Instruction/ maintenance manual of the product 40240/40480-10G Asante Technologies
Go to page of 792
IntraCore 40240/40480-10G Layer 3 Gigabit Stackable Ethernet Switch User’s Manual.
IC40240-10G/IC40480-10G (P/N 99-00837/99-00836) User’s Manual A sante Networks 47709 Fremont Blvd., Fremont, CA 94538 USA SALES 408-435-8388 TECHNICAL SUPPORT 408-435-8388: W orld wide www.asante.com/support support@asante.com Copyright © 2009 Asante.
Management Guide IntraCore 40240-10G Gigabit Ethernet Switch • Stackable Layer 3 Switch • 20 10/100/1000BASE-T (RJ-45) Ports, • 4 Gigabit Combination Ports (RJ-45/SFP), • 2 10-Gigabit Extender.
IC40240-10G (99-00837) IC40480-10G (99-00836).
About This Manual Purpose This guide gives specific information on how to ope rate and use the management func tions of the switch. Audience The guide is intended for use by network administrators w h.
ii.
iii Contents Section I: Getting Sta rted Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Softw are Feature s 1-2 Sys tem Def ault s 1-7 Chapter 2: Initial Configuratio n 2-1 Connectin g.
Contents iv Main Me nu 3-4 Chapter 4 : Basic Manag ement Task s 4-1 Disp layin g Syst em Inf ormat ion 4-1 Display ing Switc h Hardwa re/Software Versio ns 4-3 Displ aying Brid ge Exte nsion Capabi li.
Contents v Chapter 6: User Authe ntication 6-1 Config uring Us er Acco unts 6-1 Config uring L ocal/Re mote L ogon Au thentic ation 6-2 Config uring HTT PS 6 -5 Repla cing the D efault Se cure-s ite C.
Contents vi Chap ter 10 : Sp anning Tree Algor ith m 10-1 Displ aying G lobal Setti ngs 10-3 Config uring Gl obal Se ttings 10-6 Display ing Int erface Setti ngs 10-10 Config uring Inte rface Se tting.
Contents vii Mappin g IP Precede nce 13-8 Mappin g DSCP Pri ority 13-10 Mappin g IP Port Priori ty 13-11 Chapter 14 : Quali ty of Servic e 14-1 Config uring Qua lity o f Servic e Paramete rs 14 -1 Con.
Contents viii Disp laying Dy namic ally Lea rned ARP En tries 19-12 Displayin g Local ARP Entries 19-13 Displayin g ARP Statisti cs 19-14 Display ing Statis tics for IP Protoco ls 19-16 IP Stat istics.
Contents ix Partial Ke yword Lo okup 21-5 Negati ng the Effect of C ommand s 21-5 Usin g Comman d Histo ry 21-5 Unders tandin g Comm and Mode s 21-6 Exec Com mands 21-6 Conf igurat ion C omman ds 2 1-.
Contents x databit s 23-22 parity 23 -23 speed 23 -23 stopbi ts 23-24 disco nnect 23 -24 show line 23-25 Event Lo gging Comman ds 23-26 loggi ng on 23-2 6 loggin g hist ory 23-27 loggi ng hos t 23- 28.
Contents xi snmp-se rver en gine-i d 24-8 show snm p engi ne-id 24 -9 snmp-se rve r view 24-10 show snm p vie w 24-11 snmp-se rver gro up 24-11 show snm p grou p 24-12 snmp-se rver us er 24- 14 show s.
Contents xii show ssh 25-22 show pu blic-k ey 25-23 Port Securi ty Commands 25-24 port security 25-25 802.1X Por t Auth enticati on 25-26 dot1x s ystem-a uth-co ntrol 25-27 dot1x def ault 25-27 dot1x .
Contents xiii Chapter 27 : Interface Comman ds 27-1 inte rfac e 27-1 des cript ion 2 7-2 speed-du plex 27 -3 negotiati on 27 -4 capabil ities 27-4 flowco ntrol 27-5 media-ty pe 27-6 shutdown 27 -7 swi.
Contents xiv lldp ba sic-tl v man agement-i p-addre ss 32-7 lldp ba sic-tl v port-d escripti on 32-8 lldp ba sic-tl v syste m-capa bilit ies 32-8 lldp b asic- tlv sy stem-de scri ption 32- 9 lldp ba s.
Contents xv Chapter 34: VLAN Commands 34-1 GVRP an d Bridge Extens ion Com mands 34 -1 brid ge-ex t gvr p 34- 2 show brid ge-ext 34 -2 switchp ort gvrp 34-3 show gvrp conf igurati on 34-3 garp timer 3.
Contents xvi Priority Co mman ds (Layer 3 and 4 ) 35-7 map ip port (Glo bal Conf igur ation) 35-7 map ip port (In terface Configu ration) 35-8 map ip preceden ce (G lobal Configura tion) 35-8 map ip p.
Contents xvii ip doma in-nam e 38-3 ip doma in-lis t 38-3 ip name -ser ver 38 -4 ip doma in-look up 38-5 show h osts 38-6 show dns 38-7 show d ns cach e 38-7 clear dn s cache 38-8 Chapter 39: DHCP Com.
Contents xviii clear vrrp router c ounters 40 -10 clear vrrp interfac e counte rs 40-10 Chapter 41: IP Interface Commands 41-1 Basic IP Configu ration 41-1 ip addr ess 4 1-3 ip defa ult-gate way 4 1-4.
Contents xix Routing In formati on Proto col (RIP) 42-5 router rip 42-6 defa ult- metri c 42-7 timers bas ic 42-8 network 42 -9 neighbo r 42-9 version 42-10 redistri bute 42- 11 ip rip re ceive versi .
Contents xx Section IV: Appendices Appendix A: Soft ware Specific ations A-1 Soft ware F eatu res A-1 Manage ment F eatures A-2 Stan dards A -2 Manage ment In formation Bases A-3 Appendix B: Trou bles.
xxi Tabl es Tabl e 1-1 Key Feat ures 1-1 Table 1-2 Sys tem Defaul ts 1-7 Tabl e 3-1 Web P age C onfi gurat ion B utto ns 3-3 Tabl e 3-2 S witch Main Me nu 3-4 Table 4-1 Log ging Lev els 4-30 Table 5-1 SN MPv3 S ecurity M odels and Leve ls 5-2 Table 5-2 Sup ported No tifica tion M essages 5-14 Table 6-1 HTTPS Sy stem Sup port 6-6 Table 6-2 802 .
Ta b l e s xxii Table 23 -10 show l oggin g flas h/ram - dis play descripti on 23-30 Table 23 -11 show l oggin g trap - d isplay descri ption 23-31 Table 23 -12 SMTP Al ert Comman ds 23-32 Table 23 -1.
Ta b l e s xxiii Table 34-5 Commands for Dis playing VLAN Inform ation 34-12 Table 34-7 Private VLAN Comman ds 3 4-18 Tabl e 34- 8 Pro tocol -bas ed VLAN Comm ands 34-2 0 Table 35-1 Priority Commands .
Ta b l e s xxiv Table 42 -15 show ip osp f network - disp lay d escriptio n 42-46 Table 42 -16 show i p osp f router - display descr iption 42-47 Table 42 -17 show ip osp f summ ary - d isplay descri .
xxv Figu res Figure 3-1 Home Page 3-2 Figure 3-2 Front Panel Indicato rs 3-3 Figu re 4- 1 Syst em In form atio n 4-2 Figure 4-2 Switch Informa tion 4-3 Figure 4-3 Displ aying Brid ge Exte nsion Config.
Figures xxvi Figure 6-5 SSH Host-Ke y Settings 6-11 Figure 6-6 SSH User Pu blic-Key Settings 6-1 3 Figure 6-7 SSH Server Setting s 6-1 5 Figure 6-8 Port Security 6-17 Figure 6-9 802.1X Global Informa tion 6-19 Figure 6-1 0 802.1 X Glob al Conf igurati on 6-20 Figure 6-1 1 802.
Figu res xxvii Figure 11-1 802.1Q T unnel Status and Ethernet Type 11-16 Figure 11-2 Tunnel Po rt Config uration 11-18 Figure 11-8 Private VLAN Statu s 11-19 Figu re 11 -9 Pri vate V LAN Li nk Sta tus.
Figures xxviii Figure 19-2 IP Routing Interface 19-7 Figu re 19-3 ARP Gener al 19-10 Figure 19 -4 ARP St atic Addres ses 19-11 Figure 19 -5 ARP Dynami c Address es 19-13 Figure 19 -6 ARP O ther Addres.
Getting Started.
Descr iption Backup to TFTP server Console, Telnet, web – User name / password, RADIUS, TACACS+ Web – HTTPS T elnet – SSH SNMP v1 /2c - Co mm uni ty st rin gs SNMP version 3 – MD5 or SHA p ass wor d Port – IEEE 802.
Table 1-1 Key Fe atu res (C ontinued) Feature Descr iption Spanning Tree Supports standard STP, Rapid S panning Tree Protocol (RSTP), and M ultiple Algorithm Spanning Trees (MSTP) Virtual LANs Up to 256 using IEEE 802.
Access C ontro l Lis ts – ACLs provide packet filteri ng for IP fram es (based on address, proto col, TCP/U DP port numb er or TCP con trol code) or any frames (bas ed on MA C add re ss o r Ether net typ e) .
IEEE 802.1 D Brid ge – The switch supports IEEE 802 .1D tran sparent brid ging. The address table facilitates data switch ing by le arning addresses , and then fil tering or forwarding tra ffic based on this informa tion. T he addres s table su pports up to 16K address es.
• Use private V LA Ns to re strict traffic to pa ss on ly betw een data po rts and the u plin k ports, thereb y iso lating ad jacent ports within the same VLA N, and allowing you to limit the total nu mber of VLAN s that need to be configured . • Use protocol VLANs to restric t traffic to specified interface s based on protocol type.
remote ne two rk, the switc h check s to see if it ha s the be st rou te . If it does , it s ends its own MAC addre ss to the host. The h ost then sen ds traffi c for the rem ote destination via t he switc h, which uses its own rout ing table to re ach the de stination on t he other ne twork .
Default auto 8 1 non e 0 (disabled) Username “admi n” Password “admin” Username “gues t” Password “ guest” Password “ super” Disabl ed Disabl ed Disabl ed Enabl ed Disabl ed Disabl.
Parame ter Defau lt SNMP Agent Enabl ed Community S t rin gs “public” (r ead on ly) “private” (rea d/write) Traps Au thenticatio n traps: enabled Link-u p-down eve nts: ena bled SNMP V3 View: .
Function Param eter Defau lt Traffic Prioritization Ing ress P ort Priority 0 Queue Mode WRR We i ghte d Roun d R obin Qu eu e: 0 1 2 3 4 5 6 7 Weig ht: 1 2 4 6 8 10 12 14 IP Precedence P rio rity Disabl ed IP DSCP Priority Disabled IP Port Priority Disabled IP Settings Management.
1 1-10 Introduction.
Chapter 2: Initial Configuration Connecting to the Switch Configuration O ptions The switc h includes a built-in ne twork mana gement agent. T he agen t offers a variety of manageme nt options, including SNM P, RM ON (Groups 1, 2, 3, 9) and a web-ba sed interface .
• Configure Spa nning T ree par ame ter s • Configu re Class o f Serv ice (C oS) pri ori ty queui ng • Con figure u p to 6 stati c or LACP tru nks per swit ch, up to 32 per stack • Enable po r.
Remote Connections Prior to accessing the switc h’s on board a gent v ia a network conn ection, you must first configure it with a valid IP address, subnet mask, and default gate way u sing a console con nection, DH CP or BOOTP protocol. An IPv4 addre ss for this switch is obta ined via DH CP by defaul t.
- If Master/S lave push butt on is depre ssed o n more tha n one un it, the system will select t he unit with the lowest MAC address from those with the push button depressed as the s tack Ma ster.
two. The Stack Link LE D on the unit that is no lon ger re cei vin g tr affic fr om th e ne xt unit up or do wn in the stack will begin flashing to indic ate that th e stack lin k is broken.
will operate in S pecial Stack ing Mode in which all bac kup units are disabled a s descri bed below: • The master unit st arts n orm al ope rati on mo de in sta ndalo ne mode. • The ma ster unit can s ee a ll un its in t he stack an d maint ain sta ck topol ogy.
4. The session is o pened an d the CLI di spl ays th e “Co nsol e#” prompt indica tin g you hav e access at the Priv ileged Exe c leve l. Setting Passwords Note: If this is your first time to lo g.
Manual Configur ation You can ma nually assign an IP addres s to the switch. Y ou may also n eed to specif y a default g ateway that resides betwee n this device a nd manage ment sta tions that exist on anoth er network segment (if rout ing is not enab led on this switc h).
FE80::260 :3EFF:FE11 :6700/64 Global unic ast address( es): Joined gro up addres s(es): FF01::1/16 FF02::1/16 FF02::1:F F11:6700/1 04 MTU is 1500 by tes.
From the Globa l Confi guration mo de promp t, type “ipv6 general prefix prefix-name ipv6-pr efix/prefix -length ,” wher e the “prefix-n ame” is a label identifying the ne twork s egme nt, “.
Dynam ic Configuration Obtainin g an IPv4 Addres s If you select the “ bootp” or “dhcp ” option, IP will be enabled but will not function until a BOOTP o r DHCP r ep ly h as b een rec eive d. Re qu ests wil l be sen t pe riod ically in a n effor t to obtain IP configurati on information.
Obtainin g an IPv6 Addres s Link Local A ddress — Th ere are severa l wa ys to dy namic ally con figure IP v6 addresses. Th e sim plest metho d is to autom atic ally gen erate a “link local” addres s (identified by an address prefix of FE80).
Enabling SNMP Management Access The switch can be configu red to a ccept man agement command s from Simple Network Managemen t Protocol (SNM P) application s such as H P OpenView. You can co nfigure the switch to (1) respond to S NMP reques ts or (2) g enerate SNMP tra ps.
The de fault string s are: • public - with re ad-onl y acc ess. Author ize d m anageme nt s tatio ns are o nly able to retrieve MIB objects. • private - with read-write acces s. Authorized ma nagemen t stations are ab le to both retrieve and modify MIB objects.
For a more detailed exp lanation on how to configure the switch for acce ss from SNMP v3 clients, refe r to “Simp le Networ k Man agement Pr otocol” on pag e 5-1, or refe r to the spec ific CLI co mmands fo r SNMP starting o n page 24-1.
• D ia gnos tic Cod e — Softw are t hat is ru n du ring syste m boot -up, also k no wn as POST (Pow er On Self-Test). Due to the size limit of the flas h memory, the switch supp orts only t wo operatio n code files. Ho wever, you c an have as m any diagn ostic code files an d config uration files as ava ilable flash m emo ry space allow s.
Managing System Files To save th e current configuration setting s, enter the fo llow ing com mand: 1. From the Privileged E xec mode p rom pt, typ e “cop y runni ng-c onfig startup-config” a nd press <En ter>. 2. Enter th e name of the star t-up fil e.
2 2-18 Initial Configurati on.
Section II: Switch Management This section de scribes the bas ic switch fe atures, along with a detailed descrip tion of how to configure e ach fea t ure via a web b ro wse r, and a b rie f e xam ple fo r the Command L ine Inte rface. Configuring the Switch .
Switch Management.
Chapter 3: Configuring the Switc h Using the Web Interface This switch provides an e mbedd ed HTTP web agent. Usin g a web brow ser you c an configure th e switch and view statistic s to monitor n etwork act ivity. The web ag ent can be acce ssed by any computer o n the netw ork using a stand ard web browse r (Internet Explorer 5.
Navigati ng the W eb Bro w ser Inte rf ace To acc e ss the web-br o wser i nterf ace yo u mu st f irst ente r a us er n ame a nd passw ord. The ad ministrator has Rea d/Write ac cess to a ll conf igurati on param eters and st atist ics. Th e def aul t use r na me and pa ss word “ad m in ” is us ed f or th e administrator.
Confi gu rati on Op ti on s Configu rable par amete rs have a dia log box or a drop - do wn list. Once a co nfigur ati on chang e ha s bee n m ade on a page , b e sur e to cli ck o n th e Appl y butt on t o co nf irm the new s etting. The fo ll ow ing table su mmarizes the we b pa ge configur ation button s.
Descripti on Provides basic sys tem description , including cont act information Shows t he nu mb er of po rts, h ardw are/ fir mw are ve rsi on numbers, and power st atus Shows the bridge extension p.
Current Time Config urati on Time Z one Summ er Time SNMP Config urati on Agent Status SNMP v3 Engine ID Remot e En gine ID Users Remot e User s Groups Views Security User Ac count s Authentic atio n .
Displays settings an d o pe r ati o na l state f or t he re m o te si de Set s t he broa d cast storm thre sh old f or ea ch po rt S et s the br oa dc a st storm thre sh old f or ea ch tr unk Set s t .
Displays information on the VLAN type supp orted by this switch Shows the current port members of each VLAN and whether or not the port is tagged or untagge d Used to create or remove V LA N grou ps M.
Link Layer Disc overy Protoco l Configure s global L LDP timing param eters Configures para meters for individual ports Configures parameters for trunks Displays LLDP in for mation about the loc al de.
DNS Doma in Name Servi ce General C onfiguration Enables DNS ; confi gures domain name and doma in list; and specifies IP address of nam e servers for dynamic look up Static Host Table Configures stat.
Statically maps a physical address to an IP address Shows dynamically learned entries in the IP routing table Shows inter n al addresses used by the switch Shows statistics on ARP requests sent and re.
Navigating the We b Browser Interface Table 3- 2 Swit ch Mai n Menu (Continued) Descripti on Open Shortest Path Fir st Enables or disables OSPF; also configur es the Router ID and variou s ot her glo .
3 3-12 Configuring the S witch.
Chapter 4: Basic Management Tasks This c hapter d escrib es th e ba sic fun ctio ns re qui red to s et up ma nagem ent acc es s to the switch, display or up grade operating software, or rese t the system. Displaying Sys tem Information You can ea sily identify the syste m by displaying t he device name , location and contact inform ation.
Web – Click Sy stem, System Information . Sp ecify the system name , location, and contac t inf ormation for t he syst em adm inist rato r, then c lick Apply. (This page also includes a Telnet button that allows access to the Command Line Interface via Telnet.
Displaying Swit ch Hardware/Software Versions Use the Switch Informatio n page to displa y hardwar e/firmwar e version num bers for the main boar d and management software, as well as th e power sta tus of the system . Field Attributes Main Boar d • Serial Num ber – The s erial n umb er o f the s witch.
Displaying Brid ge Ex tension Capabilities The Bridge MIB incl udes exte nsions for mana ged devic es that suppor t Multicas t Filtering, Traffic Classes, and Virtual LANs. You can access thes e extensions to dis play defau lt sett ings for th e key vari ables.
Setting the Switch’s IP Address (IP Version 4) Web – Click System , Bridge Exte nsion. Figure 4- 3 Dis playin g Bridg e E xtensi on Con figu ration CLI – Enter the fo llo wing com mand.
numbers, 0 to 255, se parate d by pe riods. Anyt hing outside t his format w ill not be acc epted by the CLI progra m. Command Usage • This se ction des cr ibes h ow t o co nfi gure a s ingle l ocal inter fa ce for ini tial acc ess t o the stack.
Figu re 4- 4 IP v4 Int erf ac e C onfi gur atio n - M anu al Click IP, Global Settin g. If this stack and ma nagement sta tions ex ist on ot her network seg ments, then spe cify the defau lt gateway, an d cli ck Appl y. Figu re 4-5 D efault G at ewa y CLI – Specify th e management interface, IP add ress and d efault ga tewa y.
Using DHCP/BOOTP If your netwo rk provides DHCP/B OOTP s ervice s, you can c onfigure t he stack to be dynamically configu red by the se service s. Web – Click IP, Genera l, Routin g Interface. Specify th e VLAN to which t he management station is attached, set the IP Address Mode to DHCP or BOOTP.
Setting the Switc h ’s IP Address (IP Version 6) This sec tion describe s how to configur e an initial IPv6 int erface for man agement access ov er the n etwork. This switch supports bo th IPv4 an d IPv6 , and can be managed throug h either o f these address types.
• The switch m ust a lwa ys be co nfig ured wit h a l ink- loc al ad dress . Therefor e an y configuratio n process that enabl es IPv6 funct ionality, or assigns a global u nicast address to the switch, will also automatically generate a link-local uni cast address.
about the targe t addre ss. If IP rou tin g is disabl ed, you must de fine a gateway if the target dev ice i s loca ted i n a diffe re nt s ub net . - If routing is enable d, you c an stil l defi ne a.
- A global un icast address can a lso be se t b y selecting a preco nfigured general prefix for the netwo rk portion of the add ress from the Based on G eneral P refix scro ll-down list and m ar ki ng.
specificat ion is de signed for de vices th at use a n extended 8-byte MAC address . For devi ce s that st ill use a 6- byte M AC a ddress (a ls o kn own as EUI-48 fo rmat), it must be c onverted int .
Web – Click System, IPv6 Configura tion, IPv 6 Con figuratio n. Set th e IPv6 de fault gateway, sp ecify the V LAN to co nfigu re, enable IPv6, and set the MT U .
Setting the Switch’s IP Address (IP Version 6) CLI – This example configures an IPv6 gateway , spec ifies the management interface, configures a glo bal unic ast ad dress, a nd then sets the MTU.
Follo w the prefix by a f orward slash and a decimal v alue in d icating how many o f the contig uous b it s (from the lef t) of th e addr ess com p ri se the pre fix ( i.e ., the network p ortion of t he addre ss). We b – Click System, IPv6 Config uration, I Pv6 G enera l Pre fix.
Configuring Neighbor De tection Protocol and Static Entries IPv6 Neighb or Discovery Protoco l supersed es IPv4 Add ress Resoluti on Protocol in IPv6 n etwor ks.
- When a non-default val ue is c onfi gu red, the spe cif ie d interv al is used both for router advertise men ts a nd b y the router itself. Current Neighbor Cache Table • IP v6 Addre ss – IPv 6 address of nei ghbor d evic e. • Ag e – The time since the address was ver ified a s reac hable (in mi nutes).
Web – Click System, IPv6 Configuration, IPv6 ND Neighbor. To con figure the Neighbor Detectio n protoc ol settings, se lect a VLAN interface , set the number of attempts allowe d for duplica te addre ss dete ction, se t the interva l for neighbor solicitation messages, a nd click Apply.
Console#co nfigure Console(c onfig)#ipv 6 neighbor 2 009:0DB9::49 A vlan 1 30-65-14-0 1-11-87 Console(c onfig)#end Console#s how ipv6 neighbor s IPv6 Address Age Link-layer Addr State 2009:DB9:2229::77 Permanent 30-65-14-01-11-87 REACH Console# 4-20 CLI – This example maps a stat ic entry fo r a global unicast ad dress to a MAC addre ss.
Configuring Supp ort for Jumbo Frames The switch provid es more efficient thro ughput for larg e sequentia l data tran sfers by supporting jumbo fr ames up to 9216 bytes .
• TFTP Ser ver IP Addr ess – The IP address of a TFTP serv er. • File T ype – Spec ify opc ode (op erat iona l code ) to co py fir mwa re. • File N ame – The file name should not contai n sl as hes ( or /) , the lead ing l ette r of the file na me sh ould not be a pe rio d (.
If you download to a new destination file, go to the File Manageme nt, Set Start -Up menu, mark the o peration c ode file us ed at sta rtup, and cl ick A ppl y. To star t t he n ew firmware, reboot the syste m via th e Syste m/Rese t me nu. Figure 4-12 Setting the St art up Cod e To del ete a file sel ect Syst em, Fi le Management, Delete.
You can up lo ad/download con figura tio n s etting s to/from a TFT P serv er, or co py fi l es to and from switch uni ts in a sta ck. The conf igur ation f ile can b e lat er d own lo ade d to restore the sw itch’s settin gs.
Note: The m axim um n umbe r o f use r-defi ned conf igur ation files is l imite d only by availabl e flash mem ory space . Downloading C onfiguration Sett ings from a Server You can do wnload the con.
You can ac cess the onbo ard con figuration prog ram by attachin g a VT1 00 compatible device to the switch’s serial con sole por t. Manage ment acces s throug h the console port is controlled by va rious parameters , includ in g a password, timeouts, and basic communication sett ings.
• Parity – Defines the ge nerat ion of a par ity bit. Communic ation protocols provided by some termin als can require a s pecific pa rity bit settin g. Specify Even, O dd, or Non e. (Def ault: No ne) • Speed – Se ts the te rminal l ine’s ba ud rate f or trans mit (t o ter mi nal) a nd rec eiv e (from term ina l).
You can access the on board config uration prog ram over the net work using Telnet (i.e., a virtu al terminal). Man agement a ccess via Telnet can b e enab led/disa bled and other va rious paramet ers set, in cluding th e TCP po rt num ber, timeo uts, and a passw ord.
