Manuel d'utilisation / d'entretien du produit ES4524C du fabricant Accton Technology
Aller à la page of 426
www .edge-core.com Management Guide P owered by Accton ES4512C ES4524C ES4548C 12/24/48-Port Gigabit Intelligent Switch.
.
Installation Guide ES4512C 12-Port Gigabi t Intelligent Switch Layer 2 Workgroup Switch with 12 1000BASE-T (RJ-45) Ports, and 4 Combin ation (RJ-45 /SFP) Ports ES4524C 24-Port Gigabi t Intelligent Swi.
ES4512C ES4524C ES4548C E052005-R02.
i Contents Chapter 1: Intr oduction 1- 1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5 Chapter 2: Initial Configuratio n 2-1 Connecting to the Switch 2-1 Configuration Opti.
Contents ii System Log Configuration 3-19 Remote Log Configuration 3-20 Displaying Log Message s 3-22 Sending Simple Mail Transfer Protocol Alerts 3-23 Resetting the System 3-25 Setting the System Clo.
Contents iii Displaying LACP Settings and Status for the Local Side 3-77 Displaying LACP Settings and Status for the Remote Side 3-79 Setting Broadcast Storm Threshol ds 3-80 Configuring Port Mi rrori.
Contents iv Mapping CoS Values to ACLs 3-136 Changing Priorities Based on ACL Rules 3-137 Multicast Filtering 3-139 Layer 2 IGMP (Snooping and Query) 3-139 Configuring IGMP Snoopin g and Query Paramet.
Contents v disconnect 4-18 show line 4-19 General Commands 4-20 enable 4-20 disable 4-21 configure 4-21 show history 4-22 reload 4-22 end 4-23 exit 4-23 quit 4-24 System Management Comma nds 4-24 Devi.
Contents vi logging fa cility 4-45 logging tra p 4-46 clear logging 4-46 show logging 4-47 SMTP Alert Commands 4-48 loggin g sendmail host 4-49 logging sendmail l evel 4-49 logging sendmail source-ema.
Contents vii tacacs-server host 4-74 tacacs-server port 4-74 tacacs-server key 4-75 show tacacs-server 4-75 Port Security Commands 4-76 port security 4-76 802.
Contents viii ACL Information 4-111 show access-list 4-111 show access-group 4-111 SNMP Commands 4-112 snmp-server community 4-112 snmp-server co ntact 4-113 snmp-server location 4-113 snmp-server hos.
Contents ix lacp admin-key (Port Channel) 4-142 lacp port-priority 4-142 show lacp 4-143 Address Table Commands 4-147 mac-address-table static 4-148 clear mac-address-table dynamic 4-149 show mac-addr.
Contents x switchport allowed vlan 4-177 switchport forbidden vlan 4-178 Displaying VLAN Informa tion 4-179 show vlan 4-179 Configuring Private VLANs 4-180 pvlan 4-180 show pvlan 4-181 Configuring Pro.
Contents xi IGMP Query Commands (Layer 2) 4-206 ip igmp snooping querier 4-206 ip igmp snooping query-count 4-206 ip igmp snooping query-interval 4-207 ip igmp snooping query-max-response-ti me 4-208 .
Contents xii.
xiii Tables Table 1-1. Key Features 1-1 Table 1-2. System Defaults 1-5 Table 3-1. Web Page Configuration Butto ns 3-3 Table 3-2. Switch Main Menu 3-4 Table 3-3. Logging Levels 3-19 Table 3-4. HTTPS System Support 3-35 Table 3-5. 802.1x Statistics 3-48 Table 3-6.
xiv Ta b l e s Table 4-27. Authentication Sequence Command s 4-69 Table 4-28. RADIUS Client Commands 4-71 Table 4-29. TACACS+ Clien t Commands 4-74 Table 4-30. Port Security Commands 4-76 Table 4-31. 802.1 x Port Auth entication Commands 4-78 Table 4-32.
xv Figures Figure 3-1 . Home Page 3-2 Figure 3-2 . Front Panel Indicators 3-3 Figure 3-3 . System Inform ation 3-9 Figure 3-4. Switch Information 3-11 Figure 3-5. Displaying Bridge Extension Configuration 3-12 Figure 3-6. IP Interface Configuration - Manua l 3-14 Figure 3-7.
Figures xvi Figure 3-43. LACP - Aggreg ation Port 3-74 Figure 3-44. LACP - Port Co unters Information 3-76 Figure 3-45. LACP - Port Interna l Information 3-78 Figure 3-46. LACP - Port Ne ighbors Information 3-79 Figure 3-47. Port Broadcast Control 3-81 Figure 3-48.
Figures xvii Figure 3-88. DNS General Configuration 3-147 Figure 3-89. DNS Static Host Table 3-149 Figure 3-90. DNS Cache 3-150.
Figures xviii.
1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching . It includes a management agent that allows you to configure t he features l isted in this manual. The default configurati on can be used for most of the featu res provided by this switch.
Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced perf ormance enhancing features. Flow control eliminates the l oss of packet s due to bottlenecks cause d by port saturation. Broadcast storm supp ression prevents broa dcast traffi c storms from engulfing the network.
Description of Softwa re Features 1-3 1 Port Mirroring – The switch can unobtrusi vely mirror t raffic from any port t o a monitor port. Y ou can then att ach a protocol analyz er or RMON probe to this port to perform traf fic analysis and verify connection integrity .
Introduction 1-4 1 Multiple S panning T ree Protocol (MSTP , IEEE 802.1s) – This protocol is a direct extension of RSTP . It can provide an inde pendent spann ing tree for dif ferent VLANs.
System Defaults 1-5 1 System Defaults The switch’s system default s are provided in the configurati on file “Factory_Default_Con fig.cfg.” To reset th e switch defaults , this file should be set as the startup config uration file (page 3-18). The following t able list s some of the basic system defaults.
Introduction 1-6 1 Port Config uration Admin Status Enabled Auto-negotiation Enabled Flow Cont rol Disabled Port Capability 1000BASE-T – 10 Mbps half duplex 10 Mbps full duplex 100 Mbps half du plex.
System Defaults 1-7 1 IP Settings IP Address 0.0.0.0 Subnet Mask 255.0.0. 0 Default Gateway 0.0.0.0 DHCP Client: Enabled BOOTP Disabled DNS Server Lookup Disabled Multicast Filtering IGMP Snooping Sno.
Introduction 1-8 1.
2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in net work management agent. The agent of fers a variety of management option s, including SNMP , RMON and a Web-ba sed interface.
Initial Configuration 2-2 2 • Enable port mirroring • Set broadcast storm cont rol on any port • Display syst em information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and co nfiguring the switch.
Basic Configuration 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a network connection, you must first config ure it with a valid IP address, subnet mask, and default g ateway usin g a console connection, DHCP or BOOTP protocol .
Initial Configuration 2-4 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names us ing the “usern ame” command, record them and put them in a safe place. Passwords can consist of up to 8 alphanumeric charact ers and are case sensitive.
Basic Configuration 2-5 2 Before you can assign an IP address to the swit ch, you must obtai n the following information fr om your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this ne twork T o assig n an IP address to the switch, comp lete the following steps: 1.
Initial Configuration 2-6 2 5. W ait a few minutes, and then check the IP configurati on settings by typing the “show ip interface” command. Pre ss <Enter>. 6. Then save your conf iguration change s by typing “copy running-config startup-con fig.
Basic Configuration 2-7 2 T o configu r e a community string, compl ete the following st eps: 1. From the Privileged Exe c level global config uration mode prompt, type “snmp-server community string mode ,” where “string” is the communi ty access string and “mode” is rw (read/wri te) or ro (read only).
Initial Configuration 2-8 2 2. Enter the name of the sta rt-up file. Press <En ter>. Managing System Files The switch’s flash memory suppo rts thre e types of system files that can be managed by the CLI program, We b interface, or SNMP .
3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP W eb agent. Using a W eb browser you can configure the switch and view statistics to monitor network activity . The Web agent can be accessed by any computer on the network usi ng a standard W eb browser (Internet Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access the we b-browser interface you must first ente r a user name and password. The administra tor has Read/Write acce ss to all configurati on parameters and stat istics. The defau lt user name and p assword for the administrator is “admin.
Navigating the Web Browser Inte rface 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down li st. Once a confi guration change has been made on a p age, be sure to click o n the “Apply” butt on to confirm the new setting.
Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent, you can define system p arameters, manage and control the s witch, and all its p orts, or monit or network conditi ons. The fol lowing table brie fly describes the selection s available from this program.
Navigating the Web Browser Inte rface 3-5 3 802.1x Port authentication 3-43 Information Displays global configu ration settings 3-44 Configuration Configures protocol parameters 3-46 Port Config urati.
Configuring the Switch 3-6 3 Address T able 3-88 Static Addresses Displays entries for interface, address or VLAN 3-88 Dynamic Addresses Displays or edits stat ic ent ries in the Address T able 3-89 A.
Navigating the Web Browser Inte rface 3-7 3 Protocol VLAN 3-123 Configuration Creates a protocol group, spec ifying the supported protocols 3-123 Port Config uration Maps a protocol group t o a VLAN 3.
Configuring the Switch 3-8 3 DNS 3-146 General Configuration Enables DNS; configures domain name and domain list; and specifies IP addre ss of name servers for dynamic lookup 3-146 Static Host Table C.
Basic Configuration 3-9 3 Basic Configuration Displaying System Information Y ou can easily identif y the system by displaying t he device name, locatio n and contact i nformation. Field Attributes • System Name – Name assigned to the swi tch system.
Configuring the Switch 3-10 3 CLI – S pecify the hostname, loca tion and cont act information. Displaying Switch Hardware/Software Versions Use the Switch Information p age to display hardware/firmware versi on numbers for the main board and management software, as well as the power status of the system.
Basic Configuration 3-11 3 • Redundant Power Statu s* – Displays the status of the redundant power supp ly. * CLI only . Management Sof tware • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code.
Configuring the Switch 3-12 3 Displaying Bridge Extension Capabilities The Bridge MIB includes ext ensions for managed devices that support Multicast Filtering, T raffic Cl asses, and V irtual LANs. Y ou can access these extens ions to display default sett ings for the key variables.
Basic Configuration 3-13 3 CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to confi gure an IP interface for management access over the network. The IP address for this switch is o btained vi a DHCP by default.
Configuring the Switch 3-14 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN thro ugh which the management st ation is attac hed, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gat eway , then click Apply .
Basic Configuration 3-15 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP serv ices, you can configure the switch to be dynamically con figured by these services. Web – Click Syste m, IP Configu ration. S pecify the VLAN to which th e management statio n is attached, set the IP Address Mode to DHCP or BOOTP .
Configuring the Switch 3-16 3 CLI – Enter the following command to rest art DHCP service. Managing Firmware Y ou can upload/download fi rmware to or from a TFTP server . By saving runtime code to a file on a TFTP server , that file can later be downloaded to the switch to restore operation.
Basic Configuration 3-17 3 If you download to a new destination f ile, then select the file from t he drop-down box for the operat ion code used a t startup, and click Appl y Changes. T o start the new firmware, reboot the system via th e System/Reset menu.
Configuring the Switch 3-18 3 Downloading Configuration Set tings from a Server Y ou can download the confi guration file under a new fi le name and then set it as the startup fi le, or you can specify the current st artup configurati on file as the destination file to directly replace it.
