Instruction/ maintenance manual of the product SMC8624/48T SMC Networks
Go to page of 556
T igerSwitch 10/100/1000 Gigabit Ether net Switch ◆ 24/48 au to-MDI/MDI-X 10 /100/1 000B ASE-T po rts ◆ 4 ports shared with 4 SFP transcei ver s lots ◆ Non-blocking switching architecture ◆ Su.
.
38 T esla Irvine, CA 9261 8 Phone: (9 49) 679-80 00 T igerSwitch 10/100/1000 Manag ement Guide From SM C’ s T iger line of feature-r ich work group LAN so lutions April 2004 Pub.
Infor matio n furnish ed by SMC Netw orks, Inc . (SMC) is believed to be accurate and reliable. Ho wever , no re sponsibili ty is assumed by SMC for its use, nor f or any in fringe ments of patents or othe r rights of third par ties which may result from its use.
i L IMITED W ARRANTY Limited W ar ranty Statement: SM C Networks, Inc. (“SMC ”) warr ants it s product s to be free from defects in wor kmanship and materials , under normal use and service, for the applicable warranty term .
L IMIT ED W AR RANTY ii WARRA NTIE S EXCLUSIV E: IF AN SMC PROD UCT DOES NOT OPERA TE AS W ARRANTED ABO VE, CUSTOMER’S SOLE REMED Y SHALL BE REP AIR OR REPLA C EMENT OF THE P RODUCT I N QUESTION , AT SMC’S OPTION .
iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Featu res . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descripti on of Softw are Features . .
C ONTENTS iv Setting th e Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Manual Con figuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Using DHCP/ BOOTP . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS v Filtering M anagement Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 Port Configu ration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 Displaying C onnectio n Status . .
C ONTENTS vi Adding Sta tic Membe rs to VLANs ( Port Index) . . . . . . . . . . 3-153 Configuring V LAN Behavior fo r Interfaces . . . . . . . . . . . . . . 3-154 Configuri ng Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158 Enabling P rivate VLANs .
C ONTENTS vii Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Keywor ds and Arg uments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Minimum Ab breviation . . . . . . . . . . . . .
C ONTENTS viii System Man agement Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 Device Desi gnation Command s . . . . . . . . . . . . . . . . . . . . . . . . 4-33 prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS ix SMTP Alert Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 logging se ndmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 logging se ndmail level . . . . . . . . . . . . . . . . . . . . .
C ONTENTS x radius-ser ver retransm it . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 radius-ser ver timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 show radi us-server . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xi MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135 access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136 permit , deny (MAC ACL ) . . . . . . . . . . . . . . . . .
C ONTENTS xii Interfac e Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167 interfac e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168 descrip tion . . . . . . . . . .
C ONTENTS xiii Spanning Tr ee Command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-205 spanni ng-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206 spanni ng-tree mode . . . . . . . . . .
C ONTENTS xiv Displaying V LAN Informa tion . . . . . . . . . . . . . . . . . . . . . . . . 4-242 show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-242 Configuri ng Protocol-b ased VLANs . . . . . . . . . . . . . .
C ONTENTS xv Multicast Filtering Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272 IGMP Snoo ping Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272 ip igmp snoo ping . . . . . . . . . . . . . . . . . . . .
xvi T ABLES Table 1-1. Key Featur es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2. System Defa ults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1. Configurat ion Options .
T ABLES xvii Table 4-22. RADIUS Clien t Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-95 Table 4-23. TACA CS+ Client Comma nds . . . . . . . . . . . . . . . . . . . . . . 4-99 Table 4-24. Port Secu rity Comma nds . . . . . . . . . . . . .
xviii F IGURES Figure 3-1. Homepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2. Panel Disp lay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 3-3. System In formation . . .
F IGU RES xix Figure 3-37. C onfiguring Port Attributes . . . . . . . . . . . . . . . . . . . . . . 3-86 Figure 3-38. Static Trunk Configur ation . . . . . . . . . . . . . . . . . . . . . . . 3-88 Figure 3-39. L ACP Port Configu ratio . . . . . . . . .
F IGU R ES xx Figure 3-74. Set ting IP Prece dence/DSCP Priority Status . . . . . . . 3-170 Figure 3-75. Map ping IP Preced ence to Cl ass of Serv ice Values . . . 3-172 Figure 3-76. Mapping IP DSCP Priority to Class of Service Values 3-174 Figure 3-77.
1-1 C HAPTER 1 I NTRODUCTION This sw itch provides a broad range of features for La yer 2 switchin g. It include s a managemen t agent that all ows you to configure the featu res listed in this manual. The default configuration can be used for most of t he featu res pro v ided by this s witch .
I NTR ODU CT IO N 1-2 Descri ption of Softwa re Featu res Th e switch provide s a wide rang e of advanced pe rfor man ce enhan cing featu res . Flow cont rol elim inates the loss of pac kets d ue to bo ttlenec ks caused by por t saturation . Broadc ast stor m suppr ession pr events broad cast traffi c stor ms from en gulfing the network.
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-3 Authentication – This switc h authentic ates management a ccess via the console por t, T eln et or web br owser . User names and passwords ca n be configur ed locally or can be v erified via a rem ote authenticati on ser ver ( i.
I NTR ODU CT IO N 1-4 P ort Mi rro ri n g – The sw itch can unobtrusi vely mirror traffic from any por t to a monito r po rt. Y ou ca n then attach a proto col an alyze r or RM ON probe to this port to perform traffic an alysis and ve rify connec tion integ rity .
D ESCRIPTION OF S OFTWARE F EAT UR ES 1-5 T o av oid dro pping fr ames on congested ports, the s witch provi des 1 MB for fram e buffe ring. This buffe r can qu eue packets await ing tran smissio n on cong e sted networks. Spanning T r ee Protocol – The switc h supp orts these spanni ng tre e protoc ols: Spanning T ree Protocol (STP , IEEE 802.
I NTR ODU CT IO N 1-6 Vir t ua l L AN s – The switch supports up to 255 VLANs . A Vir tual LAN is a collection of ne twork nodes that share the same collisio n domain reg ardles s of thei r physical lo cation or connec tion point in the network. The s witch suppor ts ta g ge d VLANs ba sed on the IEEE 802.
S YSTEM D EFAULTS 1-7 System Defaults The swit c h’ s system defaults are provided in the config uration file “Factor y_Defau lt_Config.cf g.” To rese t the swit ch defaults, this file should be s et as the star tup configur ation file (page 3-25).
I NTR ODU CT IO N 1-8 Port Configuration Admin Sta tus E nabled Auto-negotiation Enabled Flow Control D isabled Port Capability 1000BASE-T – (10 Mbps half d uplex) (10 Mbps full du plex) (100 Mbps h.
S YSTEM D EFAULTS 1-9 Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filterin g Disabled Switchport Mode ( Egress Mode) Hybrid: tagged /untagged frames GVRP (globa l) Disabled GV.
I NTR ODU CT IO N 1-10.
2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Switc h Configuration Opt ions The switc h incl udes a b uilt-in ne tw ork managem ent agent. The agent offer s a variety of m anage ment opt ions, including SNM P , RMO N and a W eb-based i nterface .
I NI TIA L C ONFIGURATION 2-2 The switch’ s W eb int erface, CLI configuratio n prog ram, and SNMP agent allow you to perf or m the following manage ment fu nctions: • Set user na mes and pas swor.
C ONNECTING TO THE S WITCH 2-3 T o connect a ter minal t o the co nsole p ort, complete the foll owing steps: 1. Connect t he cons ole cable t o the serial port on a terminal, or a PC r unning ter minal emulation software, and tighte n the captive retaining screw s on the D B-9 co nnect or .
I NI TIA L C ONFIGURATION 2-4 Remote Connections Prior to accessing the swit ch’ s onboard a gent via a net wo rk connectio n, you must first co nfigur e it with a v alid IP addres s , subnet mask, and defaul t g ateway using a con sole con nection, DH CP or B OOTP prot ocol.
B ASIC C ONFIGURATION 2-5 Acces s to both CL I levels are co ntrolle d by user na mes and pa sswords . The switch has a default user name and password for each lev el. T o log into the CLI at the Privileg ed Exec lev el using the default us er name and passw ord, perform thes e steps: 1.
I NI TIA L C ONFIGURATION 2-6 T ype “us er name adm in password 0 p assword , ” for the Pr ivile ged Ex ec lev el, where pa ssword is your new pass wo rd. Pres s <Ent er>. Setting an IP Address Y ou must establish IP addre ss infor mation fo r the switch to obtain manag ement a ccess t hroug h the network.
B ASIC C ONFIGURATION 2-7 Before you can assign an IP addr ess to the swit ch, you m ust obta in the following info r matio n from your network admini strat or: • IP addres s for the switch • Default gateway for th e network • Network mask for this networ k T o assign an IP address to the switch, complete th e following ste ps: 1.
I NI TIA L C ONFIGURATION 2-8 If the “bo otp” or “dhcp” option is s av ed to th e star tup-co nfig file (s tep 6) , then the switch will st art broadc asting ser vice requests as soon as it is powered on .
B ASIC C ONFIGURATION 2-9 6. Then s av e y our conf igur ation c hanges by t yping “ copy running- config star tup-c onfig. ” En ter the star tup file na me and press <En ter>.
I NI TIA L C ONFIGURATION 2-10 Th e def ault str ings a re: • public - wit h read-only access. Au thor ized manag ement stat ions are only able to retrieve MIB ob jects. • private - with re ad-write access. A uthorized management stations ar e abl e to bo th re trie ve an d modif y MI B obj ects.
B ASIC C ONFIGURATION 2-11 Trap Receiver s Y ou ca n also specify SNMP stations that are to re ceiv e traps from t he switch. T o configure a t rap recei v er, complete the follo wing s teps: 1.
I NI TIA L C ONFIGURATION 2-12 Managing System Files Th e switch’ s fl ash memor y sup ports three type s of system f iles that can be managed by the CLI prog ram, W eb interface, or SNMP . The switch’ s file syste m allow s files t o be up loaded and downlo aded, co pied, dele ted, an d set as a start-up file .
M ANAGING S YSTEM F ILES 2-13 Note that configuration files should be downloaded using a file name that reflects t he conten ts or us age of the fi le sett ings . If y ou do wnload di rectly to the r unning -config, th e system wi ll reboot, and the setting s will hav e to be copi ed from the r unni ng-conf ig to a per m anent file.
I NI TIA L C ONFIGURATION 2-14.
3-1 C HAPTER 3 C ONFIGU RING THE S WITCH Using the We b Interface This sw itch provides an embedded HTTP W eb agent. Usin g a W eb bro wser y ou can confi gure the s witch an d view stat istics to monitor netw ork ac tivity . T he W eb agent can be access ed by any computer on the network us ing a standa rd W eb browser ( Inte rn et Expl orer 5.
C ONFIGURING THE S WI TCH 3-2 Notes: 1. Yo u are allow ed three attempts to enter the correct p assword ; on th e third fail ed atte mpt the curr ent connectio n is terminate d. 2. If you log in to the We b interface as gue st (Normal Exec level), you ca n view t he config uratio n setti ngs or c hange t he gues t password.
N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-3 Navigati ng the Web Br owser Interfac e T o access the we b-browser in terface yo u must first enter a user name and passw ord. T he adminis trator has R ead/W rite access to all conf iguration parameter s and statisti cs .
C ONFIGURING THE S WI TCH 3-4 Configuration Opt ions Configur able par ameters ha ve a dial og bo x or a drop-do wn list . Once a config urati on change has be en made on a pag e, be sure to click on th e “ Ap ply” or “ Apply Cha nge s” button to confir m t he new s etting .
N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-5 Main Menu Using t he onbo ard we b agent, y ou can def i ne sys tem par ameters , manage and control the switch, and all its po rts, or monitor network condition s . The following table briefly describes the selec tions av ailable from this prog ram .
C ONFIGURING THE S WI TCH 3-6 SSH 3-41 Settings Configures Secure Shell server setting s 3-46 Host-Key Settings Generates the host key pair (public and private) 3-43 Port Security Configures per port security, including status, respon se for security breach, and maximum allowed MAC a ddresses 3-48 802.
N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-7 LACP 3-89 Configuration Allows ports to dynamically jo in trunks 3-89 Aggregat ion Port Configure s system p riority, ad min key, and port priority .
C ONFIGURING THE S WI TCH 3-8 Address Aging Sets timeout for d ynamically lear ned entries 3-115 Spanning Tre e 3-116 STA Information Displays STA values u sed for the bridge 3-117 Configura tion Conf.
N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-9 VLAN 3-141 802.1Q VLAN GVRP Status Enable s GVRP VLAN registration protocol 3-146 Basic Informa tion Displays informat ion on the VLAN type supporte.
C ONFIGURING THE S WI TCH 3-10 Traffic Classe s Status Enables/di sables traffic class priorit ies ( not implemented) NA Queue Mode Sets queue mode to strict priority or Weighted Ro und-Robin 3-167 Qu.
N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-11 IP Multicast Registration Table Displays all multicast groups active on this switch, includ ing multicast IP add resses and VLAN ID 3-187 IGMP M em.
C ONFIGURING THE S WI TCH 3-12 Basic Configuratio n Displaying System I nformation Y ou ca n easily identify the sys tem b y displa ying the devic e name, locatio n and conta ct infor mation. Field Attribut es • Sy stem Name – Nam e assign ed to the s witch s ystem.
B ASIC C ONFIGURATION 3-13 We b – C lick Syste m, Sy stem I nfor ma tion. S pecify t he sy stem n ame, location , and cont act infor mation fo r th e syst em admi nistrato r, then c lick Apply . (T his pag e also includes a T elnet button that allows access t o the Command Line Interface via T elnet.
C ONFIGURING THE S WI TCH 3-14 Displaying Switch Hardware/Software Versions Use the Swi tch I nfor mation page t o display hardware/fir mware version num b ers f or the main board and manage ment software, as w ell as the power status of the system. Field Attribut es Main Board • Serial Number – The ser ial number of the s witch.
B ASIC C ONFIGURATION 3-15 We b – Click System, Switch Infor m ation. Figure 3-4. Switch Information CLI – Use the followin g command to display version infor mation.
C ONFIGURING THE S WI TCH 3-16 Displaying Bridge Extension Capabilities Th e Bridg e MIB includ es exte nsions for manag ed device s that sup por t Multicast Filtering , T raffic Classes, and V irtual LANs . Y ou can acc ess these exten sions to disp lay defau lt setting s for the ke y variab les .
B ASIC C ONFIGURATION 3-17 We b – Click System, Bridge Extens ion. Figure 3-5. Bridge Extension Configuration CLI – Enter the following command. Setting the Switch’s IP Address Th is section d escrib es how to conf igure an IP interf ace fo r manag ement access ov er the n etwo rk.
C ONFIGURING THE S WI TCH 3-18 Y ou ca n man ually con figure a sp ecific IP addres s , or dire ct the d evice to obtain an address from a BOOTP or DHCP ser ver . V alid IP a ddresses consist of four dec imal numbers , 0 to 255, separated by periods .
B ASIC C ONFIGURATION 3-19 Manual Con figuration We b – Click System, IP Configuration. Select th e VLAN through which the man ageme nt station is attached, s et the IP Ad dress Mo de to “Sta tic, ” enter th e IP addres s , subnet mask and gateway , then click Apply .
C ONFIGURING THE S WI TCH 3-20 Usin g DHCP /BOO TP If you r network p rovide s DHC P/BO OTP s er vic es, you can conf igure the switc h to be d ynamic ally config ured b y these ser vices . We b – Click System, IP Config uration. Specify the VLAN to which the manag ement st ation is atta ched, set th e IP Addre ss Mode t o DHCP or BOOTP .
B ASIC C ONFIGURATION 3-21 CLI – Spec ify the man ageme nt interfac e, and set th e IP addre ss mode to DHCP or BOOTP , and then en ter the “ip dhcp res tart c lient ” comma nd. Renewing DCHP – DHCP may lease addr esses to clien ts indef inite ly or for a sp ecific per iod of time .
C ONFIGURING THE S WI TCH 3-22 Managing Firmware Y ou can up load/down load fir m ware to or f rom a TFTP se r ver . By saving r untime code to a file on a TFTP se r v er, that file can later be do wnloaded to the sw itch to rest ore oper ation. Y ou c an also se t the swit ch to use new fir mware without overwriting the previous version.
B ASIC C ONFIGURATION 3-23 We b – Click Sys tem, Fi le, Firmware . Enter the IP addr ess of the TFTP server , ente r the file name of the s oftw are to do wnload, selec t a file on the switch to ove rwrite or specify a new file nam e , then click T ransfer from Server .
C ONFIGURING THE S WI TCH 3-24 CLI – Ente r the IP a ddress o f the TF TP ser v er , sele ct “con fig” o r “opcod e” file type, th en ente r the source and destin ation fil e names, set the new file to star t up the sys tem, and then rest art th e switch.
B ASIC C ONFIGURATION 3-25 Download ing Configur ation Setti ngs fro m a Server Y ou ca n dow nload t he conf igurati on fi le under a new fi le name and the n set it as the s tartup file, or y ou can specify th e current startup configuration file as the desti nation file to directly re place it.
C ONFIGURING THE S WI TCH 3-26 . If you download the startup configuration file under a new file name, you can set this fi le as the star tup file a t a later time, and th en resta rt t he switch . Resetting the System We b – Clic k Syst em, R eset.
B ASIC C ONFIGURATION 3-27 Setting the System C lock Simple Network Time Protocol (SNTP) allows the switch to set its int ernal cloc k based on peri odic updat es from a time server (S NTP or NTP) . Maintaining an accurate time on the switch enables the sy stem log to record m eaningful dat es and times for even t entries .
C ONFIGURING THE S WI TCH 3-28 Command Att ributes • SNTP Clie nt – Configures t he swit ch to ope rate as a n SNTP unica s t client . This mode requ ires at leas t one time se rver to be speci fied in the SNTP Server fiel d. • SNTP Broadca st Client – Configures the switch to operat e as an SNTP bro adcast c lient.
B ASIC C ONFIGURATION 3-29 Sett ing the T ime Zo ne SNTP uses Co ordinated Univ ersal Time (or UT C, for merly Gre enwich Mean T ime , or G MT) based on the time at the E arth’ s prime mer idian, zero deg rees long itude.
