Instruction/ maintenance manual of the product SMC8724M SMC Networks
Go to page of 592
T igerStack 10G Gigabit Ether net Switch ◆ 24/48 auto-MDI/MDI-X 10 /100/1000B ASE-T ports ◆ 4 ports shared with 4 SFP transcei ver slots ◆ Non-blocking switching architecture ◆ Support for a r.
.
.
38 T esla Irvine, CA 92618 Phone: (949) 679 -8000 T igerStack 10G Management Guide From SMC’ s Tiger line of feature-rich workgroup LAN solutions October 2004 Pub.
Infor mation fur nished by SMC Netw orks , Inc. (SMC) is believed to be accurate and reliable. Ho wever , no re sponsibility is assumed by SMC for its use, nor for any infringements of patents or o ther rights of third parties which may result from its use .
ii L IMITED W ARRANTY Limited W ar ranty Statement: SMC Net works , Inc. (“SMC”) w ar rants its products to be free from defects in workma nship and materials , under normal use and ser vice, for the applicable warranty ter m.
L IMITED W AR RANTY iii WARRANTIES EX CLUSIVE: IF AN SMC PRODUCT DOES NOT OPERA TE AS W ARRANTED ABO VE, CUSTOMER’S SOLE REMEDY SHALL BE REP AIR OR REPLA CEMENT OF THE PRODUCT IN Q UESTION, A T SMC’S OPTION .
L IMITED W AR RANTY iv.
iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Feature s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Description of Software Fea tures . . .
C ONTENTS iv Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Main Menu . . . . . . . . . . . . . . . . . . . .
C ONTENTS v Configuring Local/Rem ote Logon Authentic ation . . . . . . . . . 3-60 Configuring HT TPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 -65 Replacing the De fault Secure-sit e Certificate . . . . . . . . . . . 3 -66 Configuring the Secu re Shell .
C ONTENTS vi Configuring Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126 Showing Port Statisti cs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-127 Address Table Settings . . . . . . . . . . . . . . . . .
C ONTENTS vii Selecting IP Precedence/DSCP Priori ty . . . . . . . . . . . . . 3- 193 Mapping IP Prece dence . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 Mapping DSCP Priority . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 195 Mapping IP Port Priority .
C ONTENTS viii line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 14 login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 password . . . . . . . .
C ONTENTS ix ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42 Telnet Server C ommands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 ip telnet server . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS x clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-73 calendar set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74 show calendar . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xi dot1x defaul t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105 dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106 dot1x port-control . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xii ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-144 show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-145 show access-group . . . . . . . . . . . . . . . . . . . .
C ONTENTS xiii media-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-179 shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-180 switchport broadcast packet-r ate . . .
C ONTENTS xiv mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-221 name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-222 revision . . . . . . . . . . . . . . .
C ONTENTS xv GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . . . . . . . 4-254 bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-254 show bridge-ext . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xvi ip igmp snooping query-max-response-time . . . . . . . . . . 4-283 ip igmp snooping router-port-expire-time . . . . . . . . . . . . 4-284 Static Multicast Routing Commands . . . . . . . . . . . . . . . . . . . . 4-285 ip igmp snooping vlan mrouter .
xvii T ABLES Table 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System De faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Web Page Configurat ion Buttons .
T ABLES xviii Table 4-17 Event Logging Commands . . . . . . . . . . . . . . . . . . . . . . . 4-56 Table 4-18 Logging Lev els . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58 Table 4-19 show logging flash/ram - dis p lay description .
T ABLES xix Table 4-54 Address Table Commands . . . . . . . . . . . . . . . . . . . . . . 4-206 Table 4-55 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . 4-210 Table 4-56 VLAN Comm ands . . . . . . . . . . . . . . . . . . . . . . .
xx F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 3-3 System Information . . . . . . .
F IGURES xxi Figure 3-34 SSH Server Set tings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 Figure 3-35 Port Securit y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76 Figure 3-36 802.1X Global Information . . .
F IGUR ES xxii Figure 3-71 MSTP Port Con figuration . . . . . . . . . . . . . . . . . . . . . . 3-163 Figure 3-72 Enabling GVRP Statu s . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 Figure 3-73 VLAN Basic Information . . . . . . . . . . . . .
1-1 C HAPTER 1 I NTRODUCTION This switch provides a broad range of featu res for Layer 2 switching. It includes a management agent that allows y ou to configure the feat ures listed in this manual. The default config uration can be used for most of the features provided by this switch.
I NTR ODUCTION 1-2 Description of Software Features The switch provides a wide range of adva nced perfor mance enhancing features . Flow control eli minates the loss of pac kets due to bottlenec ks caused by port saturation. Broadcast stor m suppression prevents broadcast traffic stor ms from engulfing the netw ork.
D ESCRIPTION OF S OFTWARE F EATURES 1-3 network applications . Some of the management featur es are brief ly described below . Configuration Backup and Restore – Y ou can sav e the current configuration settings to a file on a TFTP ser ver , and later download this file to restore the switch configuration settings.
I NTR ODUCTION 1-4 packets when port buffer thresholds are ex ceeded. T he switch supports flow control based on th e IEEE 802.3x standard. Rate Limi ti ng – This feature controls the ma ximum rate for tra ffic transmitted or re ceiv ed on an interf ace.
D ESCRIPTION OF S OFTWARE F EATURES 1-5 IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging . The address table facilitates data switching by learning addresses, and then filtering or forwarding tr affic based on this information.
I NTR ODUCTION 1-6 prevents VLAN members from being segmented from the rest of the g roup (as sometimes occurs with IEEE 802.1D ST A). Vir tua l LA Ns – The switch supports up to 255 VLANs. A Virtual LAN is a collection of netw ork nodes that share the same collision domain regardless of their physical location or connection point in the network.
S YSTEM D EFAULTS 1-7 priorities are mapped to a Class of Service value by the switc h, and the traffic then sent to the corresponding output queue. Multicast Filtering – Specific multicast traffic .
I NTR ODUCTION 1-8 Authentication Priv ileged Exec Level Username “admin” Password “admin” Normal Exec Leve l Username “guest” Password “guest” Enable Privile ged Exec from Normal Exec Level Password “super” RADIUS Authenti cation Di sabled TACACS Authentication Disabled 802.
S YSTEM D EFAULTS 1-9 Port Configuration Admin Status Enable d Auto-negotiat ion Enabled Flow Control Disabled Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP (all.
I NTR ODUCTION 1-10 IP Settings Management VLAN Any VLAN configured with an IP address IP Address 0.0.0.0 Subnet Mask 255.0.0.0 Default Gateway 0.0.0.0 DHCP Client: Enabled DNS Server: Disabled BOOTP .
2-1 C HAPTER 2 I NITIAL C ONFIGURATION Connecting to the Switch Configuration Options The switch includes a built-in network management agent. T he agent offers a variety of management options , including SNMP , RMON (Groups 1,2 3, 9) and a W eb-based inte rface .
I NITIAL C ONFIGURATION 2-2 The switch’ s W eb interface, CLI conf iguration prog ram, and SNMP agent allow y ou to perfor m the following management functions: • Set user names and passwords • .
C ONNECTING TO THE S WITCH 2-3 Attach a VT100-compatible terminal, or a PC r unning a ter minal emulation program to the switch. Y ou can use the console cable pro vided with this pac kag e, or use a n ull-mode m cable that complies with the wiring assignments shown in the Installation Guide.
I NITIAL C ONFIGURATION 2-4 F or a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI commands and detailed infor mation on using the CLI, refer to “Command Groups” on page 4-11.
S TACK O PERATIONS 2-5 Stack Operations Up to eight 24-port or 48-por t Gigabit switches can be stack ed tog ether as described in the Ins tallation Guide .
I NITIAL C ONFIGURATION 2-6 • If a unit is removed from the stack, and powered up as a stand-alone unit, it will also retain the orig inal unit number obtained during stacking. Master Backup Unit Once the Master unit finishes booting up , the Slave unit in the stac k with the low est MA C address functions as the primary backup unit.
S TACK O PERATIONS 2-7 fails , the stack will be broken in tw o . The Stack Link LED on the unit that is no longer receiving traffic from the next unit up in the stack will begin flashing to indicate that the stack link is brok en.
I NITIAL C ONFIGURATION 2-8 Resilient Configuration If a unit in the stac k fails , the unit numbers will not change . This me ans that when you re place a unit in the st ack, the original configuration for the f a i l e d u n i t w i l l b e r e s t o r e d t o t h e r e placement unit.
B ASIC C ONFIGURATION 2-9 3. At the P assword prompt, also enter “admin.” (T he passw ord characters are not displa yed on the console screen.) 4. The session is opened and the CLI displa ys the “Console#” prompt indicating you ha ve access at the Privileged Exec leve l.
I NITIAL C ONFIGURATION 2-10 Setting an IP Address Y ou must establish IP addres s info r mation for the switch to obtain management access through the network. This can be done in either of the following wa ys: Manua l — Y ou have to input the inform ation, including IP address and subnet mask.
B ASIC C ONFIGURATION 2-11 3. T ype “exit” to retur n to the gl obal configuration mo de prompt. Press <Enter>. 4. T o set the IP address of the default gateway for the netw ork to which the switch belongs , ty pe “ip default-g atewa y ga te way , ” where “g atew ay” is the IP address of the default gateway .
I NITIAL C ONFIGURATION 2-12 • To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>. 3. T ype “end” to retur n to the Privileged Exec mode . Press <Enter>. 4. T ype “ip dhcp restart” to begi n broadcasting ser vice requests .
B ASIC C ONFIGURATION 2-13 The switch includes an SNMP agent that supports SNMP version 1, 2c , and 3 clients . T o provide management access for v ersion 1 or 2c clients, you mu st specify a community string . The switch provides a default MIB View (i.
I NITIAL C ONFIGURATION 2-14 Note: If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you delete both of the default community st rings. If there are no community strings, then SNMP management access fr om SNMP v1 and v2c c lients is disabled.
B ASIC C ONFIGURATION 2-15 MIB-2 tree branch, and then another view that includes the IEEE 802.1D bridge MIB . It assigns these re spectiv e read and read/writ e views to a g roup called “r&d” and specifies g r oup authentication via MD5 or SHA.
I NITIAL C ONFIGURATION 2-16 Managing System Files The switch’ s flash memor y suppor ts thr ee types of system files that can be managed by the CLI program, W eb inte rface, or SNMP . The switch’ s file system allows files to be uploaded and do wnloaded, copied, deleted, and set as a start-up file.
M ANAGING S YSTEM F ILES 2-17 Note that configuration files should be do wnloaded using a file name that reflects the contents or usage of the file settin gs . If you do wnload directly to the r unning-config, the system will reboot, and the settings will hav e to be copied from the r unning-config to a per manent file.
I NITIAL C ONFIGURATION 2-18.
3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using the Web Interface T h i s s w i t c h p r o v i d e s a n e m b e d d e d HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor netw ork activity . T he W eb agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.
C ONFIGURING THE S WITCH 3-2 Notes: 1. You are allowed three att empts to enter the correct password; on the third failed attempt the current connection is terminated. 2. If you log into the Web interface as guest (Normal E xec level), you can view the configuration settings or change the guest password.
N AVIGATING THE W EB B RO WS ER I NTERFACE 3-3 Navigating the Web Browser Interface T o access the w eb-browser interfac e you must first ent er a user name and password. The administrator has R ead/W rite access to all configuration parameters and statistics .
C ONFIGURING THE S WITCH 3-4 Configuration Options Configurable parameters hav e a dial og box or a drop-down list. Once a configuration change has been made on a page, be sure to clic k on the Apply button to confir m the new settin g . The following table summarizes the web page configuration buttons .
N AVIGATING THE W EB B RO WS ER I NTERFACE 3-5 Main Menu Using the onboard web agent, you can define system pa rameters , manage and control the switc h, and all its ports, or monitor netw ork conditions . The following table briefl y describes the selections available from this prog ram.
C ONFIGURING THE S WITCH 3-6 Reset Restarts the switch 3-41 SNTP 3-42 Configuration Configures SNTP client setti ngs, including broadcast mode or a spec ified list of servers 3-42 Clock Time Zone Sets.
N AVIGATING THE W EB B RO WS ER I NTERFACE 3-7 Configuration Config ures protocol paramete rs 3-79 Port Configuration Sets the auth enti cation mode for individual ports 3-80 Statistics Displays proto.
C ONFIGURING THE S WITCH 3-8 Port Broadcast Cont rol Sets the broadc ast storm thresh old for each port 3-123 Trunk Broadcast Control Sets the broadcast stor m threshold for each trunk 3-123 Mirror Po.
N AVIGATING THE W EB B RO WS ER I NTERFACE 3-9 Trunk Configuration Configures indiv idual trunk settings for STA 3-153 MSTP VLAN Configuration Config ures priority and VLAN s for a spanning tree insta.
C ONFIGURING THE S WITCH 3-10 Private VLAN Status Enab les or disabl es the private VLAN 3-181 Link Status Configures the private VLAN 3-181 Protocol VLAN Configuration Creates a protocol group, speci.
N AVIGATING THE W EB B RO WS ER I NTERFACE 3-11 ACL CoS Priority Sets the CoS value and corresponding output queue f or packets matching an AC L rule 3-199 ACL Marker Change traffic prioriti es for fr.
C ONFIGURING THE S WITCH 3-12 Basic Configuration Displaying System Information Y ou can easily identify the system by displaying the device name, location and contact infor mation. Field Attributes • System Name – Name ass igned to the swit ch system.
B ASIC C ONFIGURATION 3-13 We b – Click System, System Infor mat ion. Specify the system name , location, and contact infor mation for th e sys tem administrato r, th en click Apply . (This pag e also includes a T elnet button that allows access to the Command Line Interface via T elnet.
C ONFIGURING THE S WITCH 3-14 CLI – Specify the hostname , location and contact infor mation. Displaying Switch Hardware/Software Versions Use the Switch Information pag e to display hardware/firmware version numb er s fo r the main board and management software, as well as the powe r status of the system.
B ASIC C ONFIGURATION 3-15 • Internal Power Status – Displays the status of the internal power supply. Management Softw ar e • EPLD Version – Version number of EEPR OM Programmable Logic Device. • Loader Version – Version number of loader code.
C ONFIGURING THE S WITCH 3-16 CLI – Use the following command to display v ersion infor mation. Displaying Bridge Extension Capabilities The Bridg e MIB includes extensions for manag ed devices that support Multicast Filtering, T r affic Classes, an d Vir tual LANs .
B ASIC C ONFIGURATION 3-17 • Local VLAN Capable – This switch does not support multiple local bridges outside of the scope of 802.1Q defined VLANs. • GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endsta tions with multicast groups.
C ONFIGURING THE S WITCH 3-18 Setting the Switch’s IP Address This section describes how to config ure an IP interfa ce for management access over the netw ork. The IP addr ess for this switch is obtained via DHCP by default. T o manually configure an address , you need to change the switch’ s default settings (IP addre ss 0.
B ASIC C ONFIGURATION 3-19 • Default Gate way – IP address of the ga teway router between this device and management stations th at exist on other network segments. (Default: 0.0.0.0) • MAC Address – The physical layer address for this switc h.
C ONFIGURING THE S WITCH 3-20 Using DHCP/BOOTP If your netw ork provides DHCP/BOO TP ser vices, you can configure the switch to be dynamically configured by these services. We b – Click System, IP C onfiguration. Specify th e VLAN to which the management station is at tached, set the IP Address Mode to DHCP or BOOTP .
B ASIC C ONFIGURATION 3-21 CLI – Specify the manag ement interface, and set the IP address mode to DHCP or BOOTP , and then ente r the “ip dhcp restart” command. Rene w ing DC HP – DHCP may lease addresses to clients indefinitely or for a specific period of time.
C ONFIGURING THE S WITCH 3-22 Managing Firmware Y ou can upload/download firmware to or from a TFTP ser ver , or copy files to and from switch units in a stac k. By saving runtim e code to a file on a TFTP ser ver , that file can later be downloaded to the switch to restore operation.
B ASIC C ONFIGURATION 3-23 Downloading System So ftware from a Server When downloading r untime co de, y ou can specify the destination file name to replace the cur rent imag e, or first do wnload the file using a different name from the current r unt ime code file, and then set the new file as the startup fi le.
C ONFIGURING THE S WITCH 3-24 If you do wnload to a new destination file, go to the File Management, Set Start-Up menu, mark the operation code file used at star tup , and click Apply . T o star t the new fir mware, reboot the system, via the System/R eset menu.