Basic Configuration 3-19 3 If you downloa d the start up configuration fil e under a new file name, you can set thi s file as the st artup file at a late r time, and then rest art the switch.
Configuring the Switch 3-20 3 • RAM Level – Limits log messages sav ed to the switch’s temp orary RAM memory for all levels up to the specified level. Fo r example, if level 7 is specified, all messages from level 0 to level 7 will be logged t o RAM.
Basic Configuration 3-21 3 • Logging Trap – Limits log messages that are sent to the re mote syslog server for all levels up to the spe cified level. For example, if level 3 is specified, all mess ages from level 0 to level 3 will be sent to the remote server.
Configuring the Switch 3-22 3 CLI – Enter the syslog server host IP address, choos e the facility type and set the logging tr ap. Displaying Log Messages Use the Logs page to scro ll through the logged system and event messages . The switch can store up t o 2048 log entri es in temporary random access memory (RAM; i.
Basic Configuration 3-23 3 CLI – This example shows that syste m logging is enabled, th e message level for flash memory is “errors” (i .e., default level 3 - 0), the message lev el for RAM is “debugging” (i.e. , default level 7 - 0), and li sts one sample error .
Configuring the Switch 3-24 3 Web – Click System, Log, SMTP . Enable SMTP , specify a source email add ress, and select the minimum sev erity level. T o add an IP address to the SMTP Server List, type the new IP address in th e SMTP Server field and click Add.
Basic Configuration 3-25 3 CLI – Enter the IP address of at least one SMTP server , set the syslog severity level to trigger an emai l message, and spe cify the switch (s ource) and up to fiv e recipient (destination) e mail addresses. Enable SMTP with the logging sendmail command to complete t he configuration.
Configuring the Switch 3-26 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allo ws the switch to set its internal clo ck based on periodic upda tes from a time server (SNTP or NTP). Mainta ining an accurate time on the switch enables the system lo g to record meaningful dates and times for event entries .
Basic Configuration 3-27 3 CLI – This example configures the switch to operate as an SNTP client and then displays the current time and set tings. Setting the Time Zone SNTP uses Coordinated Universal T ime (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Eart h’s prime merid ian, zero degrees longitude.
Configuring the Switch 3-28 3 CLI - This example shows how to set the time zone for the system clock. Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication proto col designed specifi cally for managing devices on a network.
Simple Network Manag ement Protocol 3-29 3 Web – Click SNMP , Configuratio n. Add new communi ty strings as required, select the access right s from the Access Mode drop-down list , then click Add. Figure 3-1 9. Configur ing SNMP Community St rings CLI – The following example adds the st ring “spiderman” with read/write access.
Configuring the Switch 3-30 3 Web – Click SNMP , Configuration. Fill in the IP address and commun ity string for each trap manager that will receive these messages, specify t he SNMP version, mark the trap t ypes required, an d then click Add. Figure 3-20.
User Authentication 3-31 3 Command Attributes • User Name* – The name of the user. (Maximum length: 8 chara cters) • Access Level* – Specifi es the user level. (Options: Normal and Privileged) • Password – Specifies the user password. (Range: 0-8 characters plain text, case sensitive) * CLI only .
Configuring the Switch 3-32 3 RADIUS uses UDP while T ACACS+ uses TCP . UDP only offers best ef fort delivery , while TCP offers a connect ion-oriented transport. Also, not e that RADIUS encrypts only the pass word in the access-req uest packet from the cl ient to the server , while T ACACS+ encrypts the entire body of the packet.
User Authentication 3-33 3 Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI. (See “username” on page 4-26. ) Web – Click Security , Authent ication Setti ngs. T o configure local or re mote authenticati on preferences, specify the authent ication sequence (i.
Configuring the Switch 3-34 3 CLI – S pecify all the required p arameters to enable logon authenticati on. Configuring HTTPS Y ou can configure the switch t o enable the Secure Hypertext T ransfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.
User Authentication 3-35 3 • The following web browsers and oper ating systems current ly support HTTPS: • To specify a secure-site certifi cate, see “Replacing the Defa ult Secure-site Certificate” on page 3-35. Command Attributes • HTTPS Status – Allows you to enabl e/disable the HTTPS s erver feature on the switch.
Configuring the Switch 3-36 3 Caution: For maximum security, we recommend you obtain a unique Secure Sockets Layer certificate at the earliest o pportunity. This is because the default certificate for the switch is not unique to the hardwar e you have purchased.
User Authentication 3-37 3 T o use the SSH server , complete these steps : 1. Generate a Host Key Pair – On the SSH Host Key Settings page, cre ate a host public/private key pai r . 2. Provide Host Public Ke y to Clients – Many SSH client programs a utomatically import the host publi c key during the initial connec tion setup with the swit ch.
Configuring the Switch 3-38 3 e. The switch comp ares the decrypted b ytes to the orig inal bytes it sent . If the two sets match, this means that th e client's priva te key correspond s to an authorized p ublic key , and the c lient is authen ticated.
User Authentication 3-39 3 Web – Click Security , SSH Host-Key Settings. Select the host- key type from the drop-down box, select the optio n to save the host key from memory to flash (if required) prior t o generating the key , and then click Generat e.
Configuring the Switch 3-40 3 Configuring the SSH Server The SSH server incl udes basic se ttings for authenticati on. Field Attributes • SSH Server St atus – Allows you to enable/disable the SSH serve r on the switch. (Default: Disa bled) • Version – The Secure Shell vers ion number.
User Authentication 3-41 3 CLI – This exampl e enables SSH, se ts the authentication p arameters, and displays the current configuration. It shows that the administrator has made a conne ction via SHH, and then disables th is connection.
Configuring the Switch 3-42 3 • If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Confi guration page (page 3-67). Command Attributes • Port – Port number. • Name – Descriptive text (page 4-126).
User Authentication 3-43 3 CLI – This example select s the target port , sets the port securit y action to send a trap and disable the port , specifies a maximum address coun t, and then enables port security for the port.
Configuring the Switch 3-44 3 The operation of 802.1x on th e switch requires the following: • The switch must have an IP addre ss assigned. • RADIUS authentic ation must be enabled on th e switch and the IP address of the RADIUS server specified.
User Authentication 3-45 3 Web – Click Security , 802.1x, Information. Figure 3-26. 802 .1x In formation CLI – This example sh ows the default pr otocol settings for 802 .1x. For a description of the additiona l entries displayed in t he CLI, See “show dot1x” on p age 4-83.
Configuring the Switch 3-46 3 Configuring 802.1x Glob al Settings The dot1x protocol includes glo bal paramet ers that control the client authe ntication process that run s between the cl ient and the switch (i.e., authenticator), as well a s the client identit y lookup process that runs between the switch and authentic ation server .
User Authentication 3-47 3 Web – Select Security , 802.1x, Configuratio n. Enable dot 1x globally f or the switch, modify any of the p arameters required, and then click Apply . Figure 3-27. 802.1X Configuration CLI – This enables re-authentication and sets all of the global parame ters for 802.
Configuring the Switch 3-48 3 • Authorized – - Yes – Connected client is authorized. - No – Connected c lient is not authorized. - Blank – Displays nothing when dot1x is disable d on a port. • Supplicant – Indicates the MAC address of a connected clien t.
User Authentication 3-49 3 Web – Select Security , 802.1x, S tatisti cs. Select the requ ired port and then click Query . Click Refresh to update the st atistics. Figure 3-29. 802.1x Port Statis tics Rx EAP Resp/Oth The number of valid EAP Res ponse frames (other than Re sp/Id frames) that have be en received by this Authenticator .
Configuring the Switch 3-50 3 CLI – This example displays the 802.1x st atistics for port 4. Filtering IP Addresses for Management Access Y ou can create a list of up to 16 IP addre sses or IP address grou ps that are al lowed management access to the switch t hrough the web i nterface, SNMP , or T elnet.
User Authentication 3-51 3 Web – Click Security , IP Filter . Enter the addresses that are allowed management access to an interface, and click Add IP Filt ering Entry . Figure 3-30. IP Filter CLI – This example allows SNMP access for a specific cli ent.
Configuring the Switch 3-52 3 Access Control Lists Access Control List s (ACL) provide packet fi ltering for IP frames (based on address, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type).
Access Control Li sts 3-53 3 Setting the ACL Name and Type Use the ACL Configuration p age to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 charac ters) • Type – There are three filtering modes: - Standard: IP ACL mode that fil ters packets based on the source IP a ddress.
Configuring the Switch 3-54 3 The mask is bitwise ANDed with the spec i fied source IP address, and compared with the address for each IP packet enteri ng the port(s) to which this ACL has been assigned. Web – S pecify the action (i .e., Permit or Deny).
Access Control Li sts 3-55 3 Configuring an Extended I P ACL Command Attributes • Action – An ACL can contain either all permit rules or all deny rule s.
Configuring the Switch 3-56 3 Web – S pecify the action (i .e., Permit or Deny). S pecify the source and/or destination addre sses. Select the address type (Any , Host, or IP). If you select “Host,” enter a specific addre ss. If you select “IP ,” enter a subnet address and the mask for an address range.
Access Control Li sts 3-57 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) • Source/Destination MAC – Us e .
Configuring the Switch 3-58 3 Web – S pecify the action (i .e., Permit or Deny). S pecify the source and/or destination addre sses. Select the address type (Any , Host, or MAC). If you select “Host,” enter a specif ic address (e.g., 1 1-22-33-44-55-66).
Access Control Li sts 3-59 3 Configuring ACL Masks Y ou can specify opti onal masks that co ntrol the order i n which ACL rules are checked. The switch includes two system defaul t masks that pass/filter pa ckets matching the permit/den y rules specified in an ingress ACL.
Configuring the Switch 3-60 3 Configuring an I P ACL Mask This mask define s the fields to check in the IP header . Command Usage • Masks that include an ent ry for a Layer 4 protocol source port or destina tion port can only be a pplied to packets with a header length of exactly fi ve bytes.
Access Control Li sts 3-61 3 Web – Configure the mask to match the requir ed rules in th e IP ingress or egress ACLs. Set the mask to check for any source or desti nation address, a specific hos t address, or an address range. Include ot her cr iteria to sea rch for in the rules, such as a protocol type or on e of the service types.
Configuring the Switch 3-62 3 Configuring a MAC ACL Mask This mask define s the fields to check in the packet header . Command Usage Y ou must configure a mask for an ACL rule bef ore you can bind it to a port.
Access Control Li sts 3-63 3 CLI – This example shows how to create an Ingress MAC ACL a nd bind it to a port. You can then see that the order of th e rules have been changed b y the mask.
Configuring the Switch 3-64 3 Web – Click Security , ACL, Port Bi nding. Mark the Enable field for t he port you want to bind to an ACL for ingre ss or egress traffi c, select the require d ACL from the drop-down list, then cli ck Apply . Figure 3-38.
Port Configuration 3-65 3 • Forced Mode 1 – Shows the forced/preferre d port type to use for combination ports 21-24 or 45-48. (Copper-Forced, Copper-Preferred-Auto, SFP- Forced, SFP-Preferred-Auto ) • Trunk Member 1 – Shows if port is a trunk member.
Configuring the Switch 3-66 3 • Broadcast storm – Shows if broadcast storm cont rol is enabled or disabled. • Broadcast storm limit – Shows t he broadcast storm threshold. (500 - 262143 packets per second) • Flow control – Shows if flow control is enabled or disabl ed.