• Passw ord 2 – Specifies a password f or th e li ne con nec tion. When a con necti on is started on a line with passwo rd protection , the s ystem pro mpts f or the pas sword. If you ente r the correct pass word, th e system shows a pro mpt. (D efault: No password ) • Login 2 – En ables passw ord checking a t login.
Configuring Eve nt Logging The s witch a llow s you to co ntrol the logg ing of e rror messag es, includ in g the t yp e o f events that are recorded in s witch me mory, lo gging to a r emot e Sy stem Log ( syslog ) server, an d displays a list of rec ent even t mes sages.
Remote Log Confi guration The Remote L ogs page allo ws you to configur e the logg ing of m essages t hat are sent to syslog servers or other manag ement stations. You can also limit the ev ent messages sent to only thos e mes sages at or above a specified leve l.
Web – Click System, Logs, Remote Lo gs. To add an IP addres s to the Host IP List, type the new IP address in the Host IP Address box , and the n click Add. To dele te an IP address, c li ck th e ent r y in the Hos t IP List, and t he n click Rem o ve .
Displaying Log Messages Use the Log s page to scro ll throug h the logg ed syst em and ev ent mes sages. Th e switch can store up to 2048 log entrie s in tempora ry random acc ess memory (RAM; i.e ., memory f lush ed o n pow er res et ) an d up to 40 96 e ntries in p er mane nt flas h memory .
configured email recipients . For exa mple, us ing Leve l 7 will report all eve nts from level 7 to leve l 0. (Def ault : L ev el 7) • SMTP Se rver Lis t – Spe cifie s a l is t of up to thr ee r ecip ie nt S MTP serv ers. The switch attemp ts to connect to th e other lis ted se rver s if the first fails .
Renumbering the Stack If the units are no l onger numbered sequentially after several topology changes or failures, you can reset the unit numbers usi ng the “Renu mbering” command . Just remembe r to save the n ew configur ation setting s to a startu p configurat ion file prior to powering off the stac k Master .
Resetting the System Web – Click Sy stem, Rese t. Clic k the Reset bu tton to resta r t the sw itch. When prompted, confirm that you want res et the switch. Figur e 4 -23 Rese tting th e Sys tem CLI – Use the reload command to resta rt the sw itch.
Settin g the Current Tim e You can manu ally set the system clock if there i s no time ser ver on y our networ k, or if you h ave not configur ed the switch to receive signals from a time se rver. Command Attributes • Hours – Ho ur in 2 4-hou r form at.
Web – Select SNTP, Configuration . Modify any of the require d SNTP parameter s, and click Ap ply. To send an imme diate request t o the configu red servers, click Update Time .
Setting the Time Zone SNTP uses Co ordinat ed Univer sal Ti me (or UTC, form erly Gr eenwich Mean Time, or GMT) based on the ti me a t the Ea rth ’s prim e merid ian, zero deg rees lo ng itud e.
Configuring Summer Time Use the Summer Time page to set the system clock forwa rd during th e summer months (also kno wn as d aylight savings time ). Command Usage In some countrie s or regions, clocks are adjuste d through the summer m onths so that aftern oons have more daylight an d morning s have les s.
Rec ur rin g Mode – Sets the sta rt, en d, an d off set t im es of su mm er-tim e for the sw it ch on a recur ring basis. This mode sets the summ er-time ti me zon e relati ve to th e current ly conf igur ed ti me zo ne.
4 4-42 Basic Mana gem ent T asks.
Chapter 5: Simple Network Management Protocol Sim ple Ne tw ork M anagem ent Pr otoc ol (SNMP) is a com muni ca tion prot oco l designed sp ecifically for managing device s on a netw ork. Equip ment co mmonl y managed with SNM P include s swit ches, rout ers and ho st comput ers.
Note: The predefined def ault groups and view can be deleted from the system . You can then define customized groups and views for the SNMP clients that require access. Enabling the SNMP Agent Enables SNMPv3 service for all manag ement clie nts (i.e., versions 1, 2 c, 3).
Setting Community Acces s Strings You may configure up to five commu nity strings aut horized for manage ment ac cess by clien ts using SN MP v1 and v 2c. All co mmunit y st ring s us ed for IP Trap Mana ger s should be list ed in th is table. Fo r security r eason s, you s ho uld co n side r re movin g th e default str ings.
Specifying Trap Managers and T rap Types Traps indicating s tatus change s are issued by th e switch to specif ied trap ma nagers. You must s pecify trap managers so that key even ts are report ed by this sw itch to your manage ment station (using netw o rk man age m ent p la tfor ms such a s HP OpenVie w).
Version 1 or 2c cli ents ), o r def ine a corr es pon ding “U ser N a me” in the SNM Pv3 Users page (for Version 3 clients) . (Range: 1- 32 charac ters , case sen sitiv e) • Tr ap UDP Port – Speci fie s the U DP po rt numb er use d by the trap man ag er.
Web – Cli ck SNMP, C onfiguration. E nte r th e IP a ddress and community string for each m anageme nt st ation that will re ceive tra p messages, spe cify th e UDP port, SNMP trap ve rsio n, tra p s ecu rit y le vel (f or v3 cli ents ), t ra p inf or m set tin gs (f or v2 c /v3 clients), an d then click Ad d.
Configur ing SNMPv3 Mana gement Access To confi gure SNM Pv3 manag ement access to t he switch , follow t hese steps: 1. If you want to c hange t he default eng ine ID, d o so bef ore co nfi guri n g other SNMP parame ters. 2. Spe cify read and write a ccess vie ws for the switc h MIB tree .
Speci fying a Remote Engine ID To send info rm messages to an SNMPv3 use r on a re mote devi ce, you must fi rst specify the en gine ident ifier for t he SNMP age nt on the r emote device where th e user resides.
Configuring SNMPv3 Users Each SNMP v3 us er i s d efin ed b y a uniq ue n ame. Users mu st b e co nfigur ed wit h a specific securi ty level and assigned to a group. The SNMPv 3 group restricts users to a specific re ad, write, or notif y view. Command Attributes • User Nam e – The nam e of us er c onnec ting to the SN MP ag ent.
Web – Click SNM P, SNMPv3, Users. Click New to configure a user name . In the New Us er page, d efin e a nam e an d ass ign it t o a grou p, the n click Add t o save the config uration an d retu rn to the User Name list. To dele te a u ser, che ck the box next to the user name, then click Dele te.
Configuring Remo te SNMPv3 U sers Each SNMP v3 us er i s d efin ed b y a uniq ue n ame. Users mu st b e co nfigur ed wit h a specific securi ty level and assigned to a group.
Web – Click SN MP, SNMPv3, Rem ote Users. Click New to co nfigure a user name. In the Ne w Use r pag e, def i ne a nam e a nd ass ig n it to a g rou p, th en click Ad d to s ave the configur ation and return to the User Name list. To delete a user, check the box next to the user name, then click Dele te.
Configuring SNMPv3 Groups An SNMP v3 group sets the access policy for its assigne d users, r estrictin g them to specific read, write, and noti fy views. You can us e the pre-de fined de fault gro ups or create new grou ps to map a set of S NM P users to SN MP vi ews .
Table 5-2 Supported Notification Messages Object ID Desc ription 1.3.6.1.2.1.17.0 .1 The newR oot trap indic ate s that the sen din g agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.
* These are legacy notifications and th erefore must be enabl ed in conj unction with the corresp onding traps on the SNMP Configuration menu (page 5-6) .
Web – Click SN MP, SNMPv3, Groups. Click New to con figure a n ew group. In t he New Group pa ge, define a nam e, as sign a se curity mo del a nd l evel, and the n s elect read, writ e, and not ify views . Cl ick Ad d to sav e t he ne w gr oup a nd r eturn t o th e Gro ups list.
Setting SNMPv3 Views SNMPv3 view s are us ed to rest rict use r ac cess t o s pe cified por tio ns o f th e MIB tr ee. The predefine d view “de faultv iew” include s access to th e entir e MIB tree. Command Attributes • View Name – The nam e of the SNM P vie w.
Console(c onfig)#snm p-server view ifE ntry.a 1.3.6.1. 2.1.2.2.1. 1.* included Console(co nfig)#exit Console#s how snmp vi ew View Name: ifEntry. a Subtree O ID: 1. 3.6.1.2. 1.2.2.1.1.* View Type: included Storage T ype: no nvolatil e Row Status: active View Name: readacce ss Subtree OID: 1.
Chapter 6: User Authentication You can restrict man agement ac cess to this switch and prov ide secu re networ k access us ing the following options : • User Ac count s – Man ua lly conf igure m a nag emen t acce ss right s for use rs . • Authe nticati on S etting s – Us e re mot e auth ent ica tion to c onfigur e a ccess rights.
Web – Click Security, User Accounts. To configure a new user acco unt, enter the user name, acces s level, and passwo rd, then click Add. To cha nge th e pa ss wor d for a specific use r, enter the user name and new p assword, c onfirm the pas sword b y entering it a gain, then click Apply.
the network. An authenti cation ser ver contai ns a database of multi ple user name/ passw ord pairs with a ssociate d privile ge levels fo r each user that re quires manage ment access to the sw itch. RADIUS us es UDP while TACACS + uses TCP. UDP only of fers best effort delivery, while TCP offers a co nnection-ori ented transpo rt.
• TAC ACS Setting s - Server IP Address – Ad dre ss o f the TA CA CS + s er ve r. (D e faul t: 10 .11. 12.1 3) - Ser ver Port Nu mber – Net work (TC P) port of TA CACS+ ser ve r used f or authentica tion me ssages. (Range: 1 -65535; D efault: 49) - Secret Text Stri ng – Encry pti on ke y used t o auth entica te lo gon a ccess fo r client.
You can co nfigure the sw itch to enable the Sec ure Hyperte xt Transfer Proto c ol (HTTPS ) over the Secu re Socket Layer (SS L), provid ing secu re acce ss (i.e., an encrypted connectio n) to the switch’s web interface. Command Usage • Both the HT TP an d HTTP S servi ce can b e en able d inde pen dentl y on th e switch .
• Change HTTPS Port Number – S pecifi es t he UDP por t nu mber us ed f or H TTPS / SSL connection to the switch’s we b interfac e. (Default: Po rt 443) Copy HTTPS Certificate For more informat ion on this functio n, se e “Re placing the Defa ult Secu re-sit e Certificate” on p age 6-7.
to verify authorizatio n for certific ate use, and is verified when do wnloading the certificate to the switch. Web – C lick Se curit y, HTT PS S ettin gs. F ill in th e TFTP se rver, ce rt ific ate and p riva te file name details, then click Copy Certifi cate.
Note: The sw itch must be reset for the new certificate to be activated. To r eset the switch, type “re load” at the command prompt: Console#reload Configuring the Secure Shell The Berkley-sta ndard includes remote acce ss tools orig inally desi gned for Un ix systems.
stat ion and place the host publi c key in it. An entry for a public ke y in t he kn own hosts file would appe ar similar to the followi ng example: 10.
d. The client uses its privat e key to dec rypt th e chal lenge stri ng, com putes the MD5 che c ksum, and sends the checksum ba ck to the switch. e. T he switch com pares the chec ksum sent from the client agai nst th at computed for the original string it sent.
Note: The switch us es only RSA Version 1 for SSHv 1.5 clients and DSA Version 2 for SSHv2 clie nts. • Sa ve Host-Key fr om M emor y to F lash – Save s the h ost k ey fr om RAM (i.e ., volatile memory to flash memory). Otherwi se, the hos t key pa ir is stored to RAM by default.
1024 65537 12725092254492640213 133651454613 118967905519236007 602865300676 1 824096909 4744832010 2524878965 97759216832 222558465 2387791546 479807396314 033 869257931 0510576521 2243052807 8658854.
• TFTP Ser ver IP Addr ess – The IP ad dress of the TFTP s erver that con tain s t he pub li c k ey file yo u wi sh to imp ort . (Def ault : 0 .0.0. 0) • Source File Nam e – Th e pub lic key f ile to upload . • Copy Public Key – In itiates the p ublic key TF TP imp ort pro ces s.
RSA: 1024 37 154886675541099600242 67390807 6171863880 9539845974 54546825066 951007 296174374 2713690050 5591624068 11957940871 622607863 4780682201 498685790475 062 345194806 7993948504 2653504179 1.
• SSH Server-Key Size – Spec ifies the SSH ser ver key size. (Range : 512-8 96 bits; Default: 768) - The server ke y is a pr ivate ke y th at is never s hared out sid e the swi tch . - The host ke y is shar ed with th e SSH clien t, and is fixed at 1024 bi ts.
Configuring Port Security Port security is a fe ature t hat all ows you to co nfigur e a swi tch p ort w ith one o r m ore device MAC addresse s that a re autho rized to acces s the ne twork through t hat port.
Web – Clic k Sec urity, Po rt S ecu rity. S et the ac tio n to ta ke when a n invalid a dd re s s is dete cted on a por t, mark t he chec kbox in the Stat us col umn to en able secu ri ty f or a port, set the ma ximum num ber of MA C add res ses all owe d on a port , an d clic k A pply.
Authenticator) respo nds with an EAPOL identity req uest. The cl ient provides its identity (suc h as a u ser nam e ) i n an E APO L res pon se t o the sw itc h, wh ich i t forwards to the RADI US server. The RADIU S server verif ies the clien t identity a nd sends an ac cess chall enge back to the client.
• The RADIUS s erve r a nd cli ent al so hav e to supp ort th e sa me EA P au thenti cation type – MD 5. (So me client s have n ative su pport in Win dows, oth erwise the d ot1x client must su pport it.) Displa ying 802.1X Global Settings The 802.
Configuring Port Settings for 802.1X When 802.1 X is enabled, you nee d to config ure the pa ramete rs for the authentica tion process t hat runs b etween the cli ent and the sw itch (i.e., authenticator), as well as the client identity loo kup process tha t runs betw een the switch and authenticatio n server.
• Max Count – The m axi m u m n um be r o f ho sts t ha t c an co nn ect t o a po rt whe n t he operation mod e is set to Multi-H ost. (Range : 1-1024 ; Defa ult: 5) • Mode – Sets the au then ticat ion mode to one of t he foll owing opt ions : - Au to – Require s a dot1 x-aw are c lie nt to be autho riz ed by t he authe nti cation server.
Web – Click Security, 80 2.1X, Port Configur ation. Modify the parameters require d, and click Apply. Figure 6-11 802.1X Port Configuration 6-22 User Authentication 6.
. 1/25 disabled Single-Host ForceAuthorized n/a 1/26 disabled Single-Host ForceAuthorized n/a 802.1X P ort Detai ls 802.1X is di sabled on po rt 1/1 802.
Descr iption The number of EAPOL Start frames that have been receiv ed by this Authenticator. The number of EAPOL Logoff frames that have been received by this Authenticator . The number of EAPOL frames that have been received b y this Authenticator in which the frame type is not recognize d.
Web – Select Security, 802.1X, Statistics. Sele ct the required port and then click Query. Click Refresh to update the statistic s. Figure 6- 12 802.
Filtering IP Addr esses for Manag ement Access You can c reate a list of up to 16 IP add resse s or IP address grou ps that are allowe d management ac cess to the switch through the web interface, SNMP, or Telnet. Command Usage • The management int erfaces are open to all I P addresses by d efault.
Web – Click Securit y, IP F ilter. Enter the IP addres ses or range of address es that are allowed management acc ess to an interfa ce, an d click Add IP Filter ing Entry. Figure 6-13 IP Filte r CLI – Th is exam ple re stric ts management acces s for T elnet cli ents.
6 6-28 User Authentication.
Chapter 7: Access Control Lists Access Con trol Lists (ACL ) provide pa cket f iltering for IPv 4 fram es (based on address, protoc ol, Layer 4 protocol port num ber or TCP contr ol code), IPv6 fr ames (bas ed on add re ss, next he ader type, or f low l ab el), or a ny fra m es (ba sed on M AC address o r Ethernet ty pe).
If the “TCP” prot ocol is spe cified , then you can also filter packet s based on the TCP co ntro l co de . - IP v6 Standard : IP v6 ACL m od e that fil ters pac ke ts based on the sourc e IP v6 address .
Web – Specify the action (i.e., Permit or Deny). Select the add ress typ e (Any, H ost, or IP). If yo u sel ect “Ho st,” e nter a s pec ific ad dre ss. If y ou sele ct “IP, ” ent er a sub ne t address a nd the mask for an addres s range . Then clic k Add.
• Sou rce/Dest ination Por t – S ource /d esti na tio n port n umb er for the spe ci fie d protocol typ e. (Rang e: 0-6553 5) • Sou rce/Dest inat ion Port Bit Ma sk – Deci mal numb er re prese nti ng t he port bi ts to match.
Web – Specify the action (i.e. , Permit or Deny ). Specify the sou rce and/or destination addresses. Se lect the addre ss type (Any, Host, or I P). If you selec t “Host,” ente r a specific ad dress. If you select “IP,” enter a sub net addre ss and th e mask for an add ress rang e.
Configuring a MAC ACL Command Attributes • Ac ti o n – An ACL can conta in any comb inat ion of perm it o r deny r ules . • Source /Destinati on Addre ss Type – U se “Any ” to include a ll.
Web – Specify the action (i.e. , Permit or Deny ). Specify the sou rce and/or destination addresses. Se lect the ad dress type ( Any, Hos t, or MAC ). If you sele ct “Host,” enter a specific a ddress (e.g., 11-22- 33-44-55- 66). If yo u select “MAC ,” enter a base add ress and a hex idecima l bitm ask for an add ress range.
• Source Prefix-Length – A deci mal value i ndi cati ng h ow m any co ntig uou s bits (from th e left) of the add ress com prise the p refix (i.e., the netwo rk portio n of the addre ss) . Web – Specify the action (i.e., Permit or Deny). Select the addre ss type (A ny, Host, or IPv6-prefix).
• Destination Prefix-Le ngth – A decimal value indicating how many contiguous bits (from the left) of the a dd ress c ompri se the pre fix (i.e ., th e netw ork por tio n of t he addre ss) . • Next Head er – Identifies the type of header immed iately follow ing the IPv6 he ader.
Web – Specify the action (i.e., P ermit or Deny ). Select t he addre ss type (Any o r IPv6-pr efix). If y ou se le ct “IPv6 -pr efi x,” enter a su bne t add re ss an d pref ix le ngth. S et any othe r require d criteria , such as ne xt heade r, DS CP, or flow label.
Binding a Port to an Access Control List After configur ing the Access Co ntrol Lis ts (AC L), you should bi nd th em to the p orts that need t o filter traffic. Y ou can only bi nd a port to on e ACL for eac h ba sic t ype – IPv4 ing ress, MA C ingress, and IPv6 ingress.
7 7-12 Access Control Lis ts.
Chapter 8: Port Configuration Displaying Conn ection Status You can us e the Port Informa tion or Trunk Informat ion pages to displa y the cu rrent connectio n status, including link stat e, speed/ duplex mo de, f low con trol, and auto-n egotia tion.
Field Attrib utes (CLI ) Basic informa tion: • Port type – Indicates the po rt t ype. (1 000BAS E-T, SF P, or 10G ) • MA C addres s – Th e physi cal layer add re ss for th is p ort. (T o ac cess t his ite m on the web, see “S etting the S witch’s I P Address (IP Version 4) ” on page 4 -5.
CLI – T hi s ex ample shows the con necti on st atus for Por t 5. Console#show interfaces status ethernet 1/5 27-9 Informatio n of Et h 1/13 Basic infor mation: Port type: 1000T Mac address: 00-30-F.
- 1000f ull - Sup ports 1 G bps fu ll-du plex o perat ion - 10Gfull - Suppo rts 10 G bps f ull- duple x opera tio n - Sy m ( Gigabit onl y) - Ch eck th is item to tran smi t and rec eive pa use fr ames, or clear it to auto -nego tiate the se nder a nd receive r for as ymmet ric pa use fra mes.
Web – Click Port, Po rt Configuration or Trunk Configuration. Mod ify the require d interface settings, and click Apply. Figure 8-2 Port - Por t Configuration CLI – Select the interface, a nd then ente r the re quired s ettings.
Creating Trunk Groups You can create multiple li nks between devices that work as o ne v irtual, aggregate link. A port tr unk offe rs a dramatic in crease in bandwidth for network segments where bottle necks exist , as wel l as prov iding a fault-to lerant l ink bet ween two devices (i.
• Membe r List (C urre nt) – Shows conf igured trunks ( Trunk ID, Un it, Port). • New – Inc ludes entr y fie lds for c reat ing ne w t runks. - Trunk – Trunk id entifier. (Ra nge: 1-3 2) - Unit – Stack unit . (Ran ge: 1-8) - Port – Po rt id enti fie r.
Created by: User Link status: Up Port operati on status: Up Operation speed-dup lex: 10 00full Flow control type: None Member Port s: Eth1/9 , Eth1/10, Console# Enabling LACP on Se lected Ports Comman.
Command Attributes • Member List (Cu rrent ) – S hows con figur ed tru nks (U nit, Port). • New – Inc ludes entr y fie lds for c reat ing ne w t runks. - Unit – St ack unit . (Ran ge: 1-8) - Port – Po rt id enti fie r. (Ra nge : 1 -25/ 49) Web – Click Port, L ACP, Configuration.
Configuring LAC P Param eters Dynami cally Creating a P ort Channel – Ports assigned to a common po rt chann el must m eet the follo wing cri teria: • Ports must have the same LACP S ystem P rio rity. • Ports mus t have the same LAC P po rt Adm in Key.
Web – Click Port, LACP, Aggregation Port. Set the Syste m Priority, Admin Key, and Port Prior ity for the Port Acto r. You can opti onally co nfig ure th ese settin gs for the Port Part ner.
--------- ---------- ---------- ----------- --------- ---------- ------------ -- Oper Key: 120 Admin Key: 0 Eth 1/ 1 --------- ---------- ---------- ----------- --------- ---------- ------------ -- LA.
Displ aying LACP Port Counters You can displa y statistics for LACP protocol mes sages. Table 8-1 LACP Port Counters Paramete r Descr iption LACPDUs Sent Number o f valid LACPD Us transmitted fr om this channel grou p. LACPDUs Re ceived Number of va lid LACPDUs rec eived b y th is channel group .
Descr iption Current operational value of the key for the aggr eg ati on port. Current administrative value of the key for the aggreg atio n port. Number of seconds b efore inva lidating rec e ived LACPDU informa tion. LACP system priority assigned to this port channel.
Web – Click Port, L ACP, Port Internal Information. Select a p ort ch annel to di splay the corres ponding inf ormation . Figure 8-7 L AC P - Por t Int ern al Inf o rm ation CLI – The followin g exa mple displays the LACP configu ration settings and opera tional stat e for th e local side of p ort ch an nel 1.
Display ing LACP Settings and Status for the Remote Side You can disp lay configur ation setting s and the operatio nal state for the re mote side of an lin k ag grega ti o n. Table 8- 3 LA CP N eighbor C onfi gurat ion Infor mati on Field Description Partner Admin System ID LAG partner’s system ID assign ed by the user.
. Setting Broadcast Storm Thresholds Broadcast sto rms may oc cur whe n a device o n your network is ma lfunction ing, or if application prog rams are not we ll designed or p roperl y configure d. If the re is too much broadca st traffic on your n etwork , per formance can be sever ely degr aded or everyt hing can co me to co mplete halt.
Console(c onfig)#int erface eth ernet 1/ 1 Console(c onfig-if)# no switchp ort broa dcast Console(c onfig-if)# exit Console(c onfig)#int erface eth ernet 1/ 2 Console(c onfig-if)# switchport broadcast.
• Mon itor port s peed sh ould ma tc h or exc ee d sourc e po rt spe ed, ot he rwise tr aff ic may be dropped from the monitor port. • All mirror ses sions ha ve to sh are th e sam e dest inati on port .
This functi on allows th e network manag er to co ntrol the maxi mum rat e for traffic transmitted or receive d on an in terfa ce. Rate lim iting is co nfigur ed on interf aces a t the edge o f a netw ork to limit traff ic into o r ou t o f the s witch.
Web - Click Port, Rate Limit, Input/Outpu t Port/ Trunk Con figuratio n. Set the Inp ut Rate Limit Statu s or Outp ut Rate Limit Status, then set th e rate lim it for th e indiv id ual interfaces, and click Apply.
Descr iption The total number of octets received on the interface, including framing cha racter s. The number of subnetwork-unicast packets delivered to a higher-layer protocol. The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addresse d to a multicast add ress at this sub-layer.
The number of outbound packets which were chose n to be discarded even though no errors had been detected to prevent their bein g transmitted. One possible reason for discarding such a packet could be to free up buffer space. The number of outbound packets that c ould not be transmitted because of errors.
The total number of frames (ba d, broadc ast and multi cast) re cei ved . The total number of good frames received that were directed to the broadcast addre ss. No te that this does not include multic ast packets. The total number of good frames received that were directed to this mu lt ic ast addre ss .
Web – Click Port, Port Statis tics. Select the re quired interface, and click Query. Y ou can also use the Re fres h butt on a t the b ott om of the page to upd ate th e sc re en.