C ONFIGURING THE S WI TCH 3-30 Simple Netw ork Management Protocol Simple Ne twork Manage ment Prot ocol (SNMP ) is a communic ation protoc ol desig ned spec ifically for managi ng dev ices on a ne twork. Equipmen t commonly managed wi th SNMP in cludes swit ches , routers and h ost co mput ers .
S IMP LE N ETWORK M ANAGEME NT P RO T OC O L 3-31 • Acce ss Mode - Read-Only – Speci fies read-o nly acce ss. Au thorized managemen t stations are only able to re trieve MIB objects. - Read/Write – Specifi es read -write a ccess. Au thor ized mana gement station s are abl e to both retr ieve and mo dify MIB ob jects.
C ONFIGURING THE S WI TCH 3-32 Command Att ributes • Trap Manager Capability – This switch supports up to five trap managers. • Trap Manager IP Address – Interne t addr ess of t he host (the target ed recipi ent). • Trap Manager Community String – Community string sent with the notificat ion oper ation.
U SER A UTHENTICATION 3-33 User Aut henticat ion Y ou can restrict manageme nt access to this switch using the following options: • Passwor ds – Manual ly conf igure access rights on the sw itch for specified us ers. • Authe ntication S ettings – Use r emote authe ntication to configur e access ri ghts .
C ONFIGURING THE S WI TCH 3-34 We b – Click Secu rity , Passwords . T o chang e the pas sword for th e cur r ent user , enter th e old p assw ord, the new passw ord, con fir m it by en tering it again, then clic k Apply . Figure 3-17. Configuring the Logon Password CLI – Assign a user nam e to acc ess-lev el 15 (i.
U SER A UTHENTICATION 3-35 Re mote Authen tication Dia l-in User Ser v ice (RADIU S) and T er m inal Access Control ler Access Contro l System Pl us (T A CA CS+) are l ogon authe nticat ion prot ocols tha t use so ftware r unn ing on a central se r ver to control ac cess to RADIUS-a ware or T A CA CS -aware de vices on the network.
C ONFIGURING THE S WI TCH 3-36 Command Att ributes • Authentication – Sele ct the a uthen tica tion, or au thenti catio n sequenc e required : - Local – User authentication is performed only locally by the switch. - Radius – User auth enticati on is pe rformed using a RADIUS ser ver only.
U SER A UTHENTICATION 3-37 • TACACS Se ttings - Server IP Address – Addre ss of the TACA CS+ server. (Default: 10.11.12.13) - Serv er Po rt Num ber – Netw ork (TCP) p ort o f TAC ACS+ s erver used for auth enticatio n messages.
C ONFIGURING THE S WI TCH 3-38 CLI – Spe cify al l the r equired param eters to enable l ogo n aut henticati on. Configuring H TTPS Y ou ca n configu re the swi tch to enable t he Secure Hyp ertext T ransfer Proto col (HTT PS) over the Se cure Socket Lay er (SSL), providing secure access (i.
U SER A UTHENTICATION 3-39 • The cli ent and s erver estab lish a secure enc rypte d connecti on. A padloc k icon sh ould appe ar in the st atus bar for Inte rnet Ex plorer 5.
C ONFIGURING THE S WI TCH 3-40 CLI – This example e nables the HTTP secure s er ver an d modifies the por t numbe r . Replacing t he Default Secur e-site Certif icate When you log onto the web interface using HTT PS (for secure access) , a Secure Soc kets La yer (SSL) ce rtificate appears for the sw itch.
U SER A UTHENTICATION 3-41 Configuring th e Secure Shell The Berkley-stan dard includes remote access tools originally design ed for Unix sys tems . So me of thes e tool s have also bee n implem ented fo r Micros oft Windows a nd othe r environm ents .
C ONFIGURING THE S WI TCH 3-42 T o use th e SSH ser ver, complete these s te ps: 1. Generate a Host Key P air – On the SSH Ho st Key Settings p age, crea te a host pu blic/pr iva te key pair .
U SER A UTHENTICATION 3-43 6. Challenge-Res ponse Authentication – When an SSH client a ttempts to contact the swi tch, t he SSH server u ses the ho st k ey pair t o negotiate a sessi on ke y and en cr ypti on meth od. Onl y client s that hav e a pri vate k ey correspondi ng to th e public keys stored on the sw itc h can acce ss .
C ONFIGURING THE S WI TCH 3-44 Field Attribut es • Public-Key of Host-Key – The pu blic key for the hos t. - RSA: The first field indicates the size of the host key (e.g., 1024), the second field is the encod ed public exponent (e.g., 65537), and the last stri ng is the encode d modulus.
U SER A UTHENTICATION 3-45 We b – Click Security , SSH, Host-Key Settings . Select the host-key type from th e drop-down box, select th e option to save the host key fr om memor y to flash (if re quired) prior t o generating the ke y , and then click Generate.
C ONFIGURING THE S WI TCH 3-46 CLI – This example gen erates a h ost-k ey pair u sing bo th the RSA a nd DSA algor ithms , stores the keys to flash memor y , and then displays the host’ s public keys . Configur ing the SS H Server The SSH server inc ludes basi c sett ings for aut henticat ion.
U SER A UTHENTICATION 3-47 • SSH Authentication Retries – Specifies th e number of authent ication at tempts tha t a client is allow ed before au thentica tion fails an d the cl ient has to resta rt the a uthenticati on proces s. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Sp ecifies the SSH server key s ize.
C ONFIGURING THE S WI TCH 3-48 CLI – T his examp le ena bles SSH, set s the auth entica tion parame ters , and disp lays the current config uratio n. It shows th at the adminis trator has made a c onnectio n via SH H, and th en disa bles this connect ion.
U SER A UTHENTICATION 3-49 T o add new VLAN members at a later time , you c an manually add secure addresses with the Static Address T able (page 3-112), or turn off port security to reenable th e learning function long eno ugh for new VLAN membe rs to b e regist ered.
C ONFIGURING THE S WI TCH 3-50 We b – Click Security , P or t Securi ty . Se t the actio n to take when an invalid addr ess is de tected on a por t, m ark th e checkbox in the Statu s column to enable s ecurity for a port, set the maxi mum n umber of M A C addresses allowed on a port, and click Apply .
U SER A UTHENTICATION 3-51 Configuring 802.1x P ort Authentication Netw ork swit ches can provi de open an d easy acc ess to net w ork resour ces by simply attaching a client PC.
C ONFIGURING THE S WI TCH 3-52 The operation of 802.1x on the switch require s the following: • The switch must have an IP address ass igned. • RADIUS a uthenti cation must b e enabled o n the swi tch and t he IP address of the RADIUS server sp ecified.
U SER A UTHENTICATION 3-53 Command Att ributes • 802.1x Re-authentication – Indicates if switch port requires a client to be re-a uthentic ated after a certain pe riod of tim e.
C ONFIGURING THE S WI TCH 3-54 CLI – This example shows the default protocol settings for 802.1x. F or a descr iption of the addit ional entries di splayed in the CLI, S ee “show dot1x” on pag e 4-111.
U SER A UTHENTICATION 3-55 Configur ing 802.1x Global Setti ngs Th e dot1x prot ocol includes gl obal parame ters tha t contr ol the client auth entica tion pro cess th at runs betw een the clien t and the switc h (i.
C ONFIGURING THE S WI TCH 3-56 We b – Select Security , 802.1x, Configuration. Enable dot1x globally for the switc h, modify any of the para meters requ ired, an d then cl ick App ly . Figure 3-24. 802.1x Configuration CLI – T his enables re-authentication and sets all of the global parameters for 802 .
U SER A UTHENTICATION 3-57 • Max Count – The maxim um number of hosts t hat can connect to a port when the Multi-Host o peration mode is selected. (Range : 1-20; Default: 5) • Mode – Sets the authenticatio n mode to on e of the follo wing optio ns: - Auto – Requires a dot1x-aw are client to be authorized by the authentication server.
C ONFIGURING THE S WI TCH 3-58 CLI – T his examp le sets the a uthentic ation mode to enable 802.1x on por t 2, and allows up to ten clients to connect to this por t. Displaying 802.1x S tatistics This sw itch can display statistics for dot1x proto col exc h anges for any por t.
U SER A UTHENTICATION 3-59 We b – Select Security , 802.1 X, Statistics . Select the required po r t and then click Query . Click R efresh to update the st atistics . Figure 3-26. 802.1x Stati stics Tx EAPOL Total The num ber of EAPOL frames of an y type that have been transmitted by thi s Authenticator.
C ONFIGURING THE S WI TCH 3-60 CLI – This example displays the 802.1x statistics for por t 4. Access Control Lis ts Access Control Lists (A CL) pro vide pac ket filt ering for I P frames (based on add ress, protocol, L ayer 4 prot ocol por t number or TCP c ontrol cod e) or any fr ames (bas ed on MA C address or Ethernet typ e).
A CCES S C ONTROL L ISTS 3-61 Command Usage The following rest rictions apply to ACLs: • Eac h ACL ca n have u p to 32 rule s. • The maximum number of ACLs is also 32. • However , due to resource restricti ons, the avera ge nu mber of rul es bound to the ports sho uld not e xceed 20.
C ONFIGURING THE S WI TCH 3-62 Command Att ributes • Name – Name of the ACL. ( Maximum length: 16 character s) • Type – The re are t hree f ilter ing mo des: - Standard: IP A CL mode t hat fi lters packet s bas ed on the source IP address.
A CCES S C ONTROL L ISTS 3-63 Configur ing a Standar d IP ACL Command Att ributes • Action – An AC L can contain all permit rules or all deny rules.
C ONFIGURING THE S WI TCH 3-64 CLI – This example c onfigu res one permit rule for the sp ecific add ress 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Confi guring an Ext ended IP ACL Command Att ributes • Action – An A CL can cont ain either all pe rmit rules or all deny rules.
A CCES S C ONTROL L ISTS 3-65 • Control B itmask – Decimal nu mber repr esentin g the co de bits to match. The co ntrol bi tmask is a decima l numb er (for an equiv alent bi nary bit mask) that is applied to t he control code.
C ONFIGURING THE S WI TCH 3-66 We b – Specify th e action (i .e ., P er mit or Den y). Spec ify the sour ce and/or desti nation addresses . Sele ct the addr ess type (Any , Host, or I P). If y ou selec t “Host, ” enter a specifi c address . If y ou sel ect “IP , ” enter a subnet address an d the mask for an addr ess range .
A CCES S C ONTROL L ISTS 3-67 3. P er mit all TCP pack ets from class C addresses 192.168.1.0 with the TCP contro l code set to “SY N .” Configur ing a MAC AC L Command Att ributes • Action – An AC L can contain all permit rules or all deny rules.
C ONFIGURING THE S WI TCH 3-68 • Packet Format – This at tribute incl udes the f ollowing p acket types: - Any – Any E thern et pa cket type . - Untagged-eth2 – Untag ged Ethern et II pa ckets. - Untagged-802.3 – Untagged Ethernet 802.3 packets.
A CCES S C ONTROL L ISTS 3-69 We b – Specify th e action (i .e ., P er mit or Den y). Spec ify the sour ce and/or desti nation addresse s . Se lect the address type (Any , Host, or MA C). If y ou select “Host,” enter a specific ad dress (e .g ., 11-22-33-4 4-55-66).
C ONFIGURING THE S WI TCH 3-70 Configuri ng ACL Masks Y ou can specify option al masks that control th e order in which A CL r ules are c heck ed. The switc h i nclud es tw o system defaul t masks th at pass/fi lter pack ets match ing the per mit/d eny r ul es specifi ed in an i ngress A CL.
A CCES S C ONTROL L ISTS 3-71 We b – Click Security , ACL, Mask Configuration. Click Edit for one of the bas ic mask types t o ope n the co nfigur ation page . Figure 3-31. Choosing ACL Types CLI – This exam ple crea tes an I P ingre ss mas k, and then add s two r ules.
C ONFIGURING THE S WI TCH 3-72 subnet ), or “ IP” to specif y a range o f addres ses. ( Optio ns: An y, Host, IP; Defau lt: Any) • Src/Ds t IP Bitmask – So urce or des tination address of rule mu st match this bitmask. (See the description for SubMask on page 3-63.
A CCES S C ONTROL L ISTS 3-73 We b – Co nfigure the mask to m atch the req uired r ul es in the I P ing ress o r egress A CLs . Set the m ask to c hec k for any so urce or des tination address , a specif ic host add ress , or an addres s range.
C ONFIGURING THE S WI TCH 3-74 Confi guring a MAC ACL Mask This mask defin es the fields to chec k in the pack et header . Command Usage Y ou m ust configure a mask for an A CL rule before you c an bind it to a por t.
A CCES S C ONTROL L ISTS 3-75 We b – Con figure the mask to match the required ru les in th e MA C ing ress or egress A CLs . Set the mask to chec k for any so urce or des tination address , a host addre ss, or an addre ss range. Us e a bitmask to se arch for specific VL AN ID(s) or E thern et type(s ).
C ONFIGURING THE S WI TCH 3-76 CLI – T his examp le shows how to crea te an Ing r ess MAC A CL and bin d it to a po rt. You can then see that the ord er of the rule s have been cha nged by the ma sk.
A CCES S C ONTROL L ISTS 3-77 • When an ACL is bound to an inte rface as an egress filter, all e ntries in the ACL must be deny rules. Otherwise, the bind operation will fail. • The swit ch does no t support the explici t “deny a ny any” rul e for the egress IP ACL o r the egre ss MAC ACL s.
C ONFIGURING THE S WI TCH 3-78 CLI – This examples assign s an IP and MA C ingress A CL to port 1, and an IP ing ress ACL to por t 2. Filtering Management Access Y ou ca n speci fy the cli ent IP addresse s that are all owe d management access to the switc h through the w eb inter face , SNMP , or T elnet.
F ILT ERI NG M ANAG EMENT A CCES S 3-79 Command Att ributes • Web IP Fil ter – Co nfigures IP address( es) for th e web group . • SNMP IP Fi lter – Con figures IP add ress(es ) for the SNMP group. • Telnet IP Filte r – Confi gures IP address( es) for the Teln et group.
C ONFIGURING THE S WI TCH 3-80 Port Conf iguration Displaying Connection Status Y ou can use the Port Infor m ation or Trun k Infor matio n pag es to disp lay the current c onnecti on stat us , incl uding link sta te, sp eed/dupl ex mode , flow co ntrol, and auto-negotiat ion.
P ORT C ONFIGURATION 3-81 We b – Click P or t, P ort In for mation or T r unk Infor matio n. Figure 3-36. Port Status Information Field Attribut es (CLI) Basic infor mation: • Port type – Indic ates the p ort typ e. (1000BASE-T, 1000BAS E-SX, 1000BASE-LX or 100BASE-FX) • MAC address – The p hysical layer add ress for this port.
C ONFIGURING THE S WI TCH 3-82 • Capabilities – Specifies the capab ilities to b e advertised fo r a port durin g auto-n egoti ation. (To acce ss this it em on the web, se e “Confi guring Interfac e Connec tions” on page 3- 48.) The following capabilities are supported.
P ORT C ONFIGURATION 3-83 CLI – This example s hows t he connect ion sta tus for P ort 5. Console#show interfaces status ethernet 1/5 3 -178 Information of Eth 1/13 Basic information: Port type: 100.
C ONFIGURING THE S WI TCH 3-84 Configuring I nterface Connections Y ou can use the P o rt Config uration or T r unk Configuration page to enable/disable an int erface , set auto- negotia tion a nd the i nte rface capabilities to advert ise, or man ually fix the speed, d uplex mode, and f low contr ol.
P ORT C ONFIGURATION 3-85 - Flow control can elimina te frame los s by “blocki ng” traff ic from en d statio ns or s egment s connect ed direct ly to t he switch when it s buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.
C ONFIGURING THE S WI TCH 3-86 We b – Click P or t, Po r t Configuration or T r unk Configuration. Mo dify the required interface settings, and c lick Apply . Figure 3-37. Configuring Port A ttributes CLI – Sele ct the in terface, and t hen enter th e requir ed settin gs .
P ORT C ONFIGURATION 3-87 The swi tch s upports bo th stati c trunking an d dyna mic Link Agg regation Control P rotocol (L A C P). St atic tr unk s have to be manually co nfigured a t both end s of th e link, and t he switc hes m ust compl y with th e Cisco Ether Chann el stand ard.
C ONFIGURING THE S WI TCH 3-88 Static ally Configurin g a Trunk Command Usage • When config uring static trunks, you may not be able to lin k switches of diff erent type s, de pending on the manufact urer’s impl ementa tion. However, note th at the st atic trunks on this sw itch are Cisco Ether Channe l compa tible.
P ORT C ONFIGURATION 3-89 CLI – This example cre ates trunk 2 with ports 1 and 2. Jus t connect these por ts to t w o static tr unk po rts on anot her swit ch to for m a tr unk.
C ONFIGURING THE S WI TCH 3-90 • A trunk formed with another switch using LACP will automatically be assign ed the n ext availab le trunk ID . • If more t han four por ts attach ed to the s ame target s witch ha ve LACP enabled, the addition al ports will be placed in stand by mode, and will only be enabled if one of the active links fails.
P ORT C ONFIGURATION 3-91 CLI – T he foll owing e xamp le en ables LACP for p or ts 1 t o 6. Just conn ect these ports to LA CP-enabled tr unk po rts on anothe r switc h to fo r m a tr unk.
C ONFIGURING THE S WI TCH 3-92 Note: If the port channel admin key (lacp admin key, page 4-194) is not set (t hroug h the CLI) when a cha nnel grou p is forme d (i.
P ORT C ONFIGURATION 3-93 We b – Click P or t, LACP , Ag gre gation P or t. Set the System Priori ty , Admin Key , and Port Priority for the P o rt Ac tor .
C ONFIGURING THE S WI TCH 3-94 CLI – The followi ng example co nfigures L A CP parameters for ports 1-6. P or ts 1-4 are used as activ e members of the LA G; por ts 5 and 6 are set to backup mo de. Displaying LACP Port Counter s Y ou can display stat istics f or LACP protoc ol mes sages.