B ASIC C ONFIGURATION 3-25 CLI – T o download new firmware from a TFTP ser ver , enter the IP address of th e TFTP ser ver , select “config” as the fi le type, th en enter the source and destination file names . When the file has finished downloading, set the new file to start up the system, and then res tar t the switc h.
C ONFIGURING THE S WITCH 3-26 - running-config to startup-config – Copies the r unning config to the startup config. - running-config to tftp – Copies the r unning configuration to a TFTP ser ver . - startup-config to file – Copies the startup configuration to a file on the switch.
B ASIC C ONFIGURATION 3-27 Downloading Configuration Settings from a Server Y ou can download the configuratio n f ile under a new file name and then set it as the s tar tup file, or you can specify the current startup configuration file as the destination file to dire ctly re place it.
C ONFIGURING THE S WITCH 3-28 CLI – Enter the IP address of the TFTP server , specify the source file on the ser ver, set the startup fi le name on the switch, and then restar t the switch . T o select another configur ation file as the start-up configuration, use the boot system command and then restart the switc h.
B ASIC C ONFIGURATION 3-29 • Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt.
C ONFIGURING THE S WITCH 3-30 We b – Click System, Line , Console. Specify the console port connection parameters as required, then click Apply . Figure 3-13 Config urin g the Console Port CLI – Enter Line Configuration mode for the console , then specify the connection parameters as required.
B ASIC C ONFIGURATION 3-31 Telnet Settings Y ou can access the onboard configuratio n prog ram ov er the netw ork using T elnet (i.e. , a vir tual ter minal). Management access via T elnet can be enabled/disabled and other various para meters set, including t he TCP por t number , timeouts , and a passw ord.
C ONFIGURING THE S WITCH 3-32 We b – Click System, Line , T elnet. Spec ify the connection parameters for T elnet access , then clic k Apply . Figure 3-14 Configuring the Telnet Interface CLI – Enter Line Configuration mode for a virtual ter minal, then specify the connection parameters as required.
B ASIC C ONFIGURATION 3-33 Configuring Event Logging The switch allows y ou to control the log ging of er ror messages, including the type of events that are recorded in switch memory , log ging to a remote System Log (syslog) ser ver , and displays a list of recent event messages.
C ONFIGURING THE S WITCH 3-34 • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all leve ls up to th e specified level. For ex ample, if level 7 is speci fied, all messages from leve l 0 to level 7 wi ll be logged to RAM.
B ASIC C ONFIGURATION 3-35 CLI – Enable system log ging and then specify the level of messages to be log ge d to RAM and flash memor y . Use the show logging comm and to display the current settings .
C ONFIGURING THE S WITCH 3-36 • Host IP Address – Specifies a new server IP address to add to the Host IP List. We b – Cl ick S yst em , Log , Remo te Log s . T o ad d an I P a ddr ess to t he H ost IP List, type the new IP address in th e Host IP Address bo x, and then click Add.
B ASIC C ONFIGURATION 3-37 Displaying Log Messages Use the Logs page to scroll through the log ged system and event messages. The switch can store up to 2048 log en tries in temporar y random access memor y (RAM; i.e., memor y flushed on power reset) and up to 4096 entries in permanent f lash memor y .
C ONFIGURING THE S WITCH 3-38 Command Attributes • Admin Status – Enables/disables the SMTP function. (Default: Enabled) • Email Source Address – Sets the email address used for the “From” field in alert messages.
B ASIC C ONFIGURATION 3-39 We b – Clic k System, Log, SMTP. Enable SMTP, spec ify a source email address, and select the minimum severity level. To add an IP address to the SMTP Server List, type the new IP ad dress in the SMTP S erver field and cl ic k A dd .
C ONFIGURING THE S WITCH 3-40 CLI – Enter the IP addres s of at least one SMTP ser ver , set the syslog severity lev el to trig g er an email mess ag e, and specify the switc h (source) and up to five recipient (destination) email addresses. Enable SMTP with the log ging sendmail command to complete the configuration.
B ASIC C ONFIGURATION 3-41 therefore reme mber to save the current configurati on after renumbering the stack. • For a line topology, the stack is nu mbered from top to bottom, with the first unit (i.e., the unit with no connection on the Up port) in the stack designated as unit 1.
C ONFIGURING THE S WITCH 3-42 Setting the System Clock Simple Netw ork Time Protocol (SNTP) a llows the switch to set its intern al clock based on periodic updates from a time ser ver (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries .
B ASIC C ONFIGURATION 3-43 We b – Select SN TP , Config uration. Modify any of the required parameters , and click Apply . Figure 3-21 SNTP Configuration CLI – This example configures the switc h to operate as an SNTP client and then displays the current time and settings .
C ONFIGURING THE S WITCH 3-44 • Minutes (0-59) – The number of minutes before/after UTC. • Direction – Configures the time zone to be before (east) or after (west) UTC. We b – Select SNTP , Clock Time Zone. Set the offset for y our time zone relativ e to the UTC , and click Apply .
S IMPLE N ETWORK M ANAGEMENT P RO T OC OL 3-45 Simple Network Management Protocol Simple Netw ork Manage ment Protoc ol (SNMP) is a communication protocol designed specifically fo r managing devices on a network. Equipment commonly managed with SN MP includes switches, routers and host computers .
C ONFIGURING THE S WITCH 3-46 Each group also has a defined securi ty access to set of MIB objects for reading and writing, which are known as “views . ” T he switch has a default view (all MIB objects) and default grou ps de fined for security models v1 and v2c.
S IMPLE N ETWORK M ANAGEMENT P RO T OC OL 3-47 Enabling the SNMP Agent Enables SNMPv3 ser vice for all managem ent clients (i.e., versions 1, 2c, 3). Command Att ributes • SNMP Agent Status – Enables SNMP on the switch. We b – Click SNMP , Agent Status.
C ONFIGURING THE S WITCH 3-48 • Access Mode –Specifies the acce ss rights for the community string: - Read-Only – Authorized management stations are only able to retrieve MIB objects. - Read/Write – Authorized management st ations are able to both retrieve and modify MIB objects.
S IMPLE N ETWORK M ANAGEMENT P RO T OC OL 3-49 Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP addres s of a ne w management station to receive notification messages.
C ONFIGURING THE S WITCH 3-50 We b – Click SNMP , Configuration. En ter the IP address and comm unity string for each management station that will recei ve trap me ssages, speci fy the UDP port and SNMP version, and then clic k Add.
S IMPLE N ETWORK M ANAGEMENT P RO T OC OL 3-51 Setting an Engine ID An SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects against me ssage re play , delay , and redirection.
C ONFIGURING THE S WITCH 3-52 Configuring SNMPv3 Users Each SNMPv3 user is defined b y a uniq ue name. Users must be configured with a specific security level and assigned to a g roup. The SNMPv3 g roup restricts users to a specif ic read and a write view .
S IMPLE N ETWORK M ANAGEMENT P RO T OC OL 3-53 We b – Click SNMP , SN MPv3, Users . Clic k New to configure a user name. In the New User page, define a name and assign it to a group , then click Add to sav e the configuration and retu r n to the User Name list.
C ONFIGURING THE S WITCH 3-54 CLI – Use the snmp-ser ver user command to configure a new user name and assign it to a g roup. Configuring SNMPv3 Groups An SNMPv3 group sets the access policy for its assigned us ers, restricting them to specific re ad and write views.
S IMPLE N ETWORK M ANAGEMENT P RO T OC OL 3-55 We b – Click SNMP , SNMPv3, Groups . Click New to configure a new g roup . In the New Group pag e, define a name, ass ign a security model and level, and then select read and write views . Click Add to sa ve the new g roup and return to the Groups list.
C ONFIGURING THE S WITCH 3-56 CLI – Use the snmp-ser ver group command to configure a new group, specifying the security model and level, and restricting MIB access to defined read and write views. Setting SNMPv3 Views SNMPv3 views are used to re strict user access to specifie d por tions of the MIB tree.
S IMPLE N ETWORK M ANAGEMENT P RO T OC OL 3-57 We b – Click SNMP , SNMPv3, Views . Click New to configure a new view . In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view . Click Back to save the new view and retur n to the SNMPv3 Views list.
C ONFIGURING THE S WITCH 3-58 CLI – Use the snmp-ser ver view command to conf igure a new view . This example view i ncludes the MIB-2 int erfaces table , and the wildc ard mask selects all index entries .
U SER A UTHENTICATION 3-59 Configuring User Accounts The guest only has read access for most configuration parameters . Howev er, the administrator has write ac cess for all parameters g overning the onboard agent. Y ou should ther efore assign a new administrator password as soon as possible, an d s tore it in a safe place.
C ONFIGURING THE S WITCH 3-60 We b – Clic k Security , User Accounts . T o configure a new user account , enter the user name, access level, and passw ord, then click Apply . T o change the passw ord for a specific user , enter the user name and new password, confirm the password by ente ring it again, then click Apply .
U SER A UTHENTICATION 3-61 Rem o t e Authentication Dial-in User Ser vice (RADIUS) and T e r minal Access Controller Access Control System Plus ( T AC AC S + ) a r e log on authentication protocols that use softw are r unning on a central ser ver to control access to RADIUS-a w are or T A CA CS -awa re devices on the network.
C ONFIGURING THE S WITCH 3-62 • You can specify up to three authentication methods for any user to indicate the authentication sequence . For exampl e, if you select (1) RADIUS, (2) TACACS and (3) Local, the user name and password on the RADIUS server is verified first.
U SER A UTHENTICATION 3-63 - Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2) - Timeout for a reply – The number of seconds the switch waits for a reply from the RADIU S server before it resends the re quest.
C ONFIGURING THE S WITCH 3-64 We b – Click Secur ity , A uthentication Settings . T o configure local or remote authentication preferences , specify the authen tication sequence (i.e., one to three methods), fill in the parameters for RADIUS or T AC ACS + authentication if selected, and click Apply .
U SER A UTHENTICATION 3-65 Configuring HTTPS Y ou can configure the switch to enable the Secure Hypertext T ransfer Protocol (HTTPS) ov er the Secure So cket La yer (SSL), providing secure access (i.e ., an encr ypted connection) to the switc h’ s web inter face.
C ONFIGURING THE S WITCH 3-66 Command Attributes • HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled) • Change HTTPS Port Number – Specifies the UDP port number used for HTTPS/SSL connection to the switch’s web interface.
U SER A UTHENTICATION 3-67 Note: For maximum security, we recommend you obtain a unique Secure Sockets Layer certificat e at the earliest opportunity. Th is is because the default certificate for the switch is not unique to the hardware you have purchased.
C ONFIGURING THE S WITCH 3-68 Note: The switch supports both SSH Vers ion 1.5 and 2.0. Command Usag e The SSH ser ver on this switch supports both passw ord and public key authentication.
U SER A UTHENTICATION 3-69 authenticat ed using these k eys . The current fir mware only accepts public key files based on stan dard UNIX for mat as shown in the following example for an RSA V ersion .
C ONFIGURING THE S WITCH 3-70 2. The SSH server supports up to four client sessions. The maximum number of client se ssions includes both current Telnet sessions and SSH ses sions. Generating the Host Key Pair A host public/pri vate key pair is used to pro vide secure co mmunications between an SSH client and the switch.
U SER A UTHENTICATION 3-71 We b – Click Secur ity , SSH, Host-Key Settings . Select the host-key type from the drop-down bo x, select the option to sa ve the host k ey from memor y to f lash (if required ) prior to g enerating the key , and then click Generate.
C ONFIGURING THE S WITCH 3-72 CLI – This example g enerates a host-key pair using both the RSA and DSA alg orithms , stores the keys to f lash memor y , and then displa ys the host’ s public keys . Configuring the SSH Server The SSH se r ver includes basic settings for authentication.
U SER A UTHENTICATION 3-73 • SSH Authentication Retries – Spec ifies the number of authentication attempts that a client is allowed before authentication fails and the client has to resta rt the authentication proc ess. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Specifies the SSH server key size.
C ONFIGURING THE S WITCH 3-74 CLI – This example enables SSH, sets the authentication par ameters, and display s the current configuration. It sho ws that the administrator has made a connection via SHH, and then disables this connection.
U SER A UTHENTICATION 3-75 already in the address table will be retained and will not ag e out. Any other device that attempts to u se the port will be prevented fr om accessing the switch. Command Usag e • A secure port has the following restrictions: - It cannot use port monitoring.
C ONFIGURING THE S WITCH 3-76 We b – Click Secur ity , P or t Security . Set the action to take when an invalid address is dete cted on a port, mark the checkbo x in the Status column to enable security for a port, set the maximum number of MA C addresses allow ed on a port, and click Apply .
U SER A UTHENTICATION 3-77 ports in a network can be centrally controlled from a server , which means that authorized users can use the same credential s for authentication from any point within the network.
C ONFIGURING THE S WITCH 3-78 The operation of 802.1X on the switch requires the following: • The switch must have an IP address assigned. • RADIUS authenti cation must be en abled on the switch and the IP address of the RADIUS server specified. • Each switch port that will be used must be set to dot1x “Auto” mode.
U SER A UTHENTICATION 3-79 CLI – This example shows the de fault global settings for 802.1 X. Configuring 802.1X Global Settings The 802.1X protocol includes por t au thentication. The 802.1X protocol must be enabled globally for the swit ch system before por t settings are active .
C ONFIGURING THE S WITCH 3-80 CLI – This example enables 802.1X globally for the switch. Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that r uns betwee n the client and the switch (i.
U SER A UTHENTICATION 3-81 • Max Request – Sets the maximum number of ti mes the switch port will retransmit an EAP request packet to the client before it times out the authentication session.
C ONFIGURING THE S WITCH 3-82 CLI – This example sets the au thentication mode to enab le 802.1X on port 2, and allows up to ten clients to connect to this port.
U SER A UTHENTICATION 3-83 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol ex changes for any port. Table 3-6 802.1X Statistics Parameter Description Rx EAPOL Start The number of EAPO L Start frames that have been received by this Authenticat or.
C ONFIGURING THE S WITCH 3-84 We b – Select Security , 802.1X , Stat istics . Select th e required por t and the n click Query . Click R efresh to update the statistics . Figure 3-39 802.1X Port Statistics CLI – This example displays the 802.1X statistics for por t 4.
U SER A UTHENTICATION 3-85 Filtering IP Addresses for Management Access Y ou can create a list of up to 16 IP addresses or IP address groups that are allow ed manag ement access to the switc h through the W eb interface, SNMP , or T elnet. Command Usag e • The management interfaces are open to all IP addresses by default.
C ONFIGURING THE S WITCH 3-86 • Start IP Address – A single IP address, or the starti ng address of a range. • End IP Address – The end address of a range. We b – Click Security , IP Filter . Ente r the IP addresses or range of addresses that are allow ed management access to an interface, and click Add IP Filtering Entr y .
A CCESS C ONTR OL L ISTS 3-87 Access Control Lists Access Control Lists (A CL) provide packet filtering for IP frames (based on address , protocol, Layer 4 protocol por t number or TCP control co de) or any frames ( based on MA C addres s or Ethernet type).
C ONFIGURING THE S WITCH 3-88 • When an ACL is bound to an inte rface as an egress filter, all entrie s in the ACL must be deny rules. Otherwise, the bind operation will fail. • The switch does not support the explicit “den y any any” rule for the egress IP ACL or the egress MAC ACLs .
A CCESS C ONTR OL L ISTS 3-89 We b – Click Security , A CL, Configurat ion. Enter an A CL name in the Name field, select the list type (IP Standard, IP Extended, or MA C), and click Add to open the configuration page for the new list. Figure 3-41 Selecting ACL Type CLI – This example creates a standard IP AC L named bill.
C ONFIGURING THE S WITCH 3-90 We b – Specify the action (i.e., P er mit or Deny). S elect the address type (Any , Host, or IP). If you select “Hos t, ” enter a specific address . If you select “IP ,” enter a subnet address an d the mask for an address range.
A CCESS C ONTR OL L ISTS 3-91 • Source/Destination Subnet Mask – Subnet mask for source or destination address. (See the de scription for SubMask on page 3-89.) • Service Type – Packet priori ty settings ba sed on the following criteria: - Pre cedence – IP preced ence level.
C ONFIGURING THE S WITCH 3-92 We b – Specify the action (i.e., P er mit or Deny). Specify the source and/or destination addresses . Select the addr ess type (Any , Host, or IP). If you select “Host, ” enter a specific add ress . If you select “IP ,” enter a subnet address and the mask for an address range .
A CCESS C ONTR OL L ISTS 3-93 3. P er mit all TCP packets from cla ss C addresses 192.168.1.0 with the TCP control code set to “SYN . ” Configuring a MAC ACL Command Attributes • Action – An ACL can contain all perm it rules, deny rules, or a combination of both.
