngs apply to the enti re switch. Command Usage • Spanning Tree Protoco l 6 Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates one spanning tree instance for t he en tire network.
Spanning Tree Algorithm Configuration 3-97 3 • Priority – Bridge priority is used in selecting the root device, root port, and designated port. The devi ce with the highest priority becomes the STA root device. However, if all d evices have the same priority, the device with the lowest MAC address will then become the root dev ice.
Configuring the Switch 3-98 3 • Transmission Limit – The maximum transmissi on rate for BPDUs is specified by setting the mi nimum interval between the transmission of consecutive protocol messages.
Spanning Tree Algorithm Configuration 3-99 3 Web – Click S panning T ree, ST A, Configuration. Modify the required attributes, and click Apply . Figure 3-55 ST A Configuration.
Configuring the Switch 3-100 3 CLI – This example enables S pann ing Tree Protoco l, sets the mode to MST , and then configures the ST A and MSTP parameters. Displaying Interface Settings The ST A Port Information and ST A Trunk Informa tion pages display the current status of p orts and trunks in the S panning T ree.
Spanning Tree Algorithm Configuration 3-101 3 • Oper Link Type – The operational point-to-point status of the LAN segme nt attached to this interfac e. This parameter is determined by manual configurati on or by auto-detection, a s described for Admin Link Type in STA Port Configuration on page 3-103.
Configuring the Switch 3-102 3 • Priority – Defines the priority used for this port in the Spanning Tree Al gorithm. If the path cost for al l ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an activ e link in the Spanning Tree .
Spanning Tree Algorithm Configuration 3-103 3 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP and MSTP attributes f or specific inte rfaces, including port priority , path cost, link type, and edge port.
Configuring the Switch 3-104 3 Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numeric identi fier will be enabled. • Default: 128 • Range: 0-240, in steps of 16 • Path Cost – This parameter is used by the STP to determine the best path between devices.
Spanning Tree Algorithm Configuration 3-105 3 Web – Click S p anning Tree , ST A, Port Conf iguration or T runk Confi guration. Modify the required attributes, then click App ly . Figure 3-57 ST A Port Configuration CLI – This example sets ST A attributes for port 7.
Configuring the Switch 3-106 3 Command Attributes • MST Instance – Instance ident ifier of this spanning tree. (Default: 0) • Priority – The priority of a spanning tre e instance.
Spanning Tree Algorithm Configuration 3-107 3 CLI – This displays ST A settings for instance 1, followed by settings fo r each port. CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI.
Configuring the Switch 3-108 3 Displaying Interface Settings for MSTP The MSTP Port Informati on and MSTP Trunk I nformation pages dis play the current status of p orts and trunks in th e selected MST instance . Field Attributes • MST Instance ID – Instance identifie r to c onfigure.
Spanning Tree Algorithm Configuration 3-109 3 Configuring Interface Settings for MSTP Y ou can configure the ST A interface setti ngs for an MST Inst ance using the MSTP Port Configuration and MSTP T runk Configuration page s.
Configuring the Switch 3-110 3 • MST Path Cost – This parameter i s used by the MSTP to determine the best path between devices. Therefore, lo wer values should be assigned to p orts attached to faster media, and higher values assi gned to ports with slower media.
VLAN Configuration 3-111 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traf fic for each subnet into separate domai ns. This switch provides a similar s ervice at Layer 2 by using VLANs to organize any group of network nodes into sep arate broadcast domains.
Configuring the Switch 3-112 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tag ging.
VLAN Configuration 3-113 3 these host s, and core switches in t he network, enable GVRP on the links between these devices. Y ou should also determine security boundaries in the n etwork and disable GVRP on the boundary port s to prevent advertisements from being propagated, or forbid th ose ports from joining restricted VLANs.
Configuring the Switch 3-114 3 Enabling or Disab ling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) def ines a way for switches to exchange VLAN information in order to registe r VLAN members on ports across the network.
VLAN Configuration 3-115 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current T able shows the current port members of each VLAN and whether or not the port supports VLAN tag ging. Ports assigned to a large VLAN group that crosses several switches sh ould use VLAN tagging.
Configuring the Switch 3-116 3 Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatically le arned via GVRP. - Static : Added as a static entry.
VLAN Configuration 3-117 3 Web – Click VLAN, 802.1Q VLAN, S tatic List. T o create a new VLAN, en ter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add. Figure 3-64 VLAN Static List - Creating VLANs CLI – This example creates a new VLAN.
Configuring the Switch 3-118 3 • Trunk – Trunk identifier . • Membership Type – Select VLAN membership for each interface by marking the appropriate radio button fo r a port or trunk: - Tagged : Interface is a member of the VLAN.
VLAN Configuration 3-119 3 Adding Static Members to VLANs (Port Index) Use the VLAN S tatic Membership by Port menu to assign VLAN group s to the selected interface as a t agged member . Command Attributes • Interface – Port or trunk identifier. • Member – VLANs for which the selected interface is a tagged member.
Configuring the Switch 3-120 3 values for the GARP timers are in dependent of the media access method or data rate. These values should not be changed unless you are experien cing difficulties with GVRP registration/deregistratio n. Command Attributes • PVID – VLAN ID assigned to untagged frames received on the interface.
VLAN Configuration 3-121 3 • Mode – Indic ates VLAN membership mode for an interface. (Default: 1Q Trunk) - 1Q Trunk – Specifi es a port as an end-point f or a VL AN trunk. A trunk is a direct link between two switches, so the port tra nsmi ts tagged frames that identify the source VLAN.
Configuring the Switch 3-122 3 Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Dat a traffic on downlink po rts can only be forwarded to , and from, uplink port s. (Note that private VLANs and normal VLANs can exist simult aneously within the same switch.
VLAN Configuration 3-123 3 Configuring Uplink and Downlink Ports Use the Private VLAN Link S tatus page to set ports as do wnlink or uplink ports. Ports designated as downlink port s can not communicate with any other ports on the switch except for the uplink po rts.
Configuring the Switch 3-124 3 Configuring Proto col Groups Create a protocol group for one or more protocols. Command Attributes • Protocol Grou p ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this p rotocol.
VLAN Configuration 3-125 3 - If the frame is untagged and t he protocol type matches, the frame is f orwarded to the appropriate VLAN. - If the frame is untagged but the protoco l type does not match, the frame is forwarded to the default VLAN for thi s interface.
Configuring the Switch 3-126 3 Class of Service Configuration Class of Service (CoS) allows you to specify which dat a packets have gre ater precedence when traf fic is buffered in the switch due to congestion. Thi s switch supports Co S with eight priority queues for each port.
Class of Service Configuration 3-127 3 Web – Click Priority , Default Port Priority or De fault T runk Priority . Modify the default priority for any i nterface, then click Apply . Figure 3-72 Default Port P riority CLI – This example assigns a default priori ty of 5 to port 3.
Configuring the Switch 3-128 3 Mapping CoS Values to Egress Queues This switch processe s Class of Service (CoS) priority tagged traffi c by using eight priority queues for each port, with service sched ules based on strict or Weighted Round Robin (WRR).
Class of Service Configuration 3-129 3 Web – Click Priority , Traf fic Classes. Assign priorities to th e traf fic classes (i.e., output queues), the n click Apply . Figure 3-73 T raffic Classes CLI – The following example shows ho w to change the CoS assignments to a one-to-one mapping .
