Manuel d'utilisation / d'entretien du produit TigerAccess SMC7816M du fabricant SMC Networks
Aller à la page of 962
T igerAccess ™ EE 6-Band VDSL2 Switch ◆ 16 VDSL Downlink Ports (1 RJ-21 Connecto r) ◆ 2 Gigab it Eth ernet Combin atio n Ports (RJ-45/ SFP) ◆ 1 F ast Et hernet Managemen t Port (RJ-45) ◆ Non.
.
20 Ma son Irvi ne, CA 9261 8 Phone: (949) 679-80 00 T igerAccess ™ EE Ma nage ment Gui de From S MC’ s T iger line of f eature-ri ch w orkgro up LAN solut ions Ja nua ry 20 07 Pub.
Information furnished b y SM C Netw orks , Inc . (SMC) i s bel iev ed t o be accur ate a nd reli able . Ho wev er , no respon sibil ity is assu med by SMC for it s use, nor for any inf ring ement s of pate nts or ot her right s of third par t ies which may resul t fr o m its use.
v L IMITED W ARRANTY Limited W ar ranty Statement: SM C Networks, Inc. (“SMC ”) war ran ts it s produ cts to b e free f rom defects i n wor kmanship and materials , under nor mal use and ser vice, for the applicable w arr anty term .
vi WARRA NTI ES E X CLU SIVE : IF AN SMC PR ODUCT DOES NOT OPERA TE AS W ARRANTED ABO VE, CUSTOMER’ S SOLE REM ED Y SHALL BE R EP AI R OR REPLA CEMENT OF THE PR OD UCT IN Q UES TION , A T SMC’S OPTION .
vii T ABLE OF C ONTENTS Section I Getting Started 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descr iption o f Software F eatures .
T ABLE OF C ONTENTS viii Main Men u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 4 Basic Ma nagement Tasks . . . . . . . . . . . . . . . . . . . . . . 4-1 Display ing System Informat ion . . . . . . . . . . .
T ABLE OF C ONTENTS ix Settin g SNMPv3 View s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24 6 User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Configu ring User Ac counts . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS x 9 Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Display ing Conn ection Stat us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Configu ring Inter face Con nections . . . . .
T ABLE OF C ONTENTS xi Configu ring Interf ace Settings fo r MSTP . . . . . . . . . . . . . . . . . . . . . . 12-27 13 VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Selectin g the V LAN Opera tion Mode . . . . . . . . . .
T ABLE OF C ONTENTS xii 15 Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Configu ring Quality of Se rvice Parame ters . . . . . . . . . . . . . . . . . . . . . 15-2 Configu ring a Cla ss Map . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xiii Conso le Conne ction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1 Telnet C onnectio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2 Enter ing Comma nds . . . . . . . . .
T ABLE OF C ONTENTS xiv show bme version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-10 show cpu utiliza tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11 show memory status . . . . . . . . . . .
T ABLE OF C ONTENTS xv SMTP Alert C ommand s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 loggin g sendmail ho st . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-48 loggin g sendmail le vel . . . . .
T ABLE OF C ONTENTS xvi Authe ntication Se quence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authent ication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5 authent ication enable . . . .
T ABLE OF C ONTENTS xvii dot1x max- req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x p ort-contro l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36 dot1x o peration -mode . . . . . .
T ABLE OF C ONTENTS xviii 24 Access Control List Commands . . . . . . . . . . . . . . . . . 24-1 IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 access -list ip . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xix show interfaces c ounter s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-14 show interface s switch port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25-16 26 Link Aggregation Comm ands .
T ABLE OF C ONTENTS xx lre inte rleave-ma x-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-25 lre da tarate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-26 lre rate -set . . . . . . . . . .
T ABLE OF C ONTENTS xxi Display ing VDSL I nformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-61 show lre band-pla n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-62 show lre option-b and . . . . . . . .
T ABLE OF C ONTENTS xxii 31 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . 31-1 spannin g-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31-3 spannin g-tree mod e . . . . . . . . . . . . .
T ABLE OF C ONTENTS xxiii vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-8 Configu ring VLA N Interfac es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-9 interfa ce vlan . . .
T ABLE OF C ONTENTS xxiv show queue b andwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-9 show queue cos -map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33-10 Priority Commands (L ayer 3 and 4) . . . . . .
T ABLE OF C ONTENTS xxv ip igmp sn ooping q uery-inte rval . . . . . . . . . . . . . . . . . . . . . . . . 35-9 ip igmp sn ooping qu ery-max-re sponse-time . . . . . . . . . . . . . . 35-10 ip igmp sn ooping r outer-po rt-expire -time . . . . . . . . .
T ABLE OF C ONTENTS xxvi 37 DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 DHCP Clie nt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37-1 ip dhcp re start clie nt . . . . . . . . . .
T ABLE OF C ONTENTS xxv ii Section IV Ap pendices A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Manag ement Fe atures .
T ABLE OF C ONTENTS xxviii.
xxi x T ABLES Table 1-1 Key Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 Syst em Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Table 3-1 Web Pa ge Confi guration B uttons .
T ABLES xxx Table 20-4 show b me version - d isplay des cription . . . . . . . . . . . . . 20-11 Table 20-5 show cpu utilization - display description . . . . . . . . . . . 20-12 Table 20-7 System Mod e Commands . . . . . . . . . . . . . . . . . . . .
T AB LES xxxi Table 24-1 Access Control L ist Comma nds . . . . . . . . . . . . . . . . . . . . 24-1 Table 24-2 IP ACL Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-2 Table 24-3 MAC ACL Co mmands . . . . . . . . . . . . . . . .
T ABLES xxxii Table 32-5 Commands for Dis playing VLAN I nformation . . . . . . 32-16 Table 32-6 Private VLAN C ommand s . . . . . . . . . . . . . . . . . . . . . . . 32-17 Table 32-7 Protocol- based VL AN Command s . . . . . . . . . . . . . . . . 32-20 Table 32-8 IEEE 802.
xxxiii F IGUR ES Figur e 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figur e 3-2 Front Panel Indic ators . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figur e 4-1 Syste m Informati on . . . . .
F IGU RES xxxiv Figure 6-5 SSH Server Setting s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17 Figure 6-6 802.1X Global I nformation . . . . . . . . . . . . . . . . . . . . . . 6-21 Figure 6-7 802.1X Global Co nfiguration . . . . . . .
F IGU R ES xxxv Figure 10-5 VDSL Perfo rmance Stati stics . . . . . . . . . . . . . . . . . . . . 10-28 Figure 10-6 Alarm Profile Configuratio n . . . . . . . . . . . . . . . . . . . . . 10-35 Figure 10-7 CPE Informa tion . . . . . . . . . . . . . . .
F IGU RES xxxvi Figure 14-10 IP Port Pr iority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17 Figure 15-1 Configu ring Class Maps . . . . . . . . . . . . . . . . . . . . . . . . . 15-5 Figure 15-2 Configu ring Policy Maps . . . . .
S ECTION I G ETTING S TARTED This sect ion pr ovides an o v er view of th e swit ch , and int roduce s so me bas ic co ncept s abo ut netw ork swi tc he s . It also d escri be s th e ba sic sett ing s require d to acces s t he management inte rface . Introd uction .
G ETTING S TAR TE D.
1-1 C HAPTER 1 I NTRODUCTION Th is switch provides a broad rang e of features for La yer 2 switc h ing. It incl udes a managemen t agent t hat allo ws yo u to con fig ure th e featu res listed in this manual. The default c onfiguration can be used for most of t he featu res pro v id ed b y this swit c h.
K EY F EATURES 1-2 User Authentication Console , Telnet, we b – User na me / pass word, RADIUS, TACACS+ Web – HTTPS Telnet – SSH SNMP v1/2c - Com munity string s SNMP version 3 – MD5 or SHA pas sword Port – IEEE 802.1X Client Security Private VLAN s, IEEE 802.
I NTR ODUCTION 1-3 Descri ptio n of Softwar e Featu res Th e swit ch provides a wide rang e of advanc ed per for mance enhan cing featu res . Flo w control elimi nates the loss of pac kets d ue to bott len ecks caus ed by por t satura tion.
D ESCRIPTION OF S OF TWAR E F EATURES 1-4 ser v er to v erify the cli ent’ s r igh t to a ccess the ne tw ork via an authent icat ion ser v er (i.e., RADIU S ser v er).
I NTR ODUCTION 1-5 P or t T r unking – P or ts can be co mbine d in to an ag greg ate co nnect ion. T r unks can be man ually set up or dyna mically configured using IEEE 802.3-2002 (for merly IEEE 8 02.3ad) Link Ag g reg ation Control Protocol (LA CP).
D ESCRIPTION OF S OF TWAR E F EATURES 1-6 Spanning T ree Algorithm – The switc h s upp orts thes e span nin g tr ee prot ocol s: Spanning T ree Pr otocol (STP , IEEE 802.
I NTR ODUCTION 1-7 • Si mplif y networ k manag emen t f or no de ch ange s/mov es b y r emotel y con figuri ng VLA N members hip fo r any p ort, ra th er th an havi ng to manu ally change the netwo rk co nnecti on . • Provide data security by restricting all traffic to the orig inating VLAN .
D ESCRIPTION OF S OF TWAR E F EATURES 1-8 Multicast Fi ltering – Specific multicast traffic can be assign ed to its own VLAN to ensure th at it do es no t inte rfer e with n or mal net w ork tr affic an d to guarantee real-time deliv er y by setting the required priority leve l for the desig nate d VLA N .
I NTR ODUCTION 1-9 System Default s Th e switch’ s system defaults are provided in the config uration file “Fac tory_D efault_ Config.cf g.” To re set the s witch defaul ts, this fi le should be set as the star tup conf iguratio n file ( page 4-20).
S YSTEM D EFAULTS 1-10 Web Managem ent HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP SNMP Agent Enabled Communit y Strings “public” (read only.
I NTR ODUCTION 1-11 Virtual LANs Default VLAN 1 PVID 1 Acceptable Fra me Type All Ingres s Filtering Disabled Switchport Mo de (Egre ss Mode) Hybrid: tag ged/unta gged frame s GVRP (g lobal) Disabled .
S YSTEM D EFAULTS 1-12 Multica st Filtering IGMP Snooping Snooping: Enabl ed Querier: Dis abled IGMP F iltering/Throttling Disab led Multicast VLAN Registration Disabled System Log Status Enabled Mess.
2-1 C HAPTER 2 I NITI AL C ONFI GURATION Connect in g to the Switc h Configura tion Options The swi tc h incl udes a bui lt-in netw ork managem ent agent. The agent offe rs a variet y of man age ment option s , includ ing SNM P , RM ON and a web-ba sed inter face.
C ONNECTING TO THE S WITCH 2-2 The sw itc h’ s w eb in terf ace , CLI conf igur atio n program, and SNMP agent allow you to per for m the following manag emen t func tions: • Set user nam es an d .
I NITIAL C ONFIGURATION 2-3 T o co nnect a term in al to the co nso le p ort, comple te th e fol lo wing steps: 1. Connect the consol e cab le to t he seri al port on a term in al, or a PC r unnin g ter minal emulation software, and tighte n the captive retaining scr ews o n the D B-9 co nne ctor.
B ASIC C ONFIGURATION 2-4 Remote Connections Pri or to acc essi ng th e switc h ’ s onboa rd agent via a net w ork co nnect ion, y ou m ust fir st co nfigur e it wi th a v alid IP addres s , subnet mas k, and de fault g ateway using a consol e con nectio n, DHC P or BOO TP prot ocol.
I NITIAL C ONFIGURATION 2-5 Acces s to bo th CLI le v els are co ntro lled by use r name s and pass w or ds . The swit c h has a default user name and passw ord for eac h lev el. T o log into the CLI at t he Pri vileg ed Exec lev el using the default use r name and pas sw ord, perform thes e steps: 1.
B ASIC C ONFIGURATION 2-6 4. T ype “us er name admin pa ssword 0 passw ord , ” for t he Pri vil eg ed E x ec level, where passw ord is yo ur new pa ssw ord. Pres s < Ente r>. Setting an IP Address Y ou must est ablish IP addre ss infor mation for the switch to obtain man agement acc ess t hrou gh t he net w ork.
I NITIAL C ONFIGURATION 2-7 Usi ng the dedi cated ma nagement p ort pro vid es a bac k c han nel for troub les hoot ing when t he sw itch ca nnot b e reach ed thro ugh t he da ta network. T o provide addition al se curity ag ai nst eavesdro pping o n manag em ent traffic , leav e the IP addres s for the d ata network (i.
B ASIC C ONFIGURATION 2-8 9. T hen follow the steps indicated in t he next s ection to assi gn an IP address to this VLAN using manual configurat ion or automatic config urati on via DH CP o r BOOTP . Note: If you put the uplink ports (Ports 17 and 18) in a separate managemen t VLAN, do not change th eir default VLAN ID.
I NITIAL C ONFIGURATION 2-9 Before y ou can assig n an IP a ddress to the s witc h, y ou m us t obtai n t he following inf or matio n from you r network ad minist rat or : • IP ad dres s for the swi.
B ASIC C ONFIGURATION 2-10 T o auto matica lly config ure th e swit ch b y com m unica ting with BOOT P or DHCP add ress a llocatio n ser vers on the ne twork, complete the following ste ps: 1. Fro m t he Globa l Co nfig uratio n mod e pr ompt , typ e “int erfa ce vl an 1” to acce ss the i nterfa ce-config ura tion mo de .
I NITIAL C ONFIGURATION 2-11 Enabling SNMP Management Access The sw itc h can be conf ig ured to accep t ma nagement com mand s from Simpl e Network Manag e ment Prot ocol ( SNMP) app lication s such as HP OpenV iew . Y ou ca n con figur e the swi tc h to (1) r espo nd to SNM P req uests or (2 ) generate SNMP traps .
B ASIC C ONFIGURATION 2-12 T o pr ev ent un autho rized a cces s to t he sw itc h f rom SNMP v ersi on 1 or 2c clients , it is recommend ed that you c hange th e default community strings. T o confi gure a comm unity string , co mplete t he fo llo wing steps: 1.
I NITIAL C ONFIGURATION 2-13 Then press <Ent er>. F or a mo re det ailed de scri ption of t hese para mete rs , see “snmp -ser v er host” on p age 21-6.
M ANA GING S YSTEM F ILES 2-14 Managi ng Sys tem F iles Th e switch’ s f lash memo r y sup por ts three types of sy stem file s that can be man aged b y the CLI pr ogram, w eb i nte rface , or SNMP . The swit ch’ s file syste m all ow s file s to be up loade d and dow nlo aded, copie d, del ete d, an d set as a s tar t-up file .
I NITIAL C ONFIGURATION 2-15 In th e system flash memory , one file of eac h type m ust be set as the start-up file. During a system b oot, the diag nostic an d operation code files set as t he start-up file are run, and then t he start-up configurat ion file is loaded.
M ANA GING S YSTEM F ILES 2-16 T o s av e the c ur re nt confi gura tio n set ting s , enter t he follo wing comm and: 1. Fro m the P rivileg ed Exec mo de pr ompt , type “c opy r unni ng-co nfig st ar tup -con fig ” a nd pr ess <Ent er >. 2.
S ECTION II S WITC H M ANAGEMENT This sect ion descr ibes the basi c sw itc h featu res , alo ng wi th a d etai led desc ript io n of ho w to conf igure ea ch featu re vi a a we b br ow ser , and a bri ef exa mple for t he Co mmand L ine Inter face . Configu ring the Switch .
S WITCH M ANA GEME NT.
3-1 C HAPTER 3 C ONFI GURIN G THE S WITC H Using th e Web In terfac e Th is switch pr ovides an e mbed ded HTTP web age nt. U sing a web brows er y ou can con figure th e swit ch and vi ew st atis tics t o mo nito r netw ork acti vit y .
C ONFIGURING THE S WI T CH 3-2 Notes: 1. You ar e allow ed three attemp ts to en ter the correc t passw ord; on th e thir d fail ed at tem pt the curr ent co nnec tion i s termina ted. 2. If you log into th e web interface as guest (Normal Exe c level), you c an view t he co nfig urati on s ett ings or c hange the gues t password.
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-3 Naviga ting the We b Br owse r Inter face T o acces s the we b-bro w ser in terface y ou m ust first enter a user name a nd passw ord. The administrato r has R ead/W rite acces s to all conf igurat ion parame ters and statistic s .
C ONFIGURING THE S WI T CH 3-4 Configura tion Options Config urabl e par amet ers ha ve a di alog bo x o r a dro p-d ow n list . Once a config urati on chan ge has been made on a pag e, be su re to c lick on the Apply button to conf ir m the new se tting .
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-5 Main Menu Using the onbo ard w eb a g ent, y o u can def ine sys tem param eters , man age and cont rol the switch, and all its por ts , or moni tor network conditions . Th e follo wing table brief ly describes the selection s av ailab le from this prog ram.
C ONFIGURING THE S WI T CH 3-6 Reset Restarts the switch 4-36 SNTP 4-37 Configurat ion C onfigure s SNTP clie nt settings, including a speci fied list of servers 4-3 7 Clock Time Zone Sets th e local .
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-7 802.1X Port authentic ation 6-19 Inform ation Displays g lobal config uration s ettings 6-21 Config uration Co nfigures glob al configura tion param.
C ONFIGURING THE S WI T CH 3-8 Trunk Conf iguratio n Config ures trunk co nnection sett ings 9-4 Trunk Membership Specif ies ports to group into static trunks 9-9 LACP 9-11 Configurat ion Allows ports.
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-9 VDSL 1 0-1 Global Configuration Co nfigure s global VDSL vari ables which can be applied to all ports 10- 1 VDS L Po rt Config uration Config ures c.
C ONFIGURING THE S WI T CH 3-10 Spanning Tree 12-1 STA Information Displa ys STA values used for the bridge 12-4 Config uration Co nfigure s global bridge s ettings for STP, RST P and MSTP 12- 8 Port .
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-11 Static Membership by Port Configure s membership type for interfaces, incl uding tagged, untagg ed or fo rbidde n 13-14 Port Configura tion Specifi.
C ONFIGURING THE S WI T CH 3-12 IPv6 Mapp ing Assigns IP v6 traffic clas ses to one of the Class-of- Service v alues 14-15 IP Port Priority Status Globally enables or disables IP Port Priority 14-16 I.
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-13 IG MP F ilt er / Thr ottli ng Trunk Configuratio n Assigns IGMP filter pro files to trunk interfaces and sets throttle mode 16-18 MVR 16 -20 Config.
C ONFIGURING THE S WI T CH 3-14.
4-1 C HAPTER 4 B ASIC M ANAGEMENT T ASKS This c h apte r descr ibes the ba sic func tions re quired t o set up m ana gement acces s to the swi tc h, dis pla y or upgrade op eratin g so ftw are , or res et th e syst em.
B ASIC M ANA GEME NT T ASK S 4-2 • Web Secure Server P ort – Shows the TCP po rt used by the HTTPS interface. • Telnet Server – Shows if management access via Telnet is enabled. • Telnet Server Port – Shows th e TCP por t used b y the Tel net int erf ace.
D ISPLA YIN G S YSTEM I NFOR MATION 4-3 CLI – Specify the hostname, location and con tact infor m ation. Console(config)#hostname R&D 5 20- 2 Console(config)#snmp-server locatio n WC 9 21-5 Cons.
B ASIC M ANA GEME NT T ASK S 4-4 Disp laying Syste m Health Use the S ystem He alth In for m ation p age to disp lay the status of the fa ns , internal temperature, main board , CPU , and system memory . Field Att ributes Gener al St atus • Fan Status – The fan’s functioning status.
D IS PLAYI NG S YSTEM H EALTH 4-5 • Free Amount – Am ount of memo ry curr entl y free for u se. • Freed / Total – Percen tage of fr ee mem ory co mpar ed to to ta l memory. • Utiliz ation Ra ising Alarm Thr eshold 1 – Ris ing thre shol d for memo ry utilization alarm.
B ASIC M ANA GEME NT T ASK S 4-6 CLI – Use th e fol low ing co mm ands t o dis pla y t he stat us of t he CPU a nd syst em m em or y . Console#show cpu utiliz ation 20-11 CPU current utilizatio n : .
D ISPLA YIN G H ARDW AR E /S OFTW AR E V ERSIONS 4-7 Displayin g Hardware/Software Versions Use the Switch Infor mation p age to display hardware/fir mware version n umbers for the main board an d management s oftwa re, as w ell as the po w er st atus of t he s ystem.
B ASIC M ANA GEME NT T ASK S 4-8 These addit ional parame ter s are d ispl aye d for t he CLI . • Unit ID – Unit number in stack. • BME firmware version – Versio n num ber of Burst Mo de E ngine.
D ISPLA YI N G B RIDGE E XTE NS IO N C APABILITIES 4-9 CLI – Use the following command to di splay v e rsion infor mation. Disp laying Bridge E xtens ion Capab ilitie s Th e Brid g e MIB includ es ex tension s for ma nag ed devic es th at sup por t Multicast Filte ring, T raffic Classe s , and Virtual LANs .
B ASIC M ANA GEME NT T ASK S 4-10 • Configurable PVID Tagging – This switch allo ws you to ove rride the de faul t P or t VL AN I D (PVI D u sed in fra me ta gs) and eg res s st at us (VLAN -Tag ged o r Unta gged ) o n each port. (R efer to “VL AN Configuration” on page 13-1.
S ETTING THE S WITCH ’ S IP A DDRESS 4-11 CLI – Enter the follo wing comman d. Setti ng the Swi tch’ s IP Addr ess Th is sec tion des crib es how to co nfig ure a n IP inte rface for man age ment acces s o v er th e net w ork. The IP ad dress for t his sw itc h is o btained vi a DHCP b y default.
B ASIC M ANA GEME NT T ASK S 4-12 wil l not func tio n unti l a re ply has b een rec eived from t he s erver. Reques ts w ill be bro adcast peri odical ly by th e swit ch fo r an IP addres s. (DHCP /BOOTP values can i nclude the I P ad dress, subn et ma sk, and defau lt gatew ay.
S ETTING THE S WITCH ’ S IP A DDRESS 4-13 CLI – Specif y the m anagement interf ace, IP ad dress an d de fault gatew ay . This examp le firs t se ts up a de dica ted V LAN for manageme nt a ccess .
B ASIC M ANA GEME NT T ASK S 4-14 Using DHCP/ BOOTP If y ou r network pr ovides DHC P/B OOT P ser v ice s , you ca n c onf igur e th e swit ch to be d yna mical ly confi gur ed b y th ese se r vices .
S ETTING THE S WITCH ’ S IP A DDRESS 4-15 This examp le firs t se ts up a de dica ted V LAN for manageme nt a ccess . It adds P ort 19 (the management port) to that VLA N and als o remov es this port from the V LAN 1, whic h is left fo r u se b y th e da ta ne tw ork.
B ASIC M ANA GEME NT T ASK S 4-16 Configu rin g Suppo rt for Jumb o Frames The switc h prov ides mor e eff icient throug hput fo r lar ge sequen tial d ata trans fers by sup por ting ju mbo fram es up to 9216 bytes . C ompar ed to stand ard Et hernet frames that run only up t o 1.
M ANAG ING F IR MW AR E 4-17 Managi ng Fir mwar e Y ou can up load/ download fir m ware to or from a TFTP ser ver. By sav ing r untime code to a file on a TFTP ser v er , that file can later be downloaded to the switch to re store oper ation. Y ou ca n also se t the switch to us e new fir mware without overwriting th e previous version.
B ASIC M ANA GEME NT T ASK S 4-18 Downloading System Software from a Server When d ow nlo ading runtime cod e, yo u ca n spe cify t he de sti nati on f ile name t o replace t he cu r rent image, o r firs t do wnl oad the file us ing a differe nt na me fro m th e current r unt ime co de fi le , and t hen s et the new file as t he star tup file .
M ANAG ING F IR MW AR E 4-19 If you do wnload to a ne w destinatio n file, go to the File Mana gement , Set Start -Up menu, mark the operation code file used at star tup , and click Appl y . T o st art the new fir mw are , reboot the s ystem via the System /R eset menu.
B ASIC M ANA GEME NT T ASK S 4-20 T o start the new fi r mware , en ter t he “ reload” com mand or reboo t th e syst em. Saving or Restori ng Confi gurat ion Set tings Y ou can up load/ download configu ratio n setting s to/f rom a TF TP ser ver , or copy file s to and from switch units in a s tack.
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-21 - runnin g-c on fig to file – Copies th e running config uration to a file. - runnin g-c onf ig to startup -co nfig – Copies the r unn ing co nfig to the startu p config. - runni ng- con fi g to tf tp – Cop ies the r unni ng co nfig ura tio n to a TFTP server .
B ASIC M ANA GEME NT T ASK S 4-22 Downloading Configurati on Settings fr om a Server Y ou ca n do wnlo ad th e co nfig ur ation fi le under a new file na me and t hen set i t as the s tartup file , or y ou can sp ecify the c ur rent startup configurati on file as th e destination file to directly re place it.
S AVING OR R ESTORING C ONFIGURATION S ETTINGS 4-23 If you down load to a new file name us ing “tf tp to s tar tup -config ” or “tf tp to file, ” t he file is automatic ally set as the st art-up configuration file. T o use the new s ettin gs , reboo t the s yst em via t he Sys tem/R eset me nu .
B ASIC M ANA GEME NT T ASK S 4-24 Console Port Setti ngs Y ou can access the onboard c onfiguration prog ram b y attaching a VT100 compa tib le de vice to the s witc h ’ s ser ial consol e po rt.
C ONSOLE P OR T S ETTINGS 4-25 device connected to the serial por t. (Range: 9600, 19200, 38400, 57600, or 115200 baud, A uto; Default: Auto) • Stop Bits – Sets the numbe r of the sto p bits t ransmitte d per byte. ( R a n g e :1 - 2 ;D e f a u l t : 1 s t o p b i t ) • Password 2 – Speci fies a pass w ord fo r th e line conn ection.
B ASIC M ANA GEME NT T ASK S 4-26 CLI – Ente r Lin e Config urati on mo de for th e con sole , t hen spec ify t he con nectio n para m ete rs as requir ed. T o dis pla y the cur r ent cons ol e port sett ings , use th e show line comm and fr om the Nor mal Ex ec leve l.
T ELNET S ETTINGS 4-27 • Login Timeout – Sets the int er v al that the s ystem w aits for a user t o log in to t he CLI . If a logi n a ttem pt i s n ot de tected w ith in the t im eou t inte rval, the conne ction is ter minat ed for th e ses sion.
B ASIC M ANA GEME NT T ASK S 4-28 We b – Clic k Syst em, Line , T eln et. Spe cify t he co nnect ion p aramet ers fo r T elnet access , then clic k App ly . Figure 4-14 Configuring the Telnet Interface CLI – Enter Line Con figuration mode fo r a vir tual ter m inal, then specify the co nnect ion p arameters as re quire d.
C ONFIGURING E VENT L OG GI NG 4-29 Conf igu ring E ven t Loggi ng Th e switc h allows y ou to control the log ging of e rro r messages , including the type o f ev ents that are reco rd ed in sw itc h memor y , log ging to a r emot e Syst em Log (sys log) server , and dis pla ys a list o f re cent ev ent messages .
B ASIC M ANA GEME NT T ASK S 4-30 • RAM Level – Limits lo g m essag es s aved t o th e swit ch’s tem pora ry RAM memory for all levels up to th e specifi e d level. For example, if level 7 is specified, al l messages from level 0 to level 7 will be logged to RAM.
C ONFIGURING E VENT L OG GI NG 4-31 CLI – Enab le sy stem log ging and then s peci fy th e lev el of m ess ages to b e log ged to RAM and flas h memo r y .
B ASIC M ANA GEME NT T ASK S 4-32 • Host IP Address – Sp ecifi es a ne w ser ver IP a ddres s to ad d to the Host IP Li st. We b – Click System, Log s , Remo te Logs . T o add an IP add ress to th e Host I P L i s t , t y p e t h e n e w I P a d d r e s s i n t h e H o s t I P A d d r e s s b o x , a n d t h e n c l i c k Add.
C ONFIGURING E VENT L OG GI NG 4-33 CLI – Enter the sy slog ser v er host IP address, c hoose the facility ty pe and set the log ging trap . Displaying Log M essa ges Use th e Logs page to scroll thro ugh th e log ged system and ev en t mes sages . The switch can store up to 2048 log entries in temporar y random ac cess memor y (RAM; i.
B ASIC M ANA GEME NT T ASK S 4-34 CLI – This exam ple sh o ws th e ev ent mess age sto red i n RAM. Sending Simple Mail Transfer Protocol Aler ts T o alert sy stem admin istra to rs of proble ms , th e swit ch can us e SMTP (Simpl e Mail T ransfe r Pr otocol ) t o send email messag es when trig g ered by log ging ev ents o f a spe cified lev e l.
C ONFIGURING E VENT L OG GI NG 4-35 We b – Clic k System, Log , SMTP . Enable SMT P , specify a source ema il addre ss , and select the minimum sev erity lev e l. T o add an IP address to the SMTP Ser v er List, t ype the new IP add ress in t he SMTP Ser ver fie ld and click Add.
B ASIC M ANA GEME NT T ASK S 4-36 CLI – Enter t he IP a ddr ess o f at le ast on e SMT P ser v er , set th e sys log severity lev el to trig ger an email me ssage, and spec ify the switch (source) and up to fiv e recipie nt (dest inati on) em ail add resses .
S ETTING THE S YSTEM C LOCK 4-37 CLI – Use the r el oad com mand to r est art th e s witc h . Note: Wh en restarting the system, it will alway s run the Power-On Self-Test.
B ASIC M ANA GEME NT T ASK S 4-38 • SNTP Se rver – Set s the I P ad dress for up to thr ee time s erver s. Th e switch a ttempts to update the t ime from the fir st server , if this fails it attemp ts an up date from th e next se rver in the sequ ence.
S ETTING THE S YSTEM C LOCK 4-39 Setting the Time Zone SNTP uses Coord inated Uni v ersa l Time ( or UT C , fo r merly Greenw ic h Mean Time , or G MT) bas ed on t he ti me at th e Ea r th ’ s pr ime m eri dian , zero deg rees lo ngitud e .
B ASIC M ANA GEME NT T ASK S 4-40.
5-1 C HAPTER 5 S IMPLE N ETWORK M ANAGEME NT P ROTOCOL Simpl e Network Manag eme nt Prot ocol ( SNMP) is a communica tion prot ocol designe d spec ifica lly for managi ng dev ices on a network. Equipm ent co mmonly managed wit h SNMP i nclude s swit ch es , routers and hos t comp ut ers .
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-2 Access to the sw itch using from clients using SNMPv3 provides additio nal secu rity featur es th at co ver message i nte g rity , auth enti cati on, an d encr yptio n; as well as c ont rolling user access to spe cific areas of th e MIB tree.
5-3 Note: The prede fined defaul t grou ps and view can be dele ted fr om t he syst em. Yo u can then d efine customized groups a nd views f or the SNMP clients that require access.
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-4 Enablin g the SN MP Agent Enables SNMPv3 ser vice for all manag ement client s (i.e., v ersions 1, 2c , 3). Command A ttri butes SNMP A gent Status – Enables SNMP on the sw itch. We b – Click SNMP , Ag ent Status .
S ETTING C OMMUNITY A CCESS S TRINGS 5-5 • Community String – A communit y string that ac ts like a passw ord and perm its acc ess t o the SN MP pr otoc ol.
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-6 Speci fying Tr ap Man agers an d Tra p Type s T raps in dicatin g stat us chang es are iss ued b y the sw itch to sp ecified trap mana gers .
S PECIFYING T RAP M ANA GERS AND T RAP T YPES 5-7 To se nd an info rm to a SNMPv3 h ost , comp lete these s teps : 1. Ena ble the S NMP ag en t (pag e 5-4). 2. Enable trap infor ms as des c ribed in the following p age s . 3. Creat e a view with the required no tific atio n messages (page 5-24).
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-8 • Trap Inform – No tificatio ns are sent as inform me ssages. Note that th is option is only av ailable for version 2c and 3 hosts . (Default: traps are used ) - Timeout – The number of secon ds to w ait for an acknow ledgm ent before resending an inform message.
S PECIFYING T RAP M ANA GERS AND T RAP T YPES 5-9 We b – Click SNMP , Con figuration. En ter th e IP add ress and comm uni ty string for each manag ement s tation that will re cei ve trap messag es , specify the UDP por t, SNMP trap version, trap security lev el (for v3 client s), trap infor m settings (for v2c/v3 clients), and then click Add.