P ORT C ONFIGURATION 3-95 We b – Click P or t, LA CP , Port Counters Infor matio n. Select a member port to dis pla y the correspond ing in for mation. Figure 3-41. Displaying LACP Port Counters Information Marker Received Number of valid Marker PDUs rece ived by this channel group.
C ONFIGURING THE S WI TCH 3-96 CLI – The follow ing examp le displa ys LA CP counte rs for port channel 1. Displaying LACP Settings and Status f or the Local Side Y ou can display configuration setting s and the operation al state for the local side of an link ag g reg ation.
P ORT C ONFIGURATION 3-97 Adm in Sta te, Oper S tate Administrative or opera tional values of the actor’s state parameters: • Expir ed – The actor’s receive mac hine is in the expired state ; .
C ONFIGURING THE S WI TCH 3-98 We b – Click P or t, LA CP , P or t Inter nal Infor mation. Sele ct a port channel to disp lay th e cor resp ondin g information. Figure 3-42. Displayi ng LACP Port Information CLI – The follow ing examp le displa ys the LA CP configurat ion settin gs and op erational state for the lo cal side of port ch annel 1.
P ORT C ONFIGURATION 3-99 Displaying LACP Settings and Status for the Remote Side Y ou can display configuration setting s and the operation al state for the remote side of an link ag greg ation.
C ONFIGURING THE S WI TCH 3-100 We b – Click P or t, LA CP , P or t Neighbors In for mation. Select a por t channel to display the cor respondin g infor mation.
P ORT C ONFIGURATION 3-101 Setting Broadcast Storm Thre sholds Broadc ast storms may occu r when a d evice on y our netw ork is malfunctioning, o r if application prog rams are no t well designed or proper ly config ured.
C ONFIGURING THE S WI TCH 3-102 We b – Click P or t, P o rt Broadcast Con trol. Set the threshold any por t, click Apply . Figure 3-44. Enabling Port Broadcast Control CLI – Sp ecify any inter face, and then en ter the thresh old.
P ORT C ONFIGURATION 3-103 Configuri ng Port Mirrorin g Y ou ca n mirror traffic fr om any sour ce por t to a ta rge t por t for r eal-time analysis . Y ou can then attach a logic analyzer o r RMON pr obe to th e target port and stud y the traffic crossing t he source po rt in a completel y unobtrusiv e manner .
C ONFIGURING THE S WI TCH 3-104 We b – Click P or t, Mirror Port Configuration. Spe cify the source port, th e traffi c type to be mir rored, an d the mon itor por t, then click Add.
P ORT C ONFIGURATION 3-105 Command Att ribut e Rate Limit – Sets the ou tput rate limit for an interfa ce. Default Status – Disab led Default Rate – 1000 Mbps Range – 1 - 1000 Mbps We b - Click Rate Limit , Input/ Output Port/T r unk Co nfiguration.
C ONFIGURING THE S WI TCH 3-106 Showing Port Statistics Y ou ca n displ ay stand ard stat istics o n netw ork traffic from the I nterfaces Group and Ether net-like MIBs , as well as a detailed breakdown of traffic based o n the RMON MI B . Interf aces and Ethernet-li ke stat istics dis play errors on th e traf fic passi ng throug h eac h port.
P ORT C ONFIGURATION 3-107 Received Disca rded Packets The number of inboun d packets which were chose n to be discard ed even though no erro rs had been detected to prevent their being d eliverable to a higher-laye r protocol. One possibl e reason for discarding such a packet cou ld be to free up buffer space.
C ONFIGURING THE S WI TCH 3-108 Alignment Errors The nu mber of alignment errors (mis synchronized data pac kets). Late Collisi ons The number of times th at a col lision is detected la ter than 512 bit-times into th e transmission of a packet.
P ORT C ONFIGURATION 3-109 Internal MA C Receive Errors A count of frames for whic h reception on a parti cular interface fails due to an internal MA C sublayer receiv e error. RMON St atisti cs Drop Events The total number of events in which packets were dropped due to lack of resources.
C ONFIGURING THE S WI TCH 3-110 We b – Click P ort, Port Statistics. Sele ct the required interface, and click Quer y . Y ou can also use the Refres h button at the bott om of the pag e to update th e screen.
P ORT C ONFIGURATION 3-111 Figure 3-48. Displaying Etherlike and RMON Statistics.
C ONFIGURING THE S WI TCH 3-112 CLI – This example show s statistics for port 13. Addre ss Tabl e Sett ings Switches sto re the addresse s for all known devic es . This infor mation is used to pass t raffic di rectly betwee n the i nbound and outb ound po rts .
A DDR ESS T ABLE S ETTINGS 3-113 Command Att ributes • Static Address Counts * – The num ber of ma nually co nfigured addr esses. • Current Static Addr ess Table – Lists all the static addresses. • Interface – Port or trunk ass ociated with t he device assigne d a static address.
C ONFIGURING THE S WI TCH 3-114 Displaying the Address Table The Dynamic Address T able contain s the MA C addre sses learned b y monit oring th e source address f or tra ffic enteri ng the s witch .
A DDR ESS T ABLE S ETTINGS 3-115 CLI – This example a lso dis play s the addre ss table entries fo r port 1. Changing the Agin g Time Y ou can se t the aging tim e for entri es in the d ynamic add ress tab le. Command Att ributes Aging Time – The time after whic h a learned entry is discarded.
C ONFIGURING THE S WI TCH 3-116 Spanni ng Tree Algor ithm Con figura tion The Spa nning T ree Algori thm (S TA ) can b e used to dete ct and disab le network loops, and to provide backup links be tween swit ches , bridg es or routers .
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-117 Once a stab le network topolog y h as been e stablished , all bridge s listen fo r Hello BPDUs (Brid ge Protocol Data Unit s) transmitted from the R oot Bridge.
C ONFIGURING THE S WI TCH 3-118 Field Attribut es • Spanning Tree State – Shows if the switch is enable d to participate in an STA-compliant network. • Bridge ID – A unique identifier for th is bridge, consisting of the bridge pr iority and MAC addres s (where the address is ta ken from the swit ch syst em).
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-119 • Configuration Changes – The numb er of tim es the S panning Tree has bee n reconfi gured. • Last Topology Change – Time si nce th e Spannin g Tree w as last reconfi gured.
C ONFIGURING THE S WI TCH 3-120 that wou ld make it return to a disca rding stat e; otherwise, temporary data loop s might resu lt. • Root Hold Time – The in terval ( in secon ds) dur ing whic h no more than two bridge conf iguration protoco l data units sh all be transmitte d by this no de.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-121 CLI – This command displays globa l ST A settings, f ollow ed by settings for each port . Note: The current root po rt and curren t root cost disp lay as z ero when this de vice is n ot connect ed to the network.
C ONFIGURING THE S WI TCH 3-122 • Rapid Sp anning Tr ee Protoc ol RSTP su pports connec tions to either STP or RSTP nodes by monit oring th e incomi ng prot ocol mes sages and dynamical ly adjust ing the t ype of pro tocol m essages the RSTP no de trans mits, as described below: - STP Mo de – If the switch rece ives an 802.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-123 • Priority – Bridge priority is used in se le cting t he root de vice , root po rt, and des ignat ed port.
C ONFIGURING THE S WI TCH 3-124 • Forward Delay – The maximum t ime (in seco nds) this device will wait b e f o r e c h a n g i n g s t a t e s ( i .
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-125 • Maximum Hop Count – The max imum number of hops allowed in t h e M S T r e g i o n b e f o r e a B P D U i s d i s c a r d e d . ( R a n g e : 1 - 4 0 ; D e f a u l t : 2 0 ) * Th e MST name and revisio n number are both requi red to unique ly identify a n MST reg io n.
C ONFIGURING THE S WI TCH 3-126 CLI – T his ex ample enabl es Span ning Tree Proto col, set s the mode to MST , and then co nfigures t he ST A and M STP paramet ers . Displaying Interface Setti ngs The ST A P or t Information and ST A T r unk Information pages displa y the cur rent s tatus of ports a nd tr unks in the Span ning T ree.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-127 The r ules defini ng por t status are: - A port on a network segmen t with no oth er STA co mplia nt bri dging device is always for warding.
C ONFIGURING THE S WI TCH 3-128 • Port Role – Roles are as signed accor ding to wh ether the po rt is part of the active to pology c onnecting th e bridge to the root bridge (i.e., root p ort), co nnecti ng a LAN thro ugh the br idge to the root bridg e (i.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-129 • Internal path cost – The path cost for t he MST. See the procee ding item. • Priority – Define s the prior ity used for th is port in th e Spannin g Tree Algori thm. If the path cost for al l ports on a switch is the s ame, the port with th e highest priority (i.
C ONFIGURING THE S WI TCH 3-130 We b – Click Spanning T ree, ST A, P or t Information or ST A T r unk Infor m ation. Figure 3-54. Displayi ng STA - Port Status Information CLI – This example s hows t he ST A attr ibutes for po rt 5.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-131 Command Att ributes The followin g attributes are read-only an d cannot be chan ged: • STA S tate – Di splays cu rrent stat e of this port wi thin the Sp anning Tree. (See Dis playing In terfac e Settings on pa ge 3-126 for addi tional information.
C ONFIGURING THE S WI TCH 3-132 • Path Cost – Th is p arame ter is us ed b y the STP t o det ermi ne t he bes t path b etween devi ces. Therefo re, lower values should be a ssigned to ports attache d to fast er media, and high er values a ssigned to port s with slower m edia.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-133 • Migration – If at a ny time th e switch detects STP B PDUs, incl uding Configuration or Topology Change Notification BPDUs, it wi ll automatically set the se lected interface to forced STP-compatible mode.
C ONFIGURING THE S WI TCH 3-134 By defau lt all VLA Ns are a ssigned to the Internal Spanni ng T ree (MST Instan ce 0) that connec ts all bridges and LANs within the MST region. This switch supports up to 65 instances . Y ou should try to group VLANs wh ich cov er the same g eneral a rea of your network.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-135 • VLAN ID – VLA N to assign to this selected MST instance. (Range: 1-4094) The other global attributes are described under “Displaying Global Settings, ” page 3-121.
C ONFIGURING THE S WI TCH 3-136 CLI – T his displays ST A s ettings for instance 1, followed by settings for eac h port. Console#show spanning-tree mst 2 3-228 Spanning-tree information ------------.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-137 CLI – This example s ets the p riority fo r MSTI 1, an d adds VLANs 1-5 to this MSTI. Displaying Interface Setti ngs for MSTP The MSTP Port Infor mation and MSTP Trunk In for mati on page s display the current s tatus of p orts and trunks in t he sele cted MST i nstance .
C ONFIGURING THE S WI TCH 3-138 CLI – T his displays ST A s ettings for instance 0, followed by settings for each por t. T he se ttings for inst ance 0 a re glob al set tings th at app ly to the IST (page 3-117), the settings for other instances only apply to the local spanning tr ee.
S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-139 Configuring I nterface Settings for MSTP Y ou ca n configu re the ST A interface set tings f or an MST I nstance us ing the MSTP P or t Configuration and MSTP T r unk Configuration pag es .
C ONFIGURING THE S WI TCH 3-140 • MST Path Cost – This par ameter is u sed by the M STP to deter mine the be st path between d evices. Ther efore, l ower values should b e assign ed to po rts attac hed to fa ster medi a, and hi gher values assigne d to po rts with slower med ia.
VLAN C ONFIGURATION 3-141 CLI – This example sets the MSTP at tributes for port 4. VLAN C onfig urat ion Overview In la rge netw orks , routers a re used to i solate broadcas t traffi c for eac h subnet into se parate domains .
C ONFIGURING THE S WI TCH 3-142 This sw itch suppor ts the following VLAN fe atures: • Up to 255 VLANs based on the IEEE 802.1Q standard • Distributed VLAN le arning across mu ltiple switches usin.
VLAN C ONFIGURATION 3-143 VLAN Cla ssification – When the switc h recei ve s a frame, it clas sifies the frame in one of t wo wa ys . If the frame is untagg ed, t he switc h assi gns the frame to a n associa ted VLAN (b ased on th e default V LAN ID of the recei ving po r t).
C ONFIGURING THE S WI TCH 3-144 Automatic VLAN Registration – GVRP (GARP VLA N Re gistra tion Protoc ol) de fines a sys tem where by th e switc h can au tomati cally l earn the VLANs to which each end station should be assigne d. If an end station (or its network a dapter) suppor ts the IEEE 802.
VLAN C ONFIGURATION 3-145 Forwardin g Tagged/Untag ged Frames If you wan t to creat e a smal l por t-ba sed VL AN for devic es atta ched direc tly to a si ngle sw itch, you c an assi gn por ts to th e same u ntag g ed VLAN .
C ONFIGURING THE S WI TCH 3-146 Enabling or Disabling GVRP (Global Setting) GARP VLA N Re gist ration Prot ocol (GV RP) define s a way for swi tch es to exc hang e VLAN infor mation in order to registe r VLAN membe rs on ports acro ss the net w ork.
VLAN C ONFIGURATION 3-147 We b – Click VLAN , 802. 1Q VLAN , Basic In for mation. Figure 3-60. Displaying Basic VLAN Information CLI – Enter the following command. Displaying Curre nt VLANs The VLAN Curren t T able sho ws the cur rent port member s of ea ch VLAN and whethe r or not the po r t supp orts VLAN t ag ging .
C ONFIGURING THE S WI TCH 3-148 We b – Click VLAN , 802. 1Q VLAN , Cur rent T able. Select any ID fro m the scr oll-down list. Figure 3-61. Displaying VLAN Information by Port Membership Command Att ributes (CLI) • VLAN – ID of co nfigured VLAN (1-4094, no leading zeroes).
VLAN C ONFIGURATION 3-149 CLI – Cur rent VLAN infor mation can be disp layed with the following command. Creati ng VLANs Use the VL AN Static List to cr eate or remove VLAN g ro ups . T o propagate information about VLAN groups used on this switc h to external netw ork devices , you m ust specify a VLAN ID fo r each of t hese gro ups .
C ONFIGURING THE S WI TCH 3-150 • Remove – R emoves a VLAN gr oup f rom the current list. If a ny po rt is assign ed to this grou p as untagge d , it will be reassigned to VLAN group 1 as un tagged. We b – Click VLAN , 802. 1Q VLAN , Static List.
VLAN C ONFIGURATION 3-151 Adding Stat ic Members t o VLANs (VLAN In dex) Use the V LAN Static T able to configu re port members fo r the select ed VLAN index. Assign por ts as tag ged if they are connected to 802.1Q VLAN com pliant d evices , or untagg ed th ey are not connecte d to any VLAN-a war e devices .
C ONFIGURING THE S WI TCH 3-152 • Membership Type – Select VLAN memb ership f or each interface by markin g the a ppropriat e radio button for a po rt or tr unk: - Tagg ed : Interface i s a member of the V LAN. All pa ckets transmitted by the port will be tagged , that is, carry a tag and therefo re carry VL AN or CoS i nformati on.
VLAN C ONFIGURATION 3-153 CLI – The follow ing exam ple adds tag ged and u ntag ged ports to VLAN 2. Adding Stat ic Members t o VLANs (Port I ndex) Use the VLAN S tatic Membership by P ort menu to assign V LAN g roups to the select ed in terf ace as a tag ge d mem ber .
C ONFIGURING THE S WI TCH 3-154 Figure 3-64. Assigning VLAN Port and Trunk Groups CLI – This example ad ds P o rt 3 to VLAN 1 as a tag ged port , and re mov es P o rt 3 from VLAN 2.
VLAN C ONFIGURATION 3-155 Command Att ributes • PVID – VLAN ID assig n ed to unta gged fr ames re ceiv ed on th e interface. (Def ault: 1) If an interf ace is not a memb er of VLAN 1 and you ass ign its PVID to this VLAN , the interface will autom atically be added to VLAN 1 as an untagged member.
C ONFIGURING THE S WI TCH 3-156 • GARP J oin Ti mer * – The inter val be tween tr ansmitti ng requ ests/ queries to participate in a VLAN group. (Range: 20-1000 centiseconds; Default: 20) • GARP Leave Time r * – The interval a port waits before leaving a VLAN gr oup.
VLAN C ONFIGURATION 3-157 We b – Click VLAN , 802. 1Q VLAN , Port Configuration or VLAN T r unk Configuration. Fill in the required se ttings for each interface, click Apply .
C ONFIGURING THE S WI TCH 3-158 Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isol ation be tween p orts withi n the assi gned VLAN . Data traff ic on do wnlink po rts can only b e forw arded to , and from, uplink ports .
VLAN C ONFIGURATION 3-159 Confi guring Upli nk and Downlink Ports Use the Pri v ate VLAN Link Stat us page to set ports as dow nlink or uplin k ports . P orts designa ted as do wnlink p orts can not commun icate wi th any other ports o n the swit ch ex ce pt for the uplink po rts.
C ONFIGURING THE S WI TCH 3-160 T o av oid th ese probl ems , y ou can configure t his swit ch w ith protoc ol-based VLANs that d ivide the physica l network into log ical VLAN groups for each required proto col.
VLAN C ONFIGURATION 3-161 We b – Click VLAN, Protocol VLA N , Co nfiguratio n. Enter a protocol group ID , frame t ype and protoc ol typ e, t hen cl ic k Apply . Figure 3-68. Protoc il VLAN Configura tion CLI – The follo wing creates p rotoc ol group 1, and then sp ecifies E thernet frames with IP and ARP protoc ol type s .
C ONFIGURING THE S WI TCH 3-162 • When a fr ame enters a p ort that has been assig ned to a pr otocol VLAN, it is p rocessed in the follo wing manner: - If the frame is tagged, it w ill be process ed according to th e standard rules app lied to tagged frames.
C LASS OF S ER VICE C ONFIGURATION 3-163 CLI – T he fo llow ing maps the traffi c enter ing P ort 1 whic h matc hes th e protoc ol type specif ied in pr otocol g ro up 1 to VLA N 3.
C ONFIGURING THE S WI TCH 3-164 Command Att ributes • Default Priority * – The priority that is ass igned to un tagged fra mes received on the specifie d interface. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffers provided for each port.
C LASS OF S ER VICE C ONFIGURATION 3-165 Mappin g CoS Value s to Egr ess Queues This sw itch processes Class of Ser v ice (CoS) priority tag g ed traffic by using e ight priorit y queues fo r each port, with ser vice s chedul es bas ed on strict or W eighte d R ound R o bin (WRR).