Configuring the Switch 3-130 3 • Strict - Services the egress queues in sequen tial order, transmitting all traffic in the higher priority queues before servicin g lower priority queues. Web – Click Priority , Queue Mode. Select S trict or WRR, then click Apply .
Class of Service Configuration 3-131 3 Web – Click Priority , Queue Scheduling. Select the interface, hig hlight a traffic class (i.e., output queue), e nter a weight, then click Apply . Figure 3-75 Queue Scheduli ng CLI – The following example sho ws how to assign WRR weights to each of the priority queues.
Configuring the Switch 3-132 3 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch support s several common methods of prioritizing layer 3/4 traffic to meet application requi rements.
Class of Service Configuration 3-133 3 Mapping IP Precedence The T ype of Service (T oS) octet in the IPv4 header includes three pr ecedence bits defining eight di fferent priority levels ranging from highest prio rity for network control packet s to lowest priority for routine traffi c.
Configuring the Switch 3-134 3 CLI – The fol lowing example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings.
Class of Service Configuration 3-135 3 Web – Click Priority , IP DSCP Priority . Select an entry from the DSCP table, enter a value in the Class of Service V alue field, then click Apply .
Configuring the Switch 3-136 3 Mapping IP Port Priority Y ou can also map network applications to Clas s of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header . Some of the more common TCP service port s include: HTTP: 80, FTP: 21, T elnet: 23 and POP3: 1 10.
Class of Service Configuration 3-137 3 CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS value 0, and then displays the IP Port Priority settings fo r that port.
Configuring the Switch 3-138 3 Web – Click Priority , ACL CoS Priority . Enable mapping for any port, select an ACL from the scroll -down list, then click Apply . Figure 3-81 ACL CoS Priority CLI – This example assigns a CoS value of zero to pa ckets matching rules within the specified ACL on port 24.
Class of Service Configuration 3-139 3 Command Attributes • Port – Port identifier. •N a m e 14 – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Precedence value. (Range: 0-7) • DSCP – Differentiated Services Code Point value.
Configuring the Switch 3-140 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconferencing or streaming audio.
Multicast Filtering 3-141 3 Configuring IGMP Snoo ping and Query Parameters Y ou can configure the switch to forward multicast traf fic intelligently . Based on the IGMP query and report messages, the switch forwards tra ffic only to the ports that request multicast traffic.
Configuring the Switch 3-142 3 Web – Click IGMP Snooping, IGMP Configurati on. Adj ust the IGMP settings as required, and then click Apply . (The default settings are shown below .) Figure 3-83 IGMP Configuration CLI – This exampl e modifies the settings for multicast filtering, and then displays th e current st atus.
Multicast Filtering 3-143 3 Displaying Interfaces Attached to a M ulticast Router Multicast routers that are att ached to port s on the swi tch use information obt ained from IGMP , along with a multicast routi ng protoco l such as DVMRP or PIM, to support IP multicasting across the Internet.
Configuring the Switch 3-144 3 Command Attributes • Interface – Activates the Port or Trunk scroll down list. • VLAN ID – Selects the VLAN to propagate al l multicast traffic coming from the attached multicast router. • Port or Trunk – Specifies the interface att ached to a multicast router.
Multicast Filtering 3-145 3 Web – Click IGMP Snooping, IP Multicast Re gistration T able. Select a VLAN ID and the IP address for a multicast service fr om the scroll-down li sts. The switch will display all the interfaces that are prop agating this multicast service.
Configuring the Switch 3-146 3 • Multicast IP – The IP address for a specific multicas t service • Port or Trunk – Specifies the interface attache d to a multicast router/switch.
Configuring Domain Nam e Service 3-147 3 Configuring General DNS Server Parameters Command Usage • T o enable DNS service on this switch, first configure one or more name servers, and then enable domain l ookup status. • T o append domain names to incomplete host names received from a DNS cli ent (i.
Configuring the Switch 3-148 3 Web – Select DNS, General Configuration. Set t he default domain name or l ist of domain names, speci fy one or more name servers to use to use for addres s resolution, enable domain lo okup status, and click Apply .
Configuring Domain Nam e Service 3-149 3 Configuring Static DNS Host to Address Entries Y ou can manually configure st atic entries in the DNS table that are used to map domain names to IP addresses.
Configuring the Switch 3-150 3 Web – Select DNS, S tatic Host T able. Enter a host name and one or more corresponding addresse s, then click Apply . Figure 3-89 DNS Static Host T able CLI - This example maps two addre ss to a host name, and then configures an alias host name for the same addresses.
Configuring Domain Nam e Service 3-151 3 Displaying the DNS Cache Y ou can display entries in the DNS cache that hav e been learned via the designated name servers. Field Attributes •N o – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore unreliable.
Configuring the Switch 3-152 3 CLI - This example displays all the resource records le arned from the designated name servers. Console#show dns cache 4-123 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46 .134.222 51 www.microsoft.akadns.net 1 4 CNAME 207.
4-1 Chapter 4: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interfa ce f.
Command Line Interfa ce 4-2 4 T o access the switch through a T elnet session, you must first set the IP address for the switch, and set the d efault gateway if you are manag in g the switch from a different IP subnet.
Entering Commands 4-3 4 Entering Commands This section describes how to enter CLI comman ds. Keywords and Arguments A CLI command is a s eries of keywords and argument s.
Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will disp lay the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configurati on class (Global, ACL, Int erface, Line, VLAN Databa se, or MSTP).
Entering Commands 4-5 4 Partial Keyword Lookup If you terminate a p artial keyword with a question mark, alternati ves that ma tch the initial letters are provided . (Remember not to leave a space between the command and question mark.) For example “ s? ” shows all the keywords st arting with “s.
Command Line Interfa ce 4-6 4 Understanding Command Modes The command set is divided into Exec and Co nfiguration classes. Exec command s generally display in formation on system status or clea r statistical counters. Configuration commands, on the other h and, modify interface parameters or e nable certai n switching functions.
Entering Commands 4-7 4 Configuration Commands Configuration commands a re privileged level commands used to modify switch settings. These commands modify the running configu ration only and are no t saved when the switch is rebooted. T o store the running configuration in non-volatile storage, use the copy running-config st artup-config command.
Command Line Interfa ce 4-8 4 T o enter the other modes, at the configurat ion prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode.
Entering Commands 4-9 4 Command Line Processing Commands are not case sensitive. Y ou can abbreviate commands and parameters as long as they conta in enough letters to diff erentiate them from any other currently available comman ds or parameters.
Command Line Interfa ce 4-10 4 Command Groups The system commands can be broken down into the functional groups shown bel ow . T able 4-4 Command Group Index Command Group De scription Page Line Sets .
Line Comma nds 4-11 4 The access mode shown in the following t ables is indicated by these abbrev iations: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) GC.
Command Line Interfa ce 4-12 4 line This command identifies a spe cific line f or configuration, and to process s ubsequent line configurati on commands. Syntax line { console | vty } • console - Console termina l line. • vty - Virtual terminal for remote cons ole access (i.
Line Comma nds 4-13 4 Command Usage • There are three authentication modes provi ded by the switch itself at login: - login selects authentication by a single global password as specified by the password line configurat ion command. When using this method, the management interface starts in Normal Exec (NE) mode.
Command Line Interfa ce 4-14 4 number of times a user can enter an incorrec t password before the system terminates the lin e connection and returns the termina l to the idle state. • The encrypted p assword is required for compatibil ity with legacy password settings (i.