Port Configuration 3-67 3 Configuring Interface Connections Y ou can use the Port Conf iguration or T runk Configuration p age to enable/disable an interface, set aut o-negotiation and the interface cap abilities to advertise, or manuall y fix the speed, duplex mode, and flow control.
Configuring the Switch 3-68 3 • Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups” on page 3-69. Note: Auto-negotiation must be disabled before y ou can configure o r force the interface to use the Speed/Duplex Mode or Flow Control options.
Port Configuration 3-69 3 Creating Trunk Groups Y ou can create multiple li nks between devices that work as one virt ual, aggregate link. A port trun k offe rs a dramatic incre ase in bandwidth for network segment s where bottlenecks exist , as well as providing a fault- tolerant link between two devices.
Configuring the Switch 3-70 3 Statically Configuring a Trunk Command Usage • When configurin g static trunks, you may not be able to link switches of different types, depending on t he manufactu rer’s implementatio n. However, note that the static trunks on thi s switch are Ci sco EtherChannel compatible.
Port Configuration 3-71 3 CLI – This example creates trunk 2 with ports 1 and 2. Just connect t hese ports to two stati c trunk port s on another switch to form a tru nk.
Configuring the Switch 3-72 3 Web – Click Port, L ACP , Configuration. Select any of the swi tch ports from the scroll-down port list and cl ick Add. After you have compl eted adding port s to the member list, click Apply . Figure 3-42. LAC P Trunk Configu ration CLI – The followi ng example enables LACP for ports 1 to 6.
Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must meet the foll owing criteria: • Ports must have the same LACP Sy stem Priority. • Ports must have the same L ACP port Admin Key .
Configuring the Switch 3-74 3 Web – Click Port, L ACP , Aggregation Port. Set t he System Priority , Admin Key , and Port Priority for the Port Actor .
Port Configuration 3-75 3 CLI – The following example configures LACP p arameters for ports 1-6. Ports 1-4 are used as act ive members of t he LAG; ports 5 and 6 are set to backup mo de.
Configuring the Switch 3-76 3 Displaying LACP Port Counters Y ou can display st atistics for LACP protocol mess ages. Web – Click Port, LACP , Port Counters Information .
Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side Y ou can display configurat ion settings and the operati onal stat e for the local side of an link aggrega tion. Table 3-7. LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port.
Configuring the Switch 3-78 3 Web – Click Port, LACP , Port Internal Informa tion. Select a port channel to display the corresponding info rmation. Figure 3-45. LACP - P ort Internal Information CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the local side of port channel 1.
Port Configuration 3-79 3 Displaying LACP Set tings an d Status for the Remote Side Y ou can display configurat ion settings and the operati onal state for th e remote side of an link aggregat ion. Web – Click Port, L ACP , Port Neighbors In formation.
Configuring the Switch 3-80 3 CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the remote side of port channel 1.
Port Configuration 3-81 3 Web – Click Port, Port/T runk Broadcast Control. Check the Enabled box for any interface, set th e threshold and click Apply . Figure 3-47. Port Broadcast Control CLI – S pecify any interface, and then enter th e threshold.
Configuring the Switch 3-82 3 Configuring Port Mirroring Y ou can mirror traf fic from any source port to a target port for real-time analy sis. Y ou can the n attach a logic analy zer or RMON probe t o the target port and study the traff ic crossing the source port in a completely unobt rusive manner .
Port Configuration 3-83 3 Configuring Rate Limits This function allows th e network manager to cont rol the maximum rate for traf fic transmitted or received on an i nterface. Rate limiting is configured on int erfaces at the edge of a network to limi t traffic comi ng out of the switch.
Configuring the Switch 3-84 3 Showing Port Statistics Y ou can display st andard stat istics on network traf fic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed b r eakdown of traf fic based on the RMON MIB. Interfaces and Et hernet-like st atistics display errors on the traffic p assing through each port .
Port Configuration 3-85 3 Tr ansmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitt ed. One possible reason for discarding such a packet could be to free up buffer space .
Configuring the Switch 3-86 3 Received Frames The total number of fra mes (bad, broa dcast and multicas t) received. Broadcast Frames The total number of good fr ames received that were direct ed to the broadcast addres s. Note that t his does not inc lude multicast packe ts.
Port Configuration 3-87 3 Web – Click Port, Port S tatistics. Select t he required interfa ce, and click Query . Y ou can also use the Refresh butt on at the bottom of the p age to update the screen.
Configuring the Switch 3-88 3 CLI – This example shows stat istics for port 13. Address Table Settings Switches store th e addresses for all known devices. This information is used t o pass traff ic directly between the inboun d and outbound port s.
Address T able Settings 3-89 3 Web – Click Address T able, S tatic Addresses. S pecify the interface, the MAC address and VLAN, then click Add S tatic Address.
Configuring the Switch 3-90 3 Web – Click Address T able, Dynamic Add resses. S pecify the search type (i. e., mark the Interfac e, MAC Address, or VLAN checkbox), select t he method of sorting the displayed addresses, and then click Query . Figure 3-52.
Spanning Tree Algorithm Configuration 3-91 3 Changing the Aging Time Y ou can set the aging ti me for entries in the dynamic add ress table. Command Attributes • Aging Status – Enables or disables the aging time. • Aging Time – The time after which a learned entry is di scarded.
Configuring the Switch 3-92 3 Once a st able network top ology has been e stablishe d, all bridges listen for He llo BPDUs (Bridge Protocol Data Unit s) transm itted from the Root Bridg e. If a bridge does not get a Hello BPDU af ter a predefined interval (Maximum Age), t he bridge assumes that the link to the Root Bridge is down.
Spanning Tree Algorithm Configuration 3-93 3 • Hello Time – Interval (in seconds) at which the root device transmits a configuration messa ge. • Forward Delay – The maximum time (in s econds) the root device will wa it before changing states (i.
Configuring the Switch 3-94 3 information that would mak e it return to a discarding st ate; otherwi se, temporary data loops mi ght result. • Root Hold Time – The interval (in seconds) duri ng which no more than two brid ge configurati on protocol data units shall be transmitted by this node .
Spanning Tree Algorithm Configuration 3-95 3 CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network. Configuring Global Settings Global setti ngs apply to t he entire swi tch.
Configuring the Switch 3-96 3 • Multiple Spanni ng Tree Protocol - To allow multiple spa nning trees to op erate over the ne twork, you must configu r e a related set of bridges with the same MSTP configuration, al lowing them to participate in a speci fic set of spanning tree inst ances.
Spanning Tree Algorithm Configuration 3-97 3 • Forward Delay – The maximum time (in seconds) t his device will wait before changing states (i. e., discarding to learning t o forwarding). This delay is required because every device must re ceive information about topology changes before i t starts to forward frames.
Configuring the Switch 3-98 3 Web – Click S panning T ree, ST A, Configuration. Modify the required attr ibutes, and click Apply . Figure 3 -55. STA Configurat ion.
Spanning Tree Algorithm Configuration 3-99 3 CLI – This example enables S panning T ree Protocol, sets the mode to MST , and then configures the ST A and MSTP parameters . Displaying Interface Settings The ST A Port Information and ST A Trunk Info rmation pag es display the current status of ports an d trunks in the S panning T ree.
Configuring the Switch 3-100 3 • Oper Link Type – The operational point-to-point statu s of the LAN segment attached to this i nterface. This parameter is det ermined by manual confi guration or by auto-detecti on, as described for Admin Link Type in STA Port Configurat ion on page 3-102.
Spanning Tree Algorithm Configuration 3-101 3 • Priority – Defines the priority used for this port in t he Spanning Tree Algorithm. If the path cost fo r all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an activ e link in the Spanning Tree.
Configuring the Switch 3-102 3 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP and MSTP attribute s for specific interface s, including port priority , path cost, link typ e, and edge port.
Spanning Tree Algorithm Configuration 3-103 3 Protocol is detecting network l oops. Where more than one port is assig ned the highest priority, the port with lowest numeri c identifier wil l be enabled. • Default: 128 • Range: 0-240, in steps of 16 • Path Cost – This parameter is used by the STP to determine the best path between devices.
Configuring the Switch 3-104 3 Web – Click S panning T ree, ST A, Port Configuration or T runk Configuration. Modify the required attributes, then click Apply . Figure 3-57. STA Port Configuration CLI – This example sets ST A attributes for port 7.
Spanning Tree Algorithm Configuration 3-105 3 T o ensure th at the MSTI maintain s connectivity across the network, you mu st configure a related set of bridges with the same MSTI settings. Command Attributes • MST Instance – Instance ident ifier of this span ning tree.
Configuring the Switch 3-106 3 CLI – This displays ST A settings for insta nce 1, followed by settings fo r each port. CLI – This example set s the priority for MSTI 1, and adds VLANs 1-5 to t his MSTI.
Spanning Tree Algorithm Configuration 3-107 3 Displaying Interface Settings for MSTP The MSTP Port Informati on and MSTP T runk Informa tion pages dis play the current status of ports and trunks in the selected MST instance . Field Attributes • MST Instance ID – Instance identif ier to configure.
Configuring the Switch 3-108 3 Configuring Interface Settings for MSTP Y ou can configure the ST A interface settings for an MST Inst ance using the MSTP Port Configuration and MSTP T runk Configuration page s.
Spanning Tree Algorithm Configuration 3-109 3 • MST Path Cost – This pa rameter is used by t he MSTP to det ermine the best pa th between devices. Theref ore, lower valu es should be assigned t o ports attached t o faster media, and higher valu es assigned to ports with slower media.
Configuring the Switch 3-110 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to iso late broadcast traf fic for each subnet into separate d omains. This switch provides a similar servic e at Layer 2 by usi ng VLANs to organize any group of network nod es into separate broadcast domains.
VLAN Configuration 3-111 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN- unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tag ging.
Configuring the Switch 3-112 3 these host s, and core switches in the network, enable GVRP on the links between these devices. Y ou should also determine securit y boundaries in the network an d disable GVRP on the boundary port s to prevent advertisements from being propagated , or forbid those ports from jo ining restricted VLANs.
VLAN Configuration 3-113 3 Enabling or Disab ling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defin es a way for switches to exchange VLAN information in order to registe r VLAN members on ports across the net work.
Configuring the Switch 3-114 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current T able shows t he current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assign ed to a large VLAN group that crosses several switches should use VLAN tagging .
VLAN Configuration 3-115 3 Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no lea ding zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatic ally learned via GVRP. - Static : Added as a static en try.
Configuring the Switch 3-116 3 Web – Click VLAN, 80 2.1Q VLAN, S tatic List. T o create a new VLAN, enter t he VLAN ID and VLAN name, mark the Enable checkbox to activa te the VLAN, and then click Add. Figure 3-64. VLAN Stat ic List - Creating VLANs CLI – This example creates a new VLAN.
VLAN Configuration 3-117 3 Command Attributes • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Name – Name of the VLAN (1 to 32 charac ters). • Status – Enables or disables the specif ied VLAN. - Enable : VLAN is operationa l.
Configuring the Switch 3-118 3 CLI – The following example add s tagged and unt agged port s to VLAN 2. Adding Static Members to VLANs (Port Index) Use the VLAN S tatic Membership by Port menu to assign VLAN groups to the selected interfa ce as a tagged member .
VLAN Configuration 3-119 3 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavi or for specific in terfaces, incl uding the defaul t VLAN identifier (PVID), acce pted frame types, in gress filtering, GVRP statu s, and GARP timers.