C ONFIGURING THE S WI TCH 3-166 We b – Click Priority , T raffic Classes . Ma rk an interface an d click Select t o disp lay the current mappin g of CoS v alues to outp ut queues . Assig n prior ities t o the traf fic clas ses (i. e. , output queues) fo r the se lected interface, then click Apply .
C LASS OF S ER VICE C ONFIGURATION 3-167 Selecting the Queue Mode Y ou can se t the swit ch to ser vice the queue s based o n a stric t ru le that require s all tr affic in a higher priorit y queue to.
C ONFIGURING THE S WI TCH 3-168 Setting the Service Weight for Traffic Classes Th is switch u ses the W eight ed Round Robin (WRR) al g orit hm to deter mine the frequency at which it ser vices each priority queu e.
C LASS OF S ER VICE C ONFIGURATION 3-169 CLI – The follow ing examp le sho ws ho w to as sign WRR w eights to eac h of the priority qu eues . Mapp ing Laye r 3/ 4 Pri ori ties to C oS V alu es This sw itch suppor ts several common meth ods of prioritizi ng layer 3/4 traffic to meet application re quirements .
C ONFIGURING THE S WI TCH 3-170 Selecting IP Precedence/DSCP Priority The swi tch all ows you to choose between using I P Precedence or DSCP priorit y. Selec t one of the methods or disable this featu re. Command Att ributes • Disabled – Disables bo th priority servic es.
C LASS OF S ER VICE C ONFIGURATION 3-171 Mapping IP Precedence The T ype o f Service (T oS) o ctet in the IPv4 he ader inc ludes three preceden ce bit s defini ng eight differe nt prio rity lev els rangi ng from h ighest prior ity for netw ork cont rol pac kets to low est pri ority fo r routi ne traff ic .
C ONFIGURING THE S WI TCH 3-172 We b – Click Prio rity , IP Preceden ce Prior ity . Select an en try from the IP Preceden ce Priorit y T able , ente r a va lue in the Clas s of Service V alue field, and then click A pply .
C LASS OF S ER VICE C ONFIGURATION 3-173 Mapping DSCP Priority The DSCP is six bits wide, allo w ing cod ing for up to 64 differe nt forwardi ng behaviors.
C ONFIGURING THE S WI TCH 3-174 We b – Click Priority , I P DSCP Priority . Select an entr y from t he DSCP table , ente r a val ue in the Cl ass of Se r vice V alue fi eld, then click A pply .
C LASS OF S ER VICE C ONFIGURATION 3-175 Map ping IP Port Pr iorit y Y ou can also map network ap plications to Class of S er vice value s based on the IP port number (i.e., TCP/UDP po rt number ) in the frame he ader. Some of the more common TCP s er vice ports inc lude: HT TP: 80, FTP: 21, T elnet: 23 and POP3: 110.
C ONFIGURING THE S WI TCH 3-176 Click Priority , IP Po rt Priority . Sel ect a port or tr unk from the In terface field. Enter the por t number for a netw ork application in the IP Port Number b ox and the ne w CoS v alue in the Class of Ser vic e bo x, and th en click Add IP P or t.
C LASS OF S ER VICE C ONFIGURATION 3-177 Mappin g CoS Value s to AC Ls Use the ACL CoS Mapp ing pag e to set th e output queue for p ackets matching an ACL r ule as shown in th e following table. Not e that the specified CoS value is only used to map the matching pack et to an output queue; it is not writte n to the packet itself.
C ONFIGURING THE S WI TCH 3-178 We b – Click Priority , ACL CoS Priori ty . Enable mappin g for any port, select an ACL from the scroll-down list, then click Apply . CLI – This exampl e assign s a CoS v alue of zero to pack ets m atchi ng rules within the sp ecified A CL on por t 24.
C LASS OF S ER VICE C ONFIGURATION 3-179 Command Usage • You must configure an ACL mask before you can chang e priori ties based on a rule. • Traffic priorities may be included in the IEE E 802.1p priority tag. This tag is also incorporated as part of t he overall IEEE 802.
C ONFIGURING THE S WI TCH 3-180 We b – Click Priority , ACL Marker . Select a por t and an A CL r ule. T o specify a T oS priority , mark t he Precedence /DSCP c heck bo x, select Preceden ce or DSCP from the s croll-dow n bo x, and en ter a pr iority .
M ULTICAST F ILTE RING 3-181 Mult icas t Fi lteri ng Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio .
C ONFIGURING THE S WI TCH 3-182 Layer 2 IGMP (Snooping and Que ry) IGMP Snooping and Quer y — If multicast routin g is not suppor te d on other switches in you r network, you can us e IGMP Sn ooping.
M ULTICAST F ILTE RING 3-183 • IGMP Querier — A router, or multicast-enabled switch, can periodically ask their hos ts if they want to receive multicast traffic .
C ONFIGURING THE S WI TCH 3-184 • IGMP Version — Sets the protocol version for compat ibility with other devices on the netw ork. (Ran ge: 1-2; De fault: 2) Notes: 1. All syst ems on the sub net must s uppor t th e same v ersio n. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Ti meout.
M ULTICAST F ILTE RING 3-185 Displaying Inte rfaces Attach ed to a Multicast Ro uter Multi cast rout ers th at are att ached to ports on the swit ch us e infor mati on obtained from IGM P , along with a multicast routing pro tocol such as D VMRP or PIM, to suppor t IP multic asting a cross the Inter ne t.
C ONFIGURING THE S WI TCH 3-186 CLI – T his example shows that P ort 11 has been statically co nfigured as a port attached to a multicast r outer . Specifyin g Static Inter faces for a Mult icast Router Depe nding o n your network conne ctions, IGMP snoopin g may not a lways be able t o locate the IG MP querier .
M ULTICAST F ILTE RING 3-187 CLI – T his example configures port 11 as a m ulticast router por t within VLAN 1. Displaying Port Members of Multi cast Services Y ou ca n displ ay th e port members ass ociated wi th a spec ified VLAN and multicast ser vi ce .
C ONFIGURING THE S WI TCH 3-188 We b – Click IGMP Snoop ing, IP Multicast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from th e scroll-down lists . The switch will display all the interfaces that are propagating th is multicast ser vi ce .
M ULTICAST F ILTE RING 3-189 Command Usage • Static multicas t addresses ar e never aged o ut. • When a multicas t address is as signed to an interface in a s pecific VLAN, t he corre spondin g traffi c can only be for warded to ports with in t hat VLAN.
C ONFIGURING THE S WI TCH 3-190 CLI – This example assigns a m u lticast address to VLAN 1, and then displays all the known multicast ser vices suppor ted o n VLAN 1.
C ONFIGURING D OMAIN N AME S ER VICE 3-191 • When an i ncomp lete ho st nam e is receiv ed by the DNS server on thi s switch and a domain name list has been specified, th e switch will work through the domain lis t, appen ding each dom ain name in the list to the host nam e, and checking w ith the specified name server s for a match.
C ONFIGURING THE S WI TCH 3-192 We b – Selec t DNS , Ge neral Configuration. Set the default do main name or lis t of domai n names , specify on e or more n ame servers to us e to use for addre ss resolution , enable doma in lookup status , and click Apply .
C ONFIGURING D OMAIN N AME S ER VICE 3-193 CLI - T his example sets a default domain name and a domain list. Howev er, r emember th at if a domain list is specified, the d efault domain name is not u sed.
C ONFIGURING THE S WI TCH 3-194 Field Attribut es • Host Name – Name of a host device that is mappe d to one or more IP addre sses. (Rang e: 1-64 chara cters) • IP Address – I nternet addres s(es) associat ed with a ho st name.
C ONFIGURING D OMAIN N AME S ER VICE 3-195 Displaying the DNS Cache Y ou ca n displ ay ent ries in th e DNS ca che that hav e been learned via the desi gnated name se r vers . Field Attributes •N o – The entry n umber for each reso urce re cord. • Flag – The fl ag is alway s “4” indi cating a c ache entr y and theref ore unreliable.
C ONFIGURING THE S WI TCH 3-196 We b – S e le c t D NS, C a che. Figure 3-87. Displayi ng the DNS Cache CLI - T his e xample di splays all the res ource reco rds le ar ned from the desi gnated name se r vers . Console#show dns cache 3-165 NO FLAG TYPE IP T TL DOMAIN 0 4 CNAME 207.
4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This ch apter de scribes how t o use th e Command Line In terface (CLI ). Using the Com mand Line Inte rface Accessing the CLI When acces sing th e management.
C OMMAND L IN E I NTE RFA CE 4-2 3. Whe n finished, ex it the ses sion with th e “quit” or “e xit” comma nd. After c onnecti ng to the sy stem thr ough th e conso le port, th e login sc reen displ ays: Telnet Connection T elnet op erates o ver the IP tran sport protocol .
U SIN G THE C OMMAND L INE I NTE RFA CE 4-3 After y o u con figure th e switch with an I P address , you can open a T elnet session by perfor ming the se ste ps: 1. Fr om the re mote h ost, e nter the T elnet co mmand a nd the I P addr ess of the de vice you want to acc ess .
C OMMAND L IN E I NTE RFA CE 4-4 Enteri ng Commands Th is section d escrib es how to ente r CLI commands. Keywords and Arguments A CLI comm and is a serie s of keyw ords and argumen ts . K eyw ords ident ify a command, an d arguments specify configurat ion parameter s .
E NTERING C OMMANDS 4-5 Command Com pletion If you ter minate input with a Ta b key , the CLI will p rint the remaining characters of a par tial keyword up to th e point of amb iguity . In the “logging his tory” example , typi ng log followed b y a tab will result in printing the comm and up to “ loggi ng .
C OMMAND L IN E I NTE RFA CE 4-6 Sho wing C omm ands If you enter a “?” at the command prompt , the system will dis play the first lev el of k eyw ords for the curren t command class (No r mal Ex ec or Pri vileged Ex ec) or co nfigurati on clas s (Global , A CL, Interface , Line , VLAN Database, or MSTP).
E NTERING C OMMANDS 4-7 The co mmand “ show interfaces ? ” will display the following infor mat ion: Partial Keyword Lookup If yo u ter minate a partial keyw ord with a question mark, alternativ es that match the initial letters are provided. ( R emember not t o lea ve a space betw een the comma nd and questi on mark.
C OMMAND L IN E I NTE RFA CE 4-8 Understanding Command Modes The command s et is di vided in to Ex ec and Configurat ion class es . Ex ec commands ge nerally display infor mation on sys tem status or clear statisti cal count ers .
E NTERING C OMMANDS 4-9 Y o u ca n al so en t e r P ri vi l eg ed E xe c m o de fr o m w it h i n N or ma l Exe c mo d e, by e nt er i ng the enable c ommand, followed by the privileged level password “super” (p ag e 4-36).
C OMMAND L IN E I NTE RFA CE 4-10 • Interf ace Confi guration - T hese comman ds modify the port config urati on such as speed-duplex and negotiation . • Line Configu ration - Th ese comma nds mod ify the co nsole po rt and Telnet configurati on, and in clude com mand such as parity and databits .
E NTERING C OMMANDS 4-11 For exa mple, you ca n use th e follow ing comma nds to ent er interfa ce configuration m ode, and then return to Privileged Exec mode .
C OMMAND L IN E I NTE RFA CE 4-12 Comman d Groups The syst em command s can be b rok en do wn into the funct ional groups shown below . Ctrl-R Repeats current command line on a new line. Ctrl-U Deletes fr om the cursor to the b eginning of the line. Ctrl-W Deletes the last word typed.
C OMMAND G RO U P S 4-13 SNMP Activates authentication failure traps; configures community a ccess strings , and trap man agers; als o configures IP address filtering 4-149 Interface Co nfigures the c.
C OMMAND L IN E I NTE RFA CE 4-14 The access m ode sho wn in th e follo wing tab les is in dicated b y these abbr eviation s: NE (Nor ma l Exec) IC (Interface Conf iguration) PE (Privilege d Exec) LC .
L INE C OMMANDS 4-15 line This comma nd identifi es a speci fic line for confi guration, and to pro cess subse quent line configu ration com mands. Syntax line { console | vty } • console - Console terminal line. • vty - Virtual terminal for remot e console acces s (i.
C OMMAND L IN E I NTE RFA CE 4-16 Related Commands show line (4-25) show users (4-83) login This command enables p assw ord c heckin g at log in. Use the no for m to disable password checking and allow c onnecti ons witho ut a pass word. Syntax login [ local ] no login local - Selec ts local password checking .
L INE C OMMANDS 4-17 • This c ommand control s logi n authen ticatio n via th e switch itself. To conf igure u ser name s and passwor ds for rem ote aut henticat ion ser vers, yo u must use the RADIU S or TA CACS so ftware instal led on those se rvers .
C OMMAND L IN E I NTE RFA CE 4-18 • The encrypte d password is required for compatibility wit h legacy passw ord set tings (i .e., plai n tex t or encr ypted) wh en readi ng the configuration file during system bootup o r when downloading the configuration file from a TFTP server.
L INE C OMMANDS 4-19 Example T o set th e tim eout to tw o min utes , ent er th is com mand : password-thr esh This c ommand sets the password intr usion threshold w hich limits the number of failed lo go n attempts. Use the no for m to re mov e the thresh old val u e.
C OMMAND L IN E I NTE RFA CE 4-20 Related Commands silent-time ( 4-20) silen t-time This c ommand se ts the amount of time the ma nage ment conso le is inacce ssible aft er the n umber of unsuccess ful logon atte mpts ex ceeds the threshold set by the passwor d-th re sh co mmand .
L INE C OMMANDS 4-21 databits This c ommand se ts the number of d ata bits pe r character tha t are inter preted and g enera ted by the conso le por t. Us e the no for m to rest ore the de fault value. Syntax databi ts { 7 | 8 } no databits • 7 - Seven da ta bit s per ch aracter .
C OMMAND L IN E I NTE RFA CE 4-22 parity Th is comman d define s the g eneratio n of a par ity bit. Use the no for m to restore the default s etting . Syntax parity { none | even | odd } no parity •.
L INE C OMMANDS 4-23 spee d This command s ets the te r minal line’ s baud rate. This co mmand sets both the tr ansmit (t o terminal) and r eceiv e (from ter minal) speeds . Use the no for m to res tore the d efault setting. Syntax speed bps no speed bps - Ba ud rate in bits per seco nd.
C OMMAND L IN E I NTE RFA CE 4-24 stopbit s This c ommand se ts the number of the stop bit s transm itted per byte. Use the no for m to re store the de fault setting.
L INE C OMMANDS 4-25 Example Related Commands show ssh (4-55) show users (4-83) show li ne This comm and displays the ter minal line’ s parameters. Syntax show li ne [ console | vty ] • console - Console terminal line. • vty - Virtual terminal for remot e console acces s (i.
C OMMAND L IN E I NTE RFA CE 4-26 Gener al Comm ands enable This command acti v ates Pr ivil eged Ex ec mode . In p rivi leged mode , additional c ommands are a vailabl e, and c er tain comma nds displa y additional infor mation. (See “U nderstanding Command Mo des” on page 4-8 .
G ENERAL C OMMANDS 4-27 Command Mode Nor mal E xec Command Usage • “supe r” is th e default p assword requir ed to chang e the c ommand mode fr om Norm al Exe c to Privi leg ed Exec . (To set t his pa ssword, see th e enable password command o n page 4-36.
C OMMAND L IN E I NTE RFA CE 4-28 Example Related Commands enable (4-26) configure This comm and activ ates Global Con figuration mode. Y ou must enter this mode to m odify any setting s on the sw itch.
G ENERAL C OMMANDS 4-29 Command Mode Nor mal Exec, Pri vileged Exec Command Usage The history buffer si ze is fix ed at 10 Execu tion com mands and 10 Configur ation c ommand s .
C OMMAND L IN E I NTE RFA CE 4-30 Default Setting None Command Mode Pri vileged Ex ec Command Usage This comman d resets the ent ire syste m. Example Th is example sh ows how to rese t the switch : end This command returns to Pri vileged Ex ec mode.
G ENERAL C OMMANDS 4-31 exit This comm and returns to the previous configuration mo de or exit the config uration p rogr am. Default Setting None Command Mode Any Example This examp le sho ws how to r.
C OMMAND L IN E I NTE RFA CE 4-32 This e xample sh ows how to quit a CLI session: System Mana gement Com mands These comman ds are use d to con trol sys tem logs , passw ords , user nam es , browser config uration o ptions, and di splay or c onfigur e a variety of other system infor mat ion.
S YSTE M M ANAGEME NT C OMMANDS 4-33 Device Designation Co mmands prom pt This comma nd customi zes the CLI prompt . Use the no fo r m t o re stor e the def ault pr ompt. Syntax prompt string no prompt string - Any a lphan umer ic strin g to u se for th e CLI pr ompt.
C OMMAND L IN E I NTE RFA CE 4-34 hostnam e This command s pecifies or modifies the host nam e for this devi ce. Us e the no for m to r estore th e default h ost name.
S YSTE M M ANAGEME NT C OMMANDS 4-35 usernam e This comma nd adds na med user s , requires authen ticatio n at log in, specif ies or chang es a us er's pa ssword (or specify that no password is require d), or specifies o r chan ges a user's acc ess lev el.
C OMMAND L IN E I NTE RFA CE 4-36 Command Usage The en cryp ted password is required for compatibility with le gacy pas sw ord se tting s (i.e ., plai n text or en cr ypte d) when r eading th e conf iguratio n file duri ng syst em bootup or wh en dow nloadin g the config urati on file fr om a T FTP ser ver .
S YSTE M M ANAGEME NT C OMMANDS 4-37 Command Usage • You c annot set a null p assword. Yo u will have to enter a password to change the command mod e from Normal Exec to Privileged Exec with the enable comman d (page 4-26). • The encrypte d password is required for compatibility wit h legacy passw ord set tings (i .
C OMMAND L IN E I NTE RFA CE 4-38 management This command specifies the clien t IP addr esses that ar e allo wed manageme nt acces s to th e switc h thr ough v arious proto cols .