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-10 Conf igurin g SN MPv3 Ma nageme nt Acc ess T o confi gure SNMPv3 management a ccess to the swi tc h, fol low these ste ps: 1. I f you want to chang e the defa ult e ngine ID , do so be fore conf igurin g other SNM P parameters .
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-11 We b – Click SNMP , SNMPv3 , Engine ID . Enter an ID of up to 26 hexadecimal c harac ters and then clic k Sa v e . Figure 5-4 Setting the SNMPv3 Engine ID CLI – T his e xample sets an SNMPv3 e ngine ID .
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-12 We b – Click SNMP , SNM Pv3, R emot e Engine ID . En ter an ID of up to 26 hexadecimal c harac ters and then clic k Sa v e. Figure 5-5 Setting an Engi ne ID CLI – This example s pecifies a rem ote SNMPv3 en gine ID .
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-13 - Auth Priv – SN MP comm unica tions use both authenti cati on an d encr yption (on ly ava ilable f o r th e SNM Pv3 securit y mo del). • Authentication Prot oc ol – Th e method u sed fo r user a uthent ication .
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-14 We b – Click SNMP , SNMPv3, Use rs . Click New to configure a user name. In the New User page, define a name and assign it to a g roup , then clic k Add to sav e the conf iguration and retur n to the Use r Name list.
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-15 CLI – Use the snm p-s er ver use r command to co nfi gure a new us er name and a ssign it t o a g roup . Configur ing Remote SNMPv3 Users Each SNMPv 3 us er is def ined by a uniqu e nam e. User s must be config ure d with a specific se curity lev el and assigned to a group .
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-16 • Security Model – The user secur ity model; SNMP v1, v2c or v3. (Default: v1) • Security Level – The s ecuri ty level used for t he use r: - noAuthNo Priv – Th ere i s no aut hent icati on or encry pti on us ed in SNMP comm unications.
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-17 We b – Click SNMP , SNM Pv3, R emote Users . Click New to configure a user name . In the New User page, define a name and a ssign it to a group , then click Ad d to save the configurat ion and retur n to the Us er Name lis t.
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-18 CLI – Use the snm p-s er ver use r command to c onfi gure a new us er name and as sig n i t to a g rou p . Configur ing SNMPv3 Gro ups An SNM Pv3 gro up set s the acce ss po licy f or its assi gned us er s, re strict ing them to spec ific re ad, w rite, a nd n oti fy v iews .
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-19 • Notify View – The con figured view f or no tifica tio ns. (Ra nge: 1-64 chara cters) Table 5-2 Suppor ted Notification Messages Object L abel Ob ject ID Description RFC 1493 Traps newRoot 1.3.6. 1.
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-20 linkDown * 1. 3.6.1.6.3.1. 1.5.3 A linkDown trap signifi es that the SNMP entity, acting in an agent role, has d etected that the ifOperStatus obj ect for one of its communication links is a bout to enter the down state from some other state (but not from the notPresent state).
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-21 RMON Events ( V2) ris i ngA la rm 1.3 .6 .1. 2.1 .1 6.0 . 1 Th e SN MP tr ap th at is g ene ra ted when an alarm entry cros ses its rising thresho ld and generates an event that is config ured for sending SNMP traps.
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-22 swThermalRising Notification 1.3.6. 1.4.1.202.40. 2.6.2.1. 0.58 Th is trap is sent when the temperature exc eeds the switchThermalAction RisingThre shold. swThermalFal ling Notification 1.3.6. 1.4.1.202.
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-23 We b – Click SNMP , SNM Pv3, Groups . Clic k New to conf igure a new g roup . In the New Grou p pag e, define a name, ass ign a se curity model an d level, and then select read , write, and notify views .
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-24 CLI – Use th e snm p-s er ver g ro up command t o con figu re a new group , spe cifyin g the s ecur ity model and lev el, an d rest ricti ng MI B acces s t o def in ed rea d an d w rit e vi ews .
C ONFIGURING SNMP V 3 M ANA GEME NT A CCE SS 5-25 We b – Click SNMP , SNMPv3, Views . Clic k New to configure a new view . In th e New View p age, defin e a name and specify OID s ubtr ees in t he switc h M IB to be i nclud ed or e x cluded in th e view .
S IM PLE N ETWORK M ANAG EMENT P RO T O CO L 5-26 CLI – Us e th e snmp-ser v er view comma nd to conf igur e a n ew vi ew . T hi s exa mple view incl udes the MIB -2 interf aces t able , and the wildca rd mas k selects all ind ex entries . Console(config)#snmp-server view if Entry.
6-1 C HAPTER 6 U SER A UTH EN TICA TION Y ou can conf i gur e th is switc h to authen tica te u sers logg in g in to th e sys tem for manag em ent acce ss using local or re mote auth entica tion me thods .
U SER A UT HE N T IC AT ION 6-2 The default guest name is “guest ” with the pa ssw ord “guest. ” The default administ rator name is “ad min” wit h the pa ssw ord “a dmin.” Command A ttri butes • Account List – Disp lays the cur rent l ist o f use r accoun ts an d asso ciat ed acces s l evels.
C ONFIGURING L OCAL /R EMO TE L OGO N A UTHENTICATION 6-3 CLI – Assig n a us er nam e to acces s-lev el 15 (i.e ., admin istra to r), then spe cify t he p assw ord. Co nfigu ring L oc al/Rem ote Lo gon Aut henti cat ion Use th e Authentica tion Settings men u to restric t manag ement access bas ed on specifi ed us er names a nd pas swords .
U SER A UT HE N T IC AT ION 6-4 Command U sage • By defau lt, man ageme nt ac cess is always checke d agai nst t he auth enti ca tion d at aba se st ored o n th e lo cal s witch .
C ONFIGURING L OCAL /R EMO TE L OGO N A UTHENTICATION 6-5 - ServerIndex – Spe ci fies one o f fiv e RAD IUS ser vers that may be con figur ed. T he s wit ch att emp ts au th entica tion usi ng the l is ted seque nce o f serv ers. T he p roc ess ends when a s erver eith er app ro ves or d enie s acces s to a u ser.
U SER A UT HE N T IC AT ION 6-6 We b – Click Security , A uthen ticatio n Settin gs . T o config ure loc al or rem ote au then tica tio n pref erences , speci fy th e a uthen tic atio n seq uen ce (i.e., one to th ree meth ods), fill in the para meters for RADIUS or T A CA CS+ aut henti cation if s elected , and cli ck A pply .
C ONFIGURING HT TPS 6-7 Conf igu ring HTTP S Y ou can c onfi gure the swit ch to en able the Secur e Hyp ertext T rans fer Proto col (HT TP S) over the Se cure S ocket Layer (S SL), providing secur e acces s (i .e ., an encrypted con nect ion) t o th e s witc h’ s web i nte rface .
U SER A UT HE N T IC AT ION 6-8 • T he foll owing w eb bro wsers a nd op erating s yste ms cur rentl y supp ort HTTPS: • To specify a sec ure-sit e certifi cate, see “Replaci ng the Defau lt Secure-s ite Ce rt if ic at e” on pa ge 6- 9.
C ONFIGURING HT TPS 6-9 Replacing the Default Secure-site Certificate Whe n y ou log onto the web interface using HTT PS (for secure acce ss), a Secure Soc k ets L aye r (SSL) certificate a ppears for the switc h.
U SER A UT HE N T IC AT ION 6-10 Conf igur ing th e Secu re Shel l The B erkley-standard includes remote access to ols originally designed for Unix s ystem s . Some of thes e tool s hav e al so bee n implem en ted fo r Micros oft W indows and othe r envir onmen ts .
C ONFIGURING THE S ECUR E S HELL 6-11 T o u se the S SH se r ver, com plete thes e ste ps : 1. Generate a Host Key P air – On t he SSH Ho st K ey Set tings page , crea te a hos t publ ic/private key pa ir .
U SER A UT HE N T IC AT ION 6-12 6. Authentication – One of the followin g auth entica tion meth ods is emplo yed: P assword Authentication (for SS H v1.5 or V2 Clients) a. Th e clie nt se nds its pa ssword to the se r ver . b . T he s witch co mpa res th e cl ient 's pa ssword to those stor ed in me mory .
C ONFIGURING THE S ECUR E S HELL 6-13 Authenticating SS H v2 Client s a. The client first queries the switch to dete r mine if DSA public key auth entica tion usin g a pref er re d alg or ithm is a cce ptable. b . If the s pecified alg o rithm is su ppor te d by the switch, it not ifies the client to pro ceed with th e auth entica tion pro cess .
U SER A UT HE N T IC AT ION 6-14 • Host-Key Type – The key ty pe used to generat e the ho st key pa ir (i.e. , public and private keys ). (Rang e: RSA, DSA, Both: Defa ult: Both) The SSH se rver u.
C ONFIGURING THE S ECUR E S HELL 6-15 We b – Click Sec urity , SSH, Host-Key Se ttings . Select the host-ke y type from th e dr op-down bo x, sele ct the option to save the ho st key from memor y to flash (if re quired) prior to ge nera ting the k ey , and then clic k Generate.
U SER A UT HE N T IC AT ION 6-16 CLI – This exam ple generat es a h ost-k ey pair usi ng both the RSA and DSA alg orithms , stores the keys to flash memor y , and then displays the host’ s p ublic keys . Configur ing the SSH Server The SSH se r ver incl udes b asic sett ings for aut henti catio n.
C ONFIGURING THE S ECUR E S HELL 6-17 • SSH Authenticati on Retries – Speci fies the num ber of auth entic ati on attempts th at a client is allowed b efore authentication fails and the client has to r estart th e auth entica tion proce ss. (Ran ge: 1-5 times; Default: 3) • SSH Server-Key Size – Specifi es the SSH se rver key size .
U SER A UT HE N T IC AT ION 6-18 CLI – This exampl e ena bles SSH, s ets th e auth entica tion par ameter s , and disp la ys the cur rent confi gur atio n. It sho ws th at the admini str ator has mad e a con nectio n via SH H, and t hen disa bles t his conn ectio n.
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-19 Config uring 80 2.1X Port Authe ntication Netw ork switc hes can pro vid e open and e asy acc ess t o net w ork resources by simply attaching a client PC .
U SER A UT HE N T IC AT ION 6-20 releases . T he c lient responds to th e appropriate meth od with its crede ntials , suc h as a pass w o rd or certificat e . The RADIUS s er ver v erifies the clien t cred ential s an d resp onds wi th an accept o r rej ect pa ck et.
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-21 Displaying 802.1X Global Settings The 802. 1X protocol pro vides port authenticatio n. Command A ttri butes 802.1X System Authentication Control – The gl obal settin g for 802.1X. We b – Clic k Security , 802.
U SER A UT HE N T IC AT ION 6-22 Configur ing 802.1X Global Settings The 802.1X protocol pro vides port authentication. T he 802.1X protocol mu st be ena bled glob all y for t he sw itc h sys tem befor e po rt setti ngs are acti v e . Command A ttri butes 802.
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-23 Configur ing Port Sett ings for 802.1X When 802.1X is enabled, y ou need to configure the parameter s for the auth enti ca tion p ro cess that r uns b etw ee n the cli ent and t he sw itc h (i.
U SER A UT HE N T IC AT ION 6-24 • Re-authentication Period – Se ts t he time per iod aft er w hich a connecte d client must be re -authenticated. (Range: 1-65535 seconds; Default: 3600 seco nds ) • TX Period – Sets the ti me p eri od du ring an a uth enti ca tio n ses sio n tha t the s wit ch waits before re-tr ansmitting an EAP packet.
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-25 CLI – T his example sets the 802.1X parameters o n por t 2. For a description of the addition al fields displayed in th is exampl e, see “sho w dot1x” on page 22-41.
U SER A UT HE N T IC AT ION 6-26 Displaying 802.1X Statistics Th is switch can display statistic s for dot1x protocol e x c hang es for any por t. Reauthentication State Machine State I nitialize . . . . 802.1X is disabled on p ort 1/19 Console# Table 6-2 802.
C ONFIGURING 802. 1X P ORT A UTHENTICATION 6-27 We b – Select Sec urity , 802.1X, Statist ics . Select the r equired p ort and then click Quer y . Click R efresh to update the statist ics . Figure 6-9 802.1X Port Statistics CLI – T his example displays the dot1x st atistics for por t 4.
U SER A UT HE N T IC AT ION 6-28 Filte ring IP Addre sses for Manageme nt Acc ess Y ou can creat e a list of up t o 16 IP addres ses or IP addr ess groups that are allowe d manag ement access to the switch through the web interface, SNMP , or T elnet.
F ILTERING IP A DDR ES SES FOR M ANA GEME NT A CCE SS 6-29 We b – Click Security , IP Filter . Enter the IP addresses or range of addre sses that ar e allo wed mana gement access to an interfac e, and clic k Add I P Filte ring Entr y . Figure 6-10 IP Filter CLI – T his exampl e rest rict s manag em ent ac cess for T elnet client s.
U SER A UT HE N T IC AT ION 6-30.
7-1 C HAPTER 7 C LIEN T S ECURITY Th is switch suppo rt s many meth ods of seg r egatin g traffic for clients attache d to ea c h of th e da ta por ts, and for ensu ring that only autho rized clie nts gain a ccess to t he ne tw ork. P ri v a te VL ANs and po rt-bas ed authentica tion using IEEE 802.
C LIE NT S ECURITY 7-2 Th is switch provides client se curity using th e following optio ns: • Priva te VL ANs – Pr ovide po rt-ba s ed s ecur ity and iso lati on be tween ports w ithin the assigne d VLAN. (See “Configu ring P rivate VLANs” on page 13-18.
C ONFIGURING P OR T S ECUR IT Y 7-3 T o use p ort securi ty , spec ify a max im um n umber of add res ses t o all ow on the port and then let t he sw itch dynam ica lly l earn the < sourc e MA C addr ess, VLAN> pair f or fra mes re ceived on the po rt .
C LIE NT S ECURITY 7-4 • Max MA C Co unt – The maximum number of MAC addres ses that can be learned o n a port. (Range: 0 - 1024, where 0 means disabled) • Trunk – Trunk number if port is a membe r (page 9-9 and 9-11). We b – Click Security , P or t S ecurity .
C ONFIGURING IP S OUR CE G UARD 7-5 Conf igurin g IP Sourc e Guard IP So urce Guard is a securi ty f eature that fi lters IP tr affic o n unsecu re network int erfac es base d on s tatic e n tries configured in the IP Source Guard ta ble, or dyna mic entrie s in the DHC P Snoop ing ta ble.
C LIE NT S ECURITY 7-6 • If the IP s ource gu ard is e nabled, an in bound pa cket’s I P addre ss (sip optio n) or both its I P ad dre ss an d co rres pond ing MA C ad dress (sip- ma c opt ion ) will be chec ked aga i nst t he bin din g tabl e. If no match ing entr y is found, the pac ket will be dropped.
C ONFIGURING IP S OUR CE G UARD 7-7 IP Source Guard Fil ter • Port – Port for which to filter static entries. • Source IP – Filter s traf fic b ased on IP add resse s store d in th e bind ing table. • Source IP and MAC – Fil ter s traf fic b ased o n IP ad dress es an d cor r espo nding MA C addres ses st ore d in the bi nding table.
C LIE NT S ECURITY 7-8 CLI – T his example configures a stat ic sourc e-guard binding on port 1. Configu rin g DHCP Snooping The add resse s a ssign ed to DH CP clie nt s on unsecu re ports c an be .
C ONFIGURING DHC P S NOOPING 7-9 • Wh en DH CP s noopi ng is en abled, DHCP message s en tering an untrusted interface are filtered base d upon dynamic entries le arned via DHCP sn oopin g. • F iltering rules are imple mented as follo ws: - If the D HCP sn oopin g is disab led glo bally, a ll DHCP packets are forwarde d.
C LIE NT S ECURITY 7-10 • Additional considerations wh en the switch itself is a DHCP client – The p ort( s) through which the switch submits a client request to the DHCP serve r must be configured as trust ed.
C ONFIGURING DHC P S NOOPING 7-11 • DHCP Snooping Service Provider Mode – Once an I P address is ass igned t o th e h ost b y a DHCP server , the switc h sets thi s en try to stat ic mode in the MA C add ress tab le, and r egister s th e host as a valid e ntr y in the DHCP snoo pin g ta ble .
C LIE NT S ECURITY 7-12 We b – Click DHCP Snooping , DHCP Snooping Config uration. Enable DHCP snoopin g status globally , enable it for the required VLAN s , select whe ther or not to v erify th e .
D IS PLAYI NG DHCP S NOOPING I NFOR MATION 7-13 Displaying DHC P Sn ooping Inf orma tio n Th e configuration se ttings and bindin g table entries can be disp layed on the DH CP Snoo ping In for matio n pag e.
C LIE NT S ECURITY 7-14 We b – Clic k DH CP Snoo ping, D HCP Snoo pin g In for mation. Figure 7-4 DHCP Snooping Information.
C ONFIGURING P ACK ET F ILT E RI N G 7-15 CLI – The se exa mples show the D HCP sno oping conf igura tion se tting s and b ind ing t able en tri es .
C LIE NT S ECURITY 7-16 • Blo cking NetBIOS traffic common ly used for resource sharing in a peer -to-pee r en vironm ent to ensur e tha t no privil eged clien t data is pass ed to oth er d ata po rts. Command A ttri butes • DHCP Request – B locks DH CP r eq ues t pa ckets .
C ONFIGURING P ACK ET F ILT E RI N G 7-17 • NetBIOS – B locks Ne tBIO S packet s . (D efa ult: D isa bled ) - NetBIOS is commonly use d in local area networks to facilitate sh aring reso urc es such a s prin ters or fi le s betwe en comp uters .
C LIE NT S ECURITY 7-18 We b – Click Security , P ac ket Filter , Base Filter Configuration. Sele ct the type of ser vice packe ts to filte r , an d click Apply . Figure 7-5 Packet Filtering – Base Filter CLI – This examp le b loc ks DHCP ser vic e reques ts , DHCP repl y pac kets , and a ll NetB IOS pa cket s on port 1.
C ONFIGURING P ACK ET F ILT E RI N G 7-19 • Thi s swit ch provides a t otal of 7 masks for filtering fun ctions, including IP-MAC address pack et filtering, NetBI OS packet filtering, DHCP packet fi lterin g, a nd ACL s. One mas k is allocate d to I P-MAC p acket filtering if any e ntries are defined.
C LIE NT S ECURITY 7-20.
8-1 C HAPTER 8 A CCESS C ONTROL L ISTS Acce ss Co ntrol Lists (A CL) pro vide pac k et fi lteri ng f or IP fr ames (bas ed on add ress , pro toco l, La yer 4 protoc ol po rt nu mber o r TCP control code ), or an y frames (bas ed on MA C addr ess o r Ethernet typ e).
A CCESS C ONTR OL L ISTS 8-2 Th e following filtering mo des are suppor ted: • Standar d IP ACL m ode (S TD-ACL) filte rs pac kets b ased o n th e sour ce IP add ress. • Extende d IP A CL m ode (EXT-A CL) fil ters packe ts bas ed on sou rce or dest inati on IP a ddress , as wel l as prot ocol t ype and p roto col port numbe r.
C ONFIGURING A CCE SS C ONTR OL L IST S 8-3 • Egress MA C AC Ls onl y wor k for destina tion -mac-k now n pack ets, not for multic ast, br oadcas t, or destin ation- mac-unkn own pa ckets . Th e order in which activ e A CLs are chec ked is as follows: 1.
A CCESS C ONTR OL L ISTS 8-4 We b – Click Security , A CL, Configuration. E nter an A CL name in the Name fi eld, sele ct the lis t type (IP St andard, IP Exte nded, or MA C ), and click Add to open the configuration p age for the new list. Figure 8-1 Selecting ACL Type CLI – This example creat es a st andard IP A CL name d bill.
C ONFIGURING A CCE SS C ONTR OL L IST S 8-5 We b – Spec ify t he act ion ( i. e. , P er mit or Deny ). Se lect t he addr ess t ype (Any , Host, or I P). If y ou sel ect “Ho st, ” ente r a sp ecific a ddress . If y ou sele ct “IP ,” enter a su bnet addre ss an d the ma sk for an ad dres s ran ge.
A CCESS C ONTR OL L ISTS 8-6 • Source/Destination Subnet Mask – Subnet m ask for s ource o r dest in ation addr ess. (See th e des cript ion f or Su bMas k on page 8-4.) • Service Type – Packet priority setting s based on the following c riteria: - Precedence – IP precede nce level.
C ONFIGURING A CCE SS C ONTR OL L IST S 8-7 We b – Specify th e acti on (i. e ., P er mit or Den y). Specif y the s ource an d/or dest inati on addr esses . Se lect the addres s typ e (A ny , H ost, or I P). If y ou selec t “Hos t, ” e nter a speci fic ad dress .
A CCESS C ONTR OL L ISTS 8-8 3. Pe r m it all TCP pac k ets from class C addresses 192.168.1.0 with the TCP cont rol code s et to “SYN . ” Configur ing a MAC ACL Command A ttri butes • Act ion – An ACL ca n con tai n any co mbin atio n of p ermit or deny ru les.
C ONFIGURING A CCE SS C ONTR OL L IST S 8-9 Command U sage Egress MA C A CL s onl y w ork f or dest ina tion-m ac-kn ow n pa ck ets , not f or multicast, broad cast, or d estin ation-ma c-unk nown packets . We b – Specify th e acti on (i. e ., P er mit or Den y).
A CCESS C ONTR OL L ISTS 8-10 Configur ing ACL Mas ks Y ou must spec ify masks that cont rol the order in which A C L r ules are c hec k ed. A CL r ules mat ch ing the first entry in the mask a re c h ec k ed first. R ule s mat ch ing sub sequen t entri es in the m ask ar e then ch ec ked in t he specified order .
C ONFIGURING A CCE SS C ONTR OL L IST S 8-11 We b – Click Security , A C L, Mask Configuration. Click Edit for one of the bas ic m ask ty pes t o op en th e co nfig ur atio n page . Figure 8-5 Selecting ACL Mask Types CLI – This ex ample crea tes a n IP ingre ss m ask , and th en add s tw o r ules .
A CCESS C ONTR OL L ISTS 8-12 • Source/Destination S ubnet Mask – Sour ce or dest ina tio n addres s of rule mu st matc h this bi tmask. (See th e de scriptio n for S ubM ask on page 8-4.) • Proto col M ask – Check t he pr otoc ol fi el d. • Service Type Mask – Check the rule for the specifie d priority type.
C ONFIGURING A CCE SS C ONTR OL L IST S 8-13 We b – C onfigur e the mask to m atch the requir ed r ules in the IP ing res s or egress A CLs . Set th e mask to c hec k for any source or dest ination addres s , a speci fic h ost add ress , or an add ress range .
A CCESS C ONTR OL L ISTS 8-14 CLI – This sh ow s th at th e ent ries in th e mas k o ver r ide th e prece den ce in which th e r ules are en ter ed int o the A CL. I n the f oll owing exa mpl e, pac k ets with the s ource add ress 10.1. 1.1 are dro pped bec ause t he “d eny 10.
C ONFIGURING A CCE SS C ONTR OL L IST S 8-15 We b – Configure the mask to match the re quired r ules in the MA C ing ress or egress A CLs . Set t he mask t o c hec k for a ny source or des tinati on addre ss , a host ad dress , or a n address ran ge.
A CCESS C ONTR OL L ISTS 8-16 CLI – T his examp le shows how to cre ate an Ing r ess MAC A CL and bin d it to a port. You can t hen see that the ord er of th e rules have b een cha nged by th e mask.
B IND ING A P ORT TO AN A CCESS C ONTR OL L IST 8-17 • When an ACL i s bo und t o an in terf ace as an egress filter, all entries in the ACL must be deny rules. Otherwise , the bind op eration will fail. • The swit ch does not s uppor t the expli cit “ deny a ny a ny” r ule for t he egre ss IP ACL or the eg ress MAC A CLs.
A CCESS C ONTR OL L ISTS 8-18 CLI – This examples assig ns an I P and MA C ingress A CL to po r t 1, an d an IP in gr ess A CL to por t 2. Console(config)#interfa ce ethernet 1/1 25-2 Console(config.
9-1 C HAPTER 9 P ORT C ONFI GURATION Displa ying Conn ecti on Sta tus Y ou can us e the P o rt Info r m ation or T r u nk In for matio n pag e s to disp lay the current con necti on stat us , includi ng link sta te , sp eed/dup lex m ode , flow co ntro l, and aut o-n egotiation .
P OR T C ONFIGURATI ON 9-2 We b – Click P or t, Po r t Infor mation o r T r unk Infor matio n. Figure 9-1 Port - Port In formation Field Attrib utes (CLI) Basic infor mation: • Port type – Indicates the port type. (100BASE-TX , 1000BASE-T, SFP) • MAC address – The physi cal layer addres s for t his po rt.
D ISPLA YI N G C ONNECTION S TATUS 9-3 “Conf iguri ng Int erfac e Conn ectio ns” on page 3- 48.) The follo wing capabilit ies are supporte d. - 10half - Suppor ts 10 Mbps half-d uplex op eratio n .
P OR T C ONFIGURATI ON 9-4 CLI – This exampl e sho ws t he co nnect ion s tatus fo r P ort 5. Conf igu ring In te rface Conn ectio ns Y ou can use the P ort Configuration o r T r unk Configuration p.
C ONFIGURING I NTE RF A CE C ONNECTIONS 9-5 required operation mod es must be spec ified in the capab ilities list fo r an interface. • Auto-ne gotiatio n m ust be d isabl ed be fore you ca n co nfigur e or f orce the inte rface to use t he Sp eed /Duple x Mo de or Flow Cont rol optio ns.
P OR T C ONFIGURATI ON 9-6 and IEEE 802.3x for full-duplex operat ion. (Avoid using flo w control on a port conn ected to a hub un less it is actually requir ed to solve a proble m. Othe rwise back pr essure jamming sig nals ma y degr ade overal l perf ormance for the s egment att ached to t he hub .
C ONFIGURING I NTE RF A CE C ONNECTIONS 9-7 We b – Click P or t, P or t Config uration or T r unk Configuration. Modi fy the required interface settings , and click Apply . Figure 9-2 Port - Port Co nfiguration CLI – Select the inte rface, and t hen ent er the r equire d settin gs .
P OR T C ONFIGURATI ON 9-8 Creati ng Trunk Grou ps Y ou can c reate m u ltiple li nks bet wee n devices that w ork as on e virtual, ag g reg ate lin k. A port tr unk offers a d ramatic in crease in bandwid th for network segments w here bottlene cks exist, as well as providing a fault-t oleran t link be tw een t w o de vices .
C RE AT I N G T RUN K G RO UP S 9-9 • The ports at both en ds o f a trunk mus t be configu red in a n identical manner , inclu ding co mmuni ca tion m ode (i.
P OR T C ONFIGURATI ON 9-10 We b – Click P or t, T r unk Membership . Enter a tr unk ID of 1-12 in the T runk field, s elect an y of the swit ch ports fro m th e scro ll-do wn port list, and c lic k Add. Aft er y ou ha v e comple ted ad din g ports to t he me mber lis t, click Apply .
C RE AT I N G T RUN K G RO UP S 9-11 CLI – T his example creates tr unk 1 with port s 9 and 10. J ust connect the se po r ts to tw o static trunk ports on an othe r swi tc h t o for m a trunk.
P OR T C ONFIGURATI ON 9-12 • A trunk fo rmed with another switc h using LACP will automatically be assi gned the n ext availab le trun k ID. • If mo re than e ight po rts attac hed to th e same ta rget sw itch have LACP enabled, th e additional ports will b e placed in stand by mode, and will only be enable d if one of the active links fails.
C RE AT I N G T RUN K G RO UP S 9-13 CLI – T he f oll owing exa mp le en able s LACP f or p or ts 1 t o 6. Ju st co nnec t these ports t o LA CP-enab led trunk po r ts on anot he r swit ch to fo r m a tr unk.
P OR T C ONFIGURATI ON 9-14 Note: If the po rt ch annel adm in key (la cp admin ke y, pa ge 26-8) is not s et (t hrough th e CL I) wh en a c hanne l group is for med (i.
C RE AT I N G T RUN K G RO UP S 9-15 We b – Click P or t, LA CP , Ag g re g ation P or t. Set the Sys tem Priority , Ad min Key , and P or t Priority for the P o rt Actor .
P OR T C ONFIGURATI ON 9-16 CLI – The follo wing exampl e con figures LA CP para mete rs for ports 1-10. P or ts 1-8 are used as acti v e membe rs o f the L A G , po r ts 9 and 10 are set t o backu p mode.
C RE AT I N G T RUN K G RO UP S 9-17 Displaying LACP P ort Counters Y ou can display sta tis tics fo r LA CP prot ocol mes sag es . We b – Click P or t, LA CP , P or t Counters In for mation. Select a member port to di sp la y the correspond ing i nfor mati on.
P OR T C ONFIGURATI ON 9-18 CLI – The follo wing examp le dis pla ys LA CP counte rs for port ch annel 1. Displaying LACP Setti ngs and Status for the Local Side Y ou can dis pla y config uration setting s and the operation al state for the local side of an link ag g re g ation.
C RE AT I N G T RUN K G RO UP S 9-19 LACPDUs Inte rnal Number of seconds bef ore invalidating rec eived LACPDU informat ion. Adm in S tat e, Oper Sta te Administrat ive or operationa l values of the a.
P OR T C ONFIGURATI ON 9-20 We b – Click P or t, LA CP , P or t Inter nal Infor mation. Se lect a por t c hannel to disp la y th e cor resp on ding i nfor mat ion.
C RE AT I N G T RUN K G RO UP S 9-21 Displaying LACP Setti ngs and Status for the Remote Side Y ou can dis pla y config uration setting s and the operation al state for the remote side of an link ag g reg ation .
P OR T C ONFIGURATI ON 9-22 We b – Click P or t, LA CP , P o rt Neigh bors Infor mation. Select a por t channel to display the cor re sponding info r matio n.
S ETTING B RO AD C AS T S TORM T HR ES HOLDS 9-23 Setting Broad cast Storm Thre sholds Broadc ast s tor ms ma y o ccur wh en a d evice on yo ur net w ork i s malfunctionin g, or if application prog rams are no t w ell design ed or pro perl y config ured.
P OR T C ONFIGURATI ON 9-24 We b – C l i c k Po r t , Po r t B r o a d c a s t C o n t rol or T r unk Br oadcas t Control. Chec k th e Enab led bo x for any in terfac e , set the t hres hold, and cli c k Apply . Figure 9-9 Port Broadcast Control CLI – Specif y any inter face, a nd th en en ter the thre shol d.
C ONFIGURING P ORT M IR R ORING 9-25 Conf igurin g Po rt Mirrori ng Y ou can m ir ror t ra ffic from any s ource por t t o a targ e t por t for re al-time analysis . Y ou can t hen attac h a logic analyz er or RM ON pr obe t o the t arget port and s tudy the traffic cross ing the sou rce port in a compl etely uno btrusiv e manner .
P OR T C ONFIGURATI ON 9-26 We b – Click P or t, Mir ror Po r t Configuration. Spec ify the source port , the traf fic typ e to be mir rored, a nd th e monitor por t, th en click Ad d.
C ONFIGURING R ATE L IMITS 9-27 Note: You can al so set an SN MP tra p if tra ffic ex ceeds the co nfig ured rate limit using the CLI (see the “rate-limit trap-input” comman d on page 28-3).
P OR T C ONFIGURATI ON 9-28 CLI - T his example sets the rate lim it for input and output traffic pass ing through por t 1 to 64 Kbps. Configuring the Rate Limit for a VLAN P ort Member We b - Click P or t, Rate Limit , Input VL AN Configuration. Se lect the por t , and the VLAN to which the por t belong s .
S HOWING P OR T S TAT IST IC S 9-29 Showing Port Statistics Y ou can d isp la y stand ard stati stics o n net w ork tr affic fro m th e Inter faces Group and Ether net-like MIBs , as well as a detailed breakdown of traffic bas ed on th e RMON MI B .
P OR T C ONFIGURATI ON 9-30 Received Unkn own Packets The number of pac kets received via the interfa ce which were disc arded beca use of an unknow n or unsupported protocol . Received Errors The number of inbound pac kets tha t contained e rrors preventing them from being de liverable t o a higher-laye r protocol.