Configuring the Switch 3-120 3 or LeaveAll message has been issued , the applicants can rejo in before the port actually lea ves the group. (Range: 60-3000 centiseconds; Defa ult: 60) • GARP LeaveAll Timer * – The interval between sending o ut a LeaveAll query message for VLAN group partic ipants and the port leav ing the group.
VLAN Configuration 3-121 3 CLI – This exampl e sets port 3 to accept only tagged fra mes, assigns PVID 3 as the native VLAN ID, enabl es GVRP , sets the GARP timers, and then sets t he switchport mode to hybrid. Configuring Private VLANs Private VLANs provide port-based security and isolation b etween ports within the assigned VLAN.
Configuring the Switch 3-122 3 Configuring Uplink an d Downlink Ports Use the Private VLAN Link S tatus p age to set ports as down link or uplink port s. Ports designat ed as downlink port s can not communicate with any other ports on t he switch except for the up link ports.
VLAN Configuration 3-123 3 Configuring Protocol Groups Create a protocol group for one or more protocols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this protocol.
Configuring the Switch 3-124 3 - If the frame is untagged and t he protocol type matches, the frame is forwarded to the appropriate VLAN. - If the frame is untagged but the protoco l type does not match, the fr ame is forwarded to the de fault VLAN for thi s interface.
Class of Service Conf iguration 3-125 3 Class of Service Configuration Class of Service (CoS) al lows you to spe cify which dat a packet s have greater precedence when traf fic is buffered in th e switch due to congesti on. This switch supports Co S with eight priorit y queues for each port.
Configuring the Switch 3-126 3 Web – Click Priority , Default Port Priority or Defau lt T runk Priority . Modify the default priority for an y interface, then c lick Apply . Figure 3-72. Default Port Priority CLI – This example assigns a defau lt priority of 5 to port 3.
Class of Service Conf iguration 3-127 3 Mapping CoS Values to Egress Que ues This switch processe s Class of Service (CoS) priority t agged traffic by usin g eight priority queues for each port, wit h service schedules based on strict or W eighted Round Robin (WRR).
Configuring the Switch 3-128 3 Web – Click Priori ty , T raffic Classes. Mark an interface and click Select t o display the current mapping of Co S values to output queues . Assign prioriti es to the traf fic classes (i. e., output q ueues) for the se lected interfa ce, then click Apply .
Class of Service Conf iguration 3-129 3 Selecting the Queue Mode Y ou can set the switch to service t he queues based on a strict rule that requi res all traff ic in a high er priority queue to be processed before lower priority queues are serviced, or use W eighted Round-Robin (WRR) queuing that specifies a relat ive weight of each queue.
Configuring the Switch 3-130 3 Web – Click Priority , Queue Scheduling. Select the in terface, highlight a tr affic class (i.e., outp ut queue), enter a weight, then click Apply . Figure 3-75. Queue Scheduling CLI – The following example sho ws how to assign WRR weight s to each of the priority queues.
Class of Service Conf iguration 3-131 3 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizi ng layer 3/4 traf fic to meet application requi rements.
Configuring the Switch 3-132 3 Mapping IP Precedence The T ype of Service (T oS) octet in the IPv4 header includes thre e precedence bits defining eight di fferent priority levels rangi ng fro m highest priori ty for network control packet s to lowest priority for routine traffi c.
Class of Service Conf iguration 3-133 3 CLI – The f ollowing example globally enables IP Preced ence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and t hen displays the IP Precedence settings.
Configuring the Switch 3-134 3 Web – Click Priority , IP DSCP Priority . Select an entry from the DSCP table, enter a value in the Class of Service V alue field, then cl ick Apply .
Class of Service Conf iguration 3-135 3 Mapping IP Port Priority Y ou can also map network applicat ions to Class of Service values based on the IP port number (i.e., TCP/UDP port numbe r) in the frame header . Some of the more common TCP service port s include: HTTP: 80, FTP: 21, T elnet: 23 and POP3: 1 10.
Configuring the Switch 3-136 3 CLI – The following example global ly enables IP Port Priority service on the switch, maps HTTP traf fic on port 5 to CoS value 0, and then displays the IP Port Priority settings for t hat port.
Class of Service Conf iguration 3-137 3 Web – Click Priority , ACL CoS Priority . Enable mapping for any port, select an ACL from the scroll -down list, then click Ap ply . Figure 3-8 1. ACL CoS Priori ty CLI – This example assigns a CoS value of zero to p ackets mat ching rules within the specified ACL on port 24.
Configuring the Switch 3-138 3 Command Attributes • Port – Port identifier. •N a m e * – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Precedence value. (Range: 0-7 ) • DSCP – Differentiated Services Code Point value.
Multicast Filtering 3-139 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconf erencing or streaming audio. A multicast server doe s not have to est ablish a sep arate connection with each client.
Configuring the Switch 3-140 3 Configuring IGMP Sn ooping and Query P arameters Y ou can configure the switch to forward mul ticast traff ic intelligently . Based on the IGMP query and report messages, th e switch forwards traf fic only to the ports that request multicast tr affic.
Multicast Filtering 3-141 3 Web – Click IGMP Snooping, IGMP Configu ration. Adjust the IGMP settings as required, and then clic k Apply . (The default settings are shown below .) Figure 3-83 . IGMP Conf iguration CLI – This exampl e modifies the se ttings for multica st filtering, and then displays the current st atus.
Configuring the Switch 3-142 3 Displaying Interfaces Attached to a Multic ast Router Multicast routers th at are attached to port s on the switch use information obt ained from IGMP , along with a multicast routing prot ocol such as DVMRP or PIM, to support IP multicasti ng across the Internet.
Multicast Filtering 3-143 3 Specifying Static Interfaces for a Multicast Router Depending on your ne twork connections, IGMP snooping may not always be able to locate the IGMP qu erier .
Configuring the Switch 3-144 3 Displaying Port Members of Multicast Se rvices Y ou can display the port members associat ed with a specified VLAN and multica st service. Command Attribute • VLAN ID – Selects the VLAN for which to display port members.
Multicast Filtering 3-145 3 Assigning Ports to Multicast Services Multicast f iltering can be dynamically configured using IGMP Sn ooping and IGMP Query messages as described in “Conf iguring IGMP Sn ooping and Query Parameters” on page 3 -140.
Configuring the Switch 3-146 3 Configuring Domain Name Service The Domain Naming System (DNS) service on thi s switch allows host names to be mapped to IP addresses using st atic table entries or by redirectio n to other name servers on the network.
Configuring Domain Nam e Service 3-147 3 Web – Select DNS, General Configuration. Set the def ault domain name or list of domain names, s pecify one or more name servers to us e to use for address resolution, enable domai n lookup stat us, and click Apply .
Configuring the Switch 3-148 3 Configuring Static DNS Host to Address Entries Y ou can manually configure st atic entries in the DNS table that are use d to map domain names to IP addresses.
Configuring Domain Nam e Service 3-149 3 Web – Select DNS, S tatic Host T able. Enter a host n ame and one or more corresponding addresse s, then click Apply . Figure 3-89. DNS Static Host Table CLI - This example maps two addre ss to a host name, and then confi gures an alias host name for the same addresses.
Configuring the Switch 3-150 3 Displaying the DNS Cache Y ou can display entries in th e DNS cache that have been learned via th e designated name servers. Field Attributes •N o – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefo re unreliable.
Configuring Domain Nam e Service 3-151 3 CLI - This example displays all the resour ce records learned from the desig nated name servers. Console#show dns cache 4-123 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.46.134.222 51 www.microsoft.akadns.net 1 4 CNAME 207.
Configuring the Switch 3-152 3.
4-1 Chapter 4: Command Line Interface This chapter descri bes how to use t he Command Line Int erface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interface.
Command Line Interfa ce 4-2 4 T o access the swit ch through a T elnet session, you must first set the IP address for the switch, and set the defa ult gateway if you are managin g the switch from a different IP subnet.
Entering Commands 4-3 4 Entering Commands This section describes how to ent er CLI commands. Keywords and Arguments A CLI command is a series of keywords and argument s.
Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will displa y the first level of keywords for the current command class (Normal Exec or Privil eged Exec) or configuration class (Global, ACL, I nterface, Line, VLAN Database, or MSTP).
Entering Commands 4-5 4 Partial Keyword Lookup If you terminat e a parti al keyword with a question mark, al ternatives that match the initial letters are provi ded. (Remember not to leave a space between th e command and question mark.) For exampl e “ s? ” shows all the keywords sta rting with “s.
Command Line Interfa ce 4-6 4 Understanding Command Modes The command set is divided int o Exec and Configurati on classes. Exec commands generally display in formation on system st atus or clear statistic al counters. Configuration comman ds, on the other hand, modi fy interface p arameters or enable certai n switching functions.
Entering Commands 4-7 4 Configuration Commands Configuration c ommands are privileg ed level commands used to modif y switch settings. These commands modify th e running configu ration only an d are not saved when the switch is rebooted.
Command Line Interfa ce 4-8 4 T o ente r the other modes, at the confi guration prompt type one of t he following commands. Use the exit or end command to return to the Privi leged Exec mode. For example, you can use the following commands to enter interface confi guration mode, and then return to Priv ileged Exec mode Table 4-2.
Entering Commands 4-9 4 Command Line Processing Commands are not case sensitive . Y ou can abbreviate commands and p arameters as long as t hey conta in enough lett ers to dif ferentiate them from any other currently available comman ds or p arameters.
Command Line Interfa ce 4-10 4 Command Groups The system commands can be broken down into the functional group s shown below . Table 4-4. Command Group Index Command Group Description Page Line Sets c.
Line Comma nds 4-11 4 The access mode shown in the followi ng tables is in dicated by these abbreviat ions: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) G.
Command Line Interfa ce 4-12 4 line This command identif ies a specific li ne for configuration, and t o process subsequent line configu ration commands. Syntax line { console | vty } • console - Console termina l line. • vty - Virtual terminal for remot e console access (i.
Line Comma nds 4-13 4 Command Usage • There are three authent ication modes provided by the swit ch itself at login : - login selects authentication by a single global password as speci fied by the password line configuratio n command. When using this method, the management interface start s in Normal Exec (NE) mode.
Command Line Interfa ce 4-14 4 number of times a user can e nter an incorrec t password b efore the sys tem terminates the line connecti on and returns t he terminal to the idle st ate. • The encrypted password is required for compat ibility with legacy pass word settings (i.
Line Comma nds 4-15 4 password-thresh This command sets th e password intrusion threshold which limit s the number of failed logo n attempts. Use the no form to remove the threshold val ue. Syntax p assword-thresh [ threshol d ] no password-thresh threshold - The number of allowed password attempts.
Command Line Interfa ce 4-16 4 Example T o set t he silent time to 60 seconds , enter this command: Related Commands password-thresh (4-15) databits This command sets th e number of data bit s per character that are interpreted and generated by the console port.
Line Comma nds 4-17 4 parity This command defi nes the genera tion of a p arity bit. Use the no form to restore the default setti ng. Syntax pa ri t y { none | even | odd } no parity • none - No par.
Command Line Interfa ce 4-18 4 Command Usage Set the speed to match the baud rate of the device conn ected to the serial port. Some baud rates available on devi ces connected to the port might not b e supported. The system indica tes i f the speed you select ed is no t supported.
Line Comma nds 4-19 4 Command Usage S pecifying session identifie r “0” will disconnect the console connection. S pecifying any other i dentifiers fo r an active session will d isconnect an SSH o r T elnet conn ection. Example Related Commands show ssh (4-41) show users (4-61) show line This command displays the te rminal line’ s parameters.