S YSTE M M ANAGEME NT C OMMANDS 4-39 • You can not delete a n individua l addres s from a specifie d range. Yo u must del ete th e entire range, a nd reenter t he address es. • You can delete an ad dress ran ge just b y specif ying the st art addres s, or by specifyin g both the start addre ss and end address.
C OMMAND L IN E I NTE RFA CE 4-40 Example Web Server Commands Console#show management all-client Management Ip Filter Http-Client: Start ip address End ip address ----------------------------------------- ------ 1. 192.168.1.19 192.168.1.19 2. 192.168.
S YSTE M M ANAGEME NT C OMMANDS 4-41 ip http port This command specifies the TCP p ort number u sed by t he W eb brow ser interface. Use the no form to use the default port. Syntax ip http por t port-number no ip http por t por t-nu mber - Th e T C P p or t t o b e us ed b y t h e b r o w s e r i n t e r f a c e .
C OMMAND L IN E I NTE RFA CE 4-42 Example Related Commands ip http po rt (4- 41) copy tftp ht tps-cer tificate (4-86) ip http secur e-server This comma nd enabl es the se cure h yper text t ransfer p rotocol (HTT PS) over the Sec ure S ocket Laye r (SSL), providi ng se cure ac cess (i.
S YSTE M M ANAGEME NT C OMMANDS 4-43 • When yo u start H TTPS, the co nnection is esta blished in th is way: - The client aut hentica tes the s erver usin g the ser v er’s digital certificate. - The c lient an d ser ver ne gotiate a set of secur ity pro tocols t o use for the c onnecti on.
C OMMAND L IN E I NTE RFA CE 4-44 ip http secure-por t This command specifies t he UDP port num ber used for HTTPS/SSL conne ction to t he switch’ s W eb inte rface. Use the no form to restore the defau lt por t. Syntax ip http secure-por t port_number n o ip h t t p s e c u r e - p o rt por t_nu mber – The UDP port used for HTTPS/ SSL.
S YSTE M M ANAGEME NT C OMMANDS 4-45 Secure Shell Commands The Berkley-stan dard includes remote access tools originally design ed for Unix sys tems . So me of thes e tool s have also bee n implem ented fo r Micros oft Windows a nd othe r environm ents .
C OMMAND L IN E I NTE RFA CE 4-46 The SSH se r ver on this switc h supp orts both pas sw ord and public k ey authen ticatio n. If p assw ord authe nticati on is sp ecified b y the SSH client, then the.
S YSTE M M ANAGEME NT C OMMANDS 4-47 2. Provide Host Public Key to Clients – Many SSH clie nt prog rams automatically impor t the host public key during the initi al connection setup with the swit ch. Otherwise, you need t o manually create a known hosts f ile on the manag ement stat ion and place the host publ ic key in it.
C OMMAND L IN E I NTE RFA CE 4-48 9. If a mat ch is found, the switc h uses the pub lic key to encrypt a r andom sequenc e of b ytes , and s ends th is string to th e client . 10. The client u ses its priv ate key to d ecr ypt th e byt es , and sends the decrypted b ytes back to the s witc h.
S YSTE M M ANAGEME NT C OMMANDS 4-49 Example Related Commands ip ssh cr yp to host-key g enerate (4-52) show ssh (4-55) ip ssh timeout Use this co mmand to confi gure the ti meout for the SSH ser ve r . Use the no for m to res tore the d efault setting.
C OMMAND L IN E I NTE RFA CE 4-50 Related Commands ex ec-timeout (4 -18) show ip ssh (4-54) ip ssh auth entication- retries Use th is command to conf igure the number of times the SS H ser ver attemp ts to reauth enticate a user. Use the no for m to restore the default setting.
S YSTE M M ANAGEME NT C OMMANDS 4-51 ip ssh server-key size Use this command to set the SSH server k ey size . Use the no for m to restore the default s etting . Syntax ip ssh ser v er-key s ize key - s i z e no ip ssh ser ver -key siz e key - s i z e – The size of ser ver k ey .
C OMMAND L IN E I NTE RFA CE 4-52 Command Mode Pri vileged Ex ec Example ip ssh crypt o host-key generate Use th is comm and to gene rate the host k ey pa ir (i.e ., p ublic and pri vat e). Syntax ip ssh cr ypto host-key generate [ ds a | rsa ] • dsa – DSA key ty pe.
S YSTE M M ANAGEME NT C OMMANDS 4-53 Related Commands ip ssh cr ypto z eroize (4-53) ip ssh save host-key (4- 54) ip ssh crypto zer oize Use this command to cle ar the ho st ke y from memory (i.e . RAM). Syntax ip ssh cr ypto zeroiz e [ dsa | rsa ] • dsa – DSA key ty pe.
C OMMAND L IN E I NTE RFA CE 4-54 ip ssh save host-k ey Use this command to sav e host k ey from RAM t o flash memory . Syntax ip ssh sa ve host-k ey [ dsa | rs a ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Saves both the DSA and RSA key .
S YSTE M M ANAGEME NT C OMMANDS 4-55 show ssh Use this command to disp lay t he current S SH ser v er conne ctions . Command Mode Pri vileged Ex ec Example Console #show ssh Connect ion V ersion State User name En cryption 0 2.0 Session -Starte d admi n ct os aes12 8-cbc-h mac-md5 st oc aes12 8-cbc-h mac-md5 Console # Table 4-13.
C OMMAND L IN E I NTE RFA CE 4-56 show publ ic-key Use this co mmand to sho w the public key for the sp ecified use r or for the host. Syntax show public-k ey [ user [ user name ]| host ] user name – Name of an SSH user . (Range: 1-8 c haracter s) Encryption The encryption method is a utomatically negotiated between the client and server.
S YSTE M M ANAGEME NT C OMMANDS 4-57 Default Setting Shows all public keys. Command Mode Pri vileged Ex ec Command Usage • If no param eters are enter ed, all keys are displaye d. If the us er keyword is ent ered, but n o user na me is speci fied, th en the pub lic keys for a ll user s are displayed .
C OMMAND L IN E I NTE RFA CE 4-58 Event Logging Commands loggi ng on This c ommand contro ls log ging of er ror mess ages, sending debug or error messag es to switch memor y .
S YSTE M M ANAGEME NT C OMMANDS 4-59 Example Related Commands log ging h istor y (4-59) clear log ging (4 -62) loggi ng history This c ommand limits syslog me ssage s sav ed to s witch memor y bas ed on severity . The no for m return s the log gin g of syslo g messag es to the defa ult level.
C OMMAND L IN E I NTE RFA CE 4-60 Default Setting Flash: errors (lev el 3 - 0) RAM: warnings ( level 7 - 0) Command Mode Global Configura tion Command Usage The message level specified for f lash memor y must be a higher prio rity (i.e. , numerically lower) than that spec ified for RAM.
S YSTE M M ANAGEME NT C OMMANDS 4-61 Command Usage • By u sing this command more th an on ce yo u can build up a list of host IP add resses. • The maximum num ber of host IP addresses allow ed is five. Example logging facility This c ommand sets the facility type for remote log ging of syslog me ssages.
C OMMAND L IN E I NTE RFA CE 4-62 loggi ng trap This command en ables th e log ging of s ystem me ssages to a remote s er v er, or li mits the sy slog mess ages sa ve d to a remot e server based on sev erity . Use this comm and without a specified level to en able remote log gi ng .
S YSTE M M ANAGEME NT C OMMANDS 4-63 Command Mode Pri vileged Ex ec Example Related Commands show log ging (4-63) show lo gging This c ommand displays the log ging c onfiguration, along with an y system and event messages s tored in memor y .
C OMMAND L IN E I NTE RFA CE 4-64 The follo wing ex ample disp lays setting s for the t rap functi on. Console#show logging flash Syslog logging: Enable History logging in FLASH: level errors [0] 0:0:5 1/1/1 "PRI_MGR_InitDefault func tion fails." level: 3, module: 13, function: 0, and event no.
S YSTE M M ANAGEME NT C OMMANDS 4-65 Related Commands show log ging se ndmail (4-69) SMTP Alert Com mands Configur es SMTP ev ent handli ng, and forw ardin g of alert messages to the specif ied SMTP s er vers and ema il recipi ents .
C OMMAND L IN E I NTE RFA CE 4-66 loggi ng send mail hos t This c ommand specifies SMTP ser vers that will be sent alert messag es. Use the no form to remov e an SMTP server .
S YSTE M M ANAGEME NT C OMMANDS 4-67 loggi ng sendmai l level This c ommand se ts the severity thr eshold us ed to trig g er aler t mes sag es . Syntax loggin g se ndma il le vel level leve l - One of the syste m message levels (page 4-59). Messag es sent include the selected level do wn to level 0.
C OMMAND L IN E I NTE RFA CE 4-68 Default Setting None Command Mode Global Configura tion Command Usage Y ou ma y use an symboli c email address that identi fies the switc h, or the address of a n administra tor respon sible for the s witch. Example This example will send email aler ts for system errors from level 3 through 0.
S YSTE M M ANAGEME NT C OMMANDS 4-69 Example loggi ng send mail This comma nd enables SMTP ev ent handling . Use the no form to disable this functio n. Syntax [ no ] logging sendmail Default Setting Disabled Command Mode Global Configura tion Example show lo gging sen dmail Th is comm and displ ays the s etting s for the SM TP event h and ler .
C OMMAND L IN E I NTE RFA CE 4-70 Example Time Command s The sys tem clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP), o r by using infor mation broadcast by lo cal time ser vers. Console#show logging sendmail SMTP servers ----------------------------------------- ------ 192.
S YSTE M M ANAGEME NT C OMMANDS 4-71 sntp server This comma nd sets the IP a ddress of the servers t o whic h SNTP time request s are is sued. Use t he this command wi th no a rguments to clear al l time ser vers fr om the cur re nt list.
C OMMAND L IN E I NTE RFA CE 4-72 sntp poll This comma nd sets t he interval be tw een sendi ng time req uests w hen the switch is set to SNT P client mode. Use the no for m to restore to the defau lt. Syntax sntp p oll sec onds no sntp poll seconds - Inter val betw een time requests .
S YSTE M M ANAGEME NT C OMMANDS 4-73 Default Setting Disabled Command Mode Global Configura tion Command Usage • The tim e acquired from time s ervers i s used to record accu rate da tes and times fo r log e vents. Without SNTP, th e switch only re cords the time s tarting from th e fact ory defa ult set at the l ast bo otup (e.
C OMMAND L IN E I NTE RFA CE 4-74 sntp broad cast client T his comman d synchroni zes the swit ch’ s c lock based on time broad cast from tim e ser vers (u sing the mult icast addres s 224.0.1.1). Us e the no for m to disa ble SNTP br oadcast client mo de.
S YSTE M M ANAGEME NT C OMMANDS 4-75 clock timezon e This command sets the time zon e for the s witch’ s inte rnal clock. Syntax clock timezone name hour ho urs minute minutes { before-utc | after-utc } • name - Name of timezone, usually an acronym.
C OMMAND L IN E I NTE RFA CE 4-76 calendar set This comma nd sets t he system cl ock. It may be used i f there is no time ser ver o n your network, or if you have not c onfigured the s witch to r eceive signals f rom a time s er ver . Syntax calend ar set ho ur min sec { day mon th year | mo nth day y ear } • hour - Hour in 24-hour format.
S YSTE M M ANAGEME NT C OMMANDS 4-77 Example System Status Commands show startup-config This c ommand displays the configuration file store d in non-volatile memor y tha t is used to s tart u p the syst em. Default Setting None Command Mode Pri vileged Ex ec Console#show calendar 15:12:34 February 1 2002 Console# Table 4-17.
C OMMAND L IN E I NTE RFA CE 4-78 Command Usage • Use this comman d in conjuncti on with the show running-config command to compare the information in running mem ory to the information stored in no n-volatile memo ry. • This com mand display s settings for key command modes.
S YSTE M M ANAGEME NT C OMMANDS 4-79 Example Related Commands show r unning -config (4-80) Console#show startup-config building startup-config, please wait.
C OMMAND L IN E I NTE RFA CE 4-80 show runnin g-config This comma nd displ ays the configur a tion info rm ation cur rently in use. Default Setting None Command Mode Pri vileged Ex ec Command Usage .
S YSTE M M ANAGEME NT C OMMANDS 4-81 Example Related Commands show star tup-conf ig (4-77) Console#show running-config building running-config, please wait.
C OMMAND L IN E I NTE RFA CE 4-82 show system This c ommand displays system infor mation. Default Setting None Command Mode Nor mal Exec, Pri vileged Exec Command Usage • For a descri ption of the it ems sh own by this com mand, refer to “Displaying Syst em Information” on page 3-12.
S YSTE M M ANAGEME NT C OMMANDS 4-83 show us ers Shows all activ e console and T elnet sess ions , including user name, idle time, and IP address of T elnet client . Default Setting None Command Mode Nor mal Exec, Pri vileged Exec Command Usage The session us ed to ex ecute this comman d is indica ted by a “ *” symbol next to t he Line (i.
C OMMAND L IN E I NTE RFA CE 4-84 Command Usage See “D isplaying S witch Har dware/Sof tware V ersio ns” on pag e 3-14 for detailed infor mation on the items disp layed by this command. Example Frame Size Commands jumbo frame This comma nd enables support for jumbo fra mes .
F LASH /F ILE C OMMANDS 4-85 Command Usage • This swi tch provid es more efficient t hroughput for large s equential data transfers by supporting jumbo frames up to 9216 bytes.
C OMMAND L IN E I NTE RFA CE 4-86 copy Th is comman d moves (upload/ download ) a code ima ge o r configu ration file b etwee n the swi tch’ s flash memory and a TFTP server . When you s av e the sys tem code o r configur ation setti ngs to a file on a TFTP ser ver, that file can later be downloaded to th e switch to res tore system operation.
F LASH /F ILE C OMMANDS 4-87 Command Usage • The system promp ts for d ata req uired to comple te th e copy command. • The d estin ation file na me sh ould n ot cont ain sla shes ( or /) , the leading letter of the file name should not be a period (.
C OMMAND L IN E I NTE RFA CE 4-88 Example The foll owi ng ex ample sh ows how to upl oad the configurati on set tings to a file on the TFTP ser ver: Th e following ex ample sh ows how to copy the r unnin g config uration to a star tup file.
F LASH /F ILE C OMMANDS 4-89 This examp le sho ws how to copy a secure-s ite certifica te from an TFTP server . It then reboot s the swi tch to acti v ate the certificat e: This exampl e shows h ow t o copy a p ublic-k ey used b y SSH from an TFT P server .
C OMMAND L IN E I NTE RFA CE 4-90 Command Mode Pri vileged Ex ec Command Usage • If the file type is use d for system startup, the n this file cannot be delete d. • “Fa ctory_De fault_ Config.cf g” cann ot be dele ted. Example This e xample shows how to delete the test2.
F LASH /F ILE C OMMANDS 4-91 Command Mode Pri vileged Ex ec Command Usage • If you e nter the co mmand dir with out any par ameters, th e syste m displays all files. • File informatio n is shown below : Example The following example shows how to display all file infor mation .
C OMMAND L IN E I NTE RFA CE 4-92 Example This examp le sho ws the info r mation displa yed b y the whichboot comma nd. See t he table under th e dir command fo r a description o f the file infor mation disp layed b y this comman d. boot system This comma nd specifi es the im age used to st art up the sys tem.
A UTHE NTI CAT ION C OMMANDS 4-93 Example Related Commands dir (4-90) whichboot (4-91) Authen ticat ion Comma nds Y ou can conf igure t his sw itc h to authentic ate user s logging in to the s ystem for manag ement acce ss using loc al or RADIUS auth entication me thods .
C OMMAND L IN E I NTE RFA CE 4-94 authent ication l ogin This comma nd defin es the lo gin au thentica tion met hod and prece dence . Use the no form to restore the defaul t. Syntax authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • local - Use l ocal password .
A UTHE NTI CAT ION C OMMANDS 4-95 Example Related Commands username - for set ting t he local user names and pa ssw ords (4 -35) RADIUS Client Re mote Authentication Dia l-in User Ser vice (R ADIUS) i.
C OMMAND L IN E I NTE RFA CE 4-96 Default Setting 10.1.0.1 Command Mode Global Configura tion Example radi us-serve r port This command set s the RADIUS s er ver n etw ork port.
A UTHE NTI CAT ION C OMMANDS 4-97 radi us-serve r key This comma nd sets t he RADIUS enc ryption ke y . Use the no form to restore the default. Syntax radius-server key key_ st ri ng no radius-server key key _ s t ri n g - Encr yption key used to authen ticate log on acce ss for client.
C OMMAND L IN E I NTE RFA CE 4-98 Command Mode Global Configura tion Example radi us-serve r timeout This c ommand sets th e inter val bet ween transmitting authentica tion request s to the RA DIUS server .
A UTHE NTI CAT ION C OMMANDS 4-99 Example TACACS+ C lient T er minal Ac cess Controller Access Co ntrol Syst em (TA CA CS+) is a log on authent icati on prot ocol that u ses softwar e r unning on a cen tral ser ver to control access to T A CA CS-awar e devices o n the ne tw ork.
C OMMAND L IN E I NTE RFA CE 4-100 Command Mode Global Configura tion Example tacacs-server p ort This comma nd specifies the T A CA CS+ server net wo rk port. Use th e no for m to res tore the defau lt. Syntax tacacs-ser ver port port_number no tacacs-ser ver port por t_nu mber - TA C A C S+ ser ver TC P por t used for authen tication messages .
A UTHE NTI CAT ION C OMMANDS 4-101 tacacs-server k ey This comma nd sets t he TA CA CS+ encryption ke y . Use the no form to restore the default. Syntax tacacs-ser ver k ey ke y _ s t ri n g no tacacs-ser ver k ey key _ s t ri n g - Encr yption key used to authen ticate log on acce ss for the client.
C OMMAND L IN E I NTE RFA CE 4-102 Port Securi ty Comm ands Th ese comma nds can be used t o disable th e lear ning fu nction o r manually specif y secure add resses for a po rt. Y ou may want to lea ve port security off for an initial training pe riod (i.
A UTHE NTI CAT ION C OMMANDS 4-103 Default Setting Status: Disabled Act ion: None Maximum Addr esses: 0 Command Mode Inter face Confi guration (Ether net) Command Usage • If you enable port se curity, the switch will sto p dynamically learning new address es on the specified port.