CLI – This example shows stat istics for port 12. Console#show interfaces counters ethernet 1/12 27-10 Ethernet 1 /12 Iftable stat s: Octets inp ut: 86 8453, O cte ts outp ut: 34 92122 Unicast inp u.
Chapter 9: Address Table Settings Switches sto re th e a dd resse s fo r a ll know n d evi ces. This i nfor matio n is u sed to pass traffic directly between the inbo und and outbo und ports. All the ad dresses lea rned by monito ring traffic are stored in the dynamic addres s table.
Web – Click Address Table, Static Addre sses. Specif y the i nterface, t he MAC address and VLAN, then click Add Static Address. Fig ure 9-1 Sta ti c A ddres ses CLI – This examp l e adds an addres s to the static add ress tabl e, but sets it to be deleted when the switch is reset.
Web – Click Ad dress Table, Dynamic Add resses. Spe cify the search type (i. e., ma rk the Interface, MAC Addr ess, or VLAN checkb ox), select the method of sorting the displayed add resses, and then c lick Query. Figure 9- 2 Dynam ic A d d res ses CLI – This exa mple also dis plays the address tab le entrie s for port 1.
Changing the Agi ng Time You can set the aging t ime for e ntries in the dyna mic add ress tab le. Command Attributes • Aging Status – Ena ble s/disa bles the aging f unct ion. • Aging Time – The tim e a fte r which a le arned entr y is di scard ed .
Chapter 10: Spanning Tree Algorithm The Spanning Tree Algorithm (STA ) can be used to d etect and disable ne twork loops, and to provid e backu p links betwe en s witches , bridg es or rou ters.
MSTP – When using STP o r RSTP, it may be difficult to mainta in a stable pat h between all VLA N members. Fr equen t chan ges in the tree struct ure can easily isolate some of the gr ou p m emb ers . MST P (wh ich is ba sed on RS T P fo r fast converg ence) is designed to s upport i ndepend ent spann ing tr ees ba sed on VLAN groups.
Displa ying Global Sett ings You can display a sum mary of the c urrent bridge STA i nfor matio n th at ap plies to the entire switch using the STA Info rmation scree n. Field Attributes • Spanning Tree Stat e – S how s if th e switch is e nable d to partic ipat e in an STA-compliant network.
• Instanc e – Instan ce iden tifie r of th is sp ann in g tr ee. ( This is alw a ys 0 for th e CI ST. ) • VLAN s con figur ation – VL ANs as sign ed t o the CIST. • Priority – Bridge pri orit y is us ed in se lect ing the root de vice , root po rt, a nd designated port.
Console#s how spanni ng-tree Spanning-t ree informatio n --------- ---------- ---------- ----------- --------- ---------- ---- Spanning Tree Mode: MSTP Spanning Tree Enabled/Disabled: Enabled Instance: 0 VLANs Configuration: 1-4093 Priority: 32768 Bridge Hello Time (sec.
Configuring Global Setting s Global setting s apply to the en tire switch. Command Usage • Spann in g Tr ee Protoc ol 9 Uses RSTP for the interna l state mac hine, bu t sends on ly 802.1 D BPDUs. Th is creates one spa nning tree instanc e for the entire net work.
address will then become the root device. (Not e that lower nume ric values indicate higher p riority.) • Defau lt: 32768 • Ran ge: 0-61 440, in st eps of 409 6 • O ptions: 0, 40 96, 81 92, 12 2.
Config uration S etti ngs for MSTP • Max Instance Numbers – The ma ximum n umber of MS TP instances to wh ich this switch can be assig ned. (Defa ult: 33) • Configuration Digest – An M D5 s ignatu re k ey th at c ontains th e VLA N ID to MS T ID mapping table.
Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. Figure 10-2 STA Global Configura tion 10-9 Configuring Global Settings 10.
The ST A Port In formation and STA Trunk Info rmation pag es dis play the c ur re nt status of ports and t runks in the Span ning Tree. Field Attributes • Spanning Tree – Sho ws if STA has been ena bled on th is in terf ace.
AD B x Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the des ignated port. RR AD B x • Trunk Member – Indicate s if a port is a m embe r of a trun k.
These additional para meters are on ly displayed for the CLI: • Ad mi n st at us – Shows if this in terfac e is ena bled . • Exter nal path cost – Th e path c ost for t he IST . Th is paramet er is use d by the STA to de termine t he best p ath bet ween dev ices.
Admin Status: Enabled Role: disable State: discarding External Adm in Path Cost: 0 Internal Adm in Path Cost: 0 External Ope r Path Cost : 1000 0 Internal Ope r Path Cost : 1000 0 Priority: 128 Designated Cost: 100000 Designated Port: 128.5 Designated Root: 32768.
The following in terface attribu tes can be configure d: • Spanning Tree – Enabl es/di sabl es STA on this i n te rfac e. (De fa ult: Enabled ) • Priority – Defin es the pri ori ty use d for thi s port i n the S pann in g Tree P rotoc ol. If the path cost for all po rts o n a switch are the sa me, the port with the highest prio rity (i.
forwarding da tabase to r educe the amount of frame floo ding req uired to re build address table s during rec onfigura tion even ts, does not c ause th e spanning tre e to initiate reconfigur ation wh en the in terfac e changes s tate, an d also overcom es other STA-related timeout problems.
Configuring Multip le Spanning Trees MSTP gene rates a unique s panning tr ee for ea ch instan ce. This p rovides m ultiple pathway s across the net work, th ere by balan cing the traffic l oad, p rev.
Web – Click Spanning Tree, MSTP, VLAN Configuration. Sele ct an instance identifier fro m th e list, set the instance prio rity, an d click Apply. To add the VLAN members to an MSTI in stance , e nter the ins tance identifie r, the VLA N iden ti fier, and click Add.
Console(c onfig)#spa nning-tree mst-configura tion Console(c onfig-mst) #mst 1 priorit y 4096 Console(c onfig-mstp )#mst 1 vl an 1-5 Console(co nfig-mst)# 10-18 --------- ---------- ---------- -------.
Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Infor mation pa ges display th e current status of p orts and trunk s in th e sele cted MST instance. Field Attributes MST Instance ID – Instan ce ident ifier to configu re.
. Configuring Interf ace Settings for M STP You can co nfigure the STA in terface settings for an MS T Instance usin g the MS TP Port Configuration a nd MST P Tr unk Confi guratio n pag es.
* Use the STA Config uration scr een (page 1 0-6) to s et the path cost met hod. Web – Click Spanning Tree, MSTP, Po rt Configuratio n o r Trunk Configura tion. Enter the priority and path cost for an interface, an d click Appl y. Figure 10-11 MS TP Port Conf igurati on 10-21 Protocol is detecting netw ork loop s.
CLI – This exam pl e sets the MS TP at tri bute s for port 4. Console(c onfig)#int erface eth ernet 1/4 Console(c onfig-if)# spanning-t ree mst port-pri ority 0 Console(c onfig-if)# spanning-t ree m.
Chapter 11: VLAN Configurati on IEEE 802.1Q VLANs In larg e networks, route rs are u sed to iso late broa dcast traffic for each su bnet into separate do mains. This switc h provides a sim ilar service at Laye r 2 by using VLANs to organi ze any group of n etwork nodes into separ ate broadca st domains.
VLAN Classific ation – When the s wit ch receives a fra me, it classifies the fram e i n one of tw o ways . If the fra me i s un ta gge d, th e sw itch assi gns t he fra me to an associat ed VLAN (based on the def ault VLA N ID of the receiving po rt).
Forwardi ng T agge d/Untagged Frames If you want to crea te a small por t-based V LAN for dev i ces attac hed directly to a single switch, you c an assign ports to th e same untagged VLA N. Howeve r, to participate in a VLAN group that cro sses seve ral sw itches, you should create a VLAN for th at group and enable taggin g on all ports.
Displaying Basic VLAN Information The VLAN Basi c Information pa ge displ ays basic inform ation on the VLAN typ e suppo rted b y the sw it ch . Field Attributes • VLAN Version Number 12 – Th e VLA N version use d by thi s sw itch a s sp eci fi ed in the IEEE 802.
Displ aying Current VLANs The VLAN Cu rrent Table sho ws the current port me mbers of each VL AN and whether o r not the port su pports V LAN tagging. Ports assigned to a large VL AN group that cro sses severa l switches shoul d use VLA N tagging .
Command Attributes (CLI ) • VLAN – ID of confi gur ed VLAN (1-4 093, n o le adin g zeroes ). • Type – Shows how th is VLAN wa s added to the swi tch. - Dynami c : Automat ically le arn ed via GVR P. - Static : Adde d as a s tati c e ntry . • Name – N ame of th e VL AN (1 to 32 cha ract ers).
Web – Click VL AN, 8 02.1Q VLAN, Static L ist. To create a new VLAN, en ter the VLAN ID and VLAN name, mark the Enab l e checkbox to activate th e VLAN, and then c lic k A dd. Figure 11-4 VLAN Static List - Creati ng VL AN s CLI – Th is exa mpl e crea tes a ne w VLAN.
Command Attributes • VLAN – ID of con figur ed VLAN (1-4 093 ). • Name – Nam e of the VL AN (1 to 32 chara cters) . • Status – En ables or dis ab les th e speci fied VL AN. - Enable : VLAN is operat iona l. - Disab le : VL AN i s suspe nded; i.
Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by P ort menu t o assign VLAN groups to the sele cted interfac e as a tag ged mem ber. Command Attributes • Inte rfac e – Port or tr unk ident ifier . • Member – VLANs for which t he selec te d interfa ce is a tagged mem ber.
Configuring VLAN Beha vior for Interfaces You can conf igure VLAN behavior fo r specif ic inter faces, i ncludin g the defau lt VLAN identifier (PVID), acce pted frame types, in gress filte ring, GVR P status, and GA RP tim e rs .
Leave or Le ave All m essag e has b een issued , the applican ts ca n rejoin b efore t he port actually leave s the grou p. (Range: 60 -3000 centis econds; De fault: 60 ) • GA RP L eaveA ll Timer 13 – The in terv al between s end ing ou t a Leav eAll quer y message for V LAN group participa nts and the port leavin g the gro up.
IEEE 802.1Q Tu nneling (QinQ) is de signed for service pro viders carry ing traffic for multiple customers acro ss their networks. Qin Q tun neling is used to mainta in customer-spe cific VLAN and La yer 2 protoc ol configu rations even when different customer s use the same internal VLAN IDs.
Layer 2 Fl ow for Pac kets Coming i nto a Tun nel Access Port A QinQ tunnel port may receive eith er tagged o r untagged packets. No matter how many tags the incoming packet has, it is t reated as tagg ed pack et. The ingress pro cess does sou rce and des tinatio n lookups.
3. After packet classific atio n th roug h th e swi tchin g pro ce ss, th e pa cket is writ ten to memory wi th one tag (an outer tag) or with two tags (both an outer ta g and inner tag). 4. The swi tch sen ds the packet t o the p rope r eg ress po rt.
Configuration Li mitation s for QinQ • The native VLAN of uplin k ports should no t be used as the SPVLA N. If the SPVLAN is th e uplink port's na tiv e VLA N , the upl ink po rt mus t be a n un ta gged m emb er o f the SPVLAN. Then the ou ter SPVLAN tag will be strip ped when th e packets are sent out.
Enabl ing QinQ Tunneling on the Switch The switch can be configured to operate in normal VLAN mode or IEEE 802.1Q (QinQ) tu nneling mode whi ch is u sed for pa ssing La yer 2 traffic a cross a ser vice provider ’s metropolitan area network .
. Adding an Interface t o a QinQ Tunnel Follow th e guide line s in th e prec edin g s ection to set up a Qi nQ t unnel o n th e swi tch. Use the VLAN Port Config uration or VLAN Tru nk Configuration screen to set the access po rt on the edge s witch to 802.
Web – Click VLA N , 802.1Q VLAN, 802.1Q Tu nnel Confi guration o r Tunnel Trunk Configu r ation. Se t the mode for a tun nel acc ess port to 80 2.1Q Tunne l and a tunne l uplink port to 802.
Configuring Uplink and Downli nk Ports Use the Private VLAN L ink Status pa ge to set p orts a s downlink or uplink p orts . Ports design ated as do wnlin k p orts can not c om mun icat e w ith any other po rts on the switch except for the uplink ports.
The network d evices requir ed to support multiple proto cols cannot be e a si ly grouped into a co mmon VL AN. This may req uire non -standa rd devic es to pa ss traffic between d ifferent VLA Ns in order to e ncompass al l the devices participating in a specific protocol .
• Proto col Type – The only option for the LLC_other frame type i s IP X_raw. The options for all othe r frames typ es include : IP , IPv 6, ARP, RA RP, and us er-d efined (0801 -FFFF h exade cimal). Web – Click VLAN , Protocol VLA N, Config uration.
Command Attributes • Inte rfac e – Po rt or t r unk id enti fie r. • Protocol Gro up ID – Group identifier of thi s protocol group. (Range: 1-2147483647) • VLAN ID – VLAN to w hich m atc hing protoco l tr affic is forw ard ed. ( Range: 1-40 93) Web – Click VLAN, Proto col VLAN, Po rt Con figuratio n.
Chapter 12: Link Layer Discovery Protocol Link Layer Discov ery Protocol ( LLDP) is used to dis cover b asic in form a tion about neighbori ng devices on the local broadcast doma i n. LLDP is a Layer 2 protocol that uses period ic broadcasts to adv ertis e inform atio n about th e sending device.
• Reinitia liza tion D elay – Co nfig ures the d elay befor e att empti ng to r e-in iti alize after LL DP ports are d isabled or the link goes d own. (Ran ge: 1- 10 sec onds; Def ault: 2 seco nds) When LL DP is re-initiali zed on a port, all inf ormation in the rem ote sy stems LLD P MIB associated wi th this port is deleted.
. Configuring LLDP Interface Attribute s Use the LLDP Port/Trunk Co nfigur ation to specif y the message attri butes for individual interfaces , in cludin g wheth er message s are trans mitted , recei ved, or bot h transmitted an d receive d, whe ther SNM P notific ations are sent, and the type of informatio n advertis ed.
- System De scrip tion – The system descr ip tio n is taken fr om th e sy sDes cr object in RFC 3418, wh ich in clu des th e fu ll n a me and version id entif ication of the system's hardw are type, so ftware oper ating syste m, and ne tworkin g softwa re.
Use the LLDP L ocal Device In formation scree n to di splay informa tion about th e switch, su ch as its MAC ad dress, cha ssis ID, manage ment IP addre ss, and p ort informatio n. Field Attributes Global Setti ngs • Chassis T ype – Identifies the c ha ssis conta inin g the IEEE 80 2 LA N entity associat ed with the tran smitting LLDP age nt.
• Syste m Ca pabilities Supp orte d – The capa bi lities tha t def ine the pri mar y function(s ) of the sy stem. Table 12-2 System Ca pabilities ID Basis Reference Other — Repeater IETF RFC 2108 Bridge IET F RFC 26 74 WLAN Access Point I EEE 802 .
Figure 1 2-6 LLDP Lo cal De vice Infor matio n CLI – This example displays LLDP informati on for th e local s witch. Console#show lldp info local-device 32-15 LLDP Local Syst em Informa tion Chassis.
This example displays d etailed informatio n for a spec ific port on the local swi tch. Console#show lldp info local-device ethernet 1/1 32-15 LLDP Por t Informa tion Det ail Port : Eth 1/1 Port Type .
CLI – This ex ample displays LLDP information for remote devices attached to th is switch which are adve rtising information thr ough LL DP. Console#show lldp info remote-device 32-16 LLDP Remote De.
• Sy stem Descrip tion – A text ual de scri pti on of the n etwork en tit y. • Syste m Ca pabilities Supp orte d – The capa bi lities tha t def ine the pri mar y function(s ) of the system. (See Table 12 -2, “S ystem Ca pabilities,” on pa ge 12-6.
CLI – This example displays LL DP information for an LLDP-e nabled remote device attached to a sp ecific po rt this switc h. Console#show lldp info remote-device detail ethernet 1/1 32-16 LLDP Remot.
Web – Click LLDP, Device Statistics. Figure 12-9 LL DP Dev ice St atis tic s CLI – This example displa ys L LDP sta tis tics re ceived fro m all L LDP-en abled re mote devices conne cted direc tly to this swi tch.
Displaying Deta iled Device Statistics Use the LLDP Device Statistics Details screen to d isplay detailed statistics for LLDP-capable d evices attached to s pecifi c interfa ces on the swi tch.
CLI – This example displays detaile d LLDP statis tics for an LLD P-ena bled remote device atta ched to a sp ecific p ort this switch. switch#show lldp info statistics detail ethernet 1/1 32-18 LLDP.
Chapter 13: Class of Service Class of Ser vice (CoS) allo ws you to sp ecify which data packets have g reater precedence when tr affic is buffered in th e switch due to con gestion. This switch suppo rts CoS with eight priority que ues for ea ch port.
Web – Click Priority , Defaul t Port P riority or Defa ult Trunk Pr iority. Modify the default priority for any interface , then cli ck Apply. Figure 13 -1 De fault P ort Pri ority CLI – This exam ple assigns a default priority of 5 to port 3.
The priority levels recomm ended in th e IEEE 80 2.1p standa rd for various network applications are shown in the follo wing table. Ho weve r, you ca n map the prior ity levels t o the switc h’s outp ut queu es in any way that b enef its appli cation t raffic f or your o wn ne two rk .
Web – Click Priority, Traffic Clas ses. Assign priorities to th e traffic c lasses (i.e., output queues), then click App ly. Figure 13-2 Traffi c Clas ses CLI – The following example shows how to change th e CoS assig nments to a one-to-o ne mappi ng.
Selecting the Queue Mode You can se t the s witc h to s ervice the que ues bas ed o n a st rict rul e th at req uir es all traffic in a higher prio rity queue to be proce ssed b efore lower priority que ues are servic ed, or use Weighted Round -Robin (W RR) queuin g that spe cifies a re lati ve weight of ea ch queu e.
Setting the Service Weight for Traffic Classes This switch u ses the Wei ghted Round Robi n (WRR) algorithm to determin e the frequency at which it se rvices e ach prio rity queue . As describ ed in “Mapp ing CoS Values to Egre ss Queues” on page 3, the traffic classe s are map ped to one o f the eight egre ss q ueues provided for each p ort.
. Layer 3/4 Priority Setti ngs Mapping Layer 3/4 Prio rities to CoS Values This switc h suppo rts severa l com mon meth od s of prio ritiz ing laye r 3/4 traffi c to meet application requ irements.
Mapping IP Precedence The Type of Service (ToS) o ctet in the IPv 4 he ader inclu des th ree precede nce bits defining eight different prior ity le ve ls ran ging from high est priority for ne twork con trol packets to low est priority for routine traffic.
Web – Click Priority, IP Preced ence Prio rity. Select an entry fro m the IP Prec edenc e Priority Table , enter a value in the Clas s of Servic e Value field, a nd then click Ap ply.
Mapping DSCP Priority The DSCP is six bits wi de, al lowi ng c od in g for u p to 6 4 diff er ent f orw ardi ng behaviors. The DSCP replace s the ToS bits , but it retains backward compatib ility with the three pr ecedence bits so that non-DSCP com pliant, ToS- enable d devices, will not co nflict with th e DS CP map ping.
* Mapping sp ecific values for IP DSCP is i mplemented as an interface configurati on command, but any changes will apply to the all interf aces on the switch. Mapping IP Port P riority You can also ma p network applicatio ns to Class of Ser vice value s based on the IP port number (i.
Click Pr iority, IP Port Prio rity. Enter the p ort number for a ne twork applic ation in the IP Port N umb er box and the n ew CoS v al ue i n the C la ss of Servi c e box, and the n click Apply.
Chapter 14: Quality of Service The command s describ ed in this sect ion are used to configur e Quality of Se rvice (QoS) classification criteria and service poli cies.
Configuring a Class Map A class map is used for matching packets to a spec ified class. Command Usage • T o conf igure a C lass M ap, foll ow these st eps: - Ope n the Clas s Map pa ge, and click Ad d Class. - When the Class C onfigur ation p age o pens, f ill i n the “Clas s Name ” f iel d, an d click Add.
• IP P reced enc e – An IP Pr eceden ce value . (R ange: 0- 7) • VLAN – A V LAN. (Rang e:1-409 3) • IPv6 DSCP – A DSCP value co ntaine d in an IP v6 packe t. (Ra nge: 0-63) • A dd – Adds s pecifi ed criter ia to th e clas s. Up to 16 ite ms are perm itt ed per clas s.
Creating Q oS Policies This function cr eates a polic y map tha t can be attached to multiple interfa c es. Command Usage • To configure a Po licy Map , follo w thes e steps : - Creat e a Clas s Map as de scribed on page 1 4-2. - O pen the Pol icy Ma p page, an d click Ad d Policy .
• Add Po lic y – O pens t he “Po licy Co nfigur ati on” pa ge. Enter a poli cy name and description on this p age, and click Add t o open the “P olicy Rule Set tings ” page. Enter the cr iteria us ed to se rvice ing r ess t raffic on this p age.
Web – Clic k QoS, DiffSe rv, Policy Ma p to displa y th e list of existin g policy maps. To add a ne w policy ma p click A dd Po licy. To con figure the po licy rule se ttings click Ed it Cla sse s.
Attaching a Policy Map to Ingress Queues This function bind s a po lic y m ap t o the i ngre ss queu e of a part ic ular i n te rfac e. Command Usage • You must fir st defi ne a cla ss map, t hen de fine a pol icy ma p, a nd fi nally bind the ser vic e poli cy to t he requir ed in terfac e.
14 14-8 Quality of Service.
This switch ca n use In tern et Gr oup Man agemen t Protocol ( IGMP) to filter mu lticast traffi c. IGMP Sn oop ing c an be use d to pa ssiv ely m onito r or “snoop” on exchang es betwee n attach ed hosts and an IG MP -ena ble d d ev ice, mo st co mmon ly a mul t ic ast ro uter.
Layer 2 IGMP (Snoopin g and Query) IGMP S nooping and Quer y – If multic ast rout ing is n ot supp orted on other s witche s in your net work, you c an use IGM P Snoopin g and IGMP Query (pa ge 15-3.
Static IGMP Host Interface – For multicast app licatio ns that you ne ed to control more carefull y, you can ma nually ass ign a multic ast service to specific interfaces on the swi t c h (page 15-9) . Configuring IGMP S n ooping and Query Parameters You can c onfigure the switch to forw ard multic ast traffic intelligent ly.
• IGMP Query Timeout — The time the switch wa its after the p revious que rier stops before it con siders the router port (i.e., the inter face which had b een receiving query packets ) to have expire d.
Enabling IGMP Immediate Leave The switch can be configu red to imme diately dele te a membe r port of a multicast serv ic e if a leave pack et is r ece ived at tha t po rt an d th e imm e diat e-l ea ve func t io n is enabled for the pare nt V LAN.
Displa ying Interfaces Attached to a Multicast Router Multicast router s that are at tached to ports o n the switch use infor mation ob tained from IGMP, along with a mult icast r outin g prot ocol such as DVMRP or PIM, to support IP multic asting across the Int ernet .
Specify ing Static Inter faces for a Multicast Router Dependi ng on your net work co nn ections, IGMP sno oping m ay not always b e able t o locate the IGMP querier.
Display ing Port Members of Multicast Services You can disp lay the po rt members associa ted with a spe cified VLA N and mu lticast servic e. Command Attribute • VLAN ID – Sel ec ts th e VLA N for which to dis play po rt m embe rs. (Ran ge: 1- 4093) • Multicast IP Add r es s – Th e IP add ress for a specific mu ltica st service .
Assigning Ports to Multicast Services Multicast filtering can be dynami cally co nfigured usi ng IGMP Snoop ing an d IGMP Query mess ages as descri bed in “C onfiguring IGMP Sn ooping an d Query Parameters” on page 15-3.
15 15-10 Multicast Filteri ng.
Chapter 16: Domain Name Service The Domai n Naming System (DNS) service on this switch allows host names to be mapped to IP a ddresses usin g static tab le entrie s or by redire ction to ot her na me serv ers on the n etwor k.
Web – Select DNS, Ge neral Config uration. Set th e default dom ain name or list of domain nam e s, spe ci fy on e or mo re name s erv er s to us e to use fo r add ress resolu tion, e nable domain lo okup status, and cl ick A pply.
Configuring Static DNS Ho st to Address Entr ies You can man ually configure stat ic entries in the DNS table th at are use d to map domain name s to IP a ddresse s.
Web – Select DNS, Static Ho st Table. Enter a host name an d one or m ore correspon ding addresses, the n click Apply. Figure 16-2 DNS Static Host Tabl e CLI - This example maps two address to a host name , and then configu res an alias host n ame for th e same add resses.