Command Line Interfa ce 4-20 4 General Commands enable This command activates Pri vileged Exec mode. In privileged mode , additional commands are avail able, and cert ain commands display addi tional informati on. See “Understandin g Command Modes” on page 4-6.
General Comma nds 4-21 4 Example Related Commands disable (4-21) enable password (4-27) disable This command returns to Normal Exec mode f rom privileged mod e. In normal access mode, you can only d isplay basic informatio n on the switch's configura tion or Ethernet st atistics.
Command Line Interfa ce 4-22 4 Related Commands end (4-23) show hist ory This command shows the content s of the co mmand history buf fer . Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The history buf fer size is fixed at 10 Execu tion commands and 10 Configuration commands.
General Comma nds 4-23 4 Command Mode Privileged Exec Command Usage This command resets the en tire system. Example This example shows how to reset the switc h: end This command returns to Privileged Ex ec mode.
Command Line Interfa ce 4-24 4 quit This command exit s the configuration program. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The quit and exit commands can both exit the configuratio n program.
System Management Commands 4-25 4 Device Designation Commands prompt This command customi zes the CLI promp t. Use the no form to restore the default prompt.
Command Line Interfa ce 4-26 4 Example User Access Commands The basic commands required fo r management access are li sted in this section. This switch also includes other options for pa ssword checki.
System Management Commands 4-27 4 Command Mode Global Configurat ion Command Usage The encrypted p assword is required for compat ibility wit h legacy pas sword settings (i.e., pl ain text or encrypted) wh en reading the configu ration file during system bootup or when d ownloading the conf iguration file from a TFTP server .
Command Line Interfa ce 4-28 4 Example Related Commands enable (4-20) IP Filter Commands management This command specif ies the cli ent IP addresses that are all owed management access to the switch through vario us protocols. Use th e no form to restore the default setti ng.
System Management Commands 4-29 4 • When entering addresses for the same group (i. e., SNMP, Web or Telnet), the switch will not accept ove rlapping address ra nges. When entering addresses for different groups, the switch will accept overlapping address range s.
Command Line Interfa ce 4-30 4 Web Server Commands ip http port This command specifies the TCP port number used by t he Web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface.
System Management Commands 4-31 4 Example Related Commands ip http port (4 -30) ip http secure-server This command enables the secure hype rtext transfer protoco l (HTTPS) over the Secure Socket Layer (SSL), providing se cure access (i.e., an encrypt ed connection) to the switch’ s Web interface.
Command Line Interfa ce 4-32 4 Example Related Commands ip http secure-port (4 -32) copy tf tp https-certificate (4-63) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’ s Web interface. Use the no form to restore the def ault port.
System Management Commands 4-33 4 Telnet Server Commands ip telnet port This command specifi es the TCP port number used by the T elnet interface. Use the no form to use the default port . Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface.
Command Line Interfa ce 4-34 4 Related Commands ip telnet port (4 -33) Secure Shell Commands The Berkley-st andard includes remote acces s tools originally desi gned for Unix systems. Some of these tool s have also been implemented for Micros oft Windows and other envi ronments.
System Management Commands 4-35 4 The SSH server on this switch suppo rts both p assword and publi c key authenticati on. If p assword authenticat ion is specif ied by the SSH client, then the passwor.
Command Line Interfa ce 4-36 4 corresponding t o the publ ic keys stored o n the switch ca n gain access. The following exch anges take place during thi s process: a. The client sends it s public key to the switc h. b. The switch compar es the client's public key to th ose stored in memory .
System Management Commands 4-37 4 ip ssh timeout Use this command to configur e the timeout for the SSH server . Use the no form to restore the default sett ing. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation.
Command Line Interfa ce 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key size Use this command to set the SSH serv er key size. Use the no form to restor e the default setti ng. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server k ey .
System Management Commands 4-39 4 Example ip ssh crypto host-key generate Use this command to generate the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) ke y type.
Command Line Interfa ce 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from vol atile memory (RAM). Use the no ip ssh save host-key command to clear the host key from f lash memory. • The SSH server must be disabl ed before you can execute thi s command.
System Management Commands 4-41 4 Example show ssh Use this command to display the current SSH server connections. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.
Command Line Interfa ce 4-42 4 show public-key Use this command to show the public key f or the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys.
System Management Commands 4-43 4 Event Logging Commands logging on This command controls logging of error messag es, sending debug or error messages to switch memory .
Command Line Interfa ce 4-44 4 logging history This command limi ts syslog messages saved t o switch memory based on severity . The no form return s the logging of syslog messag es to the default level . Syntax logging histo ry { flash | ram } level no logging history { flash | ram } • flash - Event hist ory stored in flash memory (i.
System Management Commands 4-45 4 logging ho st This command adds a syslog server host IP address that will receive l ogging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server .
Command Line Interfa ce 4-46 4 logging tra p This command enables th e logging of system messages to a remote server , or limits the syslog messages saved to a remote server based on seve rity . Use this command without a specif ied level to enable re mote logging.
System Management Commands 4-47 4 Related Commands show logging (4-47) show logging This command displays the log ging configuration , along with any system and event messages stored i n memory . Syntax show logging { flash | ram | sendmail | trap } • flash - Event hist ory stored in flash memory (i.
Command Line Interfa ce 4-48 4 The following example dis plays settings for the tr ap function. Related Commands show logging s endmail (4-51) SMTP Alert Commands These commands configure SMTP event handl ing, and forwarding of alert messages to th e specified SMTP se rvers and email recipient s.
System Management Commands 4-49 4 logging sendmail ho st This command specif ies SMTP servers that wi ll be sent al ert messages. Use the no form to remove an SMTP server . Syntax [ no ] logging sen dmail hos t ip_address ip_address - IP address of an SMTP serve r that will be sent alert messages for event handling.
Command Line Interfa ce 4-50 4 Command Usage The specified level i ndicates an event threshold . All events at thi s level or higher will be sent to the con figured email recipient s. (For example, using Level 7 will report all event s from level 7 to level 0.
System Management Commands 4-51 4 Command Usage Y ou can specify up to five rec ipients f or alert messages. Howev er , you must enter a sep arate command to specify each recipient. Example logging s endmail This command enables SMTP event hand ling. Use the no form to disable this function.
Command Line Interfa ce 4-52 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP), or by using information broadcast by local time servers.
System Management Commands 4-53 4 Example Related Commands sntp server (4-53) sntp poll (4 -54) show sntp (4-54) sntp server This command sets th e IP address of the se rvers to which SNTP time request s are issued. Use the this comman d with no argument s to clear all time servers from the current list.
Command Line Interfa ce 4-54 4 sntp poll This command sets th e interval between sending time request s when the switch is set to SN TP client mod e. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
System Management Commands 4-55 4 clock timezone This command sets th e time zone for the switch’ s internal clock. Syntax clock timezone name hour hours mi nute minutes { before-utc | after-utc } • name - Name of timezone, usua lly an acronym. (Range: 1-29 charac ters) • hours - Number of hours before/after UTC.
Command Line Interfa ce 4-56 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the syste m clock to 15:12:34, Febru ary 1st, 2004.
System Management Commands 4-57 4 System Status Commands show startu p-config This command displays the config uration file stored in non-vol atile memory that is used to st art up the system.
Command Line Interfa ce 4-58 4 Example Related Commands show running-confi g (4-58) show running-con fig This command displays the conf iguration information currently in use.
System Management Commands 4-59 4 - VLAN configuration settings for each interf ace - Multiple spanning tree instance s (name and interface s) - IP address configured for VLANs - Spanning tree setting s - Any configured settings for the console port and Telnet Example Console#show running-config building running-config, please wait.
Command Line Interfa ce 4-60 4 Related Commands show startup-con fig (4-57) show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this command, refer to “Displayi ng System Information” on page 3-9.
System Management Commands 4-61 4 show users Shows all active console and T elnet session s, including user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The session used to execute this command is indicat ed by a “*” symbol n ext to the Line (i.
Command Line Interfa ce 4-62 4 Example Frame Size Commands jumbo frame This command enables suppo rt for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled.
Flash/File Co mmands 4-63 4 Example Flash/File Commands These commands are used to manage th e system code or configuration files. copy This command moves (upload/downl oad) a code image or configuration file between the swi tch’s f lash memory and a TFTP server .
Command Line Interfa ce 4-64 4 Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. • The destinatio n file name should not contain slashes ( or / ), the leading lett er of the file name shoul d not be a period (.
Flash/File Co mmands 4-65 4 The following example shows how to do wnload a configura tion file: This example shows how to copy a secure-site certificate from an TFTP server . It then reboot s the switch to activate the certif icate: This example shows how to copy a public-ke y used by SSH from an TFTP server .
Command Line Interfa ce 4-66 4 Command Usage • If the file type is used for system startup, then thi s file cannot be delet ed. • “Factory_Default_Con fig.cfg” cannot be delete d. Example This example shows how t o delete the test2.cf g configuration fi le from flash memory .
Flash/File Co mmands 4-67 4 Example The following example shows how to di splay all file informat ion: whichboo t This command displ ays which files were booted when t he system powere d up. Default Setting None Command Mode Privileged Exec Example This example shows the informat ion displayed by the whichboot command.
Command Line Interfa ce 4-68 4 Default Setting None Command Mode Global Configurat ion Command Usage • A colon (:) is required after th e specified file type.
Authentication Commands 4-69 4 Authentication Sequence authentication login This command define s the login authent ication method and precedence. Use t he no form to restore the default. Syntax authentication log in {[ local ] [ radi us ] [ t acacs ]} no authentication login • local - Use local password.
Command Line Interfa ce 4-70 4 authenticatio n enable This command defines the authent ication method and prece dence to use when changing from Exec command mode to Priv ileged Exec command mode with the enable command (see page 4- 20). Use the no form to restore t he defaul t.
Authentication Commands 4-71 4 RADIUS Client Remote Authent ication Dial-in User Service (RADIUS) is a l ogon authentic ation protocol that uses sof tware running on a central server to control access to RADIUS-aware devices on the network.
Command Line Interfa ce 4-72 4 Default Setting 1812 Command Mode Global Configurat ion Example radius-server key This command sets th e RADIUS encryption key . Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate log on access for client.
Authentication Commands 4-73 4 Example radius-server timeout This command sets th e interval between tran smitting authent ication requests to the RADIUS server .
Command Line Interfa ce 4-74 4 TACACS+ Client T erminal Access Cont roller Access Control System (T ACACS+) is a logon authenticati on protocol that uses sof tware running on a central server to con trol access to T ACACS-aware devices on the network.
Authentication Commands 4-75 4 Command Mode Global Configurat ion Example tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to restore th e default. Syntax t acacs-server key key_string no t acacs-server key key_string - Encryption key used to authenticate log on access for the client.
Command Line Interfa ce 4-76 4 Port Security Commands These commands can be used to enable port securi ty on a port. When using port security , the switch stops learning new MAC addresses on the specified port when it has reached a co nfigured maximum nu mber .
Authentication Commands 4-77 4 Command Usage • If you enable po rt security, th e switch stop s learning new MAC add resses on the specified port when it has reached a configured maximum number. Only incoming traffi c with source addresses al ready stored in th e dynamic or static address table wi ll be accepted .
Command Line Interfa ce 4-78 4 802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based acces s control that prevent s unauthorized access to the network by requiring users to first submi t credentials for authenticati on.