S HOWING P OR T S TAT IST IC S 9-31 FCS Errors A count of frames rece ived on a particular interface that are a n integral number o f octets in len gth but do not pass the FCS check. This cou nt does not include frames receive d with frame-to o-long or frame-t oo-short error.
P OR T C ONFIGURATI ON 9-32 RMON Stat isti cs Drop Events The total number of events in which packets were dropped d ue to lack of resource s. Jabbers The total number of frames received that were long er than 1518 octets (excluding framing bits, but including FCS octets ), and had either an FCS or alignment error.
S HOWING P OR T S TAT IST IC S 9-33 64 Bytes Frame s The total number of fra mes (includi ng bad pac kets) received an d transmitted that were 64 octets in len gth (excluding framing b its but includin g FCS oc tets).
P OR T C ONFIGURATI ON 9-34 We b – Click P or t, P ort Statistic s . Select the required interface, and clic k Quer y . Y ou can also us e the Refr esh but ton at the b ottom o f the pa g e to update the scre en.
S HOWING P OR T S TAT IST IC S 9-35 CLI – T his e xample sho ws st atistics for port 12. Console#show interfaces counters ethernet 1/12 25-14 Ethernet 1/12 Iftable stats: Octets input: 868453, Octet.
P OR T C ONFIGURATI ON 9-36.
10-1 C HAPTER 10 VDSL C ONFI GURATION VDSL co mm unic atio n para meters can be set for indi vid ual p orts , or multiple parameters c an be defined in a profile and applied globall y to the swit c h or to a group o f po r ts . Al ar m thr esho lds c an b e de fine d in a prof ile and the n applied globally t o the sw itch or to selecte d por ts .
VDSL C ONFIGURATION 10-2 - Power Value – A power level for e ach of th e PSD bre akpo ints . (Range: An integer from 0 to 25 5, which is used to calculate a pow er level in terms of -140 + ( pow er -value ) * 0.5 dBm/Hz; Default: 255, w hic h is equiv alent to -12.
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR T S 10-3 the op timal transmis sion rat e for the cur rent c ondition s , se tting th e rate wi thi n th e bou nds def ined b y t he Da ta Rate .
VDSL C ONFIGURATION 10-4 Upstre am po wer bac k-o ff (UPBO) i s used to mitigate far -end cr osstal k caus ed by upst ream tr ansm ission s from s hor ter to lo ng er lo ops . The boundi ng po we r lev els specifi ed i n th is tab le a re used to re shap e the PSD , en suring that th e sign als on shor t to lo ng loop s are c ompa tible.
C ONFIGURING G LOBAL S ETTINGS FOR VDSL P OR T S 10-5 We b – Click VDSL, Glob al Configuration. Configure the required items , and click Apply . (Not e tha t the pa rame ters in the followin g screen are all set to the ir defa ult values .
VDSL C ONFIGURATION 10-6 Figure 10-1 VDSL Global Configur ation CLI – T his example disp lay s sample set tings for some of the VDSL global config urati on comma nds .
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-7 Conf igur ing In terfa ce Se tti ngs for V DSL Port s Th is section d escribes how to config ure communication paramet ers for VDSL p orts s.
VDSL C ONFIGURATION 10-8 Confi gurat ion Table s • Channel Mode – Sets th e chan nel mode to fast or interle aved. (Default : Interl eaved) Inte rleavi ng pro tect s dat a ag ains t bur sts of e r ro rs by usin g the R e ed-Solom on error co r rec tion a lgorithm to s pread the e rrors ov er a n umber o f co de w o rds .
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-9 • Region Ham Band – Sets the h am rad io b and that w ill be bl ock ed to VDSL sig nals b ased o n defin ed usa ge type s. (Opti ons : S ee Table 2 9-5 , “HAM Band No tche s for Usage Type s, ” on page 2 9-1 0.
VDSL C ONFIGURATION 10-10 • PSD B reakpoints – See “Configuring Glo bal Settings for V DSL Ports” on p age 10-1. • PSD M ask Lev el – See “Configuring Glo bal Settings for V DSL Ports” on p age 10-1. • UPBO – See “Configuring Glo bal Settings for V DSL Ports” on p age 10-1.
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-11 Th is minimum marg in indic ates the amoun t of inc rease in i mpulse noi se that the sy stem can tolerate under operational con ditions while stil l ensurin g required tran smission quality .
VDSL C ONFIGURATION 10-12 We b – Click VDSL, VDSL P ort Conf iguration. Select one of the VDSL por ts from the scroll-down list , set the required paramete rs , and click Apply . ( Note t hat th e param eters in the fo llo wing scree n are al l set to the ir defa ult values .
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-13.
VDSL C ONFIGURATION 10-14.
C ONFIGURING I NTE RF A CE S ETTINGS FOR VDSL P OR T S 10-15 Figure 10-2 VDSL Port Configuration.
VDSL C ONFIGURATION 10-16 CLI – This ex ampl e di spl ays s ample set ting s f or so me o f t he VD SL port config urati on comma nds . Conf igu ring L in e Profi les Th is section d escribes how to.
C ONFIGURING L INE P RO FI L E S 10-17 We b – Click VDSL, Line Profile Conf iguration. Select a line profile from the d rop- down list a bov e the L ine Pr ofile ta ble of c onnec tion par amete rs , configure th e required items in t his table, and then click the Appl y button ben eath th e tabl e to st ore the pr ofile sett in gs .
VDSL C ONFIGURATION 10-18.
C ONFIGURING L INE P RO FI L E S 10-19.
VDSL C ONFIGURATION 10-20 Figure 10-3 Line Profile Configuration CLI – T his example displays sample settings for a line profile. Console(config)#line-profile southp ort 29-36 Console(config-line-pr.
D ISPLA YI N G VDSL S TATUS I NFOR MATION 10-21 Displaying VDSL Status Information Th is section d escribes th e infor matio n displayed for VDSL configuratio n settings , signal stat us , an d comm unicat ion statistics .
VDSL C ONFIGURATION 10-22 LRE Rate Information – Data Rates for the VD SL line Avg SNR Margin Average sig nal-to-n oise margin ab ove the SNR. Avg SNR Av era ge s ign al-t o- nois e ratio . Tabl e 10- 2 Ra te Status Parameter Description Port Status Indicates if the po rt is adminis tratively ena bled or disa bled.
D ISPLA YI N G VDSL S TATUS I NFOR MATION 10-23 We b – Click VDS L, VDSL Status Infor mation. Select a VDSL port from the d rop- down l ist, an d cli ck Quer y .
VDSL C ONFIGURATION 10-24 CLI – This exam ple di spl ays conn ectio n st atu s and data ra te s for th e sele cted VD SL po rt . Console#show lre 1/1 29-79 port 1 status : port enable(provisioned ) port 1 status : port activating Downstream Training Margin: 8.
D IS PLAYING VDSL P ERFO R MAN CE S TAT IST IC S 10-25 Displaying VDSL Pe rformance Sta tis tics Th is section d escribes the p erfor mance in for matio n displayed for VDSL lines , including common er ror cond itions over prede fined inter vals .
VDSL C ONFIGURATION 10-26 Ether net T ransmit Perfor ma nce Counter s Alignment Errors Number of alignment errors (missynchroni zed data packet s). Oversize Number of frames received that were longe r than 1518 octets (excludi ng framing bits , but including FCS octets) and were otherwise well formed.
D IS PLAYING VDSL P ERFO R MAN CE S TAT IST IC S 10-27 High-Le vel Data-Lin k Contr ol (H .D .L .C.) Perfor mance Co unters Table 10-6 H.D.L. C. Performan ce Counters Parameter Description CRC Errors Number of CRC errors (FCS or alignment errors).
VDSL C ONFIGURATION 10-28 We b – Click VDS L, VDSL P e rfor mance Stat istics . Select a VDSL po r t from the drop -down list, and click Quer y . Figure 10-5 VDSL Performance Statistics.
D IS PLAYING VDSL P ERFO R MAN CE S TAT IST IC S 10-29 CLI – This exampl e di spla ys p erformance infor mat ion fo r the select ed VDSL po r t. Console#show lre perf 1/1 29-82 port 1 performance co.
VDSL C ONFIGURATION 10-30 Conf igu ring an Ala rm Profi le Th is sect ion describe s how to c onfigur e a lis t of thre shold v alues for er ror state s whi c h ca n be a ppl ied to a sel ected group of po rts . Command A ttri butes • Alar m Profi le – Name of the profile.
C ONFIGURING AN A LAR M P RO FI L E 10-31 This parameter sets the thresho ld for t he n umber of se v erely errored seco nds wit hin any 1 5 mi nu te colle cti on int er va l for pe rfo r mance data.
VDSL C ONFIGURATION 10-32 inte r val reac h es or ex ceeds thi s v alu e , a v dslP erfLossThres hNotifi catio n notification will be ge nerated. (R efer to RFC 3728 for infor mation on this notific ation mess age.) No more than on e notific ation will be s ent per inte r val.
C ONFIGURING AN A LAR M P RO FI L E 10-33 • ini t-f ailu re – T hresh old for initialization failures that can o ccur wi thin any gi v en 1 5 min utes .
VDSL C ONFIGURATION 10-34 We b – Click VDSL, Alar m Profile Configuration. Select a profil e from the drop -do wn l ist ab o v e th e Al ar m Profil e tab le o f thre shol ds , con fig ure th e requi red it ems in thi s tabl e , and then clic k the App ly bu tton beneat h th e table to store th e profile settings.
C ONFIGURING AN A LAR M P RO FI L E 10-35 Figure 10-6 Alarm Profile Configuration CLI – T his example displays sample settings for an alar m profile.
VDSL C ONFIGURATION 10-36 Displaying CP E Information Th is section des cribes the infor mation d isplayed for an attac hed CPE, including fir mware module v ers ions , and pe rfor mance counte rs .
D ISPLA YI N G CPE I NFOR MATION 10-37 CPE Performance Counters Table 10-9 CPE Perfor mance Counters Parameter Descript ion cpe p erfermanc e counters FeFEC_F Far end Forward Error Correction on fast .
VDSL C ONFIGURATION 10-38 We b – Click VDSL, CPE Infor mation. Se lect a VDSL port from the drop-down list, and c lic k Quer y ..
D ISPLA YI N G CPE I NFOR MATION 10-39 Figure 10-7 CPE Information.
VDSL C ONFIGURATION 10-40 CLI – T his example displays infor mation about the CPE attached to the sele cted VD SL po rt . Console#show cpe-info 1/1 Protocol ID: Ikanos EOC Protocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffffffff (H EX), -1 (DECIMAL) Host Application Version: 7.
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW AR E 10-41 Conf igur ing O AM Functi ons and Upgradin g CPE Firmware Th is sectio n des cribe s operatio n an d mainte nance (O A M) fun ctions f or remot e cust omer pr emise s equipm ent (CPE) , su ch as cl earin g count ers , enabling lo opback testing, and upg rading fir mware.
VDSL C ONFIGURATION 10-42 CPE , an d v erif ying th at the sig na l is ret urned fr om the CP E withou t any errors . Upgrading CPE Firmware • Upgrade Firmware – Transfers firmware from r eserved buffer space in the s witch to a remote CPE. • Firmware A ctive – Activates the alte rn ate ( inactive) BM E fir mwa re v ersio n on th e CPE .
C ONFIGURING OA M F UNCTIONS AND U PGRADING CPE F IR MW AR E 10-43 We b – Click VDS L, VDSL O AM. Select a VDSL po r t from the drop-d own list, and perfor m any of the local or re mote O AM function s lis ted un der t he Act io n field .
VDSL C ONFIGURATION 10-44 CLI – This exam ple shows how t o perf or m c omm on O AM fu nctio ns , and how to do wnload f ir mware to a CPE. Console(config)#interface ethernet 1/1 25-13 Console(confi.
11-1 C HAPTER 11 A DDRESS T ABLE S ETTINGS Switches store t he add resse s for all known devices . This info r matio n is used to p ass t raff ic dir ect ly be twee n t he inb ou nd and outb ou nd po rts . All the add res ses learned b y mon ito ring tra ffic are stored in th e dy namic addre ss table .
A DDR ES S T AB LE S ETTING S 11-2 We b – Click Address T a ble, Static Addresses . Specify the interface, the MA C address and V LAN , then clic k Ad d Static Addr ess . Figure 11-1 Stati c Addresses CLI – T his e xample adds an add ress to t he static ad dress table , but sets it to be delete d when the sw itch is reset.
D ISPLA YI N G THE A DDRESS T ABLE 11-3 Command A ttri butes • Interface – I ndicates a port o r trunk. • MAC Address – Physic al address associated w ith this in terface.
A DDR ES S T AB LE S ETTING S 11-4 CLI – This exampl e al so dis pla ys t he ad dress t able entrie s fo r port 1. Changing the Aging Tim e Y ou can set th e agin g time for e ntries in the d ynamic a ddres s table. Command A ttri butes • Agin g Stat us – Enable s/dis ables th e aging f unct ion.
12-1 C HAPTER 12 S PANNING T REE A LG ORITH M Th e Sp anni ng T re e Al g orit hm (STA) ca n be use d to d etec t and d isabl e network loo ps , and to provide ba ckup link s betwee n swit ches , bridg e s or routers .
S PANNING T RE E A LGORIT HM 12-2 Once a s table network topolo g y h as been e stablishe d, all brid ges listen fo r Hello BPDU s (Bridge Proto col Data Units) t ransmitted from the R oot Bridge. If a bridge does n ot get a Hello BPDU afte r a predefined inter v al (Maximum Age ), the bridg e assum es that the link t o the R oot Bridge is down.
12-3 main ta in conn ecti vi ty amo ng eac h of the as sign ed VLA N g r oups . MST P then builds a Inter nal Span ning T ree (IS T) for th e R egi on conta ining all comm only co nfigure d MST P bridges .
S PANNING T RE E A LGORIT HM 12-4 MST P conn ects al l b ridges an d LAN se gmen ts wi th a sing le Co mmon an d Internal Span nin g T ree (CIST) . The CIST is for med as a resul t of the r unn ing sp anning tree alg orith m betwee n swi tches tha t supp or t the S TP , RSTP , MS TP pr otocols.
D ISPLA YI N G G LOBAL S ETTINGS 12-5 make it r eturn to a d iscardin g state; o therwise, temp orary d ata loops might result. • Designated Root – Th e pr iori ty and MAC ad dress of the dev ice in the Span ning Tre e tha t thi s switch ha s accep ted a s th e root de vice.
S PANNING T RE E A LGORIT HM 12-6 configur ation messag es at re gular in tervals. If t he root por t ages out STA information (provided in the last conf igurat ion mes sage) , a new ro ot po rt is s elected from among t he de vice p orts at tach ed to th e net work.
D ISPLA YI N G G LOBAL S ETTINGS 12-7 CLI – This command displays global ST A settings , follo we d by settings for each port . Note: The curren t roo t po rt an d curren t ro ot cost disp lay as zero when this device i s n ot conn ected to t he ne twork.
S PANNING T RE E A LGORIT HM 12-8 Conf igu ring Glo ba l Sett ings Global se ttings apply to the ent ire switch. Command U sage • Span nin g Tre e Pr otoc ol 13 Uses RST P for the internal s tate m achine, b ut se nds only 802.1D BPDUs . This create s one spa nni ng t ree i nstanc e for t he en ti re netwo rk.
C ONFIGURING G LOBAL S ETTINGS 12-9 - Be care ful w hen s wit ch ing be twee n s pan ning tr ee m odes . Ch ang ing modes st ops a ll spannin g-tree insta nces for the prev ious mo de and restar ts the sy stem in the new mod e, tempo rarily dis rupting u ser traf fic.
S PANNING T RE E A LGORIT HM 12-10 reco nfigure. All de vice port s (excep t for de signat ed po rts) should receive configur ation messages at regular intervals. Any port that ages out STA information (provided in the last conf igur ation mess age) becom es t he design ated po rt for the atta ched LA N.
C ONFIGURING G LOBAL S ETTINGS 12-11 Confi gurat ion Se ttings fo r MSTP • Max Instance Numbers – The max imum number o f MST P in stan ces to wh ich th is swit ch can be as sign ed. (D efault: 33) • Configuration Digest – An M D5 sig natur e key that contai ns th e VLAN ID t o MST I D ma pp ing t able .
S PANNING T RE E A LGORIT HM 12-12 We b – Click Spanning T ree, ST A, Configuration. Modify the required attributes , and click Apply . Figure 12-2 STA Global Configura tion.
D ISPLA YIN G I NTERFACE S ETTINGS 12-13 CLI – Thi s exa mple ena bles S pan ning T ree Proto col, s ets th e m ode t o MST , and then confi gure s the ST A and MS TP par ameters .
S PANNING T RE E A LGORIT HM 12-14 - If two por ts of a swit ch are conn ected to the sa me segm ent and the re is n o ot he r STA de vice a ttach ed to th is se gment , the port wi th the smalle r ID forward s packe ts and the other is discar ding.
D ISPLA YIN G I NTERFACE S ETTINGS 12-15 • Trunk Member – Indicates if a po rt is a member of a trun k. (STA Port Informat ion only) These additio nal parame ter s are only displa y ed for the CLI: • Admin status – Shows if this in terface is enabled.
S PANNING T RE E A LGORIT HM 12-16 loop s. W here m ore t han o ne po rt is a ssi gned the h ighes t pr iorit y, t he port wit h the l owe st nu mer ic id enti fier wil l be en ab led. • Designated root – The pr iorit y and MAC ad dress of t he device in th e Span ning Tre e tha t thi s switch ha s accep ted a s th e root de vice.
D ISPLA YIN G I NTERFACE S ETTINGS 12-17 CLI – This exampl e sho ws t he ST A attr ibutes for port 5. Console#show spanning-tree ethernet 1/5 31-25 Eth 1/ 5 information -----------------------------.
S PANNING T RE E A LGORIT HM 12-18 Configur ing In terfa ce Settings Y ou can c onfi gure RSTP a nd MSTP a ttrib utes for sp ecific interfa ces , including p or t priority , path cost, link type, and edg e por t.
C ONFIGURING I NTERFACE S ETTINGS 12-19 loop s. W here m ore t han o ne po rt is a ssi gned the h ighes t pr iorit y, t he port wit h lowest numeric id entifier will be enabled. - Default: 128 - Range: 0-240, in steps of 16 • Adm in Pat h Cos t – Thi s pa ra mete r is used by the ST A to de ter mine the best path be twee n dev ices.
S PANNING T RE E A LGORIT HM 12-20 • Admin Link Type – The link type attache d to this in terface . - Point-to -Poin t – A co nnect ion to e xactly one othe r brid ge.
C ONFIGURING I NTERFACE S ETTINGS 12-21 We b – Click Spannin g T ree, S T A, P o r t Configu ratio n or T r u nk Configuration. Mo dify the requir ed attr ibutes , th en cl ick A pply . Fig ure 12 - 4 ST A Po rt Co nf igu ra ti on CLI – T his exa mple se ts ST A attribu tes for por t 7.
S PANNING T RE E A LGORIT HM 12-22 Configu rin g Multi ple Span ning Tree s MSTP gene rates a uni que spann ing tree for eac h instan ce . This pro vides multiple pa thways acros s the ne tw ork, ther.
C ONFIGURING M ULTIPLE S PANNING T REES 12-23 • VLANs in MST Ins tance – V LANs as sign ed th is in stan ce. • MST ID – Instance identifier to configure. (Range: 0-4094; Default: 0) • VLAN ID – VLAN to assign to this selected MST instan ce.
S PANNING T RE E A LGORIT HM 12-24 CLI – T his displays ST A s ettings for instan ce 1, follow ed by settings for eac h po rt. Console#show spanning-tree mst 1 31-25 Spanning-tree information ------.
D ISPLA YI N G I NTERFACE S ETTINGS FOR MSTP 12-25 CLI – This exampl e sets the p riori ty for M STI 1, and ad ds VLA Ns 1-5 to this MSTI . Display ing In terfa ce Setti ngs for MST P Th e MSTP P or t Infor mat ion and MS TP T r unk Infor mati on pa ges display the current stat us of p orts a nd trunks in t he sele cted M ST i nst ance .
S PANNING T RE E A LGORIT HM 12-26 CLI – T his displays ST A s ettings for instan ce 0, follow ed by settings for each por t. T he se ttin gs for inst ance 0 are gl obal set tings th at a pply t o the IST (p age 12-4), t he s ettin gs fo r other ins tance s only appl y to t he lo cal spannin g tree.
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-27 Configurin g Interfa ce Se ttings fo r MSTP Y ou can c onfi gure the ST A interface s ett ings f or an M ST I nstance using the MSTP P ort Con figuration and MSTP T r un k Configuration pag es .
S PANNING T RE E A LGORIT HM 12-28 • Admin MST Path Co st – Thi s par amete r is used by th e MS TP to det ermine the bes t pa th be tw een device s. Theref ore, lowe r va lues sho uld be as sign ed to p orts at ta ched t o fas ter med ia , and high er va lues assig ned to po rts with s lower media.
C ONFIGURING I NTERFACE S ETTINGS FOR MSTP 12-29 We b – Click Spanning T ree, MSTP , P or t Con figuration or T r unk Configuration. Ente r the priority and pa th cost for a n interface, and clic k Apply . Figure 12-7 MSTP Port Configuration CLI – T his ex ample sets the M STP attribu tes for port 4.
S PANNING T RE E A LGORIT HM 12-30.
13-1 C HAPTER 13 VLAN C ONFI GURATION Sele cting th e VLAN Op erati on Mode The syst em ca n be co nf igured t o op erate in n or mal mode or one o f the tunnel ing m odes u sed for pass ing La y er 2 traffi c across a se r vice pro vide r’ s metropolitan area netw ork, includin g IEEE 802.
VLAN C ONFIGURATION 13-2 We b – Clic k VLA N , System Mode . Select th e r equire d mode , c lic k Ap ply . Figure 13-1 Selecting the System Mode CLI – T his ex ample sets the s witch to operat e in QinQ mode .
IEE E 802.1 Q VLAN S 13-3 VLAN s pro vide g reate r net w ork effi ci ency b y reducing br oad cast tr affi c , and a llo w yo u to ma ke ne tw ork c hanges wit hout ha vi ng t o upda te IP addr esses or IP subn ets .
VLAN C ONFIGURATION 13-4 VLAN C lassi fication – When the sw itc h recei ves a frame , it clas sif ies the fram e in on e of t w o w a ys . If th e frame is unt ag ged, the s witc h as signs the frame t o an as socia ted VLA N (base d on th e defaul t VLA N ID of the recei vin g po r t) .
IEE E 802.1 Q VLAN S 13-5 forw ard th e message to all other po r ts . When the messa ge ar riv es at another sw itch that suppor ts G VRP , it will also place the receiving por t in the spec if ie d VLA Ns , and pa ss the me ss age on t o al l ot her p orts .
VLAN C ONFIGURATION 13-6 switc hes , you s hould create a V LAN for that group and e nable tagg ing on all por ts . P ort s ca n be as sign ed to m ultiple tag g ed or untag ged VLANs . Ea ch port on th e switc h i s theref ore capab le of pas sing tag ged or untag ged frames .
IEE E 802.1 Q VLAN S 13-7 CLI – T his example enables GV RP for the switch. Displaying Ba sic VLAN Inform ation The VLAN Bas ic Info r mation page di spl ays ba sic i nfor matio n on the VLAN t ype su ppor te d by the swit ch.
VLAN C ONFIGURATION 13-8 CLI – Enter the following comman d. Displaying Current VLANs The VL AN Current T able s ho ws t he current p ort member s o f ea ch VLAN and wh ethe r o r not t he po rt supports V LAN t ag ging . P orts ass igned to a lar ge VLAN group t ha t cro sses se v er al s witc h es sh ould use VLAN tag ging .
IEE E 802.1 Q VLAN S 13-9 We b – Click VLAN , 802.1Q VLAN , Current T able. Select an y ID from the s croll-down list. Figure 13-4 VLAN Current T able Command A ttri butes (CLI) • VLAN – ID of configure d VLAN (1-4094, no leading zeroes). • Type – Sho ws ho w th is V LAN wa s added t o the s wit ch.
VLAN C ONFIGURATION 13-10 CLI – Cur rent VL AN infor mation can be displayed wit h the following command. Cre ating VLA Ns Use th e VLAN Stati c Li st to c reate or remov e VLAN groups . T o propagate info r mation about VLAN groups used on this s witch to external net w ork devices , you m ust specify a V LAN ID for eac h of t hese gr o u p s .
IEE E 802.1 Q VLAN S 13-11 • Remove – Remo ves a VLAN gr oup fr om the curr ent list. I f any po rt is assig ned t o this group as u ntagge d, it wi ll be reassig ned t o VLAN gro up 1 as untagged.
VLAN C ONFIGURATION 13-12 Adding Stat ic Memb ers to VL ANs (VLAN In dex) Use th e VLAN S tati c T able t o con figure p ort member s for th e sel ected VLAN index. Assign por ts as tag g ed if they are connected to 802.1Q VLAN compl iant devices , or unta g g ed th ey a re not c onnec te d to a ny VLAN -aw ar e devi ces .
IEE E 802.1 Q VLAN S 13-13 - Forbidden : Inte rface is forbidden from automati cally joining the VLAN via GVRP. For more information , see “Auto matic VLAN Regist rat ion” on page 1 3-4. - None : Inter face i s not a member of the V LAN. Pa ckets assoc iated with this V LAN will not be transmit ted by the int erfac e.
VLAN C ONFIGURATION 13-14 Adding Stat ic Memb ers to VL ANs (Port I ndex) Use th e VLAN Static Memb ership by P or t men u to assign VLAN groups to th e sel ect ed in te rfac e as a tag g ed mem ber . Command A ttri butes • Interface – P ort or tru nk id en tifi er.
IEE E 802.1 Q VLAN S 13-15 Configur ing VLAN Behavior for Int erfaces Y ou can config ure VLAN behavior for specific int erfaces , in cluding the default VLAN identifi er ( PVID), ac cepted fr ame typ es , ing ress filteri ng, GVRP status , and GARP t imers .
VLAN C ONFIGURATION 13-16 - If ingress filt ering is d isab led and a port recei ves fr ames tagg ed for VLANs for which it is not a member, th ese frames will be flooded to all o ther po rts (e xcept fo r th ose V L ANs explic itly forbidden o n this port ).
IEE E 802.1 Q VLAN S 13-17 belo nging to the po rt’s defa ult VLAN (i.e., asso ciated with the PVID ) are also transm itted as tagged frames. - Hybrid – Specifies a hybrid V LAN inte rface. The port may trans mit tagg ed or u ntagge d frames . • Trunk Member – Indicates if a po rt is a member of a trun k.
VLAN C ONFIGURATION 13-18 Conf igur ing Pri vate VLANs Pri vate VLA Ns p ro vide port-based securi ty and i solat ion be tw een ports with in th e assi gned V LAN . Data tr affi c on d ow nlink ports can on ly be forw arde d to , and fr om, up link ports .
C ONFIGURING P RI VATE VLAN S 13-19 Configur ing Uplink and Downlink P orts Use the Pri vat e VLAN Link Stat us page to set ports as dow nlin k or uplink ports . P ort s de sig nate d as do wn link p orts can no t com m unicat e wi th an y othe r por ts o n the swit ch ex ce pt for the uplin k por ts.
VLAN C ONFIGURATION 13-20 Configuri ng Protoc ol-Based VLAN s The ne tw ork dev ice s re quir ed to supp ort mu lti pl e pr otoc ols canno t be easily g rouped into a common VL AN . This may require non-stan dard devices to pass traffic betw een diff erent VL ANs in order to en com pass all the devices particip ating in a spec ific protoc ol.
C ONFIGURING P RO T O CO L -B AS ED VLAN S 13-21 Configur ing Protocol Groups Creat e a pro toco l group fo r one or m ore pr otoc ols . Command A ttri butes • Protocol Group ID – Group identifier of this protocol group. (Range : 1-21 474836 47) • Frame Type 20 – Fram e type use d by this pr otocol.
VLAN C ONFIGURATION 13-22 Mapping Protocols to VLANs Map a protocol g roup to a VLAN for ea c h interface that will par tici pate in the g rou p . Command U sage • When cr eatin g a prot oc ol-ba sed VLA N, only assign inte rfaces us ing thi s con figurat ion sc reen .
C ONFIGURING P RO T O CO L -B AS ED VLAN S 13-23 We b – Click VLAN , Protocol VL AN , P ort Con figuration. Select a a por t or t r unk, en ter a prot ocol group ID , the c or res pondi ng VLAN I D , and click Apply .
VLAN C ONFIGURATION 13-24 Co nfigu rin g IEE E 80 2.1Q Tunn elin g IEEE 802.1Q T unneling (QinQ) is design ed for ser v ice pro viders car r ying traffic for multiple custom ers across thei r networks .
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-25 be added to th is SPVLAN . Th e uplink por t can be added to mu ltiple SPVLAN s to carr y inb ound traffi c for d iffere nt cust omer s onto the ser vice pro vi der’ s netw ork.
VLAN C ONFIGURATION 13-26 Th e ing ress pr ocess does s ource and destinati on lookups . If both loo kups are s uccess ful, the ingress pro cess wri tes the pa ck et t o me mory . T hen the egress pr ocess tran smit s th e p ack et. P ack ets ent ering a Qi nQ tunn el p ort are p roc essed in th e fol lo wing man ner: 1.
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-27 Th e ing ress proc ess does source and dest ination lo okups . If b oth lookups are s uccess ful, the ingress pro cess wri tes the pac k et t o me mory . T hen the eg r ess pr oces s tra nsmi ts the packet .
VLAN C ONFIGURATION 13-28 8. If the egress po rt is an un tag ged member o f the SPVLAN , the out er tag will be st ripped. If it is a tag g ed member, the outg oing pac ket will ha v e tw o tags . Confi gurat ion Li mitation s for Q inQ • T he nat ive V LAN of u plink po rts s hould no t be u sed as the SP VLAN.
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-29 4. Set the T ag Protoco l Id enti fier (TPID ) v alue of th e tun nel port. This ste p is required is the attached client is using a no nstandard 2-byte ethe r type t o id entify 802.1Q t ag ged frames . The standa rd et hertype va lue is 0x8100.
VLAN C ONFIGURATION 13-30 Adding an Interf ace to a QinQ Tunnel F ollo w t he gu ideli nes in the pr ecedi ng sect ion to set up a Q inQ tunn el on the sw itch. Set the in g res s por t on the se r v ice provider ’ s net w ork to dot1Q tunne l mode.
C ONFIGURING IEE E 80 2.1Q T UNNELING 13-31 nece ssary to s uppor t r eal-ti me se rvices ac ross the b ackbon e net work, then you may have to e nable prio rity b it mapping from the inner to outer VLAN t ag to ensu re timely servic e. We b – Click VLAN , 802.
VLAN C ONFIGURATION 13-32 CLI – This exam ple c onfigu res t he sw itc h to copy t he p rior ity bits f rom the inn er to ou ter VLA N ta g, it then s ets p ort 2 to t un nel mode , and indicates that the TPID used fo r 802.1Q tag g ed frames will be 9100 hexad ecimal.
C ONFIGURING VLAN S WAP P IN G 13-33 Configu rin g VLAN Swappi ng QinQ t unne lin g uses do uble taggi ng t o pre serve t he cus tomer’ s VL AN tags on tr affic c ro ssing the se rvice p rov ider’s netw ork.
VLAN C ONFIGURATION 13-34 Field Attrib utes • Entry Counts – The num ber o f ent ries in th e VLAN swapp ing t able . • VLAN Swap Tab le – Cont ains each entr y in th e VLA N s wappin g ta ble. • InPort – Port throu gh which tr affic is enteri ng the swit ch.
C ONFIGURING VLAN S WAP P IN G 13-35 CLI – T his e xample conf igures VLAN s w apping fo r upstre am traffic between port 1 and port 18, ex ch anging VLAN ID 1 for VLAN ID 3. It then set s VLAN sw app ing for do wnstream traffic to ex c hange VLAN ID 3 for VLAN I D 1.
VLAN C ONFIGURATION 13-36.
14-1 C HAPTER 14 C LASS OF S ERVICE Class of Ser vice (CoS) allows you to specify which data pack ets hav e greater pr ece dence whe n traf fic i s buf fered in th e swit ch due to cong e stion . Th is switch s uppor ts CoS wit h eigh t priorit y que ues for each por t.
