Manuel d'utilisation / d'entretien du produit ES4612 du fabricant Microsoft
Aller à la page of 666
t h e r e i s n o e d g e l i m i t t h e r e i s n o p e r m a n e n t c o r e t h e r e i s n o e d g e l i m i t t h e r e i s n o p e r m a n e n t c o r e Gigabit Ethernet Switch Management Guide.
.
Manage ment Guide Giga bit Ethernet Switch Laye r 3 Wor kgroup Switch wi th 8 SFP Por ts, and 4 G igabit Combin ation (RJ -45/SFP) Ports.
ES461 2 F1.0.2.5 E09200 4-R01 1500000 46400 A.
v Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efa ults 1-6 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uratio.
Contents vi Console Port Setti ngs 3-24 Telnet Setti ngs 3-26 Confi guring Eve nt Loggin g 3-28 System Log Configurati on 3-28 Remot e Log Confi guration 3-30 Displ aying Lo g Messages 3-32 Resettin g.
Contents vii Port Conf iguration 3-78 Displ aying Con nection St atus 3-78 Config uring Inte rface Conne ctions 3-81 Creatin g Trunk G roups 3-83 Staticall y Configuri ng a Tr unk 3-84 Enabling LACP o.
Contents viii Selectin g the Que ue Mode 3-1 42 Setting th e Service Weight for Traffic Classe s 3-142 Layer 3 /4 Priority Settings 3-144 Mappin g Layer 3/ 4 Priorities to CoS Value s 3-1 44 Selectin .
Contents ix Config uring IP R outing Int erfaces 3-197 Address Resolutio n Protocol 3-199 Proxy ARP 3-199 Basi c ARP C onf igur atio n 3-20 0 Config uring Static AR P Addresses 3-201 Displayi ng Dynam.
Contents x Displ aying Nei ghbor Informat ion 3-264 Chapter 4: Comma nd Line Interfa ce 4-1 Using the Comm and Line I nterface 4-1 Acces sing the CL I 4-1 Cons ole Connec tion 4-1 Telnet Co nnection 4.
Contents xi System M anageme nt Comman ds 4-25 Devic e Designa tion Comm ands 4- 25 prompt 4- 26 hostnam e 4-26 User Acce ss Com mands 4-27 usernam e 4-27 enable p assword 4-28 IP Filter Comm ands 4-2.
Contents xii Time Command s 4-53 sntp c lie nt 4-53 sntp s erv er 4-54 sntp po ll 4-55 show snt p 4-55 clock t imezo ne 4- 56 calend ar set 4-57 show cal endar 4-57 System Status Com mands 4-58 show s.
Contents xiii dot1x op eration -mode 4- 82 dot1x re-a uthentica te 4-82 dot1x re-a uthentica tion 4-83 dot1x tim eout qui et-period 4-83 dot1x tim eout re-au thperiod 4-84 dot1x tim eout tx-p eriod 4-.
Contents xiv snmp-serv er engine-id 4-1 19 show s nmp e ngi ne-i d 4-11 9 snmp- serve r vi ew 4 -120 show snmp vi ew 4-121 snmp-serv er group 4-121 show snmp gro up 4-123 snmp-serv er user 4-124 show .
Contents xv Inte rfac e Co mman ds 4 -149 interf ace 4-149 des cript ion 4- 150 speed-d uplex 4-1 50 negot iat io n 4-15 1 capabi lities 4-1 52 media-t ype 4-154 shutdow n 4-154 switchp ort broad cast.
Contents xvi spanni ng-tree edg e-port 4-1 81 spanni ng-tree port fast 4-182 spanni ng-tree lin k-type 4-183 spanni ng-tree ms t cost 4-183 spanni ng-tree mst p ort-priority 4-184 spanni ng-tree prot .
Contents xvii show q ueue cos -map 4-212 Priority Co mmands (Layer 3 a nd 4) 4-213 map ip p ort (Global Co nfigurat ion) 4-213 map ip p ort (Interface Co nfiguratio n) 4-214 map ip p recedenc e (Globa.