C OMMAND L IN E I NTE RFA CE 4-104 Example The follo wing example ena bles p ort security for p ort 5, and se ts the respons e to a security viol ation to issue a trap message: Related Commands shutdown (4-175) mac-address-table static (4-201) show mac-address-table (4-202) 802.
A UTHE NTI CAT ION C OMMANDS 4-105 authent ication dot 1x default This com mand sets the defau lt auth entic ation ser ver type. Us e the no for m to res tore the defau lt.
C OMMAND L IN E I NTE RFA CE 4-106 dot1x defaul t This command sets al l configu rable dot1x global an d por t setti ngs to t heir defau lt values. Syntax dot1x default Command Mode Global Configura t.
A UTHE NTI CAT ION C OMMANDS 4-107 dot1x port-c ontr ol This c ommand se ts the dot1x mode on a por t interfa ce. Use the no for m to restore th e default.
C OMMAND L IN E I NTE RFA CE 4-108 dot1x o peration- mode This c ommand allows single or multiple h osts (client s) to connect to an 802.1X-authorized port. Us e the no form with no k eyw ords to rest ore the default to single host. Us e the no for m wi th the m ulti-host max-count ke ywo rds to res tore the d efault max imum count.
A UTHE NTI CAT ION C OMMANDS 4-109 Command Mode Pri vileged Ex ec Example dot1x re-a uthenticat ion This c ommand enables period ic re-authentication globally for all ports.
C OMMAND L IN E I NTE RFA CE 4-110 Command Mode Global Configura tion Example dot1x timeo ut re- authp eriod This com mand s ets the time period after w hich a co nnected client must be re-aut henticat ed. Syntax dot1x timeout re-authperiod second s no dot1x timeout r e-authperiod second s - The number of secon ds .
A UTHE NTI CAT ION C OMMANDS 4-111 Default 30 seconds Command Mode Global Configura tion Example show dot 1x This c ommand shows gener al por t authentic ation relate d settings on the switch or a specific interface. Syntax sho w dot 1x [sta tistics] [inte rface interface ] interface ethernet unit / port - unit - This is device 1.
C OMMAND L IN E I NTE RFA CE 4-112 • 802.1X Po rt Summary – Di splays th e port acces s contro l paramete rs for each i nterface , includ ing the fol lowing it ems: - Stat us– Administrative s tate for po rt access control. - Mode– Dot1x port control mode (page 4-107).
A UTHE NTI CAT ION C OMMANDS 4-113 Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.
C OMMAND L IN E I NTE RFA CE 4-114 Access Co ntrol List Comm ands Access Control Lists (A CL) pro vide pac ket filt ering for I P frames (based on add ress, protocol, L ayer 4 prot ocol por t number or TCP c ontrol cod e) or any fra mes (based on MA C address or Ethernet type).
A CCES S C ONTROL L IST C OMMANDS 4-115 The following rest rictions apply to ACLs: • This sw itch supports ACL s for both ingres s and egress filter ing. However , you can on ly bind one IP A CL and on e MAC ACL to any port for i ngress f il ter ing, and on e IP ACL a nd one M AC ACL to an y port for egres s filte ring.
C OMMAND L IN E I NTE RFA CE 4-116 6. Explici t default r ule (permit any any) i n the in g ress M A C A CL for ingres s port s . 7. If no explicit r ul e is matched, the implicit default is per mit all. Masks for A ccess Control Li sts Y ou can specify option al masks that control th e order in which A CL r ules are c heck ed.
A CCES S C ONTROL L IST C OMMANDS 4-117 permit, deny Filt ers packet s meeting the specifie d criteria, including source and destin ation IP a ddress, TC P/UDP port numbe r, protocol typ e, and TCP co.
C OMMAND L IN E I NTE RFA CE 4-118 access-list i p This command adds an IP access list and enters con figuration mod e for stand ard or ex tended I P A CLs .
A CCES S C ONTROL L IST C OMMANDS 4-119 Related Commands per mit, deny 4-119 ip access-group (4-129) show ip access-list (4-123 ) permi t , deny (Stan dard ACL) This command adds a r ule to a Standa rd IP A CL. T he rule sets a filter condi tion for pack ets emanatin g from the speci fied sou rce.
C OMMAND L IN E I NTE RFA CE 4-120 Example This example c onfigures one permit r ule for the s pecific add ress 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Related Commands access-list ip (4-118) permi t , deny (Extend ed ACL) This command adds a r ule to an Extended IP A CL.
A CCES S C ONTROL L IST C OMMANDS 4-121 • address-bitmask – Decima l number represen ting th e addr ess bits to matc h. • host – Keyword follow ed by a specific IP address. • precedence – IP p recedence level. (Range: 0-7) • tos – Type of Ser vice level.
C OMMAND L IN E I NTE RFA CE 4-122 • The cont rol-code b itmask is a d ecimal n umber (rep resenting an equivale nt bit mask ) that is appl ied to the c ontrol cod e. Enter a decim al number , whe re the equival ent bina ry bit “1” mea ns to matc h a bit and “0” mea ns to ignore a bit.
A CCES S C ONTROL L IST C OMMANDS 4-123 Related Commands access-list ip (4-118) show ip access-list This comm and displays the rules for configured IP A CLs . Syntax show i p access-list { standard | extended } [ acl_name ] • standard – Specifies a stan dard IP AC L.
C OMMAND L IN E I NTE RFA CE 4-124 Default Setting Defaul t system mask: Filte r inbound pac kets ac cordin g to specifi ed IP AC L s. Command Mode Global Configura tion Command Usage • A mask c an only be used by all ing ress ACL s or all egr ess ACLs.
A CCES S C ONTROL L IST C OMMANDS 4-125 mask (IP AC L) This command defines a mask fo r IP A CLs. T his mask defines the fields to chec k in the IP header .
C OMMAND L IN E I NTE RFA CE 4-126 Command Usage • Packets cro ssing a po rt are che cked against all t he rules in the ACL until a matc h is fo und. T he ord er in which these p acke ts are check ed is determined by the mask, and no t the order in which th e ACL rule s were en tered.
A CCES S C ONTROL L IST C OMMANDS 4-127 This shows ho w to cr eate a stan dard A CL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others . This sho ws how to cr eate an exten ded A CL with an egress mask t o drop packe ts leaving netw ork 171.
C OMMAND L IN E I NTE RFA CE 4-128 This is a mor e compre hensi ve ex ample . It d enies any TCP pac kets i n which the S YN bit is O N , an d per mi ts all othe r packets . It the n sets th e ing ress ma sk to check the de ny r ule fi rst, and f inally bi nds por t 1 to th is A CL.
A CCES S C ONTROL L IST C OMMANDS 4-129 Command Mode Pri vileged Ex ec Example Related Commands mask (IP A CL) (4-125) ip access-gro up This command bind s a port to an IP A CL. Use the no fo r m t o r em ove t he por t. Syntax [ no ] ip access-group acl_name { in | out } • acl_name – Name of the ACL .
C OMMAND L IN E I NTE RFA CE 4-130 Example Related Commands show ip access-list (4-123 ) show ip access-grou p This co mmand shows th e ports assign ed to IP ACLs. Command Mode Pri vileged Ex ec Example Related Commands ip access-group (4-129) map access-list ip This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule.
A CCES S C ONTROL L IST C OMMANDS 4-131 Default Setting None Command Mode Inter face Confi guration (Ether net) Command Usage • You must co nfigure an ACL ma sk before you can map CoS values to the rul e. • A packet matchin g a rule within the sp ecified ACL is mapped to one of the ou tput queues as shown in the foll owing ta ble.
C OMMAND L IN E I NTE RFA CE 4-132 show map access-list ip This comma nd sho ws th e CoS v alue map ped to an IP A CL for the cur rent inte rface. (The CoS v alue det er mines th e output queue for pack ets matching an A C L r ule.) Syntax show m ap access-list ip [ interface ] interface ethernet uni t / port • unit - This is device 1.
A CCES S C ONTROL L IST C OMMANDS 4-133 match access-list ip This command cha nges the IEEE 802.1p prior ity , IP Precedence , or DSCP Pri ority of a frame matc hing the defi ned A CL r ule . (T his f eature is common ly referred to as A CL pa ck et markin g .
C OMMAND L IN E I NTE RFA CE 4-134 Example Related Commands show marking (4-134) show mark ing This comma nd displa ys the cur ren t configu ration fo r pack et marking .
A CCES S C ONTROL L IST C OMMANDS 4-135 MAC AC Ls Table 4-28. MAC ACL Commands Comman d Func tion Mode P age access -list mac Creates a MAC ACL and enters configura tion mode GC 4-136 permit, deny Fil.
C OMMAND L IN E I NTE RFA CE 4-136 access-list mac This command adds a MA C access list and ente rs MA C A CL conf iguration mode. Use the no form to remov e the specif ied A CL. Syntax [ no ] access-list mac ac l_nam e acl_n ame – Name o f the A CL.
A CCES S C ONTROL L IST C OMMANDS 4-137 permi t , deny (MAC ACL) This comm and adds a rule to a MAC A CL. The r ule filters p ack ets matching a specified MAC source or destination address ( i.e., physical la yer addres s), or Ether net protoc ol type.
C OMMAND L IN E I NTE RFA CE 4-138 • vid-bit mask* – VLAN bitmask. (Range: 1-4095) • prot ocol – A specific Ethernet protocol number. (Range: 600-fff hex.) • prot ocol - bit mas k* – Protocol bitmask. (Range: 600-fff hex.) * F or all bitmasks , “1” means care and “0” mean s ignore.
A CCES S C ONTROL L IST C OMMANDS 4-139 show mac access-list This comm and displays the rules for configured MAC A CLs. Syntax show mac access-lis t [ acl_name ] acl_n ame – Name o f the A CL.
C OMMAND L IN E I NTE RFA CE 4-140 Command Usage • You mu st confi gure a ma sk for a n ACL rule be fore yo u can bind i t to a port or set the queue or frame p rioritie s assoc iated with the rule. • A mask c an only be used by all ing ress ACL s or all egr ess ACLs.
A CCES S C ONTROL L IST C OMMANDS 4-141 • vid-bitmask – VLAN ID of rule mus t match this bitmas k. • ethertype – Check th e Ethernet type field.
C OMMAND L IN E I NTE RFA CE 4-142 Example This examp le sho ws how to cr eate an Ingress MA C ACL and bin d it to a port. You can then see th at the o rder of the rules have been changed by the mas k.
A CCES S C ONTROL L IST C OMMANDS 4-143 This exampl e creates an Egress MA C A CL. show access-list mac mask-pr ecedence This c ommand shows the ing res s or eg ress r ule ma sks for MAC A CL s . Syntax show access-li st mac mask-precedence [ in | out ] • in – Ingres s mask pr ecedence for ingres s ACLs.
C OMMAND L IN E I NTE RFA CE 4-144 Related Commands mask (MA C A C L) (4-140) mac access-group Th is comman d binds a por t to a MAC A C L. Use th e no for m to remov e the po rt . Syntax mac access-group ac l_na me { in | out } • acl_name – Name of the ACL .
A CCES S C ONTROL L IST C OMMANDS 4-145 show mac access-group This co mmand shows th e ports assign ed to MA C ACLs. Command Mode Pri vileged Ex ec Example Related Commands mac access-group (4-144) map access-list mac This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule.
C OMMAND L IN E I NTE RFA CE 4-146 Command Usage • You must co nfigure an ACL ma sk before you can map CoS values to the rul e. • A packet matchin g a rule within the sp ecified ACL is mapped to one of the outp ut queues as show n belo w.
A CCES S C ONTROL L IST C OMMANDS 4-147 Example Related Commands map access -list mac (4-145) match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 fr ame matching th e defi ned ACL r ule. (This fe ature is commonly refer red to as A CL pa cket mark ing .
C OMMAND L IN E I NTE RFA CE 4-148 Related Commands show marking (4-134) ACL Informatio n show access-list This command shows all ACLs and associated r ules , as well as all t he user -defined m asks . Command Mode Pri vileged Ex ec Command Usage Once th e A C L is boun d to an inte rface (i.
SNMP C OMMANDS 4-149 show access-group Th is comman d shows the po rt assignme nts of ACLs . Command Mode Pri vileged Ex ecuti ve Example SNMP Commands Control access to this switch from managem ent stations using th e Simple Netw ork Managemen t Protoc ol (SNM P), as we ll as the error types sen t to trap manag ers.
C OMMAND L IN E I NTE RFA CE 4-150 snmp communit y This comma nd defines th e comm unity acce ss str ing for the Simple Network Man ageme nt Pr otocol.
SNMP C OMMANDS 4-151 snmp co ntact This comma nd sets the sys tem cont act stri ng . Use the no for m to remo ve the system con tact informatio n. Syntax snmp contact st rin g no snmp contact string - String that describes the system co ntact infor mation .
C OMMAND L IN E I NTE RFA CE 4-152 Command Mode Global Configura tion Example Related Commands snmp contact (4-151) snmp hos t This co mmand sp ecifies the rec ipient of a Si mple Ne tw ork Ma nagement Protoc ol noti fication operat ion. Use the no form to remov e the specified host.
SNMP C OMMANDS 4-153 Command Usage • If you do n ot enter an snmp host comm and, no not ificat ions ar e sent. In or der to confi gure the swi tch to send SNMP not ifications, you must enter at least one snmp host command. In order to enable multiple hosts, yo u must issue a separate snmp host command for each host.
C OMMAND L IN E I NTE RFA CE 4-154 snmp enable traps This c ommand enables th is device to send Si mple Network Management Protoc ol trap s (SNMP n otifi cations) .
SNMP C OMMANDS 4-155 Related Commands snmp host (4-1 52) show s nmp This comma nd che cks th e status of SNMP com munica tions . Default Setting None Command Mode Nor mal Exec, Pri vileged Exec Comman.
C OMMAND L IN E I NTE RFA CE 4-156 Example Console#show snmp System Contact: Paul System Location: WC-19 SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. alpha, and the privilege is read -write 2. private, and the privilege is re ad-write 3.
DNS C OMMANDS 4-157 DNS Commands These commands are used to configure Dom ain Naming System (DN S) ser vices. Y ou can manually configure entries in the DNS domain name to IP ad dress m apping table, co nfigur e defau lt doma in nam es , or s pecif y one or more name s er vers to use for domain name to address translation.
C OMMAND L IN E I NTE RFA CE 4-158 ip host This comma nd create s a stat ic ent r y in th e DNS ta ble that maps a host name to an I P address . Use the no f or m to remov e an entry . Syntax [ no ] ip ho st name address1 [ addr ess2 … address8 ] • name - Name of the host.
DNS C OMMANDS 4-159 clear host This c ommand deletes e ntries from the DNS table. Syntax clear host { name | * } • name - Name of the host. (Range: 1-64 character s) • * - Removes all entries. Default Setting None Command Mode Pri vileged Ex ec Example This exampl e clears al l static e ntries from the DNS tabl e.
C OMMAND L IN E I NTE RFA CE 4-160 Command Mode Global Configura tion Example Related Commands ip domain-lis t (4-160) ip name-ser ver (4-162) ip domain-lookup (4-163) ip domain-list Th is comman d define s a list of do main na mes that can be ap pended t o incomple te host names (i.
DNS C OMMANDS 4-161 Command Usage • Domain names are added to the end of the list one at a time. • When an i ncomplete h ost name is rece ived by t he DNS server on this switch, it will w ork through the do main list, app ending each domain name in the list to the h ost name, a nd checking w ith the sp ecified name ser vers fo r a match.
C OMMAND L IN E I NTE RFA CE 4-162 ip name-server This comman d specifies the addres s of one or mor e domain nam e ser ve rs to us e for n ame- to-a ddre ss re solu tio n.
DNS C OMMANDS 4-163 Related Commands ip domain-name (4-159) ip domain-lookup (4-163) ip domain-lookup This command enables DNS host name-to-ad dress trans lation.
C OMMAND L IN E I NTE RFA CE 4-164 Related Commands ip domain-name (4-159) ip name-ser ver (4-162) show h ost s This c ommand displays the static ho st name-to-address mapping table.
DNS C OMMANDS 4-165 show d ns This comm and displays the configuration of the DN S server . Command Mode Pri vileged Ex ec Example show d ns ca che This comma nd displ ays en tries i n the DN S cache . Command Mode Pri vileged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
C OMMAND L IN E I NTE RFA CE 4-166 clear dns cache This comm and clears all entries in the DNS cache. Command Mode Pri vileged Ex ec Example Field Description NO The entry number for each resource record. FLAG The flag is alwa ys “4” indicati ng a cache entry and the refore unreliable.
DNS C OMMANDS 4-167.
C OMMAND L IN E I NTE RFA CE 4-167 Interface Commands These comman ds are us ed to d ispla y or set co mmuni cation paramet ers for an Ethernet port, a g g regated link, o r VLAN .
I NTERFACE C OMMANDS 4-168 interface This comma nd config ures an int erface ty pe and enter inte rface config uration m ode. Use the no for m to remo ve a tr unk. Syntax interf ace interface no interface port-channel ch annel -id • interface - ethernet unit / port - unit - This is device 1.
C OMMAND L IN E I NTE RFA CE 4-169 Default Setting None Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Example The follo wing exam ple adds a descrip tion to port 24. speed-duplex This command co nfigur es the spee d and duplex m ode of a gi ven interfa ce when a utone g oti atio n is dis abled.
I NTERFACE C OMMANDS 4-170 Command Usage • To force op eration to the spe ed and dup lex mode s pecified in a speed-duplex co mmand, use the no negotiation command to disabl e auto-neg otiation on the selected i nterfac e.
C OMMAND L IN E I NTE RFA CE 4-171 Command Usage • Wh en auto-negotiat ion is enabled the switch will ne gotiate the be st setting s for a l ink bas ed on the capabilities comma nd. When auto-negotiation is dis abled, you must manually specify the link attribu tes with the speed- duplex and flowco ntrol commands.
I NTERFACE C OMMANDS 4-172 capabilities This comm and advertises the po rt capabi lities of a give n interface during auto negotia tion. Use the no for m w ith parame ters to re mov e an adver tised capability , or the no for m without parame ters to restor e the default values.