C LASS OF S ER VICE 14-2 Command A ttri butes • Default Priority 21 – The prior ity that is assigne d to unta gged frame s received on the specified interface . (Range: 0 - 7, Default: 0) • Number of Egress Traffic C lasses – The nu mber of queu e buf fers provid ed for each port.
L AYER 2 Q UEUE S ETTINGS 14-3 CLI – T his examp le assig ns a default p riority of 5 to p or t 3. Mapp ing CoS Va lues to Egr ess Queue s Th is switch processes Class of Ser v ice (CoS) priority tag g ed traffic by using ei ght prio rity qu eues for ea ch po r t, wi th ser vice s c hedul es b ased o n strict o r W eighte d R ound R obin (WRR).
C LASS OF S ER VICE 14-4 The priority leve ls recommended in the IEEE 802.1p standard for v arious network applications are sh own in th e fo llo wing tabl e . H ow ever , y ou can map the priority le v els to the swit c h’ s output queues in any way that ben efit s applic atio n traff ic fo r y our o wn netw ork.
L AYER 2 Q UEUE S ETTINGS 14-5 We b – Click Pr iority , T raffi c Classe s . Assign pr iorit ies to th e traf fic clas ses (i.e ., o utput que ues), th en clic k Apply . Figure 14-2 Traffic Classes CLI – The follo wi ng exam pl e sho ws ho w to c han ge the Co S assig nme nts to a one-t o-one ma pping .
C LASS OF S ER VICE 14-6 Selecting the Queue Mode Y ou can se t the swit ch to ser vice the qu eues b ased o n a stric t r ule that require s a ll tr affi c in a h igh er pri orit y queue t o be pr oc.
L AYER 2 Q UEUE S ETTINGS 14-7 We b – Click Priori ty , Queue Mode. Sele ct Strict or WRR, then click Apply . Figure 14-3 Queue Mode CLI – The follo wing set s the que ue mo de to strict prio rity service mode .
C LASS OF S ER VICE 14-8 Command A ttri butes • WRR Setting Table 23 – Di spla ys a lis t of wei ghts fo r each tr affic cl ass (i.e. , queue). • Weig ht Val ue – Set a new wei ght fo r the s elected traffi c cl ass. (Range: 0-15) Use q ueue weig hts 1-15 fo r queues allo cated service tim e based on WRR.
L AY ER 3/4 P RI ORI TY S ETTINGS 14-9 CLI – The follo wi ng exam ple s ho ws ho w to assi gn WRR w eight s to pri or ity queu es 0- 5, a nd stri ct p ri ori ty to qu eues 6 an d 7.
C LASS OF S ER VICE 14-10 Selecting IP Precedence/DSCP Priority The s witch all ows you to ch oose be tween usi ng IP Prec ede nce or DSCP priorit y. Se lect on e of the method s or di sable th is fea ture. Command A ttri butes • Disabled – Disabl es both priority se rvices .
L AY ER 3/4 P RI ORI TY S ETTINGS 14-11 Mapping IP Precedence The T ype of Se r vice (T oS ) oct et i n th e IPv4 he ader i ncludes thr ee prec edence bit s de finin g eig ht d iffere nt p riori ty l ev els ra nging from hig hest pri ori ty for ne tw ork co ntro l pac kets t o l ow est prio rity for ro uti ne tr affi c .
C LASS OF S ER VICE 14-12 We b – Clic k Priori ty , IP Prece dence Prior ity . Select an en tr y fro m the I P Preced ence Pri orit y T able , en ter a v alue in th e Class o f Ser vice V alue fiel d, and th en cl ick A pply .
L AY ER 3/4 P RI ORI TY S ETTINGS 14-13 Mapping DSCP Prior ity The DSCP is six bits wide , allo wing codi ng for up t o 64 different forward ing beh aviors .
C LASS OF S ER VICE 14-14 We b – Click Priority , IP DSCP Priority . Select an entr y from the DSCP tabl e, ente r a v alue in the Clas s of Se r vice V alue field, then cli ck A pply .
L AY ER 3/4 P RI ORI TY S ETTINGS 14-15 Mapping IPv6 Traffic Classe s The T raf fic C lass field in t he IP v6 he ader may be us ed by orig inat ing node s and/ or for war ding rout ers to id enti fy and distin guish be twee n different classes or priorities for IPv6 packets.
C LASS OF S ER VICE 14-16 CLI – The follo wing exampl e maps t he T raffic Class v alue of 1 to Co S va l u e 0 . Ma ppin g IP Por t Pr iori ty Y ou can also map network ap plicatio ns to C lass of S er vice values ba sed on the I P por t number (i.
L AY ER 3/4 P RI ORI TY S ETTINGS 14-17 Clic k Priority , IP P ort Priority . Enter the po rt number for a netw ork application in the I P P or t Numb er bo x and the new CoS value in the Class of Ser vic e bo x , a nd th en cl ick A ppl y .
C LASS OF S ER VICE 14-18.
15-1 C HAPTER 15 Q UALITY OF S ERVICE Th e commands described in this section are used to config ure Quality of Ser vice ( QoS) cla ssi ficati on crit eri a and s er vice po licies .
Q UALITY OF S ER VI CE 15-2 Notes: 1. You ca n con figure up to 16 rules per C lass Map. Y ou can also include multiple cl asses in a Policy Map. 2. You sh ould crea te a Clas s Ma p b efore c reatin g a Pol ic y Map. Othe rwis e, yo u wil l no t be a ble to s elect a Cl ass M ap f rom th e Poli cy Rule Setti ngs screen (see page 15-9).
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-3 Configur ing a Class Map A clas s ma p is us ed for matc hing pac kets t o a s pecif ied class . Command U sag e • To conf igure a Clas s Map , foll ow th ese s teps : - Open the Class Ma p page , and click A dd Cla ss.
Q UALITY OF S ER VI CE 15-4 Sett ings ” pag e. Ent er th e cri teria us ed to clas sif y ingre ss tr affic on this web pag e. • Remove Class – Rem oves the se lected clas s.
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-5 We b – Click Qo S , Di ffSer v , then cli ck Add C las s to cr eate a new cl ass, or Edit R ules to chang e the r ule s of an existing class .
Q UALITY OF S ER VI CE 15-6 Creating QoS Policies This f unct ion crea tes a pol icy map t hat c an be att ac hed to m ult iple interfaces . Command U sag e • To conf igure a Pol icy Ma p, f ollow these step s: - Create a Class Map as describ ed on page 15-3.
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-7 Command A ttri butes Pol i c y Ma p • Modify Name and Description – Co nfig ures t he na me and a b rief des cription of a policy ma p.
Q UALITY OF S ER VI CE 15-8 • Remove Class – Deletes a class. - Pol ic y Op ti ons - • Class Name – Name of class map. • Act ion – Config ures the ser vice provided to ing re ss traffic b y setti ng a CoS , DSCP , or IP Preced en ce v alue i n a ma tc hin g pac ke t (as specifi ed i n Match Cla ss S etting s on pag e 15 -3).
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-9 We b – Click QoS , DiffSer v , P olicy Map to disp la y the list of existin g policy maps . T o add a new policy map click Add P o licy . T o configure the policy r ule se ttings click Edit Classes .
Q UALITY OF S ER VI CE 15-10 CLI – T his example creates a pol icy map calle d “rd-policy , ” sets the av erag e bandwidth the 1 Mbps , the burst rate to 1522 bps , an d the res ponse to re duce the DS CP valu e for viola ti ng packets to 0.
C ONFIGURING Q UALITY OF S ER VICE P ARAM ETE RS 15-11 We b – Click QoS , DiffSer v , Ser vice P olicy Set tings . Check Enabled and choose a P olicy Map for a por t from the scroll-d own box, then click A pply . Figu re 15- 3 Servic e Po licy Sett ings CLI - T his example app lies a ser vice policy to an ing re ss interface.
Q UALITY OF S ER VI CE 15-12.
16-1 C HAPTER 16 M ULTICAST F ILTERING Multicasting is used to suppor t real-t ime application s such as videocon ferencing or streaming audio . A multicast ser ver doe s not have to estab lish a se para te conn ection with e ach client .
M ULTICAST F ILTERING 16-2 thos e ports onl y . I t then pro pagates th e ser vice requ est up t o any neighbo ring multicast switch/route r to ensure th at it will continue to receiv e the multicast ser vice.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-3 is forwarde d to the host s from each of th ese s ource s . IGMPv 3 hosts m ay also request tha t ser vice be forw a rded fro m all s ources ex cept for those specified. In this case, traffic is filtered from so urces in the Ex clude list, and f orw arded f rom all ot her a vail able sourc es .
M ULTICAST F ILTERING 16-4 Configur ing IGMP Snooping and Query Pa rameters Y ou can config ure the switch to forward multicast traffic intellig e ntly . Based on t he IG MP q uer y a nd report messages , the s witc h fo rw ards t raf fic only to the ports t hat request mu lticast traffic.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-5 Command A ttri butes • IGMP Status — Wh en en abl ed , the s wit ch wi ll moni tor n etwo rk traff ic to determine which h osts want to rec eive multicast traffic. This is also referr ed to as IGMP Sn ooping.
M ULTICAST F ILTERING 16-6 We b – Clic k I GMP Snoo pin g, I GMP Co nfiguration. Adjus t the IGMP sett ings as req uired, a nd then click Apply . (Th e default settings a re shown below .) Figure 16-1 IGMP Configuration CLI – T his example modifie s the settings fo r m ulticast filteri ng, and then disp la ys t he current s tatus .
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-7 Displaying Interfaces Attached to a Multicast Router Mult icas t rout ers t hat are attac hed to ports on the s wit ch use in for matio n obtained from IGMP , along with a m ulticast routin g protoco l suc h as D V MRP or PIM , to supp or t IP multic ast ing acro ss the Inter n et.
M ULTICAST F ILTERING 16-8 CLI – T his examp le shows th at P or t 11 h as been statically configured as a port attache d to a m ulticast r outer . Specifying Static Interfaces for a Multicast Router De pendin g on y our network conne ction s , IGMP snoop ing m ay not always be ab le to locate th e IGMP querie r .
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-9 CLI – T his example configures por t 11 as a multicast router por t within VLAN 1. Displaying P ort Member s of Mult icast Services Y ou can d isp la y th e port members associ ated with a spec ified V LAN an d multicast ser vice.
M ULTICAST F ILTERING 16-10 We b – Click IGMP Snoop ing, IP Multicast R egi stration T able. Select a VLAN ID and the IP address fo r a m ulticast ser vice from the scroll-down lists . The switch will disp lay all the interfaces that are propag ating th is multicast ser vice.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-11 Ass igning Port s to Mult icast Ser vic es Multicast fi ltering can be dynamical ly configured using IGM P Snoopin g and IG MP Qu er y mes sage s a s desc ribe d in “Conf iguri ng IGM P Sno oping and Quer y Par ameters ” on pag e 16-4.
M ULTICAST F ILTERING 16-12 We b – Clic k IGMP Snoo ping , IG MP Me mber P or t T abl e . Spe cif y the interface attache d to a m ulticast ser v ice (via an IGMP-enabled sw itch or multicast rou ter), indica te the VLAN tha t will pr opag ate th e multicast ser vice, specify the multicast IP address, and click Add.
L AYER 2 IGMP (S NOOPING AND Q UER Y ) 16-13 Configur ing Immediat e Leave from Multicast Groups T he s wit ch can be co nfi gur ed t o im med ia tel y de lete a me mb er po rt of a multicast ser vi ce if a leav e pack et is recei v ed at that port and the immediate-leave function is enabled for the parent VLA N .
M ULTICAST F ILTERING 16-14 We b – Clic k IGMP Sn oopi ng , IGMP Imm edia te Lea v e T able. Sel ect the VLAN interface to configure, set the status for immediate leav e , and click Apply . Figure 16-6 IGMP Immediate Leave Table CLI – This exampl e ena bles immedi ate le a ve on V LAN 1.
IGM P F ILTERING AND T HR OTTLING 16-15 IGMP thr ottlin g sets a m aximum number of multicast g roups that a por t can join at the same time. When the maximum number of g roup s is reac hed o n a port, the swit ch can tak e o ne of tw o action s; eit her “de ny” or “replac e .
M ULTICAST F ILTERING 16-16 CLI – T his example enable s IGMP filtering and creates a profile number . It then displa ys the cu rrent stat us and the exist ing p rof ile n um ber s .
IGM P F ILTERING AND T HR OTTLING 16-17 • Current Multicast Address Range List – Lists multicast groups currently included in the profile. Sele ct an entry and click the Remove but to n to de le te i t f rom t h e lis t. We b – Click IGMP Sn ooping, IGMP Profile Group Configuration .
M ULTICAST F ILTERING 16-18 Configur ing IGMP Filter ing and Throttlin g for Interfaces Once y ou hav e configu red IGMP pr ofil es , y ou can assig n th em to int erfac es on th e switch. Also , you can set th e IG MP throt tlin g number to li mi t th e n umber of m ulticast g roups an interface can join at the same time .
IGM P F ILTERING AND T HR OTTLING 16-19 We b – Click IGMP Snooping, IG MP Filt er/T hrott ling Port Configuratio n or IG MP Filter/ T hrottlin g T r unk C onfig uration. Select a profile to assign to an inte rface, th en set th e throttlin g number and a ction.
M ULTICAST F ILTERING 16-20 Multi cast VLAN Regi strati on Multicast VLAN R egistration ( MVR) is a protocol that con trols acce ss to a single network-wi de VLAN most co mmonly used fo r tran smitting mult icast traffic (suc h as television ch annels or video-on-d emand) across a ser vice provider’ s netw ork.
M ULTICAST VLAN R EGISTRA TION 16-21 General Configuration Guidel ines for MVR 1. En able MVR globally on the switch, se lect the MVR VL AN , and add the multic ast g roup s that wi ll strea m traffic to at tached hosts (s ee “Confi guri ng Gl obal MVR Settin gs ” on p age 16-21) .
M ULTICAST F ILTERING 16-22 Field Att ributes •M V R D o m a i n – An inde pendent m ulticast d omain. (Range: 1-3; Default: 1) • MVR Status – Whe n MV R is en able d on bot h th e sw itch, an.
M ULTICAST VLAN R EGISTRA TION 16-23 We b – Click MVR, Configuration . Select the MVR domain, enable MV R glob all y on the s wit ch , se le ct the MV R VLAN , add th e m ult ica st groups that will stream traffic to attached hosts , and then click Apply .
M ULTICAST F ILTERING 16-24 Displaying MVR Interface Status You c an di splay inform ation about the i nterfa ces atta ched to th e MVR VLAN. Field Att ributes •M V R D o m a i n – An inde pendent m ulticast d omain. • Type – Show s the MVR p ort type .
M ULTICAST VLAN R EGISTRA TION 16-25 CLI – This exam ple sh ows in for matio n abo ut i nterf aces at tach ed to the MVR V LAN . Console#show mvr interf ace 35-29 ======================= ===========.
M ULTICAST F ILTERING 16-26 Configur ing MVR Interfaces Each interface that par ticipates in the MVR VLAN m ust be confi gure d as an MV R sour ce po rt or re ceiver por t . If on ly one subs crib er atta ched to an interface is receiving multicast ser v ices , you can enable the immediate leave fu nction .
M ULTICAST VLAN R EGISTRA TION 16-27 - Using imm edia te leave can s peed up lea ve lat ency, but s houl d only be enab led on a port at tach ed to on e mul ticas t su bscrib er to avoid disr upting se rvices to oth er group membe rs atta ched t o the same interface.
M ULTICAST F ILTERING 16-28 We b – Click MVR, P ort Config uration or T r unk Configuration. Figure 16-12 MVR Port Co nfiguration CLI – This example co nfig ures an M VR source p ort and rec ei ve r po rt, and then e nabl es imme diate l ea v e on the r ecei ver po r t.
M ULTICAST VLAN R EGISTRA TION 16-29 We b – Click MVR, Group IP In for matio n. Figure 16-13 MVR Group IP Information CLI – T his example following shows info rmation about t he interfaces ass ociated wit h m ulti cast groups assi gn ed to the M VR VL AN .
M ULTICAST F ILTERING 16-30 Assigning St atic Multicas t Groups to Interfaces F or multicast s treams t hat will r un for a long ter m and be asso ciated wit h a stab le set of host s , you can st atic ally bi nd the multi cast g rou p to th e part icipating in terfaces .
M ULTICAST VLAN R EGISTRA TION 16-31 We b – Click MVR, Group Membe r Configuration. Se lect a port or trunk from the “I nter face” fi el d, an d click Query to dis play the assign ed multicast groups . Select a multicast address from the displayed lists, and click the Add o r Remove button to modify the Memb er list.
M ULTICAST F ILTERING 16-32.
17-1 C HAPTER 17 D OMAIN N AME S ERVICE Th e Domain Naming System (DNS) ser vice on this switch allows host names t o be mapp ed to IP addres ses usi ng st atic table entrie s or by redir ecti on to ot her na me ser vers on the net w ork.
D OMAIN N AME S ER VICE 17-2 • When mo re th an o ne n ame s erver is specifi ed, the s erver s are queri ed i n the spec ified s eque nce un til a res ponse i s re ceived , or the en d of t he l ist is rea ched w ith n o resp onse . • If all na me servers are d eleted, DNS will automatically b e disabled.
C ONFIGURING G ENERAL DNS S ER VICE P ARAM ETE RS 17-3 We b – Select DNS , General Configuration. Set the default domain name or li st of domai n name s , specify one o r more n ame s er v ers to us e to us e for addre ss re solution, e nable d oma in lookup status , and cl ic k Apply .
D OMAIN N AME S ER VICE 17-4 CLI - T his example sets a default domain name and a domain list . Howev e r , remember that if a domain list is specified, the default domain name is n ot used.
C ONFIGURING S TAT IC DNS H OST TO A DDR ESS E NTRIES 17-5 Field Att ributes • Host Name – Name of a ho st devic e th at is ma pp ed to on e or mo re IP addre sses. (Range: 1-127 characters) • IP Address – Intern et addres s(es) associated with a hos t name.
D OMAIN N AME S ER VICE 17-6 CLI - T his exam ple ma ps tw o address to a host n ame , and then confi gur es an alias ho st na me for the same add resse s . Displaying the DN S Cache Y ou can d isp la y entr ies i n the D NS c ach e that ha v e b een learned vi a the des ignat ed na me se r vers .
D ISPLA YIN G THE DNS C ACH E 17-7 We b – S e le c t D N S , C a ch e. Figure 17-3 DNS Cache CLI - T his e xample d isp la ys all the res ource record s le arned from th e designated name ser v ers . Console#show dns cache 36-9 NO FLAG TYPE IP TTL DOMAIN 0 4 CNAME 207.
D OMAIN N AME S ER VICE 17-8.
S ECTION III C OMMAND L INE I NTERF ACE Th is section p rovides a detailed description of th e Command Line Interf ace, alo ng with examples for all of the command s . Overview of th e Comma nd Li ne Inte rface . . . . . . . . . . . . . . . . . . . . .
C OMMAND L IN E I NTE RF A CE IP Inte rface C ommands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38-1.
18-1 C HAPTER 18 O VERV IEW OF THE C OMMAND L IN E I NTER FACE This c hap ter de scr ibes h ow to u se th e Com mand Line In terfac e ( CLI). Using th e Command Li ne Inte rface Accessing the CLI When.
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-2 Aft er con nec ting to t he sy st em thr ough th e con sole p ort, th e logi n sc reen dis plays: Telnet Connection T elnet operat es o ver t he IP tran spo r t p rotocol .
E NTERING C OMMAN DS 18-3 2. At the pro mpt, enter th e user name and sy stem password. The CLI will di spla y the “Vty- n #” pr ompt for th e ad min istrat or to sho w that yo u are using privileg ed access mod e (i.e., Pri vileg ed Exe c), or “V ty- n >” for th e guest to sho w that yo u are us ing nor mal acces s mode (i.
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-4 • To enter multiple comma nds, ent er each c ommand in the re quired o rder. For exam ple, to en abl e Privi leged Exec c ommand mod e, and displ.
E NTERING C OMMAN DS 18-5 Sho win g Co mm ands If you enter a “?” at the command prompt , the syst em will display the first lev el of k eyw ords for t he current c omm and cl ass (N or mal Ex ec or Pri vile ged Ex ec) or co nfigur atio n cl ass (G lobal , A CL, In terfac e, Line , or VLAN Dat abase, or MSTP).
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-6 The c o mma nd “ sho w interfaces ? ” will display the following i nfor mation : Partial Keyword Lookup If y ou ter minate a p art ial k eyw ord with a que stion mark, alt ernativ es th at match the initial lett ers are provided.
E NTERING C OMMAN DS 18-7 Using Co mmand His tory The CLI ma intain s a histo r y of co mmands tha t ha v e b een ente red . Y ou can s crol l bac k throug h the his tory of comman ds b y press ing the up a r ro w ke y . An y com mand displ ay ed in the his tory list c an be ex e cuted again, or fir st mod ified a nd th en ex ecuted.
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-8 Exec Commands When y ou open a ne w co nso le sess io n on t he s witc h wi th the us er nam e and p assw ord “gu est, ” the sy stem en ters the Nor mal Ex ec comman d mode ( o r gues t mo de), dis pla ying the “C onso le> ” com mand prom pt.
E NTERING C OMMAN DS 18-9 The co nfig uratio n com mand s a re organized int o di ffe rent mo des: • Glo bal Configuration - These comman ds modify the syst em level config ura tion, and in clud e co mmands such as hostname and snmp-server community .
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-10 T o en ter t he ot her m odes , at the co nfigura tio n pro mpt type one o f the foll owi ng com mands .
E NTERING C OMMAN DS 18-11 For e xample, you ca n u se th e foll owing comma nds to enter int erface configuration m ode, and then return to Privilege d Exec mode Command L ine Processi ng Comma nds ar e not ca se sens iti v e .
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-12 Comma nd Grou ps The syst em co mmand s ca n be b rok en do wn i nto the fu nction al groups shown be low . Esc-F Moves the cursor forward one word. De le te ke y or bac k spa c e k ey Era s es a m is ta k e w hen e nt er ing a co mm a nd.
C OMMAND G RO UP S 18-13 Interface Configure s the connect ion parameters for a ll Eth e rn et por t s, a gg reg ated l i nk s, a nd V LAN s 25-1 Link Aggregation Statically groups multiple ports into.
O VER VI EW OF THE C OMMAND L INE I NTE RF A CE 18-14 The access mode s ho wn in the fo llo wi ng ta bles is in dicated by thes e abbr evi ation s: ACL (Acce ss Contro l Li st Co nfi gurat ion) CM (Cl.
19-1 C HAPTER 19 G ENERAL C OMMANDS These com mands are used t o con trol th e comm and acce ss m ode , config urati on m ode, and o ther ba sic func tions.
G ENERA L C OMMANDS 19-2 enable Th is command activates Pri vileg ed Exec mode . In privileg ed mode, additi onal comma nds are a v ailable, an d certain commands dis play additio nal infor matio n. See “Unde rstanding Comman d Modes” on pag e 18-7.
DIS ABLE 19-3 disable Th is command retur ns to Nor mal Exec mode from privilege d mode. In nor mal access mod e, yo u ca n only dis pla y bas ic in form ati on o n th e switch's configuration or Ether net statistics . T o g ain access to all comm an ds , you must use t he privi leg ed mode.
G ENERA L C OMMANDS 19-4 Example Related Commands end (19-6) sho w hi sto ry This com mand sho ws the co nten ts o f the comman d hi sto r y buffer . Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage The histo r y bu ffer size is fix ed at 10 Ex ecution co mmand s and 10 Co nfig ur atio n com mand s .
RE L O A D 19-5 The ! comma nd repeats c omm ands fro m th e Ex ecution co mmand hi story buffer when yo u are in No r mal Ex ec or Pri vil eged Ex ec Mode , and comm ands fro m the Con figu ration command his tory buffer when y ou are in any of the co nfiguration modes .
G ENERA L C OMMANDS 19-6 prompt This com mand cus tomi zes t he CLI prom pt. Us e the no fo r m to re st ore the defa ult pr ompt. Synta x prompt string no prompt string - Any a lp han u meri c st ring to u se fo r the C LI prom pt.
EXIT 19-7 exit Th is command retur ns to th e previous configuration mo de or exits the config urati on prog r am. Default Setting None Command Mode Any Example This examp le s ho ws ho w to re turn t.
G ENERA L C OMMANDS 19-8 Example Th is example shows h o w to qu it a CLI se ssion: Console#quit Press ENTER to start se ssion User Access Verification Username:.
20-1 C HAPTER 20 S YSTEM M ANAGEMENT C OMMANDS These comm ands are use d to cont rol system logs , pass w ords , us er nam es , man agement opti ons , and di spla y or conf igur e a v ariety of ot her sy stem infor mation.
S YSTEM M ANAG EMEN T C OMMA NDS 20-2 Device Design at ion Comma nds Th is section d escribes c ommands used to config ure infor mation th at unique ly iden ti fies th e swi tc h. hostname This comman d speci fies or modi fies th e host n ame for t his devi ce .
S YSTEM S TATUS C OMMAN DS 20-3 System Status Commands This sect ion de scr ibes co mm ands u sed t o di spla y sys tem infor mati on. show star tup-config Th is command displays the con figuration file stored in no n-volatile memor y that is u sed to s tar t up the syst em.
S YSTEM M ANAG EMEN T C OMMA NDS 20-4 This co mmand dis plays s ettin gs for key comman d modes . Each mode group is separ ated b y “!” sy mbols, a nd incl udes the conf igura tion mode command, and correspo nding commands.
S YSTEM S TATUS C OMMAN DS 20-5 Example Related Commands show r unning -config (20-6) Console#show startup-co nfig building startup-config , please wait..... !<stackingDB>00</stacki ngDB> !<stackingMac>01_00-20- 1a-df-9c-a0_00</stackingMac> ! phymap 00-20-1a-df-9c-a 0 ! SNTP server 0.
S YSTEM M ANAG EMEN T C OMMA NDS 20-6 show runnin g-config This com mand di spl ays the config ur ation infor mation cur rently in use. Command Mode Pri vile ged Ex ec Command Usage Use this c ommand .
S YSTEM S TATUS C OMMAN DS 20-7 Example Console#show running-co nfig building running-config , please wait..... !<stackingDB>00</stacki ngDB> !<stackingMac>01_00-30- f1-d4-73-a0_00</stackingMac> ! phymap 00-30-f1-d4-73-a 0 ! SNTP server 0.
S YSTEM M ANAG EMEN T C OMMA NDS 20-8 Related Commands show star tup-config (20-3) show syst em Th is command dis plays system infor mation. Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage • F or a des cr ipt ion of th e it ems sh ow n by thi s com mand , refe r t o “Displaying System Information” on page 4-1.
S YSTEM S TATUS C OMMAN DS 20-9 sho w use rs Shows all activ e console and T elne t session s , inc luding user name, idle time, and IP address o f T elnet client . Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage The sessio n used to ex ecute thi s command i s indi cated b y a “*” sy mbol next t o the Li ne (i.
S YSTEM M ANAG EMEN T C OMMA NDS 20-10 sho w versi on Th is command d isplays hardware and software v ersion in for mation for the syst em. Command Mode Nor m al Exe c, Pri vileged Exec Command Usage See “Displaying Hardware/Software V ersions” on page 4-7 for detailed infor mation on the item s displayed by this c ommand.
S YSTEM S TATUS C OMMAN DS 20-11 Example show cpu utilization Th is command shows t he CPU ut ilization parameters . Command Mode Nor m al Exe c, Pri vileged Exec Example Console#show bme versio n Firmware Fir mware-VTU-O:1.
S YSTEM M ANAG EMEN T C OMMA NDS 20-12 show m emory statu s Th is command shows memor y utilization parameters . Command Mode Nor m al Exe c, Pri vileged Exec Example Tabl e 20-5 show cpu utilizat ion.
S YSTEM M ODE C OMMAN DS 20-13 System Mode Commands This sect ion d es cribes co mmand used t o co nfigure the swi tc h to ope rate i n normal mo de or Qin Q mod e . syste m mode This comm and s ets t he swit ch to op er ate in Q inQ m ode . Us e the no for m to rest ore the default se tting o f nor ma l oper ating mod e .
S YSTEM M ANAG EMEN T C OMMA NDS 20-14 Default Setting Nor m al operating mode Command Mode Glob al Conf igura tion Command Usage Make sure that no dot1q-tunn el por t is configured before exiting QinQ mode (see “sw itchp ort mo de dot 1q- tunn el ” on pag e 32-2 7).
F RAM E S IZE C OMMAN DS 20-15 Frame Size Commands This sect ion de scr ibes comm ands u sed to c onfigu re the Ethe rnet frame size on th e swi tch. jumbo frame Th is command enable s suppor t for jumbo frames for Gig abit Ethernet ports . Us e th e no for m to disable it.
S YSTEM M ANAG EMEN T C OMMA NDS 20-16 Example File Mana gement Comma nds Manag ing Fir mware Fir mware can be uploaded an d dow nloaded to or from a TFTP ser ve r . By saving r untime code to a file on a TFTP ser ver , that file can later be do wnlo aded t o th e swit ch to re stor e oper ation.
F ILE M ANAG EMEN T C OMMAN DS 20-17 copy Th is comm and mov es (u pload/ download ) a co de imag e o r conf iguratio n file b etw ee n the sw itc h’ s f lash me mory and a TFTP ser v er .
S YSTEM M ANAG EMEN T C OMMA NDS 20-18 settings will be set to d efault values when the system is rebo oted using thi s file. • fir mware - Keyword that all ows yo u to c opy BME fi rmware use d for upg rading CPEs to reserved buffer space in the switch.
F ILE M ANAG EMEN T C OMMAN DS 20-19 •U s e t h e partial-running-config keyw ord to copy basic se tting s for the IP configuration, SNMP c ommunity st rings, and CL I user names and pa sswo rds t o a st artup con figurati on file.
S YSTEM M ANAG EMEN T C OMMA NDS 20-20 Th e fo llowing exam ple sh ows how to co py the r unnin g conf igura tion to a star tup file. Th e fo llowing exa mple shows how to do wnload a configur ation file: This examp le s ho ws ho w to co py a s ecure-s ite certificate from an TF TP ser ver .
F ILE M ANAG EMEN T C OMMAN DS 20-21 This examp le sho w s h o w to co py a publ ic-k ey use d b y SSH from an TFTP ser v er . N o te th at publ ic k ey au then tica tio n vi a SSH is o nly su pporte d for users configure d locally on the swit c h.
S YSTEM M ANAG EMEN T C OMMA NDS 20-22 delete Th is command deletes a fi le or image. Synta x delete filena me filename - Name of configuration file or code ima g e . Default Setting None Command Mode Pri vile ged Ex ec Command Usage • If the file type is use d for system startu p, then this file can not be dele ted.
F ILE M ANAG EMEN T C OMMAN DS 20-23 dir Th is command displays a list of files in f lash memor y . Synta x dir {{ boot- rom: | config: | opcode: } [ fil ename ]} Th e type of file or imag e to disp lay includes: • boot-rom - Bo ot RO M (or diagnostic) imag e file.
S YSTEM M ANAG EMEN T C OMMA NDS 20-24 Example Th e following example shows how to display all file infor mation: whichboot This comma nd displ ay s wh ic h files were bo oted wh en the sys tem po w ered up . Default Setting None Command Mode Pri vile ged Ex ec Example This examp le s ho ws the information di spla ye d b y th e whichboot comm and.
F ILE M ANAG EMEN T C OMMAN DS 20-25 boot system This com mand sp ecifies the file o r image us ed to start up th e sys tem. Synta x boot system { boot-ro m | config | opcode }: filename The type of file or imag e to set as a default incl udes: • boot-rom * - Bo ot ROM .
S YSTEM M ANAG EMEN T C OMMA NDS 20-26 Line Comm ands Y ou can access the onboard c onfiguration prog ram b y attaching a VT100 compa tibl e devic e to th e ser v er’ s serial p ort. These co mmands ar e us ed to set co mmu nicat ion p arame ters f or th e seri al po rt or T el net (i .
L INE C OMMAN DS 20-27 line This com mand id entifi es a specifi c l ine for conf igurat ion, an d to p roces s subs equent line co nfigu ration c ommand s . Synta x lin e { console | vty } • console - Cons ole terminal lin e. • vty - Virtual t erminal for remo te console acce ss (i.