Line Comma nds 4-15 4 password-thresh This command sets th e password intrusion threshold which limit s the number of failed logon attempt s. Use the no form to remove th e threshold value. Syntax p assword-thresh [ threshold ] no password-thresh threshold - The number of allowed password attempts.
Command Line Interfa ce 4-16 4 Example T o set the silent time to 60 seconds, ent er this command: Related Commands password-thresh (4-15) databits This command sets th e number of data bits per character that are in terpreted and generated by the console port.
Line Comma nds 4-17 4 parity This command defines the generation of a p arity bit. Use the no form to restore the default setti ng. Syntax p arity { no ne | even | odd } no parity • none - No parity.
Command Line Interfa ce 4-18 4 Command Usage Set the speed to match the baud rate of the d evice connected to the seri al port. Some baud rates avai lable on device s connected to the port might not be supported. The system indicates i f the speed you selected is not supported.
Line Comma nds 4-19 4 Command Usage S pecifying session id entifier “0” wil l disconnect the console connectio n. S pecifying any o ther identifiers for an active session will disconnect an SSH or T elnet connection. Example Related Commands show ssh (4-41) show users (4-61) show line This command displays the termi nal line’s p arameters.
Command Line Interfa ce 4-20 4 General Commands enable This command activates Privilege d Exec mode. In privileged mode, additional commands are avail able, and certain command s display additional information. See “Understandin g Command Modes” on page 4-6.
General Comma nds 4-21 4 Example Related Commands disable (4-21) enable password (4-27) disable This command returns to Normal Exec mode from privileged mod e. In normal access mode, you can only disp lay basic in formation on the swit ch's configurati on or Ethernet stati stics.
Command Line Interfa ce 4-22 4 Related Commands end (4-23) show hist ory This command shows the contents of the co mmand history buffer . Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The history buf fer size is fixed at 10 Execution commands and 10 Configuration commands.
General Comma nds 4-23 4 Command Mode Privileged Exec Command Usage This command resets the en tire system. Example This example shows how to reset the switch: end This command returns to Privileged Exec mode.
Command Line Interfa ce 4-24 4 quit This command exit s the configuration program. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The quit and exit commands can both exit the configuration pr ogram.
System Management Comma nds 4-25 4 Device Designation Commands prompt This command customi zes the CLI prompt. Use the no form to restore the default prompt.
Command Line Interfa ce 4-26 4 Example User Access Commands The basic commands required fo r management access are listed in this secti on. This switch also includes other options for p assword checki.
System Management Comma nds 4-27 4 Command Mode Global Configurat ion Command Usage The encrypted p assword is required for comp atibility with leg acy password settings (i.e., plain te xt or encrypted) wh en reading the configurati on file during system bootup or when downlo ading the configuration file from a TFTP server .
Command Line Interfa ce 4-28 4 Example Related Commands enable (4-20) IP Filter Commands management This command specifi es the client IP addresses that a re allowed management access to the switch through various protocols. Use the no form to restore the default setti ng.
System Management Comma nds 4-29 4 • When entering addres ses for the same grou p (i.e., SNMP, Web or Telnet), the switch will not accept ove rlapping address ranges. When entering addresses for different groups, the switc h will accept overlappi ng address ranges.
Command Line Interfa ce 4-30 4 Web Server Commands ip http port This command specifies the TCP port nu mber used by the W eb browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface.
System Management Comma nds 4-31 4 Example Related Commands ip http port (4-3 0) ip http secure-server This command enables the secure hype rtext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure acc ess (i.e., an encrypted connection) to the switch’ s Web interface.
Command Line Interfa ce 4-32 4 Example Related Commands ip http secure-port (4-32) copy tf tp https-certificate (4-63) ip http secure-port This command specifies the UDP port n umber used for HTTPS/SSL connection to the switch’ s Web interface. Use the no form to restore the default port.
System Management Comma nds 4-33 4 Telnet Server Commands ip telnet port This command specifi es the TCP port number use d by the T elnet interface. Use the no form to use the defaul t port. Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface.
Command Line Interfa ce 4-34 4 Related Commands ip telnet port (4 -33) Secure Shell Commands The Berkley-st andard includes remote access tools originally desi gned for Unix systems. Some of these tools have also bee n implemented for Microsoft Windows and other envi ronments.
System Management Comma nds 4-35 4 The SSH server on this switch support s both password and public key authentication. If p assword authentication is specified by the SSH client, then the password ca.
Command Line Interfa ce 4-36 4 corresponding to the public keys stored o n the switch can gain a ccess. The following exchange s take place during this process: a. The client sends it s public key to the switc h. b. The switch compares the client's public key to those stored in memory .
System Management Comma nds 4-37 4 ip ssh timeout Use this command to c onfigure the timeout for the SSH server . Use the no form to restore the default setting. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation.
Command Line Interfa ce 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key s ize Use this command to set the SSH server key size. Use the no for m to restore the default setti ng. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server k ey .
System Management Comma nds 4-39 4 Example ip ssh crypto host-key generate Use this command to generate the host k ey p air (i.e., public and pri vate). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) ke y type.
Command Line Interfa ce 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from vol atile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. • The SSH server must be di sabled before you can execute this command.
System Management Comma nds 4-41 4 Example show ssh Use this command to display the current SSH server connecti ons. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.
Command Line Interfa ce 4-42 4 show public-key Use this command to show the public key f or the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys.
System Management Comma nds 4-43 4 Event Logging Commands logging on This command controls loggin g of error messages, sending debug or error messages to switch memory .
Command Line Interfa ce 4-44 4 logging history This command limi ts syslog messages sa ved to switch memory based on s everity . The no form returns the l ogging of syslog messages to the default level. Syntax logging history { flash | ram } level no logging history { flash | ram } • flash - Event history store d in flash memory (i.
System Management Comma nds 4-45 4 logging ho st This command adds a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server .
Command Line Interfa ce 4-46 4 logging trap This command enables th e logging of system messages to a remote server , or limits the syslog messages saved to a remote server ba sed on severity . Use this command without a specif ied level to enable remote logg ing.
System Management Comma nds 4-47 4 Related Commands show logging (4-47 ) show logging This command displays the loggin g configuration, along with any system and event messages stored in memory . Syntax show logging { flash | ram | sendmail | trap } • flash - Event history store d in flash memory (i.
Command Line Interfa ce 4-48 4 The following example dis plays settings for the trap function. Related Commands show logging s endmail (4-51) SMTP Alert Commands These commands configure SMTP event h andling, and forwarding of alert messages to the s pecified SMTP servers and emai l recipients.
System Management Comma nds 4-49 4 logging sendmail ho st This command specifies SMTP servers that wi ll be sent alert messages. Use the no form to remove an SMTP server . Syntax [ no ] logging sendm ail host ip_address ip_address - IP address of an SMTP serve r that will be sent alert messages for ev ent handling.
Command Line Interfa ce 4-50 4 Command Usage The specified level indi cates an event thresh old. All events at this level or higher will be sent to the confi gured email recipients. (For example , using Level 7 will report all event s from level 7 to level 0.
System Management Comma nds 4-51 4 Command Usage Y ou can specify u p to five recipients for a lert messages. However , you must enter a sep arate command to specify each recip ient. Example logging s endmail This command enables SMTP event handli ng.
Command Line Interfa ce 4-52 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP), or by using information broadcast by local time serve rs.