Displaying the DNS Cache You can display entries in the DNS cache that have b een lea rne d v ia th e des igna te d name se rvers. Field Attributes • No – Th e entr y num ber fo r each resour ce rec ord. • Fla g – The flag is alway s “4” i ndic atin g a cache ent ry and the refor e unreli abl e.
16 16-6 Domain Name Service.
Chapter 17: Dynamic Host Configurati on Protocol Dynamic Host Co nfigurati on Protocol (DHC P) can dyna mically allo cate an IP add ress a nd other configur ation in fo rmat ion t o net wor k clie nts wh en th ey boo t up.
Web – Click DHCP, Relay Configuration. Enter up to five IP ad dresses for any VLAN, the n click R estart DH CP Rela y to start the relay service. Figu re 17-1 DHC P R elay C onfigu rati on CLI – This ex am p le s pecifie s o ne DHC P re l ay se rv er fo r VLA N 1, and e n able s th e rela y serv ic e.
Command Usage • First configu re a ny ex cluded a ddr esses , incl uding the add re ss for th is swi tc h. • Then configu re add res s pools for the netwo rk int erfa ces. Y ou c an co nfigure u p to 8 netwo rk addre ss p ools. You can als o man ual ly bind an ad dr es s to a spe cif ic client if requ ired.
Configuring Address P ools You mus t configure IP addre ss pools for each IP inte rface that wi ll provide addresses t o attached clients via the DHC P server. Command Usage • Firs t configu r e a ddress po ols for the net work inter face s. Then you c an m anua lly bind an address to a s pec ific clien t i f req ui re d.
• Configure – Click thi s bu tto n to con figu re the corre sp ondi ng addr ess poo l. Setting the Network Parameters • IP – T he IP addr ess o f t he D HC P add re ss pool. • Subnet Mask – The bit co mbination tha t ident ifies the ne two rk (or s ub net ) and the host por tion of the DHCP ad dress p ool.
Examples Creating a New Address Po ol Web – Click DHCP, Server, Pool Configuration. Specify a pool name, then click Add. Figure 17-3 DHCP Server Pool Configuration CLI – This ex ample add s an addres s pool and enters DHCP pool config uration mode.
Figure 17-4 DHCP Server Pool - Network Configuration CLI – This example configures a network addre ss pool. Console(co nfig)# ip dhcp po ol tps Console(c onfig-dhcp )#network 1 0.1.0.0 255.2 55.255.0 Console(c onfig-dhcp )#default- router 10.1. 0.253 Console(c onfig-dhcp )#dns-serv er 10.
Figur e 17-5 DHCP Server Pool - H ost Co nfig uration CLI – This examp le configures a host address pool. Console(co nfig)# ip dhcp po ol mgr Console(co nfig-dhcp)#hos t 10.
Displa ying Address Bindings You can disp lay the host device s which h ave acq uired an IP ad dress from th is switch’s DHCP server. Command Attri butes • IP A ddress – IP a ddres s assigne d to hos t. • Mac Ad dress – M AC addr ess of host .
17 17-10 Dynamic Host Configur ation Protocol.
Chapter 18: Configuring R outer Re dundancy Router r edundancy protocols us e a virt ual IP ad dress to sup port a p r imary route r and multiple ba ckup rout ers. The bac kup route rs can be co nfigur ed to take over the workl oad if the m aster route r fa ils, or ca n also be conf igured to share the traf fic load.
• Several virtual master route rs con f igured fo r mutu al bac kup and l oad shar ing. Load sharing c an be accomplishe d by assigning a s ubset of addres ses to differe nt host address pools usin g the DH CP serv er. (See “Con figurin g Address Pool s” on page 17-4 .
where the configured priority is the sa me on several group members, th en the master ro uter with the h ighest IP address is selected f rom this g roup. • If you hav e mul tip le sec ondar y addres ses confi gu red on the cur rent VLAN interface, you can add a ny of thes e address es to the virtual ro uter gro up.
Command Attributes (VRR P Group Configu ration De tail) • Associat ed IP Ta ble – IP inte rfac es asso ciated with t his vir tu al route r g rou p. • Associated I P – IP add ress o f the v irt ual ro uter, or se con dary IP ad dresses assigned to the cu rrent VLA N interfac e that are s upported by this VRRP gro up.
Web – Click IP, VRRP, G roup Configuration. Select th e VLAN ID, enter the V R ID group nu mber, and cli ck Add. Figure 18- 1 VRRP Group Configura tion 18-5 Virtual Router Red undancy Protoc ol 18.
Click the Edit button for a group entry to open th e detailed configurat ion windo w. Enter the IP addre ss of a real in terfa ce on this rou te r to m ak e it t he mas te r v irtua l router for th e group.
Displ aying VRRP Global Statistics The VRRP Global Statistics page display s counter s for errors fo und in VR RP protocol pac kets. Field Attributes • VRRP Packets w ith Invalid C h ecksum – The total number of VRRP packets received with an inval id VRRP checksum value .
Displ aying VRRP Group Statistics The V RRP Group Statist ics page d isplays co unters for VRR P protocol events an d errors that have occ urred on a specific VRR P inte rface. Field Attributes • VLAN ID – ID of a VLAN configured with an IP interfa ce.
Web – Click IP, VRRP, Gr oup Stati stics. Select the VLAN and virtual router group. Figu re 18-4 V RRP Grou p S tat isti cs CLI – This example d isplays VRRP protocol statistics fo r group 1, VLAN 1.
18 18-10 Configuring Rout er Redundancy.
Chapter 19: IP Routing Overview This switch sup ports IP routin g and routin g path mana gement vi a static routin g definitions (page 19-21) and dynam ic routing protocol s such as RI P or OSP F (page 20-2 or 20-14, respe ctively).
Intra-subnet traffic (Layer 2 switching) IP Switching IP Switching (o r packet forwar ding ) e ncom passe s tasks required to fo rwa rd packe ts for both Layer 2 and Lay er 3, as w ell as tradit ional routing .
not included on thi s swit ch, t hen the packe t sh ould be sent to the n ext hop ro ut er (with the MAC ad dress of the rou ter its elf used a s th e de stinat ion MA C ad dress, and the destinat ion IP addre ss of the destination node). Th e router w ill then forward th e packet to the destination n ode t hroug h the cor rect pa th.
Routing Proto cols The switc h supports both static an d dyna mic routing . • Static routing requires routing information to be stored in the swit ch either manually or w hen a c on nec tio n is set up b y an ap pli cati on o utsi de t he swi tc h.
You can sp ecify the IP subnets connected to this ro uter by man ually assignin g an IP address to ea ch VLAN, or b y usin g the RIP or OSPF dynam ic routi ng pro to cols to identify routes that lead to other in terfaces by excha nging pr otocol mess ages with other router s on the netwo rk.
• Before you c on fi gu re a ny net wo rk i nt erf ace s on th i s r ou te r, y ou sh ou ld f i rs t cr eat e a VLAN for ea ch uni que use r grou p, o r for e ac h netwo rk appli ca tion and i t s associated users. Then assign the ports associated w ith each of these VLANs .
Web - Click IP, General, Routing I nterfa ce. S pecify an IP interface for ea ch VLAN that will suppo r t routing to ot her subne ts. First spe cify a primar y addres s, and clic k Set IP Configur ation.
Address Resoluti on Prot ocol If IP routing is e nab led (page 19 -4), the rou te r u ses its ro utin g ta bles to m a ke r out ing decisions, and u ses Addres s Resoluti on Proto col (ARP ) to for ward traffi c from on e hop to the next. ARP is us ed t o map an IP add ress to a ph ysic al la yer (i .
Command Attributes • Tim eout – Se ts the aging time f or dyna mic ent rie s in the ARP cach e. (Range: 3 00 - 864 00 seco nds; Default : 1200 s econds or 20 minutes ) The ARP aging time out can be set for any curr ently conf igured VLAN . The aging time de termines ho w long dyna mic entrie s remain the cach e.
Web - Click I P, ARP, Ge neral. S et the t imeo ut to a suita ble valu e fo r the ARP ca che , enable Proxy ARP for sub networks that do not have routing or a defau lt gateway, and click Apply. Figure 19-3 ARP G eneral CLI - This exam pl e sets the ARP ca che tim eo ut for 15 m inu te s (i.
Configuring Static ARP A ddresses For devices that d o no t r esp ond to AR P reque sts or do not res pon d in a ti mel y manner, traffic will be dropped because the IP addres s cannot be mapp ed to a physica l addr ess. If th is occ urs, you can m a nua lly ma p an IP ad dr ess to t he correspon ding physi cal ad dress in the A RP cache .
Displ aying Dynamically Learned ARP Entries The ARP cache contains en tries that map IP addresses to the correspond ing physical address. The ARP cache contain s static entrie s, an d entries fo r local interfaces, including subnet, host, and broadcast add resse s.
Web - Click IP, ARP, Dynamic Addresses. You can use the buttons provided to change a dyn amic entry to a static entry, or to clear all dyna mic ent ries in the c ache. Figure 19-5 ARP Dyna mic Addresses CLI - This exa mple sho ws all entr ies in the A RP cache.
Web - Click IP, ARP, Other Add resses. Figu re 19-6 ARP Other Ad dre ss es CLI - This router uses the Typ e sp ecificatio n “ot her” to in dica te loc al cac he ent ries in the ARP cach e.
Address Resolution Protocol Web - Click IP, ARP, Statistics. Figur e 19-7 ARP Statist ics CLI - This example provid es detaile d statistics on com mon IP -related protoco ls.
Descr iption The total number of input datagrams re c eived from int erfaces, inclu ding those received in error. The number of input datagrams di scarded becau se t he IP address in the header's destination field was not a valid address for this entity.
Table 19-3 IP Statist ics (Continued) Paramete r Descr iption Routing Discards The number of routi ng entries which wer e chosen to be discarde d even though they are valid. One possible reason for discarding such an entry could be to free-up buffer space for other routi ng entri es .
Table 19-4 ICM P Stati stics (Continued) Paramete r Descr iption Destination U nre achable The numb er of ICMP Desti nation Unreac hable me ssages receiv ed/sen t. Time Exceeded Th e number of ICMP Tim e Exceeded me ssages receiv ed/sent. Parameter Probl ems The numb er of ICMP Para met er Problem messages re cei ved/se nt.
UDP Statistics User Datagram Protoco l (UDP) pro vides a da tagram mod e of packet-switche d communications. It uses IP as the underlying transp ort mecha nism, providing access to IP-like services. UDP pac kets are d elivered just like IP packe ts – connection- less datagram s that m ay be disc arded b efore reaching the ir ta rgets.
TCP Statistics The Transmission Contr ol Protocol ( TCP) pr ovides high ly reliab le host-to- host connections in pack et-swi tched netwo rks, and is used in conjun ction with IP to suppo rt a wide va riety of Int ernet protoc ols.
Configuring Static Routes This router can dynamically configure routes to other ne twork segments u sing dynamic routing protoco ls (i.e., RIP or OSPF).
Web - Click IP, Routing, Static Routes. Figure 19-12 IP Static Route s CLI - This example fo rwards al l traffic for subn et 192.168 .1.0 to the router 192.168.5 .254, us ing the default me tric of 1. Console(c onfig)#ip ro ute 192.168. 1.0 255.255.25 5.
Web - Click IP, Routing, Routing Table. Figure 19-13 IP Routing Table CLI - This exam ple sho ws routes obtain ed from various methods. Console#show ip route 42-3 Ip Address Netmask Next Hop Protocol Metric Interface --------- ------ --- ---------- -- -------- ------- -------- ------ --------- 0.
19 19-24 IP Routing.
Chapter 20: Unicast Routing This switch can route unic ast tra ffic to diffe rent subnetwo rks usin g the Rout ing Infor mation P rotoc ol (RI P) or Open Shortest Path Firs t (OSPF) protocol.
Cost = 1 f or all links Routing table fo r node A Command Usage • Just as Layer 2 switches use the Spanning Tree Algorithm to prevent loops, routers also use method s for prev enting loops that would cause endles s retran smissio n o f data traffic.
Configuring General Protocol Settings RIP is used to s pecify how rout ers exch ange routing inf ormation . When RIP is enabled on this router, it send s RIP mes sages to all devi ces in the net work ev ery 30 seconds (by default), and upd ates its own routin g table when RI P messag es are rece ived from other rou ters.
Web - Click Routing Protoc ol, RIP, Genera l Settings. Enable or disable RIP, set the RIP version use d on previous ly unset inte rfaces to RIPv 1 or RIPv2, set the ba sic update time r, and then c lick App l y.
Specifying Netwo rk Interfac es for RIP You must specify network interfaces that w ill be included in the RIP routi ng p roces s. Command Usage • RIP only sen ds up dates to i nter face s sp ec ifi ed by this comm a nd. Command Attributes • Sub net Address – IP addre ss of a network di rect ly con nec ted t o this ro uter.
Configuring Network Interfaces for RIP For each in terface th at participates in the RIP r outing pro cess, you m ust spec ify the protocol mes sage type acce pted (i.
Protocol M essage Authen tication RIPv1 is not a sec ure protoco l. Any de vice se nding p rotocol mess ages from UDP port 520 wil l be considered a router by its neighbors. Malicious or unwanted protocol messages can be easily pro pagated througho ut the netwo rk if no auth entica tion is required .
• Authen tication Type – Spec ifi es w hethe r or not au thent ica ti on is req uire d fo r exchanging protocol mess ages. (Defa ult: No Authentica tion) - No Authentication : No a uth ent icat io n is re quir ed .
Redis tribu ting Routing Information fr om Other Domains RIP can be co nfigured t o impor t external rout ing informat ion from othe r rout ing domains (that is, protoc ols or stati c routes ) into th e auto nomous sys tem. Command Attributes • Redistr ibute Pr otocol – Only static r outes can be i mpor ted i nto thi s ro uting dom ain.
Web - Click Routing Protoc ol, RIP, Redistrib ute Con fig uratio n. Enter the redistrib ution met ric for stati c routes, an d click Set. Figure 20-4 RIP R edistribution Configura tion CLI - This example redistributes sta tic routes an d sets the me tric for al l of these rout es to a v alue of 3.
Descr iption Indicates if RIP has been e na bled or dis abl ed. The interval at which RIP advertises known route in formation. (Default: 30 seconds) Number of times routing information has changed. Number of router database queries received by this router.
Web - Click Routing Protocol, RIP, Statistics. Figur e 20-5 R IP Sta tistics 20-12 Unicast Routing 20.
Inte rface Rc vBadPac kets Rc vBadR oute s Send Up dates ----- ------- --- --- ----- ---- --- ---- ---- ------ -- ----- ----- --- 10.1.0. 253 0 0 60 10.1.1. 253 0 0 63 Console#show ip rip p eer Peer Up date Time Ver sion RcvB adPac kets RcvBa dRout es ----- ------- --- --- ------- -- ---- ----- --- ------ ------ - ----- ------- - 10.
Configuring the O pen Shortest Path First Pr otocol Open Shortest Path Fir st (OSPF) is more suited for large area networks which experience fre quent change s in th e links.
• OSPF v2 is a compa tible upgrad e to OSPF. It involves enhancem ents to protoco l message authentica tion, a nd the addition of a point- to-multipoi nt interface whi ch allows OSPF to ru n over non -broadcast netw orks, as w ell as suppo rt for overla pping area rang es.
autonomo us systems to w hich it may be atta ch ed. If a r outer is enabled as an AS BR, then e ve ry other route r in the auton omous syst em can learn ab out exte rnal rout es from this device.
• Advertise Default Route 22 – The router can advertise a defaul t external route into the auto nomous sys tem (AS). (Options: N otAlway s, Alwa ys; D efault: NotAlwa ys) • Alw a ys – T he ro uter wi ll ad verti se it self as a defau lt e xter nal r oute f or the loc al AS, even if a de fault e xter nal r oute d oes n ot act ua lly e xist.
Unicas t Routing 20-18 20 We b - Cli ck Routing Pr otocol, OSP F , Gene ral Configurat ion. Enable OSPF , specify the Route r ID, configu re the other globa l parameters a s required, an d click Apply .
Configuring OSPF Areas OSPF protocol broadcast m essages (that is , Lin k State Advertise ments or LSA s) are restricted by area to limit their impact on network performance.
AS There are n o ex te rn al ro utes i n an OS PF stub are a, so r outes can no t be redistributed from ano ther protocol into a stub are a. On the othe r hand, an NSSA allows external ro utes from ano ther proto c ol to be redistribu ted into its o wn area, and then lea ked to adjac ent areas.
Command Usage • Befor e you create the backbone , a s tu b or NSSA, fi rst specify the add ress range for the area using th e Network Area Addres s Configuratio n screen ( page 20 -31). • Stubs a nd NSSAs cannot be used as a t ran sit area, and should therefo re be placed at the edg e of the ro uting dom ain.
Unicas t Routing 20-22 20 We b - Cli ck Routing Pr otocol, OSP F , Area C onfiguratio n. Set any are a to a stub or NSSA as required, specify th e cost for the defa ult summary r oute sent into a stub, and click Ap ply . Figure 20-7 O SPF Are a Configur ation CLI - This exampl e configures ar ea 0.
summarie s, local chang es do not ha ve to be pro pagated to ot her area routers. T his allows OSPF to be easily scaled f or larg er networks , and prov ides a mo re stabl e network topology.
Unicas t Routing 20-24 20 Note: This router supports up 64 summar y routes for area r anges. We b - Cli ck Routing Pr otocol, OSP F , Area R ange Conf iguration. S pecify the area identifie r , the ba se addre ss and ne twork m ask, sele ct whether or not to advertise t he summ ary route to other areas, and then click Apply .
Configuring OSPF Interfaces You shou ld specify a routing in terface for an y local subn et that nee ds to communicate wi th othe r networ k segme nts located on this ro uter or elsew here in the network. Fi rst confi gure a VLAN for ea ch subnet that will be directly connected to this rou ter, a ssign IP in terfaces to each V LAN (i.
estim atin g t his dela y. Set t he transmit d elay according to link spe ed, usin g larg er valu es for lowe r-spee d links . If this delay is not add ed, t he tim e re quir ed to t ransm it an LSA over t he lin k is no t taken into consideration by t he routin g proce ss.
When usi ng simple pa ssword authenticatio n, a password is included in the packet. If it does no t match the pa sswo rd c onfigur ed o n t he rece ivi ng router, the pac ket is discarded . Th is m etho d provides very l it tle se cu rit y as i t is p oss ib le to le arn th e authenticati on k ey b y sn oopin g on r outin g pr otocol pack ets.
Unicas t Routing 20-28 20 We b - Cli ck Routing Pr otocol, OSP F , Interf ace Configu ration. Select the required int erf ace fr om the scrol l- down box, and cli ck Det ailed S ett ing s. Figure 2 0-9 OSP F Interfac e Configu ration Chan ge an y of th e int erf ace -sp ecif ic prot ocol p arame ters, an d then clic k Apply .
endpoin t connecting the common tr ansit a rea to the bac kbone itse lf. (Note th at you cannot configure a vir tual link th at runs thro ugh a stub o r NSSA area.
Unicas t Routing 20-30 20 Note: This router supports up 64 virtual links . We b - Click Ro uting Protoc ol, OSPF , Virtual Link Co nfiguration. T o creat e a new virtual l ink, spec ify the A rea ID and Neighbor Router ID, conf igure the l ink attribut es, and click Ad d.
Configuring Network Area Addresses OSPF protocol broadcast messages (i.e. , Link State Adver tisemen ts or LSAs) are restricted by area to limit their impact on network performance.
Unicas t Routing 20-32 20 We b - Cli ck Routing Pr otocol, OSP F , Networ k Area Addres s Configura tion. Conf igure a ba ckbo ne area tha t is co nti guo us wi th all the other are as in your network , configure an ar ea for all of the othe r OSPF interfac es, then cl ick Apply .
CLI - This e xample con figures the back bone area and o ne trans it area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 42-26 Console(c onfig-rout er)#networ k 10.1.1.0 255.2 55.255.0 are a 0.0.0.1 Console(c onfig-rout er)#end Console#show ip ospf 42-39 Routing Pr ocess w ith ID 10 .
Unicas t Routing 20-34 20 We b - Click Ro uting Protoc ol, OSPF , Summ ary Addres s Configuration . S pe cify the base addr ess and netw ork mask, then click Add . Figure 20- 13 OS PF Summ ary Addr ess Confi guration CLI - Th is exam ple T his exampl e cre ates a s ummary addr ess for al l route s contained in 192.
RIP , or static ro utes Command Usage • This rou ter su pports redis tribu tion for entrie s lear ned thr ough RI P, a nd sta tic routes. • When you redistrib ute e xternal rou tes into an OSPF au tono mous syste m (AS) , the router automatic ally becomes an au tonomous system b oundary router (ASBR).
Unicas t Routing 20-36 20 We b - Click Ro uting Protoc ol, OSPF , Redistr ibute. Specify the protoco l type to import , the metric type an d path cost, then click Add. Figure 20- 14 OSPF Redis tribute Co nfiguratio n CLI - This exampl e redistribut es routes lear ned from RIP as Type 1 external rout es.
Configuring the Open Shortest Path First Protocol 20-37 20 Informa tion option. Howeve r, an NSS A is differ ent from a s tub, beca use when t he router is an ASBR, it can import a default external AS route (f or routing pr otocol domains adjace nt to the NSSA but not within the OSPF AS) into the NSSA using this option.
Unicas t Routing 20-38 20 Displaying Link State Database Infor mation OSPF route rs advertise rout es using Link S tate Advertisem ents (LSAs). The full col lection of LSAs collec ted by a router interf ac e fr om t he att ached a rea is k nown as a link st ate database.
Configuring the Open Shortest Path First Protocol 20-39 20 We b - Click Ro uting Protoc ol, OSPF , Link State Database Informa tion. S pe cify parameter s for the LSAs you wan t to display , then c lick Query .
Unicas t Routing 20-40 20 Displaying Inf ormation on Border Routers Y o u can di splay ent ries in the lo cal routing table for Area Bo rder Rou ters (ABR) and Autonomo us System Bo undary Rou ters (ASBR) k nown by this de vice. Field Attributes • Dest inatio n – Identifier for the desti nation route r.
Configuring the Open Shortest Path First Protocol 20-41 20 Displaying Inf ormation on Neighbor Routers Y ou can display ab out neighbo ring rout ers on each interface wi thin an OSP F area. Field Attributes • ID – Neighb or’s ro uter ID. • Priority – Neighbor’s r outer priorit y.
20 20-42 Unicast Routing.
Section III:Command Line Interf ace This section provide s a deta iled descrip tio n of the Comman d Line Interface, a long with exa m ples f or al l of th e co mm and s. Overview of the Command Line Interface . . . . . . . . . . . . . . . . . . . . .
Command Line Int erface.
Chapter 21: Overview of the Command Li ne Interface This chap ter d escribe s how to use the Co mman d Line Interf ace (CLI). Note: You can only access the console in terface through the Master unit in the stack.
For example, the IP add ress a ssigned to this sw itch, 10 .1.0.1, with su bnet mask 255.255.2 55.0, consists of a net work po rtion (10.1.0 ) and a host port ion (1 ).
Entering Commands This sect ion describes how t o enter CL I commands. Keywords and Arguments A CLI command is a serie s of keyword s and argu ments. Ke ywords id entify a command, an d arguments specify confi gura tion par amete rs.
garp GARP property gvrp Show GARP information of interface history Information of history hosts Host information interfaces Information of interfaces ip IP information ipv6 IPv6 information lacp Show .
Negat ing the Effect of Commands For many config uration co mmand s you can ent er the pref ix keyword “ no ” to c ancel the effect of a c omm an d or re se t the c onfigu ra tio n t o t he d efault valu e. For e xa mp le, the logging command will log system messages to a host server.
* Y ou must be in Privileged Exec mode to access the Global configuration mode. You must be in Global Configu ration mode to access any of the other configurat ion modes.
Username: gu est Password: [g uest login pa ssword] CLI sessi on with the 24/ 48 L3 GE Swi tch is opened. To end t he CLI s ession, en ter [Exit]. Console>e nable Password: [p rivileged le vel passwor d] Console# Configuration Co mmands Configuration com mand s are priv ileged level co mmand s used to modify s witch settings.
. Console(c onfig-if)# exit Console(co nfig)# 21-8 To ente r the othe r modes , at the configuration prompt type one of the followin g command s. Use the exit or end comm and to re turn to the Privilege d Exec mod e.
Command Line Processing Commands are not ca se sensitive . You can abbr eviate commands and parameters as long as they contain enough letters to diffe rentiate th em from a ny other cu rrently available co mmands or parame ters.
Descr iption Basic commands for enter ing privileged access mode, restarting the system, or quitting the CLI Display and setting of system informat ion, b asic m ode s o f op eration , maximum frame s.
The access mode shown in th e follow ing tables is indicated by the se abbrev iations: ACL (Access Control List Configurat ion) MST (M ultiple Spanning Tree ) CM (Clas s Map Confi guration ) NE (N orm.