S YSTEM M ANAG EMEN T C OMMA NDS 20-28 login This comma nd ena bles pass w ord ch ecki ng at log in. Us e the no for m to disa ble pas sw ord che cking an d allow con nect ions w ithou t a pass w ord. Synta x login [ local ] no logi n local - Selects local pa ssw ord checking .
L INE C OMMAN DS 20-29 Example Related Commands usern ame (22-2) passw ord (20-29) password This com mand sp ecifies the pass w ord for a line . Use the no for m to remove the pa ssword.
S YSTEM M ANAG EMEN T C OMMA NDS 20-30 configuration file from a TF TP server. There is no nee d for you to man ually con fig ure enc ryp ted p ass word s. Example Related Commands login (20-28) passw ord-thresh ( 20-32) timeout login r esponse Th is command s ets the int er val that th e system waits for a user to lo g into the C LI.
L INE C OMMAN DS 20-31 Example T o s et the t im eou t to t w o mi nu tes , e nt er thi s c omm an d: exec-timeout Th is command sets th e inter va l that the system waits until user input is detect ed.
S YSTEM M ANAG EMEN T C OMMA NDS 20-32 password -thresh Th is command sets the pass w ord intr usio n thresho ld which limits the number of faile d log on a ttempts . Use the no for m to remov e the thresh old va l u e. Synta x pass w ord-thresh [ thr e sh old ] no pass w ord-thresh thr eshold - T he n umber of al lo w ed pass w ord at temp ts .
L INE C OMMAN DS 20-33 sil ent-ti me Th is comm and sets th e amount of time th e manag eme nt conso le is inacce ssi ble aft er th e n umber of uns uccess ful l ogon atte mpts e x ceed s th e thresh old set by th e pass w ord- thresh co mmand . Us e the no for m to remov e the silent ti me v alue.
S YSTEM M ANAG EMEN T C OMMA NDS 20-34 Default Setting 8 data bit s per c haracter Command Mode Line Con figuration Command Usage The databits co mma nd can be u sed to mas k the hi gh bit on inp ut from dev ices t hat g ene rate 7 data b its with pari ty .
L INE C OMMAN DS 20-35 Command Usage Commun ication prot ocol s provide d by dev ices s uch as ter minals and modems o ften r equi re a spec ific pari ty bit se tting . Example T o spec ify n o parit y , en te r this co mma nd: sp eed Th is comm and sets the te r minal li ne’ s baud rate.
S YSTEM M ANAG EMEN T C OMMA NDS 20-36 Example T o specify 57600 bps , enter this command: stopbit s Th is comm and sets th e number of the stop bits tr ansmitte d per byte .
L INE C OMMAN DS 20-37 Command Usage Specifying s ession id entifier “0” will disconn ect the con sole conne ction. Spec ifying any oth er identifiers fo r an activ e session will disco nnect an SSH or T elnet co nnecti on.
S YSTEM M ANAG EMEN T C OMMA NDS 20-38 Example T o show all lines , enter this comman d: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeou.
E VENT L OG GI NG C OMMAN DS 20-39 Event Log ging Comm ands This s ection descr ibes comm ands u sed to c onfi gure e v ent logg in g on the switch. logging on Th is command controls lo g ging o f er ror messag es, sending debug or er ror messag es to a log ging proc ess .
S YSTEM M ANAG EMEN T C OMMA NDS 20-40 comm and to co ntro l the t ype of e rror messages that are st or ed in memor y . Y ou can use the log gin g trap co mma nd to con trol th e type of er ror me ssag es th at are sent to spec ified syslog se r vers .
E VENT L OG GI NG C OMMAN DS 20-41 Default Setting Flash: errors (lev el 3 - 0) RAM: war nings (level 7 - 0) Command Mode Glob al Conf igura tion Command Usage Th e messag e level specified for f lash memo r y must be a hi gher prio rity (i.e ., n umerically low er) than that specif ied for RAM.
S YSTEM M ANAG EMEN T C OMMA NDS 20-42 Command Mode Glob al Conf igura tion Command Usage • Use th is command mor e than o nce to build u p a list of ho st IP addres ses. • The maximum num ber of host IP address es allowed is five. Example logging facility Th is command sets the facility type for remote log ging of sys log messag es .
E VENT L OG GI NG C OMMAN DS 20-43 logging trap This comman d enab les th e log ging of sys tem me ssages to a remote s er ver , or l im its the sy slo g me ss ages sav ed to a r em ote s er v er based on sev erity . Use this command w ithout a specified level to en able remote lo g gi ng .
S YSTEM M ANAG EMEN T C OMMA NDS 20-44 clear log This comma nd clears mes sages from t he l og buffer . Synta x clear lo g [ fl a s h | ram ] • flash - Ev ent hi story st ored in flash memo ry (i. e., pe rmanent memory). • ram - Even t his tory stored in tempo rary RAM (i.
E VENT L OG GI NG C OMMAN DS 20-45 show logging Th is command displays the configuratio n settin gs for log ging messag es to local switch memo r y , to an SMTP event handler , or to a remote syslo g ser ver .
S YSTEM M ANAG EMEN T C OMMA NDS 20-46 Example Th e following example shows that system log ging is enabled, the me ssag e level for flash m emor y is “ er rors” (i.e., default level 3 - 0), and the me ssage level for RAM is “debug gi ng” (i.e.
E VENT L OG GI NG C OMMAN DS 20-47 Related Commands show log ging send mail (20-52) sho w lo g This com mand di spla ys the l og mes sages stor ed in local memory . Synta x sho w lo g { fl a s h | ram } • flash - Ev ent hi story st ored in flas h memory (i.
S YSTEM M ANAG EMEN T C OMMA NDS 20-48 SMTP Alert Commands These commands configu re SMTP ev ent handling , and forwa rding of alert messa ges to th e spe cifi ed SMT P ser v ers and ema il reci pien ts . logging sendm ail host Th is command spec ifies SMTP ser ve rs that w ill be sent aler t me ssages.
SMT P A LERT C OMMAN DS 20-49 • To sen d emai l ale rts, th e sw itch f irst op ens a con necti on, sends all the emai l alert s wait ing in the queue on e by o ne, and fina lly cl oses t he conn ect ion .
S YSTEM M ANAG EMEN T C OMMA NDS 20-50 logging sendm ail source-email This comma nd set s the email addres s use d for t he “ Fro m” field in alert messag es . Synta x lo g ging sendmail source-email email -addr ess email-add r ess - The so urce e mail add ress u sed i n al ert mess ages .
SMT P A LERT C OMMAN DS 20-51 Command Usage Y ou can s peci fy up to fi v e recipien ts fo r alert mess ages . Ho wev er , y ou mu st ent er a separate co mmand to s peci fy eac h recipi ent. Example logging sendm ail This com mand enable s SMT P ev ent handl ing .
S YSTEM M ANAG EMEN T C OMMA NDS 20-52 show logging s endmail Th is c omm and dis plays th e set ting s f or th e SMT P even t han dler. Command Mode Nor m al Exe c, Pri vileged Exec Example Console#show logging se ndmail SMTP servers ----------------------- ------------------------ 192.
T IM E C OMMAN DS 20-53 Time Comm ands Th e system clock can be dynam ically set by polling a se t of specified time ser v ers (N TP or SN TP). Mainta ining an accurate time on th e swit c h enab les th e sys tem l og to r ecord meani ngf ul dat es and t imes for ev ent entries .
S YSTEM M ANAG EMEN T C OMMA NDS 20-54 Command Usage • The time acq uir ed fro m time s er vers is use d to reco rd accurat e date s and tim es fo r lo g ev ents . Wit hou t SNTP, th e swi tch only recor ds the tim e st arti ng fro m th e f actory de fault set at the l ast boot up ( i.
T IM E C OMMAN DS 20-55 Command Mode Glob al Conf igura tion Command Usage Th is command specifies t ime ser vers from which the s witch will poll for time up dates w hen set to SN TP client mo de. The client will poll the time ser vers in the ord er specified until a response is re ceiv ed.
S YSTEM M ANAG EMEN T C OMMA NDS 20-56 Related Commands sntp client (20-53) sho w snt p This comman d dis pla ys th e current tim e and co nfig uratio n set tings for th e SNTP cli ent, a nd indi cates whe ther or n ot t he l ocal time h as be en prop erly updated .
T IM E C OMMAN DS 20-57 clock timezone This comma nd set s the time z one fo r th e switc h’ s in ternal cloc k. Synta x clock timezone na me hour hour s minute minutes { bef ore-utc | after-utc } • name - Name of timezone, usually an a cronym. (Ran ge: 1-29 chara cters) • hours - Number of hours before /after UTC.
S YSTEM M ANAG EMEN T C OMMA NDS 20-58 calendar set This com mand set s t he sys tem clo c k. It m ay be used if there is n o tim e ser ver on your network, or if you h a ve not config ured the switch to re ceive signa ls from a tim e ser ver .
T IM E C OMMAN DS 20-59 Example Console#show calendar 15:12:34 February 1 20 02 Console#.
S YSTEM M ANAG EMEN T C OMMA NDS 20-60.
21-1 C HAPTER 21 SNMP C OMMANDS Controls acces s to this sw itch from manageme nt stations using the Simple Netw ork M anagemen t Prot ocol (S NMP) , as w el l as the error t ypes sent t o trap mana g ers .
SNMP C OMMAN DS 21-2 snmp-s erve r Th is command enables th e SNMPv3 engine and ser vices for all manag emen t clien ts (i.e., v e rsions 1, 2c , 3). Use the no for m to d isable th e ser ver .
SHOW SNMP 21-3 sho w snm p Th is c om mand can b e us ed to check the s tatu s of SNM P co mmuni cati ons. Default Setting None Command Mode Nor m al Exe c, Pri vileged Exec Command Usage Th is comman.
SNMP C OMMAN DS 21-4 snmp-s erver communit y This comma nd defi nes th e S NMP v1 and v2c co mmun ity acc ess s tring . Use th e no for m to remo ve the sp ecified co mmun ity s tring .
SNMP - SER VER CONT ACT 21-5 snmp-s erver contact This co mmand sets the syst em co ntact s tri ng . U se th e no fo r m to remov e the sy stem c onta ct in fo r matio n. Synta x snmp-ser ver contact str in g no snmp-ser ver contact string - String th at descr ibes the sy stem co ntact infor mation .
SNMP C OMMAN DS 21-6 Command Mode Glob al Conf igura tion Example Related Commands snmp-ser v er cont act (21-5) snmp-s erver h ost This co mma nd sp ecif ies t he reci pien t of a Sim ple Netw ork Ma nagement Prot ocol not ificat ion oper ation . Use the no for m to remo v e the specifie d host.
SNMP - SER VER HOST 21-7 community c ommand prior to us ing the snmp -ser ve r h ost command. (Maximum length: 32 c haract ers) • version - Spec ifies whet her t o send n otificat ions as SNMP V ersion 1, 2c or 3 traps.
SNMP C OMMAN DS 21-8 • Notificat ions are issued by the switch as trap mess ages by default . The reci pient of a tra p mes sage does not send a resp onse to the switc h. Tra ps are t herefo re n ot as r eliabl e as infor m mes sages, which incl ude a req uest f or a cknowle dgement of re ceip t.
SNM P - SER VER ENAB L E TRAPS 21-9 user com mand. Oth erwise, t he aut hent icatio n pas sword an d/or privacy password will not e xist, and the switch will no t authorize SNMP a cces s for t he h ost.
SNMP C OMMAN DS 21-10 noti fica tions are en able d. If you en te r the com man d with a keywo rd, only the not ification type related to that keyword is enabled. •T h e snmp-server enable traps comma nd is us ed in conju nct ion with the snmp-server host comma nd.
SNMP - SER VER ENGINE - ID 21-11 Command Mode Glob al Conf igura tion Command Usage • An SNMP engine is an indepen dent SNMP agent that resid es either on this switch or on a re mote d evic e. This e ngine protec ts ag a inst mess age replay , dela y , an d re directio n.
SNMP C OMMAN DS 21-12 show snmp engine-id This co mmand sho ws th e SNMP en gin e ID . Command Mode Pri vile ged Ex ec Example This examp le s ho ws the defau lt e ngine ID .
SNMP - SER VER VI EW 21-13 snmp-s erver view This co mma nd adds an SN MP view w hic h co ntr ol s use r acce ss to th e MIB . Us e th e no for m t o r emove an SN MP v iew . Synta x snmp-ser ver vi ew v iew-n ame o id-tr e e { included | excluded } no snmp-ser ver view vi ew-nam e •v i e w - n a m e - Name of an SNMP view.
SNMP C OMMAN DS 21-14 This view inclu des the MIB -2 interfac es ta ble , a nd the mas k sel ects al l index entrie s . sho w snm p v iew This com mand sho ws information on the S N MP view s . Command Mode Pri vile ged Ex ec Example Console(config)#snmp-se rver view ifEntry.
SNMP - SER VER GR OUP 21-15 snmp-s erver g roup This command adds an SNMP group , mapping SNMP us ers to SNMP views . Use the no for m to re mov e an SNMP g roup .
SNMP C OMMAN DS 21-16 • For addit iona l informat ion on the notific ation me ssages supporte d by thi s swit ch, se e Tabl e 5 -2, “Su pport ed Not ificat ion M essages ,” on page 5-19.
SHOW SNMP GR OUP 21-17 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1.
SNMP C OMMAN DS 21-18 snmp-s erver u ser This command adds a user t o an SNMP group , restricting the user to a speci fic SNMP R ead, W r ite, or Notify V iew .
SNMP - SER VER USER 21-19 Command Usage • The SN MP eng ine ID is used t o compute t he aut hent icati on/pr ivacy dige st s fr om t he pass word. You sho uld ther efo re co nfigure t he e ngine ID with the snmp-server engine-id command before using this configuratio n command .
SNMP C OMMAN DS 21-20 sho w snmp us er Th is comm and shows i nfor mat ion on SNMP us ers . Command Mode Pri vile ged Ex ec Example Console#show snmp user EngineId: 800000ca03003 0f1df9ca00000 User Na.
22-1 C HAPTER 22 U SER A UTH EN TICA TION C OMMANDS Y ou can conf i gur e th is switc h to authen tica te u sers logg in g in to th e sys tem for manag em ent acce ss using local or re mote auth entica tion me thods . P or t-based authentic ation using IEEE 802.
U SER A UT HE N T IC AT ION C OMMA NDS 22-2 User Ac coun t Com mands The basi c comm ands requir ed f or ma nagement a cces s are listed in t his sectio n.
U SE R A CCOUN T C OMMAN DS 22-3 • password password - The auth entica tio n passw ord fo r the us er. (Maximum leng th: 8 charac ters plain text, 32 enc rypted, cas e sensitive ) Default Setting The default access level is Normal E xec.
U SER A UT HE N T IC AT ION C OMMA NDS 22-4 enable password After initially log ging onto the system, you should se t the Privileged Exec passw ord. R emember to record it in a safe place. This comm and controls acces s to the Pr i vileged Ex ec lev el fr om the N or mal Ex ec lev el.
A UTHENTICATION S EQUEN CE 22-5 Related Commands enable ( 19-2) au then tica ti on e nab le ( 22 -7) Aut henti catio n Seque nce Three au then tica tio n me thod s c an be sp ecified to au th entic ate users log ging into th e system for man ageme nt access .
U SER A UT HE N T IC AT ION C OMMA NDS 22-6 Command Usage • R A D I U S u s e s U D P w h i l e T A C A C S + u s e s T C P . U D P o n l y o f f e r s b e s t effort de liv er y , wh ile TCP offers a connection-oriented transpor t.
A UTHENTICATION S EQUEN CE 22-7 authentication enable This co mmand defin es th e au then tic ation meth od an d p receden ce to use when c hanging from Ex ec comma nd mode to Pr ivileged Ex ec command mode wit h the ena ble command ( see pa ge 19-2).
U SER A UT HE N T IC AT ION C OMMA NDS 22-8 Example Related Commands enab le pa ssw ord - set s th e pass w ord for c ha nging com mand mo des (22-4) RADIUS Client R emote Authen tication Dial-in User.
RADIU S C LIENT 22-9 radius-server h ost This comma nd speci fies p rimary and bac kup RA DIUS ser v ers an d auth enti cati on p arame ters that appl y to eac h ser v er .
U SER A UT HE N T IC AT ION C OMMA NDS 22-10 radius-se rver po rt This command s ets the RADIUS s er v er netw ork port. Use the no for m to restor e the d efault. Synta x radius-ser ver port port_num ber no radius-ser ver por t por t_ nu mber - RADIUS se r ver UDP por t used fo r authentication messages .
RADIU S C LIENT 22-11 Example radius-server r etransmit This com mand sets t he n umb er of re tr ies . Use the no fo r m to resto re the defa ult. Synta x radius-ser ver retrans mit nu mber_of_retries no radius-ser ve r retransmit numb er_of_r etrie s - Number of times the switch will tr y to authent icate log on ac cess via the RADIUS ser ver .
U SER A UT HE N T IC AT ION C OMMA NDS 22-12 Command Mode Glob al Conf igura tion Example show radius -server This com mand displ ays the current set ti ngs for th e RADIUS s er v er .
TACACS+ C LIENT 22-13 TACA CS+ Client T er minal Access Controller Ac cess Co ntrol System (TA CA CS+ ) is a log on authe ntic ation prot ocol tha t uses so ftware r unn ing on a centr al ser ver to con trol ac cess t o T A CA CS-a war e d evices o n the netw ork.
U SER A UT HE N T IC AT ION C OMMA NDS 22-14 tacacs-server port This com mand sp ecifies the T A CA CS+ ser v er netw ork p ort. Use the no for m to restor e the defau lt. Synta x tacacs-ser ver port port_nu mber no tacacs-ser ver por t por t_ nu mber - TA CACS+ ser ver TCP p ort u sed f or auth entica tion messages .
W EB S ER V ER C OMMAN DS 22-15 Example sho w ta cacs -se rve r This com mand disp la ys t he current s ett ings for the T A CA CS+ ser ver . Default Setting None Command Mode Pri vile ged Ex ec Example Web Ser ver Comm ands This sect ion descr ibes com mand s used to c onfi gure w eb bro wser manag em ent ac cess to the switch.
U SER A UT HE N T IC AT ION C OMMA NDS 22-16 ip http por t This comma nd sp ecifies the T CP port numb er u sed b y the web bro w ser interface. Use the no for m to use the defa ult port. Synta x ip http por t por t-nu mber no ip http por t por t- num ber - T h e T C P p o r t t o b e u s e d b y t h e b r o w s e r i n t e r f a c e .
W EB S ER V ER C OMMAN DS 22-17 Example Related Commands ip http por t (22-16) ip http secure-server This com mand enabl es t he se cure h yper tex t tr ansfe r prot ocol (H TTPS) over the Se cure Socket Laye r (SSL ), pr oviding se cure acces s (i. e.
U SER A UT HE N T IC AT ION C OMMA NDS 22-18 • Th e clie nt an d serve r esta blish a se cure encryp ted c onnec tio n. A padl ock icon shou ld appe ar in the statu s bar f or Inte rnet Explo rer 5.
W EB S ER V ER C OMMAN DS 22-19 Default Setting 443 Command Mode Glob al Conf igura tion Command Usage • You canno t con fig ure th e HTT P and H TTPS s ervers to us e th e sam e port .
U SER A UT HE N T IC AT ION C OMMA NDS 22-20 Teln et Se rver Comm ands This sect ion descr ibes com mand s used to c onf igur e T elnet ma nagement acces s to the sw itc h. ip telnet server Th is command allows this device to be monitored or configured from T eln et.
S ECUR E S HELL C OMMAN DS 22-21 Secure Shell Commands This sect ion de scr ibes t he co mmands used to co nfig ure t he SSH server . Note that you also need to install a SSH client on the manag ement station when using this p roto col to co nfig ure t he sw itc h.
U SER A UT HE N T IC AT ION C OMMA NDS 22-22 Confi gurat ion Guide lines The SSH ser v er on this swi tc h su pports b oth passw ord and publ ic k ey auth enti cati on.
S ECUR E S HELL C OMMAN DS 22-23 1024 35 134 1081685 60989392 1040944 9201554 2534763 1641921 8729589 2114317 3880 0555361 6163105 1775940 8386863 1109291 2322268 2851925 4374603 1009371 87721199696 3.
U SER A UT HE N T IC AT ION C OMMA NDS 22-24 c. If a mat ch is found, t he s witc h uses its s ecre t ke y to genera te a random 256-bit string as a challenge, encr ypts this strin g with the user’ s publ ic key , and se nds it t o the clie nt.
S ECUR E S HELL C OMMAN DS 22-25 ip ssh server This com mand ena bles the Secu re Sh ell ( SSH) server on t his sw itc h. Us e the no f o rm t o d i s a b l e t h i s s e rv i c e . Synta x [ no ] ip ssh ser ve r Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage • The S SH serv er sup ports up to four clie nt sess ions.
U SER A UT HE N T IC AT ION C OMMA NDS 22-26 ip ssh timeout This com mand con fig ures the timeo ut fo r the SSH se r ver . Use the no for m to restor e the d efault set ting . Synta x ip ssh timeout seconds no ip ssh tim eout seconds – T he timeout for client re sponse du ring SSH ne g otiatio n.
S ECUR E S HELL C OMMAN DS 22-27 ip ssh authentication-ret ries This com mand con fig ures t he n umber o f ti mes the SSH s er v er att empts to reau thentic ate a user .
U SER A UT HE N T IC AT ION C OMMA NDS 22-28 Command Usage The se rver key is a pri vate key that is never s hared o utsid e th e swit ch. The host key is shared with the SSH client, and is fixed at 1024 bits. Example delete public-key This comma nd del etes t he sp ecifie d user’ s publi c k ey .
S ECUR E S HELL C OMMAN DS 22-29 Default Setting Gener ates bo th the DSA and R SA key pa irs . Command Mode Pri vile ged Ex ec Command Usage • The switc h uses only RSA Version 1 fo r SSHv1.5 clients and DSA Version 2 for SSHv2 clients. • This comman d st ores the ho st ke y pa ir in me mory (i.
U SER A UT HE N T IC AT ION C OMMA NDS 22-30 Command Mode Pri vile ged Ex ec Command Usage • Thi s com mand cl ears t he host key from volati le memo ry (R AM). Us e the no ip ssh save host -ke y command t o clear the ho st key from fla sh memory. • The SSH server must be d isabl ed be fore yo u can exe cute t his command.
S ECUR E S HELL C OMMAN DS 22-31 sho w ip ssh This com mand displ ays the conn ecti on se ttin gs used wh en authe nti cating clie nt acc ess to the SS H ser v er . Command Mode Pri vile ged Ex ec Example show ssh This com mand disp la ys t he current S SH server conne cti ons .
U SER A UT HE N T IC AT ION C OMMA NDS 22-32 show public-key This com mand sho ws the p ubli c k ey f or th e spe cifie d use r or for the ho st. Synta x show publi c-key [ user [ user name ]| host ] user name – Name of an SSH user . (Ran ge: 1-8 ch aract ers) Default Setting Shows all public key s .
S ECUR E S HELL C OMMAN DS 22-33 Command Mode Pri vile ged Ex ec Command Usage • If n o paramet ers are ent ered, all keys are dis playe d. If th e user key word is en tered , but n o use r name is sp ecified , th en t he pub lic key s for a ll user s are disp layed .
U SER A UT HE N T IC AT ION C OMMA NDS 22-34 802.1 X Port Authe nticati on The swit c h suppor ts IEEE 802.1X (dot1x) por t-based access control that prev ents unaut hori zed ac cess to t he netw ork b y requ iri ng users to f irst sub mit cr edent ials for authent icat ion.
802. 1X P ORT A UTHENTICATION 22-35 dot1x system-auth- control This comm and enables IEEE 802.1X por t authentication globally on the switch. Us e the no for m to res tore the default.
U SER A UT HE N T IC AT ION C OMMA NDS 22-36 dot1x max-req Th is comm and sets th e maximum number of times the switch por t will retransmit an EAP request/iden tity pack et to the c lient before it time s out the au then ticatio n sess ion. Use th e no for m to rest ore the default.
802. 1X P ORT A UTHENTICATION 22-37 Default forc e-au thor ized Command Mode Interf ace Conf i gur ation Example dot1x operation-mo de Th is command allows single or multiple host s (clients) t o connect to an 802.1X-authorized por t. Use the no for m with no k eyw ords to rest ore t he defau lt to sing le host.
U SER A UT HE N T IC AT ION C OMMA NDS 22-38 • In “mult i-ho st” mode , only on e host conn ect ed to a port need s to pass au then tic atio n f or al l ot her h ost s to be grant ed netw or k acce ss.
802. 1X P ORT A UTHENTICATION 22-39 dot1x re-authentication Th is command enable s periodic re-authe ntication for a spec ified por t. Use the no for m to d isabl e re-a uthe ntic ation .
U SER A UT HE N T IC AT ION C OMMA NDS 22-40 Default 60 seconds Command Mode Interf ace Conf i gur ation Example dot1x timeo ut re-authperiod This c ommand s ets the time pe riod after whi ch a conn ected cli ent mus t be re-aut henti cated. Us e th e no for m of this comman d to reset the defau lt.
802. 1X P ORT A UTHENTICATION 22-41 dot1x timeo ut tx-period Th is command se ts the time that an inter face on the switch waits during an auth entica tion sess ion bef ore re-t rans mitti ng an EAP pa cket. Use the no form to r ese t to the defa ul t v alue .
U SER A UT HE N T IC AT ION C OMMA NDS 22-42 Command Usage Th is command displays the following in for matio n: • Global 802.1X Parameters – Shows whether or not 802.1X port authentication is globally enabled on the switch. • 802.1X Port Summary – Dis plays the p ort ac cess control p ara meters for each interface that has enabled 802.
802. 1X P ORT A UTHENTICATION 22-43 - Port-c ontro l – Shows the do t1x mode o n a por t as a uto , force -authori zed, or for ce-unaut horiz ed (page 22-3 6). - S upplicant – MA C address of authorized client . - Current Identifier – The integer (0-255) used by the Authe nticato r to iden tify the c urrent au then tica ti on s essi on.
U SER A UT HE N T IC AT ION C OMMA NDS 22-44 Example Console#show dot1x Global 802.1X Parameter s system-auth-control: e nable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 disabled Single-Host ForceAuthorized n/a .
M ANAG EM ENT IP F ILT E R C OMMAN DS 22-45 Manage ment IP Filte r Comman ds This sect ion de scr ibes comm ands u sed to c onfigu re IP mana gement acces s to the sw itc h. management This com mand sp ecifies the clien t IP a ddress es t hat a re allo wed man agement acces s to the s wit ch thr ough v ar ious p rot ocols .
U SER A UT HE N T IC AT ION C OMMA NDS 22-46 Command Usage • If an yone tr ies to acc ess a managem ent interfa ce on the s witch from an invalid addr ess, the s witch will re ject the connection , enter an event message in the sy stem log, and se nd a tra p messa ge to the trap manager.
M ANAG EM ENT IP F ILT E R C OMMAN DS 22-47 Command Mode Pri vile ged Ex ec Example Console#show management all-client Management Ip Filter HTTP-Client: Start IP address End IP address ----------------------- ------------------------ 1. 192.168.1.19 192.
U SER A UT HE N T IC AT ION C OMMA NDS 22-48.
23-1 C HAPTER 23 C LIEN T S ECURITY C OMMANDS Th is switch suppo rt s many meth ods of seg r egatin g traffic for clients attache d to ea c h of th e da ta por ts, and for ensu ring that only autho rized clie nts gain a ccess to t he ne tw ork. P ri v a te VL ANs and po rt-bas ed authentica tion using IEEE 802.
C LIE NT S ECURITY C OMMA NDS 23-2 Port Security Commands These comm ands can be used t o en able port securi ty on a port. When usin g por t secu rity , th e swit ch stops lea r ning new MA C add resse s on th e specified por t whe n it has reached a configured maximum n umber .
P OR T S ECURITY C OMMAN DS 23-3 port secur ity This com mand ena bles or co nfigure s port securi ty . Us e th e no for m with ou t a ny k eyw ords to dis able po r t s ecu rity .
C LIE NT S ECURITY C OMMA NDS 23-4 Command Usage • If y ou ena ble port secu rity, t he sw itch st ops learn ing new MAC addre sses on the sp ecifie d po rt wh en it has r each ed a co nfig ured maxi mum n umber . Onl y inco ming tr affic wi th s ource a ddr esses already stored in the dynamic or static address tab le will be accepted.
P ACK ET F ILTERING C OMMAN DS 23-5 Packet Fi lteri ng Comm and s This sect ion de scr ibes co mmand s u sed t o conf igure p ac ke t f ilter ing fo r inbound traffic .
C LIE NT S ECURITY C OMMA NDS 23-6 Default Setting Disabled Command Mode Glob al Conf igura tion Command Usage • Bo th the s peci fied s ource M AC addr ess and so urce IP ad dre ss for an entry must be ma tched to satisfy the filter ing rule . Any pac ket match ing a sp ecified en try i s dro pped at the i npu t po rt.
P ACK ET F ILTERING C OMMAN DS 23-7 filter netbios Th is comm and filte rs NetBIO S 30 p ac k ets en teri ng th e spec ifi ed in put por t. Synta x filter ne tbios { add | del } interface • add - E nables Ne tBIOS fi ltering . • del - Disable s NetBIOS filter ing .
C LIE NT S ECURITY C OMMA NDS 23-8 • This sw itch provides a total of 7 masks for filtering functions, including IP -MAC addres s packet filt ering, NetBIOS packet filte ring, DHCP p acket fil terin g, and AC Ls. Th ree masks are all ocate d to NetBIOS pack et filtering if enabled o n any interface.
P ACK ET F ILTERING C OMMAN DS 23-9 packet filter ing if enabled o n any inte rface. This mask will be release d for use by other filter ing functio ns if DHCP p acket filter ing is disabled on all interfaces. Example filter dhcp This com mand filter s DHCP r eply pa cket s .
C LIE NT S ECURITY C OMMA NDS 23-10 for use by other filter ing functio ns if DHCP p acket filter ing is disabled on all interfaces. Example sho w fi lter This com mand displ ays the pac k et fi lter s ett ings .
IP S OURCE G UAR D C OMMAN DS 23-11 IP Sourc e Guard Comman ds IP Source Guard is a security f eature that filters IP traffic on net w ork interfaces based on manually configur ed entr ies in the I P .
C LIE NT S ECURITY C OMMA NDS 23-12 Default Setting Disabled Command Mode Int erface Co nf igur atio n (E thernet) Command Usage • Sourc e guar d is used to fil ter traffic on an un secure port whic.
IP S OURCE G UAR D C OMMAN DS 23-13 found in the bind ing tab le an d the entr y typ e is sta tic I P sou rce g uard binding, the packet will be forwarded. - If the DHCP snoo ping is enab led, I P sour ce guar d will che ck the VLAN ID, sou rce IP addre ss, port n umbe r, and sou rce M AC addre ss ( for th e sip- mac op tio n).
C LIE NT S ECURITY C OMMA NDS 23-14 ip source-g uard binding This comma nd ad ds a st atic add ress t o the source -gu ard bind ing table . Use the no for m to remo ve a sta tic entry .
IP S OURCE G UAR D C OMMAN DS 23-15 - If there is an ent ry with s ame VL AN I D and M AC a ddres s, and the typ e of en tr y is st atic I P s ource g uard b ind ing , then the n ew entr y wil l repl ace the o ld o ne.
C LIE NT S ECURITY C OMMA NDS 23-16 show ip sou rce-guard bindin g This co mmand sh ow s th e sour ce gu ard b ind ing tabl e . Command Mode Pri vile ged Ex ec Example Conso le#s how i p sou rce- guar.
DHCP S NOOPING C OMMAN DS 23-17 DHCP Snoopi ng Commands DHCP sn oopin g allows a sw itch to prot ect a ne twork from r ogue DH CP ser v ers or oth er devices whic h s end p ort-related in for mation t o a D HCP ser v er . This infor mation ca n be usefu l in trac king an IP add ress b ack to a ph ysical port.
C LIE NT S ECURITY C OMMA NDS 23-18 ip dhcp snooping Th is command enable s DHCP snoopin g globally . Use the no for m to restor e the d efault set ting .