System Management Comma nds 4-53 4 Example Related Commands sntp server (4-53) sntp poll (4 -54) show sntp (4-54) sntp server This command sets th e IP address of the servers to which SNTP time requests are issued. Use the this comman d with no arguments to clear all time servers from the current list.
Command Line Interfa ce 4-54 4 sntp poll This command sets th e interval between sending time request s when the switch is set to SNTP clie nt mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
System Management Comma nds 4-55 4 clock timezone This command sets th e time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes { before-ut c | after-utc } • name - Name of timezone, usually an acrony m. (Range: 1-29 characters) • hours - Number of hours before/after UTC.
Command Line Interfa ce 4-56 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15:12:34, February 1st, 2004.
System Management Comma nds 4-57 4 System Status Commands show startup-config This command displays the configuration file stored in non-volatil e memory that is used to st art up the system.
Command Line Interfa ce 4-58 4 Example Related Commands show running-config (4-58) show running-con fig This command displays the configuration information currently in us e.
System Management Comma nds 4-59 4 - VLAN configuration setti ngs for each interface - Multiple spanning tree instances (name and inte rfaces) - IP address configured for VLANs - Spanning tree settings - Any configured settings for the console port and Telnet Example Console#show running-config building running-config, pleas e wait.
Command Line Interfa ce 4-60 4 Related Commands show startup-config (4-57) show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this comman d, refer to “Displaying System Information” on page 3-9.
System Management Comma nds 4-61 4 show users Shows all active console and T elnet sessions, includi ng user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.
Command Line Interfa ce 4-62 4 Example Frame Size Commands jumbo frame This command enables support for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled .
Flash/File Comma nds 4-63 4 Example Flash/File Commands These commands are used to manage the system code or configuration files. copy This command moves (upload/download) a code image or configuration file between the switch ’s flash memory and a TFTP server .
Command Line Interfa ce 4-64 4 Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. • The destination fi le name should not contai n slashes ( or /), the leadi ng letter of the file name should not be a period (.
Flash/File Comma nds 4-65 4 The following example shows how to do wnload a configuration file: This example shows how to copy a secure-site certificate from an TFTP server . It then reboot s the switch to activate the certificate: This example shows how to copy a public-ke y used by SSH from an TFTP server .
Command Line Interfa ce 4-66 4 Command Usage • If the file type is used for system startup, the n this file cannot be deleted. • “Factory_Default_Config.cfg ” cannot be deleted. Example This example shows how to del ete the test2.cfg configuration file from flash memory .
Flash/File Comma nds 4-67 4 Example The following example shows how to di splay all file information: whichboo t This command displ ays which files were booted when the system powered up. Default Setting None Command Mode Privileged Exec Example This example shows the information disp layed by the whichboot command.
Command Line Interfa ce 4-68 4 Default Setting None Command Mode Global Configurat ion Command Usage • A colon (:) is required after the specified file type.
Authentication Commands 4-69 4 Authentication Sequence authentication login This command defines the login authenti cation method and precedenc e. Use the no form to restore the default. Syntax authentication login {[ local ] [ radius ] [ t acacs ]} no authentication login • local - Use local password.
Command Line Interfa ce 4-70 4 authenticatio n enable This command defines the authentication method and precedence to use when changing from Exec command mode to Privil eged Exec command mode with the enable command (see pag e 4-20). Use the no form to resto re the default.
Authentication Commands 4-71 4 RADIUS Client Remote Authenticati on Dial-in User Service (RADIUS) is a logon authentication protocol that uses sof tware running on a central server to control access to RADIUS-aware devices on the network.
Command Line Interfa ce 4-72 4 Default Setting 1812 Command Mode Global Configurat ion Example radius-server key This command sets th e RADIUS encryption key . Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate log on access for client.
Authentication Commands 4-73 4 Example radius-server timeout This command sets th e interval between transmitting authentication reque sts to the RADIUS server .
Command Line Interfa ce 4-74 4 TACACS+ Client T erminal Access Controll er Access Control System (T ACACS+) is a logon authentication protocol that uses software running on a central server to control access to T ACACS-aware devices on the network.
Authentication Commands 4-75 4 Command Mode Global Configurat ion Example tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to restore the default. Syntax t acacs-server key key_string no t acacs-server key key_string - Encryption key used to authenticate log on access for the client.
Command Line Interfa ce 4-76 4 Port Security Commands These commands can be used to enable port security on a port. Wh en using port security , the switch stops learning new MAC addresses on the specifi ed port when it has reached a co nfigured maximum number .
Authentication Commands 4-77 4 Command Usage • If you enable po rt security, the switch sto ps learning new MAC addre sses on the specified port when it has reached a con figured maximum number. Only incoming traffic with source a ddresses already stored in the dyna mic or static address table will be accepted.
Command Line Interfa ce 4-78 4 802.1X Port Authentication The switch supports IEEE 802.1 X (dot1x) p ort-based access control that prevents unauthorized access to the network by requi ring users to first submit credenti als for authentication.
Authentication Commands 4-79 4 authentication dot1x default This command sets th e default authentication server type. Use the no form to restore the default.
Command Line Interfa ce 4-80 4 Command Mode Global Configurat ion Example dot1x port-control This command sets th e dot1x mode on a port interf ace. Use the no form to restore the default.
Authentication Commands 4-81 4 dot1x operation-mode This command allows singl e or multiple hosts (client s) to connect to an 802.1X-authorized p ort. Use the no form with no keywords to resto re the default to single host. Use the no form with the multi-host max -count keywords to restore the default maximum count.
Command Line Interfa ce 4-82 4 dot1x re-authenticate This command forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number.
Authentication Commands 4-83 4 Command Mode Global Configurat ion Example dot1x timeout re-authperiod This command sets the time period after wh ich a connected client must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds - The number of seconds.
Command Line Interfa ce 4-84 4 show dot1x This command shows general port authenticat ion related settings on the switch or a specific interface. Syntax show dot1x [ statistics ] [ interface interface ] • statistics - Displays dot1x status for each port.
Authentication Commands 4-85 4 • Backend State Machine - State – Current state (inc luding request, response, success, fail, tim eout, idle, initialize). - Request Count – Number of EAP Request packets sent to the Supplicant without rece iving a response.
Command Line Interfa ce 4-86 4 Access Control List Commands Access Control List s (ACL) provide packet filt ering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type).
Access Control List Commands 4-87 4 • You must configure a mask for an ACL rule bef ore you can bind it to a port or set the queue or frame priorities associated with the rule. • The switch does not support the explici t “deny any any” rule for the egress IP ACL or the egress MAC ACLs.
Command Line Interfa ce 4-88 4 access-list ip This command adds an IP access list and enters configuratio n mode for standard or extended IP ACLs. Us e the no form to remove the specified ACL. Syntax [ no ] access-list ip { st andard | extended } acl_name • standard – Specifies an ACL that filters packets based on the source IP address.
Access Control List Commands 4-89 4 Example Related Commands permit, deny 4-89 ip access-group (4-97) show ip access-li st (4-92) permit , deny (Standard ACL) This command adds a rule to a S tandard IP ACL. The rule sets a fi lter condition for packet s emanating from the specified source.
Command Line Interfa ce 4-90 4 permit , deny (Extende d ACL) This command adds a rule to an Extended IP ACL. The rule set s a filter condition for packet s with specific source or destinat ion IP addresses, protocol types, source or destination protocol ports, or TCP control codes.