21 21-12 Overview of the Command Line Interface.
enab le Th is com mand a ct iva te s Priv il eged E xec mode . In pri vileg ed mo de, addi tional command s are availa ble, and c er tain com man ds di sp la y a dditiona l in fo rma tion. See “Understa nding Comma nd Modes” on page 21-6. Syntax enable [ level ] lev el - Privilege level to log into the device.
• The “#” ch aracter is a ppended to the e nd of th e prompt t o in dica te th at the system is in priv ileged a ccess m ode. Example Console>e nable Password: [p rivileged le vel passwor d] Console# Re la ted C omma nds disable (2 2-2) enable pass word (25-3) disable This co mmand returns to No rmal Exec mo de from pr ivilege d mode.
Example Console#co nfigure Console(co nfig)# Re la ted C omma nds end (22-4 ) show history This comm and shows the conte nts of the co mmand h istory buffer. Default Setting None Command Mode Normal Exe c, Pri vil eg ed Ex ec Command Usage The history buffer s ize is fixed at 10 Exe cuti on com ma nds a nd 10 Conf iguration comm ands.
reload This comman d restarts th e system. Note: When the system is restarted, it w ill always run the Po wer-O n Self- Tes t. It w ill also retain all configu ration informati on stored in non-volat ile memory by the copy running-c onfig st artup-c onfig command.
Command Mode Global Co nfig uration, In te rfac e Con fig urat ion, Line C onfi gur atio n, V LAN Database Configuration, and Multip le Spanning Tree Configura tion.
Exam ple This example shows ho w to qui t a CL I s ession: Console#qu it Press ENTER to sta rt sessi on User Acc ess Verif ication Username: 22-6 General Commands 22.
Comman d Grou p Function Device Designation Config ures informat ion that uniquely identifi es t his swi tch System Statu s Displays syst em configu ration, active manag ers, and vers ion info rmation.
Command Mode Global Conf iguration Example Console(c onfig)#hos tname RD#1 Console(co nfig)# switch renumber This command resets the switch un it identif ication n umbers in the stack . All stack members ar e numbered sequ entially starting from the top unit f or a non-lo op stack, or starting from the Maste r unit for a looped stac k.
show startup- c onfig This comman d displa ys the con figura tion fi le stored in non-vo latile me mory that is used to star t up th e sy stem. Default Setting None Command Mode Privileged Exec Comman.
Console#s how startu p-config building s tartup-co nfig, plea se wait.... . !<stackin gDB>000000 0000000000 </stackingD B> !<stackin gMac>01_00 -20-1a-df- 9c-a0_00</s tackingMa c&.
Command Mode Privileged Exec Command Usage • Use this comm and in co njunc tion w ith the show star tup- config command to compar e the infor mation in runnin g memory to the informat ion sto r ed in non-vo latile memo ry. • This co m m and di sp la ys se tt ings f or ke y c om m an d mo des .
Console#s how runnin g-config building r unning-co nfig, plea se wait.... . !<stackin gDB>000000 0000000000 </stackingD B> !<stackin gMac>01_00 -30-f1-d4- 73-a0_00</s tackingMa c&.
show system Th is co mm and dis pla ys syst em inf ormati on. Default Setting None Command Mode Normal Exe c, Pri vil eg ed Ex ec Command Usage • For a descriptio n of th e item s shown b y this comm and, ref er t o “D ispl ayin g System Info rmatio n” o n page 4-1.
Web online users: Line Remote IP addr Username Idle time (h:m:s). --------- -- ------- ------- -- ------ --- ---------- ----- 1 HTTP 192.168.1.19 admin 0:00:00 Console# show vers ion This command displays hardware and softwa re ver sion in formation fo r the system .
Frame Size Commands This section describes commands u sed to configu re the Ethernet frame size on the switch. Table 23-4 Frame Size Commands Comm and Function Mode Page jumbo frame Enables support for jumbo frames GC 23 -9 jumbo frame This comm and enable s suppo rt for jum bo frames .
connectio ns, all devic es in the co llision domain wo uld need t o support ju mbo frame s. • The current se tting f or jumbo frames ca n be displaye d with the show s yste m com mand ( p age 23-7) .
copy This comm and mov es (uplo ad/downl oad) a code i mage or co nfiguration file bet wee n the swit ch’s fl ash m emor y and a TFT P server . When you sav e th e system code or config uratio n settings to a fil e on a TF TP se rv er, tha t file can l ater be downloa ded to t he s witc h to r es tore sys tem ope ra ti o n.
• Use the copy file uni t comman d to cop y a local fi le t o anot h er switch in the stac k. Use t he copy unit file co m mand to c opy a file fr om an othe r sw it ch i n the stac k. • The Boot ROM and Loader cannot be upl oaded or downloaded from the TFTP server.
The follow ing example sh ows ho w to do wnload a conf igurat ion file: Console#c opy tftp startup- config TFTP serve r ip ad dress: 10.1 .0.99 Source con figuratio n file name: star tup.01 Startup conf iguration file name [s tartup]: Write to FLA SH Progra mming.
Command Mode Privileged Exec Command Usage • If the file ty pe is used for system s tartup , then this fil e cannot be delet ed. • “Factory _Defau lt_ Con fig.cf g” ca nno t be del ete d. • A colon (:) is requi red af ter t he s pecif ied uni t numbe r.
---- ---- ----- ----- ---- --- ---- --- ---- - ---- ---- --- --- ---- --- - ----- ---- - Unit1: Unit1: IC40240_480F_DI AG_V1 .1.0. 1.BI X Boot-R om Image Y 1595976 IC40240_480F- FLF_ V1.1. 0.2.BIX O peratio n C ode Y 49732 64 Factor y_Def ault_Co nfig.
boot sy stem This comman d sp eci fi es the file o r im age use d t o star t up th e s yst em . Syntax boot system [ un it : ] { boot -rom | con fi g | op co de }: filena me The type of fi le or image t o set as a d efault includes: • boo t-ro m * - Bo ot R OM.
* These commands only apply to th e serial port. line This command identi fi e s a s pecific line for c on fi gu ra tion, and to process sub se quent line config uration com mands. Syntax line { console | vty } • console - C onsol e term inal l ine.
Command Usage Teln et is considered a virtual terminal conne ction an d will b e sh own as “VTY” in screen displays s uch as show users . Howe ve r, th e seri al com mu nica tion parameters (e .
Example Console(c onfig-line )#login lo cal Console(c onfig-line )# Re la ted Com man ds username (25-2) passw ord (23 -19) password This c omm an d sp ecif ies t he pass word f or a line .
timeout login re sponse This command sets t he in te rva l th at the sy st em wai ts fo r a user to log in to the C LI . Use the no form t o restor e the def ault settin g. Syntax timeout login response [ seconds ] no tim eout login resp onse seconds - Integer t hat specif i es t he ti m eout interval.
Command Usage • If user input is detec ted w ith in the ti meo ut in terv al, the sessi on is kept ope n; other wise the s essio n is terminated. • This com man d appl ies to both the l ocal conso le a nd Telnet conne ct ions . • The tim eout fo r Teln et cann ot be di sabl ed.
silent-time This comm and sets th e amou nt of time th e manage ment cons ole is in accessi ble after the numb er of un succe ssful logo n attempts exce eds the thr eshold set by th e passwo rd-thre sh command. Use the no form to re move the sile nt time va lue.
Exam ple To specify 7 d ata bits, enter this co mmand: Console(c onfig-line )#databits 7 Console(c onfig-line )# Re la ted C omma nds parity (23- 23) parity This com mand de fine s the ge ne rati on o f a par ity b it. U s e the no for m to res tore th e default se tting.
Default Setting auto Command Mode Line C o nfi gurati on Command Usage Set the sp eed to mat c h the baud ra te of t he devic e con nect ed to th e seri al port. S ome baud rate s av ai lable on de vi ce s conn ected to th e po rt m ight no t be suppo rted.
Command Mode Privileged Exec Command Usage Specifyin g session identifie r “0” wil l disc on nec t the c ons ole co nne cti on. Specifying any other identifiers for an a ctive session will discon nect an SSH or Telnet connection.
logging on This com mand co ntro ls lo gging of err or mess ages, se nding d ebug or er ror messag es to a logging proces s. The no for m disable s the lo gging proce ss.
* There are only Level 2, 5 and 6 error messages for the current firmware release. Default Setting Flash: err ors (le vel 3 - 0) RAM : w arnings (lev el 7 - 0) Command Mode Global Conf iguration Command Usage The message level specifie d fo r flash memory must be a h igher prio rity (i.
logging hos t This com mand adds a syslog serve r host IP address t hat will re ceive logg ing messages . Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_ addre ss host_ ip_addr es s - The IP address of a syslo g server.
logging trap This comm and enables the lo gging of syste m messag es to a remot e serve r , or limits the syslog message s saved to a remo te ser ver based o n severity. U se this comm and witho ut a spe cif ie d leve l to en able remot e l og ging . Us e th e no form to disable rem ote logging.
Re la ted Com man ds show log (23-31 ) show lo gging This command disp lays the con figura tion se ttings fo r loggin g messages to local switch me mory, to an SMTP e vent handler, or to a remote sy slog ser ver.
Re la ted Com man ds show lo ggin g sen dm a il (2 3- 35) show log This command disp lays the log messag es s tore d in lo cal m emory. Syntax show log { flash | ram } • flash - Ev ent history sto r ed in flas h memo ry (i .e., per man ent mem o ry) .
logging sendmail h ost This co mmand spec ifies SM TP serve rs that will be sent ale rt me ssage s. Use the no form to remove an SMTP server. Syntax [ no ] l ogg ing se ndm a il ho st ip_ad dres s ip_ad dress - I P address of an SMTP server that will be sent al ert messages for event handlin g.
• To send em ail ale rts, the s witc h firs t ope ns a con nect ion, s end s all the em ail alerts waitin g in the queue one by one , and finally clos es the conn ection. • To open a connectio n, the switch f irst selects the se rver that successfully sent mail during the last connection, or th e fi rst server configured by this co mman d.
Default Setting None Command Mode Global Conf iguration Command Usage You may use an symbolic email add ress that iden tif ies the sw itch, or th e addre ss o f an a dmi nistrat or res po nsibl e f or t he switc h. Example Console(c onfig)#log ging sen dmail sour ce-email bill@th is-company .
Command Mode Global Conf iguration Example Console(c onfig)#log ging sendmai l Console(co nfig)# show logging sendmail This command displays the settings for the SMTP event handler. Command Mode Normal Exe c, Pri vil eg ed Ex ec Example Console#sh ow logging sendmail SMTP servers --------- ---------- ---------- ----------- ------- 192.
sntp client This command enables SNTP client reques ts for time syn chronization fro m NTP or SNTP time servers sp ecified w ith th e sntp se rvers comma nd.
Re la ted Com man ds sntp s erver (23- 37) snt p poll (23-3 7 ) show sn tp (23- 38) sntp server This comm and sets the IP addres s of the servers to which SN TP time requests are issued. Use the th is command w ith no arg uments to clear all t ime serve r s from t he current lis t.
Default Setting 16 s eco nd s Command Mode Global Conf iguration Example Console(co nfig)#sn tp poll 60 Console# Re la ted Com man ds snt p clien t (2 3-36) sntp update -time Th is com mand s end s a r equest to t he conf igur ed S NTP servers to imm ediat ely update the time.
cloc k timez one This com mand sets th e time z one for th e switch’s internal c lock. Syntax clock timez one name hou r hours minute mi nutes { befo re-utc | af ter- utc } • name - Name of ti mezone , u sua lly an acr on ym. ( Ra nge : 1-29 cha ra cter s) • hours - Numb er of hours be fore /afte r UTC .
Command Mode Global Conf iguration Command Usage This comman d sets the loc al tim e zo ne r elati ve t o the C oord inat ed U niver sal Time (UTC, formerl y Greenwich Me an Time o r GMT), base d on the ear th’ s prime merid ian, z ero de grees longitude .
• offset - Su mmer-tim e offs et from t he re gula r time zon e, in minute s. (Range: 0 -99 minutes ) Default Setting Disabled Command Mode Global Conf iguration Command Usage • In some countries or regions, clocks are adjusted through the su mmer month s so that afte rnoons ha ve mo re da ylight and mo rn ings h ave less.
Example Console(c onfig)#clo ck summer-ti me MESZ pred efined eu rope Console(co nfig)# Re la ted Com man ds show cloc k (23- 43) clock summer-time (recurring) This command allows the user to manu ally configure the star t, en d, and offset tim es of summer-t ime (daylight savings time) for t he switch on a recu rring basis.
• b-month - The mo nth whe n su mm er-t im e will beg in. (Opt ions : ja n uary | februa ry | march | april | may | june | july | august | september | octobe r | novem ber | decem ber ) • b- hour - The hour when summ e r-tim e w ill b egin . (Ra nge: 0-23 ho urs) • b-minute - The minute w hen summer-time wi ll begin.
Console#sh ow clock Time Zone : GMT-0930-Taiohaer Summer Time : offset 60 minutes Apr 1 2007 23:23 to Apr 23 2007 23: 23 Summer Time in Effect : No Console# cale nd ar set This command sets th e syst em cl ock.
Chapter 24: SNMP Commands Cont rols acc ess to this s witc h from ma n age me nt s ta tio ns using th e Si mple Netwo rk Management Protocol (SNMP), as well as the error types sent to trap managers.
snmp-server This comman d e nables the SNMPv3 engine and services for all m anage m en t clients (i.e., versions 1, 2c, 3). Use the no form to disable the serv er.
Example Console#sh ow snmp SNMP Age nt: enabl ed SNMP traps: Authentica tion: enable Link-up-do wn: enable SNMP communi ties: 1. private, and the pr ivilege is read-wr ite 2.
• private - Read/write access. Authorized man agement stations are able to both retrieve and modify M IB objects. Command Mode Global Conf iguration Example Console(c onfig)#snm p-server c ommunity al pha rw Console(co nfig)# snmp-server contact This com man d se ts th e sys tem con tact stri ng .
Command Mode Global Conf iguration Example Console(c onfig)#snm p-server l ocation WC-19 Console(co nfig)# Re la ted Com man ds snmp-serve r contac t (24-4) snmp-server host This comman d specif ies the recip ient of a Simple Network M anagem ent Protocol notification oper ation.
• SNMP Ve rsion: 1 • UDP Port: 162 Command Mode Global Conf iguration Command Usage • If you do not ente r an snmp-server ho st co mm and, no not ifi ca tion s are se nt . In order to config ure the swit ch to sen d S NMP notific ations , yo u mu st enter a t least one snmp-server hos t command.
suppo rts. If the snm p-serve r host command does n ot specif y the SNMP version , the defau lt is to send SNMP versi on 1 not ification s. • If you specif y an S NM P Version 3 h ost, th en the com mu nity s tring i s interpreted as an S NM P use r na me.
conj uncti on wit h t he cor res pon ding ent ries in the N ot if y V iew as signe d by the snmp-s erver gro up comm and (page 2 4-11). Example Console(c onfig)#snm p-server e nable tr aps link -up-do.
• A loca l engine I D is au to m atic al ly ge ner at e d t hat is un iq ue to the s wit ch. Th i s is refe rred to as the defau lt en gine ID. If th e loca l en gine ID is del ete d or chang ed, all S NMP use rs wil l be cl e are d. You will need to rec onfi gu re all existing use rs (page 2 4-14).
sn m p-s er ver vi ew This comma nd adds an SNMP vie w which cont rols user access to the MIB. Us e the no form to remove an SNMP view. Syntax snm p -s e r ver vi ew vi ew- name oid-tr ee { incl ud ed | ex cl ude d } no sn m p-ser ve r view view -n am e • view-name - Na me of an SNM P vie w.
Field Description View Name Name of an SNMP view. Subtree OID A branch in the MIB tree. View Type Indicates if the view is included or excluded. Storage Type The storage type for this entry. Row Status The row status of this entry. snmp-serv er group This command adds a n SNMP group, ma pping SNMP us ers to SNM P views.
Default Setting • Default grou ps: pu blic 24 (re ad onl y) , pr ivat e 25 ( read /w rite) • re adview - Every obje ct bel on ging to the Inter net O ID sp ace ( 1.3.6.1 ). • writeview - Not hin g is defi ned. • notifyvie w - Noth ing is def ined.
show snmp group Group Name: public Security Mod el: v2c Read View: defaultv iew Write View: no ne Notify View: non e Storage T ype: volati le Row Status: active Group Name: private Security Mod el: v1.
snmp-server user This command adds a user to an SNMP group, re stricting the user to a sp ecific SNMP Read, Write, o r Notify View. Use the no form to remo ve a user f rom a n S NMP group .
need to conf igure the remote ag ent’s SNMP e ngine ID before yo u can sen d prox y reque st s or in fo rm s to it . Example Console(co nfig)# snmp-ser ver us er steve gr oup r&d v3 auth md5 greenpea ce priv des56 ein stien Console(co nfig)# snmp-ser ver us er mark gr oup r&d remo te 192.
24 24-16 SNMP Commands.
User Account Commands The basic comm a nds re quired f or ma na geme nt a cc ess ar e liste d in this sect i on. This switch al so includes ot her option s for password ch ecking v ia the con sole or .
userna me This command ad ds named users, re quir es authenticati on at login, sp ecifies or change s a user's passwor d (or sp ecify that no password is requ ired), or specifi es or changes a user's ac cess level. Use the no form to remove a user name.
enable password After initially log ging o nto the s yste m, yo u sh ould set the Pri vilege d E xec pa sswor d. Remember to r ecor d it i n a sa fe pl ace . Th is com m a nd cont r ols ac ces s to th e Privi leged Exec level from the Normal Exec level.
authentication lo gin This command defin es the lo gin authe nticati on metho d a nd precedenc e. Use the no form to restore the default. Syntax authenti cation login {[ local ] [ radi us ] [ tac acs ]} no authentica tion login • lo cal - Us e local pa ssword.
Example Console(c onfig)#aut henticatio n login ra dius Console(co nfig)# Re la ted Com man ds username - for setti ng the loc al u ser na m es an d passw ord s (2 5-2) authentication enable This comm.
RADIUS Client Remote Authenticati on Dial-in User Service (RADIUS ) is a logon authenti cation protocol that u s es softw are ru nn in g on a c ent ral serve r t o contro l ac cess to RADIUS-aware d evic es on th e netwo rk.
Example Console(c onfig)#rad ius-server 1 host 192.16 8.1.20 po rt 181 t imeout 10 retransmit 5 k ey gree n Console(co nfig)# radius-serve r port This command set s the RADIUS server network port.
radius-ser ver retransmit This com mand sets t he numb er of retrie s. Use the no form to restore the default. Syntax radius -ser ver retr ansmit numb er_of _r et ries no radius-server retransmit number_of_retries - Number o f times the swit c h wi ll tr y t o authenticate lo gon access via the RADIUS server.
Example Console#s how radius -server Remote RADI US server co nfigura tion: Global sett ings: Communica tion key wi th RADIUS se rver: ***** Server port number: 1812 Retransmit times: 2 Request timeout: 5 Server 1: Server IP address: 192.
Command Mode Global Conf iguration Example Console(c onfig)#tac acs-server host 192.168. 1.25 Console(co nfig)# tacacs-server port This command specifies the T ACA CS+ server ne twork port.
Communica tion key wi th TACACS se rver: ***** Server port number: 49 Console# Web Server Com mands This section describes c ommands u sed to configure w eb browser ma nageme nt access to th e switch.
Console(co nfig)# ip http po rt 769 Console(co nfig)# Re la ted Com man ds ip http s erver (25-12) ip http serv er This co mmand allows this de vice to be m on itored o r conf igured f rom a brows er.
• When you sta rt H TTP S, the c on nect ion is establ is hed in this wa y: - The clie nt aut hent icat es the serve r us ing t he ser ver’ s digi tal cer tific ate . - The client and serve r negoti ate a se t of se curity prot ocol s to us e for the conne ction.
ip telnet serv er This command allo ws this device to be monito red or c onfigured from Te lnet. It also specifie s the TCP po rt numb er used b y the Te lnet interface. Use the no form withou t the “port” k eyword to disable this fu nction. Use the no from wit h the “p ort” keywor d to use t he defau lt po rt .
Config uration Guid elines The SSH se rver on this switch supp orts both pa ssword and pub lic key authentica tion. If pass word auth enticatio n is spe cified by the SSH clie nt, then the passw ord c.
To use the SSH server, complete these step s: 1. Generate a Hos t Ke y Pai r – U se the ip ssh crypto host-ke y gener ate command to create a ho st public/ private ke y pair. 2. Provide Host Publ ic Key to Cl ients – Ma n y SSH c lient pro grams autom atica lly import the hos t pu blic key during t he initial c onnection setup with the switc h.
stored on the switch can access it. The following exc hange s take pla ce dur ing this proc ess: Authenticat ing SSH v1.5 C lients a. T he client send s its RS A publi c key to the s witch . b. The switch compares the client's p ubli c key to those st ored i n memo ry.
Console#ip ssh cr ypto ho st- key ge nerat e dsa Console#co nfigure Console(c onfig)#ip ssh server Console(co nfig)# Re la ted Com man ds ip ssh c rypto ho st-k ey g ene ra te (25 -2 0) show ss h (25- 2 2) ip ssh tim eout This com mand config ures the time out for the SSH se rver.
ip ssh authentication-retries This comman d conf igures the numb er of t imes the SSH serve r attempts to reaut henti cate a us er. Use th e no form to res tore the defa ult settin g.
delete public-k ey This comman d delete s the specified user ’s public key. Syntax delete public -k ey us er nam e [ ds a | rs a ] • username – Name of an SSH user. (R ange : 1 -8 c harac te rs) • dsa – DSA publ ic key type. • rsa – RSA p ublic ke y type.
Re la ted Com man ds ip ssh crypt o zero iz e (2 5-21) ip ssh sav e hos t-key (2 5- 21 ) ip ssh crypto zeroiz e Thi s command c lears the host ke y fr o m me mo ry (i .e. RAM). Syntax ip s sh cr yp to zero iz e [ dsa | rsa ] • dsa – DSA ke y type.
Re l a t e d Comm a nds ip ssh crypto h o st- k ey ge n erat e ( 25- 20) show ip ssh This command displays the connectio n settings use d when auth enticating client access to the SSH server. Command Mode Privileged Exec Example Console#sh ow ip s sh SSH Enable d - vers ion 2.
Table 25-11 show ssh - display descrip tion (Continued) Field Descrip tion Encryption The encryption method is automatically negotiated between the client and server.
Console#s how public -key ho st Host: RSA: 1024 65537 1 323694065 8254764031 382795526536 37592783 5525327972 629521130241 071942106 1655759424 5909392360 96954050362 775257556 2510038661 309893938345.
port security This comman d en ables or configu res port security. Use the no form w ithou t any keywords to disable port securi ty. Use th e no for m with th e appropri ate keyword to restore the default setting s for a response to sec urity vio lation or for the maximu m number of a llowed addres ses.
Exam ple The followi ng exam ple enab les po rt sec ur ity for port 5, an d se ts th e re spo ns e to a security violation to is sue a trap message: Console(c onfig)#int erface eth ernet 1/ 5 Console(c onfig-if)# port securit y action trap Re la ted C omma nds shutdow n (27-7) mac-address- table static (3 1-1) 802.
dot1x syst em-auth- contro l This command enables IE EE 802.1X po rt authentication globally on the switch. Use the no fo rm to re st ore t he d ef ault .
dot1x port-control This comm and sets the dot1x mode on a port interface. Use the no form to restore the defa ult. Syntax dot1x p ort-co nt rol { au to | fo rc e-au tho ri ze d | fo rce -u n au th o r iz e d } no dot1x port-control • auto – Re quires a dot 1x-aw ar e conne ct ed cli ent t o be a utho rize d by the RAD IUS serve r.
dot1x opera tion-mode This command allow s single or multip l e hosts (cli ents) to con nect to an 802.1 X-aut horize d port. Use the no form w ith no keyw ords to re store the de fault to single h os t. U se the no form with the multi-host max-count keywords to restore the def ault maximum c ount.
dot1x re-authenticate This command forces re-auth enticatio n on all ports or a specific inte rface. Syntax dot1x re- authe nticat e [ interface ] interfa ce • ether ne t unit / po rt - unit - Sta ck un it.
Re la ted C omma nds dot1x tim eout r e-a uthp eriod (25-31 ) dot1x timeout quie t-period This comman d sets the tim e tha t a sw it ch por t waits a fter th e Max Re qu est C ou nt has been ex ceede d before a tt empti ng to ac qui re a ne w cli en t.
dot1x timeout tx-period This comman d sets the ti me t ha t an int e rfac e on the s witc h wai ts du ring an authentication session before re-tr ansmitting an EAP packet. U se the no form to rese t to th e de fa ult v alue. Syntax dot1x tim eout tx -period secon ds no d ot1x tim eou t tx-p erio d secon ds - The n umber of sec onds.
• 802.1X Port Details – D isplays the port access control paramete rs for eac h interface, incl uding the following items : - reauth-e nabled – Periodic re-auth entication (page 25-30). - reauth -period – Tim e after which a c onnecte d client m ust be re-authe nticated (pa ge 25-3 1).