DHCP S NOOPING C OMMAN DS 23-19 forwarde d for a truste d port . If th e re ceiv ed pack et is a DH CP A CK messa ge, a dynami c DHCP s noop ing e ntry is als o adde d to the bi ndin g tabl e.
C LIE NT S ECURITY C OMMA NDS 23-20 from a DHCP serv er, any p ackets recei ved from untr usted p orts ar e drop ped. Example Th is example enables DHCP sn ooping glo bally for the switch.
DHCP S NOOPING C OMMAN DS 23-21 • Whe n DHC P sn ooping i s g loball y en abled , con figurat ion c han ges fo r speci fic VLA Ns have th e fol lowing effe cts: - If DHCP snoopi ng is dis abled o n a VLAN, all d ynamic bin dings learned for this VL AN are removed from th e binding table.
C LIE NT S ECURITY C OMMA NDS 23-22 Related Commands ip dhcp snooping (23-18) ip dhcp snooping vlan (23-20) ip dhcp snooping tr ust (23-24) ip dhcp snooping databas e write Th is command write s all dynamically lear ned sn ooping entries to flash memor y .
DHCP S NOOPING C OMMAN DS 23-23 Command Usage • This comman d applies to all VDSL ports. W hen set, it will auto mati cally c onvert an add ress assi gned t o an at tach ed CPE b y a DHCP ser ver to a sta tic en try in the M AC a ddr ess tab le.
C LIE NT S ECURITY C OMMA NDS 23-24 acknowledg em ent p ackets sent by the DHCP ser ver in res ponse t o host requests will be block ed by the switch. Example Th is example sets the client lim it to its maximum value on port 5. ip dhcp snooping tr ust This com mand con fig ures t he sp ecifie d inte rface as trusted.
DHCP S NOOPING C OMMAN DS 23-25 • Additional considerations when the switc h itself is a DHCP client – The p ort(s ) thro ugh w hich i t subm its a clie nt re ques t to th e DHC P serv er mu st be conf ig ured a s tru ste d. Example Th is example sets po r t 5 to untr usted .
C LIE NT S ECURITY C OMMA NDS 23-26 show ip dhcp s nooping bindin g Th is comm and shows the DHC P snoo ping bi nding table entrie s . Command Mode Pri vile ged Ex ec Example Conso le#s how ip dhc p s.
24-1 C HAPTER 24 A CCESS C ONTROL L IST C OMMANDS Acce ss Co ntrol Lists (A CL) pro vide pac k et fi lteri ng f or IP fr ames (bas ed on add ress , pro toco l, La yer 4 protoc ol po rt nu mber o r TCP control code ), or any fra mes (b ased on MA C addr ess or Ethe r net type).
A CCESS C ONTR OL L IST C OMMANDS 24-2 IP AC Ls Th e commands in this section configure A CLs based on IP addresse s , TCP/ UDP po r t n umber , pr otoc ol t ype , an d TCP c ontr ol c ode .
IP A CL S 24-3 access-list ip This command adds an IP acc ess list and ente rs config uration mod e for stand ard or ex tende d IP A CLs . Us e the no f or m to remove the spe cified AC L . Synta x [ no ] access-l ist ip { st andard | e xtended } acl_ name • standard – Specifies an ACL that filters p ackets b ased on the so urce IP add ress.
A CCESS C ONTR OL L IST C OMMANDS 24-4 permit , deny (Standar d IP ACL) This command adds a r ule to a Standa rd IP A CL. The r ule sets a filter con ditio n for pac k ets emanat in g from the spec ifie d sou rce . Us e the no f o rm t o r e m o v e a ru l e .
IP A CL S 24-5 permit , deny (Extended IP ACL) This command adds a r ule to an Ext ended IP A CL. T he rule sets a filter condit ion for packets with specific so urce or dest ination IP addre sses , pro toco l type s , source or dest in ation pr otocol po rts , or T CP con trol codes .
A CCESS C ONTR OL L IST C OMMANDS 24-6 • control- flags – Decimal number ( repre sen ting a bit st ring) that sp ecifie s flag bits in byte 14 of the TCP header. (Range: 0-63) • flag-bitmask – Decimal number rep resen ting the c ode b its t o match .
IP A CL S 24-7 Example This examp le acc epts any i ncomi ng pac k ets if th e sour ce addre ss i s wit hin subnet 10.7.1.x. F or example , if the r ule is matched; i.e ., the r u le (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.
A CCESS C ONTR OL L IST C OMMANDS 24-8 Example Related Commands per mit, deny 2 4-4 ip acce ss-g roup (24-14) access- list ip ma sk-preceden ce This com mand cha nges to the IP Mas k mod e used to co nfig ure acc ess contro l mask s . Us e th e no for m to de lete the ma sk t ab le .
IP A CL S 24-9 Example Related Commands mask (IP A CL ) (24-9) ip acce ss-g roup (24-14) mask (IP ACL) This command defines a mas k for IP A CLs . This mask defines the fields to c hec k in th e IP he ader .
A CCESS C ONTR OL L IST C OMMANDS 24-10 Default Setting None Command Mode IP M ask Command Usage • Packet s cross ing a port are che cked ag ainst all t he rules in the A CL unti l a ma tch is fo und. The o rde r in which th ese p acke ts are ch eck ed is dete rmined by the mask , and no t the o rder in w hich the ACL rule s were entered.
IP A CL S 24-11 This sho w s t hat the entr ies in the mask o verride the pre cedenc e in whic h the r ules are en tered into the A CL. In the fol lo wing exampl e, pac kets wit h the source addre ss 10.1.1.1 are dr op ped be cause t he “den y 10.1.
A CCESS C ONTR OL L IST C OMMANDS 24-12 This sho ws ho w to cr eate an exten ded A CL with an egress mas k to drop pack ets leavin g netw ork 171.69.198.0 when the Layer 4 source port is 23. Console(config)#access- list ip extended A3 Console(config-ext-acl) #deny host 171.
IP A CL S 24-13 This is a more co mpre hens iv e example . It deni es a ny TCP pac k ets in which th e SYN bit is ON , and p er mi ts all ot her pa c kets . It the n sets th e ing res s mask to check the de ny r u le firs t, and f inally bi nds po r t 1 to th is A CL.
A CCESS C ONTR OL L IST C OMMANDS 24-14 show access-list ip mask-precedence Th is comm and shows the ing r ess or e g ress r ule masks for IP A CL s . Synta x show access- list ip mask-precedence [ in | out ] • in – Ingr ess mas k pr eceden ce for i ngr ess A CLs.
IP A CL S 24-15 Command Usage • A p ort c an only be boun d to one A CL. • If a port is a lread y bound t o an ACL and you bi nd it to a diff erent ACL, the sw itch will replace the old binding wit h the new o ne. • You mu st co nfig ure a m ask fo r an A CL ru le be fore yo u can bi nd i t to a po rt.
A CCESS C ONTR OL L IST C OMMANDS 24-16 MAC ACLs Th e commands in this section configure A CLs based on hardware addr esse s , packet for ma t, and Ethe r net ty pe.
MAC ACL S 24-17 access- list mac This command adds a MA C acce ss list an d en ters M A C A CL conf iguration mode. Use t he no for m to remo v e the sp ecifie d A CL.
A CCESS C ONTR OL L IST C OMMANDS 24-18 permit , deny (MAC ACL) This c ommand adds a r ule to a MA C A CL. The r ul e filters pack ets matching a specified MA C source or de stination ad dress (i.e., physical lay er addr ess), or Et her net prot ocol ty pe.
MAC ACL S 24-19 • sourc e – Sour ce MAC address. • destination – Destinat ion MAC addr es s rang e with bi tmas k. • address- bitmask 33 – B itmas k for MA C addr ess (in hexide cim al format). • vid – VLAN ID. (R ange: 1-4093) • vid-bi tmask 33 – VLAN bitmask .
A CCESS C ONTR OL L IST C OMMANDS 24-20 show mac a ccess-lis t Th is command displays the r ules for configured MAC A CLs . Synta x show mac access-l ist [ acl_name ] acl _nam e – Name o f the A C L.
MAC ACL S 24-21 Command Usage • You mu st co nfig ure a m ask fo r an A CL ru le be fore yo u can bi nd i t to a po rt or set the qu eue or fram e prio riti es a ssoc iated w ith t he rule . • A mask c an only be use d by all ing ress AC Ls or all e gress ACL s.
A CCESS C ONTR OL L IST C OMMANDS 24-22 • ether type – Check th e Eth ernet t ype fi eld. • ether ty pe-bit mask – Ethe rnet type of r ul e mus t ma tc h this b itmas k. Default Setting None Command Mode MA C Mask Command Usage • Up to seve n mas ks can be ass ig ned t o an i ngr ess or e gress ACL.
MAC ACL S 24-23 Example This examp le s ho ws ho w to creat e an I ngress MA C A CL and bin d it t o a port. You can then see t hat the o rder o f the rules have b een ch anged by the mas k.
A CCESS C ONTR OL L IST C OMMANDS 24-24 This examp le cre ates an Egress MA C A CL. show access -list mac mask-precedence Th is comm and shows the ing r ess or e g ress r ule masks for MA C A CL s . Synta x show access- list mac mask-precedence [ in | out ] • in – Ingr ess mas k pr eceden ce for i ngr ess A CLs.
MAC ACL S 24-25 mac acc ess-group Th is comm and binds a por t to a MA C A C L. Use the no for m to remo ve the p or t. Synta x mac access-gro up acl_ nam e in • acl_na me – Name of th e ACL. (Maximum le ngth: 1 6 characte rs) • in – Indic ates that th is list applies to ingress packe ts.
A CCESS C ONTR OL L IST C OMMANDS 24-26 show mac a ccess-gro up This co mmand sh ow s th e ports as sign ed to M A C A C Ls . Command Mode Pri vile ged Ex ec Example Related Commands mac access-g roup (24-25) ACL Informatio n Th is section d escribes c ommands used to dis play A CL infor mation.
ACL I NFOR MATION 24-27 Example show access-group Th is comm and shows the por t as signment s of IP A CLs . Command Mode Pri vile ged Ex ecuti ve Example Console#show access-lis t IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255 .
A CCESS C ONTR OL L IST C OMMANDS 24-28.
25-1 C HAPTER 25 I NTERFACE C OMMANDS These comm ands are us ed to d ispla y o r set comm unication par ameters for an Eth ernet port, ag g regated link, o r VLAN .
I NTE RF A CE C OMMANDS 25-2 interface This com mand con fig ures an inter face type and ente r inter face config urati on m ode. Use the no for m to remo v e a tr unk. Synta x interf ace interfac e no interface port-channel cha nnel -id • interface • ethernet unit / port - unit - Stack un it.
DESC RI PTI ON 25-3 description This comma nd adds a des criptio n to an i nter face . Us e the no for m t o remove the de scri ption. Synta x description str in g no description string - Commen t or a desc ription t o help you rememb er wha t is attached to this int erface.
I NTE RF A CE C OMMANDS 25-4 Default Setting • A uto -negotiat ion is permane ntly disa bled on Ports 1-16, and enabled by default on Por ts 17-19. • When auto-n egot iati on i s disa bled , the d.
NE GOTIATION 25-5 negotiation Th is command enable s autoneg otiation for a giv en interface. Use the no form to d isab le a utonegotia tio n. Synta x [ no ] negotiation Default Setting P or ts 1-16: .
I NTE RF A CE C OMMANDS 25-6 capabilities Th is command advertise s the po rt ca pabilities of a given interface during au tone gotia tio n. Use the no for m w ith par ameters to remove an advert ised capabilit y , or the no for m without p aramete rs to restor e the d efault values .
FLOWCONTR OL 25-7 manually sp ecify t he lin k att ributes with the speed-duplex and flow co nt ro l commands. Example Th e follo wing example configures Ether net por t 5 capabilities to include 100half and 100full. Related Commands neg otiation (25-5) speed-duplex (25-3) flowco ntrol (25-7) flowcontrol This comma nd ena bles flow con trol.
I NTE RF A CE C OMMANDS 25-8 • To force flow cont rol on or of f (w ith t he flowcontrol or no flow co nt ro l com mand ), use the no negotiation command to disable auto-neg otiat ion on the sele cted in terfac e.
SWITCHPOR T MDIX 25-9 • copper-forced - Always uses the built -in RJ-45 port. • sfp-forced - Al ways uses the SFP port (even if mod ule not installed). • sfp-preferred- auto - Uses SFP po rt if both comb ination types are functioning and the SFP port has a valid link.
I NTE RF A CE C OMMANDS 25-10 Command Mode Int erface Co nf igur atio n (E thernet - P or t 1 7-18 ) Command Usage Auto-ne gotiatio n must be e nabled to use the “aut o” option for this comm and . It must be di sa bled to fo rce th e pin ou t set ting to on e o f the fixed modes of “no rmal” (MDI) or “crossover ” (MDI-X).
SW ITC HPO RT PACK ET - RATE 25-11 Example The follo win g example di sabl es port 5. switchport packet-rate This com mand con fig ures b roadcas t and m ulticast and un kno wn unicast storm control . Use the no for m to re store the defau lt setting.
I NTE RF A CE C OMMANDS 25-12 Example The following shows ho w to configure broadcast storm control at 600 packet s per se con d: clear counters This com mand cl ears st atis tics on an interfa ce . Synta x clear counters in terface interface • ethernet unit / port - unit - Stack un it.
SHO W IN TE R FA C ES STATUS 25-13 show i nterfa ces st atus Th is command displays the status for an interface. Synta x sho w interfaces status [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er .
I NTE RF A CE C OMMANDS 25-14 Example show interfaces counters Th is command displays interface statistic s . Synta x show interfaces counter s [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er .
SHOW IN TE R FA C ES COUN TERS 25-15 Command Mode Nor m al Exe c, Pri vileged Exec Command Usage If no inte rface is specified , infor mation on all in terfaces is dis played. F or a descri ptio n of t he items dis play ed b y thi s co mmand, s ee “Showing Port S tatistic s” on pag e 9-29.
I NTE RF A CE C OMMANDS 25-16 sho w interfa ces swit chpo rt Th is command displays the adminis trati ve and ope rational status of the specified interfaces . Synta x show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - Stack un it.
SHOW INTERFAC ES SWITCHPORT 25-17 Table 25-2 show interfaces switchport - display description Field Description Broadcas t threshol d Shows if broadc ast storm suppression is enabled or disabl ed; if enabl ed it also shows the thre shold level (page 25-11).
I NTE RF A CE C OMMANDS 25-18.
26-1 C HAPTER 26 L INK A GGREG ATION C OMMANDS P or ts c an be statically g ro uped into an ag g reg ate link (i.e., tr unk) to incre ase t he band widt h of a ne twork conne ction or to en sure fa ult recover y .
L IN K A GG R E G A T I O N C OMMANDS 26-2 Guidelines for Creating Trunks General Guidelines – • Finish co nfig uri ng port tr unks be fore you con nect the co rresp on ding netw ork ca ble s bet ween swit ches to a voi d creat in g a l oop. • A trunk can have u p to 8 ports.
CHANNEL - GR OUP 26-3 • If the port chann el admi n key (lacp adm in key - Port Chann el) is not set w hen a channe l group is formed (i.e., it has t he null value o f 0), this key is s et to t he same value a s th e port ad min key (la cp adm in key - Ether net Int erf ace) used by the in terfac es th at joi ned the g roup.
L IN K A GG R E G A T I O N C OMMANDS 26-4 Example The follo wing exampl e crea tes t r unk 1 a nd then add s port 11: lacp This comm and enables 802.3ad Link Ag g reg ation Control Protocol (LA CP) for th e cur re nt inter face. Use the no for m to disable it.
LACP 26-5 Example Th e fo llowing shows LA CP ena bled on po rts 10- 12. Bec aus e LA CP has also been e nabl ed on the p orts at th e oth er end of the li nks , the show interfaces status por t-channel 1 comman d shows tha t T r un k1 has been establish ed.
L IN K A GG R E G A T I O N C OMMANDS 26-6 lacp system-priority This comman d confi gure s a port's LA CP syste m prio rity . Use the no for m to re stor e the defa ult se tting . Synta x lac p { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The lo cal si de an a ggregate li nk.
LACP ADMI N - KE Y (E THER NE T I NTERFACE ) 26-7 lacp admin-key (Ethernet In te rfa ce) Th is comm and configur es a po rt 's LA CP admi nistr ation key .
L IN K A GG R E G A T I O N C OMMANDS 26-8 lacp admin-key ( Port Channel) This comma nd con figures a port c hannel 's L A CP adminis trati on k ey st ring .
LACP POR T - PRIO RITY 26-9 lacp port-prio rity This comman d con figu res LA CP p ort priori ty . Use th e no for m t o r es to re the d efault s ettin g . Synta x lac p { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The lo cal si de an a ggregate li nk.
L IN K A GG R E G A T I O N C OMMANDS 26-10 sho w lac p Th is command displays LA CP infor mati on. Synta x sho w lacp [ po r t -chann el ] { co unters | inter nal | neighbors | sys-id } • port-chan nel - Local identifier for a link aggregation group.
SHOW LACP 26-11 Table 26-2 show lacp counte rs - display description Field Description LACPDUs Sent Number of valid LA CPDUs transm itted from this ch annel group. LACPDUs Received Number of valid LACP DUs received on this ch annel group. Marker S ent Numbe r of vali d Ma rker PDU s tran smitted fr om t his channel gr oup.
L IN K A GG R E G A T I O N C OMMANDS 26-12 LACPDUs Inte rnal Number of seconds bef ore invalidating rec eived LACPDU informat ion. LACP System Priority LACP system priority assigned to this port chann el. LACP Port Priority LACP port prio rity assigned to this interface within the channel group.
SHOW LACP 26-13 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------- ---------------------------------- Eth 1/1 --------------------------------- ------------------.
L IN K A GG R E G A T I O N C OMMANDS 26-14 Console#show lacp sysid Port Channel System Priority System MAC Address ----------------------- ------------------------------------ -------- 1 32768 00-30-.
27-1 C HAPTER 27 M IRRO R P ORT C OMMANDS Th is sec tion des crib es how to mir ror tr affic from a sourc e por t to a targ et por t. port monit or This comma nd confi gures a mirror sessi on.
M IR R OR P ORT C OMMANDS 27-2 Command Usage • You ca n mirror traffic fro m any sourc e port to a destina tion port for real-time analys is. You can then at tach a log ic analyz er or RM ON pr obe to the dest ination port and stu dy the tr affic cros sing th e sou rce port in a comple tely unobtrusive manner.
SHOW POR T MONITOR 27-3 Command Usage This comman d d ispl ays the cu rrently co nfig ured so urce p ort, destina tion por t, and m ir ror m ode (i.e., RX, TX , RX/TX).
M IR R OR P ORT C OMMANDS 27-4.
28-1 C HAPTER 28 R ATE L IMIT C OMMANDS Th is func tion allows the network manag er to cont rol the ma ximum rate for traffic transmitted or receiv ed on an interface . Rate limitin g is config ured on inter faces at the edg e of a network to limit traff ic int o or out of the network.
R ATE L IM IT C OMMANDS 28-2 rate-limit Th is command define s the rate limit for a spec ific interface. Use this comm and wi thout spec ifying a rat e to restore th e default ra te .
RATE - LIMIT TRAP - INPUT 28-3 rate-limit t rap-input This com mand sets an SNMP trap i f traffi c ex c eeds t he co nfigur ed r ate limit. Use the no for m t o restore th e default settin g .
R ATE L IM IT C OMMANDS 28-4 • For furthe r inf ormatio n on the type of notific ation messa ges that c an be sent by the system, refer to the info rmation about tr ap and inform message s d escri bed u nder the snmp-serv er host comm and on page 21-6.
29-1 C HAPTER 29 VDSL C OMMANDS VDSL co mm unic atio n para meters can be set for indi vid ual p orts , or multiple parameters c an be defined in a profile and applied globall y to the swit c h or to a group o f po r ts . Al ar m thr esho lds c an b e de fine d in a prof ile and the n applied globally t o the sw itch or to selecte d por ts .
VDSL C OMMAN DS 29-2 Long-Reach Ethernet Comm ands Th is section d escribes how to config ure communication paramet ers for VDSL p orts suc h as spec ifying dat a ba nd usa ge plan s , setti ng not ch.
L ONG -R EACH E THER NET C OMMAN DS 29-3 lre max- power Sets the maximum aggreg ate downstream or upstream power GC/IC 2 9-22 lre min-protection Configures the minimu m level of impulse noise protect .
VDSL C OMMAN DS 29-4 lre band-plan This comman d set s the frequ enc y bands used fo r VDS L sign als b ased o n a set of pr edef ined plan s . Use th e no for m to res tore the default s tatus . Synta x lre band-plan valu e no lre band-plan va lu e – In dex for a predef ine d ban d plan.
L ONG -R EACH E THER NET C OMMAN DS 29-5 Example This example sets the band plan to 998-640-30000. Related Commands show lre (29-79) Ta bl e 29- 3 V D SL 2 B and Pl an s Index D esignator Number of Bands Reference Docu men t 3 99 8-138-8500 Long Reach 3 4 99 8-138-12000 High Data Rate 4 5 99 8-640-30000 100/100 6 (US1-3, DS1- 3) G.
VDSL C OMMAN DS 29-6 lre option-band This com mand sets t he frequ enc ies to be used f or th e opt ional Upst ream Band 0 (US0 ). Use the no for m to re store the defaul t status . Synta x lr e option-band va l u e no lre opti on- ba nd va lu e – Index of p rede fin ed fr equen cy bo und s for US0.
L ONG -R EACH E THER NET C OMMAN DS 29-7 lre ham-band Th is command sets the Handhe ld Amateur Rad io (HAM ) band th at will be blocked to V DSL s ignals based on de fined freq uencie s . Use the no for m to restor e the default status . Synta x lre ham-band va l u e no lre ham-band va lu e – HAM ba nd mas k.
VDSL C OMMAN DS 29-8 4 RFI-BAND04 3.500 - 3.575 MHz AN NEX F 5 RFI-BAND05 3.500 - 3.800 MHz ETSI 6 RFI-BAND06 3.500 - 4.000 MHz T1E1 7 RFI-BAND07 3.747 - 3.754 MHz ANNEX F 8 RFI-BAND08 3.791 - 3.805 MHz ANNEX F 9 RFI-BAND09 7.000 - 7.100 MHz ANNEX F , ETSI 10 RFI-BAND10 7.
L ONG -R EACH E THER NET C OMMAN DS 29-9 Example This ex amp le set s a HA M ban d no tc h in the trans mitt ed po wer s pectrum in the 10.000 - 10.150 MHz transmissio n band (also called the 30 meter ban d).
VDSL C OMMAN DS 29-10 • Usi ng a HAM ba nd mask p revent s int erferen ce wi th o ther sys tem s (e.g., amateu r radi o) that use n arrow ba nd tra nsmiss ion in th e VDSL frequency band. The sele cted frequency range will not be used to transmit d ata on t he VDSL line.
L ONG -R EACH E THER NET C OMMAN DS 29-11 18 RFI- BAND18 10.005 - 10.1 00 MHz Aerona utical Communica tions 19 RFI- BAND19 10.100 - 10.150 MHz A mateur Radio 20 RFI- BAND20 11.175 - 11.4 00 MHz Aerona utical Communica tions 21 RFI- BAND21 11.600 - 12.
VDSL C OMMAN DS 29-12 Example This ex amp le set s a HA M ban d no tc h in the trans mitt ed po wer s pectrum to a void i nte rfer ence w ith CB radi os . Related Commands show lre regio n-ham-band (29-65) lre ham-band (29-7) lre psd-breakpoints This comma nd set s the num ber of frequen cy bre akpoi nts in the PSD mask.
L ONG -R EACH E THER NET C OMMAN DS 29-13 PSD Mask re quired for compl iance wit h local regulatio ns, or set mask limi ts f or ups tream p ower b ackoff. T he meth od s use d to calculat e these various PSD mask s, and local regulation s governing the power spectrum used on VDSL lines are all d escribed in ITU-T G.
VDSL C OMMAN DS 29-14 Command Mode Glob al Conf igura tion Inte rface Co nf igur atio n (V DSL P ort) Command Usage • Ent er thi s comm and i n gl oba l conf igurat ion m ode t o conf igure freque ncy breakp oin ts for al l VD SL por ts, or in in terfac e mode t o configure them fo r a specific VDSL port.
L ONG -R EACH E THER NET C OMMAN DS 29-15 lre psd-value This com mand define s a po w er lev el for eac h of t he PSD brea kpoi nts . Use the no for m to restor e the defa ult settin g .
VDSL C OMMAN DS 29-16 Example The fol lo wing sets a PSD v alue f or th e fr equency ba nd bo und ed b y breakpoints 1 and 2 to -20 d Bm/Hz on VDSL port 1. Related Commands lre psd-breakpoints (29-12) lre psd-frequen cies (29-13) show lre psd (29-67) lre p sd -mask -l evel (2 9-1 6) lre psd-mask- level This comma nd sets a pred efined PSD mask.
L ONG -R EACH E THER NET C OMMAN DS 29-17 • Th e foll owing tabl e li sts th e pr edefine d ba nd p lans. Example The follo win g specifies a predefin ed mask based on An nex F of ITU-T G .
VDSL C OMMAN DS 29-18 lre pbo-config Th is comm and se ts a mask to re duce th e power sp ectral d ensity ( PSD ) of tran smit ted sig nals at speci fie d fr equency b reakp oin ts fo r ups tream po wer backoff. U se the no for m to r estore th e default s tatus .
L ONG -R EACH E THER NET C OMMAN DS 29-19 • The transceive r will adjust its transmitte d signal to conform to the powe r limitatio ns set by the lre pbo-c onfig command .
VDSL C OMMAN DS 29-20 Command Usage • Enter this co mmand in g lobal co nfigur ation mode to enab le upstr eam power back off for all VDSL ports, or in interface mo de to enable it fo r a V DSL p or t.
L ONG -R EACH E THER NET C OMMAN DS 29-21 lre tone Th is comm and disab les VDSL sig nals at f reque ncies less than or equa l to 640 KHz, 1.1 MHz or 2.2 MH z. Use the no for m to restore the d efault sett ing . Synta x lr e to ne { tx | rx } va l u e no lre tone { tx | rx } • tx – Down stre am ban d pl an.
VDSL C OMMAN DS 29-22 Example Th e fo llowing dis able s all tone bene ath 640 kHz o n the u pstre am ba nd plan. Related Commands show lre tone (29-71) lre max-power This comma nd sets the maxim um ag g regate dow nstream or ups tream po w er . Use th e no for m to r estore the de fault set ting .
L ONG -R EACH E THER NET C OMMAN DS 29-23 Example Th e follo wing sets the maximum downstream power on por t 1 to 14.5 dBm . lre min-pro tection This comma nd con fig ures the minim um level of impulse noise pro tection for all bear er c hann els . Use the no fo r m to re store t he def ault se tti ng .
VDSL C OMMAN DS 29-24 • Note that th is parameter onl y applies to int erleaved channe ls. Refer to ITU-T G.993.2 for a full description of the methods used to calculate th e mini mum leve l of imp ulse no ise pr otect ion. Example lre channel This com mand set s t he c hann el mod e to f ast o r inte rlea v ed.
L ONG -R EACH E THER NET C OMMAN DS 29-25 Related Commands lre interlea ve -max-delay (29-25) lre interleave-m ax-delay This com mand set s t he maxim um interl eav e dela y .
VDSL C OMMAN DS 29-26 Related Commands lre ch annel (29-24) show lre interlea v e-max-delay (29-72) lre datarate Th is command specifies the minimum and maximum data rate for dow nstream an d upstr eam fast or slo w (in terlea v ed) c hannels . Use the no for m to restor e the d efault set ting .
L ONG -R EACH E THER NET C OMMAN DS 29-27 Example Th e following se ts the mi nimum and maximum da ta rates fo r the downst ream fast chan nel on por t 1.
VDSL C OMMAN DS 29-28 Related Commands lre datara te (29-26) lre noise-mgn targ et This com mand con fig ures t he ta rgeted si gnal -to-no ise m argi n that VDSL por ts must ac hieve to succes sfully com plete initializatio n. Use the no for m to re stor e the defa ult se tting .
L ONG -R EACH E THER NET C OMMAN DS 29-29 lre noise-mgn min This com mand con figures the mini m um acceptab le si gnal-t o-nois e mar gin. Use the no for m to resto re the default settin g . Synta x lre noise -mgn min { down | up } va lue no lre noise-mgn min { down | up } • down – Down strea m bands.
VDSL C OMMAN DS 29-30 lre shutdo wn Th is com mand shut s down a VDS L por t. U se t he no f o r m t o re - e n a b l ed a por t. Synta x [ no ] lre shutdown Default Setting All VDS L por ts are op er.
L ONG -R EACH E THER NET C OMMAN DS 29-31 Command Mode Inte rface Co nf igur atio n (V DSL P ort) Command Usage Use th is com mand to trou bleshoo t VDS L conn ecti on or perfor manc e proble ms .
VDSL C OMMAN DS 29-32 Related Commands lre datara te (29-26) lre retraining Th is command manually initiates t he rate adaptation meth od to find the optimal transm ission rat e based on exist ing line cond itions . Use the no for m to disa ble thi s feature.
L ONG -R EACH E THER NET C OMMAN DS 29-33 lre rate-adaption This co mmand ena bles auto matic lin e ra te ad aptat ion , wh ic h can set th e optimal transm ission rat e based on exist ing line cond itions . Use the no for m to disa ble thi s feature.
VDSL C OMMAN DS 29-34 Related Commands lre datara te (29-26) show lre rate-ad aption (29-75 ) lre apply Th is command applies all glo bal VDSL settin gs to each VDSL por t on t he switch or to a specified por t, overwriting any previous sett ings config ured for specific interfaces .
L INE P RO FI L E C OMMAN DS 29-35 Line Profil e Commands Th is section d escribes how to configure a list o f communication para meters such as da ta ra tes and acce pt able noi se ma rgins which can b e appli ed t o a ll VD SL po r ts or to a s ele cted group of p orts .
VDSL C OMMAN DS 29-36 line-profile Th is command ente rs VDSL Line Prof ile configuration mode. Synta x lin e- pro fil e pr ofile-name pr ofil e-name – Name of the profile.
L INE P RO FI L E C OMMAN DS 29-37 Example Th e fo llowing cre ates a VDSL line pr ofile name d so uthp ort . Related Commands show lre line-profile (29- 77) lre line-profile Th is command applies a line profile to selected VDSL por ts . Us e the no for m to r esto re th e defaul t s ettin gs fo r the sel ected ports .
VDSL C OMMAN DS 29-38 Example Th e following applies the line profile named so uthpor t to all VDSL por ts . band-plan This comman d set s the frequ enc y bands used fo r VDS L sign als b ased o n a set of pr edef ined plan s . Use th e no for m to res tore the default s tatus .
L INE P RO FI L E C OMMAN DS 29-39 option-band This com mand sets t he frequ enc ies to be used f or optio nal Upstr eam Band 0 (US0 ). Use the no for m to re store the defaul t status . Synta x option-band va l u e no option-band va lu e – Index of p rede fin ed fr equen cy bo und s for US0.
VDSL C OMMAN DS 29-40 ha m- ba nd Th is command sets the Handhe ld Amateur Rad io (HAM ) band th at will be blocked to V DSL s ignals based on de fined freq uencie s . Use the no for m to restor e the default status . Synta x ham-band valu e no ham-band va lu e – HAM ba nd mas k.
L INE P RO FI L E C OMMAN DS 29-41 region-ham-b and Th is command sets the ham radio band that will be bl ocke d to VDSL sign als based on def ine d usage ty pes . Use t he no for m to rest ore t he default s tatus . Synta x region-ham-band val u e no r e gio n-h am -b and va lu e – HAM ba nd m ask f or d esig nat ed us age ty pe .
VDSL C OMMAN DS 29-42 tone Th is comm and disab les VDSL sig nals at f reque ncies less than or equa l to 640 KHz, 1.1 MHz or 2.2 MH z. Use the no for m to restore the d efault sett ing . Synta x lr e to ne { tx | rx } va l u e no lre tone { tx | rx } • tx – Down stre am ban d pl an.
L INE P RO FI L E C OMMAN DS 29-43 Example Th e fo llowing dis able s all tone bene ath 640 kHz o n the u pstre am ba nd plan. Related Commands lre tone (29-21) max-power This comma nd sets the maxim um ag g regate dow nstream or ups tream po w er . Use th e no for m to r estore the de fault set ting .