Authentication Commands 4-79 4 dot1x default This command sets al l configurable dot1x global and port settings to their def ault values. Syntax dot1x default Command Mode Global Configurat ion Exampl.
Command Line Interfa ce 4-80 4 dot1x port-control This command sets th e dot1x mode on a port interface. Use the no form to r estore the default. Syntax dot1x port-control { auto | force-authorized | force-unauthorized } no dot1x port-control • auto – Requires a dot1x-aware conne cted client to be autho rized by the RADIUS server.
Authentication Commands 4-81 4 Command Usage • The “max-count” paramete r specified by this command is onl y effective if the dot1x mode is set to “auto” by th e dot1x port-contro l command (page 4-105).
Command Line Interfa ce 4-82 4 dot1x timeout quiet-period This command sets th e time that a switch port wait s after the Max Request Count has been exc eeded before att empting to ac quire a new client. Use the no form to reset the default. Syntax dot1x timeout quiet-perio d seconds no dot1x time out quiet-per iod seconds - The number of seconds.
Authentication Commands 4-83 4 dot1x timeout tx-period This command sets the time tha t the switch wait s during an authenticat ion session before re-transmi tting an EAP packet . Use the no f orm to reset to the defau lt value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-p eriod seconds - The number of seconds.
Command Line Interfa ce 4-84 4 (page 4-79). It also dis plays the follow in g global parameters which are set to a fixed value, inc luding the followin g items: - supp-timeout – Supplicant timeout. - server-timeout – Server timeout. - reauth-max – Maximum number of reauthenti cation attempts.
Authentication Commands 4-85 4 Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 3600 quiet-period: 60 tx-period: 30 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.
Command Line Interfa ce 4-86 4 Access Control List Commands Access Control List s (ACL) provide packet fi ltering for IP frames (based on address, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type).
Access Contro l List Comm ands 4-87 4 3. User-defined rules in the Ingress MAC ACL fo r ingress ports. 4. User-defined rules in the In gress IP ACL for ingress port s. 5. Explicit defa ult rule (permi t any any) in the ingress IP ACL for ingress ports.
Command Line Interfa ce 4-88 4 access-list ip This command adds an IP access list and enters configuratio n mode for st andard or extended IP ACLs. Us e the no form to remove the specifie d ACL. Syntax [ no ] access-li st ip { standard | extended } acl_name • standard – Specif ies an ACL that filters packets based on the so urce IP address.
Access Contro l List Comm ands 4-89 4 permit , deny (Standard ACL) This command adds a rule to a S tandard IP ACL. The rule sets a filter conditio n for packet s emanating from the specified source. Us e the no form to remove a rule. Syntax [ no ] { permit | deny } { any | source bitmask | host source } • any – Any source IP address.
Command Line Interfa ce 4-90 4 permit , deny (Extende d ACL) This command adds a rule to an Extende d IP ACL. The rule sets a filt er condition for packet s with specific source or destinatio n IP addresses, protocol types, source or destination prot ocol ports, or TCP control codes.
Access Contro l List Comm ands 4-91 4 Command Usage • All new rules are appended to the end of the list. • Address bitmasks are simi lar to a subnet mask, containing four inte gers from 0 to 255, each s eparated by a period. The binary mask uses 1 bits to indi cate “match” and 0 bits to indica te “ignore.
Command Line Interfa ce 4-92 4 Related Commands access-list ip (4-88) show ip access-list This command displays the ru les for configured IP ACLs. Syntax show ip access-list { st andard | extended } [ acl_name ] • standard – Specifies a stand ard IP ACL.
Access Contro l List Comm ands 4-93 4 Command Usage • A mask can onl y be used by al l ingress ACLs or all egress ACLs. • The precedence of the ACL rules applied t o a packet is not determined by order of the rul es, but instead by the order of the masks; i.
Command Line Interfa ce 4-94 4 Command Mode IP Mask Command Usage • Packets crossing a port are checked against all the rules in the ACL until a match is found. The o rder in which these pa ckets are checked is det ermined by the mask, and not the order in whic h the ACL rules were entered.
Access Contro l List Comm ands 4-95 4 This shows how to create a standard ACL wit h an ingress mask to deny access to the IP host 171.69.198 .102, and permit access to any others. This shows how to create an extended ACL wit h an egress mask to drop packet s leaving network 171.
Command Line Interfa ce 4-96 4 This is a more comprehensive example. It denies any TCP packet s in which the SYN bit is ON, and permit s all other packet s. It then sets th e ingress mask to check the deny rule first, and fin ally binds port 1 to this ACL.
Access Contro l List Comm ands 4-97 4 Related Commands mask (IP ACL) (4-93) ip access-group This command binds a port to an IP ACL. Use the no form to r emove the p ort. Syntax [ no ] ip access-group acl_name { in | out } • acl_name – Name of the ACL.
Command Line Interfa ce 4-98 4 Related Commands ip access-group (4-97) map access-list ip This command sets th e output queue for packet s matching an ACL rule. The specified CoS value i s only used to map the matching p acket to an output queue; it is not writt en to the p acket itself.
Access Contro l List Comm ands 4-99 4 show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determin es the output queue for p ackets matching an ACL rule.) Syntax show map access-list ip [ interf ace ] interface • ethernet unit / port - unit - This is device 1 .
Command Line Interfa ce 4-100 4 Command Usage • You must configure an ACL mask before you ca n change frame priorities based on an ACL rule. • Traffic priori ties may be included in the IEEE 802.1p priority tag. This tag is also incorporat ed as part of the overall IEEE 802.
Access Contro l List Comm ands 4-101 4 MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL confi guration mode. Use the no form to remove the specified ACL. Syntax [ no ] access-li st mac acl_name acl_name – Name of the ACL.
Command Line Interfa ce 4-102 4 Example Related Commands permit, deny 4-102 mac access-g roup (4-107) show mac access-l ist (4-103) permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rul e filters p ackets matching a specified MAC source or destinatio n address (i.
Access Contro l List Comm ands 4-103 4 • destination – De stination MAC address range wi th bitmask. • address- bitmask* – Bitmask for MAC address (in hexidecimal format). • vid – VLAN ID. (Range: 1-4095) • vid-bitmask* – VLAN bitmask.
Command Line Interfa ce 4-104 4 Example Related Commands permit, deny 4-102 mac access-g roup (4-107) access-list mac mask-pr ecedence This command changes to MAC Mask mode used to con figure access control masks. Use the no form to delet e the mask t able.
Access Contro l List Comm ands 4-105 4 mask (MAC ACL) This command defines a mask f or MAC ACLs. This mask defines the field s to check in the p acket header .
Command Line Interfa ce 4-106 4 Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask.
Access Contro l List Comm ands 4-107 4 show access-list mac m ask-precedence This command shows the ingress or egress rule masks for MAC ACLs. Syntax show access-list mac mask-precedence [ in | out ] • in – Ingress mask precedence for ingress ACLs.
Command Line Interfa ce 4-108 4 Related Commands show mac access-l ist (4-103) show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Related Commands mac access-g roup (4-107) map access-list mac This command sets th e output queue for packet s matching an ACL rule.
Access Contro l List Comm ands 4-109 4 Example Related Commands queue cos-map (4-194) show map access-list mac (4-109) show map access-list mac This command shows the CoS value mapp ed to a MAC ACL for the current interface. (The Co S value determines the out put queue for packet s matching an ACL rule.
Command Line Interfa ce 4-110 4 match access-list mac This command changes the IEEE 802.1p pri ority of a Layer 2 frame matching the defined ACL rul e. (This feature is commonly referred to as ACL p acket marking.) Use the no form to remove the ACL marker .
Access Contro l List Comm ands 4-111 4 ACL Information show access-list This command shows all ACLs and associated rules, as well a s all the us er-defined masks.
Command Line Interfa ce 4-112 4 SNMP Commands Controls access to thi s switch from management st ations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the commun ity access string for the Simple Network Management Proto col.
SNMP Commands 4-113 4 Example snmp-server contact This command set s the system contact string. Use the no form to remove th e system cont act informati on. Syntax snmp-server cont act string no snmp-server cont act string - S tring that describes the system contact information.
Command Line Interfa ce 4-114 4 Related Commands snmp-server contact (4-1 13) snmp-server host This command specifies the recipient of a Simple Ne twork Management Protocol notificati on operation.
SNMP Commands 4-115 4 Related Commands snmp-server enable trap s (4-1 15) snmp-server enable traps This command enables this device to send Simple Ne twork Management Protocol traps (SNMP no tifications). Use the no form to di sable SNMP notificati ons.
Command Line Interfa ce 4-116 4 Command Usage This command provides information on the community access st rings, counter information for SNMP input and output protocol dat a units, and whether or not SNMP logging has been enable d with the snmp-server enable trap s command.
DNS Commands 4-117 4 DNS Commands These commands are used to configure Domain Na ming System (DNS) services. Y ou can manually c onfigure entries in the DNS domai n name to IP address mapping table, configure default domai n names, or specify one or more name servers t o use for domain name to address transl ation.
Command Line Interfa ce 4-118 4 Command Usage Servers or other network devices may support one or more connections via multiple IP addre sses. If more than one IP address i s associated with a host name using this command, a DNS client can try each addre ss in succession, until it est ablishes a connection with the targ et device.
DNS Commands 4-119 4 Default Setting None Command Mode Global Configurat ion Example Related Commands ip domain-list (4-1 19) ip name-server (4-120) ip domain-lookup (4-1 21) ip domain-list This command defines a list of domain names that can be appended to i ncomplete host names (i.
Command Line Interfa ce 4-120 4 Example This example adds two domain names to the current list and then dis plays the list. Related Commands ip domain-name (4-1 18) ip name-server This command specifies the address of one or more domain name s ervers to use for name-to-address reso lution.
DNS Commands 4-121 4 Example This example adds two domain-name serve rs to the list and then displ ays the list. Related Commands ip domain-name (4-1 18) ip domain-lookup (4-1 21) ip domain-looku p This command enables DNS ho st name-to-address transl ation.
Command Line Interfa ce 4-122 4 Example This example enables DNS and then di splays the configuration . Related Commands ip domain-name (4-1 18) ip name-server (4-120) show hosts This command displays the st atic host name-to-address mappi ng table.
DNS Commands 4-123 4 show dns This command displays the config uration of the DNS server . Command Mode Privileged Exec Example show dns cache This command displays entrie s in the DNS cache. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
Command Line Interfa ce 4-124 4 clear dns cache This command clears all entries in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG TYPE IP TT.
Interface Commands 4-125 4 Interface Commands These commands are used to display or set co mmunication para meters for an Ethernet port, aggregate d link, or VLAN. interface This command configures an in terface type and enter interface configuration mode .
Command Line Interfa ce 4-126 4 Command Mode Global Configuration Example T o speci fy port 24, enter t he following command: description This command adds a description t o an interface.
Interface Commands 4-127 4 Default Setting • Auto-negotiat ion is enabled by default. • When auto-negoti ation is disabl ed, the default speed-duplex setti ng is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports.
Command Line Interfa ce 4-128 4 • If autonegoti ation is disabled, au to-MDI/MDI-X pin signal confi guration will also be disab led for the RJ-45 ports.
Interface Commands 4-129 4 Example The following example configures Etherne t port 5 cap abilities to 10 0half, 100full and flow cont rol. Related Commands negotiation (4-127 ) speed-duplex (4 -126) flowcontrol (4-129 ) flowcontrol This command enable s flow control.