. 802.1X is en abled on p ort 26 Reauth-enabled: Enabled Reauth-period: 3600 Quiet-period: 60 TX-period: 30 Supplicant-timeout: 30 Server-timeout: 10 Reauth-max: 2 Max-req: 2 Status Authorized Operati.
Management IP Fi lter Commands This sect ion des cribes c omman ds used to confi gure I P man agement access t o the switch. Table 25-14 IP F ilter Co mman ds Comm and Function Mode Page management Co.
Example This example restricts management a ccess to t he indic ated addresse s. Console(c onfig)#man agement al l-client 1 92.168.1 .19 Console(c onfig)#man agement al l-client 1 92.
Chapter 26: Access Control List Commands Access Con trol Lists (ACL ) provide pa cket f iltering for IPv 4 fram es (based on address, protoc ol, Layer 4 protocol port num ber or TCP contr ol code), IPv6 fr ames (bas ed on add re ss, next he ader type, or f low l ab el), or a ny fra m es (ba sed on M AC address or Ethern et type).
access-list ip This co mmand ad ds an IP a cce ss list and enter s c onfigu ra tio n mo de for standa rd or extended IPv4 ACLs. Use the no form to remove the specified ACL. Syntax [ no ] access- list ip { standard | exte nded } acl_ name • standard – Spe cifie s an AC L that f ilte rs pac kets base d on the sou rce IP addr ess.
Default Setting None Command Mode Standard IPv4 ACL Command Usage • New rul es are append ed to the end of the li st. • Add re ss bitma sk s ar e s im il ar to a s ubn et m ask , con ta i ning f ou r inte ger s f r om 0 to 255, e ach s epa ra te d b y a p eriod.
• hos t – Ke yword fol lowe d by a s peci fic IP address . • precede nce – IP p re ceden ce l evel. ( Range: 0- 7) • to s – Type o f Service level. (Ra nge: 0-1 5) • dscp – DSC P pr iori ty l evel. ( Ran ge: 0-63 ) • sp ort – Prot ocol 26 s ourc e por t numb er.
Example This examp le accepts any incom ing packets if the source address is within su bnet 10.7.1.x. Fo r exam ple, if the ru le is ma tched; i.e., the rule ( 10.7.1.0 & 25 5.2 55. 255 .0) equals the masked addr ess (10.7.1.2 & 25 5.255.2 55.
ip access-group This com man d bind s a port to a n IPv4 A CL. U se the no form t o remov e the po r t. Syntax [ no ] ip ac ces s-gr oup ac l_na m e in • acl_ name – Name of t he ACL . (M axim um le ngt h: 16 charac te rs) • in – Indicates th at th is list app lies to in gress p acket s.
access-list ipv6 This co mmand ad ds an IP a cce ss list and enter s c onfigu ra tio n mo de for standa rd or extended IPv6 ACLs. Use the no form to remove the specified ACL. Syntax [ no ] access -list ipv 6 { stan da r d | exte nde d } acl_ nam e • standard – Spe cifies an AC L that filte rs pac kets base d on the sourc e IP addr ess.
Console(c onfig)#acc ess-list i pv6 stand ard dav id Console(c onfig-std- ipv6-acl)# Re la ted Com man ds perm it, de ny (26- 8) ipv6 access -group (26-11) show ipv6 access-list (26-11) permit , deny ( Standard IPv6 ACL) This command ad ds a rule to a Standard IPv 6 ACL.
permit , deny (Ex tended IPv6 ACL) This command adds a rul e to an Ex tended I Pv6 A CL. Th e rule sets a filte r cond ition for packets with spe cific destina tion IP addr esses, next heade r type, or flow la bel. Use the no form to re mov e a ru le.
e.g., in a h op-by -h op opti on. A flow i s un iq uely ide nti fied by the co mbi nati o n of a sourc e address and a non -zer o flow label. Packet s th at do not be long to a flow car ry a flow lab el of zero.
show ip v6 access-list This comman d disp lays the rule s for co nfigured IPv6 ACL s. Syntax show ip access-lis t { standard | exte nded } [ ac l_ name ] • stand ard – Specifi e s a standard I Pv6 A CL. • extended – Spec ifies an exte nded I Pv6 AC L.
Re la ted Com man ds show ipv6 access-list (26-11) show ipv6 acce ss-group Thi s command s hows t he port s assig ned to I Pv6 ACLs . Command Mode Privileged Exec Example Console#s how ip ac cess-gro .
Command Mode Global Conf iguration Command Usage • When you cre ate a new ACL or e nter c onfigu ration mo de for an existi ng ACL , use th e permit or den y comm and to ad d ne w r ules to the b ottom of th e li st. To create an ACL , you m us t add a t leas t o ne rul e to th e list.
[ no ] { pe rmit | den y } untagged-80 2.3 { an y | ho st source | so urce address-bi tmask } { any | host destination | dest ination address-bitmask } • tagged-eth 2 – Ta gge d Ether net I I pack ets. • untag ged-e th2 – U nt agged E ther net II packe ts.
show mac access-list This com mand disp lays the rule s for config ured M AC AC Ls. Syntax show m ac ac cess- list [ acl_ name ] acl_name – Name of the ACL.
show mac access-gr oup This command sh ows the ports ass igned to M AC ACLs . Command Mode Privileged Exec Example Console#sh ow mac access -group Interface ethe rnet 1/ 5 MAC access- list M5 in Console# Re la ted Com man ds mac acce ss-group (26-15 ) ACL Information This section describes commands used to d isplay AC L informatio n.
ACL Information show access-g roup This command sh ows the port assi gnmen ts of IPv4 ACLs . Command Mode Privileged Executive Example Console#s how access -group Interface ethe rnet 1/ 2 IP standard .
26 26-18 Access Control Lis t Commands.
interface This comman d co nfigur es an inte rfac e ty pe a nd en ter inter face confi gura tion mo de . Use the no form with a t runk to re move an inact i ve interfa ce. Syntax in terf ac e in te rfa c e no interface port-channel cha nnel-id int erface • et herne t unit / po rt - un it - Stac k unit.
Default Setting None Command Mode Global Conf iguration Exam ple To spe cify port 4, enter the follow ing comman d: Console(c onfig)#int erface eth ernet 1/ 4 Console(c onfig-if)# description This comman d adds a description to an in terfac e. Use the no form t o remove the descri ption .
speed-duplex This com mand co nfigures the speed an d duplex mode of a given inte rface wh en autoneg otiation is di sabled. Use the no form to re store the def ault.
negotiation This command en ables auton egotiatio n for a given int erface. U se the no form to disable au tonegotiatio n. Syntax [ no ] negotiation Default Setting Enabled Command Mode Interface Config uration (E thernet, P ort Ch annel) Command Usage • 10 00BASE-T and 10GBASE- T do not su ppo rt force d m ode .
• 10full - Supp o rts 10 M bps ful l-d uplex ope rati on • 10 half - Supp orts 10 M bps h a lf-dup lex op erat ion • flowc ontrol - S upports flow c ontrol • symmetric (Gigabit only) - When sp.
Command Usage • 10 00BASE-T and 10GBASE- T do not su ppo rt force d m ode . Auto- ne gotiation should al ways be us ed to esta blish a co nnection o ver any 1000 BASE- T or 10GBASE-T p ort or trun k.
Command Mode Interface Configuratio n (Eth ernet - Ports 21 -24/45 -48) Example This forces the swit ch t o u se the b uilt- in R J- 45 po rt fo r t he c om bi n atio n po rt 48. Console(c onfig)#int erface eth ernet 1/ 48 Console(c onfig-if)# media-type copper-forc ed Console(c onfig-if)# shutdo wn This comm and disables a n interface.
Command Mode Interface Config uration (E thernet) Command Usage • W hen broadc as t tra ffi c ex ce eds th e specif ied thre sh old, packets a bove that threshol d are dropped .
show interfac es status This c omman d displays the status for an interface . Syntax show inter faces status [ in terfac e ] interfa ce • ether ne t unit / po rt - unit - Stac k unit.
show interfaces counte rs This command displays inte rface statistics. Syntax show int erface s counte rs [ interface ] int erfac e • ether ne t unit / po rt - unit - Stack un it. (Ran ge: 1-8) - po rt - Po rt numbe r. (Ra nge: 1- 26/5 0) • port-ch anne l channe l-i d (R ange: 1-3 2) Default Setting Shows the cou nte rs for all i nter face s.
show interfac es switchport This command disp lays the administr ative and op erationa l status of the spe cifie d interfa ces . Syntax show int erface s switchport [ interface ] interfa ce • ether ne t unit / po rt - unit - Stack un it. (Ran ge: 1-8) - port - Port n umb er.
Field Ingress R ule Acceptable Fame Type Native VLAN Priority for Unta gged Tra ffic GVRP Status Al lowed VLAN Forbidden VLAN 802.1Q -tunn el Stat us 802.1Q -tunn el Mod e 802.1Q -tunn el TPID 27-12 Desc ription Shows if ingress filtering is enabled or disabled (page 34-9).
Gu ideli nes fo r Cr eati ng T run ks Gene ral Guid elines – • Finish conf iguri ng port trun ks before you co nn ect the corr espon ding netwo rk cables between switches to avo id creating a loop. • A trun k can have up to 8 ports. • The port s at both en ds of a co nn ection mu st be co nfigur ed a s trun k po rts.
• STP, VLAN, and IGMP s ettin gs can onl y be made for t he en tire tr unk via the specif ied port- channel. Dynamica lly Creati ng a Port Chann el – Ports assigned to a co mmon po rt cha nnel must meet th e followi ng criter ia: • Ports mus t ha ve the same LAC P syst em pr iority.
lacp This command en ables 802.3ad Link Aggrega tion Control Proto col (LACP) fo r the current interface . Use the no form to dis able it. Syntax [ no ] lacp Default Setting Disabled Command Mode Inte.
Current stat us: Created By : LACP Link Status : Up Port Oper ation S tatus : Up Operation sp eed-duple x : 100full Flow control Type : None Member Ports : Eth1/10, Eth1/11, Eth1/12, Console# lacp system-priority This command configures a port's LACP syste m priority.
lacp admin-key (Ethernet Interface) This com mand config ures a port's LA CP admini stration key. Use t he no f o r m t o restore t he defa ult setting. Syntax lacp { ac tor | partn er } adm in -ke y key [ no ] lacp { ac to r | pa rtn er } adm in- key • actor - The local si de an ag grega te link.
lacp admin-key (Port Channel) This command co nfigures a port c hannel's LAC P administ ration key strin g. Use the no form to restore the d efault setting.
Command Mode Interface Config uration (E thernet) Command Usage • Setting a lower va lu e indic ates a hig her effe cti ve pri ority . • If an a ctive port link goes do wn, th e backup po rt wi th the h ighes t p riority is sele cted to r eplac e the do wne d lin k.
. Table 28-2 show lacp counters - display description Field Description LACPDUs Se nt Numb er of valid LACPD Us transmitte d from this chann el group. LACPDUs Re ceived Nu mb er of valid LACPD Us received o n this channe l group. Marker Sent Number of va lid Marker PDUs transmitted from this channel group.
Table 28-3 show lacp inte rnal - disp lay de scr ipt ion (Continued) Field Description LACP Port Priority LACP port pr iority assig ned to this interf ace within the chann el grou p.
* The LACP system priority and system MAC address are concatenated to form the LAG system ID. 28-10 Table 28-4 show lacp neighbors - display description (Continued) Field Descrip tion Port Oper Priority P riority value a ssigned to this aggregation port by the partner.
port monitor This co mmand configu res a m irror sessio n. Use the no form to clear a mi rror sessi on. Syntax port monitor interfac e [ rx | tx | both ] no port monit or inte rfa c e • interface - et hern et unit / por t (sou rce po rt) - un it - Stack un it.
Exam ple The follow ing example configures the switch to mirror all pa ckets fr om port 6 to 11: Console(c onfig)#int erface eth ernet 1/ 11 Console(c onfig-if)# port monitor ethe rnet 1/6 both Console(c onfig-if)# show port monitor This command displays mi rror inform ation.
Chapter 30: Rate Limit Commands This functi on allows th e network manag er to co ntrol the maxi mum rat e for traffic transmitted or recei ved on an inte rface. Rat e limit ing is config ured on in terfa c es at the edge of a network to limit traff ic in to o r ou t of the ne twor k.
30 30-2 Rate Limit Commands.
mac-address-table static This command ma ps a static address to a destina tion port in a VLAN. U se the no form to re move an addres s. Syntax mac-ad dress-table sta tic mac-a ddres s interf ac e interfa ce vlan vlan-id [ action ] no mac-addre ss-table s tatic mac-addr ess vlan vlan-i d • mac-a ddress - M AC addr ess.
Command Usage The static add ress f or a host de vice ca n be assig ned t o a spec ific po rt withi n a specific VLAN. Use this comm and t o add sta tic addres ses to the MA C Address Table.
show mac-address-table This command shows class es of entri es in the bridg e-forwa rding data base. Syntax show mac -addres s-table [ addre ss mac -a ddres s [ mask ]] [ inte rface interface ] [ vlan vlan -id ] [ so rt { addres s | vl an | interfac e }] • mac -addr ess - M AC addr ess.
mac-address-table aging-time This comman d sets the aging time for entrie s in th e address tab le. Use the no form to restore th e defa ult aging time . Syntax mac-ad dress-tab le a ging-tim e seco nds no mac-address- table aging-time seconds - Agi ng time.
Co mman d Funct ion lldp Enables LLD P globally on the switch lldp holdtime-multipl ier Co nfigures the t ime -to-live (TTL) valu e sent in L LD P adve rtisem ents lldp notification-i nterval Configur.
* Vendor-specific options may or may not be advertised by neighboring devices. lldp This command enables LLD P globally o n the switch . Use the no form t o disable LLDP .
lldp holdtime-multip lier This command c onfigures the tim e -to-live (TTL) va lue sen t in LLDP adv ertis em en ts . Use th e no form to restore the default setting.
Command Usage • This par ameter only appl ies to SN MP app lica tio ns wh ich use dat a sto re d in the LLDP MIB f or network monitoring or mana gement. • Informatio n ab out cha nges in LL DP nei g hbors that o ccur be tween SNM P notific ations is not t rans m itted .
lldp reinit-del ay This command configur es t he d elay b efore attempting to r e-initiali ze after LLD P ports are disabled or the link g oes down . Use th e no form to restore the default setting. Syntax lldp reinit- delay secon ds no lldp rein it -d ela y seconds - Spe c if ies the de lay befo re attempting to re-initial i ze LLDP.
objects, and to increase the probabil ity that mul tiple, rather than si ngle changes , are reported in each transmi ssion. • This a ttrib ute m us t com ply wit h the follo wing r ule: (4 * tx -del.
Command Usage • This opt ion se nds o ut S NMP trap not ification s to de signated targ et sta tion s at the interval specified by the lldp notification-interval command (pa ge 32-3). Trap notification s incl ude infor mation about state ch anges in the LLDP MIB (IEEE 802.
• Every management address TLV that rep orts an addre ss that is accessible o n a port and protocol V LAN through the pa rticula r port should be ac compan ied by a port and protocol VLAN TLV th at indica tes the VLAN identifie r (VID) associated wi th the manage ment address reported by this TLV.
Command Usage The syste m capabilities identifies th e prima ry function( s) of the s yste m a nd whether or not thes e primar y fu ncti ons ar e enabl ed.
Command Usage The syste m name is taken from the s ysName ob ject in RFC 341 8, w hi ch contains the s ystem’s a dmi nistr ati vely assi gne d nam e, an d is in turn base d on the hos tnam e com m an d (page 2 3-1) .
Command Usage Th is op ti on adv ertis es t he port -base d and prot ocol- ba sed VLA Ns conf igured on this interface (see “Co nfi guring VL AN In terf ac es ” on page 3 4-7 an d “Configuring Protocol-based VLAN s” on page 34-20) .
Command Usage This option a dvertises the name of all VLANs t o whic h this i nterfa ce has bee n assigne d. See “switch port allo wed vlan ” on page 34- 11 a nd “pro t ocol- vla n protocol-gro up (Confi guring Inte rfaces)” o n pag e 34 -21.
Command Usage This optio n advertis es M AC /PH Y con figu ra ti o n/status whi ch inclu des information about auto-ne gotiation supp ort/ca pabilities, and operational Multistatio n Access Unit ( MAU ) ty pe.
Command Usage This optio n adver tises Po w er-o ver- Et herne t c apa bili ties , incl ud ing whe the r or not PoE is suppor ted, cur rentl y enabled , if the po rt pins throu gh wh ich pow er is de livered can be controlled , the port p in s sel ec ted to d eliver po wer, and the pow er cl ass.
Console#s how lldp co nfig detail ethernet 1/ 1 LLDP Port Configura tion Det ail Port : Eth 1/1 Admin Status : Tx-Rx Notificati on Ena bled : T rue Basic TLVs Adve rtised: port-descr iption system-nam e system-des cription system-ca pabilities managemen t-ip-addre ss 802.
. Console#s how lldp info lo cal-device detail ether net 1/1 LLDP Por t Informa tion Det ail Port : Eth 1/1 Port Type : MAC Address Port ID : 00-01-02-03-04-06 Port Desc : Eth ernet Po rt on u nit 1, .
Example Console#s how lldp info remo te-devic e LLDP Remote Devices Inf ormatio n Interface | ChassisId PortId SysName --------- + -- ------------- -- ----------- ------ -------- ------------- Eth 1/1.
show lldp info statistics This comm and shows statis tics bas ed on tr affic rec eived thro ugh all at tached LLDP-ena bled interface s. Syntax show lldp info sta tistics [ deta il in te rfac e ] • detail - Shows deta iled in formation. • interface • ether ne t unit / po rt - unit - Stack u nit.
Configures the sp anning tree priority of an int erface IC 33-13 Enables fast forwarding for edge ports IC 33-13 Sets an interface to fas t forwarding IC 33-14 Configures the link typ e for RSTP/MS TP.
span ning -tree This command enables th e Spannin g Tre e Algori thm globa lly fo r the sw it ch . Use the no form to disable it. Syntax [ no ] spanning-tree Default Setting Spanning tree is enabled .
Default Setting rstp Command Mode Global Conf iguration Command Usage • Spa nnin g Tree Protoc ol Uses RSTP for the internal state m achine, but sends only 802.
spanning-tree forward-time This com mand config ures the spanning tree bri dge forwar d time glo bally for this switch. U se the no form to restore the default. Syntax spanning-tree forward-time secon ds no spanning-tree forward-time seconds - T i me in secon ds.
Example Console(c onfig)#spa nning-tree hello-time 5 Console(co nfig)# Related Commands spanning-tree fo rward -time (3 3-4) spanning-tree max- age (33- 5) span ning -tree ma x-ag e This command configures the s panning tree b ridge max imum age g loball y for this switch.
spanning-tree priority This com mand co nfigur es the s pa nning tr ee p riority gl oba lly for th is swi tch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priorit y of the br id ge.
Command Usage The path cost met hod is us ed to dete rmi ne th e bes t pat h betwee n devi ces. There fore , lower v alue s sho uld be as si gned to ports at tached to fast er m edia , and highe r val ues a ss ig ned t o po rts w ith slowe r m edi a. N ote tha t path cost (page 33- 12) ta kes prec edence ove r po rt prio rit y (page 3 3- 13).
Re la ted C omma nds mst vl an (33-8) mst prio rit y (33-9) name (33-9 ) revisi on ( 33-10) max-hops (33- 11) mst vlan This c omman d adds VLAN s to a spanning tree inst ance. Use the no fo rm t o remov e the specified VLA Ns. Using the no form without any VL AN para mete rs to remov e all VLANs.
mst p riori ty This co mmand co nfigures the p riorit y of a spannin g tree instance. Use the no form to restore th e defa ult. Syntax mst instance_id priority priority no mst instance_ id prio rity • inst ance_id - Insta nce id ent ifier of the spa nn ing tr ee.
Command Usage The MST regi on nam e and re visi on n umbe r (pag e 33-10 ) are us ed to designate a uniq ue MST region. A brid ge (i.e., spannin g-tree com pliant devic e such as this switch) can only b elong t o one M ST regio n. And al l brid ges in the same re gion mus t b e con fig ured with th e same MS T in stanc es.
max-hops This com mand co nfigures t he maxi mum num ber of hop s in the reg ion befor e a BPDU is disc arded. Use the no fo rm to re store th e default.
span ning -tree co st This com mand config ures the spanning tree path co st for the specified i nterface. Use th e no form to restore the default auto-co nfiguration mode. Syntax spanning-tree cost cost no spannin g-tree cost cost - The p a th cost f or the po rt.
Example Console(c onfig)#int erface eth ernet 1/ 5 Console(c onfig-if)# spanning-t ree cost 50 Console(c onfig-if)# spanning-tree port-priority This comm and conf igures the p riority fo r the spec ified interf ace. Use the no form to restore t he defaul t.
Command Usage • You can enable th is option i f an int erfa ce is att ached to a LAN seg men t that is at the end o f a bridged LA N or to an end node . Sinc e end no des can not cause fo rwarding lo ops, the y can pa ss directly t hrough t o the spann ing tree forwarding sta te.
• This comman d is the same a s spanning-tree edge-po rt , and is only included for backward compatibility with e arlier p roducts. Note tha t this co mmand may be removed for futur e software ve rsions .
span ning -tree ms t cost This comm and config ures the path co st on a sp anning ins tanc e in the Mult iple Spanning Tree. Use the no form to restore the de fault auto-configuration mode. Syntax spanning -tree mst instance_id cos t cost no spanning-t ree mst instanc e_id cos t • instance _id - Insta nce identifi er of the spa nni ng tree.
spanning-tree mst port-priority This command co nfigures the interfac e priorit y on a spanning in stance in the Multiple Spann ing Tree. Use the no form to res tore the de fault.
Command Mode Privileged Exec Command Usage If at a ny time th e swi tch detects STP BPDUs , inclu ding Co nfigur ation or Topolog y Chang e Notification B PDUs, it will auto mati cally se t the se lect ed interfa ce to forced ST P-compatible m ode.
displaye d for specific interfa ces, see “ Displaying Inter face Setting s” on page 10-1 0. Example Console#s how spanni ng-tree Spanning Tr ee Inform ation --------- ---------- ---------- -------.
show spanning-tree mst configu ration This command sh ows the c onfigu ra tion of the m ultiple s panning tr ee. Command Mode Privileged Exec Example Console#s how spanni ng-tree ms t configu ration M.
Chapter 34: VLAN Commands A VLAN is a gro up of po rts that ca n be loc ated an ywher e in th e ne two rk, b ut communi cate as though they be long to the sa me physic al segme nt.
bridge-ext g vrp This command en ables GVRP glo bally for the swi tch. Use the no form to disable it. Syntax [ no ] bridg e- ext gvrp Default Setting Disabled Command Mode Global Conf iguration Command Usage GVRP defin es a wa y for sw itch es to ex chang e VLAN inform ation in orde r t o register VLAN mem bers on po rts ac ro ss th e n etwork.
GVRP and Bridge Extens ion Commands switchport g vrp This comman d enables G VRP for a por t. Use the no for m to disable it. Syntax [ no ] switchport gvrp Default Setting Disabled Command Mode Interf.
garp timer This comman d sets t he val u es for t he j o in , lea ve an d leav eall tim ers. Us e th e no form to restore t he timers’ default valu es. Syntax garp timer { join | leave | leaveall } timer _ value no garp time r { joi n | le ave | leaveall } • { join | leave | leav eall } - Which timer to set.
show garp timer [ interface ] int erface • et herne t unit / po rt - un it - Stack un it. (Range: 1-8) - port - Port num ber. (R ange: 1-26/50 ) • port-ch annel c hanne l- id (R ange: 1 -32) Default Setting Shows al l GA RP tim ers .
Command Usage • Use the VLA N da ta ba se co m ma nd mode t o ad d, c hange , an d delete VL ANs . After fin ishing con figuratio n chang es, you can di splay th e VLAN set tings b y entering the show v lan command. • Use the inte rface vlan command mode to defin e the port me mbership mode and add or rem ov e po rts f rom a VLAN .
interface vlan This command enters interface co nfiguration mod e for VL ANs, which is use d to configure VLAN par ame ters for a physi cal int erfac e.
Exam ple The following ex ample show s how to set the inte rface configu ration mode to VLAN 1 , a nd t hen assign an IP ad dr ess to the VLAN : Console(c onfig)#int erface vlan 1 Console(c onfig-if)# ip address 192 .
switchport acceptable-fram e-types This com mand co nfigures t he accepta ble fram e types for a p ort. Us e the no form to restore t he defaul t. Syntax switchpo rt acceptab le-fra me-t ypes { all | tagged } no switchport acceptab le-fr ame-ty pes • all - The port acce pts all fram es , tag ged or un tagg ed.