C OMMAND L IN E I NTE RFA CE 4-173 Example The fo llowing example configures Ethe r net por t 5 capabilities to 100half, 100full and flow control. Related Commands nego tiation (4 -170) speed-duplex (4 -169) flowcontro l (4 -173) flowcontrol This command enables flo w control .
I NTERFACE C OMMANDS 4-174 • When u sing th e negotiation command to enable au to-neg otiat ion, the optimal se ttings will be determined by th e capabi lities command .
C OMMAND L IN E I NTE RFA CE 4-175 Default Setting sfp-pref erred-auto Command Mode Interf ace Conf igurati on (Eth ernet) Example This forces t he switc h to use the bu ilt- in RJ- 45 port fo r t he combin ation port 21. shutdown This comman d disabl es an inter face .
I NTERFACE C OMMANDS 4-176 switchport broadcas t packet-rate This comma nd config ures broa dcast sto r m contro l. Use the no fo r m to disable br oadcast st or m cont rol. Syntax swi tchpor t broadcast packet-rate rate no switchpor t broadcast rate - Threshol d level as a rate; i.
C OMMAND L IN E I NTE RFA CE 4-177 clear counters This comma nd clears st atistics on an interface . Syntax clear counters interf ace interface • ethernet unit / port - unit - This is device 1.
I NTERFACE C OMMANDS 4-178 show i nterfaces status This comm and displays the status for an interface. Syntax show i nterfaces status [ in terface ] • interface - ethernet unit / port - unit - This is device 1.
C OMMAND L IN E I NTE RFA CE 4-179 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] • interface - ethernet unit / port - unit - This is device 1. - port - Port number. - port-channel chann el-id (Range: 1-6) Default Setting Shows the counters for all interfaces.
I NTERFACE C OMMANDS 4-180 Command Mode Nor mal Exec, Pri vileged Exec Command Usage If no interface is specified, infor mation on all inte rfaces is displayed. F or a d escription o f the item s displa yed b y this co mmand, see “Showing P or t Statistics ” on page 3-106.
C OMMAND L IN E I NTE RFA CE 4-181 show i nterface s swit chport This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ in terface ] • interface - ethernet unit / port - unit - This is device 1.
I NTERFACE C OMMANDS 4-182 Field Description Broadcast threshold Shows if broadcas t storm suppression is enabled or disabled; if enabl ed it also shows the thre shold level (page 4-176). Lacp status Shows if Link Aggregation Control Pro tocol has been enabled o r disabled (pa ge 4-190).
C OMMAND L IN E I NTE RFA CE 4-183 Mirror Port Commands Th is section d escrib es how to mir ror traffic from a so urce por t to a targ et por t. port monitor This command con figures a mirror sessi on.
M IR R OR P ORT C OMMANDS 4-184 Command Usage • You can mirror traffic from any source port to a destination po rt for real-time analysis. Y ou can then at tach a logic analyz er or RMON prob e to the d estination port and s tudy th e traffic cros sing the s ource port in a completely unobtrusive manner.
C OMMAND L IN E I NTE RFA CE 4-185 Command Usage This comman d displ ays th e currently confi gured so urce port, destinat ion por t, and m ir ror mode (i.e., RX, TX , RX/TX). Example The foll owin g sho ws mirrorin g confi gured fro m port 6 to port 11.
R ATE L IMIT C OMMANDS 4-186 rate-limit This c ommand defines the rate limit for a specific interface. Use this command without specifyi ng a rate t o restore the defaul t rate .
C OMMAND L IN E I NTE RFA CE 4-187 Link Aggregation Comman ds P o rts c an be statically g rouped into an ag gre gate link (i.e., tr unk) to incre ase the ba ndwidt h of a network c onnect ion or to en sure fau lt recover y .
L INK A GG RE G A T I O N C OMMANDS 4-188 Guidelines for Creating Trunks General Guidelines • Finish co nfiguri ng port tr unks before you con nect th e corresp ondin g network c able s betwee n switch es to a void c reating a loop. • A trunk can have up to eight ports.
C OMMAND L IN E I NTE RFA CE 4-189 channel-group This command adds a po r t to a tr unk. Use the no form to remov e a port from a trun k. Syntax channel-group channel-i d no channel-group channel- id - T runk in dex (Range: 1-6) Default Setting Th e cur rent p ort will be add ed to this t r unk.
L INK A GG RE G A T I O N C OMMANDS 4-190 lacp This command enables 802.3ad Link Ag g regation Control Protocol (LA CP) for th e cur rent int erface. Use the no for m to disable it.
C OMMAND L IN E I NTE RFA CE 4-191 Example Th e following shows LACP enabled on por ts 1 1-13. Be cause L A C P has also bee n enabl ed on the p orts at the o ther end of the l inks , the show interfaces status por t-channel 1 comman d shows that T r unk1 has b een established.
L INK A GG RE G A T I O N C OMMANDS 4-192 lacp system-priority This comman d configure s a port's LA CP system priori ty . Use the no for m to rest ore t he defa ult sett ing . Syntax lacp { actor | par tner } system-priority priority no lacp { actor | par tner } system-priori ty • actor - The local side an a ggregate link.
C OMMAND L IN E I NTE RFA CE 4-193 lacp admin-key (Ethernet Inte rface) Th is comman d configur es a por t's LACP administ ration k ey . Use th e no for m to res tore the d efault setting. Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-k ey • actor - The local side an a ggregate link.
L INK A GG RE G A T I O N C OMMANDS 4-194 Example lacp admin-key (Port Channel) This command configures a port chan nel's LA CP adminis tration k ey stri ng .
C OMMAND L IN E I NTE RFA CE 4-195 Example lacp port-priority This command c onfigu res LA CP port priority . Use the no for m to res to re the de fault settin g . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The local side an a ggregate link.
L INK A GG RE G A T I O N C OMMANDS 4-196 Example show l acp This c ommand displays LA CP infor mation. Syntax show lacp [ por t-ch annel ] { counter s | inter nal | neighbors | sys-id } • port-channe l - Local identifier for a link aggregation group .
C OMMAND L IN E I NTE RFA CE 4-197 Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACP DUs received on this channe l group. Marker S ent Number of valid Ma rker PDUs tra nsmitted fro m this channel grou p.
L INK A GG RE G A T I O N C OMMANDS 4-198 LACPDUs Inter nal Number of seconds before inva lidating received LACPDU information. LACP System Priority LACP system pr iority assigned to this port channel. LACP Port Priority LACP port priority ass igned to this interface within the channel grou p.
C OMMAND L IN E I NTE RFA CE 4-199 Console#show lacp 1 neighbors Channel group 1 neighbors ----------------------------------------- -------------------------- Eth 1/1 --------------------------------.
A DDRESS T ABL E C OMMANDS 4-200 Addre ss Ta ble Com mands These comma nds are use d to con figure th e addre ss table for filte ring speci fied add resses , displa ying current entri es , clearing the ta ble, o r sett ing the agin g time.
C OMMAND L IN E I NTE RFA CE 4-201 mac-add ress-ta ble static This c ommand maps a static address to a destination por t in a VLAN . Use the no for m to remo ve an addr ess . Syntax mac-address-tabl e static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table sta tic mac-address vlan vlan-id • mac-address - MAC a ddress.
A DDRESS T ABL E C OMMANDS 4-202 Example clear mac-address-table dynamic This c ommand removes any learned en tries from the forwarding database and cl ears the tra nsmit and re ceive coun ts for a ny st atic or syste m configured entries.
C OMMAND L IN E I NTE RFA CE 4-203 Default Setting None Command Mode Pri vileged Ex ec Command Usage • The MAC Addr ess Table contains the MAC ad dresses associate d with each inter face.
A DDRESS T ABL E C OMMANDS 4-204 Default Setting 300 seconds Command Mode Global Configura tion Command Usage The aging t ime is used to ag e out dynamica lly learne d forward ing infor mation. Example show mac-address -table aging-time This c ommand shows the aging time for entries in the address table.
C OMMAND L IN E I NTE RFA CE 4-205 Spanni ng Tree Com mands This secti on incl udes comma nds that config ure the Sp anning T ree Algorithm (S TA ) glo bally for the swit ch, and comma nds that config ure ST A for the s elected interfa ce . Table 4-37.
S PANNING T REE C OMMANDS 4-206 spanning- tree This comman d enables the Spann ing T ree Algorithm gl obally fo r the switc h. Use the no for m to dis able it.
C OMMAND L IN E I NTE RFA CE 4-207 Command Mode Global Configura tion Command Usage The Spann ing T ree Al gorithm (ST A) can be us ed to d etect an d disab le network loops , and to provide backup links betwe en switches, bridges o r ro u t e r s .
S PANNING T REE C OMMANDS 4-208 Command Usage • Spanning Tree Proto col Uses RSTP for the internal state machine, but sends only 802.1D BPDU s . T his cr eates on e spanning tree in stance for the entire network.
C OMMAND L IN E I NTE RFA CE 4-209 Example The follo wing ex ample con figures t he switc h to us e Rapid Spann ing T ree . spanning-tree for ward-time This comm and configures the spanning tree bridge forward time glo bally for this switch. Use the no for m to res tore the d efault.
S PANNING T REE C OMMANDS 4-210 spanning-tree hello-t ime This comm and configures the spanning tree bridge hello time globally for this sw itch. Use the no for m to res tore the d efault. Syntax spanning-tree hello-ti me tim e no spanning-tree hello-time time - Time in seconds .
C OMMAND L IN E I NTE RFA CE 4-211 Command Mode Global Configura tion Command Usage This command s ets the m aximu m time (in s econds) a device can w ait without receiving a configur ation mess age before attemptin g to reconfi gure.
S PANNING T REE C OMMANDS 4-212 Command Usage Bridge prio rity is used in selec ting the root devic e, root port, and designa ted po rt . The d evice with the highe st prio rity beco mes the STA root devi ce. Howe ver , if all device s hav e the same priori ty , the device with the lo west MA C address will then beco me the r oot device .
C OMMAND L IN E I NTE RFA CE 4-213 Example spanning-tree transm ission-limit This comman d configur es the mini mum i nter v al betw een the t ransmis sion of cons ecuti ve RST P/MSTP BPDUs .
S PANNING T REE C OMMANDS 4-214 Command Mode Global Configura tion Example Related Commands mst vlan (4 -214) mst priority ( 4 -215) name (4 -216) revision (4 -217) max-hops (4 -218) mst vlan This command a dds VLA Ns to a spann ing tree insta nce. Us e the no for m to remove the sp ecified VL ANs .
C OMMAND L IN E I NTE RFA CE 4-215 Command Usage • Us e this co mmand to gro up VLANs in to spann ing tree instance s. MSTP gen erates a unique s panning tree for each inst ance.
S PANNING T REE C OMMANDS 4-216 Default Setting 32768 Command Mode MST Configuration Command Usage • MST priorit y is used in selecting the ro ot bri dge and a lternate bri dge of the s pecified in stance. Th e device w ith the highest p riority (i.
C OMMAND L IN E I NTE RFA CE 4-217 Command Usage The MST region name and revision n umber (page 4-217) are used to desig nate a un ique MST re gion. A bridge ( i.e. , span ning-tree compliant device s uch as this swit ch) can only belong to one MS T region.
S PANNING T REE C OMMANDS 4-218 Example Related Commands name (4 -216) max-hops This command configures the maxim um n umber of h ops in the region befor e a B PDU is disc ard ed. Us e the no for m to rest ore the defau lt. Syntax max-hops hop-n umber hop- number - Maximum hop number for multiple spa nning tree .
C OMMAND L IN E I NTE RFA CE 4-219 spanning-tree s panning-disabled This comma nd disa bles the spanni ng tre e algorithm for the spe cified interface.
S PANNING T REE C OMMANDS 4-220 Default Setting • Ethernet – half duplex: 2,000, 000; full duplex: 1,000,000; trunk: 500,000 • Fast Ethernet – half duplex: 20 0,000; full duplex: 100,000; trun.
C OMMAND L IN E I NTE RFA CE 4-221 Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Command Usage • This comm and defi nes th e priorit y for th e use of a port i n the Spannin g Tree Al gorith m.
S PANNING T REE C OMMANDS 4-222 Command Usage • You can enable this option if an interfa ce is att ached to a LA N segment t hat is at the end of a bridge d LAN or to an end node. Since end node s cann ot cause forwar ding lo ops, th ey can p ass direc tly through to the spannin g tree fo rwarding state.
C OMMAND L IN E I NTE RFA CE 4-223 Command Usage • This command is used to enable/dis able the fast spann ing-tree mode for the sele cted port. In th is mode, ports skip th e Discarding and Learnin g states, a nd procee d straig ht to Forw arding.
S PANNING T REE C OMMANDS 4-224 Default Setting auto Command Mode Interfac e Confi guration (E ther net, Port Chan nel) Command Usage • Specify a po int-to- point li nk if th e interface can onl y be conn ected to exactly on e other bri dge, o r a shared link if it can be conne cted to tw o or more brid ges.
C OMMAND L IN E I NTE RFA CE 4-225 Default Setting • Ethernet – half duplex: 2,000, 000; full duplex: 1,000,000; trunk: 500,000 • Fast Ethernet – half duplex: 20 0,000; full duplex: 100,000; t.
S PANNING T REE C OMMANDS 4-226 spanning- tree mst port-p riority This comma nd config ures the interface p riority on a sp anning in stance in the Multiple Spannin g T ree.
C OMMAND L IN E I NTE RFA CE 4-227 spanning-tree protocol-m igration This com mand re-c hec ks the ap propri ate BPDU f or mat to send on the sele cted i nterfa ce. Syntax spanning-tree protocol -mig ration interface • interface - ethernet unit / port - unit - This is device 1.
S PANNING T REE C OMMANDS 4-228 show spa nning-t ree This com mand sh ows the conf iguratio n for the comm on spanni ng tr ee (CST) or for an instance with in the multiple spanning t ree (MST). Syntax show spanning-tree [ interfac e | mst instance_id ] • interface - ethernet unit / port - unit - This is device 1.
C OMMAND L IN E I NTE RFA CE 4-229 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning-tree information -------------.
S PANNING T REE C OMMANDS 4-230 show spanning-t ree mst configuration This comm and shows the multiple spanning tree c onfiguration. Syntax show spanning-tree mst confi guration Command Mode Pri vileg.
C OMMAND L IN E I NTE RFA CE 4-231 VLAN Commands A VLAN is a g roup of por ts that c an be locate d anywh ere in the ne twork, but co mmunicat e as th ough they belong t o the s ame ph ysical s egment.
VLAN C OMMANDS 4-232 vlan databa se This c ommand enters VLAN d atabase mode. All commands in this mode will take effect immediately . Default Setting None Command Mode Global Configura tion Command Usage • Use the V LAN databa se command mode to ad d, chang e, and del ete VLANs.
C OMMAND L IN E I NTE RFA CE 4-233 vlan This command configures a VLAN . Use the no for m to restore the default settings or de lete a VLAN . Syntax vlan vlan-id [ name vlan -name ] m edia ether net [ state { ac tive | susp end }] no vlan vla n-id [ name | state ] • vlan -id - ID of configured VLAN.
VLAN C OMMANDS 4-234 Example The following example adds a VLAN , using VLAN ID 105 and name RD5. T he VLAN is activated by de fault. Related Commands show vlan (4 -242) Configuring V LAN Interfaces Console(config)#vlan database Console(config-vlan)#vlan 105 name RD5 me dia ethernet Console(config-vlan)# Table 4-40.
C OMMAND L IN E I NTE RFA CE 4-235 interface vlan This comma nd enters i nterfac e config ura tion mod e for VLANs , which is used to configur e VLAN par ameters for a ph ysical interface . Syntax interface vlan vlan- id vlan-id - ID of the configured VLAN .
VLAN C OMMANDS 4-236 switc hport m ode This comma nd config ures the VL AN memb ership mode for a port. Use the no for m to restor e the default . Syntax swi tchpor t mode { tr unk | hybri d } no switchpor t mode • trunk - S p e c i f i e s a p o r t a s a n e n d - p o i n t f o r a V L A N t r u n k .
C OMMAND L IN E I NTE RFA CE 4-237 switchport accep table-frame-typ es This comma nd config ures the accept able fra me type s for a po r t. Us e the no for m to r estore th e defaul t. Syntax swi tchpor t acceptable-frame-types { all | tagged } no switchpor t accepta ble-frame-types • all - The p ort accepts all fram es, tagg ed or unt agged.
VLAN C OMMANDS 4-238 switchpor t ingress-filter ing This c ommand enables in gress filt ering for an in terface . Use th e no for m to restore th e default.
C OMMAND L IN E I NTE RFA CE 4-239 switc hport na tive vlan This c ommand co nfigures the P VID (i.e., default V LAN ID) for a por t. Use the no form to restore the defaul t. Syntax swi tchpor t nativ e vlan vlan -id no switchpor t nativ e vlan vlan-id - Default VLAN ID for a port.
VLAN C OMMANDS 4-240 switc hport allow ed vla n This comma nd config ures VLAN groups on the selec ted inter face . Use the no for m to restor e the default . Syntax swi tchpor t allow ed vlan { add vl an-l ist [ tagged | untagged ] | rem o v e vlan-lis t } no switchpor t allo wed vlan • add vlan-lis t - List o f VLAN identifier s to add.
C OMMAND L IN E I NTE RFA CE 4-241 • If a VLAN on the forbidd en list for an interface is manually added to that inte rface, the VL AN is autom atically remove d from the forbidden list for that int erface. Example The following example shows ho w to add VLANs 1, 2, 5 and 6 to the allowed list as tagg ed VLA Ns for port 1.
VLAN C OMMANDS 4-242 Example Th e following exampl e shows how to prevent por t 1 fro m being added to VLAN 3. Displaying VLAN Information show vlan This command s hows VL AN infor matio n. Syntax show v lan [ id vlan -id | name vlan- name ] • id - Keyw ord to be f ollowed by the VLAN ID.
C OMMAND L IN E I NTE RFA CE 4-243 Example Th e following exampl e shows how to display inf or mati on for V LAN 1. Configuring Protocol-based VLANs The ne tw ork devi ces r equired t o supp ort mult iple pr otoc ols canno t be easily g rouped into a common VLAN .