Access Control List Commands 4-91 4 Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bi ts to indicate “match” and 0 bits to indicate “ignore .
Command Line Interfa ce 4-92 4 Related Commands access-list ip (4-88) show ip access-list This command displays the rule s for configured IP ACLs. Syntax show ip access-list { st andard | extended } [ acl_name ] • standard – Specifies a standard IP ACL.
Access Control List Commands 4-93 4 Command Usage • A mask can onl y be used by all ingress ACLs or all egress ACLs. • The precedence of the ACL rules applied to a packet is not determined by order of the rules, but inst ead by the order of the masks; i .
Command Line Interfa ce 4-94 4 Command Mode IP Mask Command Usage • Packets crossing a port are checke d against all the rules in the ACL until a match is found. The order in wh ich these packets are checked is determined by the mask, and not the order in which the ACL rules were entered.
Access Control List Commands 4-95 4 This shows how to create a standard ACL with an ingress mask to deny acc ess to the IP host 171.69.198.102, a nd permit access to any others . This shows how to create an extended ACL with an egress mask to drop packet s leaving network 171.
Command Line Interfa ce 4-96 4 This is a more comprehensive example. It denies any TCP pa ckets in which the SYN bit is ON, and permit s all other packets. It then set s the ingress mask to check the deny rule first, and finally binds port 1 to this ACL.
Access Control List Commands 4-97 4 Related Commands mask (IP ACL) (4-93) ip access-group This command binds a port to an IP ACL. Use the no form to remove the port. Syntax [ no ] ip access-group acl_name { in | out } • acl_name – Name of the ACL.
Command Line Interfa ce 4-98 4 Related Commands ip access-group (4-97) map access-list ip This command sets th e output queue for packets matching an ACL rule. The specified CoS value i s only used to map the matching pac ket to an output queue; it is not written to the packet itself.
Access Control List Commands 4-99 4 show map access-list ip This command shows the CoS va lue mapped to an IP ACL for the current interface. (The CoS value determines th e output queue for packets matching an ACL rul e.) Syntax show map access-list ip [ interf ace ] interface • ethernet unit / port - unit - This is device 1.
Command Line Interfa ce 4-100 4 Command Usage • You must configure an ACL mask bef ore you can change frame prioritie s based on an ACL rule. • Traffic priori ties may be included in the IEEE 802.1p pri ority tag. This tag is also incorporated as p art of the overall IEEE 802.
Access Control List Commands 4-101 4 MAC ACLs access-list mac This command adds a MAC access list a nd enters MAC ACL configuration mode. Use the no form to remove the specifi ed ACL. Syntax [ no ] access-list mac acl_name acl_name – Name of the ACL.
Command Line Interfa ce 4-102 4 Example Related Commands permit, deny 4-102 mac access-g roup (4-107) show mac access-l ist (4-103) permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rul e filters packet s matching a specified MAC source or destination address (i .
Access Control List Commands 4-103 4 • destination – De stination MAC address range with bitmask. • address- bitmask* – Bitmask for MAC address (in hexidecimal format). • vid – VLAN ID. (Range: 1-4095) • vid-bitmask* – VLAN bitmask. (Range: 1-4095) • protocol – A specific Ethernet protocol number.
Command Line Interfa ce 4-104 4 Example Related Commands permit, deny 4-102 mac access-g roup (4-107) access-list mac mask-pr ecedence This command changes to MAC Mask mode used to confi gure access control masks. Use the no form to delete the mask tab le.
Access Control List Commands 4-105 4 mask (MAC ACL) This command defines a mask for MAC ACLs. This mask d efines the fields to check in the p acket header .
Command Line Interfa ce 4-106 4 Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask.
Access Control List Commands 4-107 4 show access-list mac m ask-precedence This command shows the ingress or egress rule masks for MAC ACLs. Syntax show access-list mac mask-precedence [ in | out ] • in – Ingress mask precedence for ingress ACLs. • out – Egress mask precede nce for egress ACLs.
Command Line Interfa ce 4-108 4 Related Commands show mac access-l ist (4-103) show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Related Commands mac access-g roup (4-107) map access-list mac This command sets th e output queue for packets matching an ACL rule.
Access Control List Commands 4-109 4 Example Related Commands queue cos-map (4-193) show map access-list mac (4-109) show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface. (The CoS value determin es the output queue for packets matching an ACL rule.
Command Line Interfa ce 4-110 4 match access-list mac This command changes the IEEE 802.1p priorit y of a Layer 2 frame matching the defined ACL rul e. (This feature is commonly referred to as ACL packet marking.) Use the no form to remove the ACL marker.
Access Control List Commands 4-111 4 ACL Information show access-list This command shows all ACLs and associated rules, as well as all the user-defi ned masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interface (i.e., the ACL is active), the order i n which the rules are disp layed is determined by the associated mask.
Command Line Interfa ce 4-112 4 SNMP Commands Controls access to this switch from management stations using th e Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the community access string for the Simple Network Management Proto col.
SNMP Commands 4-113 4 Example snmp-server contact This command set s the system cont act string. Use the no form to remove the system cont act information. Syntax snmp-server cont act string no snmp-server cont act string - S tring that describes the system contact information.
Command Line Interfa ce 4-114 4 Related Commands snmp-server contact (4-1 13) snmp-server host This command specifies the recipi ent of a Simple Network Management Protocol notification operation.
SNMP Commands 4-115 4 Related Commands snmp-server enable traps (4-1 15) snmp-server enable traps This command enables this devi ce to send Simple Network Management Protocol traps (SNMP notifi cations).
Command Line Interfa ce 4-116 4 Command Usage This command provides information on t he community access strings, counter information for SNMP input and output protocol da ta units, and whether or not SNMP logging has been enable d with the snmp-server enable trap s command.
DNS Commands 4-117 4 DNS Commands These commands are used to configure Domai n Naming System (DNS) services. Y ou can manually configu re entries in the DNS domai n name to IP address mapping table, configu re default domain names, or specify one or more name servers to use for domain name to address translation.
Command Line Interfa ce 4-118 4 Command Usage Servers or other network devices may support one or more connection s via multiple IP addresses. If more th an one IP address is associated with a host name using this command, a DNS cli ent can try each address in succession, until it est ablishes a connection with the targ et device.
DNS Commands 4-119 4 Default Setting None Command Mode Global Configurat ion Example Related Commands ip domain-list (4-1 19) ip name-server (4-120) ip domain-lookup (4-1 21) ip domain-list This command defines a list of domain name s that can be appended to incomplete host names (i.
Command Line Interfa ce 4-120 4 Example This example adds two domain names to the current list and then displays the list. Related Commands ip domain-name (4 -1 18) ip name-server This command specifies the address of one or more domain name servers to use for name-to-address reso lution.
DNS Commands 4-121 4 Example This example adds two domain-name serve rs to the list and then displays the list. Related Commands ip domain-name (4 -1 18) ip domain-lookup (4-1 21) ip domain-lookup This command enables DNS host name -to-address translation.
Command Line Interfa ce 4-122 4 Example This example enables DNS and then displays the config uration. Related Commands ip domain-name (4 -1 18) ip name-server (4-120) show hosts This command displays the sta tic host name-to-address mapping table.
DNS Commands 4-123 4 show dns This command displays the configuration of the DNS server . Command Mode Privileged Exec Example show dns cache This command displays entries in th e DNS cache. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
Command Line Interfa ce 4-124 4 clear dns cache This command clears all entries in th e DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG TYPE IP T.