C ONFIGURING THE S WITCH 3-94 • Packet Format – This attribute inc ludes the following pac ket types: - Any – Any Ethernet packet type. - Untagged-eth2 – Untagged Ethernet II packets. - Untagged-802.3 – Untagged Ethernet 802.3 packe ts. - Tagged-eth2 – Tagged Ethernet II packets.
A CCESS C ONTR OL L ISTS 3-95 CLI – This r ule per m its packets from any source MA C address to the destination address 00-e0-29-94-34-d e where the Ethernet type is 0800. Configuring ACL Masks Y ou must specify masks that contro l the order in whic h A CL r ules are check ed.
C ONFIGURING THE S WITCH 3-96 We b – Click Security , ACL, Mask Conf igur ation. Click Edit for one of the basic mask types to open the configuration page. Figure 3-45 Selecting ACL Mask Types CLI – This example creates an IP ingress mask, and then adds two rules.
A CCESS C ONTR OL L ISTS 3-97 specify a host address (not a subnet) , or “IP” to specify a range of addresses. (Options: Any, Host, IP; Default: Any) • Source/Destination Subnet Mask – Source or de stination address of rule must match this bitmask.
C ONFIGURING THE S WITCH 3-98 CLI – This shows that the entries in the mask ov er ride the precedence in which the rules are entered into the A CL. In the following example, packets with the source address 10. 1.1.1 are dropped because the “deny 10.
A CCESS C ONTR OL L ISTS 3-99 We b – Configur e the mask to match t he required rules in the MA C ingress or eg ress A CLs . Set the mask to check for any source or destination address, a host address, or an address range. Use a bitmas k to search for specific VLAN ID(s) or Ether net type(s).
C ONFIGURING THE S WITCH 3-100 CLI – This example shows ho w to create an Ing ress MA C A CL and bind it to a port. You can then see that th e order of the rules have been changed by the mask.
A CCESS C ONTR OL L ISTS 3-101 • When an ACL is bound to an inte rface as an egress filter, all entrie s in the ACL must be deny rules. Otherwise, the bind operation will fail. • The switch does not support the explicit “den y any any” rule for the egress IP ACL or the egress MAC ACLs .
C ONFIGURING THE S WITCH 3-102 CLI – This examples assigns an IP and MA C ingr ess A C L to port 1, and an IP ing ress A CL to port 2. Port Configuration Displaying Connection Status Y ou can use th.
P ORT C ONFIGURATION 3-103 We b – Click P or t, P ort Infor mation or T r unk Infor mation. Figure 3-49 Port Status Information Field Attributes (CLI) Basic information: • Port type – Indicates the port ty pe. (1000BASE-T or SFP) • MAC address – The physi cal layer addr ess for this port.
C ONFIGURING THE S WITCH 3-104 - 100full - Supports 100 Mbps full-duplex operation - 1000full - Supports 1000 Mbps full-duplex operation •B r o a d c a s t s t o r m – Shows if broadcast storm control is enabled or disabled. • Broadcast storm limit – Shows the broadcast storm threshold.
P ORT C ONFIGURATION 3-105 CLI – This example shows the connection status f or P or t 5. Configuring Interface Connections Y ou can use the P ort Configuration or T r unk Configuration page to enable/disable an interface, set auto-neg otiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
C ONFIGURING THE S WITCH 3-106 • Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotia ti on is enabled, you need to specify the c apabilities to be adve rtised . When auto-negotiation is disabled, you can force the settings fo r speed, mode, and flow control.
P ORT C ONFIGURATION 3-107 We b – Click P ort, Port Configuration or T r unk Configuration. Modify the required interface settings, and clic k Apply . Figure 3-50 Port - Port Configuration CLI – Select the interface , and then enter the required settings .
C ONFIGURING THE S WITCH 3-108 The switch supports both static tr unking and dynamic Link Ag g reg ation Control Protocol (LA CP). Static tr unks have to be man ually configured at both ends of the link, and the switches must comply with the Cisco EtherChannel standard.
P ORT C ONFIGURATION 3-109 • All the ports in a trunk have to be treated as a whole when moved from/to, added or de leted from a VLAN. • STA, VLAN, and IGMP settings can only be made for the entire trunk.
C ONFIGURING THE S WITCH 3-110 We b – Click P or t, T r unk Membership . Enter a tr unk ID of 1-32 in the T r unk fiel d, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding port s to the member list, click Apply .
P ORT C ONFIGURATION 3-111 CLI – This example creates trunk 2 wi th por ts 9 and 10. J ust connect these ports to two static trunk por ts on another switch to form a tr unk.
C ONFIGURING THE S WITCH 3-112 • A trunk formed with another switch using L ACP will automatically be assigned the next available trunk ID. • If more than eigh t ports attached to the sa me target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
P ORT C ONFIGURATION 3-113 CLI – The following example enables LA CP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to for m a tr unk.
C ONFIGURING THE S WITCH 3-114 Note: If the port channel admin key (l acp admin key, page 4-199) is not set (through the CLI) when a channel group is formed (i.
P ORT C ONFIGURATION 3-115 We b – Click P or t, LA CP , Ag g regation P ort. Set the System Priori ty , Admin Key , and Port Priority for t he P or t Actor .
C ONFIGURING THE S WITCH 3-116 CLI – The following example configures LA CP parameters for ports 1-6. P orts 1-4 are used as acti ve members of the LA G; ports 5 and 6 are set to backup mode . Displaying LACP Port Counters Y ou can display statistics for LA CP protocol messages.
P ORT C ONFIGURATION 3-117 We b – Click P or t, LA CP , P or t Counters Infor mation. Select a member port to display the cor responding infor mation. Figure 3-54 LACP - Port Counters Information Marker Received Number of valid Marker PDUs rece ived by this ch annel group.
C ONFIGURING THE S WITCH 3-118 CLI – The following example displa ys LA CP counters for port channel 1. Displaying LACP Settings a nd Status for the Local Side Y ou can display configuration settin gs and the operational state for the local side of a link ag g reg ation.
P ORT C ONFIGURATION 3-119 Admin State, Oper State Administrative or operational valu es of the actor’s state parameters: • Expired – The actor’s re ceive machine is in the ex pired state; • Defaulted – The acto r’s receive machine is u sing defaulted operational partner inform ation, administra tively configured for the partner.
C ONFIGURING THE S WITCH 3-120 We b – Click P or t, LA CP , Port Internal Infor mation. Select a por t channel to display the corresponding infor mation. Figure 3-55 LACP - Port Internal Information CLI – The follo wing example disp lays the LA CP configuration settings and operational state for the local side of port channel 1.
P ORT C ONFIGURATION 3-121 Displaying LACP Settings a nd Status for the Remote Side Y ou can display configuration settin gs and the operational state for the remote side of a link ag gr egation. Table 3-9 LACP Nei ghbor Configuration Informati on Field Description Partner Admin System ID LAG partner’s system ID assign ed by the user.
C ONFIGURING THE S WITCH 3-122 We b – Click P or t, LA CP , Port Neighbors Infor mation. Select a port channel to display the corresponding infor mation. Figure 3-56 LACP - Port Neighbors Informat ion CLI – The follo wing example disp lays the LA CP configuration settings and operational state for the remote side of por t channel 1.
P ORT C ONFIGURATION 3-123 Setting Broadcast Storm Thresholds Broadcast stor ms may occur when a device on your netw ork is malfunctioning, or if application pr ograms are not well designed or properly configur ed. If there is to o m uch broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
C ONFIGURING THE S WITCH 3-124 We b – Click P or t, P ort Broadcast Cont rol or T r unk Broadcast Control. Check the Enabled bo x for any interface, set the threshold, and click Apply . Figure 3-57 Port Broadcast Control CLI – Specify any interfa ce, and then enter the threshold.
P ORT C ONFIGURATION 3-125 Configuring Port Mirroring Y ou can mir ror traffic from any source port to a targ et port for real-time analysis . Y ou can th en attach a logic analyzer or RMON probe to the targ et port and study the traffic crossing the source port in a completely unobtr usiv e manner .
C ONFIGURING THE S WITCH 3-126 We b – Click P ort, Mir ror Port Configur ation. Specify the source por t, the traffic type to be mir r ored, and the moni tor port, the n click Add. Figure 3-58 Configuring a Mirr or Port CLI – Use the interface comma nd to select the monitor port, then use the port monit or command to specify the sourc e port.
P ORT C ONFIGURATION 3-127 Command Attribute Rate Limi t – Sets the outpu t rate limit for an interface. Default Status – Disabled Default Rate – 1000 Mbps Range – 1 - 1000 Mbps We b - Click Rate Limit, Input/ Output P or t/T r unk Configuration.
C ONFIGURING THE S WITCH 3-128 unusually heavy loading). RMON statis tics provide access to a broad range of statistics , including a total coun t of different frame types and sizes passing through each port. All values displayed hav e been accumulated since the last system rebo ot, and are shown as counts per second.
P ORT C ONFIGURATION 3-129 Transmit Uni cast Packets The total n umber of packets t hat higher-level protocols re quested be transmitted to a subnetwork-unicast address, inc luding those that were discarded or not sent.
C ONFIGURING THE S WITCH 3-130 Single Collision F rames The number of successfully transm itted frames for which transmis sion is inhi bited by exactl y one collision. Internal MA C Transmit Errors A count of frames for which transmissio n on a particular interface fails due to an internal MAC sublayer transmit error.
P ORT C ONFIGURATION 3-131 Collisions The best estimate of the total n umber of collisions on this Ethernet segment. Received Frame s The total number of frames (bad, broadcast and multicast) received. Broadcast Frame s The total num ber of good fram es received that we re directed to the broadcast addr ess.
C ONFIGURING THE S WITCH 3-132 We b – Click P or t, P or t Statistics . Select the required interface, and click Quer y . Y ou can also use the R efresh button at the bottom of the page to update the screen.
P ORT C ONFIGURATION 3-133 Figure 3-61 Port Statistics (continued).
C ONFIGURING THE S WITCH 3-134 CLI – This example shows statistics for port 13. Address Table Settings Switches store the addresses for all known devices . T his infor mation is used to pass traffic directly betwee n the inbound and outbound ports .
A DDR ESS T ABLE S ETTINGS 3-135 Command Attributes • Static Address Counts 5 – The number of manually configured addresses. • Current Static Address Table – Lists all the static addresses. • Interface – Port or trunk associated with the device assigned a static address.
C ONFIGURING THE S WITCH 3-136 Displaying the Address Table The Dynamic Address T able contains the MA C addresses learned by monitoring the source address for tr affic entering the switc h.
A DDR ESS T ABLE S ETTINGS 3-137 We b – Click Address T able, Dynamic Addresses . Specify the search type (i.e ., mark the Interface, MA C Address , or VLAN checkbo x), select the method of sor ting the displayed addresses , and then click Quer y .
C ONFIGURING THE S WITCH 3-138 • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) We b – Click Address T able, Address Aging . Specify the new aging time, click Apply . Figure 3-64 Address Aging CLI – This example sets the aging time to 400 seconds .
S PANNING T REE A LGORITHM C ONFIGURATION 3-139 ST A uses a distributed alg orithm to select a bridging device (STA-compliant switch, bridge or rout er) that serves as the root of the spanning tree network.
C ONFIGURING THE S WITCH 3-140 When using STA or RSTP , it may be di fficult to maintain a stable path between all VLAN members . Frequent changes in the tree str ucture can easily isolate some of the group memb ers . MSTP (an extension of RSTP) is designed to support independent spa nning trees based on VLAN groups .
S PANNING T REE A LGORITHM C ONFIGURATION 3-141 • Forward Delay – The maximum time (in seconds) the root device will wait before changing sta tes (i.e., di scarding to learning to forwarding). This delay is required because ever y device must re ceive information about topology changes before it star ts to forward frames.
C ONFIGURING THE S WITCH 3-142 • Root Hello Time – Interval (in seconds) at which this device transmits a configuration messa ge. • Root Maximum Age – The maximum time (in seconds) thi s device can wait without receiving a configuration message be fore att emptin g to reconfigure.
S PANNING T REE A LGORITHM C ONFIGURATION 3-143 We b – Click Spann ing T ree, STA, Information. Figure 3-65 STA Information CLI – This command displays global STA settings , followed by settings for each port . Note: The current root port and current r oot cost display as zer o when this device is not connected to the network.
C ONFIGURING THE S WITCH 3-144 Configuring Global Settings Global settings apply to the entire switch. Command Usag e • Spanning Tree Algorithm 6 Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates one spanning tree instance for the entire ne twork.
S PANNING T REE A LGORITHM C ONFIGURATION 3-145 - Be careful when switching between spanning tree modes. Changing modes stops all spanning-tree instances for the previous mode and restarts the sys tem in the new mode, temporaril y disrupting user traffic.
C ONFIGURING THE S WITCH 3-146 • Maximum Age – The maximum time (in se conds) a device can wait without receiving a configuration message before attempting t o reconfigure. All device ports (exc ept for designated ports) should receive configuration messages at re gular intervals.
S PANNING T REE A LGORITHM C ONFIGURATION 3-147 • Transmission Lim it – The maximum transmission rate for BPDUs is specified by setting the minimu m interval between the transmission of consecutive protocol message s.
C ONFIGURING THE S WITCH 3-148 We b – Click Spanning T ree, STA, Conf iguration. Modify the required attributes , and click Apply . Figure 3-66 STA Configuration CLI – This example enables Spanning T ree Alg orithm, sets the mode to MST , and then configures the STA and MSTP parameters .
S PANNING T REE A LGORITHM C ONFIGURATION 3-149 Displaying Interface Settings The STA P or t Infor mation and STA T r unk Infor mation pages display the cur rent status of ports and tr unks in the Spanning T ree. Field Attributes • Spanning Tree – Shows if STA has been enabled on this interface.
C ONFIGURING THE S WITCH 3-150 • Designated Port – The port priority and number of the port on the designated brid ging device th rough which this switch must communicate with the root of the Spanning Tree. •O p e r P a t h C o s t – The contribution of this port to the path cost of paths towards the spanning tree which include this port.
S PANNING T REE A LGORITHM C ONFIGURATION 3-151 T r unk Member – Indicates if a por t is a member of a tr unk. (STA P or t Infor mation only) These additional parameters ar e only displa yed for the CLI: • Admin status – Shows if this interface is enabled.
C ONFIGURING THE S WITCH 3-152 • Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
S PANNING T REE A LGORITHM C ONFIGURATION 3-153 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP and MSTP at tributes for specific interfaces, including port priority , path cost, link type, an d edge por t.
C ONFIGURING THE S WITCH 3-154 - Learning - Port has transmitte d configuration messages for an interval set by the Forward Delay par ameter without receiving contradictory information. Port addr ess table is cleared, and the port begins learning addresses.
S PANNING T REE A LGORITHM C ONFIGURATION 3-155 •D e f a u l t – - Ethernet – Half duplex: 2,000,00 0; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half duplex : 200,000; full duplex: 100,000; trunk: 50,000 - Gigabit Ethernet – Full duplex: 10,000; trunk: 5,000 • Admin Link Type – The link type atta ched to this interface.
C ONFIGURING THE S WITCH 3-156 We b – Click Spanning T ree, STA, P or t Configuration or T r unk Configuration. M odify the required attributes , then click Apply . Figure 3-68 STA Port Configuration CLI – This example set s STA att ributes for port 7.
S PANNING T REE A LGORITHM C ONFIGURATION 3-157 (on each bridge) with the same set of VLANs. Also , note that RSTP treats each MSTI region as a single node , connecting all regions to the Common Spanning T ree. T o use multiple spanning trees: 1. Set the spanning tree type to MS TP (ST A Configuration, pag e 3-144).
C ONFIGURING THE S WITCH 3-158 We b – Click Spann ing T ree , MSTP , VL AN Configuration. Select an instance identifier from the list, set the instance priority , and click Apply . T o add the VLAN members t o an MSTI instance, enter the insta nce identifier, the VLAN identifier , and c lick Add.
S PANNING T REE A LGORITHM C ONFIGURATION 3-159 CLI – This d isplays ST A settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 2 4-233 Spanning-tree informatio.
C ONFIGURING THE S WITCH 3-160 CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Displaying Interface Settings for MSTP The MSTP Port Infor mation and MSTP T r unk Infor mation pages display the current status of por ts and tr un ks in the selected MST instance.
S PANNING T REE A LGORITHM C ONFIGURATION 3-161 CLI – This d isplays ST A settings for instance 0, followed by settings for each port. T he settings for instance 0 are global settings that apply to the IST (page 3-1 40), the settings for other instances onl y apply to the local spanning tree.