• If ingress filtering is disa bled an d a po rt rece ives fra mes ta g ge d for V L ANs for which it is not a membe r, t hese frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port).
switchport allowed v l an This comma nd configures VLAN groups on the selected interface. Use the no form to restore th e defa ult. Syntax switchpo rt allo wed vlan { ad d vlan-l ist [ ta gged | untag ged ] | remove vlan-lis t } no swit chpo rt allo wed v lan • add vlan-lis t - List of VLAN identifie rs to add.
switchport for b idden vlan This command config ures f orbidden VLANs. Use th e no form to re move the list of forbidde n VLANs. Syntax switchport f orbidden vlan { add v lan- list | remove vl an-li st } no sw i tchp ort fo rbid de n vlan • add vlan-lis t - List of V LAN id entifie rs to add.
show vlan This com mand sh ows V LAN information. Syntax show vlan [ id vlan-id | name vla n-name ] • id - Keywor d to be fol lowe d by the VLAN I D. vlan-id - I D o f the configu red V LAN. (Range : 1-4 09 3, no lead ing z eroes) • name - Key word t o be followe d by the VLAN nam e.
General Configu r ation Gu idelines for QinQ 1. Config ure the s wi tc h to Qi nQ mo de ( dot1q-tunnel system -tunnel-con trol , page 34-1 5). 2. Create a SPVLAN ( vl an , pa ge 34-6) . 3. Configu r e the Qin Q tunnel access port to dot1Q-tun nel ac cess mo de ( switchport dot1q-tunn el mode , page 3 4-15).
Limitations for QinQ • The nativ e V LAN fo r t h e tun nel u plink port s an d tunn el ac ces s port s ca nnot be the same. Howe ver, the same s ervice VLAN s can be set on both tunn el p ort types. • IG MP S noop ing sho uld no t be enabl ed on a tunne l access p ort.
Command Mode Interface Config uration (E thernet, P ort Ch annel) Command Usage • QinQ tu nnelin g m ust be enabled on the swit ch usi ng t he dot 1q-tu nnel system-tun nel-control comm and be fore the switchport dot1q-tu nn el mode interface command can take effect.
custom 802.1Q ethertyp e on a trunk port, in coming f rames co ntaining th at ethertype are assigne d to the VLA N contai ned in the tag foll owing th e ethertype field, as they would be with a standa rd 802.
Configuring Priv ate VLANs Private VLANs pr ovide port-bas ed secu rity and isol ation betwee n ports wi thin th e assigned VLAN. Th is sec tio n des cribes c omm ands u se d to c onfigu re p riva te VlA Ns.
Example This example en ables the p rivate VLAN, and then s ets port 12 a s the uplink an d ports 5-8 as the downli nks. Console(c onfig)#pvl an Console(c onfig)#pvl an up-link ethernet 1/ 12 down-l ink ether net 1/5-8 Console(co nfig)# show pvlan This command di splays the confi gured pri vate VLAN.
To configu re p rotocol-ba sed VLANs, follow these steps: 1. First configu re VLAN grou ps for th e protoco ls you want t o use (pa ge 34-6). Althou gh not ma ndatory, we s uggest conf iguring a se para te VLAN fo r each major protoco l run ni ng on your ne twor k.
• protoc ol - Protocol typ e. The onl y opti on for th e llc-o th er frame typ e is ipx_ra w. Th e option s for a ll othe r f ram es typ es i nc lu de: ip, ipv 6, arp, rarp, and user-de fined (080 1-FFFF hexade cimal). Default Setting No protoc ol g roups are con fig ured.
- If the fra me is untagg ed but t he prot ocol typ e do es not ma tch, t he fram e is forwarded to the default VLAN for this in terface. Exam ple The follow ing example maps the traffic e ntering Port 1 whic h matche s the pro t ocol type spec ified in p rotoco l group 1 to VLAN 2.
1 vlan2 34-23 Command Mode Privileged Exec Exam ple This show s that traffic entering P ort 1 that ma tches th e specific ations for pr otocol group 1 wil l be map ped to V LAN 2 : Console#s how inter.
34 34-24 VLAN Commands.
Chapter 35: Class of Service Commands The comma nds described in this sect ion allow y ou to specify wh ich data pack ets have grea ter precedence when traffic is buffere d in the switc h due to congest ion. This switc h supports Co S with eight p riority q ueues fo r each p ort.
queue mode This comman d sets the queue mod e to stric t priority o r Weighted Round-Rob in (WRR) for the class o f service (CoS) p riority qu eues. Use the no form to restore the defaul t value.
switchport priority default This comm and sets a prio rity for inco ming untagg ed frames . Use th e no form to restore t he default value . Syntax switchport prior ity default defa ult-p riori ty-id no switchport priorit y default defau lt -pri o rity -id - The priority number for untagged ingress traf fic.
queue band w idth This command assigns weighted roun d-robin (WRR) weigh ts to the eight class of servic e (CoS) priority que ues. Use t he no form to restore the default weights. Syntax queue bandwidt h we ight0 ... weigh t7 no queue b andwidth weight0 .
Command Mode Interface Config uration (E thernet, P ort Ch annel) Command Usage • CoS values ass igne d at th e ingres s port are also us ed a t the e gress port.
show queue band w idth This command displays the weighted ro und-robin (W RR) bandwidth alloc ation for the eight p riority queues . Syntax sh ow queue ba ndw id th [ interface ] int erfac e • ether ne t unit / po rt - unit - Stack u nit. (Ran ge: 1 -8) - port - P ort numbe r.
map ip port (Global Configuration) This command en able s IP por t mapp ing (i.e. , class of service map pi ng for TCP/U DP socke ts). U se th e no f orm to di sabl e IP por t ma pping.
map ip port (Interface Configuration) This command sets IP po rt priori ty (i.e., TCP/ UDP po rt priority). Use the no form to remove a specific setting. Syntax map ip port po rt- numb er co s co s-va lu e no map ip port po rt- nu mber • port -n u mb e r - 1 6-bit T CP/UDP po rt numb er.
Command Mode Interface Config uration (E thernet, P ort Ch annel) Command Usage • The preceden ce for prio rity m apping i s IP Port, IP P reced en ce or IP DS CP, and default swi tchport prior ity. • IP Preced ence val ues are ma pped t o defa ult C las s of Service value s on a one-to-one basis according to recommendat ions in the IEEE 802.
map ip dscp (Global Configuration) This command enables IP DSCP m apping (i.e., Diffe rentiat ed Services Code Point mapping). Us e the no f orm to disable I P DSCP m ap pin g.
Default Setting The DSCP de fault v alues are defined in t he f ollowing table . N ote tha t a ll the DSCP val ues th at a re not speci fied are m app ed to CoS va lue 0.
Re la ted C omma nds map ip po rt (G lob al C onfi gura tion ) (3 5- 7) map ip po rt (I nter face C onfi gur ation ) (35- 8) show map ip p recedence This comm and sh ows the IP preced ence pri ority map. Syntax show map ip p rec ed enc e [ inte rface ] int erfac e • ether net un it / po rt - unit - Stack un it.
Priority Commands (Layer 3 a nd 4) show map ip dscp This com mand shows the IP DS CP prio rity map. Syntax show map ip d scp [ inter face ] int erface • et herne t unit / po rt - un it - Stack un it.
35 35-14 Class of Service Commands.
Co mman d Funct ion class-map Creates a class map for a type of traffic match Defines the criteria u sed to classify traf f ic rename Redef ines the name of a clas s m ap description S pecifies the de.
any traffic that e xceed s the s pecified rate, o r jus t redu ce the DS CP se rvice le ve l for traff ic exceedin g the speci fie d rate. 6. Use the service- polic y com ma nd to as sign a poli cy m ap to a s pec if ic in te rf ac e. Notes : 1. You can configur e up t o 16 rules per C lass Map.
match This co mmand de fines the criteria used to class ify tra ffic. U se the no form to delete the matching criteria. Syntax [ no ] match { ac cess-lis t ac l-n ame | ip dsc p dsc p | ipv6 dscp ds cp | ip prece den ce i p-pr ec edence | vl an vl an } • acl-na me - Name of the a ccess con trol lis t.
This example creates a class map ca ll “rd_class# 3,” and se ts it to matc h packets marked for VL AN 1. Console(c onfig)#cla ss-map r d_class#3 match-any Console(c onfig-cmap )#match vl an 1 Console(c onfig-cmap )# rename This com m an d re de fine s t he na me of a cl ass map o r po licy ma p.
policy -map This comman d create s a p olicy map th at ca n be attache d to mult iple interfa ces, a nd enters Pol icy Map confi gurati on mode. Use the no form to delet e a policy map. Syntax [ no ] policy-map policy -map- nam e po li cy-map-name - N ame of the po lic y map .
Command Usage • Use th e policy-m ap co mm and to specif y a poli cy map and en ter Polic y Map configuration mode. Then u se the clas s comm and to enter Policy Map Class configuration mode .
Exam ple This exampl e creates a poli cy called “rd _policy ,” uses the class com mand to spec ify the previou sly defined “ rd_class ,” uses the set command to classify the service that inco .
36-7 police 36.
Exam ple This example creates a policy called “rd_polic y,” uses the class com mand to spec ify the previou sly defined “ rd_class ,” uses the set command to classify the service that inco min.
show class-map This command disp lays t he QoS class maps which define matc hing cri teria us ed for classifying traff ic. Syntax show class -map [ class-map-name ] class-map- nam e - Nam e of the class map. (Range: 1 -16 charac ters) Default Setting Displays all class ma ps .
Console#s how policy -map Policy Map rd_ policy class rd_cla ss set ip dscp 3 Console#s how policy-m ap rd_policy cl ass rd_class Policy Map rd_ policy class rd_cla ss set ip dscp 3 Console# show policy-map interface This command displays the service poli cy assigned to the specified inte rface.
ip igmp snoopi ng This com mand ena bles IG MP snoo ping on this sw itch. Use the no fo rm to disable it . Syntax [ no ] ip igmp sno oping Default Setting Enabled Command Mode Global Conf iguration 37.
Exam ple The followi ng example enab les IGMP sno oping. Console(c onfig)#ip ig mp snoopin g Console(co nfig)# ip igmp snooping vlan static This command adds a port t o a multicast gr oup.
Default Setting IGMP Version 2 Command Mode Global Conf iguration Command Usage • This c ommand co nfig ures the IGM P rep ort/q u ery ve rsio n us ed by IGMP snooping.
Exam ple The following sh ows how to enable im mediate leave. Console(co nfig)# ip igmp sn ooping vlan 1 im mediate- leave Console(co nfig)# show ip igmp snoopin g This com mand show s the IGMP s nooping and q uery confi guration setting s.
Default Setting None Command Mode Privileged Exec Command Usage Memb er t ypes dis played i nclud e IG MP or US ER, depe ndin g on se lect ed option s. Example The following shows the multicast ent ries lear ned thro ugh IGMP snoo ping for VLAN 1 : Console#s how mac-addres s-table multi cast vlan 1 igmp-sn ooping VLAN M'cast IP addr.
Command Usage If enabled, the switc h will ser ve as queri er if elec te d. The q uerier i s resp onsible fo r asking h osts if they wan t to rec eive mul tica st traffic. Example Console(c onfig)#ip igm p snooping q uerier Console(co nfig)# ip igmp snooping que ry-count This com mand config ures the q ue ry c oun t.
ip igmp snoopi ng query-in terval This comman d co nfigur es the que ry inter val. Us e th e no form to restore the default. Syntax ip igmp sn ooping query-int erval secon ds no ip igmp snooping query-interval seconds - The frequency at whi ch the switch sends IGMP host -query mess ages.
Exam ple The follow ing show s ho w to con figure t he maxi mum respon se time to 2 0 seco nds: Console(c onfig)#ip igmp snooping query-m ax-response -time 20 Console(co nfig)# Re la ted C omma nds ip.
ip igmp snoopi ng v lan mrouter This command statically c onfigures a mul ticast ro uter port on the specifie d VLAN. Use the no form to remov e the co nfigur ation. Syntax [ no ] ip igmp sno oping vlan v lan-id mrouter inte rfac e • vl an-id - V LAN ID (Range : 1-4093 ) • interfa ce • et herne t unit / po rt - unit - Stac k unit .
show ip igmp snoop ing mrouter This command d isplay s infor m ation on s ta t ic ally co nfi gur ed and dy nam ica lly le arned multicast router ports. Syntax show ip igmp snoopi ng mr outer [ vla n vl an-id ] vlan -id - VLAN ID (Range: 1-4093) Default Setting Displays mult icast r outer por ts for all con figu re d VLAN s.
ip host This comman d crea tes a stat ic en tr y in t he DNS tab le that m a ps a h ost na me to an IP addre ss. Use th e no form to r emove an entry. Syntax [ no ] ip host na me ad dress1 [ addr ess 2 … ad dr ess 8 ] • name - Na me o f th e host .
Command Usage Servers or othe r net work dev ices may su ppo rt one or more co nn ecti ons vi a multiple I P address es. I f m ore than one IP ad dress is associ ated w ith a ho st name using th is c omm and, a DNS client can try ea ch ad dr ess in succ essi on, until it establi shes a c onn ec tion w ith the targe t devi ce.
ip domain-nam e This com mand defines t he default do main n ame a ppended to inco mplete host names (i.e., h ost nam es passed from a client th at are not fo rmatted with dotted notation ). Use the no form t o remove th e curren t domain na me. Syntax ip d o ma in -na me name no ip doma in-nam e name - Name of the host.
Command Usage • Dom ain nam es are ad ded to the end of t he list o ne at a time. • When an incomplete host name is receiv ed by the DNS service on this switch , it will work throu gh the do ma in list, appe ndin g each doma in n a me in the list to the host name , and check ing with the sp ecified name serv ers for a matc h.
Example This example adds two domain- name s ervers to the list a nd the n disp lays the list. Console(c onfig)#ip do main-serve r 192.168.1.55 10.1.0.5 5 Console(c onfig)#end Console#sh ow dns Domain Look up Status : DNS disabl ed Default Do main Na me: .
Example This example ena bles DNS and then displays the con figuration. Console(c onfig)#ip dom ain-looku p Console(c onfig)#end Console#sh ow dns Domain Look up Status : DNS enabled Default Do main Na me: .sample.co m Domain Name List : .sample.c om.
show dns This com mand displays t he con figura tio n of the D NS se rvice. Command Mode Privileged Exec Example Console#sh ow dns Domain Look up Status : DNS enabled Default Do main Na me: sample.com Domain Name List : sample.com .jp sample.com .uk Name Server List : 192.
clear dns cache This com mand clea rs all en tries in the DNS c ache. Command Mode Privileged Exec Example Console#cl ear dns cache Console#sh ow dns cach e NO FLAG TYPE IP TTL DOMAIN Console# 38-8 Do.
ip dhcp client-identifier This comm and sp ecifies the DC HP clie nt identifie r for t he curr ent interface . Use the no form to remove this identi fier. Syntax ip dhcp clien t-identifier { text te xt | hex hex } no ip dhcp client-identifier • te xt - A text s trin g.
Command Usage This comman d is u sed to inc lu de a clien t iden tifi er in all c omm unic ati ons w it h the DHCP serve r, which us es it to in dex i ts databas e of addr ess bindin gs . The informatio n includ ed in t he iden tif ier is ba sed on RFC 2 132 Op tio n 60, and must be unique fo r all clients in the s ame adm inistr ative do main.
ip dh cp rest a rt rela y This command enable s DHCP r elay for the specifie d VLAN. Use the no form to disabl e it. Syntax [ no ] ip dhcp re la y Default Setting Disabled Command Mode Interface Config uration (V LAN) Command Usage This command is used to c on figu re DHC P rela y func ti ons for h ost devices attached to the switch.
ip dhcp relay serv er This c om man d sp ecif ies the addr es se s of D HCP se rv ers to be used b y th e sw itch’s DHCP relay agent. Use the no form to clear a ll addre sses. Syntax ip d hcp rela y ser ver addr ess 1 [ addr es s2 [ ad dre ss 3 ... ]] no ip dhcp relay se r ver address - IP address of DHCP server.
* These commands are used for manua l y binding an address to a client. service dhcp This command enables the DHCP server on this switch . Use the no form t o disable the DHCP server.
Command Usage If the DHCP s erver is runni ng, yo u must restart i t to im plemen t any configurati on changes. Example Console(c onfig)#ser vice dhc p Console(co nfig)# ip dhcp excluded-address This command specifies IP addre sses that the DHC P server should not assign to DHCP clients.
clien t (with the host command ) if re quired. You c an co nfig ur e up to 8 n etwor k address pools, and up to 32 m anually bou nd host ad dress pools (i.e ., listing one host a ddress per po ol). Howe ver, note that any add ress specifi ed in a host comman d must fall wit hin the ra nge of a configu red netwo rk addre ss pool .
default-route r This comman d speci f ies default routers for a DHCP pool. Use the no f o r m t o remove th e defaul t routers. Syntax default-router addr ess1 [ addres s2 ] no default-r outer • ad dress1 - Specif ies the IP address of the primar y rou ter.
dns-server This command specifies the Domain Name Sy ste m ( DN S) IP se rver s avai labl e to a DHCP client. Use the no form to remove the DNS server list. Syntax dns-ser ver addre ss1 [ a ddress2 ] no dns-server • address 1 - Specif ies the IP addr ess of the primar y DNS s erve r.
bootfile This command specifies th e name of t he default bo ot image for a D HCP client. T his file should placed on the Triv ial File Trans fer Protocol (TFTP) server specified with the n ext-s er ver com mand. Us e t he no form to de le te t he bo ot i mag e nam e.
Re la ted Com man ds netbios-node- type (39-11) netbios-node-type This command configures the NetBIOS node type for Microsoft DHCP clie nts. Use the no for m to r emo ve th e N e tB IOS n od e typ e .
Default Setting One d ay Command Modes DHCP Pool Configur ation Exam ple The follow ing example leases a n address to clients us ing this pool for 7 d ays. Console(c onfig-dhcp )#lease 7 Console(c onfig-dhcp )# host Use this co mm and to spe cify the IP a ddress a nd n et work m a sk t o m a nu al ly bi nd to a DHCP client.
• The no host comman d only cl ears th e ad dress from t he DHC P serv er data base. It does no t ca nc el the IP a ddr ess cu rr en tly in us e by the h ost.
hardware-address This command specifies the h ardware addres s of a DHCP client. This c ommand is valid for manual bindings only. Use the no for m to remove the hardwa re address . Syntax hardware- address hardwa re-addr ess type no hardware-address • hard ware- addre ss - S pecifies the M AC ad dress of the c lie nt d evi ce.
Usage Guidelines • An addr ess sp ecifie s the cli ent’s IP ad dress . If an ast eri sk (* ) is use d as the addres s para meter, t he DHCP server clea rs all automatic b indin g s.
39 39-16 DHCP Commands.
Chapter 40: Router Re dundancy Commands Router r edundancy protocols us e a virt ual IP ad dress to sup port a p r imary route r and multiple ba ckup rout ers. The bac kup route rs can be co nfigur ed to take over the workl oad if the m aster route r fa ils, or ca n also be conf igured to share the traf fic load.
vrrp ip This command enable s the Virtual Route r Redunda ncy Pro tocol (V RRP) on an interface an d specifies the IP addr ess of the virt ual router. Use t he no f o r m t o disable V RRP on an inter face and remove the IP add ress fro m the virtual router.
vrrp authentication This command specif ies the k ey used to authen ticate VR RP packets rece ived from other routers. U se the no form t o prevent auth entication . Syntax vrrp group auth entica tion key no vr r p grou p au th enti cati on • grou p - Identi fies t he vir tual ro uter gr oup .
Command Mode Interface ( VLAN) Command Usage • A router that has a p hysic al in terfa ce with th e sa me IP addr ess as that used for the virt ual router ( that is , the ow ner of the V RRP IP addr ess) will b ecom e the maste r virtual router.
Command Mode Interface (VLAN) Command Usage • VRRP a dvertise ments from the cur rent mas te r vir tual r out er inc lu de infor mati on about its prior ity and current state as the master. • VRRP advertise ments are sent to the mul tic ast ad dress 224 .
master has just come on line, this delay al so gives it time to gather information for its rou ting table bef ore actua lly preem pting the cu rrentl y active route r. Example Console(c onfig-if)# vrrp 1 preempt delay 10 Console(c onfig-if)# Re la ted Com man ds vrrp priority (40 -3) show vr r p This command disp lays status information for VR RP.
Table 40-3 show vrrp - display description Descr iption VRRP role of this interface (master or backup) Virtual address that identif ies this VRRP gro up Virtual MAC addr es s de rived from the owner o.
show vrrp interface This comman d displ ays status informat ion for the specifie d VRRP interface . Syntax show vrrp inte rf ace vla n vla n-id [ bri ef ] • vlan -id - Iden tifi er of con figure d VLA N in terf ace. (Ra nge: 1 -40 93 ) • brie f - Displays summ ary info rma tion for all VRRP groups on thi s rou ter.
show vrrp router c ounters This command disp lays cou nters for error s found in VRRP pr otocol packets. Command Mode Privileged Exec Example Note that unkno wn errors in dicate VR RP packe ts received w ith an unkn own or unsupported v ersion numbe r.
clear vrrp router counters This com mand cl ears V RRP system statisti cs. Command Mode Privileged Exec Example Console#cl ear vrrp router co unters Console# clear vrrp interface counters This comman d clea rs VR RP syste m statistics f or the spe cified gr oup and inte rfac e.
Chapter 41: IP Interface Commands An IP addr ess may be used fo r management ac cess to the router o ver your network or to conn ect the switch to e x isting I P sub ne ts .
ipv6 enable ipv6 ge neral-pre fix show ipv6 general-p refix ipv6 address ipv6 address autoc onfig ipv6 address eui-64 ipv6 address link-loc al show ipv6 in ter face ip v6 def au lt -gatew a y show ipv.
ip address This command sets the IPv4 addr ess fo r th e cur rently se lected VLAN in te rface. Use the no fo rm t o res tor e the de fault IP address . Syntax ip a ddress { ip-address netmask | boo tp | dhcp } [ s ec ond ary ] no ip addr ess • i p-add ress - IP ad dres s • ne tmask - N etwo rk mask fo r the as soci ated I P s ubnet .
uses a seco nda ry add ress, all oth er rou ters in tha t s egm ent must al so u se a seconda ry addres s from the sa me netw ork or sub net address s pace. • If bootp or dhcp options are sele cted, t he syst em wil l imm ed iate ly star t broadcasti ng service req uests.
Basic IP Configura tion Exam ple The followin g exampl e defines a d efault gatewa y for this devic e: Console(c onfig)#ip default- gateway 10.1.1.254 Console(co nfig)# Re la ted C omma nds ip ro ut e.
ping This comman d sends (I Pv4) ICMP echo requ est pack ets to anoth er n ode on the netwo rk. Syntax ping host [ si ze si ze ] [ cou nt coun t ] • ho st - IP address or IP a lias of the hos t.
Re la ted C omma nds interface (27-1) ping ipv 6 (4 1-25) ipv6 enable This com mand enable s IPv6 on an inte rface tha t has not be en configure d with an explic it IPv6 addres s. Use the no fo rm to di sable I Pv6 on an i nterf ace that h as n ot been configured with an explici t IPv6 ad dress.
Re la ted C omma nds ipv6 a ddress lin k-lo ca l (41- 13 ) sho w i pv6 inte rface (41-14) ipv6 general-pre fix This comm and define s an IPv6 g eneral pr efix for the ne twork address s egment.
show ipv6 general-prefi x This comman d displ ays all confi gured IPv6 general prefixes. Command Mode Normal Exe c, Pri vil eg ed Ex ec Exam ple This examp le displays a sin gle IPv6 gene ral pre fix configur ed for t he router.
apply to one o r more specifi c interfaces , and are t herefore s pecified by th is command at the interf ace con figur ation l evel. • If a link-loca l addr ess has not yet be en as signed to t his.
Default Setting No IP v6 addres se s ar e define d Command Mode Interface Config uration (V LAN) Command Usage • If a link l ocal addr ess has not yet be en a ssigned to t his i nterface , this command will dynamic ally generate a global unicast addr ess and a link local address for the interface .
ipv6 addre ss eui-64 This com mand config ures an IP v6 addres s for a n interf ace us ing an EU I-64 interfa ce ID in the lo w ord er 64 bits and enabl es I Pv 6 on t he i nte rfac e. U se the no form with out any arg uments to re move all manually configu re d IPv 6 add ress es fr om the interfa ce.
id) and the rest of the ad dress, res ulting in a mo dified EUI-64 interface identifier o f 2A-9F-18- FF-FE-1C- 82-3 5. • This h ost ad dress ing m etho d allows the same inter fac e ident if ier t o be used on multiple IP inte rfac es of a si n gle de vi ce, as lon g as thos e inte rf aces ar e attached to diffe rent subnets.