Interface Commands 4-125 4 Interface Commands These commands are used to display or set co mmunication parameters for an Ethernet port, aggregated link, or VLAN. interface This command configure s an interface type and enter interface co nfiguration mode.
Command Line Interfa ce 4-126 4 Command Mode Global Configuration Example T o specify port 24, enter the fo llowing command: description This command adds a description to an interface.
Interface Commands 4-127 4 Default Setting • Auto-negotiat ion is enabled by de fault. • When auto-negotiati on is disabled, the default spe ed-duplex setting is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports.
Command Line Interfa ce 4-128 4 • If autonegotiati on is disabled, auto-MDI /MDI-X pin signa l configuration will also be disab led for the RJ-45 ports.
Interface Commands 4-129 4 Example The following example configures Ethernet port 5 cap abilities to 100half, 100full and flow contro l. Related Commands negotiation (4-127) speed-duplex (4 -126) flowcontrol (4-129) flowcontrol This command enable s flow control.
Command Line Interfa ce 4-130 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-127) capabili ties (flo wcontrol, symmetric) (4-128) combo-forced-mode This command forces the port type s elected for combination port s 21-24.
Interface Commands 4-131 4 Default Setting All interfaces are enabled. Command Mode Interface Co nfiguration (Ethernet, Po rt Channel) Command Usage This command all ows you to disable a p ort due to abnormal behav ior (e.g., excessive collisi ons), and then reenable it after the problem has been resolved.
Command Line Interfa ce 4-132 4 Example The following s hows how to configure broadcast storm control a t 600 packet s per second: clear counters This command clears statistics on an i nterface. Syntax clear counters interface interface • ethernet unit / port - unit - This is device 1.
Interface Commands 4-133 4 show interfaces status This command displays the sta tus for an interface. Syntax show interfaces sta tus [ interface ] interface • ethernet unit / port - unit - This is device 1.
Command Line Interfa ce 4-134 4 show interfaces counters This command displays inte rface statisti cs. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channe l channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces.
Interface Commands 4-135 4 show interfaces switchport This command displays the admi nistrative and operationa l status of the specified interfaces. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - This is device 1.
Command Line Interfa ce 4-136 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion.
Mirror Port Commands 4-137 4 Command Usage • You can mirror traffic from any source port to a destination port for re al-time analysis. Yo u can then attach a logic analyzer or RMON probe to the destination port an d study the traffic crossing the source port in a completely unobtrusive manner.
Command Line Interfa ce 4-138 4 Example The following s hows mirroring configured from port 6 to port 1 1: Rate Limit Commands This function allows th e network manager to control th e maximum rate for traffic transmitted or received on an interface.
Link Aggregation Co mmands 4-139 4 Example Link Aggregation Commands Ports can b e statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ens ure fault recovery .
Command Line Interfa ce 4-140 4 • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specifie d port-channel. • STP, VLAN, and IGMP setting s can only be made for the entire trunk via the specified port-channel .
Link Aggregation Co mmands 4-141 4 lacp This command enables 802.3ad Link Aggrega tion Control Protocol (LACP) for the current inte rface. Use the no form to disable it.
Command Line Interfa ce 4-142 4 lacp system-priority This command configures a port's LACP system priority . Use the no form to restore the default sett ing. Syntax lacp { actor | partner } system-priority priority no lacp { actor | pa r t n er } system-priority • actor - The local side an aggregate li nk.
Link Aggregation Co mmands 4-143 4 lacp admin-key (Ethernet Interface) This command confi gures a port's LACP administration key . Use the no form to restore the default setting. Syntax lacp { actor | partner } admin-key key [ no ] lacp { actor | partner } admi n-key • actor - The local side an aggregate li nk.
Command Line Interfa ce 4-144 4 lacp admin-key (Po rt Channel) This command configures a port channel's LACP administration key string. Use the no form to restore the default setting.
Link Aggregation Co mmands 4-145 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • Setting a lower value indicates a high er effective priority . • If an active port link goes down, the backup port with the high est priority is selected to replace the downed link.
Command Line Interfa ce 4-146 4 Example Console#show lacp 1 counters Port Channel : 1 ------------------------------ ------------------------------------------- Eth 1/ 1 ------------------------------.
Link Aggregation Co mmands 4-147 4 Console#show lacp 1 internal Port Channel : 1 ------------------------------ ------------------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ---------.
Command Line Interfa ce 4-148 4 Console#show lacp 1 neighbors Port Channel 1 neighbors ------------------------------ ------------------------------------------- Eth 1/1 ------------------------------.
Address T able Commands 4-149 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearing t he table, or setting the aging time.
Command Line Interfa ce 4-150 4 mac-address-table static This command maps a st atic address to a destination port in a VLAN. Use the no form to remove an address. Syntax mac-address-t able static mac-address interface interface vlan vlan-id [ action ] no mac-address-t able static mac-address vlan vlan-id • mac-address - MAC a ddress.
Address T able Commands 4-151 4 clear mac-address-table dynamic This command removes any learned entries from the forwarding dat abase and clears the transmit and receive counts for any st atic or system configured entries.
Command Line Interfa ce 4-152 4 means to match a bit and “1” means to ignore a bit. For example, a mask of 00-00-00-00-00-00 mean s an exact match, and a mask of FF-FF-FF-FF -FF-FF means “any.” • The maximum number of address entri es is 8191.
Spanning Tree Commands 4-153 4 Spanning Tree Commands This section includes co mmands that configu re the S panning T ree Algorithm (ST A) globally for the switch, and commands tha t configure ST A for the selected interface.
Command Line Interfa ce 4-154 4 spanning-tr ee This command enables the S p anning Tree Alg orithm globally for the switch. Use the no form to disable it.
Spanning Tree Commands 4-155 4 Command Usage • Spanning Tree Protoco l Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This creates one spannin g tree instance f or the entire network.
Command Line Interfa ce 4-156 4 Default Setting 15 seconds Command Mode Global Configurat ion Command Usage This command sets the maximum time (in seconds) the root device will wait before changing states (i.e., disca rding to learning to forwardi ng).
Spanning Tree Commands 4-157 4 spanning-tree max -age This command configures the span ning tree bridge maximum age globally for this switch. Use the no form to resto re the default. Syntax sp anning-tree max-age seconds no spanning-tree max-age seconds - T ime in sec onds.
Command Line Interfa ce 4-158 4 Command Mode Global Configurat ion Command Usage Bridge priority is used in sel ecting the root device, root port, and designa ted port.
Spanning Tree Commands 4-159 4 spanning-tree transmission-limit This command configures the minimum i nterval between the transmission of consecutive RSTP/MSTP BPDUs. Use the no form to restore the defaul t. Syntax sp anning-tree transmission-limit count no spanning-tree transmission-li mit count - The transmission limit in seconds.
Command Line Interfa ce 4-160 4 mst vlan This command adds VLANs to a spanning tree inst ance. Use the no form to remove the specified VLANs. Using th e no form without any VLAN parameters to remove all VLANs. Syntax [ no ] mst inst ance_id vlan vlan-range • instance_id - Instance id entifier of th e spanning tree.
Spanning Tree Commands 4-161 4 mst priority This command configures the priority of a sp anning tree instance . Use the no form to restore the default. Syntax mst inst ance_id priority priority no mst instance_i d priority • instance_id - Instance id entifier of th e spanning tree.