C ONFIGURING THE S WITCH 3-162 Configuring Interface Settings for MSTP Y ou can configure the STA interface settings for an MST Instance using the MSTP P ort Configuration and MSTP T r unk Configuration pages .
S PANNING T REE A LGORITHM C ONFIGURATION 3-163 • Admin MST Path Cost – This parameter is used by the MSTP to determine the be st path between de vices. Therefore , lower values should be assigned to por ts atta ched to faster me dia, and higher values assigned to ports with slow er medi a.
C ONFIGURING THE S WITCH 3-164 VLAN Configuration IEEE 802.1Q VLANs In large networks , routers are used to isolate broadcast traffic for each subnet into separate domains. This sw itc h provides a similar service at Layer 2 b y using VLANs to organize any g roup of network nodes into separate broadcast domains .
VLAN C ONFIGURATION 3-165 • Passing traffic between VLAN-a ware and VLAN-unaware devices • Priority tagging Assigning Ports to VLANs Be for e e na bl in g V LA Ns for th e s wi tch , yo u mu st fir st as si gn each po r t t o the VLAN g roup(s) in which it will participate.
C ONFIGURING THE S WITCH 3-166 Por t O ver la p pi n g – P or t overlapping can be used to allow access to commonly shared netw ork resources am ong different VLAN g roups , such as file ser vers or printers .
VLAN C ONFIGURATION 3-167 should also deter mine security bou ndarie s in the ne tw ork and disa ble GVRP on the boundar y ports to prevent adv ertisements from being propagated, or forbid those ports from joining restricted VLANs .
C ONFIGURING THE S WITCH 3-168 receives a tagg ed frame, it will pass this frame onto the VLAN(s) indicated by th e frame tag . Howev er , when this swit ch recei ves an unt ag g ed frame from a VLAN-unaw are device, it first decides where to forward the frame, and then inserts a VLAN tag reflecting the ing ress port’ s default VID .
VLAN C ONFIGURATION 3-169 Field Attributes • VLAN Version Number 8 – The VLAN version used by this switch as specified in the IEEE 802.1Q standard. • Maximum VLAN ID – Maximu m VLAN ID recognized by this switch. • Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch.
C ONFIGURING THE S WITCH 3-170 Command Attributes (W eb) • VLAN ID – ID of configured VLAN (1-4093). • Up Time at Creation – Time this VLAN was created (i.e., System Up Time). • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP : Automatic ally learned via GVRP.
VLAN C ONFIGURATION 3-171 • Status – Shows if this VLAN is enabled or disabled. - Active : VLAN is operational. - Suspend : VLAN is suspended; i.e. , does not pass packets. • Ports / Channel groups – Shows the VLAN interface members. CLI – Current VLAN infor mation can be displayed with the following command.
C ONFIGURING THE S WITCH 3-172 • Status (Web) – Enables or disables the specified VLAN. - Enable : VLAN is operational - Disable : VLAN is sus pended; i.e. , does not pass packets. • State (CLI) – Enables or disables the specified VLA N. - Active : VLAN is operational.
VLAN C ONFIGURATION 3-173 CLI – This example creates a new VLAN . Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tag g ed if they are connected to 802.1Q VLAN compliant devices , or untag ged they are not connected to any VLAN-aware devices .
C ONFIGURING THE S WITCH 3-174 Command Attributes • VLAN – ID of configured VLAN (1-4093 , no leading zeroes). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable : VLAN is operational.
VLAN C ONFIGURATION 3-175 We b – Click VLAN , 802.1Q VLAN , Static T able. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the a ppropriate radio button in the list of ports or tr unks.
C ONFIGURING THE S WITCH 3-176 • Member – VLANs for which the selected interface is a tagged member. • Non-Member – VLANs for which the selected interface is not a tagged member. We b – Click VLAN , 802.1Q VLAN, Static Membership by P or t. Select an interface from the scroll-down box (P or t or T r unk).
VLAN C ONFIGURATION 3-177 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), acce pt ed frame types , ing ress filteri ng, GVRP status , and GARP timers.
C ONFIGURING THE S WITCH 3-178 - If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member , these frames will be flooded to all other ports (except for those VLANs explicitly forbi dden on this port).
VLAN C ONFIGURATION 3-179 • Mode – Indicates VLAN membership m ode for an inter face. (Default: Hybrid) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between tw o switches, so the port transmits tagged frames that identify t he source VLAN.
C ONFIGURING THE S WITCH 3-180 CLI – This example sets por t 3 to ac ce pt only tag g ed frames, assigns PVID 3 as the nativ e VLAN ID , enables GVRP , sets the GARP timers , and then sets the switc hpor t mode to hybrid. Configuring Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN .
VLAN C ONFIGURATION 3-181 Enabling Pri vate VLANs Use the Priv ate VLAN Status pag e to enable/disable the Priv ate VLAN function. We b – Click VLAN , Priva te VLAN , Status . Select Enabled, and click Apply . Figure 3-79 Private VLAN Status CLI – This example enables p rivat e VLANs .
C ONFIGURING THE S WITCH 3-182 We b – Click VLAN , Priv ate VLAN , Link Status . Mark the ports that will ser ve as uplinks and downlinks for the pri vate VLAN , then click Apply . Figure 3-80 Private VLAN Link Status CLI – This configures por ts 3 and 4 as uplinks and ports 5 and 6 as downlinks .
VLAN C ONFIGURATION 3-183 T o av oid these problems , you ca n configure this switc h with protocol-based VLANs that divide the physical netw ork into logical VLAN g roups for eac h required protoc ol. W hen a frame is receiv ed at a port, its VLAN membership can th en be deter mined based on the protocol type being used by the inbound pack ets .
C ONFIGURING THE S WITCH 3-184 We b – Click VLAN , Protocol VLAN, C onfiguration. Enter a protocol g roup ID , frame type and protocol type, then click Apply . Figure 3-81 Protocol VLAN Configuration CLI – The following creates protocol grou p 1, and then specifies Ether net frames with IP and ARP protocol types .
VLAN C ONFIGURATION 3-185 - If the frame is untagged but the pr otocol type does not match, the frame is forwarded to the defa ult VLAN for this interface. Command Attributes • Interface – Port or trunk identifier. • Protocol Group ID – Group identifier of this protocol group.
C ONFIGURING THE S WITCH 3-186 Class of Service Configuration Class of Ser vice (CoS) allo ws you to specify which data pac kets ha ve g reater precedence when traffic is buffered in the switch due to congestion. Th is switch supports CoS wi th eight priority queues for eac h port.
C LASS OF S ER VICE C ONFIGURATION 3-187 • Number of Egress Traffic Class es – The number of qu eue buffers provided for each port. We b – Click Priority , Default Port Priority or Default T r unk Priority . Modify the default priority for any interface, then clic k Apply .
C ONFIGURING THE S WITCH 3-188 Mapping CoS Values to Egress Queues This switch processes Class of Servic e (CoS) priority tag ged traffic by using eight priority queues for each port, with ser vice schedules based on strict or W e ighted R ound Robin (W RR).
C LASS OF S ER VICE C ONFIGURATION 3-189 Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class 11 – Output queue buffer. (Range: 0-7, where 7 is the highest CoS priority queue) We b – Click Priority , T raffic Classes .
C ONFIGURING THE S WITCH 3-190 Selecting the Queue Mode Y ou can set the switch to service the queues based on a strict r ule that requires all traffic in a higher priori ty queue to be proc essed before lower priority que ues are serv iced, or use W eighted R ound-Robin (WRR) queuing that specifies a relative w eight of each queue .
C LASS OF S ER VICE C ONFIGURATION 3-191 Setting the Service Weight for Traffic Classes This switch uses the W eighted Round R obin (WRR) alg orithm to deter mine the frequency at which it ser vice s each priority queue .
C ONFIGURING THE S WITCH 3-192 CLI – The following example sho ws how to assign WRR w eights to each of the priority queues . Layer 3/4 Priority Se ttings Mapping Layer 3/4 Prio rities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements .
C LASS OF S ER VICE C ONFIGURATION 3-193 Selecting IP Precedence/DSCP Priority The switch allows you to choose betw een using IP Precedence or DSCP priority. Select one of the me thods or disable this feature. Command Attributes • Disabled – Disables both priority services .
C ONFIGURING THE S WITCH 3-194 Ser vice v alues (i.e ., Precedence v alue 0 maps to CoS v alue 0, and so forth). Bits 6 and 7 are used for netw ork cont rol, and the other bits for various application types . T oS bits are de fined in the following table.
C LASS OF S ER VICE C ONFIGURATION 3-195 CLI – The following example globally enables IP Precedence ser vice on the switch, maps IP Precedence valu e 1 to CoS v alue 0 (on port 1), and then displa ys the IP Precedence settings .
C ONFIGURING THE S WITCH 3-196 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. • Class of Service Value – Maps a CoS value to the selected DSCP Priority value. Note that “0” represents low priority and “7” represent high priority.
C LASS OF S ER VICE C ONFIGURATION 3-197 Note: Mapping specific values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch. Mapping IP Port Priority Y ou can also map network applications to Class of Service values based on the IP port number (i.
C ONFIGURING THE S WITCH 3-198 Figure 3-90 IP Port Priority Status Click Priority , IP P or t Priority . Enter the port number for a network application in the IP P ort Number box and the new CoS v alue in the Class of Ser vice box, and then click Apply .
C LASS OF S ER VICE C ONFIGURATION 3-199 Note: Mapping specific values for IP Port Priority is implemented a s an interface configuration command, but any changes will apply to the all interfaces on the switch.
C ONFIGURING THE S WITCH 3-200 We b – Click Priority , A CL CoS Priority . Enable mapping for any port, select an A CL from the scroll-down list, then click Apply . Figure 3-92 ACL CoS Priority CLI – This example assi gns a CoS value of zero to pac kets matching ru les within the specified ACL on port 24.
M ULTICAST F ILTERING 3-201 Multicast Filtering Multicasting is used to support real-time applications such as videoconf erencing or streaming audio . A multicast ser ver does not hav e to establish a separate connection with each client.
C ONFIGURING THE S WITCH 3-202 Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query — If multicast routing is not supported on other switches in y our network, y ou can use IGMP Snooping and Qu.
M ULTICAST F ILTERING 3-203 • IGMP Querier — A router, or multicast-enabled switch, can periodically ask their hosts if they wa nt to receive multicast traffic.
C ONFIGURING THE S WITCH 3-204 • IGMP Version — Sets the protocol vers ion for compatibility with other devices on the network. (Range: 1-2; Default: 2) Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout.
M ULTICAST F ILTERING 3-205 Displaying Interfaces Atta ched t o a Mul ticast R outer Multicast routers that are attached to ports on the switch use infor mation obtained from IGMP , along with a mu lticast routing protocol such as D VMRP or PIM, to support IP multicasting across the Internet.
C ONFIGURING THE S WITCH 3-206 CLI – This exam ple shows that P or t 11 ha s been statically configured as a port attached to a m ulticast router . Specifying Static Interfaces for a Multicast Router Depending on your netw ork connections, IGMP s nooping may not always be able to locate the IGMP quer ier .
M ULTICAST F ILTERING 3-207 We b – Click IGMP Snooping, Static Mult icast Router P ort Configuration. Specify the interfaces attached to a m ulticast router , indicate the VLAN which will forward all the corresponding multicast traffic, an d then click Add.
C ONFIGURING THE S WITCH 3-208 We b – Click IGMP Snooping, IP Multic ast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from the scroll-down lists . The switch will display all the in terfaces that are propag ating this multicast ser vice.
M ULTICAST F ILTERING 3-209 Command Usag e • Static multicast addresses are never aged out. • When a multicast address is assigned to an interface in a specific VLAN, the corresponding traffic ca n only be forwarded to ports within that VLAN. Command Attribute • Interface – Activates the Port or Trunk scroll down list.
C ONFIGURING THE S WITCH 3-210 CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast ser vices supported on VLAN 1.
C ONFIGURING D OMAIN N AME S ER VICE 3-211 • When an incomplete host name is received by the D NS server on this switch and a domain name list has been specified, the switch will work through the domain list, appending each domain name in the list t o the host name, and checking with the sp ecified name servers for a matc h.
C ONFIGURING THE S WITCH 3-212 We b – Select DNS, General Configurati on. Set the default domain name or list of domain names , specify one or more name servers to use to use for address resolution, enable domain lookup status , and click Apply .
C ONFIGURING D OMAIN N AME S ER VICE 3-213 CLI - This example sets a default domain name and a domain list. How ever , remember that if a domain list is specified, the default domain name is not used.
C ONFIGURING THE S WITCH 3-214 Field Attributes • Host Name – Name of a host device that is mapped to one or more IP addresses. (Range: 1-64 characters) • IP Address – Internet address(es) associat ed with a host name.
C ONFIGURING D OMAIN N AME S ER VICE 3-215 CLI - This example maps two address to a host name , and then configures an alias host name for the same addresses . Displaying the DNS Cache Y ou can displa y entries i n the DNS cac he that hav e been learned via the designated name ser vers .
C ONFIGURING THE S WITCH 3-216 We b – Select DNS , Cache . Figure 3-100 DNS Cache CLI - This example displays all the resource records lear ned from the designated na me ser vers . Console#show dns cache 4-171 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.
4-1 C HAPTER 4 C OMMAND L INE I NTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manag ement interf ac.
C OMMAND L INE I NTERFACE 4-2 After connecting to the system throug h the console port, the login screen displays: Telnet Connection T elnet ope rates over the IP transpor t protocol. In this environment, y our management station and any network de vice you want to manage over the network m ust hav e a valid IP address .
E NTERING C OMMANDS 4-3 2. At the prompt, enter the user name and system password. The CLI will display the “Vty- n #” prompt for the administra tor to show that you are using privileged access mode (i.e ., Privileged Ex ec), or “Vty- n >” for the guest to sho w that you ar e using nor mal access mode (i.
C OMMAND L INE I NTERFACE 4-4 • To enter multiple commands, enter each command in the required order. For example, to enable Privileged Exec comm and mode, and display the startup c onfiguration, en.
E NTERING C OMMANDS 4-5 Showing Commands If you enter a “?” at the command prompt, the system will display the first level of ke ywords for the current comm and class (Nor mal Exec or Privileged Exec) or configuration cla ss (Global, A CL, Interface, Line, VLAN Database, or MSTP).
C OMMAND L INE I NTERFACE 4-6 The command “ show interfaces ? ” will display the following informati on: Partial Keyword Lookup If you t er minate a partial keyword with a question mark, alt er nativ es that match the initial letters are pro vided.
E NTERING C OMMANDS 4-7 Understanding Command Modes The command se t is divided into Ex ec and Configuration classes . Exec commands generally display infor mation on system status or clear statistical counters . Configuration commands, on the other hand, modify interface para meters or enable cert ain switc hing functions.
C OMMAND L INE I NTERFACE 4-8 Privileged Exec mode from within Nor mal Exec mode, by entering the enab le command, followed by the pri vileg ed level passw ord “super” (page 4-36).
E NTERING C OMMANDS 4-9 • Line Configuration - These commands modify the console port and Telnet configuration, and include com mand such as parity and databits .
C OMMAND L INE I NTERFACE 4-10 For example, you can use the followi ng commands to enter interface configuration mode, and then retu rn to Privileged Exec mode.
C OMMAND G RO U PS 4-11 Command Groups The system commands can be broken do wn into the functional g roups shown belo w . Table 4-4 Command Group Index Command Group Description Page Line Sets communi.
C OMMAND L INE I NTERFACE 4-12 The acce ss mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration) GC (Global Configuration) IC (Interface Confi.
L INE C OMMANDS 4-13 Line Commands Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the server’ s serial port. These commands are used to set communication parameters for the se rial port or T elnet (i.e., a vir tual ter minal) .
C OMMAND L INE I NTERFACE 4-14 line This command id entifies a specific lin e for configuration, and to process subsequent line configuration commands . Syntax line { console | vty } • console - Console te rminal li ne. • vty - Virtual terminal for remote console access (i.
L INE C OMMANDS 4-15 login This command e nables passw ord checking at login. Use the no form to disable password checking and allo w connections without a passw ord. Syntax login [ local ] no login local - Selects local passw ord chec ki ng . Authentication is based on the user name specified with the username command.
C OMMAND L INE I NTERFACE 4-16 Example Related Commands username (4-34) password (4-16) password This command spec ifies the password for a line. Use the no for m to remov e the password.
L INE C OMMANDS 4-17 Example Related Commands login (4-15) passw ord-thresh (4-19) timeout login response This command sets the inter val that the system waits for a user to log into the CLI.