Command Line Interfa ce 4-130 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-127 ) capabili ties (flowcontrol, symmet ric) (4-128) combo-forced-mode This command forces the port type selecte d for combination port s 21-24/45-48.
Interface Commands 4-131 4 Default Setting All interfaces are enabled. Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage This command all ows you to disa ble a port du e to abnormal b ehavior (e.g., excessive collisions), and then reenabl e it after the probl em has been resolved.
Command Line Interfa ce 4-132 4 Example The following s hows how to configure broad cast storm cont rol at 600 p ackets per second: clear counters This command clears statist ics on an interf ace. Syntax clear counters interface interface • ethernet unit / port - unit - This is device 1 .
Interface Commands 4-133 4 show interfaces status This command displays the st atus for an interface. Syntax show interfaces sta tus [ interface ] interface • ethernet unit / port - unit - This is device 1 .
Command Line Interfa ce 4-134 4 show interfaces counters This command displays inte rface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - This is device 1 . - port - Port number. • port-cha nnel channel-id (Range : 1-6) Default Setting Shows the counters for all interf aces.
Interface Commands 4-135 4 show interfaces switchport This command displays the admi nistrative and opera tional status of the specified interface s. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - This is device 1 .
Command Line Interfa ce 4-136 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion.
Mirror Port Commands 4-137 4 Command Usage • You can mirror traffic from any source port to a destinati on port for real-time analysis. Yo u can then attach a logic anal yzer or RMON probe to the destination po rt and study the traf fic crossing the sou r ce port in a complet ely unobtrusive manner.
Command Line Interfa ce 4-138 4 Example The following s hows mirroring configur ed from port 6 to port 1 1: Rate Limit Commands This function allows th e network manager to cont rol the maximum rate for traf fic transmitted or received on an i nterface.
Link Aggregation Commands 4-139 4 Example Link Aggregation Commands Ports can b e statical ly grouped into an aggregate l ink (i.e., tr unk) to increase the bandwidth of a network connection or to ensure fault rec overy .
Command Line Interfa ce 4-140 4 • All the ports in a trunk have to be treated as a whole when mov ed from/to, added or deleted from a VLAN via t he specified port-channel . • STP, VLAN, and IGMP set tings can only be ma de for the entire tru nk via the specified port-chann el.
Link Aggregation Commands 4-141 4 lacp This command enables 802.3ad Link Aggrega tion Control Prot ocol (LACP) for the current inte rface. Use the no form to disable it.
Command Line Interfa ce 4-142 4 lacp system-priority This command configures a port's LACP system priority . Use the no form to resto re the default sett ing. Syntax lacp { actor | pa r t n e r } system-priority priority no lacp { actor | pa r t n e r } system-priority • actor - The local side an aggregat e link.
Link Aggregation Commands 4-143 4 lacp admin-key (Ethernet Interface) This command confi gures a port's LACP ad ministration key . Use the no form to restore the default sett ing. Syntax lacp { actor | pa r t n e r } admin-key key [ no ] lacp { actor | pa r t n e r } admin-key • actor - The local side an aggregat e link.
Command Line Interfa ce 4-144 4 lacp admin-key (Port Channel) This command configures a port channel's LACP administration key string . Use the no form to restore the default setti ng.
Link Aggregation Commands 4-145 4 Command Mode Interface Conf iguration (Ethern et) Command Usage • Setting a lower value indi cates a higher effective priori ty. • If an acti ve port link g oes down, the b ackup port with the highest pri ority is selected to replace the downed link.
Command Line Interfa ce 4-146 4 Example Console#show lacp 1 counters Channel group : 1 --------------------------------------- ---------------------------------- Eth 1/ 1 -----------------------------.
Link Aggregation Commands 4-147 4 Console#show lacp 1 internal Channel group : 1 --------------------------------------- ---------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ---------.
Command Line Interfa ce 4-148 4 Console#show lacp 1 neighbors Channel group 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 -----------------------------.
Address T able Commands 4-149 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearin g the table, or sett ing the aging time.
Command Line Interfa ce 4-150 4 mac-address-table static This command maps a static address to a desti nation port in a VLAN. Us e the no form to remove an address. Syntax mac-address-t able static mac-address interface interface vlan vlan-id [ ac tion ] no mac-address-t able static mac-addre ss vlan vlan-id • mac-address - MAC address.
Address T able Commands 4-151 4 clear mac-address-table dynamic This command removes any learned entrie s from the forwarding dat abase and clears the transmit and receive count s for any static or system configured entries .
Command Line Interfa ce 4-152 4 00-00-00-00-00-00 mean s an exact matc h, and a mask of FF-FF-FF-FF-FF -FF means “any.” • The maximum number of address entries is 8191. Example mac-address-table aging-time This command sets th e aging time for entrie s in the address tabl e.
Spanning Tree Commands 4-153 4 Spanning Tree Commands This section includes co mmands that configure the S panning T ree Algorithm (ST A) globally for the switch, and commands that configure ST A for the selected interface.
Command Line Interfa ce 4-154 4 spanning-tree This command enables the S panning T ree Algorithm globally for the switch. Use t he no form to disable it.
Spanning Tree Commands 4-155 4 Command Usage • Spanning Tree Protoco l Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This creates one spanning tree instance f or the entire network.
Command Line Interfa ce 4-156 4 Default Setting 15 seconds Command Mode Global Configurat ion Command Usage This command sets the maxi mum time (in seconds) the root device will wait before changing states (i.e., discarding to learning to forwardi ng).
Spanning Tree Commands 4-157 4 spanning-tree max-age This command configures the sp anning tree bridge maximum age glob ally for this switch. Use the no form to restore the defaul t. Syntax sp anning-tree max-age second s no spanning-tree max-age seconds - T ime in seconds.
Command Line Interfa ce 4-158 4 Command Mode Global Configurat ion Command Usage Bridge priority is used in sel ecting the root de vice, root port, and designa ted port.
Spanning Tree Commands 4-159 4 spanning-tree transmission-limit This command configures the min imum interval between the tra nsmission of consecutive RSTP/MSTP BPDUs. Use the no form to restore the def ault. Syntax sp anning-tree tr ansmission-li mit count no spanning-tree transmission -limit count - The transmission limit in seconds.
Command Line Interfa ce 4-160 4 mst vlan This command adds VLANs t o a spanning tree insta nce. Use the no form to remove the specified VLANs. Usin g the no form with out any VLAN p a rameters to remove all VLANs. Syntax [ no ] mst instance_ id vlan vlan-range • instance_id - Instance ident ifier of the s panning tree.
Spanning Tree Commands 4-161 4 mst priority This command configures the prio rity of a spanning tree instance. Use the no fo rm to restore the de fault. Syntax mst inst ance_id priority priority no mst instance_id prior ity • instance_id - Instance ident ifier of the s panning tree.
Command Line Interfa ce 4-162 4 Command Usage The MST region name and revis ion number (page 4-162) are used to designate a un ique MST region. A bri dge (i.e., sp anning-tree compliant device such as this switch) can onl y belong to one MST regio n. And all bridges in the same region must be conf igured with the same MST inst ances.
Spanning Tree Commands 4-163 4 max-hops This command configures the maxi mum number of hops i n the region before a BPDU is discarded. Use the no form to rest ore the d efault. Syntax max-hop s hop-number hop-number - Maximum hop nu mber for multiple spanning tree.
Command Line Interfa ce 4-164 4 spanning-tree cost This command configures the sp anning tree pa th cost for the specified interf ace. Use the no form to restore the default. Syntax sp anning-tree cost cost no sp anning-tree cost cost - The path cost for the port.
Spanning Tree Commands 4-165 4 Default Setting 128 Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage • This command defines th e priority for the use of a port in the Spanni ng Tree Algorithm.
Command Line Interfa ce 4-166 4 Example Related Commands spanning-t ree portfast (4-16 6) spanning-tree portfast This command sets an in terface to fast forwarding.
Spanning Tree Commands 4-167 4 spanning-tree link-type This command configures the li nk type for Rapid S panning T ree and Multiple S panning T ree. Use the no form to restore the default. Syntax sp anning-tree link-type { auto | point -to-point | shared } no spanning-tree link-type • auto - Automatically derived from the duplex mode setting.
Command Line Interfa ce 4-168 4 Default Setting • Ethernet – ha lf duplex: 2 ,000,000; full duplex: 1, 000,000; trunk: 500,000 • Fast Ethernet – half duplex: 2 00,000; full duplex: 1 00,000; t.
Spanning Tree Commands 4-169 4 interface with the highest priority (t hat is, lowest value) wi ll be configured as an active link in the spanning tre e. • Where more than one interface is assigned the highest prio rity, the interface with lowest numeric i dentifier will be enabled.
Command Line Interfa ce 4-170 4 show spanning-tree This command shows the configuration for th e common spanning tree (CST) or for an instanc e within the multiple sp anning tree (MST). Syntax show sp anning-tree [ interface | mst instance_ id ] • interface • ethernet unit / port - unit - This is device 1 .
Spanning Tree Commands 4-171 4 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode :MSTP Spanning tree enable/disable :enab le Instance :0 Vlans configuration :1-40 94 Priority :3276 8 Bridge Hello Time (sec.
Command Line Interfa ce 4-172 4 show spanning-tree mst c onfiguration This command shows the configurat ion of the multiple sp anning tree. Syntax show sp anning-tree mst configurat ion Command Mode P.
VLAN Commands 4-173 4 Editing VLAN Groups vlan database This command enters VLAN dat abase mode. All commands in this mode will take effec t immediately . Default Setting None Command Mode Global Configurat ion Command Usage • Use the VLAN database command mode to add, change, and del ete VLANs.
Command Line Interfa ce 4-174 4 vlan This command config ures a VLAN. Use the no form to restore the default sett ings or delete a VLAN. Syntax vlan vlan-id [ name vlan-name ] media ethernet [ state { active | suspend }] no vlan vlan-id [ name | state ] • vlan-id - ID of configured VLAN.
VLAN Commands 4-175 4 Configuring VLAN Interfaces interface vlan This command enters interf ace configuration mode for VLANs, which is used to configur e VLAN parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN.
Command Line Interfa ce 4-176 4 switchport mode This command confi gures the VLAN membershi p mode for a port. Use the no form to restore the de fault. Syntax switchport mode { trunk | hybrid } no switchport mode • trunk - Specifies a port as an end-point for a VLAN trun k.
VLAN Commands 4-177 4 Command Mode Interface Co nfiguration (Et hernet, Port Ch annel) Command Usage When set to receive all frame types, any received fra mes that are unta gged are assigned to the def ault VLAN.
Command Line Interfa ce 4-178 4 Example The following example shows how to set the interface to port 1 and then ena ble ingress filtering : switchport native vlan This command configures the PVID (i.e., def ault VLAN ID) for a port. Use the no form to restore the default.
VLAN Commands 4-179 4 switchport allowed vlan This command confi gures VLAN groups o n the selected interface. Use t he no form to restore the de fault. Syntax switchport allowed vlan { add vlan-list [ ta g g ed | untagged ] | remove vlan-list } no switch port allo wed vlan • add vlan-list - List of VLAN identifiers to add.
Command Line Interfa ce 4-180 4 switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the lis t of forbidden VLANs. Syntax switchport forbidden vlan { ad d vlan-list | remove vlan-list } no switchport forbidden vl an • add vlan-list - List of VLAN identifiers to add.