VDSL C OMMAN DS 29-44 min-prot ection This comma nd con fig ures the minim um level of impulse noise pro tection for all bear er c ha nnels . Us e th e no fo r m to r est or e the def au lt sett ing . Synta x min-protecti on { down | up } va l u e no max-pow er { dow n | up } • down – Down strea m bands.
L INE P RO FI L E C OMMAN DS 29-45 Related Commands lre min -pr ot ecti on ( 29- 23) channel This com mand set s t he c hann el mod e to f ast o r inte rlea v ed.
VDSL C OMMAN DS 29-46 down/up-max-int er-delay These com man ds se t the ma xim um inter lea v e dela y on a do wn stre am/ upstream c hann el. Use t he no for m to resto re the defaul t settings to the profil e. Synta x { down | up } - max-inter -delay va lu e no { down | up } -m ax -in ter-d el ay • down – Down strea m bands.
L INE P RO FI L E C OMMAN DS 29-47 Related Commands lre interlea ve -max-delay (29-25) down/up-fast /slow-max/min-datar ate Th ese commands s et the maximum/minimum data rate on a fast/s lo w dow nstream/ups tream c hannel. Use the no for m to restor e the defa ult settings to the profile.
VDSL C OMMAN DS 29-48 Example Th e following se ts the mi nimum and maximum da ta rates fo r the downst ream fast chan nel on por t 1. Related Commands lre datara te (29-26) down/up-target -noise-mgn .
L INE P RO FI L E C OMMAN DS 29-49 Example Th e follo wing sets an SNR o f 12 dB for the downstream c hannels and 18 dB for the upstream chann els . Related Commands lre noise-mgn targ et (29-28) down/up-min- noise-mgn These com man ds se t the mi ni mu m accepta ble sign al-to -no ise marg in on a dow nstream/ups tream c hannel.
VDSL C OMMAN DS 29-50 • When ra te adap tation is enabled (see Comman d Usage, pag e 29-32), the sig nal-to-n oise ratio ( SNR) is an in dicator of link quality. The switch its elf has no internal fun ctions to ens ure link quality. T o ensure a stable link, you should add a margin to the the oretical minimum signal -to-no ise rat io (SNR) .
A LA R M P RO FI L E C OMMAN DS 29-51 Alarm Pr ofile Commands Th is sect ion describe s how to c onfigur e a lis t of thre shold v alues for er ror stat es w hich can be applie d a ll VDS L por t s or to a sele cted g rou p of po rts.
VDSL C OMMAN DS 29-52 alarm-profile Th is command ente rs VDSL Alar m Profile configuration mo de. Use the no for m to delete an alar m profile . Synta x [ no ] alar m-profile pr ofile -name pr ofil e-name – Name of the profile.
A LA R M P RO FI L E C OMMAN DS 29-53 Command Usage First cre ate a pr ofile of VDSL alar m thr esholds using th e oth er commands describ ed in this section , then enter Global Configuratio n mode to app ly the profil e to all VDSL por ts on th e sw itch using the lre alar m-profile comma nd.
VDSL C OMMAN DS 29-54 the s tatus o f remo te t ransce ivers is ob tained via t he embed ded operation c hannel (EOC), this in formation may be unavailable for units that are unr eachab le via the EOC d uring a line error c ondition. There fore , no t al l condi tion s m ay alw ays be inc luded in its cur rent status .
A LA R M P RO FI L E C OMMAN DS 29-55 Command Usage • An E rror ed Seco nd is a one-s econd inter val co nta ining on e or m ore CR C anoma lies, or one or more Los s of Si gnal (LOS) or Lo ss of Framing (LOF ) defects.
VDSL C OMMAN DS 29-56 Command Usage This comman d set s the t hresh old for th e n umber of seco nds d urin g which the re is loss of framing within an y 15 minute collecti on inter val for pe rfor mance data.
A LA R M P RO FI L E C OMMAN DS 29-57 notification will be g enerated. (Refer to RFC 3728 for infor mation on this n otification me ssag e.) No more than on e notifica tion wi ll be sent per int er val. Example Th e following se ts the LOLs t hreshold to 15.
VDSL C OMMAN DS 29-58 Example Th e following se ts the LOS s thresh old to 15. thresh-15mi n-lprs This com mand set s t he th resho ld for L oss of P ow er Seconds (LPRs) tha t can o ccur w ithi n any gi v en 15 min utes . Use the no for m to rest ore the defau lt setting .
A LA R M P RO FI L E C OMMAN DS 29-59 thresh-15min-sess This command set s the thresho ld for S ev erely E r rored Seconds (SESs) tha t can occur w ithi n any gi v en 15 m in ute s . Use th e no for m to res tore the defau lt setting . Synta x thresh-15min-sess va l u e val ue – Thre shold for Sev erely Er rored Se conds .
VDSL C OMMAN DS 29-60 thresh-15mi n-uass This comm and se ts th e thre sh old for Un a v aila ble Sec ond s (U ASs ) tha t c an occur withi n an y gi v en 15 m in utes . Use th e no for m to res tore the default sett ing . Synta x thresh-15min- ua ss value val ue – T hreshold for Una v ai lable S eco nds .
D ISPLA YI N G VDSL I NFOR MATION 29-61 Displaying VDSL Inform ation Th is sectio n describe s the comm ands used to disp lay infor matio n on VDSL configurati on settings , signal status , and communication st atistics .
VDSL C OMMAN DS 29-62 show lre band-p lan This comma nd disp la ys t he freq uency b ands us ed for V DSL si gnals . Synta x show lre band-pl an [ unit / port ] • unit - Stack un it.
D ISPLA YI N G VDSL I NFOR MATION 29-63 Command Usage • Us e this comma nd with out th e int erf ace param eter to disp lay t he band plans us ed for all VDS L por ts on the s witch , or wi th an inte rface to disp lay t he b and pl an used for a spe cific p ort.
VDSL C OMMAN DS 29-64 Command Usage • Use this comma nd witho ut th e inter face par ameter to display the option al US 0 ban d used for a ll VDSL p orts on the switc h, or w ith an int erface t o disp lay t he opt ional band used fo r a sp ecific po rt.
D ISPLA YI N G VDSL I NFOR MATION 29-65 Example Th is example sho ws that the HAM band in the 1.810 - 1.825 MHz ra nge is bl oc k ed to VDS L si gna ls f or P or t 1 . Related Commands lre ham-band (29-7) show lre region-ham-b and Th is command dis plays the HAM radio band that is blo cke d to VDSL sign als ba sed on def ine d usage t ypes .
VDSL C OMMAN DS 29-66 Command Usage • Use this comma nd witho ut th e inter face par ameter to display the HAM ban d usage filter us ed for all VD SL port s on the s witch, or with an interface to display the filter use d for a specific port.
D ISPLA YI N G VDSL I NFOR MATION 29-67 Related Commands lre region-ham-band (29-9) sho w lre ps d Th is command displays the pow er level set for each of the PSD brea kpoi nts . Synta x show lre psd [ uni t / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er .
VDSL C OMMAN DS 29-68 Related Commands lre psd-breakpoints (29-12) lre psd-frequen cies (29-13) lre psd-v alue (29-15) show lre psd-mas k-level This comma nd di spla ys t he pr edef ined PSD mask co nfig ured fo r an interface. Synta x show lre psd-mask-l ev el [ uni t / port ] • unit - Stack un it.
D ISPLA YI N G VDSL I NFOR MATION 29-69 Command Usage • Use this comma nd witho ut th e inter face par ameter to display the pred efin ed PSD mask used fo r a ll VDSL po rts on t he sw itch, or w ith an interface to display it used for a specific port.
VDSL C OMMAN DS 29-70 Example This example sho ws that the UPBO mask used for all upstr eam traffic . Related Commands lre pbo-config (29-18) show lre upbo This co mma nd sh ow s if upstream p o wer bac koff is e nabled or disa bled . Synta x show lre upbo [ un it / po rt ] • unit - Stack un it.
D ISPLA YI N G VDSL I NFOR MATION 29-71 transceiver will automatically con trol upstream power backoff based on defa ul t va lu es se t by th e DSP eng ine.
VDSL C OMMAN DS 29-72 Related Commands lre tone (29-21) show lre interleave-ma x-delay This c ommand di spla ys the max im um int erlea ve-del ay t hat can b e use d for dow nstream and u pstream c han nels . Synta x show lre interleave-max- delay [ unit / po rt ] • unit - Stack un it.
D ISPLA YI N G VDSL I NFOR MATION 29-73 show lre datarate Th is command displays the minimum and maximum data rate for dow nstream an d upstr eam fast or slo w (in terleav ed) c hannels . Synta x show lre interleave-del ay [ unit / por t ] • unit - Stack un it.
VDSL C OMMAN DS 29-74 show lre noise-mgn Th is command displays the targ eted signal-to-no ise margin that VDSL por ts must achiev e to successf ully complete initializati on. Synta x show lre noise-mgn [ unit / port ] • unit - Stack un it. (Range: 1) • port - P or t nu mb er .
D ISPLA YI N G VDSL I NFOR MATION 29-75 show lre rate-adapt ion Th is comm and shows if lin e rate adap tatio n which sets the optim al transmiss ion rate based on existin g line condition s is enabled or disabled. Synta x show lre rate-ad aption [ unit / port ] • unit - Stack un it.
VDSL C OMMAN DS 29-76 show lre config This co mmand sho ws th e VDSL co nf igurati on sett ing s for an i nterfa ce . Synta x show lre config [ unit / po rt ] • unit - Stack un it.
D ISPLA YI N G VDSL I NFOR MATION 29-77 Related Commands lre apply (29-34) show lre line-profile Th is command displays a specified line profile wh ic h may be applied sele cted VD SL po rt s . Synta x sho w lre line-profi le [ profile-name ] pr ofil e-name – Name of the profile.
VDSL C OMMAN DS 29-78 Related Commands line-profile (29-36) lre line-profile ( 29-37) show lre alarm-profile Th is command displays a specified alar m profile which may be applied sele cted VD SL po rt s . Synta x sho w lre alar m-pro file [ profi le -nam e ] pr ofil e-name – Name of the profile.
D ISPLA YI N G VDSL I NFOR MATION 29-79 sho w lr e Th is command displays the com munication status of the V DSL line . Synta x sho w lre uni t / port • unit - Stack un it.
VDSL C OMMAN DS 29-80 show lre phys -info Th is command displays physical lay er infor m ation about the VDSL line. Synta x show lre ph ys-info unit / po rt • unit - Stack un it.
D ISPLA YI N G VDSL I NFOR MATION 29-81 Example show lr e rate -inf o Th is command displays rate infor matio n for the VDSL line. Synta x show lre ra te-info [ un it / port ] • unit - Stack un it.
VDSL C OMMAN DS 29-82 Example show lr e perf Th is comm and displays pe rfor man c e infor m ation includ ing common error cond itio ns o ver pr edef ined inter v als for the V DSL lin e . Synta x sho w lre perf [ unit / port ] • unit - Stack un it.
D ISPLA YI N G VDSL I NFOR MATION 29-83 Command Usage Use this c omma nd witho ut the in terface parame ter to s ho w perf or ma nce in for mation f or all VDSL po r ts o n the sw itch, or wi th an interface to display this infor mation for a specific port.
VDSL C OMMAN DS 29-84 Loss of power Number of second s during which there was loss of power Errored seconds N umber of seconds du ring which there was one or m ore CRC a nomalies, or on e or m ore Los.
D ISPLA YI N G VDSL I NFOR MATION 29-85 Ethernet Tr ansmit Performanc e Counter s Frames Number of fram es (unicast, broadcast and multicast) transmitted. Bytes Number of bytes of da ta transmit ted onto the net work. This statis tic can be use d as a re asonabl e indic ation of E thern et utilization .
VDSL C OMMAN DS 29-86 CPE Con figur at ion This sec t i on de scr ibes operat io n and mai nt ena nce (O AM) fun cti ons f or rem ote customer premises equip ment (CPE), including upg rad ing fir mware. oam local clear counter Th is co mman d cl ears sta tisti cal da ta (in VDSL chip) for a specified VDSL por t.
CPE C ONFIGURATION 29-87 Example efm re mo te e ep ro m-w ri te This comma nd ena bles firmware u pg rade o n the CPE. Synta x efm remo te eeprom-write { ena ble | disabl e } Default Setting Disabled .
VDSL C OMMAN DS 29-88 Example This examp le s ho ws ho w to co py B ME fir mwa re fo r CPEs to a r ese r ved buffer o n the swit ch, copy this fir mware to a remot e CPE, and then activate the new fir m w are.
CPE C ONFIGURATION 29-89 Console#configure Console(config)#interfa ce ethernet 1/16 Console(config-if)#oam remote upgrade firmware Console(config)#end Console#show cpe-info 1 /16 Protocol ID: Ikanos EOC Protocol Protocol Version - Majo r: 01 Protocol Version - Mino r: 01 Vendor ID (Value): ffffffff (HEX), -1 (DECIMAL ) Host Application Versio n: 7.
VDSL C OMMAN DS 29-90 Related Commands oam remote upgr ade fir mware (page 29-90) oam remote firmware active (page 29-90) oam remote upgr ade firmware This com mand cop ies BME fir mw are t o th e CPE. Command Mode Interf ace Conf i gur ation Command Usage • BME i ndi cates the Burs t Mo de Eng in e used for di gital sig nal proce ssing.
CPE C ONFIGURATION 29-91 Command Usage • BME i ndi cates the Burs t Mo de Eng in e used for di gital sig nal proce ssing. • This command activate s the firmware version c urrently in inactive stat e. It ca n ther efore be us ed to acti vate the fi rmwa re version copied to the CPE by the oam remote upgrade firmware command (page 29-90).
VDSL C OMMAN DS 29-92 Example Console#s how cpe-in fo 1/1 Protocol ID: Ika nos EOC P rotocol Protocol Version - Major: 01 Protocol Version - Minor: 01 Vendor ID (Value): ffff ffff (HEX) , -1 (DECI MAL) Host Appl ication Ve rsion: 7.2.5r7I K104012 BME Firmw are Versio n: Firmwa re-VTU-R:7 .
30-1 C HAPTER 30 A DDRESS T ABLE C OMMANDS These comm ands are use d to conf igure the ad dre ss tabl e for fil tering spe cifi ed add resse s , dis pla yi ng current entri es , clear ing the tabl e, or set ting the agin g time.
A DDR ES S T AB LE C OMMA NDS 30-2 mac-ad dress- ta ble st atic Th is command map s a static ad dress to a destinatio n po rt in a VLAN . Use the no for m to remo v e an addres s .
CLEAR MAC - ADDR ES S - TAB LE DYNAM IC 30-3 • A st atic addr ess c annot be le arne d on anot her po rt u ntil th e add res s is removed w ith the no form o f this command.
A DDR ES S T AB LE C OMMA NDS 30-4 show mac-addres s-table Th is command shows classes of ent ries in the bridg e-forwarding database. Synta x sho w mac-address-ta ble [ addr ess mac-address [ mask ]] [ interf ace interfac e ] [ vlan vlan -i d ] [ sort { addr ess | vl an | interfa ce }] • mac-address - MAC a ddress.
MAC - ADDRESS - TAB LE AGING - TI ME 30-5 • T he maximum number of addr ess entries is 8191. Example ma c- add res s- ta ble agi ng -ti m e Th is comman d sets the aging time for entries in the addres s table. Use the no for m t o restor e the d efault a ging tim e .
A DDR ES S T AB LE C OMMA NDS 30-6 show mac-addres s-table aging-time Th is command shows the aging time for entries in the address table. Default Setting None Command Mode Pri vile ged Ex ec Example Console#show mac-addres s-table aging-time Aging time: 300 sec.
31-1 C HAPTER 31 S PANNING T REE C OMMANDS This sect ion i ncl udes co mmand s th at con fig ure th e Spann ing T r ee Alg ori thm (STA) globally for the sw itch, and c ommand s that co nfigure ST A fo r the select ed int erface .
S PANNING T RE E C OMMANDS 31-2 revision C onfigures the revision nu mber for the multiple spann ing tree MST 31-14 max-hops Confi gures the m aximum nu mber of hops allowed in the region before a BPD.
S PANNI NG - TR EE 31-3 spanning- tree This com mand enabl es the Span ning T ree Algorithm glo bally for t he swit ch. Use t he no for m to disable it.
S PANNING T RE E C OMMANDS 31-4 spanning- tree mode This com mand sele cts th e span nin g tr ee mode f o r th is swi tc h. Use t he no for m to restor e the defau lt. Synta x spanning-tree mode { stp | rs tp | ms tp } no spanning-tree mode • stp - Spanning Tree Protocol ( IEEE 802.
S PANNING - TREE FO RW AR D - TI ME 31-5 restarts the migrat ion delay t imer and begins using RSTP BPDUs on th at por t. • Mu ltiple S pan ning Tr ee Prot ocol - To allow multiple s panning tre es .
S PANNING T RE E C OMMANDS 31-6 Command Usa ge Th is command sets the maximum time (in seconds) th e root device will w ait before c hang ing s tates (i.e ., dis card ing to learnin g to forw ar din g). This dela y is required b ecause e v er y device m ust re cei v e infor mati on abou t topo log y chan ges before it s tarts to forwa rd fr ames .
S PA N NING - TR EE MAX - AGE 31-7 Related Commands span ning-t ree f orward-time (31 -5) spanning-tree max-age (31-7) spanning- tree max-age This comman d c onfigu res t he sp anni ng tree brid ge maxim um age g lob ally for this switch. Use the no for m to res tore the d efault.
S PANNING T RE E C OMMANDS 31-8 Related Commands span ning-t ree f orward-time (31 -5) span ning-t ree he llo-time (3 1-6 ) spanning- tree priority Th is command configure s the spanning tree prio rity globally for this swit ch. Use t he no for m to res tore the d efault.
S PANNI NG - TR EE PATHCOST METHOD 31-9 spanning- tree pathcost method This comma nd con figures the path co st m ethod u sed fo r Rapid Sp anning T ree and Multip le Spanning T ree.
S PANNING T RE E C OMMANDS 31-10 spanning-tree tr ansmission-limit This comman d confi gur es th e minim um inter v al bet w een th e tran smis sio n of co nsecu ti v e RSTP/ MSTP BPD Us .
MST VLA N 31-11 Related Commands mst vlan (31-11) mst priority ( 31-12) name (31-13) revision (31-14) max-hops (31-14) mst vlan This comman d adds VLA Ns to a spann ing t ree i nsta nce . Us e the no fo r m to remove the specified VLANs . Using the no for m without a ny VLA N parame ters to re mo ve all VLANs .
S PANNING T RE E C OMMANDS 31-12 inst ance (on each b ridg e) with th e same set of VLA Ns. Also , note that RSTP treat s ea ch MSTI regi on as a singl e n ode, conn ecti ng a ll reg io ns to th e Common S pannin g Tree. Example mst priorit y This com mand co nfigure s th e pri ority of a spanni ng tree insta nce .
NAME 31-13 Example name Th is command configure s the name for the multiple spanning tree region in which this swit c h is loca ted. Use the no for m to cl ear t he nam e .
S PANNING T RE E C OMMANDS 31-14 revisi on Th is command configure s the revision number for this multiple spann ing tree configuration of this switch. Use the no for m to res tore th e defau lt. Synta x revision numb er numb er - Revision number of the s panning tree.
SP A N N IN G - TR EE S PANNI NG - DISAB LED 31-15 Default Setting 20 Command Mode MST Configuration Command Usage A n M S T I r e g i o n i s t r e a t e d a s a s i n g l e n o d e b y t h e S T P a n d R S T P prot ocol s . T here fore, th e messag e ag e for BPDUs i nside a n MSTI region is nev er changed.
S PANNING T RE E C OMMANDS 31-16 Example Th is exa mple d isabl es the spanni ng tre e alg orith m for po rt 5. spanning- tree cost This com mand con fig ures the span nin g tre e path cost fo r th e spec ified interface. Use the no form to r est ore the defau lt auto -co nfi gura tion mo de .
S PANNING - TR EE COST 31-17 Default Setting By defaul t, the s yst em aut oma tica lly de te cts the s peed and d upl ex mode used on e ac h p ort, and co nfig ures the path cost acco rdin g to the v alues s h o w n b e l o w . P a t h c o s t “ 0 ” i s u s e d t o i n d i c a t e a u t o - c o n f i g u r a t i o n mode.
S PANNING T RE E C OMMANDS 31-18 spanning- tree port-pr iority This comma nd con figures the pr iorit y for t he spec ified i nterfac e . Use t he no for m t o res tore th e defau lt. Synta x spanning-tree por t-priority priority no spanning-tree por t-priority prio rit y - T he pr iority for a p or t.
SP A N N IN G - TR EE POR TFAST 31-19 Default Setting Disabled Command Mode Inte rface C onfigu ration (E ther ne t, P or t Chan nel) Command Usage • You can enable this op tion if an i nterface i s att ached t o a LAN segmen t th at is at the en d of a brid ged LA N or t o an end no de.
S PANNING T RE E C OMMANDS 31-20 Command Mode Inte rface Co nf igur atio n (E thernet, P or t Ch annel ) Command Usage • T hi s comman d is used to enabl e/dis able the fast spann ing-t ree mode for the se lected port. In this mo de, ports skip th e Discardin g and Learni ng st ates, a nd procee d st raight to Forw ardin g.
S PA N NING - TR EE LINK - TYPE 31-21 spanning- tree link-type This comma nd conf igures the l ink type fo r Rapid Sp annin g T ree a nd Multiple Spann ing T ree.
S PANNING T RE E C OMMANDS 31-22 spanning- tree mst cost This com mand con fig ures t he pat h co st on a spann ing inst ance i n the Multiple Spann ing T ree.
S PANNI NG - TR EE MS T POR T - PRIO RITY 31-23 should be assig ned to int erfaces atta ched t o fast er m edia, an d hi gher values as signe d to interfa ces wit h sl ower media. •U s e t h e no spa nning-tree mst cost comman d to specify auto -con figura tion m ode.
S PANNING T RE E C OMMANDS 31-24 Wher e mor e than one interfa ce is assi gned t he hi gh est p riori ty, th e interface with lowes t numeric identifier w ill be enabled.
SHOW S PANNI NG - TR EE 31-25 Example show s pann ing-tre e This co mmand sh ow s th e conf igur atio n for th e c ommon span nin g tr ee (CST) or for an instanc e within the m ultiple sp anning tree (MST) . Synta x show spanni ng-tree [ interface | mst instance_id ] • interface • ethernet unit / port - unit - Stack un it.
S PANNING T RE E C OMMANDS 31-26 descripti on of the item s displayed for specific interfaces, see “Di splay in g In terfac e Sett ing s” on page 12 -13.
SHOW S PANNING - TR E E MST CONFIGURATION 31-27 show spann ing-tree mst config uration Th is command shows the con figuration of the multiple spannin g tree.
S PANNING T RE E C OMMANDS 31-28.
32-1 C HAPTER 32 VLAN C OMMANDS A VLAN is a g r oup of po r ts that can be locate d anywh ere in the network, but comm unicat e a s thoug h th ey bel ong t o th e sam e ph ysical seg ment.
VLAN C OMMANDS 32-2 GVRP and Br idge Extension Commands GARP V LAN Registra tion Pr otoc ol defi nes a way for swit ches to ex c hang e VLAN info r mation in order to automatically registe r VLAN memb ers on inte rface s a cross the netw ork.
GVRP AND B RIDGE E XTENSION C OMMAN DS 32-3 Command Usage GVRP define s a wa y for switches to exc hange VLAN info r mat ion in order to reg ister VL AN membe rs on p or ts ac ross the net w ork. T his functio n should be enab led to pe r mit a utomatic VLA N registra tion, and to supp or t VLAN s which e xtend b eyond the loca l swit c h.
VLAN C OMMANDS 32-4 swit ch port gvr p This comma nd ena bles GVRP for a p ort. Use the no for m to disable it. Synta x [ no ] s w i t c h p o rt g v rp Default Setting Disabled Command Mode Inte rface Co nf igur atio n (E thernet, P or t Ch annel ) Example show gvrp configuration Th is command shows if GVRP is enabled.
GVRP AND B RIDGE E XTENSION C OMMAN DS 32-5 garp timer Th is command sets th e v alues for the joi n, leav e and leav ea ll timers . Us e the no for m to r estor e the time rs’ default values .
VLAN C OMMANDS 32-6 Example Related Commands show g arp timer (32-6) show garp timer This com mand sho ws the G ARP tim ers f or the s elec ted int er face . Synta x sho w gar p timer [ in te r fa ce ] interface • ethernet unit / port - unit - Stack un it.
E DI TIN G VLA N G RO UP S 32-7 Editing VL AN Groups vlan database Th is command ente rs VLAN database mode . All commands in this mode will take effect immediately . Default Setting None Command Mode Glob al Conf igura tion Command Usage • Use the V LAN dat abas e com mand mo de to add, change, and d elet e VLANs .
VLAN C OMMANDS 32-8 vlan This command con figures a VLAN . Use the no for m to restore the default settings or delete a VLAN . Synta x vlan vlan-id [ name vlan -name ] media ether net [ state { ac t iv e | sus pen d }] no vlan vla n-i d [ name | state ] • vlan - id - ID of configured VLAN.
C ONFIGURING VLAN I NTERFACES 32-9 Related Commands show vlan (32-16) Configur ing VLAN Interf aces interface vlan This com mand ent er s inte rface co nfig uration mode for VLANs, whic h is used to co nfigur e VLA N par amete rs for a ph ysical inte rface .
VLAN C OMMANDS 32-10 Default Setting None Command Mode Glob al Conf igura tion Example Th e followi ng examp le shows how to se t the inte rfac e configu ratio n mode to VLAN 1, and then a ssign an IP add ress to the VLAN: Related Commands shutdown (25-10) switch port mode This com mand con fig ures t he VL AN mem bers hip mode for a p ort.
C ONFIGURING VLAN I NTERFACES 32-11 Example Th e fo llowing shows how to se t the c onfigu rat ion mod e to por t 1, an d then set the s witchpo rt mo de to h ybrid: Related Commands switchpor t acceptable-frame-types (32-11) switch port acceptab le-frame- types This com mand con fig ures t he accept able fra me ty pe s for a port.
VLAN C OMMANDS 32-12 Related Commands switchpor t mode (32-1 0) switchport ingress-filter ing Th is command enables ing ress filt ering for an int erface .
C ONFIGURING VLAN I NTERFACES 32-13 switchport native vlan Th is comm and configur es the P VID (i. e ., defaul t VLAN ID ) for a por t. Use the no for m to restore the default. Synta x s witchpor t nati ve vlan vlan- id no s witchpor t nativ e vlan vlan-i d - Default VLAN ID fo r a port.
VLAN C OMMANDS 32-14 switchport allowed vlan This com mand con fig ures VLA N g roup s on the s electe d in terface . Use the no for m to re store th e default. Synta x s witchpor t allo w ed vlan { add vlan - list [ tagged | untagged ] | rem ov e vlan- list } no s witchpor t allo wed vl an • add vlan- list - List o f VLAN ident ifiers to add.
C ONFIGURING VLAN I NTERFACES 32-15 • I f a VLAN o n the forbidden list fo r an interface is manually added to that in terface , the VLA N is autom atically rem oved from the forbidden list for th at interface.
VLAN C OMMANDS 32-16 Example Th e fo llowing exa mpl e shows how to prevent p or t 1 fr om be ing ad ded to VLAN 3: Displaying VLAN I nformation Th is section d escribes c ommands used to dis play VLAN infor mation. sho w vla n Th is comm and shows VL AN infor matio n.
C ONFIGURING P RI VATE VLAN S 32-17 Example Th e fo llowing exa mpl e shows ho w to display infor mati on fo r VLA N 1: Configur ing Private VLA Ns Pri vate VLA Ns pr o vide port-based securit y and iso lati on be tw een p orts with in t he as sign ed VLA N .
VLAN C OMMANDS 32-18 Default Setting No pri v ate VLANs are defined. No default g r oup exists . Command Mode Glob al Conf igura tion Command Usage • A private VLA N pr ovide s por t-bas ed sec urity an d isol atio n bet we en ports wit hin the VLAN .
C ONFIGURING P RI VATE VLAN S 32-19 sho w pvl an This com mand disp la ys t he co nfigure d p ri va t e VL AN . Command Mode Pri vile ged Ex ec Example This examp le s hows the infor matio n di spla ye d when n o group is d efined. This examp le s ho ws the infor matio n di spla ye d a group is defined.
VLAN C OMMANDS 32-20 Configuring P rotocol-based VLANs The ne tw ork dev ice s re quir ed to supp ort mu lti pl e pr otoc ols canno t be easily g rouped into a common VL AN . This may require non-stan dard devices to pass traffic betw een diff erent VL ANs in order to en com pass all the devices particip ating in a spec ific protoc ol.
C ONFIGURING P RO T O CO L - BA SE D VLAN S 32-21 3. Then map t he pro toco l for eac h interfac e to th e appr opri ate VLA N using t he protocol-vlan protocol-gr oup com mand (Int erface Configuration m ode).
VLAN C OMMANDS 32-22 protocol-vlan prot ocol-group (Configuring Interfaces) Th is comm and maps a pr otoc ol g r oup to a VLAN for the c ur ren t interface.
C ONFIGURING P RO T O CO L - BA SE D VLAN S 32-23 Example Th e following ex ample maps th e traffi c enter ing P or t 1 which matches th e prot ocol type s pecif ied in protoc ol g ro up 1 to V LAN 2 . show protocol-vlan protocol- group Th is comm an d shows the fra me a nd pro toco l typ e as sociat ed wit h prot ocol g r oups.
VLAN C OMMANDS 32-24 show interfaces protoc ol-vlan prot ocol-group Th is comm and shows the mapping from pr otoc ol g rou ps to VL ANs f or the se lect ed i nterfa ces . Synta x sho w i nt erface s prot oc ol-v lan p roto col -group [ inte rface ] interface • ethernet unit / port - unit - Stack un it.
C ONFIGURING IEE E 80 2.1Q T UNNELING 32-25 Configur ing IEEE 802.1Q Tunneling QinQ tunneling uses a single Ser vice Provider VLAN (SPVLAN) for cust ome rs who ha v e mult iple V LANs .
VLAN C OMMANDS 32-26 5. Config ure t he Qin Q tu nnel p ort to joi n t he SPVLAN as a n unt ag ged member ( switchport allowed vlan , page 32-14). 6. Conf igure the SPVLAN ID as the native VID o n the Qi nQ tunne l por t ( switchport native vlan , page 32-1 3).
C ONFIGURING IEE E 80 2.1Q T UNNELING 32-27 • T he packet must have a standard ethertype value of 0x8100 for this comma nd to ta ke effect. Otherwi se, the p riority bits in the ou ter tag are set to z ero.
VLAN C OMMANDS 32-28 to t he s ervice pr ovide r’ s out er ta g. The T ag Pro t ocol I den tifie r ( TPID) of the tunne l por t is us ed for th e oute r tag . T he default is for the standard ethe r type v alue 0x8100, but may b e chan ge d to a non-s ta ndard v a lue usi ng the s witchpo r t dot1q-ether type command (pag e 32-29).
C ONFIGURING IEE E 80 2.1Q T UNNELING 32-29 switchport dot1q-ethertype This comma nd set s the T ag Prot ocol I denti fier (TPID) v alu e of a tu nnel port. U se the no for m to res tore the d efault s ettin g . Synta x s witchpor t dot1q-ether type tpi d no s witchpor t dot1q-ether type tp i d – Set s the e the rtype v alue for 80 2.
VLAN C OMMANDS 32-30 Example Related Commands show interfa ces sw itchpor t (page 25-16) Configur ing VLAN Swapping QinQ t unne lin g uses do uble taggi ng t o pre serve t he cus tomer’ s VL AN tags on tr affic c ro ssing the se rvice p rov ider’s netw ork.
C ONFIGURING VLAN S WAP P IN G 32-31 uplink po r t (using t he co mmand para meter s – input VLA N ID , output VLAN ID , and uplink inte rface). 3. Enter Inter face Co nfigura tion mod e for the upl.
VLAN C OMMANDS 32-32 • VLAN swap pin g on ly su ppor ts o ne-t o- one ma ppi ng of VLA N IDs between a VDSL p ort and a n uplink port . • VLA N IDs must be ma pped for bot h th e upst ream and do wnst rea m direc tion. • T he maximum numbe r of VLAN swap ent ries is 64 per port groups 1-8, 9-16, 17, and 18.