C OMMAND L INE I NTERFACE 4-18 exec-timeout This command sets the inter val that the system waits until user input is detected. Use the no for m to restore the default. Syntax exec-timeout [ seconds ] no exec-timeout seconds - Integer that specifies the number of seconds .
L INE C OMMANDS 4-19 password-thresh This command sets the password intr usion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold val u e. Syntax passw ord-thresh [ thr eshold ] no pass word-thresh thre shold - The number of allowe d password attempts .
C OMMAND L INE I NTERFACE 4-20 silent-time This command sets the amount of time the management console is inaccessible after the number of unsuccessful log on attempts exceeds the threshold set by the pass word-thresh command. Use the no for m to re mo ve t he si le nt t im e va lu e.
L INE C OMMANDS 4-21 Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bi ts with parity . If parity is being generated, specify 7 data bits per ch aracter .
C OMMAND L INE I NTERFACE 4-22 Command Usage Communication protocols pro vided by devices such as terminals and modems often require a specific parity bit setting . Example T o specify no parity , enter this command: speed This command sets the ter minal line ’ s baud rate .
L INE C OMMANDS 4-23 Example T o specify 57600 bps , enter this command: stopbits This command sets the number of the s top bits transmitted per byte .
C OMMAND L INE I NTERFACE 4-24 Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other id entifiers for an activ e session will disconnect an SSH or T elnet connection.
G ENERAL C OMMANDS 4-25 Example T o show all lin es, enter this command: General Commands Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeo.
C OMMAND L INE I NTERFACE 4-26 enable This command ac tiv ates Privileged Exec mode. In privileged mode, additional commands are a vailable , and certain comm ands display additional infor mation. (See “Und erstanding Command Modes” on page 4-7.) Syntax enable [ le vel ] level - Privilege level to log into the device.
G ENERAL C OMMANDS 4-27 disable This command retur ns to Nor mal Exec mode from privileged mode. In nor mal access mode, y ou can only di splay basic information on the switch's configuration or Ethernet statistics . T o gain access to all commands, y ou must use the privileged mode.
C OMMAND L INE I NTERFACE 4-28 Example Related Commands end (4-29) show history This command shows the contents of the command histor y buffer. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The histor y buffer size is fixed at 10 Ex ecution commands and 10 Configuration commands .
G ENERAL C OMMANDS 4-29 The ! command repeats commands from the Execution command history buffer when y ou are in Normal Exec or Pr ivileged Exec Mode, and commands from the Configuration co mmand h istor y buffer when y ou are in any of the configuration mo des .
C OMMAND L INE I NTERFACE 4-30 Command Mode Global Configuration, Interface Conf iguration, Line Configuration, VLAN Database Configuration, and Multiple Spanning T ree Configuration.
S YSTEM M ANAGEMENT C OMMANDS 4-31 Command Mode Nor mal Exec , Privileged Exec Command Usage The quit and exit commands can both exit the configuration program.
C OMMAND L INE I NTERFACE 4-32 Device Designation Commands prompt This command customizes the CLI prompt. Use the no for m to restore the default prompt.
S YSTEM M ANAGEMENT C OMMANDS 4-33 Example hostname This command spec ifies or modifies th e host name for this d evice. Use t he no for m to restore the defaul t host name.
C OMMAND L INE I NTERFACE 4-34 Example This example shows how to renumber all units . User Access Commands The basic comm ands required for management access are listed in this section.
S YSTEM M ANAGEMENT C OMMANDS 4-35 • password password - The au thentication password for the user. (Maximum l ength: 8 char acters plain t ext, 32 encr ypted, case sensitive) Default Setting • The default access level is Normal Exec.
C OMMAND L INE I NTERFACE 4-36 enable password After initially log ging onto the syste m, you should set the Pri vileg ed Exec password. R emember to record it in a safe place . This command controls access to the Privileged Exec lev el from the Nor mal Exec level.
S YSTEM M ANAGEMENT C OMMANDS 4-37 Related Commands enable (4-26) authentication enable (4-93) IP Filter Commands management This command spec ifies the client IP address es that are al low ed management access to the switch th rough various protocols .
C OMMAND L INE I NTERFACE 4-38 Command Usage • If anyone tries to access a manageme nt interface on the switch from an invalid address, the switch will re ject the connection, enter an event message in the system log, and se nd a trap message to the trap manager.
S YSTEM M ANAGEMENT C OMMANDS 4-39 Command Mode Privileged Exec Example Web Server Commands Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address --------------------------------------- -------- 1. 192.168.
C OMMAND L INE I NTERFACE 4-40 ip http port This command spec ifies the TCP port number used by the web bro wser interface. Use the no form to use the default port. Syntax ip http por t port-number no ip http por t port-number - T h e T C P p o r t t o b e u s e d b y t h e b r o w s e r i n t e r f a c e .
S YSTEM M ANAGEMENT C OMMANDS 4-41 Example Related Commands ip http port (4-40) ip http secure-server This command enables the secure hy pert ext transfer protocol (HTTPS) ov er the Secure Soc ket La yer (SSL), pr oviding secu re access (i.e ., an encr ypted connection) to the switch’ s web interface.
C OMMAND L INE I NTERFACE 4-42 • The client and server establish a secure encrypted connection. A padlock icon should appear in the status bar for Internet Explorer 5.
S YSTEM M ANAGEMENT C OMMANDS 4-43 Default Setting 443 Command Mode Global Configuration Command Usage • You cannot configure the HTTP an d HTTPS servers to use the same port.
C OMMAND L INE I NTERFACE 4-44 Default Setting Enabled Command Mode Global Configuration Example ip telnet server port This comm and specifies the TCP port number used by the T elnet interface.
S YSTEM M ANAGEMENT C OMMANDS 4-45 The Secure Shell (SSH) includes ser ver /client applications intended as a secure replacement for t he older Berkley remote access tools . SSH can also provide remote management access to this switch as a secure replacem ent for T elnet.
C OMMAND L INE I NTERFACE 4-46 The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified b y the SSH client, then the password can .
S YSTEM M ANAGEMENT C OMMANDS 4-47 10.1.0.54 1024 35 156849954018 6766925933394 6775054617325313 67489083654725 4 1502024559 31998685443583 61651999923329 781766065830956 10 8259132128902 33 765468017.
C OMMAND L INE I NTERFACE 4-48 d. The client uses its private k ey to decr ypt the bytes , and sends the decr ypted bytes back to the switc h. e. The switch compares the decrypted bytes to the original bytes it sent.
S YSTEM M ANAGEMENT C OMMANDS 4-49 Example Related Commands ip ssh crypto host-key generate (4-51) show ssh (4-54) ip ssh timeout This command configur es the timeout for the SSH ser ver .
C OMMAND L INE I NTERFACE 4-50 ip ssh authentication-retries This command configures the number of times the SSH server attempts to reauthenticate a user .
S YSTEM M ANAGEMENT C OMMANDS 4-51 Command Usage • The server key is a privat e key that is never shared outside the switch. • The host key is shared with the SS H client, and is fixed at 1024 bits. Example delete public-key This comm and deletes the specified user’ s public key .
C OMMAND L INE I NTERFACE 4-52 Command Mode Privileged Exec Command Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save host-key command to save the host key pair to flash memory. • Some SSH client programs automati cally add the public key to the known hosts file as part of the c onfiguration process.
S YSTEM M ANAGEMENT C OMMANDS 4-53 Command Usage • This command clears the host key fr om volatile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. • The SSH server must be disabl ed before you can execute this command.
C OMMAND L INE I NTERFACE 4-54 show ip ssh This command displays the connection settings used when authenticating client access to the SSH ser ver . Command Mode Privileged Exec Example show ssh This command displ ays the current SSH server connec tions .
S YSTEM M ANAGEMENT C OMMANDS 4-55 show public-key This command shows the public k ey fo r the specified user or for the host. Syntax show public-k ey [ user [ user name ]| host ] user name – Name of an SSH us er . (Range: 1-8 characters) Default Setting Shows all public k eys.
C OMMAND L INE I NTERFACE 4-56 Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is spec ified, then the public keys for all users are displayed. • When an RSA key is displayed, the first field indicates the size of the host key (e.
S YSTEM M ANAGEMENT C OMMANDS 4-57 logging on This command controls log ging of er ror messag es , sending debug or er ror messages to switch memor y .
C OMMAND L INE I NTERFACE 4-58 logging history This command limits syslog messages sav ed to switch memo r y based on severity . The no for m retur ns the log ging of syslog messages to the default level. Syntax log ging histor y { fl a s h | ram } level no log ging histor y { fl as h | ram } • flash - Event history stored in fl ash memory (i.
S YSTEM M ANAGEMENT C OMMANDS 4-59 Command Mode Global Configuration Command Usage The me ssage level specified for f lash memor y must be a higher priority (i.e., numerically low er) than that specified for RAM. Example logging host This comm and adds a syslog ser ver host IP address that will receive log ging messag es .
C OMMAND L INE I NTERFACE 4-60 logging facility This command sets the facili ty type fo r remote log ging of syslog messages . Use the no form to return the type to the default. Syntax [ no ] log ging facility type type - A number that indicates the facility used by the syslog ser ver to dispatch log messag es to an appropriate ser v ice.
S YSTEM M ANAGEMENT C OMMANDS 4-61 logging trap This command enables the log ging of system messages to a remote ser ver , or limits the syslog messages sav ed to a remote ser ver based on severity . Use this command withou t a specified le vel to enable remote log ging .
C OMMAND L INE I NTERFACE 4-62 clear log This command c lears messages from the log buffer . Syntax clear log [ fl as h | ram ] • flash - Event history stored in fl ash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i .
S YSTEM M ANAGEMENT C OMMANDS 4-63 Default Setting None Command Mode Privileged Exec Example The following example shows that system logg ing is enabled, the message level for flash memor y is “er rors” (i.e ., default level 3 - 0), and the message level for RAM is “debug ging” (i.
C OMMAND L INE I NTERFACE 4-64 Related Commands show log ging sendmail (4-69) show log This command di splays the log messages stored in local m emor y . Syntax show log { fl a s h | ram } • flash - Event history stored in fl ash memory (i.e., permanent memory).
S YSTEM M ANAGEMENT C OMMANDS 4-65 Example The following exam ple shows the e vent message stored i n RAM. SMTP Alert Commands These commands config ure SMTP ev ent handling, and forwarding of alert messages to the specified SMTP ser vers and email recipients .
C OMMAND L INE I NTERFACE 4-66 logging sendmail host This command specifies SMTP ser vers t hat will be sent alert messages. Use the no form to remo ve an SMTP ser ver . Syntax [ no ] log ging sendmail host ip_addr ess ip_address - I P a d d r e s s o f a n S M T P s e rv e r t h a t w i l l b e s e n t a l e r t messages for event handling .
S YSTEM M ANAGEMENT C OMMANDS 4-67 logging sendmail level This command sets the severity threshold used to trig ger aler t messages. Syntax log ging sendmail level level level - One of the system message le ve ls (p ag e 4- 58 ). Me ss ag es s e nt include the selected level down to lev el 0.
C OMMAND L INE I NTERFACE 4-68 Command Mode Global Configuration Command Usage Y ou may use an symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. Example This example will send email aler ts for system error s from level 3 through 0 .
S YSTEM M ANAGEMENT C OMMANDS 4-69 logging sendmail This command e nables SMTP event handling . Use the no for m to disable this function. Syntax [ no ] logging sendmail Default Setting Enabled Command Mode Global Configuration Example show logging sendmail This comm and displays the settin gs for the SMTP event handler .
C OMMAND L INE I NTERFACE 4-70 Time Commands The system clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP). Maintaining an accura te time on the switch enables the s ystem log to recor d meaningful dates and times for ev ent entries .
S YSTEM M ANAGEMENT C OMMANDS 4-71 Command Usage • The time acquired from time servers is used to record accu rate dates and times for log events. Without SNTP, t he switch only record s the time starting from the factory default set at the last bootup (e.
C OMMAND L INE I NTERFACE 4-72 Command Mode Global Configuration Command Usage This command speci fies time ser vers from which the switch will poll for time updates when set to SNTP clie nt mode. The client will poll the time ser vers in the orde r specified unt il a response is re ceiv ed.
S YSTEM M ANAGEMENT C OMMANDS 4-73 Related Commands Re lated Commands (4-71) show sntp This command di splays the current ti me and configuration settings for the SNTP client, and indicates whether or not the local time has been properly updated.
C OMMAND L INE I NTERFACE 4-74 Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone relativ e to the Coordinated Univ ersal Time ( UTC, formerly Greenwic h Mean Time or GMT) , based on the earth’ s prime meridian, zero deg rees longitude.
S YSTEM M ANAGEMENT C OMMANDS 4-75 Default Setting None Command Mode Privileged Exec Example This example shows ho w to set the syst em clock to 15:12:34, F ebr uar y 1st, 2002.
C OMMAND L INE I NTERFACE 4-76 System Status Commands show startup-config This command displays the configuration file stored in non-volatile memor y that is used to s tar t up the system.
S YSTEM M ANAGEMENT C OMMANDS 4-77 - Users (names and access levels) - VLAN database (VLAN ID, name and state) - VLAN configuration settings for each interface - Multiple spanning tr ee instances (nam.
C OMMAND L INE I NTERFACE 4-78 Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the inform ation in running memory to the information stored in non-volatile memory. • This command displays settings for key command mod es.
S YSTEM M ANAGEMENT C OMMANDS 4-79 Example Related Commands show startup-config (4-76) Console#show running-config building running-config, please wait.
C OMMAND L INE I NTERFACE 4-80 show system This command di splays system infor mation. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage • For a description of the items sh o wn by this command, refer to “Displaying System Info rmation” on page 3-12.
S YSTEM M ANAGEMENT C OMMANDS 4-81 show users Shows all activ e console and T elnet se ssions , including user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.
C OMMAND L INE I NTERFACE 4-82 Command Mode Nor mal Exec , Privileged Exec Command Usage See “Displaying Switch Hardware/S oftware V ersions” on pag e 3-14 for detailed infor mation on the items displayed by this command. Example Frame Size Commands jumbo fram e This command enables support for jumbo frames .
S YSTEM M ANAGEMENT C OMMANDS 4-83 Command Mode Global Configuration Command Usage • This switch provides more efficient throu ghput for large seq uential data transfers by supporting ju mbo frames up to 9216 bytes. Compared t o standard Ethernet fr ames that run only up to 1.
C OMMAND L INE I NTERFACE 4-84 Flash/File Commands These commands are used to manag e the system code or configuration files . copy This comm and moves (upload/download ) a code image or configuration file between the switc h’ s flash memor y and a TFTP ser ver .
F LASH /F ILE C OMMANDS 4-85 • https-certificate - Keyword that allows you to copy the HTTPS secure site certificate. • public-key - Keyword that allows you to copy a SSH key from a TFTP server. (See “Secure Shell Commands” on page 4-44.) • unit - Keyword that allows you to copy to/from a specific unit in the stack.
C OMMAND L INE I NTERFACE 4-86 Example The following exam ple shows ho w to up load the configuration settings to a file on the TFTP ser ver : The foll owing example shows how to c opy the running configuration to a startup file.
F LASH /F ILE C OMMANDS 4-87 This example shows how to copy a pub li c - k e y u s e d by S S H f r o m a n T F T P ser ver . Note that public k ey authentication via SSH is only supported for users configured locally on the switch. delete This command de letes a file or image.
C OMMAND L INE I NTERFACE 4-88 Example This example shows ho w to delete th e test2.cfg configuration file from flash memor y . Related Commands dir (4-88) delete public-key (4-51) dir This command di splays a list of files in flash memor y .
F LASH /F ILE C OMMANDS 4-89 Command Usage • If you enter the command dir without any parameters, the system displays all files. • A colon (:) is required after the specified unit num ber. • File information is shown below: Example The following example shows ho w to display all file infor mation.
C OMMAND L INE I NTERFACE 4-90 Command Mode Privileged Exec Example This example shows the information displa yed by the whichboot command. See the table u nder the dir command for a description of the file infor mation displayed by this command. boot system This command specifies the image used to star t up the system.
A UTHENTICATION C OMMANDS 4-91 Example Related Commands dir (4-88) whichboot (4-89) Authentication Commands Y ou can configur e this switch t o authenticate users log ging into the system for management ac cess using local or remote authentication methods .
C OMMAND L INE I NTERFACE 4-92 authentication login This command defines the login authentication method and precedence . Use the no for m to restore the default. Syntax authentication login {[ local ] [ radius ] [ tacacs ]} no authentication login • local - Use local password.
A UTHENTICATION C OMMANDS 4-93 Example Related Commands username - for setting the local user names and passwords (4-34) authentication enable This command defines th e authentication met hod and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command (see page 4-2 6).