Command Line Interfa ce 4-162 4 Command Usage The MST region name and revis ion number (page 4-162) are used to designate a uniqu e MST region. A bridge (i.e., sp anning-tree compliant device such as this switch) can only bel ong to one MST region. And all bridges in the same region must be configured with the same MST in stances.
Spanning Tree Commands 4-163 4 max-hops This command configures the maximum numbe r of hops in the region before a BPDU is discarded. Use the no form to restor e the default. Syntax max-hop s hop-number hop-number - Maximum hop nu mber for multiple spanning tree.
Command Line Interfa ce 4-164 4 spanning-tree co st This command configures the span ning tree pa th cost for the spe cifie d interface. Use the no form to restore the default. Syntax sp anning-tree cost cost no sp anning-tree cost cost - The path cost for the port.
Spanning Tree Commands 4-165 4 Default Setting 128 Command Mode Interface Co nfiguration (Ethernet, Po rt Channel) Command Usage • This command defines the priori ty for the use of a port in the Spanning Tree Algorithm.
Command Line Interfa ce 4-166 4 Example Related Commands spanning-tree port fast (4-166) spanning-tree portfast This command sets an in terface to fast forward ing.
Spanning Tree Commands 4-167 4 spanning-tree link-type This command configures the link type fo r Rapid Sp anning T ree and Multiple S panning T ree. Use the no form to restore the default. Syntax sp anning-tree link-type { auto | point-to-poi nt | shared } no spanning-tree link-type • auto - Automatically derived from the duplex mode setting.
Command Line Interfa ce 4-168 4 Default Setting • Ethernet – ha lf duplex: 2,000,000; full duplex: 1,000 ,000; trunk: 500,000 • Fast Ethernet – half dupl ex: 200,000; full d upl ex: 100,000; t.
Spanning Tree Commands 4-169 4 interface with the highest priority (that is, lowes t value) will be configured as an active link in the spanning tree. • Where more than one interface is assi gned the highest priority, the interface with lowest numeric identifi er will be enabled.
Command Line Interfa ce 4-170 4 show spanning-tree This command shows the configuration for the common sp anning tree (CST) or for an instanc e within the multiple spanning tree (MST). Syntax show sp anning-tree [ interface | mst instance_id ] • interface • ethernet unit / port - unit - This is device 1.
Spanning Tree Commands 4-171 4 Example show spanning-tree mst configuration This command shows the configuratio n of the multiple spanning tree. Syntax show sp anning-tree mst configuration Command Mo.
Command Line Interfa ce 4-172 4 Example VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment.
VLAN Commands 4-173 4 Command Mode Global Configurat ion Command Usage • Use the VLAN database command mode to add, ch ange, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command.
Command Line Interfa ce 4-174 4 • no vlan vlan-id state returns the VLAN to the default state (i.e ., active). • You can configure up to 255 VL ANs on the switch. Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activat ed by defaul t.
VLAN Commands 4-175 4 Example The following example shows how to set th e interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Related Commands shutdown (4 -130) switchport mode This command confi gures the VLAN membership mode for a p ort.
Command Line Interfa ce 4-176 4 switchport acceptable-frame-types This command confi gures the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport accept able-frame-types { all | ta g g e d } no switchport accept able-frame-types • all - The port accepts all frames, tagged or untagged.
VLAN Commands 4-177 4 Command Usage • Ingress filtering o nly affects tagged frames. • If ingress filtering is disabled and a port recei ves frames tagged for VLANs for which it is not a member, these frames wil l be flooded to all other ports (exce pt for those VLANs explicitly fo rbidden on this port).
Command Line Interfa ce 4-178 4 Example The following example shows how to set the PVID for port 1 to VLAN 3: switchport allowed vlan This command confi gures VLAN groups on t he se lected interface.
VLAN Commands 4-179 4 Example The following example shows how to ad d VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the list of forbidden VLANs.
Command Line Interfa ce 4-180 4 Displaying VL AN Information show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name ] • id - Keyword to be foll owed by the VLA N ID. - vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes ) • name - Keyword to be followed by the VLAN name.
VLAN Commands 4-181 4 Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within th e assigned VLAN. This section describes comma nds used to configure private VlANs. pvlan This command enables or configures a private VLAN.
Command Line Interfa ce 4-182 4 show pvlan This command displays the configured priv ate VLAN. Command Mode Privileged Exec Example Configuring Protoco l-based VLANs The network devices requi red to support multiple protocols c annot be easily grouped into a common VLAN.
VLAN Commands 4-183 4 protocol-vlan protocol-grou p (Configuring Grou ps) This command creates a protoco l group, or to add specific protocols to a group.
Command Line Interfa ce 4-184 4 Command Usage • When creating a p rotocol-based VLAN, only assig n interfaces via this command. If you assign in terfaces using any of the other VLAN commands (such as vlan on page 4-173), these interfaces will admit traffic of any protocol type into the associated VLAN.
VLAN Commands 4-185 4 show interfaces protoco l-vlan proto col-group This command shows the mapping from protocol groups to VLANs for the sel ected interfaces. Syntax show interfaces protocol-vlan protocol-group [ interface ] interface • ethernet unit / port - unit - This is device 1.
Command Line Interfa ce 4-186 4 GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN memb ers on interfaces across the network.
GVRP and Bridge Extension Comma nds 4-187 4 show bridge-ext This command shows the configuratio n for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “.
Command Line Interfa ce 4-188 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp configurati on [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channe l channel-id (Range: 1-6) Default Setting Shows both global and interface-spec ific configuration.
GVRP and Bridge Extension Comma nds 4-189 4 Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for cl ien t services within a bridged LAN. The default values fo r the GARP timers are independent of the media acc ess method or data rate.
Command Line Interfa ce 4-190 4 Related Commands garp timer (4-188) Priority Commands The commands described in this secti on allow you to specify which data p ackets have greater precedence when traf fic is buffered in the switch due to congestion. This switch support s CoS with eight priority queues for eac h port.
Priority Commands 4-191 4 queue mode This command sets th e queue mode to strict priority or Weighted Round-Rob in (WRR) for the class of se rvice (CoS) priority queues.
Command Line Interfa ce 4-192 4 switchport priority default This command sets a prio rity for incoming untagged frames. Use the no form to restore the default value. Syntax switchport prio rity default default-priority-id no switchport priority default default-priority-id - The priority number for untagged ingress traffic.
Priority Commands 4-193 4 queue bandwidth This command assign s weighted round-robin (WRR) weight s to the eight class of service (CoS) priority queues. Use the no form to restore the default weight s. Syntax queue bandwidth wei ght1...weight8 no queue bandwidth weight1.
Command Line Interfa ce 4-194 4 Default Setting This switch supports Cla ss of Service by using eight priority queues, with Weighted Roun d Robin queuing for each port. Eight separate traf fic classes are defined in IEEE 802.1p. The default priority levels are assi gned according to recommendations in the IEEE 802.
Priority Commands 4-195 4 Example show queue bandwidth This command displays the weigh ted round-robin (WRR) bandwidth all ocation for the eight priority queues. Default Setting None Command Mode Privileged Exec Example show queue cos-map This command shows the class of service priority map.
Command Line Interfa ce 4-196 4 Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enable s IP port mapping (i .
Priority Commands 4-197 4 Example The following example shows how to en able TCP/UDP port mapping globally: map ip port (Interface Configuration) This command enables IP port mapping (i.e., TCP/UDP port priority). Use the no form to remove a specific setting.