C ONFIGURING VLAN S WAP P IN G 32-33 Example Console#show vlan swap vlan-swap enable ethernet 1/1 invlan outvlan outport 1 100 1/18 ethernet 1/18 invlan outvlan outport 100 1 1/1 Console#.
VLAN C OMMANDS 32-34.
33-1 C HAPTER 33 C LASS OF S ERVICE C OMMAND S Th e commands desc ribed in this sect ion allow y ou to specify wh ich data pac ke ts h av e g reater pre cede nce wh en traffi c is b uffered i n t he swi tc h due to c ong estio n. T his swit c h suppor ts Co S wi th eig ht p riority q ueues for each port.
C LASS OF S ER VICE C OMMA NDS 33-2 priority bit s This command sets the prio rity bits in the VLA N tag of p ack ets s ent b y the CP U . Use the no for m to res tore th e d efault v alue .
P RIORI TY C OMMANDS (L AYER 2) 33-3 Levels,” on page 33-8 for information on how CoS values are mapped to th e ou tput queu es. Example queue mode Th is comman d sets the queue mod e to stric t priority , W eighted R o und-R obin (WR R), or a c ombi nati on of bo th fo r the clas s of s er vice (CoS) priority queue s .
C LASS OF S ER VICE C OMMA NDS 33-4 • Weighted Roun d-Robin (WRR) specifi es a relati ve weig ht of each queue t hat dete rmi nes the percen tag e of se rvice t ime th e swit ch servi ces eac h queue bef ore movi ng on to t he next queue. This prevent s t he head -of-line b lockin g th at can occur with s trict prior ity queuing.
P RIORI TY C OMMANDS (L AYER 2) 33-5 Related Commands priority bits (33-2) priority ipv6 (33 -17) show q ueue mode This com mand sho ws the cu rrent queu e mod e. Default Setting None Command Mode Pri vile ged Ex ec Example switchport priority default This com mand sets a p rior ity for i ncomi ng un tag ged frames .
C LASS OF S ER VICE C OMMA NDS 33-6 Command Usage • T he p receden ce for pr iorit y map ping is IP Port, IP Prece dence o r IP DSC P, an d defa ult s witch port priorit y. • The default p riority applie s for an untagg ed frame r eceiv ed on a port set to a ccep t all frame type s (i.
P RIORI TY C OMMANDS (L AYER 2) 33-7 queue bandwidth Th is comm and assign s weight ed rou nd-rob in (WRR) weight s to the eight cla ss of ser vice ( CoS) prio rit y queues , or s peci fies a h igh -pri ority q ueue when t he queu e mod e is set to h ybrid.
C LASS OF S ER VICE C OMMA NDS 33-8 Example This ex ample assig n WRR weig hts t o p riori ty qu eues 0-5, and str ict p rior ity to queues 6 and 7: Related Commands queue mode (33-3) sho w q ueue ban dwid th ( 33-9) queue cos-map Th is comm and assign s class of ser vice (Co S) values to the priori ty queues (i.
P RIORI TY C OMMANDS (L AYER 2) 33-9 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Chan nel) Command Usage CoS values assig ned at th e ingre ss po rt are als o used at the eg ress por t. This c ommand set s the Co S priority for all interf aces.
C LASS OF S ER VICE C OMMA NDS 33-10 Example show queue cos-map This co mma nd sh ow s th e cla ss of ser vice pri or ity map . Synta x show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er .
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-11 Priorit y Commands (Layer 3 and 4) This sect ion de scri bes co mmand s used to c onfigu re La yer 3 and La yer 4 traf fic prio rity on t he sw itch.
C LASS OF S ER VICE C OMMA NDS 33-12 map ip port (G lobal Configuration) Th is command enables IP por t mapping (i.e., class of se r v ice mapp ing for TCP/UDP soc k ets).
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-13 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Chan nel) Command Usage • T he p receden ce for pr iorit y map ping is IP Port, IP Prece dence o r IP DSC P, an d defa ult s witch port priorit y.
C LASS OF S ER VICE C OMMA NDS 33-14 Example The follo wing ex ample sho ws h o w t o ena ble I P prec eden ce ma ppi ng globally: map ip precedence (Interface Configuration) This command sets IP pre cedenc e priori ty (i.e ., IP T ype o f Ser vice pri or ity ).
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-15 Example Th e fo llowing exa mple shows how to map IP prec edenc e value 1 to C oS va l u e 0 : map ip dscp (Global Configuration) Th is command enables IP DSCP mapp ing (i.e., Differentiated Ser vices Code P oint mapping).
C LASS OF S ER VICE C OMMA NDS 33-16 map ip dscp (Interface Configuration) Th is command sets IP D SCP priority (i.e ., Differentiated Ser vices Code P oin t priority). Use the no form to re stor e the defa ul t tab le . Synta x map ip dscp dscp- val ue cos cos- value no map ip dscp • dscp-va lue - DSCP value.
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-17 Example The follo wing exam ple sho ws h o w to map IP DSCP v alue 1 to Co S v alue 0: priority ipv6 This comma nd assi gns IPv6 tra ffic cla sses t o one of the Cl ass-of -Service v alues . Us e the no for m to rest ore t he defau lt sett ing .
C LASS OF S ER VICE C OMMA NDS 33-18 Example The follo wing example maps the T raffic Cla ss v alue of 1 to CoS v alue 0: show ma p ip port Th is comm and shows the IP por t pr iority ma p . Synta x show map ip por t [ interface ] interface • ethernet unit / port - unit - Stack un it.
P RI ORI TY C OMMANDS (L AY ER 3 AND 4) 33-19 show map ip precedence This com mand sho ws the I P pr eceden ce pr iori ty ma p . Synta x show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack un it. (Range: 1) - port - P or t nu mb er .
C LASS OF S ER VICE C OMMA NDS 33-20 show map ip ds cp Th is command shows the IP DSCP prio rity map . Synta x show map ip dscp [ inte rface ] interface • ethernet unit / port - unit - Stack un it.
34-1 C HAPTER 34 Q UALITY OF S ERVICE C OMMANDS Th e commands describe d in this section are use d to configure Differ entiat ed Ser vices ( DiffSer v) class ificat ion crit eria and s er vice polici es . Y ou ca n class ify t raffi c base d on a ccess lists , IP Pre cede nce or DSCP v alues , o r VLANs .
Q UALITY OF S ER VI CE C OMMANDS 34-2 T o cre ate a ser vice poli cy for a spec ific cat ego r y of ingress tra ffic , follo w thes e st ep s: 1. Use the class-map com m and t o d esi gnat e a clas s n am e fo r a sp eci fi c cate g ory of traffi c , a nd enter the C lass Map conf igurat ion m ode .
CLASS - MAP 34-3 Notes: 1. You ca n con figure up to 16 rules per C lass Map. Y ou can also include multiple cl asses in a Policy Map. 2. You sh ould cre ate a Class Ma p (page 34-3) before crea ting a Policy Map (p age 34-6).
Q UALITY OF S ER VI CE C OMMANDS 34-4 • T he cl ass map i s used with a po licy ma p (pag e 34-6) to create a service poli cy (page 34-1 0) fo r a sp ecific interf ace th at defines packet class ific ation , servic e tag ging, a nd bandw idt h policing .
MATC H 34-5 comman d to sp ecify the fi elds withi n ingr ess packets t ha t must ma tch to qualif y for t his class map. • On ly one match command can be enter ed per clas s map .
Q UALITY OF S ER VI CE C OMMANDS 34-6 policy-map This com mand create s a pol icy map that ca n be attac hed to m ultiple inte rface s , and enters P olicy Map co nfigur atio n mod e . Use th e no for m to delete a polic y map an d return to Global co nfigur ation mode .
CLASS 34-7 class This command defines a traffic classifi cati on upo n whic h a policy can act , and e nters P olicy Map Cl ass confi gurati on mod e . Use th e no for m to delete a class map an d retu r n to P o licy Map co nf iguration mode . Synta x [ no ] class class-map-n ame class-ma p-na me - Name of the class map .
Q UALITY OF S ER VI CE C OMMANDS 34-8 Example This exam ple cre at es a p olicy called “r d_pol ic y , ” use s the class co mmand to sp ecify the p revio usly de fined “rd_ clas s , ” uses t h.
POLICE 34-9 police command to limit the av erage bandwidth to 100,000 Kbps , the burst rate to 152 2 bytes , an d conf igure the re spo nse to dr op any viola ting packet s . police Th is co mmand defi nes an polic er fo r cl assif ied traf fic . U se th e no for m to remove a police r .
Q UALITY OF S ER VI CE C OMMANDS 34-10 Example This exam ple cre at es a p olicy called “r d_pol ic y , ” use s the class co mmand to sp ecify the p revio usly de fined “rd_ clas s , ” uses t .
SHOW CLASS - MAP 34-11 Example Th is example applie s a ser vic e policy to an ing ress in terface. show class- map Th is command displays the QoS class maps wh ich define matching criteria used for clas sifying traffic . Synta x sho w class-map [ class- map-name ] class-ma p-na me - Name of the class map .
Q UALITY OF S ER VI CE C OMMANDS 34-12 sho w poli cy-ma p Th is command dis plays the QoS policy maps wh ic h define class ification criteria for inco ming traffic , and may include policer s for bandwidth limitation s . Synta x show po licy-map [ polic y -map-name [ class clas s-map- name ]] • policy-map-name - Na me of th e pol icy m ap.
SHOW POLIC Y - MAP IN TE R FA C E 34-13 Command Mode Pri vile ged Ex ec Example Console#show policy-map interface ethernet 1/5 Service-policy rd_polic y input Console#.
Q UALITY OF S ER VI CE C OMMANDS 34-14.
35-1 C HAPTER 35 M ULTICAST F ILTERING C OMMANDS Th is switch uses IGMP ( Inte rn et Gro up Man ag ement P rotoc ol) to q uer y for an y attac hed hosts that w ant to rece i v e a s pecif ic m ulti cast ser vice . I t ident ifi es the po r ts cont ainin g ho sts requ esting a se r vice a nd sen ds da ta out to t hose po rts only .
M ULTICAST F ILTERING C OMMAN DS 35-2 IGMP Snooping Comm ands This sect ion descr ibes com mand s used to c onfi gure I GMP s noo pin g on the s witch . ip igmp snooping Th is command enables IG MP snoopin g on this switch. Use the no for m to d isable it.
IGM P S NOOPING C OMMAN DS 35-3 Example The follo wing ex ample ena bles I GMP s noop ing . ip igmp snooping vlan static Th is command adds a por t to a m ulticast g roup .
M ULTICAST F ILTERING C OMMAN DS 35-4 ip igmp snooping version This com mand config ures t he IG MP sno oping v ers ion. U se th e no for m to resto re the default .
IGM P S NOOPING C OMMAN DS 35-5 ip igmp snooping im mediate-leave Th is command immediately dele tes a member por t of a multicast ser v ice if a leav e packet is receiv ed at that port and immediate-leav e is enabled for the p arent VLAN . Use the no for m to restore the default.
M ULTICAST F ILTERING C OMMAN DS 35-6 show ip igmp snooping Th is comm and shows the IG MP sn oopin g config ura tion. Default Setting None Command Mode Pri vile ged Ex ec Command Usage See “Con figu ring IGMP Sn oo ping a nd Que ry P aramet ers ” on pag e 16 -4 fo r a d escr iption o f th e disp layed ite ms .
IGM P Q UER Y C OMMAN DS 35-7 Command Mode Pri vile ged Ex ec Command Usage Mem ber t ype s d isp la yed i nc lude I GMP o r USE R, d epend ing on sel ected opt ion s .
M ULTICAST F ILTERING C OMMAN DS 35-8 ip igmp snooping q uerier This com mand enab les the sw itc h as an IGMP qu erier . Use th e no for m to dis able i t. Synta x [ no ] ip igmp snooping querier Default Setting Ena bled Command Mode Glob al Conf igura tion Command Usa ge If enabled, the sw itch will ser ve as querier if elected.
IGM P Q UER Y C OMMAN DS 35-9 Command Usage Th e qu er y count d efine s how lon g the quer ier waits fo r a re spon se from a multica st clie nt bef ore takin g ac tion.
M ULTICAST F ILTERING C OMMAN DS 35-10 ip igmp snooping q uery-max-response-time This com mand con fig ures the query repor t del a y . Use th e no for m to restor e the d efault. Synta x ip igmp snooping quer y-max-response-time seconds no ip igmp snooping quer y -max-response-time seconds - T he report del ay a dv ertised in IGM P quer ies .
IGM P Q UER Y C OMMAN DS 35-11 ip i gmp sno op in g rou ter- po rt- exp ire -ti me This com mand confi gures the query tim eout . Use the no for m to resto re the d efaul t.
M ULTICAST F ILTERING C OMMAN DS 35-12 Static Multicast Routing Commands Th is section d escribes commands used to configure static multicast routing on the switch. ip igmp snooping vlan m router Th is command statically config ures a m ulticast router po rt .
S TATI C M ULTICAST R OUTING C OMMAN DS 35-13 Example Th e fo l lowing sh ows how t o co nf igu re p or t 1 1 as a multi cas t r out er por t wit hin VLAN 1: show ip igmp snooping mr outer Th is command displays infor mation on static ally configured and dynamically le arned multicast router por ts .
M ULTICAST F ILTERING C OMMAN DS 35-14 IGMP Filterin g and Throttling Commands In certain switc h applicat ions , the administ rator ma y w ant t o co ntrol th e mult icast ser vices that are a v ailable to end use rs . F o r example , an I P/TV ser vice based on a specific subscription plan .
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-15 ip igmp filter (Global Configuration) Th is command globally enable s IGMP filteri ng and thrott ling on the swit ch.
M ULTICAST F ILTERING C OMMAN DS 35-16 ip igmp prof ile This comma nd crea te s an I GMP filt er pro file n umber and e nters I GMP profile conf iguration mode. Use the no for m to delete a profile number . Synta x [ no ] ip ig mp prof ile pr ofile-nu mber pr of ile-num ber - An I GMP filter profile n umber .
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-17 Command Usage • Each prof ile ha s only on e acces s mode ; e ith er per mit or de ny . • Wh en the ac cess mode is se t to per mit, IGMP join re ports a re proce ssed wh en a multicast group fa lls within the controlled rang e.
M ULTICAST F ILTERING C OMMAN DS 35-18 ip igmp filter (Interf ace Configuration) Th is command assign s an IGMP filtering profile to an interface on the swit ch. Use t he no for m to remov e a profile from an inter face . Synta x [ no ] ip ig mp fi lte r pr ofil e-number pr of ile-num ber - An I GMP filter profile n umber .
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-19 Default Setting 64 Command Mode Interf ace Conf i gur ation Command Usage • I GMP throttling sets a maximum numb er of multicast groups that a p o r t c a n j o i n a t t h e s a m e t i m e .
M ULTICAST F ILTERING C OMMAN DS 35-20 Command Usage Whe n the maximum n umber of g roup s is reached on a por t, the sw itch can t ak e on e of tw o action s; ei the r “d eny” o r “r eplace . ” If th e acti on i s set t o deny , any ne w IGMP join rep or ts will b e droppe d.
IGM P F ILTERING AND T HR O TTL ING C OMMAN DS 35-21 Example show ip igmp profile This com mand displ a ys I GMP f ilter ing pr ofil es cr eated on t he sw itc h . Synta x show ip igmp pr ofile [ pr of ile-numb er ] pr of ile-num ber - An e xisting IGMP filter prof ile n umber .
M ULTICAST F ILTERING C OMMAN DS 35-22 show ip igmp throt tle interface Th is comman d displays the in terface settings for IGMP thrott ling . Synta x show ip igmp throttle interface [ interface ] interface • ethernet unit / port - unit - Stack un it.
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-23 Mul tica st VL AN Reg ist ratio n Com mands Th is section d escribes c ommands used to config ure Multicast VLAN R egist rati on (MVR) . A sing le network-w ide VL AN can be used t o trans mit multicast traffic (such as televis ion ch annels) across a ser vice provider’ s network.
M ULTICAST F ILTERING C OMMAN DS 35-24 mvr (G lobal Configuration) Th is command enable s Multicast VLAN Registration (M VR) globally on the switch, enables a sp ecific MVR do main using the domain ke.
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-25 •U s e t h e mvr group command to stati cally configure all multicast group addr esses that w ill join an MVR VLAN. A ny multicast da ta associated wit h an MVR group is sent from all source ports, and to all recei ver po rts t hat ha ve regis tered to rece ive d ata fro m t hat multicas t grou p.
M ULTICAST F ILTERING C OMMAN DS 35-26 mvr (I nterface Configuration) This command confi gures an inter face as a stat ic memb er of an MVR domain using t he gro u p k e yw ord , or con figures an interf ace a s an MVR recei v er or so urce port usin g th e type k ey w ord.
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-27 groups within an MVR VLAN . Multicast groups c an also be s tatically assig ned t o a rece iver p ort u sing th e group key word. However, if a receiver port is statically configure d a s a member of an MVR VLAN, its stat us will be inactive.
M ULTICAST F ILTERING C OMMAN DS 35-28 mvr imme diate This comma nd causes the sw itch to immed iatel y removes an interf ace from a multicas t stre am as soon as it receives a leave mes sage for that group . Us e the no f or m to restore the defau lt sett ings .
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-29 sho w mvr This command sho ws info r mation about the glo bal MVR config uration set ting s when en tered wi th out any k eywor ds, the inte rfac es atta c hed to the MVR VL AN using the inte rface k eyw ord, or the mu ltica st groups ass ign ed to the MVR V LAN u sin g th e member s keyw ord.
M ULTICAST F ILTERING C OMMAN DS 35-30 Example Th e followi ng shows the globa l MVR se ttings : Console#show mvr ======================= ========= MVR domain : 1 MVR Status:enable MVR running status:.
M ULTICAST VLAN R EGISTR ATION C OMMAN DS 35-31 Th e follo wing dis plays information ab out t he i nte rfaces a ttach ed to t he MVR V LAN: Console#show mvr interf ace ======================= =======.
M ULTICAST F ILTERING C OMMAN DS 35-32 The followin g sho ws info rmation abo ut the interfaces associated with multicast g roups as signed to the MVR VL AN: Console#show mvr member s ======================= ============ MVR domain : 1 MVR Group IP Statu s Members ---------------- ----- --- ------- 225.
36-1 C HAPTER 36 D OMAIN N AME S ERVICE C OMMANDS These comman ds are used to confi gure Dom ain Namin g System (DN S) ser vices . Y ou can man ually configure entrie s in the DNS domain n ame to IP a.
D OMAIN N AME S ER VICE C OMMAN DS 36-2 ip host This com mand crea tes a stat ic en tr y in th e DNS t able that map s a ho st name to an IP ad dress . Use t he no for m to remo v e an entry . Synta x [ no ] ip h ost name addr ess1 [ addr ess2 … address8 ] •n a m e - Name of the h ost.
CLEA R HOST 36-3 Example This example maps tw o address t o a host n ame . clear host Th is command deletes entries from the DNS table. Synta x clear host { name | * } •n a m e - Name of the h ost. (Range: 1-127 characters) • * - Re move s all entr ie s.
D OMAIN N AME S ER VICE C OMMAN DS 36-4 ip domain-name This comma nd defi nes th e defau lt d omain name appended to in comp lete host n ames (i.e., ho st name s passe d from a c lient th at are no t for mat ted with d otted no tation) . Use the no for m to remo v e the c ur rent do main name.
IP DOMA IN - LIST 36-5 ip domain-list Th is comm and define s a list of doma in name s that can be append ed t o inco mplete ho st name s (i.e., host names pas sed fr om a clie nt that a re not for ma tted wit h dott ed not ation ). Use th e no for m to remove a na m e from this list .
D OMAIN N AME S ER VICE C OMMAN DS 36-6 Example Th is exam ple a dds two domain nam es to th e cu r rent list an d then disp lays the lis t. Related Commands ip domain-name (36-4) ip name-server This comma nd sp ecifies the add ress of one or m ore dom ain nam e ser v ers to use f or n ame- to- ad dre ss re so lut ion.
IP DOMA IN - LOOKUP 36-7 Example This exam ple add s tw o dom ain -name ser v ers t o th e lis t and then dis pla ys the lis t. Related Commands ip domain-name (36-4) ip domain-lookup (36-7) ip domain-lookup This command enab les DNS ho st name-to-ad dress translat ion.
D OMAIN N AME S ER VICE C OMMAN DS 36-8 Example This examp le en able s DNS an d th en displ ay s th e config ura tion. Related Commands ip domain-name (36-4) ip name-ser ver (36-6) sho w ho sts Th is command dis plays the static host n ame-to-address mapping table.
SHOW DNS 36-9 sho w dn s Th is command displays the configuration of the DNS ser v ice. Command Mode Pri vile ged Ex ec Example sho w dn s cac he This com mand displ ays ent ries in the DN S cac he . Command Mode Pri vile ged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
D OMAIN N AME S ER VICE C OMMAN DS 36-10 clear dns cac he Th is command clears all entries in t he DNS cache . Command Mode Pri vile ged Ex ec Example Table 36-2 show dns cache - display description Field Description NO Th e entry number for each resource record .
37-1 C HAPTER 37 DHCP C OMMANDS These comman ds are used to confi gure Dynam ic Host Confi gura tion Prot ocol (DHCP) clie nt and rela y functi ons . Y ou c an con figu re an y VLAN interface t o be automatically as signed a n IP address via DHCP .
DHCP C OMMAN DS 37-2 Command Usage • Thi s co mma nd is su es a BO O TP or DHCP cl ient requ est f or a ny I P interfa ce that ha s been se t to BOOTP or DHCP mode via the ip address command. • DHCP r equire s th e server to r eassi gn th e clien t’s last addres s i f available.
DHCP R ELAY 37-3 ip dhcp relay server This comma nd ena bles DHCP rela y ser vice, a nd specifi es the addr ess of the s er ver to use. Use the no f or m to clear a ser ve r addre ss . Synta x ip dhcp relay ser ver address no ip dhcp relay ser v er address - IP address o f a DHCP ser ver .
DHCP C OMMAN DS 37-4 Example ip dhcp inform ation option Th is command e nables DHCP Option 82 infor m ation relay , and specifies the fra me for ma t to use w hen Option 82 info r mation is g enerated b y the swit ch. Use t he no for m of this comman d to dis able this feature .
DHCP R ELAY 37-5 • If Option 82 is enabl ed on the sw itch, client information will be incl uded in any re layed request packet recei ved t hrough the management int erface according to this criteria.
DHCP C OMMAN DS 37-6 the rep ly p acket w as rec eived. I f the DHCP packet’s broad cast flag is off, the s witch uses the Option 82 information to identify the in terfac e conn ected to the req uestin g clien t and unic asts th e repl y pack et to the cli ent.
DHCP R ELAY 37-7 address (whe n DHCP snooping or relay is enabled), and unicast the packet t o th e DHCP s erver. Default Setting replace Command Mode Glob al Conf igura tion Usage Guidelines • Refe.
DHCP C OMMAN DS 37-8 Example Related Commands ip dh cp rela y ser v er (37-3) Console#show ip dhcp re lay server Ip Dhcp Relay Status: Enable Ip Dhcp Relay Server: 192.
38-1 C HAPTER 38 IP I NTERFACE C OMMANDS An IP ad dress may be used for managemen t acce ss t o t he s witc h o ver y our network. A n IP add ress is obta ined via DH CP by d efault for V LAN 1.
IP I NTERFACE C OMMAN DS 38-2 ip address This com mand set s t he IP a ddress for t he currently sele cted V LAN interface. Use the no for m to rest ore the defau lt IP ad dress . Synta x ip address { ip-address netmask | bootp | dhcp } no ip address • ip-address - IP ad dress • netm as k - Network mask fo r the ass ociat ed IP sub net.
B ASI C IP C ONFIGURATION 38-3 Notes: 1. Only o ne VLA N inter face can be assig ned an IP add res s (t he def aul t i s VL AN 1 ). Thi s def in es t he mana gem en t VL AN, the only VL AN thr ough w hich you c an ga in manag ement ac ces s to the sw itch.
IP I NTERFACE C OMMAN DS 38-4 Example The follo win g exam ple defines a default gatewa y for t his d evice: Related Commands show ip redirects (38-4) show ip interface Th is command displays the settings of an IP interface .
B ASI C IP C ONFIGURATION 38-5 ping Th is comm and send s ICM P echo re ques t packets to ano ther no de on the network. Synta x ping ho st [ co unt coun t ][ siz e size ] • host - IP ad dress o r IP alias of the h ost. • coun t - Number of packets to send.
IP I NTERFACE C OMMAN DS 38-6 Example Related Commands interface (25-2) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeou t is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.
S ECTION IV A PPENDI CES Th is section p rovides addition al infor m ation on the following topic s . Software Spe cification s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Troub lesho oting . . . . . . . . . . . . .
A PPENDIC ES.
A-1 A PPENDI X A S OFTWARE S PECIFI CA TIO NS Software Features Authentication Local, RADIUS , TA CA CS+, P or t (802.1X), HTTPS , SSH, P or t Security Acc ess Cont ro l Lis ts IP , MA C F ast Et her .
S OFTWA R E S PECIFIC ATIONS A-2 Rate Limi ts Input/ output limit Ran ge (con fi gu red per po rt) P or t T r unking Static tr un ks (Cis co Et herC hanne l compli ant) Dyna mic t r unks (Link Ag g re gation Con trol Prot oc ol) Spanning T ree Algorithm Spanning T ree Pr otocol (STP , IEEE 802.
M ANAG EMEN T F EAT UR E S A-3 3 O AM channels (IB , eo c , V OC) betwee n VTU-C and VTU-R HDLC or 802.3ah EFM framing Upstre am po we r ba ck o ff CPE fir mwa re-upgrade via eo c c hanne l R emote CP.
S OFTWA R E S PECIFIC ATIONS A-4 IEEE 802.1Q VLAN IEEE 802.1v Protocol-based VLANs IEEE 802.1s Multiple Spanning T r ee Proto col IEEE 802.1w Rapid Sp anning T r ee Protoc ol IEEE 802.
M ANA GEME NT I NFORMATI ON B ASES A-5 Entity MIB (RFC 2737) Ether -like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Ag ents MIB (RFC 2742) F orward ing T able MIB (RFC 2096) IGMP MI.
S OFTWA R E S PECIFIC ATIONS A-6.
B-1 A PPEND IX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom A ction Cannot con nect using Telnet, web browse r, or SNMP software • Be sur e the sw itc h is pow ered up. • Chec k network cab ling between t he manage ment stat ion and th e sw it ch .
T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • If you cannot conne ct using SSH, you may have exce eded the maxim um number of concurre nt Telnet/SSH sessio ns perm itted.
U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installatio n Guide to e nsure th at the prob lem you enco unt ere d is ac tual ly ca us ed by the sw itch . If th e pro blem app ears to be ca used by the sw itch, follow thes e ste ps : 1.
T R OUBLESHOOTING B-4.
Glossary-1 G LO SSARY Acc ess Cont rol L ist (ACL) A CLs ca n limi t ne tw ork tr affic a nd res trict access to c ertain users or devices b y ch ec king eac h pac k et for certain I P or M A C (i.
G LOSSAR Y Glossary-2 marke d for d ifferent kinds of forw arding . The DSCP bits are mapped to the Cl ass o f Service cate g ories , and then into the o utput queues . Domain Name Se rvice (DNS) A sys tem us ed for tr ans lating host nam es for network no des into IP addre sses .
G LOSSAR Y Glossary-3 Gene ric Mult ic ast Reg ist rati on Prot oc ol (GMRP) GMR P allo ws netw ork device s to regi ster end st atio ns w ith m ulticast g roup s . GM RP re quire s that a ny par ticipatin g net w ork dev ices or end stations comply with the IEEE 802.
G LOSSAR Y Glossary-4 IEEE 802.3ac Defines frame extensions for V LAN tag ging . IEEE 802.3x Defi nes Ethe rnet fr ame start/ sto p r equest s a nd ti mer s use d fo r flo w control on full-duplex links .
G LOSSAR Y Glossary-5 IP Precedence The T ype of Se r vice (T oS ) oct et i n th e IPv4 he ader i ncludes thr ee prec edence bit s de finin g eig ht d iffere nt p riori ty l ev els ra nging from hig hest pri ori ty for ne tw ork co ntro l pac kets t o l ow est prio rity for ro uti ne tr affi c .
G LOSSAR Y Glossary-6 Multic ast Swi tching A pr ocess wher eb y the swi tc h filter s in comin g m ul ticast frame s for ser vices for wh ich no attached host has regist ered, or forw ards them t o all por ts cont ained w ithin th e de signate d multic ast VLAN g rou p .
G LOSSAR Y Glossary-7 Private Branch Exchange (PB X) A tele phon e exchang e loca l to a par ticul ar org a nizatio n who use, rath er than provide, tele ph one s er vic es . Private VLANs Pri vate VLA Ns pr o vide port-based securit y and iso lati on be tw een p orts with in th e assi gned V LAN .
G LOSSAR Y Glossary-8 Secure Shell ( SSH) A secur e replace ment for r emote ac cess func tions , incl uding T e lnet. SSH can a uth entic ate users wit h a cryptographic key , and e ncr ypt data conn ection s bet ween manag em ent c lients and the switch.
G LOSSAR Y Glossary-9 Terminal Access Controller Access Control System Plus (TACAC S+) T A CA CS+ i s a logon authe nticat ion p rot ocol that uses sof tw are running on a cent ral ser v er to cont rol access to TA CA CS-compl iant de vices on the network.
G LOSSAR Y Glossary-10 Very high data ra te Digital S ubscriber Line 2 (VDS L2) VDSL2 as defined in ITU-T R ecommendation G .993. 2 is an en hancement to the first VDSL standard (G .
Index-1 Numeri cs 802.1Q tunnel 13-24 , 32 -2 5 descriptio n 13-24 interface con figuration 13- 30 , 32-27 – 32-2 9 mode selectio n 13-30 , 32-10 , 32-27 TPID 13-30 , 32- 29 802.
I ND EX Index-2 verifying MAC ad dresses 7-10 , 23-21 VLAN confi guration 7-10 , 23 -20 Differentiated Code Point Service See DSCP Differentiated Serv ices See Dif fS erv DiffServ 15-2 , 34- 1 binding.
I NDEX Index-3 Layer 2 16 -2 , 35-2 query 16-2 , 35 -8 query, Layer 2 16 -4 , 35-7 snooping 16-2 , 35-2 snooping , configuring 16-4 , 35-2 snooping , settin g immedia te leave 16-13 , 35- 5 ingress fi.
I ND EX Index-4 MVR assigning static multicast groups 16- 30 , 35-26 setting interface type 1 6-26 , 35-26 , 35-28 setting multicast groups 16- 21 , 35-24 specifyin g a VLAN 16- 21 , 35-24 using i mme.
I NDEX Index-5 groups 5-18 , 21 -1 5 user configur ation 5-12 , 5- 15 , 21 -18 views 5-24 , 21 -13 software display ing ve rsion 4 -7 , 20-10 download ing 4-18 , 20-1 7 Spanning Tree P rotocol See STA.
I ND EX Index-6 ham ban d notch 1 0-8 , 29-7 ham band reg ion/usag e notch 10-9 , 29-9 impulse noi se protecti on 10- 10 , 29-23 interface se ttings 1 0-7 , 29-2 line profiles 10-16 , 29-35 maximum da.
.
20 Mason Irvi ne, CA 92 618 Phone : (949) 679-8 000 Model Number s: SMC78 00A/VCP Pub . Numb er: 149 100012 100H E01200 7/ST -R 01 FOR TECHNICAL SUPPOR T , CALL: From U. S.A. and Ca nada (24 hou rs a day , 7 days a w eek) (800) SMC- 4-Y OU ; (949) 679-800 0; Fax: (949) 679- 1481 Fro m Eu ro pe : Co nt act de ta il s ca n be f oun d on www .
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté SMC Networks TigerAccess SMC7816M c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du SMC Networks TigerAccess SMC7816M - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation SMC Networks TigerAccess SMC7816M, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le SMC Networks TigerAccess SMC7816M va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le SMC Networks TigerAccess SMC7816M, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du SMC Networks TigerAccess SMC7816M.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le SMC Networks TigerAccess SMC7816M. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei SMC Networks TigerAccess SMC7816M ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.