VLAN Commands 4-181 4 Displaying VLAN Information show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name ] • id - Keyword to be followed by the VLAN ID. - vlan-id - ID of the configured VL AN. (Range: 1-4094, no leading zeroes ) • name - Keyword to be followed by the VLAN nam e.
Command Line Interfa ce 4-182 4 Configuring Private VLANs Private VLANs provide port-based securi ty and isolation between port s within the assigned VLAN. Thi s section descri bes commands used to configure private VlANs. pvlan This command enables or configures a pri vate VLAN.
VLAN Commands 4-183 4 show pvlan This command displays the config ured private VLAN. Command Mode Privileged Exec Example Configuring Protocol-based VLANs The network devices required to support mu lti ple protocols canno t be easily gr ouped into a common VLAN.
Command Line Interfa ce 4-184 4 protocol-vlan protocol-group (Configuring Groups) This command creates a protocol group, o r to add specifi c protocols to a group.
VLAN Commands 4-185 4 Command Usage • When creating a protocol-based VLAN, only as sign interfaces via this command. If you assign in terfaces using any of the other VLAN commands (such as vlan on page 4-174), these interfaces wil l admit traffic of any protocol type into the associ ated VLAN.
Command Line Interfa ce 4-186 4 show interfaces protoc ol-vlan protocol-grou p This command shows the mapping fr om protocol gro ups to VLANs for the selected interface s. Syntax show interfaces protoc ol-vlan protocol-group [ interface ] interface • ethernet unit / port - unit - This is device 1 .
GVRP and Bridge Extension Commands 4-187 4 GVRP and Bridge Extension Commands GARP VLAN Registration Protoco l defines a way for switches to exchange VLAN information in order to automa tically register VLAN members on interfaces acros s the network.
Command Line Interfa ce 4-188 4 show bridge-ext This command shows the configuratio n for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Informat ion” on page 3-1 13 and “Displaying Bridge Extension Cap abilities” on page 3-12 for a description of the d isplayed items.
GVRP and Bridge Extension Commands 4-189 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp conf iguration [ interfa ce ] interface • ethernet unit / port - unit - This is device 1 .
Command Line Interfa ce 4-190 4 Command Usage • Group Address Registration Protocol is used b y GVRP and GMRP t o register or deregister client attri butes for client services wit hin a bridged LAN. The default values fo r the GARP timers are independen t of the media access method or da ta rate.
Priority Commands 4-191 4 Related Commands garp timer (4-189) Priority Commands The commands described in this secti on allow you to specify which dat a packets have greater precedence when traf fic is bu ffered in the switch due to congestion. This switch support s CoS with eig ht priority queues for eac h port.
Command Line Interfa ce 4-192 4 queue mode This command sets th e queue mode to strict priori ty or Weight ed Round-Robin (WRR) for the class of service (CoS) priorit y queues.
Priority Commands 4-193 4 switchport priori ty default This command sets a priori ty for incoming unt agged frames. Use the no form to restore the default value . Syntax switchport priority default default-priority-id no switchport pri ority default default-priority-id - The priority number for untagged ingress traffic.
Command Line Interfa ce 4-194 4 queue bandwidth This command assign s weighted round-robi n (WRR) weights to the eight c lass of service (CoS) priority queu es. Use the no form to rest ore the defaul t weights . Syntax queue bandwid th weight1...weight 4 no queue bandwi d th weight1.
Priority Commands 4-195 4 Default Setting This switch support s Class of Service by using eight prio rity queues, with Weight ed Round Robin queuing for each po rt. Eight sep arate traffi c classes are defined in IEEE 802.1p. The default priority levels are assigne d according to recommendations in the IEEE 802.
Command Line Interfa ce 4-196 4 Example show queue bandwidth This command displays the we ighted round-robin (WRR) bandwi dth allocati on for the eight priority qu eues. Default Setting None Command Mode Privileged Exec Example show queue cos-map This command shows the class of se rvice priority map.
Priority Commands 4-197 4 Example Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP port mapping (i .e., class of service mapping f or TCP/UDP sockets).
Command Line Interfa ce 4-198 4 Example The following example shows how to en able TCP/UDP port mapping globally: map ip port (Interface Configuration) This command enables IP port mapping (i.e., TCP/UDP port priority). Use the no form to remo ve a specific se tting.
Priority Commands 4-199 4 Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and default switchp ort priority. • IP Precedence and IP DSCP cannot both be en abled. Enabling one o f these priority types will aut omatically disable th e other type.
Command Line Interfa ce 4-200 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Dif ferentiated Services Code Point mapping).
Priority Commands 4-201 4 Default Setting The DSCP default values are defi ned in the following t able. Note that all the DSCP values that are not specif ied are mapped to CoS value 0.
Command Line Interfa ce 4-202 4 Default Setting None Command Mode Privileged Exec Example The following shows that HTTP tra ff ic has been mapped to CoS value 0: Related Commands map ip port (Global Configu ration) (4-197) map ip port (Interface Config uration) (4-198) show map ip precedence This command shows the IP precedence priorit y map.
Priority Commands 4-203 4 Example Related Commands map ip port (Global Configu ration) (4-197) map ip precedence (Interface Conf iguration) (4-199 ) show map ip dscp This command shows the IP DSCP priori ty map. Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - This is device 1 .
Command Line Interfa ce 4-204 4 Example Related Commands map ip dscp (Global Conf iguration) (4-200) map ip dscp (Interface Config uration) (4-200) Multicast Filtering Commands This switch uses IGMP (I nternet Grou p Manage ment Protocol) to query for any attache d hosts that want to receive a specifi c multicast service.
Multicast Filter ing Commands 4-205 4 ip igmp snoopi ng This command enables IGMP sno oping on this swit ch. Use the no form to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping.
Command Line Interfa ce 4-206 4 ip igmp snoo ping ver sion This command confi gures the IGMP snooping version. Use the no form to restore the default. Syntax ip igmp snoopi ng version { 1 | 2 } no ip .
Multicast Filter ing Commands 4-207 4 Example The following s hows the current IGMP snooping conf iguration: show mac-address -table multicast This command shows kn own multicast addresse s.
Command Line Interfa ce 4-208 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the switch as an I GMP querier . Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch will serve as querie r if elected.
Multicast Filter ing Commands 4-209 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count define s how long the querier waits for a response from a multicast cli ent before taki ng action.
Command Line Interfa ce 4-210 4 ip igmp snoopi ng qu ery-max-response-time This command configures the que ry report delay . Use the no form to resto re the default. Syntax ip igmp snoopi ng qu ery-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s.
Multicast Filter ing Commands 4-211 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this command to take ef fect.
Command Line Interfa ce 4-212 4 Command Usage Depending on your network connect ions, IGMP snooping may not always be able to locate the IGMP querier .
IP Interface Commands 4-213 4 IP Interface Commands An IP addresses may be used for manage ment access to the switch over your network. The IP address for th is switch is obt ained via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the dev ice to obtain an address from a BOOTP or DHCP server when it is powered on.
Command Line Interfa ce 4-214 4 • If you select the bootp or dh cp option, IP i s enabled but wi ll not func tion until a BOOTP or DHCP reply has been rece ived. Requests will be br oadcast periodically b y this device in an effort to learn its IP address.
IP Interface Commands 4-215 4 Related Commands ip address (4-213) ip default-gateway This command establ ishes a stat ic route between this switch an d management statio ns that exist on another network se gment. Use the no form to re move the stat ic route.
Command Line Interfa ce 4-216 4 Related Commands show ip redirect s (4-216) show ip redirects This command shows the default gateway configure d for this device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4-2 15) ping This command sends ICMP echo reques t packet s to another node on th e network.
IP Interface Commands 4-217 4 - Network or host un reachable - The gate way found no corresp onding entry in the route table. • Press <Esc> to stop pinging. Example Related Commands interface (4-125) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.
Command Line Interfa ce 4-218 4.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802. 1x), HTTPS, SSH, Port Security Access Control List s IP , MAC (up to 32 lists) DHCP Client D.
Software Specifications A-2 A Additional Featu r es BOOTP client SNTP (Simple Network T ime Protocol) SNMP (Simple Network Ma nagement Protocol) RMON (Remote Monitoring, group s 1, 2, 3, 9) SMTP Email.
Management Inform ation Bases A-3 A RMON (RFC 1757 groups 1,2,3,9) SNMP (RFC 1 157) SNMPv2 (RFC 1907) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 1350) Management Information Bases Bridge MIB (RFC 14.
Software Specifications A-4 A.
B-1 Appendix B: Troubleshooting Problems Accessing the Management Int erface T able B-1 T roubleshooting Chart Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cabling between the manag ement station and t he switch.
Troubleshooting B-2 B Using System Logs If a fault does occur , refer to the Installati on Guide to ensure that the probl em you encountered is actual ly caused by the switch. If the problem app ears to be caused by the switch, follow these steps: 1. Enable logging.
Glossary-1 Glossary Access Control List (ACL) ACLs can limit netwo rk traffic and restri ct access to certai n users or devices by checking each p acket for certain IP or MAC (i.
Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VL AN information in order to register necessary VLAN members on p orts along the S panning T ree so that VL ANs defined in each switch can work automati cally over a S panning T ree network.
Glossary-3 Glossary IEEE 802.3x Defines Ethernet frame st art/stop requests and timers used for flow control on full-duplex links. IGMP Snooping Listening to IGMP Query and IGMP Re port packe ts transferred betwee n IP Multicast Routers and IP Multicast host group s to identify IP Multicast group members.
Glossary Glossary-4 Management Information Base (MIB) An acronym for Management Information Base. It is a set of databa se objects that contain s information a bout a specific device.
Glossary-5 Glossary Rapid Spanning Tr ee Protocol (RSTP) RSTP reduces the convergence time for network to pology changes to a bout 10% of that require d by the older IEEE 802.1D STP st andard. Secure Shell (SSH) A secure replacement for remote access functions, includi ng T elnet.
Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a dat agram mode for packet-swi tched communications. It uses IP as the underlying transpo rt mechanism to provide acce ss to IP-like services. UDP packet s are delivered just like IP packet s – connection-less dat agrams that may be discarded before reachi ng their target s.
Index-1 Symbols 3-31 Numerics 802.1x, port authentication 3-43, 4-78 A acceptable frame type 3-119, 4-174 Access Control List See ACL ACL Extended IP 3-53, 4-86, 4-87, 4-90 MAC 3-53, 4-86, 4-10 1, 4-1.
Index-2 Index H hardware version, displaying 3-10, 4-61 HTTPS 3-34, 4-31 HTTPS, secure server 3-34, 4-31 I IEEE 802.1D 3-91, 4-152 IEEE 802.1s 4-152 IEEE 802.
Index-3 Index Q queue weights 3-129, 4-192 R RADIUS, logon a uthentication 3-31, 4-71 rate limits, setting 3-8 3, 4-136 restarting the system 3-25, 4-22 RSTP 3-91, 4-152 global configuratio n 3-92, 4-.
Index-4 Index W Web interface access requirements 3-1 configuration but tons 3-3 home page 3-2 menu list 3-3, 3-4 panel display 3-3.
.
ES4512C ES4524C ES4548C E052005-R02.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Accton Technology ES4524C c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Accton Technology ES4524C - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Accton Technology ES4524C, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Accton Technology ES4524C va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Accton Technology ES4524C, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Accton Technology ES4524C.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Accton Technology ES4524C. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Accton Technology ES4524C ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.