Contents xviii arp 4-241 arp-ti meout 4-242 clear arp -cach e 4-242 show arp 4-242 ip proxy -arp 4-243 IP Routing Comma nds 4-2 44 Globa l Routin g Configura tion 4-244 ip routin g 4-244 ip route 4-24.
Contents xix ip ospf h ello-inte rval 4-276 ip ospf p riority 4-2 76 ip ospf r etransmit -interval 4-277 ip ospf t ransmit-d elay 4-278 show ip os pf 4 -27 8 show ip o spf border-r outers 4-279 show i.
Contents xx Router R edundanc y Commands 4-311 Virtua l Router R edundanc y Protocol Command s 4-311 vrrp ip 4-312 vrrp auth enticatio n 4-313 vrrp prio rity 4-313 vrrp tim ers advertise 4-314 vrrp pr.
xxi Tables Table 1- 1 Key Featu res 1-1 Tab le 1 -2 Sy st em Def aul ts 1-6 Table 3- 1 Web Page C onfigura tion Button s 3-3 Table 3- 2 Switch Main Men u 3-4 Table 3- 3 Logging Lev els 3-29 Table 3- 4 SNMPv3 Security Mod els and L evels 3-35 Table 3-5 HTTPS Sys tem Support 3-49 Table 3- 6 802.
xxii T ables Table 4-1 8 show l ogging fla sh - disp lay descrip tion 4-48 Table 4-1 9 show logg ing trap - displa y descriptio n 4-49 Table 4-2 0 SMTP Ale rt Command s 4-49 Table 4-21 Tim e Comman ds.
xxiii T ables Table 4- 63 Priority Command s 4-207 Table 4- 64 Priority Command s (Layer 2 ) 4-207 Table 4- 65 Default CoS Priority Levels 4 -211 Table 4- 66 Priority Command s (Layer 3 and 4 ) 4 -213.
xxiv T ables Table 4-1 08 VRRP Comma nds 4-311 Table 4-1 10 show vrrp b rief - di splay d escriptio n 4-317 Table 4-1 09 show vrrp - display descripti on 4- 317 Table 4-1 11 HSRP Comma nds 4-320 Table.
xxv Figures Figur e 3- 1 Home P ag e 3-2 Figure 3-2 Front Panel Indi cators 3-3 Figure 3 -3 System Informa tion 3-11 Figure 3 -4 Switch Inform ation 3-13 Figure 3 -5 Bridge Extensio n Configura tion 3.
xxvi Figures Figure 3 -42 ACL Configurati on - Extend ed IP 3-70 Figure 3 -43 ACL Configurati on - MAC 3-72 Figure 3 -44 ACL Mask Con figurat ion 3-73 Figure 3 -45 ACL Mask Con figuration - IP 3-75 Fi.
xxvii Figures Figure 3-87 IP DSCP Priority 3-14 7 Figure 3-88 IP Port Priority Status 3-148 Figure 3-89 IP Port Priority 3-148 Figure 3 -90 ACL CoS Priority 3-150 Figur e 3- 91 A CL Mar ker 3-1 51 Fig.
xxviii Figures Figure 3-132 O SPF Area Configuratio n 3-229 Figure 3-133 O SPF Range Config uration 3- 231 Figure 3-134 O SPF Interface Config uration 3-234 Figure 3 -135 OSPF Inte rface Config uratio.
1-1 Chapter 1: Introduction This switc h provid es a broad r ange of fe atures for Layer 2 swi tching and La yer 3 routing. It in cludes a managem ent agen t that allow s you to configu re the featu res listed in this manual. Th e defaul t configurat ion can be used for most of the fea tures provided by this swi tch.
Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a w ide ra nge o f adva nced perform ance enha ncing features . Flow cont rol elimina tes the l oss of packets due t o bottlene cks cau sed by po rt satura tion. Broadc ast stor m suppr ession pr events broadc ast tra ffic storms from engulfin g the netw ork.
Description of Softw are Feat ures 1-3 1 DHCP Server and DHCP Relay – A DHCP server is prov ided to assign IP addresses to h ost devices. Since DHCP uses a broadcast mechanism, a DHCP server and its client must physi cally r eside on t he sam e s ubnet.