VLAN C OMMANDS 4-244 T o configure prot ocol-b ased VL ANs , follo w these steps: 1. First configure VLAN groups for the prot ocols y ou w ant to use (page -233). A lthough not mandator y , we sug g est configuring a sepa rate VL AN for ea ch major protoc ol r unn ing on your n etwork.
C OMMAND L IN E I NTE RFA CE 4-245 Example Th e following creates pr otocol gro up 1, and specifie s Ether net fr ames with IP and A RP prot ocol typ es . protoco l-vlan prot ocol-g roup (Configurin g Interfaces) Th is comman d maps a pr otoco l g roup to a VLAN for th e cur ren t interface.
VLAN C OMMANDS 4-246 • W hen a fr ame en ters a port tha t has be en assig ned to a protoc ol VLAN, it is processed in the follo wing manner: - If the frame is tagg ed, it will be processed according to the standard rules applied to tagg ed frames.
C OMMAND L IN E I NTE RFA CE 4-247 Example This sho ws protoc ol group 1 conf igured f or IP o ver Ethe r net. show inte rface s prot ocol- vlan proto col- group Th is comman d shows the mapping fro m prot ocol g roups to VLANs f or the se lected i nterfaces .
VLAN C OMMANDS 4-248 Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isolat ion betw een ports with in the as signed V LAN . This sect ion descr ibes co mmands u sed to config ure private V lANs. pvlan This comman d enables or co nfigur es a priv ate VLAN .
C OMMAND L IN E I NTE RFA CE 4-249 • Entering t he pvlan command with out any para meters en ables the private VLA N. Enteri ng no pvlan disa bles the pr iva te VLAN . Example This examp le enable s the p riv ate VL AN , and then sets p ort 24 as the uplink and ports 1-8 as the downlinks.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-250 GVRP and Bridge E xtens ion Com mands GARP VLA N Registratio n Protoc ol define s a way for switches to exc h ange VLA N infor mation in orde r to au toma tical ly re gist er VLA N members on inte rfaces a cross t he netw ork.
C OMMAND L IN E I NTE RFA CE 4-251 Command Mode Global Configura tion Command Usage GVRP defines a way for switches to exchange VLAN infor mation in order to register VLAN membe rs on por ts a cross the network.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-252 switchp ort gv rp This command enables GVRP for a port. Use th e no for m to disable it. Syntax [ no ] s w it c h po rt gv rp Default Setting Disabled Command Mode Interfac e Confi guration (E ther net, Port Chan nel) Example show gv rp configu ration This comm and shows if GVRP is enabled.
C OMMAND L IN E I NTE RFA CE 4-253 Example garp t imer This comm and sets the values for the join, leave and leav eall timers . Use the no for m to resto re the time rs’ default values .
GVRP AND B RIDGE E XTENSION C OMMANDS 4-254 • Time r values are applied to GVRP for all the ports on all VLANs. • Timer values must meet the foll owing re striction s: - leave >= (2 x jo in) - leaveall > leave Note: Set GVRP timers on all La yer 2 device s connect ed in the same network to the same va lues.
C OMMAND L IN E I NTE RFA CE 4-255 Example Related Commands garp timer (4 -253) Priority Commands The com mands described in this section allow you to specify which data pack ets h ave g reat er precedence when tr affic is buffer ed in the switc h due to co nges tion.
P RIORITY C OMMANDS 4-256 Priority Commands (Layer 2) switc hport prior ity de fault This comma nd sets a p riority for inc oming un tag ged frames . Use the no for m to res tore the defau lt value .
C OMMAND L IN E I NTE RFA CE 4-257 Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Command Usage • The preceden ce for priorit y mapping i s IP Port, IP Precedence o r IP DSCP , and def ault s witchpo rt prior ity.
P RIORITY C OMMANDS 4-258 queue mode This c ommand sets th e queue mod e to strict p riority or W eighted R ound-R obin (WRR) for the cl ass of service (CoS) prio rity queues .
C OMMAND L IN E I NTE RFA CE 4-259 queue ban dwidth This c ommand assigns weig hted round-rob in (WRR) weights to the eight class o f service (CoS) priority que ues . Use the no form to restore the defau lt weights. Syntax queue bandwidth weigh t1. ..
P RIORITY C OMMANDS 4-260 queue cos-map This c ommand as signs class of ser vice (C oS) values to the pr iority que ues (i.e., hardware output q ueues 0 - 7). Use the no form set th e CoS m ap to the de fault values . Syntax queue cos-map queue_ id [ c os1 .
C OMMAND L IN E I NTE RFA CE 4-261 Example Th e following exampl e shows how to change the Co S assignme nts to a one- to-one mapp ing . Related Commands show queue cos-map (4 -262) show queue mode This comma nd sho ws th e current queue m ode.
P RIORITY C OMMANDS 4-262 show queue ban dwidth This comma nd displa ys the weigh ted round- robin (WRR) bandwidt h allocatio n for the eigh t priority queues. Default Setting None Command Mode Pri vileged Ex ec Example show queue cos-map This com mand sh ows the cla ss of se r vice p riority map .
C OMMAND L IN E I NTE RFA CE 4-263 Default Setting None Command Mode Pri vileged Ex ec Example Priority Comm ands (Layer 3 and 4) Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 CoS Value : 0 1 2 3 4 5 6 7 Priority Queue: 2 0 1 3 4 5 6 7 Console# Table 4-47.
P RIORITY C OMMANDS 4-264 map ip port (Glob al Configuration) Use this command to enab le IP port map ping (i .e ., class o f service mapping for TCP/ UDP so ck et s).
C OMMAND L IN E I NTE RFA CE 4-265 Default Setting None Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Command Usage • The preceden ce for priorit y mapping i s IP Port, IP Precedence o r IP DSCP , and def ault s witchpo rt prior ity.
P RIORITY C OMMANDS 4-266 Example The follo wing example show s ho w to ena ble IP pr ecedence mapping globally: map ip pre cedence (Inter face Configuratio n) This command sets IP precedenc e priority (i.e ., IP T ype of Ser vice prio rity ). Us e the no for m to resto re the default table.
C OMMAND L IN E I NTE RFA CE 4-267 Example Th e following example shows how to m ap IP prec edence value 1 to CoS va lu e 0 : map ip dscp (Globa l Configuration) This comm and enables IP DSCP mapping (i.e., Differentiate d Ser vices Code Point mapping).
P RIORITY C OMMANDS 4-268 map ip dscp (Inter fac e Conf igu ratio n) This comm and sets IP DSCP priority (i.e., Differentiated Ser vices Code P oint priority). Use the no form to rest ore the defa ult tab le . Syntax map ip dscp dscp-v alue cos cos-value no map ip dscp • dscp-va lue - 8-bit DSCP value.
C OMMAND L IN E I NTE RFA CE 4-269 Example The f ollowing example shows how to map IP DSCP v alue 1 to CoS value 0. show map ip port Use th is command to sho w the I P port priori ty map . Syntax show map ip port [ interface ] interface • ethernet unit / port - unit - This is device 1.
P RIORITY C OMMANDS 4-270 Related Commands map ip port (Global Configuration) (4 -264) map i p port (Interf ace Conf iguratio n) ( 4 -264) show map ip preceden ce This comma nd sho ws th e IP prece dence pri ority m ap . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - This is device 1.
C OMMAND L IN E I NTE RFA CE 4-271 Related Commands map ip precedence (Global Configura tion) (4 -265) map ip p recedence (I nterface Co nfigurati on) (4 -266) show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - This is device 1.
M ULTICAST F ILTERING C OMMANDS 4-272 Related Commands map ip dscp (Global Configuration) (4 -267) map ip dscp (Interface Configuration) (4 -268) Mult icast Filte ring Comman ds Th is switch uses IGMP ( Inter net G roup Man ageme nt Prot ocol) to qu er y for any a ttac hed hosts that w ant to rece iv e a spec ific m ulticast ser vice .
C OMMAND L IN E I NTE RFA CE 4-273 ip igmp snoopi ng This c ommand enable s IGMP snoopin g on this sw itch. Use the no form to dis able i t. Syntax [no] ip ig mp snoopi ng Default Setting Enabl ed Command Mode Global Configura tion Example The follo wing example enables IGMP sno oping .
M ULTICAST F ILTERING C OMMANDS 4-274 ip igmp sno oping vlan static This comm and adds a port to a multicast g roup . Use the no for m to remov e the port.
C OMMAND L IN E I NTE RFA CE 4-275 ip igmp snooping versio n This comma nd config ures the IGMP snoop ing v ersion . Use th e no for m to restore th e default.
M ULTICAST F ILTERING C OMMANDS 4-276 show ip ig mp snooping Th is comman d shows the IG MP snoop ing conf iguratio n. Default Setting None Command Mode Pri vileged Ex ec Command Usage See “Con figuring IGMP Sn ooping an d Query P aramet ers” on page 3-182 for a description of the displa yed items .
C OMMAND L IN E I NTE RFA CE 4-277 Default Setting None Command Mode Pri vileged Ex ec Command Usage Membe r type s disp layed inclu de IGMP o r USE R, depend ing on select ed o ptions.
M ULTICAST F ILTERING C OMMANDS 4-278 ip igmp snooping querier This command enables the switc h as an IGMP queri er . Use the no fo r m to disa ble it. Syntax [ no ] ip igmp snooping querier Default Setting Enabl ed Command Mode Global Configura tion Command Usa ge If enabled, the switch will ser ve as querier if elected.
C OMMAND L IN E I NTE RFA CE 4-279 Command Mode Global Configura tion Command Usage Th e quer y count de fines h ow long the querier wa its for a r esponse from a multicast client bef ore ta king ac tion.
M ULTICAST F ILTERING C OMMANDS 4-280 Command Mode Global Configura tion Example The following show s how to configure the query inter val to 100 seconds . ip igmp s nooping query-ma x-respons e-time This comma nd config ures the query report dela y .
C OMMAND L IN E I NTE RFA CE 4-281 Example Th e following shows how to configu re the maximum r esponse t ime to 20 second s . Related Commands ip igmp sno oping version (4 -275) ip igm p snoo ping query-max -respon se-tim e (4 -280) ip igmp s nooping router-p ort-expir e-time This comma nd confi gures the query timeout.
M ULTICAST F ILTERING C OMMANDS 4-282 Related Commands ip igmp sno oping version (4 -275) Static Multicast Routing Commands ip igmp s nooping vlan mrou ter This comm and statically configures a multicast router por t. Use the no for m to remove the c onfigurat ion.
C OMMAND L IN E I NTE RFA CE 4-283 Command Usage Depe nding on your network conn ection s, IGMP snoopin g may not alw ays b e able to l ocate th e IGMP q uerier .
IP I NTERFACE C OMMANDS 4-284 Example Th e following shows that p ort 1 1 in VLAN 1 is attached to a multicast router . IP Inte rface Commands Th ere are no IP add resse s assi gned to this sw itch by defa ult.
C OMMAND L IN E I NTE RFA CE 4-285 ip a ddre ss This comma nd sets t he IP addre ss for the cur ren tly sele cted VLAN interface. Use the no form to rest ore the default I P address . Syntax ip address { ip-address netmask | bootp | dhcp } no ip address • ip-address - IP address • netm ask - Network mas k for the ass ociated IP s ubnet.
IP I NTERFACE C OMMANDS 4-286 Note: Before you can change th e IP address, you must first clear the current address with th e no form of this command .
C OMMAND L IN E I NTE RFA CE 4-287 Example In the fo llow ing examp le, th e device i s reassigne d the sa me address . Related Commands ip address (4 -285) ip def ault -gat eway This c ommand establishes a st atic route between this switch and devices that exis t on anothe r network segmen t.
IP I NTERFACE C OMMANDS 4-288 Related Commands show ip redirects (4 -288) show ip inter face This comm and displays the settings of an IP interface. Default Setting All interfaces Command Mode Pri vil.
C OMMAND L IN E I NTE RFA CE 4-289 Related Commands If the BOOT P or DHCP server has been mo ved t o a differ ent domain, the network por tion of the address provided to the clie nt will be base d on this new domain. (4 -286) ping Th is comman d send s ICMP echo requ est packets to anothe r node on the network.
IP I NTERFACE C OMMANDS 4-290 Example Related Commands interface (4 -168) Console #ping 10.1.0 .9 Type ESC to ab ort. PING to 10.1 .0.9, b y 5 32- byte pa yload I CMP packets , timeou t is 5 seconds respons e tim e: 10 m s respons e tim e: 10 m s respons e tim e: 10 m s respons e tim e: 10 m s respons e tim e: 0 ms Ping stat istic s for 10.
C OMMAND L IN E I NTE RFA CE 4-291.
A-1 A PPENDIX A S OFTWARE S PECIFI CATIO NS Software Features Authentication Local, RADIUS , T A CA CS, P ort (802.1x), HTTPS , SSH, P o rt Security Acc ess Con tro l Lists IP , MA C (up to 32 lists) .
S OFTWARE S PECIFICATIONS A-2 P ort Mi rro ri n g Multiple source por ts, one destination po rt Rate Limits Input L imit Output limit Range (c onfi gured per port) P or t T r unking Static tr u nks (C.
S OFTWARE S PECIFICATIONS A-3 Manage ment Fe atures In-Band Management T elnet, W eb-based HTTP or HTTPS , SNMP manager, or Secure Shell Out-of-Band Mana gement RS-232 DB-9 console port Software Loadi.
S OFTWARE S PECIFICATIONS A-4 HTTPS ICMP (RFC 792) IGMP (RFC 1112) IGMPv2 (RFC 2236) RADIUS+ (RFC 2618) RMON (RFC 1757 g roups 1,2,3,9)SNTP (RFC 2030) SNMP (RFC 1157) SNMPv2 (RFC 1907) SSH (V ersio n 2.
B-1 A PPENDIX B T ROUBLESHOOTING Table B-1. Troubleshootin g Chart Symptom Action Cannot con nect using Telnet, W eb browser, or SNMP software • Ensure that you have configured the ag ent with a valid IP address, subnet mas k and default gateway.
T R OUBLESHOOTING B-2.
Glossary-1 G LOSSA RY Acc ess Co ntrol L ist (A CL) A CLs can limi t netw ork traffic a n d res trict acce ss to certain us ers or devices b y checkin g eac h pack et for certa in IP or MA C (i.
G LOSSAR Y Glossary-2 Extensible Authentication Protocol over LAN (EAPOL ) EAPOL is a client authenticat ion protocol used by this switch to verify the network acces s rights for any d evice that is plug g ed into th e switch. A user name an d passw ord is reques ted b y the swi tch, an d then passed to an auth entica tion s er v er (e .
G LOSSAR Y Glossary-3 IEEE 802.1Q VLAN T agg ing —Defines Et hernet frame tags w hich carry VLAN infor mation. I t allows switc hes to ass ign endstations t o different virtual LANs , and defines a stan dard wa y for VLAN s to commun icate across switc hed netw orks .
G LOSSAR Y Glossary-4 IGMP Query On each subnetwork, one IGMP-capable device will act as the que rier — that is, the device tha t asks all ho sts to re por t on the IP multicast g roups they wish to join or to which they already belong . The electe d querier will be the device with the lo west IP addres s in the s ubnetw ork.
G LOSSAR Y Glossary-5 Link Aggregation See Por t Trunk. Link Ag gr egation Control Protocol (LACP) Allows por ts to automatically neg otiat e a tr unked link with LA CP-configu red ports on anothe r device . Management Inf or mation Base (MI B) An acrony m for Management I nfor mation Base .
G LOSSAR Y Glossary-6 Port Trunk Define s a network link ag g reg ation and tr unki ng method which spec ifies how to create a single high-sp eed logical link that combines sev eral lower -speed p hysical links . Private VLANs Pri vate V LANs pro vide port-based se curity and isol ation be tween p orts withi n the assi gned VLAN .
G LOSSAR Y Glossary-7 Sim ple Netwo rk Mana gemen t Pr otoc ol (S NMP) The appl ication proto col in the In ternet sui te of pro tocol s whi ch of fers network manag emen t ser vice s . Simple Networ k Time Protocol (SNTP) SNTP allow s a devic e to set i ts int ernal cloc k based on peri odic updat es from a Netw ork Time Protocol (NTP) se r ver .
G LOSSAR Y Glossary-8 User Datagra m Protocol (UDP) UDP pro vides a d atagram mode for pack et-switc hed comm unications . It uses IP as the un derlying transp ort mechani sm to pr ovi de access to IP-li ke ser v ices.
Index-1 Numerics 802.1x, port authen tication 4-104 A acceptab le frame type 3-155 , 4-237 Access Control List See ACL ACL Extended IP 3-62 , 4-114 , 4-11 6 , 4-120 MAC 3-62 , 4-114 , 4- 135 , 4-136 .
I NDE X Index-2 E edge port, STA 3-129 , 3-132 , 4-22 1 event logging 4-58 F firmware displaying version 3-14 , 4-83 upgra ding 3-2 2 , 4-86 G GARP VLAN Regis tration Protocol See GVRP gateway, defaul.
I NDEX Index-3 multicast groups 3-1 87 , 4-276 displaying 4-276 static 3-187 , 4-274 , 4 -276 multicast services configuring 3-1 88 , 4-274 displaying 3-187 , 4-276 multicast, static router port 3-186.
I NDE X Index-4 interface settings 3- 126 , 3-137 , 3-1 39 , 4-219 – 4-227 , 4-228 link type 3-129 , 3-132 , 4-223 path cost 3-118 , 3-128 , 4-219 path cost method 3-124 , 4-212 port priority 3-129 .
.
38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Canada (2 4 hours a day , 7 days a week) (800) SMC-4-YOU; Phn: (949) 679-800 0; Fax: (949) 679-1481 Fro m Euro pe: Contac t de tail s can be fo und o n www .
An important point after buying a device SMC Networks SMC8624/48T (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought SMC Networks SMC8624/48T yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data SMC Networks SMC8624/48T - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, SMC Networks SMC8624/48T you will learn all the available features of the product, as well as information on its operation. The information that you get SMC Networks SMC8624/48T will certainly help you make a decision on the purchase.
If you already are a holder of SMC Networks SMC8624/48T, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime SMC Networks SMC8624/48T.
However, one of the most important roles played by the user manual is to help in solving problems with SMC Networks SMC8624/48T. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device SMC Networks SMC8624/48T along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center