C OMMAND L INE I NTERFACE 4-94 • You can specify three authen ticati on methods in a single command to indicate the authentication sequence . For example, if you enter “ authentication enable radius tacacs local ,” the user na me and password on the RADIUS server is verified first.
A UTHENTICATION C OMMANDS 4-95 radius-server host This command spec ifies primar y and backup RADIUS ser vers and authentication parameters that apply to each server .
C OMMAND L INE I NTERFACE 4-96 radius-server port This command sets the RADIUS ser ver netw ork port. Use the no for m to restore the default. Syntax radius-ser ver por t port_number no radius-ser ver port port_number - RADIUS ser ver UDP port used for authe ntication messages.
A UTHENTICATION C OMMANDS 4-97 Example radius-server retransmit This command sets the number of retries . Use the no for m to re store the default. Syntax radius-ser ver retransmit number_of_retries no radius-ser ver retransmit number_of_retries - Number of times the switch will tr y to authenticate log on access via th e RADIUS ser ver .
C OMMAND L INE I NTERFACE 4-98 Command Mode Global Configuration Example show radius-server This command di splays the current settings for the RADIUS ser ver .
A UTHENTICATION C OMMANDS 4-99 tacacs-server host This command spec ifies the T A CA CS+ ser ve r . Use the no fo r m t o r e s t o r e the default. Syntax tacacs-ser ver host host_ip_address no ta cacs-server h ost host_ip_address - IP addres s of a TA CA CS+ se r ver .
C OMMAND L INE I NTERFACE 4-100 tacacs-server port This command spec ifies the T A CA CS+ ser ver network port. Use the no for m to restore the default. Syntax tacacs-ser ver por t port_number no tacacs-ser ver por t port_number - TA CACS+ server TCP por t used for authentication messages.
A UTHENTICATION C OMMANDS 4-101 Example show tacacs-server This command di splays the current settings for the TA CACS + ser ver . Default Setting None Command Mode Privileged Exec Example Port Security Commands These commands can be used to enable port security on a por t.
C OMMAND L INE I NTERFACE 4-102 port security This command enables or configur es por t security . Use the no for m without any keyw ords to disable port security . Use the no for m with the appropriate keyw ord to restore the default settings for a response to security violation or for the maxi mum nu mber of allowed addresses .
A UTHENTICATION C OMMANDS 4-103 Command Usage • If you enable port security, the switch stops learning new MAC addresses on t he specified po rt wh en it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dy namic or st atic address table will be accepted.
C OMMAND L INE I NTERFACE 4-104 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x ) por t-based access control that prevents unauthorized access to the netw ork by requiring users to first submit credentials for au thentication.
A UTHENTICATION C OMMANDS 4-105 dot1x system-auth-control This command enables IEE E 802.1X por t authentication globally on the switch. Use the no form to restore the default.
C OMMAND L INE I NTERFACE 4-106 dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/i dent ity pack et to the clie nt before it times out the authentica tion session. Use the no for m to restore the default.
A UTHENTICATION C OMMANDS 4-107 Default force-authorized Command Mode Interface Configuration Example dot1x operation-mode This command allows single or multiple hosts (cli ents) to connect to an 802.1X-authorized port. Use the no for m with no keyw ords to restore the default to single host.
C OMMAND L INE I NTERFACE 4-108 • In “multi-host” mode, only one host connected to a port needs to pass authentication for all other hosts to be gra nted network access. Similarly, a port can beco me unauthorized for all hosts if one attached host fails re-authentication or sends an EAPOL logoff message.
A UTHENTICATION C OMMANDS 4-109 Example dot1x timeout quiet-period This co mmand sets the time that a swit ch port waits after the Max Request Count has been exceeded before attemp ting to acquire a new client.
C OMMAND L INE I NTERFACE 4-110 Command Mode Interface Configuration Example dot1x timeout tx-peri od This command sets the time that the switch waits during an authentica tion session before re-transmittin g an EAP packet. Use the no form to re set to the default value .
A UTHENTICATION C OMMANDS 4-111 •i n t e r f a c e • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-24/48) Command Mode Privileged Exec Command Usage This command displays the following infor mation: • Global 802.
C OMMAND L INE I NTERFACE 4-112 - Port-control –Shows the dot1x mode on a port as auto , force-authorized, or force- unauthorized (page 4-106). - Supplicant – MAC address of authorized client. - Current Identifier – The in teger (0-255) used by the Authenticator to identify the current authentication session.
A UTHENTICATION C OMMANDS 4-113 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Au thorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 disabled Single-Host ForceAuthorized n/a .
C OMMAND L INE I NTERFACE 4-114 Access Control List Commands Access Control Lists (A CL) provide pack et filtering for IP frames (based on address , protocol, Layer 4 proto col por t number or TCP control code) or any frames (based on MAC address or Ethernet type).
A CCESS C ONTR OL L IST C OMMANDS 4-115 The following restrictions apply to A CLs: • This switch supports ACLs for both ingress and egress f iltering. However, you can only bind one IP ACL and one MAC ACL to any port for ingress filtering, and one IP ACL and one MAC ACL to any port for egress filtering.
C OMMAND L INE I NTERFACE 4-116 Masks for Access Control Lists Y ou must specify optional masks that control the order in which A CL r ules are check ed. T he switch includes two system defa ult masks that pass/ filter packets matc hing the per mit/den y r ules specified in an ingress ACL.
A CCESS C ONTR OL L IST C OMMANDS 4-117 access-list ip This command adds an IP access list and enters configurat ion mode for standard or extend ed IP AC Ls .
C OMMAND L INE I NTERFACE 4-118 Default Setting None Command Mode Global Configuration Command Usage • An egress ACL must c ontain all deny rules. • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list.
A CCESS C ONTR OL L IST C OMMANDS 4-119 Default Setting None Command Mode Standard A CL Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period.
C OMMAND L INE I NTERFACE 4-120 permit , deny (Extended ACL) This command adds a r ule to an Extended IP A CL. T he r ule sets a filter condition for packets with specific so urce or destination IP addresses, protocol types , source or destination protocol ports, or TCP control codes.
A CCESS C ONTR OL L IST C OMMANDS 4-121 Command Mode Extended A CL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period.
C OMMAND L INE I NTERFACE 4-122 Example This example accepts any incoming pac kets if the source address is within subnet 10.7.1.x. F or example, if the r ule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked ad dress (10.7.1.
A CCESS C ONTR OL L IST C OMMANDS 4-123 Example Related Commands per mit, deny 4-118 ip access-group (4-12 8) access-list ip mask-precedence This command accesses the IP Mask mode used to configure access control masks . Use the no form to delete the mask table .
C OMMAND L INE I NTERFACE 4-124 Related Commands mask (IP A CL) (4-124) ip access-g roup (4-128) mask (IP ACL) This command defines a mask for IP ACLs .
A CCESS C ONTR OL L IST C OMMANDS 4-125 Command Usage • Packets crossing a port are checke d against all the rules in the ACL until a match is found. The order in which these packets are che cked is determined by the mask, and not the order in which the ACL rules were ente red.
C OMMAND L INE I NTERFACE 4-126 This shows how to create a standard A CL with an ing ress mask to deny access to the IP host 171.69.198.102, and per mit access to any others . This shows how to create an extend ed A CL with an egress mask to drop packets leaving netw ork 171.
A CCESS C ONTR OL L IST C OMMANDS 4-127 This is a more comprehensiv e exampl e. It denies any TCP pac kets in which the SYN bit is ON , and per mits all other packets . It then sets the ing ress mask to c heck the deny r ule first, and finally binds port 1 to this A CL.
C OMMAND L INE I NTERFACE 4-128 Command Mode Privileged Exec Example Related Commands mask (IP A CL) (4-124) ip access-group This command binds a por t to an IP A CL. Use the no f or m t o r e m ove t h e port. Syntax [ no ] ip access-gr oup acl_name { in | out } • acl_name – Name of the ACL.
A CCESS C ONTR OL L IST C OMMANDS 4-129 Example Related Commands show ip access-list (4-122) show ip access-group This command shows the ports assigned to IP A CLs . Command Mode Privileged Exec Example Related Commands ip access-group (4-12 8) map access-list ip This command sets the output queue for pac kets matching an A CL r ule.
C OMMAND L INE I NTERFACE 4-130 Command Mode Interface Configuration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS values to the rule. • A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table.
A CCESS C ONTR OL L IST C OMMANDS 4-131 Command Mode Privileged Exec Example Related Commands map access-list ip (4-12 9) match access-list ip This command ch ang es the IEEE 802.1 p priority , IP Precedence, or DSCP Priority of a frame matc hing th e defined A CL rule.
C OMMAND L INE I NTERFACE 4-132 • Traffic priorities m ay be included in the IEEE 802.1p priority tag. This tag is also incorporated as part of the overall IEEE 802.1 Q VLAN tag. To specify this priority , use the se t priority keywords. • The IP fram e header also inc ludes pr iority bits in the Ty pe of Service (ToS) octet.
A CCESS C ONTR OL L IST C OMMANDS 4-133 MAC ACLs Table 4-36 MAC ACL Commands Command Function Mode Page access-list mac Creates a MAC ACL and enters configuration mo de GC 4-134 permit, deny Filters p.
C OMMAND L INE I NTERFACE 4-134 access-list mac This command adds a MA C access list and enters MA C ACL configu ration mode. Use the no form to remov e the specified A CL.
A CCESS C ONTR OL L IST C OMMANDS 4-135 permit , deny (MAC ACL) This command adds a r ul e to a MA C ACL. The r ule filters pack ets matching a specified MA C source or dest ination address (i.e., ph ysical layer address), or Ethernet protocol type. Use the no f o rm to re mo v e a rul e .
C OMMAND L INE I NTERFACE 4-136 • address- bitmask 14 – Bitmask for MAC addre ss (in hexidecimal format). • vid – VLAN ID. (Range: 1-4095) • vid-bitmask 14 – VLAN bitmask. (Range: 1-4095) • protocol – A specific Ethernet protoc ol number.
A CCESS C ONTR OL L IST C OMMANDS 4-137 show mac access-list This comm and displays the r u les for configured MAC A CLs . Syntax show mac access-list [ acl_name ] acl_name – Name of the A CL.
C OMMAND L INE I NTERFACE 4-138 Command Usage • You must configure a mask for an AC L rule before you can bind it to a port or set the queue or frame priorities associated with the rule. • A mask can only be used by all ingress ACLs or all egress ACLs.
A CCESS C ONTR OL L IST C OMMANDS 4-139 • ethertype – Check the Ethernet type field. • ethertype-bitmas k – Ethernet type of rule must match this bitmask. Default Setting None Command Mode MA C Mask Command Usage • Up to seven masks can be assigned to an ingress or egress ACL.
C OMMAND L INE I NTERFACE 4-140 This example creates an Egress MA C A CL. show access-list mac mask-precedence This command shows the ingress or egress r ule masks for MA C A CLs . Syntax show access-list mac mask-precedence [ in | out ] • in – Ingress ma sk precedence for i ngress ACLs.
A CCESS C ONTR OL L IST C OMMANDS 4-141 mac access-group This command binds a port to a MA C A CL. Use the no for m to remov e the por t. Syntax mac access-gr oup acl_name { in | out } • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this list applies to ingress packets.
C OMMAND L INE I NTERFACE 4-142 Example Related Commands mac access-g roup (4-141) map access-list mac This command sets the output queue for pac kets matching an A CL r ule. The speci fied CoS value is only used to map the matching packet to an output queue; it is not writte n to the pac ket itself .
A CCESS C ONTR OL L IST C OMMANDS 4-143 Example Related Commands queue cos-map (4-263) show map access-list mac (4-143) show map access-list mac This command shows the CoS v alue mapped to a MA C AC L for the cur rent interface. (The CoS value dete r mines the output queu e for pack ets matching an A CL r ule.
C OMMAND L INE I NTERFACE 4-144 match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined A CL r ule. (This feature is commonly referred to as A CL pack et marking .) Use the no for m to remov e the AC L marker .
A CCESS C ONTR OL L IST C OMMANDS 4-145 show access-list This command shows all A CLs and asso ciated r ules, as well as all the user -defined masks . Command Mode Privileged Exec Command Usage Once the A CL is bound t o an interface (i. e., the A CL is active), the order in which the r ules are displayed is deter mined by the associated mask.
C OMMAND L INE I NTERFACE 4-146 SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protoc ol (SNMP), as well as the er ror ty pes sent to trap manag ers .
SNMP C OMMANDS 4-147 snmp-server This command enables the SNMPv3 engine and ser vices for all management clients (i.e., versions 1, 2c , 3). Use the no for m to disable the ser ver .
C OMMAND L INE I NTERFACE 4-148 show snmp This com mand can be used to check the status of SNMP communications . Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage This com.
SNMP C OMMANDS 4-149 snmp-server commun ity This command defines th e SNMP v1 and v2c comm unity access string . Use the no for m to remove the specified community string .
C OMMAND L INE I NTERFACE 4-150 snmp-server c ontact This command sets the system contact string. Use the no form to remove the system contact infor mation. Syntax snmp-ser ver contact string no snmp-server contact string - String that describes the system contact infor mation.
SNMP C OMMANDS 4-151 Command Mode Global Configuration Example Related Commands snmp-ser ver contact (4-150) snmp-server hos t This command specifie s the recipien t of a Simple Network Management Protocol notificati on operation. Use the no form to re mov e the specified host.
C OMMAND L INE I NTERFACE 4-152 Default Setting • Host Address: None • SNMP Version: 1 • UDP Port: 162 Command Mode Global Configuration Command Usage • If you do not enter an snmp-server host command, no notifications are sent.
SNMP C OMMANDS 4-153 Example Related Commands snmp-ser ver enable traps (4-153) snmp-server e nable traps This comm and enables this device to send Simple Network Management Protocol traps (SNMP not ifications). Use the no for m to disable SNMP notifications .
C OMMAND L INE I NTERFACE 4-154 Example Related Commands snmp-ser ver host (4-151) snmp-server e ngine-id This command configures a n identification str ing for the SNMPv3 engi ne.
SNMP C OMMANDS 4-155 • A local engine ID is automatically generated that is unique to the switch. This is referred to as the de fault engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared. You will ne ed to reconfigure all exis ting users (page 4-161).
C OMMAND L INE I NTERFACE 4-156 snmp-server view This command adds an SNMP view which controls user access to the MIB . Use the no for m to remov e an SNMP view . Syntax snmp-ser ver view view-name oid-tree { included | excluded } no snmp-ser ver view view-name • view-name - Name of an SNMP vi ew .
SNMP C OMMANDS 4-157 This view include s the MIB-2 interfaces table, and the mask selects all index entries . show snmp view This command shows infor mation on the SNMP views . Command Mode Privileged Exec Example Console(config)#snmp-server view ifEntr y.
C OMMAND L INE I NTERFACE 4-158 snmp-server g roup This command adds an SNMP g rou p , mapping SNMP users to SNMP views . Use the no for m to re mov e an SN MP g roup .
SNMP C OMMANDS 4-159 Example show snmp group F our default g roups are provided – SNMPv1 read-only access and read/ write access , and SNMPv2c read-o nl y access and read/write access .
C OMMAND L INE I NTERFACE 4-160 Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: mib-2 Write View: 802.1d Notify View: none Storage Type: nonvolatile Row Status: activ.
SNMP C OMMANDS 4-161 snmp-server user This command adds a user to an SNMP group , restricting the user to a specific SNMP Read and a W rite View . Use the no for m to remov e a user from an SNMP group .
C OMMAND L INE I NTERFACE 4-162 Command Mode Global Configuration Command Usage • T he SNMP engi ne ID is used to compute the authentica tion/privacy digests from the password. You shou ld therefore configure the engine ID with the snmp-server engine-id command before using this configuration command.
DNS C OMMANDS 4-163 DNS Commands These commands are use d to config ure Domain Na ming System (DNS) ser vices. Y ou can manually configure entries in the DNS domain name to IP address mapping table, configure default domain names , or specify one or more name ser vers to use for domain name to address translation.
C OMMAND L INE I NTERFACE 4-164 ip host This command create s a static entry in the DNS table t hat maps a host name to an IP address . Use the no for m to remove an ent r y . Syntax [ no ] ip host name address1 [ addr ess2 … address8 ] • name - Name of the host.
DNS C OMMANDS 4-165 Example This example maps two address to a host name . clear host This command deletes entries from the DNS table . Syntax clear host { name | * } • name - Name of the host.
C OMMAND L INE I NTERFACE 4-166 ip domain-name This command de fines the default doma in name appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation). Use the no for m to remov e the cur rent domain name.