Introduction 1-4 1 T o avoid dropping frame s on cong ested por ts, the switch pr ovides 1 MB for frame buffering. T his bu ffer can queu e pack ets awaiti ng tra nsmissi on o n conge sted network s. Sp anning T ree Protocol – The switc h suppo rts these spanni ng tree prot ocols: S panning Tree Protocol (STP , IEEE 802.
Description of Softw are Feat ures 1-5 1 This switc h also supp orts sever al commo n metho ds of prior itizing layer 3/4 traffic to meet ap plication r equirem ents. T raffic can be prioritized based on the priorit y bits in the IP frame ’s T ype of Service (T oS) octet or the num ber of the TC P/UDP p ort.
Introduction 1-6 1 Multicast Routing – Routing for m ulticas t packets is support ed by the D istance V ector Multic ast Ro uting Pro tocol (DVM RP) a nd Prot ocol-Ind epend ent Multi casting - Dens e Mode (PIM- DM). T hese pr ot ocols w ork in conj unct ion wi th IG MP to fi lte r and route mult icast traffic.
System Defaults 1-7 1 Web Manage ment HTTP Server Enabled HTTP Port Numb er 80 HTTP Secure Server Enabled HTTP Se cure Po rt Num ber 443 SNMP Communi ty Strin gs “pu blic” (r ead only) “privat e.
Introduction 1-8 1 Span nin g T ree Protocol Status En abled, MSTP (Defaults: All val ues ba sed on IEEE 802.1s) Fast Forw arding (Edge Port) Disabled Address T able Aging Time 300 seco nds Virtual LA.
System Defaults 1-9 1 Router Re dunda ncy HS RP Disabl ed VRRP Disabl ed Multicast Filtering IGMP Sn ooping (Layer 2) Snooping : Enab led Querier: D isable d IGMP (Layer 3) Disabled Multicast Rou ting.
Introduction 1-10 1.
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in ne twork m anageme nt age nt. The ag ent offers a variet y of m anageme nt opt ions, i ncluding SN MP , RMON a nd a web- based i nterfac e.
Initial Confi guration 2-2 2 • Configu re Spa nning T ree parame ters • Configure Class of Se rvice (CoS) p riority queuing • Configu re up to 6 stat ic or LACP t runks • Enable po rt mirror i.
Basic Configur ation 2-3 2 Remote Connections Prior to acces sing t he sw itch’s onboa rd a gent v ia a netwo rk conn ection , you must fi rst c onfi gure it w ith a val id I P add ress , su bnet m ask, and defaul t g atewa y usi ng a console connect ion, DHC P or BOO TP proto col.
Initial Confi guration 2-4 2 Setting Passwords Note: If this is yo ur first time to log into the CLI program, you s hould define new passwords for both default user names us ing the “u sername” comm and, record them and put them in a saf e place. Passwo rds can con sist of up t o 8 alphanu meri c character s and are ca se sens itive.
Basic Configur ation 2-5 2 Before y ou can assi gn an IP addr ess to th e switch , you mus t obtain the follo wing inform ation from y our netwo rk admi nistrator : • I P addr ess fo r the sw itch • Default ga teway for the netwo rk • Network mask for thi s network T o assign an IP address to the swi tch, comp lete th e followin g steps: 1.
Initial Confi guration 2-6 2 5. W ait a few minutes, and then c heck the I P config uration se ttings by t yping the “show ip int erface ” comman d. Pre ss <Enter >. 6. Then save y our con figurat ion chang es by typi ng “copy running-co nfig startup-co nfig.
Basic Configur ation 2-7 2 The defa ult s tri ngs are: • public - wit h read- only access. Author ized managem ent s tations are only able t o ret rieve MIB obje cts. • private - w ith re ad-wr ite acces s. A uthorized manag emen t station s are able t o both ret rieve and modify MIB object s.
Initial Confi guration 2-8 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configure managem ent acc ess for SNM Pv3 cli ents, you need t o first creat e a view tha t defines the porti ons of M IB that the client ca n read or write, ass ign the v iew to a group , and then assi gn the use r to a group .