Command Mode Interface Config uration (V LAN) Command Usage • The address spec ifi ed wi th t his co mmand rep laces a l in k-loca l ad dres s th at was automatically genera ted for the inte rface. • Y ou can confi gu re m ult iple IPv6 globa l u nicast addr esses per in terf ac e, but only on e l ink-loc al a ddres s pe r interface .
valu es. One dou ble co lon m ay b e use d in th e ad dress to ind icat e the appropriate number of z eros req uired to fill the unde fined fie lds. • prefix-length - A d ecim al val ue ind ic atin g ho w m any of the conti guous bits (from the left) of t he add re ss c om pri se the pre fi x (i.
Table 41-3 show ipv6 interface - display description (Continued) Field Descrip tion Joined group In addition to the unicast add resses assign ed to an interface, a node is required address(es) to join.
ipv6 de fault-ga teway This command sets an IPv6 default ga teway to use f or des tination s wit h no known next hop. Use the no form to remov e a previo usly con figure d defa ult gateway.
Exam ple The following sh ows the default gatew ay configured for this device: Console#s how ipv6 default- gateway ipv6 default gateway: FE80::269:3EF9 :FE19:6780 Console# Re la ted C omma nds show ip red irec ts (41-5) ipv6 mtu This command sets the size of the maximum transmissio n unit (MTU) for IPv6 packet s sent on an interfa ce.
show ipv6 m tu This command disp lays the maximum transm ission u nit (M TU) cache for destinations tha t have returne d an ICMP pack et-too-b ig messag e along with an acceptable MTU to this router .
ICMP Statis tics: Ipv6 icmp input input checksum er rors too short unknown in fo typ e unknown er ror ty pe unreach r outing unreach a dmin unreach neig hbor unreach a ddress unreach port Parameter er.
Table 41-5 show ipv6 traffic - display description Descri ption The total number of input datagrams recei v ed by the interface, including tho se received in error. The number of source -rou ted packe ts. The number of input d ata grams discar ded becau se the datagr am frame did not carry enough d ata.
Descri ption The number of failures detected by the IPv6 re-as sem bl y algo rithm (for whate ver reason: timed ou t, errors, etc. ). Note that this is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received.
Descri ption The n um ber of I CMP d estina tion unre acha ble/ comm unic ation a dm inis trati vel y prohibit ed m essa ges r ecei ved b y the int erf ace. Indicates that the destination is beyond the scope of th e so urc e address . For example, the source may be a local site or the destination may not have a route back to the source .
Descri ption The number of ICMP Param eter Proble m m es sag es sen t by the interface . The number of Send ICMP param eter p roblem m ess age s caused by an unrecognized header error. The number of Send ICM P para meter p roblem mess ag e s cau sed by a n unrecognized option error.
clear ipv6 traffic This com mand resets IPv6 tra ffic counters. Command Mode Privileged Exec Command Usage This command re sets all of the count ers disp la yed by the sh ow ip v6 traf fic comm and. Example Console#cl ear ipv6 tr affic Console# ping ipv6 This comm and sends ICMP echo req uest packets to an IPv6 no de on the n etwork .
Command Usage • Ping sends an echo reque st to the spe cifi ed addre ss, an d wait s for a rep ly. Ping output c an help determin e path reliability, p ath d elays, and if the ho st is reachable or functioning.
Default Setting None Command Mode Global Conf iguration Command Usage • Addre ss Resolu tion Proto co l (A RP) has bee n repl ace d in IP v6 wit h the Neighb or Disco very Protocol (NDP) . The ipv6 neighbor command is similar to th e mac-addres s-tab le static comm and (page 3 1-1) that is im plemented using ARP.
Default Setting 1 Command Mode Interface Config uration (V LAN) Command Usage • Con figurin g a valu e of 0 disab les du plicate a ddres s detect io n. • Duplica te address dete ction determines if a n ew unicast IPv6 address already exists on the network be fo re it i s a ssign ed to an in te rf ace.
Exam ple The following configures five n ei ghbor s ol icitati on attemp ts for a dd resse s co nfigured on VLAN 1 . T he show ipv6 interface command indi cates tha t t he dupl icate addres s detect ion proces s is st ill on-going.
reach ability of a neigh bor. Ther efore, av oid using ve ry short int erval s for normal IPv6 operatio ns. Exam ple The following sets the interv al between se nding neigh bor solici tation message s.
Table 41-6 show ipv6 neig hbors - displa y descriptio n Field Descrip tion IPv6 Address IPv6 address of neigh bor Age The time since the address was verified as reachable ( in mi nutes). A static entry is indicated by the value “Permanent.” Link-layer Addr Phys ical layer MAC ad dress.
arp This command adds a sta tic entry in the Addre ss Resol ution Protocol (AR P) cach e. Use the no form to remove an entry from the cache. Syntax arp ip-addres s hardwar e-address no arp i p -a dd re ss • ip-a ddre ss - IP ad dress to ma p to a speci fied ha rdwar e addre ss.
• You may ne e d to e nter a st at ic ent ry in th e ca che if t her e is no r es ponse to an ARP broadcast mes sage. For exam ple, some applica tions may not re spond to ARP reques ts or the res ponse arri ves too la te, caus ing netw ork oper ations to tim e ou t.
clear arp-cache Th is c om ma nd d eletes al l dyn am ic ent ri es fr om th e Ad dres s Res olu tio n Protoco l (AR P) c ache . Command Mode Privileged Exec Exam ple This example clea rs all dynamic entri es in the ARP cac he. Console#cl ear arp-cache This opera tion will delete a ll the dy namic entries in ARP C ache.
ip proxy -arp This command en ables pr oxy Addr ess Res olution Protocol (ARP). Use the no form to disable proxy ARP. Syntax [ no ] ip proxy -ar p Default Setting Disabled Command Mode Interface Confi.
41 41-36 IP Interface Commands.
Chapter 42: IP Routing Commands After you con figure network in terfaces for this router, you mus t set the paths use d to send tra ffic between differe nt interfac es. If you ena ble routing on this dev ice, traffic will automatica lly be forwarded between all of the lo cal su bnet works.
Command Mode Global Conf iguration Command Usage • The com man d affe cts both st atic and dy nami c uni cast rou ting . • If IP routing is en able d, a ll IP pack ets ar e routed us in g either st atic rou ting or dynamic routing via RIP or OS PF, and oth er packet s for all non-IP p rotocols (e.
clear ip route This command removes d ynamical ly learne d entries from the IP routing table. Syntax clear ip rout e { netw ork [ netm as k ] | * } • netwo rk – Net work or subne t ad dress . • netmask - Net wo rk mask for t he assoc iated IP subn et.
Total en try: 4 Cons ol e# Table 42-3 show ip route - display description Field Description Ip Address IP address of the destinati on net work, subnetw ork, or ho st. Note that the addres s 0.0.0 . 0 indicates the default gateway for th is router. Netmask Network mask fo r the associated IP subnet.
show ip traffic This command displays s tatistics for IP, ICMP, UDP, TCP and ARP protocols. Command Mode Privileged Exec Command Usage For a descript ion of th e info rma tion sho wn by this co mm and, see “Di splayi ng Statis tics for IP Protocols ” on pa ge 19- 16.
router rip This command enables Routing Information Pro tocol (R IP) routing for all IP interf aces on the router. U se the no form to dis able it. Syntax [ no ] r outer rip Command Mode Global Conf iguration Default Setting Disabled Command Usage • RIP is u sed to s pecify how r outers e xchan ge r outing t able info rmation .
default-metric This co mmand sets th e default metric a ssigne d to externa l rout es importe d from other protoc ols. Use the no form to restore the default value. Syntax default-metr ic met ric-v alue no default-metric metric -v alue – Metric assigned to ext e rnal routes.
timers bas ic This co mmand co nfigures the R IP update timer, t imeout ti mer, a nd garbage - collectio n timer. Use the no form to restore th e defa ults.
net work Thi s command spe cifi es th e n e twork inter fac es that wi ll be incl uded in th e RIP routing pr ocess. Use the no for m to rem ove an entry. Syntax [ no ] networ k subnet- address subne t-addr ess – IP addres s of a net work di rectl y conn ected to this r outer.
Command Usage This comman d ca n be used to co nfig ure a stat ic neig hbo r wit h which this router will exc hange inf orm ation, ra th er tha n re lying on broad cas t m essa ges generated by th e RIP protoco l. Example Console(c onfig-rout er)#neighb or 10.
redistribute This command imports exter na l ro uti ng in fo rma t ion f rom o ther r outing do m ains (tha t is, protocols o r static route s) into the a utonomous system.
This example re distributes sta tic routes and sets the me tric for all of these r outes to a value of 3. Console(c onfig-rout er)#redist ribute stat ic metric 3 Console(c onfig-rout er)# Re la ted Com man ds default-met ric ( 42-7) ip rip receive v e rsion This comma nd spe cifie s a RIP version to rece ive on an interf ace .
ip rip send v ersion This comm and sp eci fi es a RIP ve rsio n to send o n a n int erfa ce. U se th e no for m to restore t he default value . Syntax ip rip sen d ver sion { non e | 1 | 2 | v2- br oa d ca st } no ip rip sen d version • none - Does not transmit RIP upd ates.
ip split-horizon This command en ables split- horizon or poison- revers e (a var iation) on an interface . Use th e no form to disa ble split-hori zon. Syntax ip split-horizon [ poison-reverse ] no ip split-horizon poison-reve rse - E nable s po is on-r ever se on the c ur re nt in te rfac e.
• For authenti ca tion to fun ct io n prop erly , bot h th e sendi ng a nd receivi ng interface must be co nfigured wi th the same pa ssword . Example This examp le sets an a uthenti cation pas sword of “s mall” to ve rify in comin g rout ing messages and to tag outg oing routin g messag es.
Example This examp le sets the authentication mode to plain text. Console(c onfig)#int erface vlan 1 Console(c onfig-if)# ip rip authe ntication mo de text Console(c onfig-if)# Re la ted Com man ds ip rip authent icat i on key (42-14) show ri p globals This comman d displays g lobal configuration setti n gs for R IP.
1625 2 0 0 1625 2 0 0 Table 42-7 show ip rip - display desc ription Descr iption IP address of th e interface. RIP version sent on this interface (none, RIPv1, RIPv2, or RIPv2-b roadcast) RIP version .
Summarizes routes advertised by an ABR Sets the cost for a default summary route sent into a stub or NSSA Summarizes routes advertised by an ASBR Redistribute routes from one routing domain to another.
router os pf This command ena bles Open Sh ortest Pa th F irst (OS PF) rou ting for all IP inter faces on the route r and enters router configuration mo de.
router-id This comman d assigns a un ique rout er ID for this device within th e autonomo us system. U se the no form to use t he default router id entificati on method (i.e., the lowest inter face addre ss). Syntax ro ute r- id i p -a dd re s s no ro uter-id ip-a dd re ss - Rout er ID f orm atte d as an IP ad dr ess.
Command Usage • W hen R FC 1583 com pati bility i s enab led, only co st is used whe n cho osi ng among multipl e AS-exte rnal LSAs adv ertising th e same destina tion. Wh en disabled , pref erence i s ba se d on t ype of p ath, usin g cost o nl y to break ties (see RFC 2328).
System Boundary Router (ASBR ). How ever, an ASBR does n ot, by default, generate a def ault route into the ro uting do main. - If you us e the alw ays ke ywor d, the r outer will adv ertis e its elf as a default external route in to the AS, ev en if a def au lt e xter nal rou te doe s not actual ly exist.
Example Console(c onfig-rout er)#timers spf 20 Console(c onfig-rout er)# area range This command summarizes the routes adver tised by an Area Border Router (A BR).
area default-cost Th is comma nd spec if ie s a cos t for th e de fa ult sum mary ro ute sent into a stub or not-so-stubby area (NSSA) from an Are a Border Ro uter (ABR).
Command Usage • Redi stri but ing r outes fr om ot he r pr otocol s into OS P F nor mally requir e s the router to advertise each route individually in an external LSA.
Command Usage • This command is used to imp ort rou tes le arne d from other r outi ng pro to cols into the OSPF domain, an d to gene rate AS-ex ternal-L SAs. • W hen externa l rout es ar e re dist ribut ed into an OS PF auto nomous sys te m (AS), the router autom aticall y becomes an a utonomous system boundary router (ASBR).
Command Usage • An area ID uni que ly def ines an OSP F broad cast are a. The ar ea ID 0.0. 0.0 indicates the OSPF bac kbone for a n autonomous system. Each r outer (which is not alrea dy pa rt o f the ba ck bo n e) m ust be co n ne cted to th e ba ckbon e via a direct con nection or a virtual link.
Command Mode Rout er Co nfi gurat ion Default Setting No stub is c onfigu red. Summa ry adver tisem en t are sent into the s tub. Command Usage • All r out ers in a stu b m us t be con figur ed with th e sam e ar ea ID us in g thi s comm and.
• default- information- originate - Wh en the ro uter i s an N SSA Ar ea B order Router (ABR) or an NS SA Auton omo us Syst em Bou nda ry R outer (AS BR ), this parameter caus es it to ge nerate a Type-7 default LSA into the NSSA.
area virtual-link This comm and d efines a virtu al link . To rem ove a virtual lin k, use the no form with no optional key words. To r estore th e default val ue f or an att ribute , u se t he no form with the required keywor d.
the sa me for a ll rout ers at tach ed to an a uton om ou s sy stem . (Rang e: 1-655 35 seco nds; Defa ult: 4 x hello interval , or 40 seco nds) • hello-in terv al sec ond s - Specifie s th e transm it d elay bet wee n se nding hello pack ets.
Example This exampl e creates a virtua l link using the defaults for all op tional par ame ters. Console(c onfig-rout er)#networ k 10.4.0.0 0.255 .255.0.0 are a 10.4.0.0 Console(c onfig-rout er)#area 1 0.4.0.0 vi rtual-link 10.4.3.25 4 Console(c onfig-rout er)# This example cr eates a virtua l link using MD5 authentication.
authentica tion key. W ithout th e prope r key and key-id, it is nearly imp ossible to produce any m essage that m atches the pre-spec ified target message dige st. • Before spec ify in g plain- te xt pa sswo rd authe nti cation for an interfa ce , configure a p assword with the ip ospf authe nt icati on -k ey comman d .
Example This exampl e sets a passw or d for the spe cif ie d interfa ce. Console(c onfig)#int erface vlan 1 Console(c onfig-if)# ip ospf auth entication-k ey badbo y Console(c onfig-if)# Re la ted Com.
Example This example sets a m essa ge-d igest ke y iden tifier a nd passw ord. Console(c onfig)#int erface vlan 1 Console(c onfig-if)# ip ospf messag e-digest-key 1 md5 aiebe l Console(c onfig-if)# Re la ted Com man ds ip osp f authentication (42-32) ip ospf cost This comm and explicit ly sets the co st of sendin g a packet on a n interfac e.
ip ospf dead-interval This comm and sets the in terval at wh ich hello pa ckets are n ot seen before neighbors dec lare the router down . Use the no form to restore the default value.
Command Usage Hello packets are used to inform other routers that th e sendi ng rou ter i s still active . Setting the hell o inte rv al to a smalle r va lu e can re duc e the dela y in dete cting topolo gica l changes, bu t will inc rease rou tin g traffic.
ip ospf retransmi t-interval This command sp ecifies the time betwe en resending lin k-state advertis ements (L SAs). Use the no fo rm t o rest ore t he de faul t val ue . Syntax ip o spf ret ransm it-inter val seco nds no ip osp f retran smit-interval secon ds - S ets the i nterval at whi ch LSAs are r etransmi tted f ro m this interface.
Command Usage • LSA s have t heir a ge incre m ente d by this de lay be fo re tran smi ssio n. Wh en estimating the transmit delay, co nsider both the transmission and propagation delays for an interface . Set the t ransmit delay acc ording to link sp eed, using larger val ues for lowe r-spee d links.
show ip ospf border-route rs This command shows entries in the routing tabl e that lead to an Area Border Router (ABR) or Auto nomous Sy stem Bound ary Router (ASBR).
show ip ospf data ba s e This command shows information abou t different OSPF Lin k State Adverti sements (LSAs) stored in this rout er ’s datab ase.
Table 42-11 show ip ospf database - display description Field Descrip tion Link ID Rout er ID ADV Rou t er Advert isi ng router I D Age Age of LSA (in second s) Seq# Sequence n umber of LSA (used to d.
Open Shortest Path First (OSPF) The following sh ows output when using th e asbr-summa ry keywor d. Consol e#sh ow ip ospf dat abase asbr -summa ry OSPF Router w ith id(10.
Table 42-13 show ip ospf database-summary - display description Field Descrip tion Area ID Area identifier Router Number of router LSAs Network Number of n etwork LS As Sum-Net Number of sum mar y L S.
The following show s output when usin g the externa l keyw ord. Consol e#sh ow ip os pf datab ase extern al OSPF Ro uter wit h id(192 .168.5. 1) (Aut onom ous system 5) Displa ying AS Exte rnal Link States LS age: 43 3 Optio ns: (No TOS-ca pabi lity) LS Typ e: AS Extern al Link Link Sta te ID: 10.
The following sh ows out put when usi ng the networ k keywo rd . Consol e#sh ow ip os pf databas e networ k OSPF Router w ith id(10.1. 1.25 3) Displa ying Net Lin k States (Area 10 .
Open Shortest Path First (OSPF) The followin g shows o utput w hen usin g the rout er keyw ord. Consol e#sh ow ip ospf d atabas e router OSPF Router w ith id(10.
Table 42-16 show ip ospf router - display description (Continued) Field Descrip tion Number of TOS metrics Type of Service metric – Th is router only supports TOS 0 (or normal service) Metrics Cost of the link The following sh ows out put when usin g the su mmary keywor d.
show ip ospf i nterfa ce [ vl a n vlan -id ] vlan -id - VLAN ID (Ran ge: 1-40 93) Command Mode Privileged Exec Example Console#sh ow ip osp f interf ace vl an 1 Vlan 1 is up Interface Ad dress 10.1.1 .253, Mask 255. 255.255.0, Ar ea 10.1.0.0 Router ID 10.
show ip ospf neighbor This command displays information abo ut neighboring route rs on each i nterface within an OSPF are a. Syntax show ip os pf neighbo r Command Mode Privileged Exec Example Console#s how ip ospf neighbor ID Pri State Address --------- ------ ----- - -------- -------- --- -------- ---- 10.
Open Shortest Path First (OSPF) show ip ospf summary-addre ss This comman d displays all su mmary address info rmatio n. Syntax show ip ospf summary-address Command Mode Privileged Exec Example This examp le show s a sum mary addr ess and ass ociate d network mask.
42 42-52 IP Routing Commands.
Section IV:Appendices Th is s ec tio n prov id es add it iona l i nform ati on on the fol lo wi ng to pics . Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troubleshooting . . . . . . . . . .
Appendices.
Appendix A: Software Specificati ons Software Featur es Authenticati on Local, RADIUS, TACACS +, Port (8 02.1 X), HTTPS, S SH, P ort Se curity Access Co ntrol Lists 256 ACLs (96 M AC rule s, 9 6 IP ru.
Quality of Serv ice DiffServ supports class ma ps, polic y maps , and serv ice polic ies Mult icast Filt ering IGMP S nooping IP R outing ARP , Proxy ARP Static route s RIP, RIPv2 and OSPFv2 dynamic r.
Management Infor mation Bases IEEE 80 2.3-2005 Ethernet, Fast Etherne t, Gigabit Ethernet, an d 10 Gigabit Ethe rnet (fiber and short-haul copper) Link Ag gregat ion Contro l Protoc ol (LACP) Full-duplex flow contro l (ISO/IEC 8 802-3) IEEE 802.3ac VLAN tagging IEEE 802.
IPV6-ICMP-MIB (R FC 2066 ) IPV6-TCP-MI B (RFC 2052) IPV6-UD P-MIB (RF C2054) MAU MIB (RFC 3636) MIB II (RFC 1213) OSPF MIB (R FC 1850) Port Access Entity MI B (IEEE 8 02.
Action • Be sure the switc h is powered up. • Check ne two rk cabling bet wee n the manag ement station and the switc h. • Check that you have a valid network co nnection to the switch and that the port you are using has not be en disa ble d .
Using System Logs If a fault does oc cur, refer to the Installation Guide to ensu re that the pro blem you encountered is actually caused by the switch. If the pr oblem a ppears to be ca used by t he s wit ch, foll ow th ese steps: 1. Ena ble logging.
Glossary Access Control List (ACL) ACL s ca n li mit net wor k traf fi c an d re st ric t access t o cer tai n user s or devi ces by check ing each packet for ce rtain IP o r MAC (i.e., La yer 2) in forma tion. Address Resolutio n Protocol (ARP) ARP converts between IP addre sses and MAC (i .
Glossary Dynam ic Host Control Protoc ol (DHCP) Provides a framework for passing configuration informatio n to hosts o n a TCP/IP network. DHC P is based on the Bootstrap Protocol (BOOTP), add ing the capab ility of automatic allocation o f reusable network addr esses and addi tional confi guration option s.
Glossary IEEE 802.1D Specifies a gen eral method fo r the op eration of MAC brid ges, inclu ding the Spanning Tree Protoc ol. IEEE 802.1Q VLAN Tagging—Defines Ether net frame tags which carr y VLAN info rmation .
Glossary Internet Control Mess age P rotoco l (ICMP) A network layer protoco l that r eports err ors in p rocessin g IP packets. ICMP is also used by routers to feed back inform ation abou t better ro uting choice s.
Glossary MD5 Message-Digest Algorithm An algorithm that is used to crea te digital signatures. It is int ended for use with 32 b it machines and is safer tha n the M D4 alg or ithm , w hic h has b ee n broke n.
Glossary Quality of Serv ice (QoS) QoS ref ers to the ca pab ility of a net work to pr ov ide be tt er se rv ice to s elec t ed t raff ic flows using featur es such as d ata prioritiz ation, queui ng, conges tion avo idance an d traf fic shap ing.
Glossary Spanning Tree A lgorithm (STA) A technolog y that check s your netw ork for any loo ps. A loop can often occur in complic ated or backup linke d netwo rk systems. Spann ing Tree dete cts and dire cts data along the shortest ava ilable pa th, max imizing the perfor mance and effici ency of the netwo rk.
Glossary device which ha s been co nfigured with a fixed gateway to maintain network connect ivity in case the prim ary gatewa y goes d own. XModem A protoc ol used to trans fer fi les betwe en devic es. Data is gr ouped in 1 28-byte blocks and er ror-correc ted.
Index Numerics 802.1Q tu nnel 11-12 , 34- 14 config uration, guidel in es 11- 15, 34-1 4 config uration, limi tatio ns 11-15 de sc rip tion 11- 12 ethern et t ype 1 1-16, 34-1 6 interface configuration 11-16, 11-17, 34-1 5–34- 16 mode selectio n 11-1 7, 34-15 status, c onfigur ing 11- 16, 34 -15 TPID 11-1 6, 34- 16 uplink 11-17 , 3 4-15 802.
Index name ser ver list 16-1, 38- 4 static en tries 16-3, 38-1 Domain N ame S ervic e See DNS downloadi ng sof tware 4-22, 23-1 1 DSA encryp tion 6- 12, 25-2 0 DSCP enabling 1 3-7, 35- 10 mapping pr i.
general pr efix 4-12 , 4-15 , 41-8 global u nicast 4-11 , 41 -9 link-local 4-11, 41- 13 manual config uratio n (gl obal unicast) 2- 8, 4-1 1, 41-9 manual configuration (link-local) 2-8, 4-11, 41-1 3 s.
Index AS summ ary ro ute 20- 33, 42-24 autonom ous s ystem b ounda ry router 20 -16 , 4 2-22 backbone 20 -1 9, 4 2-27 default ex ternal ro ute 20 -17, 42- 21 gener al sett ings 20- 15, 42-18 normal ar.
softw are displaying ver sion 4-3, 23-8 downloading 4 -2 2, 2 3-11 Spann ing Tree Pr otoc ol See STA specific ations, s oftwar e A- 1 SSH, conf igurin g 6-8, 25-1 8, 2 5-19 STA 10-1, 33-1 edge port 10.
Index authenti ca tion 18-4 , 40-3 config uration sett ings 18 -2 , 40 -1 group stat istic s 18 -8, 4 0-6 preemption 18 -3, 1 8-4, 4 0-5 priori ty 18-3 , 18-4, 4 0-3 protocol m essage stat istic s 18-.
.
IC40240-10G IC40480-10G.
An important point after buying a device Asante Technologies 40240/40480-10G (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Asante Technologies 40240/40480-10G yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Asante Technologies 40240/40480-10G - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Asante Technologies 40240/40480-10G you will learn all the available features of the product, as well as information on its operation. The information that you get Asante Technologies 40240/40480-10G will certainly help you make a decision on the purchase.
If you already are a holder of Asante Technologies 40240/40480-10G, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Asante Technologies 40240/40480-10G.
However, one of the most important roles played by the user manual is to help in solving problems with Asante Technologies 40240/40480-10G. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Asante Technologies 40240/40480-10G along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