DNS C OMMANDS 4-167 ip domain-list This command de fines a list of domain names that can be appended to incomplete host names (i.e., host names passed from a client that are not for matted with dotted notation). Us e the no fo r m t o r em ove a n a me fr o m this list.
C OMMAND L INE I NTERFACE 4-168 Example This example adds two domain names to the current list and then displays the list. Related Commands ip domain-name (4-166) ip name-server This command spec ifies the address of one or more domain name servers to use for name-to-address resolution.
DNS C OMMANDS 4-169 Example This example adds tw o domain-name servers to the list and then di splays the list. Related Commands ip domain-name (4-166) ip domain-lookup (4-169) ip domain-lookup This command enables DNS host name -to-address translation.
C OMMAND L INE I NTERFACE 4-170 Example This example enables DNS and then displays the configur ation. Related Commands ip domain-name (4-166) ip name-ser ver (4-168) show hosts This comm and displays the static host name-to-address mapping table .
DNS C OMMANDS 4-171 show dns This comm and displays the conf iguration of the DNS ser ver . Command Mode Privileged Exec Example show dns cache This comm and displays entries in the DNS cache. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
C OMMAND L INE I NTERFACE 4-172 clear dns cache This command c lears all entries in the DNS cache . Command Mode Privileged Exec Example Field Description NO The entry number for each resource record. FLAG The flag i s always “4” indicating a cache entry and th erefore unreliable.
I NTERFACE C OMMANDS 4-173 Interface Commands These commands are used to display or set communication parameters for an Ethernet por t, ag g reg ated link, or VLAN .
C OMMAND L INE I NTERFACE 4-174 interface This command c onfigures an interface type and enter interface configuration mode. Use the no for m to remov e a trunk. Syntax interface interface no interface port-channel channel-id • interface • ethernet unit / port - unit - Stack unit.
I NTERFACE C OMMANDS 4-175 Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 24. speed-duplex This command configures the speed an d duplex mode of a given interface when autoneg otiation is disabled.
C OMMAND L INE I NTERFACE 4-176 • When using the negotiation command to enable auto-negotiation, the optimal settings will be de termined by the capabilities command. To set the speed/duplex mod e under auto-negotiation, the req uired mode must be specified in the capabilities list for an interface.
I NTERFACE C OMMANDS 4-177 Example The following example configures por t 11 to use autoneg otiation. Related Commands capabilities (4 -177) speed-duplex (4 -175) capabilities This command advertises the port capab ilities of a giv en interface during autoneg otiation.
C OMMAND L INE I NTERFACE 4-178 Command Usage When auto-neg otiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and fl o w c o n tr o l c ommands .
I NTERFACE C OMMANDS 4-179 • To force flow control on or off (with the flowcontrol or no flowcontrol command ), use the no negotiation command to disable auto-negotiation on the selected interface. • When using the negotiation command to e nable auto- negotiation, the optimal settings will be de termined by the capabilities command.
C OMMAND L INE I NTERFACE 4-180 Default Setting sfp-preferred-auto Command Mode Interface Configuration (Ethernet) Example This forces the switch to use the bu ilt-in RJ-45 port for the combination port 21. shutdown This com mand disable s an interface.
I NTERFACE C OMMANDS 4-181 switchport broadcast packet-rate This command configur es broadcast storm control. Use the no form to disable broadcast stor m control. Syntax switchport broadcast packet-rate rate no switchport broadcast rate - Threshold level as a rate; i.
C OMMAND L INE I NTERFACE 4-182 clear counters This command clear s statistics on an interface . Syntax clear counter s interface interface • ethernet unit / port - unit - Stack unit.
I NTERFACE C OMMANDS 4-183 show interfaces status This command displays the status for an interface . Syntax show interfaces s tatus [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-184 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit.
I NTERFACE C OMMANDS 4-185 Command Usage If no interface is specified, inform ation on all interfaces is displayed. F or a description of the items displayed b y this command, see “Showing P or t Statistics” on page 3-127.
C OMMAND L INE I NTERFACE 4-186 show interfaces switchport This comm and displays the administra tive and operational s tatus of the specified interfaces. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit.
I NTERFACE C OMMANDS 4-187 Table 4-46 show interfaces switchport - display description Field Description Broadcast threshold Shows if broadcast storm su ppression is enabl ed or disabled; if enabled it also shows the threshold level (page 4-181). LACP status Shows if Link Aggregation Control Protocol has been enabled or disabled (page 4-194).
C OMMAND L INE I NTERFACE 4-188 Mirror Port Commands This section describes how to mir ror tr affic from a source port to a targ et port. port monitor This command configures a mirror session.
M IR R OR P ORT C OMMANDS 4-189 Command Usage • You can mirror traffic from any so urce port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and stud y the traffic crossing the source port in a completely unobtrusive manner.
C OMMAND L INE I NTERFACE 4-190 Example The following shows mirroring configured from port 6 to port 11. Rate Limit Commands This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on an interface .
R ATE L IMIT C OMMANDS 4-191 rate-limit This comm and defines the rate li mit for a specific interface. Use this command without specifying a ra te to restore the default rate .
C OMMAND L INE I NTERFACE 4-192 Link Aggregation Commands P orts can be statically g rouped into an agg reg ate link (i.e ., tr unk) to increase the bandwidth of a netw or k connection or to ensure fault recov er y .
L INK A GG R E G A T I O N C OMMANDS 4-193 Guidelines for Creating Trunks General Guidelines – • F inish configuring port trunks be fore you connect the corresponding network cables between switch es to avoid creating a loop. • A trunk can have up to 32 ports.
C OMMAND L INE I NTERFACE 4-194 channel-group This comm and adds a port t o a tr unk. Use the no for m to remove a port from a tr unk. Syntax channel-gr oup channel-id no channel-group channel-id - T r unk index (Range: 1-32) Default Setting The cur rent por t will be added to this tr unk.
L INK A GG R E G A T I O N C OMMANDS 4-195 Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP tr unk must be c onfigured for full duplex, either by forced mode or auto-negotiation. • A trunk forme d with another switch using LACP will automatically be assigned the next avai lable port-channel ID.
C OMMAND L INE I NTERFACE 4-196 Example The following shows LA CP enabled on ports 10-12. Because LACP has also been enabled on the ports at the other end of the links , the show interfaces status por t-channel 1 command shows that T r unk1 has been established.
L INK A GG R E G A T I O N C OMMANDS 4-197 lacp system-priority This command configures a por t's LA CP system prio rity . Use the no for m to restore the default setting . Syntax lacp { actor | par tner } system-pr iority priority no lacp { actor | par tner } system-priority • actor - The local side an aggregate link.
C OMMAND L INE I NTERFACE 4-198 lacp admin-key (Ethernet Interface) This command configures a port's LAC P administration k ey . Use the no for m to restore the default setting . Syntax lacp { actor | par tner } admin-key key [ no ] lacp { actor | par tner } admin-k ey • actor - The local side an aggregate link.
L INK A GG R E G A T I O N C OMMANDS 4-199 lacp admin-key (Port Channel) This command configures a port ch annel's LA CP administration key string .
C OMMAND L INE I NTERFACE 4-200 lacp port-priority This command configur es LA CP port priority . Use the no for m to res tor e the default setting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The local side an aggregate link.
L INK A GG R E G A T I O N C OMMANDS 4-201 show lacp This command di splays LA CP infor mation. Syntax show lacp [ por t-channel ] { counters | inter nal | neighbors | sys-id } • port-channel - Local identifier for a link aggregation group. (Range: 1-6) • counters - Statistics for LACP protocol messages.
C OMMAND L INE I NTERFACE 4-202 Table 4-50 show l acp counters - d isplay description Field Description LACPDUs Sent Number of val id LACPDUs transmit ted from this channe l group. LACPDUs Received Number of valid LACPD Us received on this channel group.
L INK A GG R E G A T I O N C OMMANDS 4-203 LACPDUs Internal Number of seconds before invalidating rece ived LACPDU information. LACP System Priority LACP system p riority assigned to th is port channel. LACP Port Priority LACP port priority assigned to this interface within the channel group.
C OMMAND L INE I NTERFACE 4-204 Console#show lacp 1 neighbors Channel group 1 neighbors --------------------------------------- ---------------------------- Eth 1/1 -----------------------------------.
L INK A GG R E G A T I O N C OMMANDS 4-205 Console#show lacp 1 sysid Channel group System Priority Sys tem MAC Address --------------------------------------- ---------------------------- 1 32768 00 -.
C OMMAND L INE I NTERFACE 4-206 Address Table Commands These commands are use d to config ure the address table for filtering specified addresses, displa ying cur rent en tries, clearing the table, or setting the aging time. mac-address-table static This command maps a static address to a destination port in a VLAN .
A DDR ESS T ABLE C OMMANDS 4-207 • action - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Setting No static addresses are defined.
C OMMAND L INE I NTERFACE 4-208 Example show mac-address-table This command shows classes of entrie s in the bridge-forwarding database. Syntax show mac-address-table [ address mac-address [ mask ]] [ interface interface ] [ vlan vlan-id ] [ sor t { address | vlan | interface }] • mac-address - MAC address.
A DDR ESS T ABLE C OMMANDS 4-209 example, a mask of 00-00-00-00-00 -00 means an exac t match, and a mask of FF-FF-FF-FF-FF-FF mea ns “any.” • The maximum number of address entries is 8191. Example mac-address-table aging-time This command sets the agi ng time for entries in the address table .
C OMMAND L INE I NTERFACE 4-210 show mac-address-table aging-time This command shows the aging time for entries in the a ddress table. Default Setting None Command Mode Privileged Exec Example Spannin.
S PANNING T RE E C OMMANDS 4-211 spanning-tree mst configuration Accesses MSTP configuration m ode GC 4-219 mst vlan Adds VLANs to a spanning tree instance MST 4-219 mst priority Configures the priori.
C OMMAND L INE I NTERFACE 4-212 spanning-tree This command e nables the Spanning T ree Alg orithm globally for the switch. Use the no for m to disable it.
S PANNING T RE E C OMMANDS 4-213 spanning-tree mode This command selects the spanning tr ee mode for this swit ch. Use the no for m to restore the default. Syntax spanning-tree mode { stp | rstp | mstp } no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.
C OMMAND L INE I NTERFACE 4-214 - RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives an RS TP BPDU after the mi gration delay expire s, RSTP restarts the m igration delay ti me r and begins using RSTP BPDUs on that port.
S PANNING T RE E C OMMANDS 4-215 Command Usage This command se ts the maximum time (in seconds) the root device will w a it b e f o r e c h a n gi n g s t a t e s ( i . e . , d i scarding to learning to forwarding). This delay is required because ever y device must receive information about topolog y changes before it starts to forward frames .
C OMMAND L INE I NTERFACE 4-216 spanning-tree max-age This command configures the spanning tree bridg e maximum age globally for this switch. Use the no for m to restore th e default. Syntax spanning-tree max-a ge seconds no spanning-tree max-ag e seconds - Time in seconds .
S PANNING T RE E C OMMANDS 4-217 spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge.
C OMMAND L INE I NTERFACE 4-218 Default Setting Long method Command Mode Global Configuration Command Usage The path cost method is used to deter mine the best path between devices . T herefore, low er values should be assigned to ports attac hed to faster media, and higher values assigned to ports with slower media.
S PANNING T RE E C OMMANDS 4-219 spanning-tree mst configuration Use this command to change to Multiple Spanning T ree (MST) configuration mode. Default Setting • No VLANs are mapped to a ny MST instance. • The region name is set the switch’s MAC address.
C OMMAND L INE I NTERFACE 4-220 Command Mode MST Configurat ion Command Usage • Use this command to group VLANs into spanning tree instances. MSTP generates a unique spanning tree for each instance.
S PANNING T RE E C OMMANDS 4-221 mst priority This command configures the priority of a spanning tree instance. Use the no for m to restore the defaul t. Syntax mst instance_id priority priority no mst instance_id priority • instance_id - Instance ident ifier of the spanning tree .
C OMMAND L INE I NTERFACE 4-222 name This command configur es the name for the m ultiple sp anning tree region in which this switc h is located. Use the no for m to clear the name .
S PANNING T RE E C OMMANDS 4-223 Default Setting 0 Command Mode MST Configurat ion Command Usage The MST region name (pag e 4-222) and revision number are used to designate a unique MST region. A brid ge (i.e., spanning-tree compliant device such as this switc h) can onl y belong to one MST region.
C OMMAND L INE I NTERFACE 4-224 Command Usage A MSTI region is treated a s a si ngle node by the STP and RSTP protocols . Therefore, the message age for BPDUs inside a MSTI region is ne ve r ch an g e d.
S PANNING T RE E C OMMANDS 4-225 spanning-tree cost This command configures the spanning tree path cost for the spec ified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost cost - The path cost for the port.
C OMMAND L INE I NTERFACE 4-226 spanning-tree port-priority This command configur es the priority f or the specified interface . Use the no for m to restore the default . Syntax spanning-tree por t-priority priority no spanning-tree por t-priority priority priority - The priority for a por t.
S PANNING T RE E C OMMANDS 4-227 Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node.
C OMMAND L INE I NTERFACE 4-228 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Thi s command is used to enable/ dis able the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and procee d straight to Forwarding.
S PANNING T RE E C OMMANDS 4-229 Default Setting auto Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Specify a point-to-point link if th e interface can only be connected to exactly one other br idge, or a shared link if it can be connected to two or more bridges.
C OMMAND L INE I NTERFACE 4-230 Default Setting By default, the system automatically detects the spe ed and duplex mode used on eac h port, and configures the path co st according to the v alues shown belo w . P ath cost “0” is us ed to indicate auto-configuration mode.
S PANNING T RE E C OMMANDS 4-231 spanning-tree mst port-priority This command confi gures the interfac e priority on a spanning instance in the Multiple Spanning T ree.
C OMMAND L INE I NTERFACE 4-232 spanning-tree protocol-migration This command re-checks the appropriate BPDU for mat to send on the selected interface. Syntax spanning-tree prot ocol-mig ration interface • interface - ethernet unit / port - unit - Stack unit.
S PANNING T RE E C OMMANDS 4-233 show spanning-tree This command shows the configurat ion for the common spanning tree (CST) or for an instance within the multiple spanning tree (MST). Syntax show spanning-tree [ interface | mst instance_id ] • interface - ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-234 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode: MSTP Spanning tree enabled/disabled: enab led Instance: 0 VLANs configuration: 1-40 93 Priority: 3276 8 Bridge Hello Time (sec.
VLAN C OMMANDS 4-235 show spanning-tree mst configuration This command shows the multiple spanning tree configuration. Command Mode Privileged Exec Example VLAN Commands A VLAN is a g roup of ports that can be located an ywhere in the netw ork, but communicate as though they bel ong to the same ph ysical segment.
C OMMAND L INE I NTERFACE 4-236 Editing VL AN Groups vlan database This comm and enters VLAN database mode. All commands in this mode will take effect immediately . Default Setting None Command Mode Global Configuration Command Usage • U se the VLAN database command mode to add, change, and delete VLANs.
VLAN C OMMANDS 4-237 Example Related Commands s h o w v l a n ( 4 - 2 4 6 ) vlan This command configures a VLAN . Use the no form to restore the default settings or delete a VLAN . Syntax vlan vlan-id [ name vlan-name ] media ether net [ state { active | suspend }] no vlan vlan-id [ name | state ] • vlan-id - ID of configured VLAN.
C OMMAND L INE I NTERFACE 4-238 Example The following example adds a VLAN , using VLAN ID 105 and name RD5. The VLAN is activated by default. Related Commands s h o w v l a n ( 4 - 2 4 6 ) Configuring.
VLAN C OMMANDS 4-239 interface vlan This comm and enters inte rface configuration mode for VLANs , which is used to configure VLAN parame ters for a physical interface.
C OMMAND L INE I NTERFACE 4-240 switchport mode This command configures the VLAN membership mod e for a port. Use the no for m to restore the defa ult. Syntax switchport mode { tr unk | hyb ri d } no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk.
VLAN C OMMANDS 4-241 switchport acceptable-frame-types This co mmand configu res the acce ptable frame ty pes for a por t. Use the no for m to restore the defaul t. Syntax switchport acceptable-frame-types { all | ta gg ed } no switchport acceptable-frame-types • all - The port accepts all fram es, tagged or untagged.
C OMMAND L INE I NTERFACE 4-242 switchport ingress-filtering This comm and enables ing ress filtering for an interface. Use the no for m to restore the default.
VLAN C OMMANDS 4-243 switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no for m to restore the default. Syntax switchport nativ e vlan vlan-id no switchport nativ e vlan vlan-id - Default VLAN ID for a port.