Managing System Files 2-9 2 Managing System Files The s wit ch’ s fl ash memory supp ort s th ree types of s yste m fi les t hat can be mana ged by the CLI program, web interface, or SNMP . The s witch’ s file system allows files to be upload ed and d ownloade d, cop ied, deleted , and set a s a start-up file.
Initial Confi guration 2-10 2.
3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch prov ides an em bedde d HTTP web ag ent. Us ing a w eb browser you c an configur e the swit ch and vie w statistics t o monitor network ac tivity . The web agen t can be acce ssed by any com puter on the netwo rk using a standard web browse r (Interne t Explorer 5.
Configuring the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-brow ser in terface yo u must first enter a us er name a nd password . The ad minist rator has Rea d/Write acce ss to all conf igurati on parame ters and statisti cs.
Navigating the Web Brow ser Interface 3-3 3 Configurati on Options Configu rable parameters have a dial og box or a drop-d own l ist. Once a co nfigur ation change ha s been m ade on a page, be sure to cl ick on the App ly butt on to confi rm the new set ting.
Configuring the Switch 3-4 3 Main Menu Using th e onboard web agent , you can de fine sy stem parame ters, ma nage an d contro l the switch, and all its ports, or moni tor netw ork cond itions. T he followi ng table briefly des cribes the selec tions avai lable from this progr am.
Navigating the Web Brow ser Interface 3-5 3 Security 3-3 6 User Acco unts Configure s user nam es, pa ssword s, and access le vels 3-44 Authentic ation S ettings Configure s auth enticat ion seq uence.
Configuring the Switch 3-6 3 Rate Limi t 3-96 Input Por t Config uration Sets the i nput ra te limit for ea ch port 3-9 6 Input Trun k Con figurati on Se ts the inpu t rate l imit for each t runk 3-96.
Navigating the Web Brow ser Interface 3-7 3 Static Me mbersh ip Configure s mem bership type f or inter faces, incl uding t agged , untagged or forb idden 3-131 Port Conf iguratio n Specifi es defaul .
Configuring the Switch 3-8 3 IP Multicast Reg istration Table Displays a ll multi cast gr oups a ctive on th is switc h, inclu ding multicast IP add resses and VL AN ID 3-158 IGMP Memb er Por t Tabl e.
Navigating the Web Brow ser Interface 3-9 3 UDP Shows sta tistics for UDP , inclu ding th e amo unt of traffic and errors 3-209 TCP Shows statis tics fo r TCP , i ncludin g the amount of traffic and T.
Configuring the Switch 3-10 3 Interface Config uration Sh ows ar ea ID and design ated ro uter; a lso config ures O SPF protocol s ettings and a uthent ication for each in terface 3-232 Virtual Link C.
Basic Configur ation 3-11 3 Basic Configuration Displaying Syste m Information Y ou can ea sily ident ify the sy stem by displayin g the devi ce name , locatio n and contact infor mation. Field Attributes • Syst em Name – Name assi gned to th e switch s ystem.
Configuring the Switch 3-12 3 CLI – S pecif y th e hos tname , loc ati on an d con tac t in for matio n. Displaying Switch Hardware/S oftware Versions Use the Sw itch Infor mation page t o displa y hardwar e/firm ware vers ion num bers for the main bo ard and m anage ment so ftware, as wel l as the powe r status of the system .
Basic Configur ation 3-13 3 These addi tional param eters ar e displaye d for the CLI. • Unit ID – Unit number in sta ck. • Redundant Power Status – Displa ys the status of the re dunda nt powe r supply. Web – Click System, Switch I nformation.
Configuring the Switch 3-14 3 Displaying Bridge Extension Capa bilities The Bridg e MIB includ es extens ions for m anage d devices that suppor t Multicas t Fil ter ing, T raf fi c Cl asses , and Vi rtu al LA Ns. Y ou ca n ac cess t hes e exte nsio ns t o dis play def ault se tti ngs for t he key va riabl es.
Basic Configur ation 3-15 3 CLI – Enter the fo llowing co mman d. Setting the Switch’s IP Address Thi s sec tion desc ribe s how to co nfi gure an in it ial IP int erf ace fo r man agem ent access over th e network. The IP address f or this switch i s obtained via DHCP by default.