Command Line Interfa ce 4-198 4 Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot bo th be enabled. Enabling one of these priority types will automatical ly disable the other type.
Priority Commands 4-199 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Dif ferentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping.
Command Line Interfa ce 4-200 4 Default Setting The DSCP default values are defined in the fo llowing table. Note that all the DSCP values that are not specifi ed are mapped to CoS value 0.
Priority Commands 4-201 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traf fic has been mapped to CoS value 0: Related Commands map ip port (Global Configura tion) (4-196) map ip port (Interfa ce Configuration) (4-197) show map ip precedence This command shows the IP precedence priority map.
Command Line Interfa ce 4-202 4 Example Related Commands map ip port (Global Configura tion) (4-196) map ip precedence (Interface Configuration) (4-198) show map ip dscp This command shows the IP DSCP priority map. Syntax show map ip dscp [ interf ace ] interface • ethernet unit / port - unit - This is device 1.
Multicast Filtering Commands 4-203 4 Example Related Commands map ip dscp (Global Co nfiguration) (4-199) map ip dscp (Interface Configuration) (4-199 ) Multicast Filtering Commands This switch uses IGMP (Internet Group Management Proto col) to query for any attached hos ts that want to receive a specif ic mul ticast service.
Command Line Interfa ce 4-204 4 IGMP Snooping Com mands ip igmp snoopi ng This command enables IGMP snoopi ng on this switch. Use the no form to disable it. Syntax [ no ] ip igmp snoo ping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping.
Multicast Filtering Commands 4-205 4 Command Mode Global Configurat ion Example The following s hows how to statically configure a multicast group on a port: ip igmp snooping version This command confi gures the IGMP snooping version . Use the no form to restore the default.
Command Line Interfa ce 4-206 4 Command Usage See “Configuring IGMP Snooping an d Query Parameters” on page 3-141 for a description of the disp layed items. Example The following s hows the current IGMP snooping configuration: show mac-address-table multicast This command shows kn own multicast addresses.
Multicast Filtering Commands 4-207 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the switch as an IGMP querier . Use the no form to disable it. Syntax [ no ] ip igmp snoo ping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch wi ll serve as querier if elected.
Command Line Interfa ce 4-208 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count defines how long the querier waits for a response from a multicast client before t aking action.
Multicast Filtering Commands 4-209 4 ip igmp snooping query-max-response-time This command configures the que ry report delay . Use the no form to restore the default. Syntax ip igmp snoo ping query-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s.
Command Line Interfa ce 4-210 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this command to t ake effect.
Multicast Filtering Commands 4-211 4 Command Usage Depending on your network connecti ons, IGMP snooping may not always be able to locate the IGMP querier .
Command Line Interfa ce 4-212 4 IP Interface Commands An IP addresses may be used for management access to the switch over your network. The IP address for this swi tch is obtained via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on.
IP Interface Commands 4-213 4 • If you select the bootp or dhcp option, IP is enabled b ut will not functi on until a BOOTP or DHCP reply has been received. Requests will be broadcast periodically b y this device in an effort to lea rn its IP address.
Command Line Interfa ce 4-214 4 ip default-gateway This command establ ishes a static route between this switch an d management stations th at exist on another network segment.
IP Interface Commands 4-215 4 show ip re directs This command shows the default gatewa y configured for this device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-gate way (4-214) ping This command sends ICMP echo reques t packets to another node on th e network.
Command Line Interfa ce 4-216 4 Example Related Commands interface (4-125) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP , MAC (up to 32 lists) DHCP Client DNS.
Software Specifications A-2 A Additional Fe atures BOOTP client SNTP (Simple Network T ime Protocol) SNMP (Simple Network Management Protocol) RMON (Remote Monitoring, groups 1, 2, 3, 9) SMTP Email Al.
Management Inform ation Bases A-3 A RMON (RFC 1757 groups 1,2,3,9) SNMP (RFC 1 157) SNMPv2 (RFC 1907) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 1350) Management Information Bases Bridge MIB (RFC 14.
Software Specifications A-4 A.
B-1 Appendix B: Troubleshooting Problems Accessing the Mana gement Interface T able B-1 T roubleshooting Chart Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cablin g between the management station an d the switch.
Troubleshooting B-2 B Using System Logs If a fault does occur , refer to the Instal lation Guide to ensure that the problem you encountered is actually ca used by the switch. If the problem appears to b e caused by the switch, foll ow these steps: 1. Enable logging.
Glossary-1 Glossary Access Control List (ACL) ACLs can limit network traf fic and restrict access to certain users or devices by checking each p acket for certain IP or MAC (i.
Glossary Glossary-2 GARP VLAN Registrati on Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on p orts along the S p anning Tr ee so that VLANs defined in each switch can work automatically over a S panning T ree netwo rk.
Glossary-3 Glossary IEEE 802.3x Defines Ethernet frame st art/stop request s and timers used for flow control on full-duplex lin ks. IGMP Snooping Listening to IGMP Query and IGMP Report p ackets transferred between IP Multi cast Routers and IP Multicast host groups to identify IP Mult icast group members.
Glossary Glossary-4 Management Information Base (MIB) An acronym for Management Information Base. It is a set of database obj ects that contain s information about a specific devi ce.
Glossary-5 Glossary Rapid Spanning Tree Protocol (RSTP) RSTP reduces the convergence time for network topology changes to about 10 % of that require d by the older IEEE 802.1D STP st andard. Secure Shell (SSH) A secure replacement for remote access functions, including T elnet.
Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a datagram mode fo r packet-switched communications. It uses IP as the underlying transport mechanis m to provide access to IP-like services. UDP packet s are delivered just like IP packe ts – connection-less datagrams th at may be discarded before reaching their target s.
Index-1 Numerics 802.1x, port authen tication 3-43, 4-78 A acceptable frame type 3-120, 4-176 Access Control List See AC L ACL Extended IP 3-53, 4-86, 4-87, 4-90 MAC 3-53, 4-86, 4-101, 4-101–4-103 S.
Index-2 Index HTTPS 3-34, 4-31 HTTPS, secure server 3-34, 4-31 I IEEE 802.1D 3-91, 4-154 IEEE 802.1s 4-154 IEEE 802.1w 3- 91, 4-154 IEEE 802.1x 3-43, 4-78 IGMP groups, displaying 3-144, 4-206 Layer 2 .
Index-3 Index R RADIUS, logon authentic ation 3-31, 4-71 rate limits, setting 3-83, 4-138 restarting the system 3-25, 4-22 RSTP 3-91, 4-154 global configuratio n 3-92, 4-154 S Secure Shell 3-36, 4-34 .
Index-4 Index.
.
P/N: 90000441 REV.A MIL-SM24004TG.
An important point after buying a device Milan Technology MIL-SM24004TG (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Milan Technology MIL-SM24004TG yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Milan Technology MIL-SM24004TG - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Milan Technology MIL-SM24004TG you will learn all the available features of the product, as well as information on its operation. The information that you get Milan Technology MIL-SM24004TG will certainly help you make a decision on the purchase.
If you already are a holder of Milan Technology MIL-SM24004TG, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Milan Technology MIL-SM24004TG.
However, one of the most important roles played by the user manual is to help in solving problems with Milan Technology MIL-SM24004TG. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Milan Technology MIL-SM24004TG along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center