C OMMAND L INE I NTERFACE 4-244 switchport allowed vlan This command configur es VLAN grou ps on the selected interface. Use the no for m to restore the defa ult. Syntax switchport allowed vlan { add vlan-list [ tagged | untagged ] | remo v e vlan-list } no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add.
VLAN C OMMANDS 4-245 • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows ho w to add VLANs 1, 2, 5 and 6 to the allowed list as tag g ed VLANs for por t 1.
C OMMAND L INE I NTERFACE 4-246 Example The following example shows ho w to prevent port 1 from being added to VLAN 3. Displaying VLAN Information show vlan This comm and shows VLAN infor mation. Syntax show vlan [ id vlan-id | name vlan-name ] • id - Keyword to be follo wed by the VLAN ID.
VLAN C OMMANDS 4-247 Example The following example shows ho w to display infor mation for VLAN 1. Configuring Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN . T his se ction describes commands used to configure priv ate VlANs .
C OMMAND L INE I NTERFACE 4-248 Command Mode Global Configuration Command Usage • A private VLAN provides port-base d security and isolation between ports within the VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the uplink port.
VLAN C OMMANDS 4-249 Configuring Protocol-based VLANs The network devices required to su pport multiple protocols cannot be easily g rouped into a common VLAN . This may require non-standard devices to pass traffic between differ ent VLANs in order to enc ompass all the devices part icipating in a specific protocol.
C OMMAND L INE I NTERFACE 4-250 3. Then map the protocol for each interface to the appropriate VLAN using the protocol-vlan protocol-g roup command (Interface Configuration mode). protocol-vlan protocol-group (Configuring Groups) This command creates a protocol g rou p , adds specific protocols to a gr ou p .
VLAN C OMMANDS 4-251 protocol-vlan protocol-group (Configuring Interfaces) This command maps a protocol g roup to a VLAN for the cur rent interface. Use the no form to remov e the protocol mapping for this interface.
C OMMAND L INE I NTERFACE 4-252 Example The following example maps the traffi c entering P ort 1 which matches the protocol type specified in protocol group 1 to VLAN 2. show protocol-vlan protocol -group This command shows the frame and protocol type a ssociated with protocol g roups .
VLAN C OMMANDS 4-253 show interfaces protocol-vlan protocol-group This command shows the mapping from protocol groups to VLANs for the sele cted interfaces . Syntax show interfaces protocol-vlan protocol-g roup [ interface ] • interface - ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-254 GVRP and Bridge Extension Commands GARP VLAN Registrati on Protocol defines a wa y for switches to ex change VLAN infor mation in orde r to aut omatically reg ister VLAN members on interfaces across the netw or k.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-255 Command Mode Global Configuration Command Usage G V R P d e f i n e s a w a y f o r s w i t c h e s t o e x c h a n ge V L A N i n f o rm a t i o n i n order to registe r VLAN members on por ts across the network.
C OMMAND L INE I NTERFACE 4-256 switchport gvrp This co mmand enables GVR P for a port. Use the no for m to disable it. Syntax [ no ] s wi tc hp ort gv rp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example show gvrp configuration This command shows if GVRP is enabled.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-257 garp timer This comm and sets the values for the join, leav e and leav eall timers. Use the no for m to restore the timers’ defau lt values . Syntax gar p timer { join | leave | lea veall } ti mer_value no gar p timer { join | leave | leav eall } •{ join | leave | leaveall } - Which timer to set.
C OMMAND L INE I NTERFACE 4-258 Example Related Commands s h o w g a r p t i m e r ( 4 - 2 5 8 ) show garp timer This comm and shows the GARP timers for the selected interface. Syntax show gar p timer [ interface ] interface • ethernet unit / port - unit - Stack unit.
P RIORITY C OMMANDS 4-259 Priority Commands The com mands described in this section allow you to specify which data packets ha ve greater precede nce when traffic is buffered in the switch due to congestion. T his switch supports CoS with eight priority queues for each port.
C OMMAND L INE I NTERFACE 4-260 Priority Commands (Layer 2) queue mode This command sets the queue mode to strict pri ority or W eighted Round-R obin (WRR) for the class of se r vice (CoS) priority queues . Use the no for m to restore the default value .
P RIORITY C OMMANDS 4-261 Default Setting W eighted R ound Robin Command Mode Global Configuration Command Usage Y ou can set the switc h to ser vice the queues based on a strict ru le that requires a.
C OMMAND L INE I NTERFACE 4-262 Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • The default priority applies for an untagged frame re ceived on a port set to accept all frame types (i.
P RIORITY C OMMANDS 4-263 Default Setting W eights 1, 2, 4, 6, 8, 10, 12, 14 are assigned to queues 0 - 7 respectively . Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage WRR controls bandwidth sharing at the eg ress port by defining scheduling weights .
C OMMAND L INE I NTERFACE 4-264 Default Setting This switch suppor ts Class of Ser vice by using eight priority queues , with W e ighted R ound Robin queuing for eac h port. Eight se parate traffic classes are defined in IEEE 802.1p . The default priority levels are assigned according to recommendations in the IEEE 802.
P RIORITY C OMMANDS 4-265 show queue mode This command show s the current queue mode . Default Setting None Command Mode Privileged Exec Example show queue bandwidth This command di splays the weight ed round-robin (WRR) bandwidth allocation for the eight priority queues .
C OMMAND L INE I NTERFACE 4-266 show queue cos-map This command shows the class of service priority map . Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit.
P RIORITY C OMMANDS 4-267 Priority Commands (Layer 3 and 4) Table 4-66 Priority Commands (Laye r 3 and 4) Command Function Mode Page map ip port Enables TCP/UDP class of service mapping GC 4-268 map i.
C OMMAND L INE I NTERFACE 4-268 map ip port (Global Configuration) This command enables IP por t mapping (i.e., class of ser vice mapping for TCP/UDP sock ets).
P RIORITY C OMMANDS 4-269 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • This command sets the IP port priority for all inter faces.
C OMMAND L INE I NTERFACE 4-270 Example The following example shows ho w to enable IP precede nce mapping globally: map ip precedence (Interface Configurat ion) This command sets IP prec edence priority (i .e., IP T ype of Ser vice priority). Use the no form to restore the default table.
P RIORITY C OMMANDS 4-271 Example The following example shows ho w to map IP precedence value 1 to CoS val ue 0 : map ip dscp (Global Configuration) This command e nables IP DSCP mapping (i.e ., Differentiated Ser vices Code P oint mapping). Use the no form to disable IP DSCP mapping .
C OMMAND L INE I NTERFACE 4-272 map ip dscp (Interface Configuratio n) This comm and sets IP DSCP priority (i.e., Differentiated Ser vices Code P oint priority). Use the no for m to restore the def ault table. Syntax map ip dscp dscp-value cos cos-v alue no map ip dscp • dscp-value - 8-bit DSCP value.
P RIORITY C OMMANDS 4-273 Example The following example shows ho w to map IP DSCP value 1 to CoS val ue 0 . show map ip port Use this command to show the IP port priority map . Syntax show map ip port [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-274 show map ip precedence This co mmand shows the IP precedence priori ty map . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack unit.
P RIORITY C OMMANDS 4-275 show map ip dscp This command shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-276 Multicast Filtering Commands This switch uses IGMP (Interne t Gr oup Management Protocol) to quer y for any attac hed hosts that w ant to re cei ve a specific multicast servi ce. It identifies the ports containing hosts requesting a ser vice and sends data out to those ports only .
M ULTICAST F ILTERING C OMMANDS 4-277 ip igmp snooping This command enables IGMP snooping on this switch. Us e the no for m to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping .
C OMMAND L INE I NTERFACE 4-278 Command Mode Global Configuration Example The following shows how to statica lly configure a multicast group on a port. ip igmp snooping version This command configures the IG MP snooping version. Use the no for m to restore the default.
M ULTICAST F ILTERING C OMMANDS 4-279 show ip igmp snooping This command shows the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping and Quer y P arameters” on page 3-202 for a description of the displa yed items .
C OMMAND L INE I NTERFACE 4-280 Command Mode Privileged Exec Command Usage Member types displayed includ e IGMP or USER, depending on selected options.
M ULTICAST F ILTERING C OMMANDS 4-281 ip igmp snooping querier This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will ser ve as querier if elected.
C OMMAND L INE I NTERFACE 4-282 Command Usage The quer y count defines how long the querier waits for a response from a multicast client before taki ng action.
M ULTICAST F ILTERING C OMMANDS 4-283 ip igmp snooping query-max-response-time This command configur es the query re port delay . Use the no for m to restore the default. Syntax ip igmp snooping quer y-max-response-time seconds no ip igmp snooping quer y-max-response-time seconds - The re port delay advertised in IGMP queries .
C OMMAND L INE I NTERFACE 4-284 ip igmp snooping router-port-ex pire-time This command configur es the query timeout. Use the no form to restore the default.
M ULTICAST F ILTERING C OMMANDS 4-285 Static Multicast Routing Commands ip igmp snooping vlan mrouter This comm and statically configures a multicast router port.
C OMMAND L INE I NTERFACE 4-286 Example The following shows how to configure port 11 as a multicast router port within VLAN 1: show ip igmp snooping mrouter This command di splays inform ati on on statically configured and dynamically lear ned multicast router por ts .
IP I NTERFACE C OMMANDS 4-287 IP Interface Commands An IP addresses ma y be used for ma nagement access to the switch over your netw ork. The IP address for this switc h is obtained via DHCP by default.
C OMMAND L INE I NTERFACE 4-288 ip address This command sets the IP address for t he cur rently sel ected VLAN interface. Use the no form to restore the default IP address. Syntax ip address { ip-addr ess netmask | bootp | dhcp } no ip address • ip-address - IP address • netmask - Network mask for the associated IP subnet.
IP I NTERFACE C OMMANDS 4-289 access to the switch. If you assi gn a n IP a d dr e s s to a n y o t h er VLAN, the new IP address overrides the original IP addres s and this becomes the new management VLAN. Example In the following example , the device is assigned an address in VLAN 1.
C OMMAND L INE I NTERFACE 4-290 Example In the following example , the device is reassigned the sam e address . Related Commands ip address (4 -288) ip default-gateway This command e stablishes a static ro ute between this switch and devices that exist on another network segment.
IP I NTERFACE C OMMANDS 4-291 Related Commands show ip redirects (4 -291) show ip interface This comm and displays the se ttings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Related Commands show ip redirects (4 -291) show ip redirects This command shows the default gatewa y configured for thi s device.
C OMMAND L INE I NTERFACE 4-292 ping This command sends ICMP echo request pack ets to another node on the network. Syntax ping host [ size size ] [ count count ] • host - IP address or IP alias of the host.
IP I NTERFACE C OMMANDS 4-293 Example Related Commands interface (4 -174) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.
C OMMAND L INE I NTERFACE 4-294.
A-1 A PPENDI X A S OFTWARE S PECIFICATIONS Software Features Authentication Local, RADIUS , T A CA CS , P or t (802. 1X), HTTPS , SSH, P ort Security Access Control Lists IP , MA C (up to 32 lists) DH.
S OFTWARE S PECIFICATIONS A-2 Por t T r un k in g Static tr unks (Cisco EtherChannel compliant) Dynamic tr unks (Link Ag g reg ation Control Protocol) Spanning T r ee Protoc ol Spanning T ree Protocol (STP , IEEE 802.1D) Rapid Spanning T ree Prot ocol (RSTP , IEEE 802.
S OFTWARE S PECIFICATIONS A-3 Softwa re Loading TFTP in-band or XModem out-of-band SNMP Management access via MIB database T rap manag ement to specified hosts RMON Groups 1, 2, 3, 9 (Statistics , Histor y , Alar m, Event) Standards IEEE 802.1D Spanning T ree Pr otocol and traffic priorities IEEE 802.
S OFTWARE S PECIFICATIONS A-4 SNMPv2 (RFC 2571) SNMPv3 (RFC 3414, RFC 2570, RFC 22 73, RFC 3411 & RFC 3415) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 1350) Management Information Bases Bridge M.
S OFTWARE S PECIFICATIONS A-5 T rap (RFC 1215) UDP MIB (RFC 2012).
S OFTWARE S PECIFICATIONS A-6.
B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connec t using Telnet, web browser, or SNMP software • Be sure the switc h is powered up. • Check network cabling between the management s tation and the switch.
T R OUBLESHOOTING B-2 Cannot connec t using Secure Shell • If you can not connect using SSH, yo u may have exceeded the maximum number of concu rrent Telnet/SSH sessio ns permitted.
U SING S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem y ou encountered is ac tually caused b y the switc h. If the problem appears to be caused b y the switch, follo w these steps: 1.
T R OUBLESHOOTING B-4.
Glossary-1 G LOSSARY Access Control List (ACL) A CLs can limit network traff ic and re strict access to cer tain users or devices by c hecking eac h packet for certain IP or MA C (i.
G LOSSAR Y Glossary-2 Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to v erify the network access rights f or any device t hat is plug g ed into the sw itch. A user name and passw ord is requested by th e switch, and then passed to an authentication ser ver (e.
G LOSSAR Y Glossary-3 IEEE 802.1Q VLAN T ag ging—Defines Et her net frame t ags which carry VLAN infor mation. It allows switches to a ssign endsta tions to different vir tual LANs , and defines a standard way for VLA Ns to communicate across switched netw orks .
G LOSSAR Y Glossary-4 IGMP Query On each subnetw ork, one IGMP-capable device will act as the querier — that is , the device that asks all hosts to repor t on the IP multicast g roups they wish to join or to which they already belong . T he elected querier will be the device with the lo west IP address in the sub network.
G LOSSAR Y Glossary-5 Link Aggregation See Port T runk. Link Ag g regation Control Pr otocol (LA CP) Allows ports to automatically negotiate a tr unked link with LA CP-configured por ts on another device. Management Infor mation Base (MIB) An acronym for Management Infor mati on Base.
G LOSSAR Y Glossary-6 Port Trunk Defines a network link agg regation and tr unking method which specifies how to create a single high-speed logical link that combines several lower -speed physical links. Private VLA Ns Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN .
G LOSSAR Y Glossary-7 Simple Network Management Protocol (SNMP) The application protocol in the Intern et suite of protocols which offers network management services. Simple Network Ti me Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Netw ork Time Protocol (NTP) ser ver .
G LOSSAR Y Glossary-8 User Datagram Protocol (UDP) UDP provides a dat ag ram mode for pa ck et-switched comm unications . It uses IP as the underlying transport mechanism to provide access to I P-like ser vices . UDP packets are delivered ju st like IP packets – connection-less datag rams that may be discarded before reaching their targets .
Index-1 Numerics 802.1X, port authentication 4-104 A acceptable fr ame type 3-17 7 , 4-241 Access Cont rol List See ACL ACL Extend ed IP 3-88 , 4-114 , 4-116 , 4-120 MAC 3-88 , 4-114 , 4-133 , 4-134 .
I NDEX Index-2 E edge port, STA 3-152 , 3-155 , 4-226 event logging 4-5 6 F firmware displaying version 3-14 , 4-81 upgrading 3-23 , 4-84 G GARP VLAN Regist ration Protocol See GVRP gateway, default 3.
I NDEX Index-3 multicast groups 3-207 , 4-279 displaying 4-279 static 3-207 , 4-277 , 4-279 multicast services configuring 3-208 , 4-277 displaying 3-207 , 4-279 multicast, static router port 3-206 , .
I NDEX Index-4 interface settings 3-149 , 3-160 , 3-162 , 4-225 – 4-232 , 4-233 link type 3-152 , 3-155 , 4-228 path cost 3-141 , 3-151 , 4-225 path cost method 3-146 , 4 -217 port priority 3-151 , .
.
38 T esla Irvine, CA 92618 Phone: (949) 679-8 000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. and Canada (2 4 hours a day , 7 days a week) (800) SMC-4-Y OU; Phn: (949) 679-8000; F ax: (949) 679- 1481 From Europe: Contact details can be found on www .smc-europe.
38 T esla Irvine, CA 92618 Phone: (949) 679-8 000.
-8.
An important point after buying a device SMC Networks SMC8724M (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought SMC Networks SMC8724M yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data SMC Networks SMC8724M - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, SMC Networks SMC8724M you will learn all the available features of the product, as well as information on its operation. The information that you get SMC Networks SMC8724M will certainly help you make a decision on the purchase.
If you already are a holder of SMC Networks SMC8724M, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime SMC Networks SMC8724M.
However, one of the most important roles played by the user manual is to help in solving problems with SMC Networks SMC8724M. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device SMC Networks SMC8724M along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center