Configuring the Switch 3-16 3 Command Attributes •V L A N – ID of the co nfigur ed VLAN (1-4 094, no le ading ze roes). By def ault, all ports on the switch ar e memb ers of VLAN 1. Howev er, the man agemen t station can be att ach ed to a por t bel ongi ng t o any V LAN, as lo ng as that VLAN has be en assigne d an IP addr ess.
Basic Configur ation 3-17 3 Click IP , Gl obal Set ting. If thi s switch and mana gement stations exist on o ther network segment s, then s pecify the defau lt gateway , and click Ap ply . Figure 3-7 Defa ult Gat eway CLI – S pecify the managem ent inte rface, IP addres s and defau lt gatew ay .
Configuring the Switch 3-18 3 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switch to be dyna mic ally co nfi gured by thes e serv ices . We b – Clic k IP , Gener al, Routi ng Interf ace. S pecif y the VLAN to which the mana gemen t st atio n is att ached, se t the I P Addr ess Mode to DHCP or BOOTP .
Basic Configur ation 3-19 3 We b – If the address as signed by DHCP is no lon ger functioning, you will not be able to rene w the IP set tings via the web inter face. Y ou can only re start DHCP service vi a the we b interface i f the curre nt addre ss is still av ailable.
Configuring the Switch 3-20 3 Downloadi ng System Softw are from a Se rver When dow nload ing runti me code, you can spec ify the des tinatio n file nam e to replace th e curren t image, or first dow nload the file us ing a differen t name fro m the current ru ntime co de file, an d then set the new file as the startup file .
Basic Configur ation 3-21 3 T o delete a file select System, File, Delete. Select th e file name from the given list by checkin g the tick bo x and cli ck Apply .
Configuring the Switch 3-22 3 Saving or Restoring Confi guration Settings Y ou can up load/d ownload co nfigurat ion setting s to/from a TF TP serv er .
Basic Configur ation 3-23 3 Downloadi ng Configuration Se ttings from a Se rver Y ou can dow nload the config uration file un der a new f ile name an d then set it as the startup file, or you can sp ecify the cur rent startup conf igurati on file a s the de stinati on file to direct ly replac e it.
Configuring the Switch 3-24 3 CLI – Enter the IP address of the TFTP s erver , specif y the s ource f ile on th e server, set the startup file name on the swit ch, and t hen restart the sw itch. T o select anot her conf igurati on file as the start -up configu ratio n, use the boot system comma nd and t hen res ta rt th e swit ch.
Basic Configur ation 3-25 3 • Speed – Sets the termi nal line’s baud rate for trans mit (to term inal) and r eceive (from termi nal). Set the speed to match th e baud rat e of the devi ce connect ed to the serial po rt.
Configuring the Switch 3-26 3 CLI – Enter Line Co nfigur ation mod e for the con sole, then specify the conne ction parameter s as requi red. T o display t he curren t console po rt setti ngs, use the s how line command fr om the Normal Ex ec level.
Basic Configur ation 3-27 3 • Password Threshold – Sets the password in trusion thr eshold, which limi ts the number of failed l ogon at tempts. W hen the logon att empt thr eshold is reach ed, th.
Configuring the Switch 3-28 3 CLI – Enter Line Co nfigur ation mod e for a virtua l termin al, then spe cify the connection parameters as requir ed. T o display the current virt ual termi nal settings, use the sho w line command from th e Norm al Exec l evel .
Basic Configur ation 3-29 3 • RAM Level – Lim its log messa ges s aved to the switc h’s te mporary RAM mem ory for all l evels up to the specifi ed level. For example, if level 7 is specified, all messages from l evel 0 to l evel 7 will b e logged to RAM.
Configuring the Switch 3-30 3 Remote Log Configuration The Remot e Logs page allows yo u to config ure the logg ing of mess ages t hat are sent to sysl og serve rs or othe r manag ement s tations. Y ou ca n also limit the even t messag es sent to only those m essa ges at or ab ove a speci fied leve l.
Basic Configur ation 3-31 3 We b – Click System, Logs, Remote L ogs. T o add an IP address to t he Host IP List, type the new IP addre ss in the Ho st IP Addres s box, and t hen click Ad d. T o delete an IP addr ess, click the entry i n the Host IP List, and the n click Re move .
Configuring the Switch 3-32 3 Displaying Log Me ssages Use the Log s page to sc roll through the logg ed system an d event messag es. The switch can store up t o 2048 log entries i n tempora ry rando m acces s memo ry (RAM; i.e., memor y flush ed on powe r reset) an d up to 4096 e ntries in p ermane nt flash memory .
Basic Configur ation 3-33 3 Setting the System Clock Simple Network T ime Pro tocol (SNTP) allows the switch to set its int ernal clock based on pe riodic upd ates from a time serv er (SNTP or NTP). Main taining an accurate t ime on the s witch ena bles the system log to recor d meaningf ul date s and times fo r event entr ies.
Configuring the Switch 3-34 3 CLI – This examp le configu res the sw itch to oper ate as an SN TP cli ent and then displays the curre nt time an d setting s.
Simple Network Management Proto col 3-35 3 Simple Network Manage ment Protocol Simp le Ne twor k Manage ment Pr otoc ol ( SNMP) i s a commu nica tion pr otoc ol designe d specif ically for managi ng device s on a netw ork. Equ ipment co mmonly manage d with SN MP includ es switc hes, route rs and ho st comp uters.
Configuring the Switch 3-36 3 Note: The predefined default groups and view c an be deleted from the system. Y ou can then d efine custom ized groups and views for t he SNMP cli ents that re quire access. Enabling the SNMP Agen t Enables SNMPv3 service for all management clients (i.
Simple Network Management Proto col 3-37 3 • Access M ode – S pecifies the access rights for the com munity string: - Read-Only – A uth orize d ma nageme nt s tat ions are o nly able to r etr ieve M IB objects. - Read/Write – Authorized m anage ment stat ions ar e able to both retrieve and modify MIB ob jects.
Configuring the Switch 3-38 3 • Enable Aut hentication Traps – Issu es a trap m essa ge to specif ied IP trap manage rs when ever authen ticatio n of an SNMP request fails. (Defaul t: Enabled ) • Enable Link-up and Link-down Traps – Issues a t rap me ssage whene ver a por t link is estab lished or b roken .
Simple Network Management Proto col 3-39 3 A local engine ID is auto maticall y generat ed that is uniq ue to the sw itch. This i s referred to as the de fault engine ID. If the loca l engine ID is delet ed or chang ed, all SNMP users will be cleared.
Configuring the Switch 3-40 3 • Privacy – The encrypt ion algorit hm use fo r data privacy ; only 56-bi t DES is currentl y available • Actions – Enable s the user to be assigne d to anoth er SNM Pv3 group . We b – Clic k SNMP , SNM Pv3, U sers.
Simple Network Management Proto col 3-41 3 CLI – Us e th e snmp-ser ver use r com mand t o configur e a new use r name an d assign it to a group. Configuring SNM Pv3 Groups An SNMP v3 group se ts the ac cess policy for its ass igned use rs, restri cting them t o specific read and w rite view s.
Configuring the Switch 3-42 3 We b – Click SNMP , SNMPv 3, Group s. Click New to config ure a new group. In the New G roup page , define a na me, as sign a secur ity mo del and lev el, and t hen s elect read and write v iews. Cl ick Add t o save t he new g roup and retu rn to the G roups list.
Simple Network Management Proto col 3-43 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict user acce ss to spe cified por tions of the MIB tree. The prede fined view “defa ultview” includes ac cess to th e entire M IB tree. Command Attributes • View Name – The nam e of the SNMP view.
Configuring the Switch 3-44 3 CLI – Us e th e snmp-s erver vi ew comm and to co nfigure a ne w view. This example view incl udes the MIB-2 in terfaces tabl e, and the wildc ard mask select s all ind ex entries.
User Authent ication 3-45 3 Command Attributes • Account List – Show s the lis t of users th at are allow ed mana geme nt access . (Default s: admin, and guest ) • New Account – Displ ays configu ratio n settings for a new acc ount. - User Name – The name of the us er.
Configuring the Switch 3-46 3 Configuring Local/Remote Logon Authentication Use the Authe nticati on Setti ngs m enu to restr ict ma nageme nt acc ess based on specifie d us er nam es and passw ords.
User Authent ication 3-47 3 • RADIUS Settings - Server IP Address – Ad dress of authent ication serv er. (Default: 10.1 .0.1) - Server Port Numbe r – Networ k (UDP) port of auth entica tion serve r used for authenti cation mess ages.
Configuring the Switch 3-48 3 CLI – Specify all the required paramete rs to enable logon aut henticat ion. Configuring HTTPS Y ou can co nfigure t he switch to enable th e Secure H ypertext T ransfer Protocol (HTTPS ) over the Secure Soc ket Lay er (SSL) , providing se cure access (i.
User Authent ication 3-49 3 • The follow ing web browse rs and oper ating syst ems cur rently su pport HTTP S: • To specify a secure-s ite certifi cate, see “Re placin g the Defa ult Secure- site Certificat e” on page 3-49. Command Attributes • HTTPS Status – Allow s you to en able/dis able the HT TPS server feature on the switch.
Configuring the Switch 3-50 3 When you have obtained these, plac e them on your TFTP server , and use the followi ng comm and at the sw itch's co mmand -line inte rface to replace the default (unreco gnized ) certifica te with an aut horized on e: Note: The switch mus t be reset for the new cer tificate to be activated.
User Authent ication 3-51 3 Otherwi se, you n eed to ma nually create a known h osts file on the manage ment station and place th e host pu blic key i n it. An entr y for a pu blic key i n the know n hosts file wou ld appea r similar to t he followi ng examp le: 10.
Configuring the Switch 3-52 3 Notes: 1. To use SSH w ith only password authentication, the host public key must st ill be given to the client, either during in itial connection or manually entered into the known host file. However, you do not need to configure the client’s keys.
User Authent ication 3-53 3 We b – Clic k Security , Host-Key Set tings. Se lect the ho st-key typ e from the drop-down box, s elect the option to save th e host key f rom memory to flas h (if required ) prior to ge nerating the key , and then c lick Gene rate.
Configuring the Switch 3-54 3 Configuring the SSH Server The SSH se rver inc ludes ba sic setti ngs for au thentica tion. Field Attributes • SSH Server Status – Allo ws you to enab le/disab le the SSH server on the swi tch. (Default: En abled) • Version – The Secu re She ll vers ion number .
User Authent ication 3-55 3 CLI – This examp le ena bles SSH, sets the authen tication parame ters, and di splays the cur rent conf igura tion. It shows that t he adm inistrato r has made a conn ection via SHH, and then disabl es this con nection.
Configuring the Switch 3-56 3 • I f a p ort i s dis abl ed (s hut down) due to a secur ity viol atio n, i t mus t be manua lly re-enab led from the Port/Port Configura tion pag e (page 3- 81). Command Attributes •P o r t – Port num ber. •N a m e – Descri ptiv e text ( page 4 -150) .
User Authent ication 3-57 3 CLI – This exampl e sets th e command mode to Port 5, set s the port security act ion to send a tra p and disab le the por t, and sp ecifies a ma ximum address count, an d then enab les port se curity for the port. Configuring 802.
Configuring the Switch 3-58 3 The oper atio n of dot1 x on t he s witc h re quir es t he fol low ing: • Th e swi tch m ust ha ve an IP addr ess a ssig ned. • RADIUS au thentica tion mus t be enabl ed on the swi tch and the I P addre ss of the RADIUS server specified.
User Authent ication 3-59 3 We b – Click 80 2.1x, Inf ormatio n. Figure 3-35 802 .1X Inf ormati on CLI – Th is ex ampl e sh ows th e def aul t pr otoc ol s ettin gs f or d ot1x . For a de scrip ti on of the addi tional entr ies disp layed in the CLI, see “sho w dot1x ” on page 4-85 .
Configuring the Switch 3-60 3 Configuring 80 2.1x Glob al Settings The dot1x protoco l includes global paramet ers tha t control the client aut henticat ion process that runs bet ween the client and the swi tch (i.e., aut henticat or), as we ll as the clien t identity look up pro cess that ru ns betw een the swi tch and a uthentic ation server.
User Authent ication 3-61 3 We b – Select Security , 802.1x, Co nfigurat ion. Enabl e dot1x glob ally for the switch, modify an y of the param eters requi red, an d then click App ly . Figure 3-3 6 802 .1X Co nfigur ation CLI – This enab les re-aut henticat ion and se ts all of the global parameters for dot1x.
Configuring the Switch 3-62 3 • Supplicant – Indica tes the M AC addr ess of a con nected cl ient. • Trunk – Indi cate s if the po rt is co nfig ured as a trun k port . We b – Click Sec urity , 802.1x, Port Confi guration . Select the aut hentica tion mode fro m the dr op-do wn box an d cli ck Appl y .
User Authent ication 3-63 3 We b – Select Security , 802.1x, S tatis tics. Select th e required port an d then click Query . Click Refres h to update the st atisti cs. Figure 3 -38 8 02.1X Statist ics Rx EAP R esp/O th The n umber of v alid EA P Res ponse frames (ot her tha n Resp /Id fra mes) that have been receive d by this A uthen ticator.
Configuring the Switch 3-64 3 CLI – This examp le display s the d ot1x statistics for port 4. Filteri ng IP Addresses for Management Access Y ou can sp ecify the cl ient IP add ress es that are al lowed m anage ment ac cess to the switch thro ugh the web interf ace, SNMP , or T elnet.
User Authent ication 3-65 3 We b – Click Se curity , IP Filter . Enter the IP ad dresses or range of address es that are allowe d manage ment acc ess to an int erface , and click Add I P Filtering En try . Figure 3-3 9 IP F ilter CLI – Th is ex ampl e re stri ct s mana geme nt ac cess for T elnet cl ient s.
Configuring the Switch 3-66 3 Access Control Lists Access C ontrol Lists (AC L) prov ide packe t filtering for IP f rames (based on ad dress, protocol , Layer 4 prot ocol port number o r TCP contr ol code) or an y frames (b ased on MAC addre ss or Ethernet type).
Access C ontrol Lis ts 3-67 3 Setting the ACL Name and Ty pe Use the AC L Config uration page to de signat e the nam e and type of an ACL. Command Attributes • Name – Name of the AC L.
Configuring the Switch 3-68 3 and comp ared wit h the addre ss for each I P packet ent ering the port(s) to which this ACL ha s been as sign ed. We b – S pecify the action (i .e., Permit or Den y). Select the address type (Any , Host, or IP). If yo u se lect “H ost,” e nter a spe cific ad dress.
Access C ontrol Lis ts 3-69 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can con tain eith er all permit rules or all den y rules. (Def ault : Perm it r ule s) • Source/D estination A ddress Ty pe – Spec ifie s the sou rce or des tinat io n IP address .
Configuring the Switch 3-70 3 We b – S pecify the action (i.e. , Permi t or Deny). Specify the sourc e and/or destinat ion addr esses. Se lect the ad dress type ( Any , Host, or IP) . If you selec t “Host,” enter a s pecific address . If y ou s elect “IP ,” ent er a s ubnet addre ss and the mask for an addre ss range.
Access C ontrol Lis ts 3-71 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain all pe rmit rules or all deny rules . (Def ault : Perm it r ule s) • Source/D estinati on Ad.
Configuring the Switch 3-72 3 We b – S pecify the action (i.e. , Permi t or Deny). Specify the sourc e and/or destinat ion addr esses. Se lect the ad dress typ e (Any , Host, or MAC ). If you sele ct “Host,” enter a specif ic addres s (e.g. , 1 1-22- 33-44- 55-66 ).
Access C ontrol Lis ts 3-73 3 Configuring ACL Masks Y ou mus t specify masks that control th e order in w hich ACL ru les are ch ecked . The swi tch i ncl udes t wo s ystem defa ult masks that p ass/ filt er p ack ets matc hing the permit /deny rule s specifie d in an ingre ss ACL.
Configuring the Switch 3-74 3 Configuring an IP ACL Mask This mask d efines the fields to check in th e IP header. Command Usage • Masks t hat inclu de an entry for a Laye r 4 protocol source po rt or desti nation por t can only be applied to packets with a heade r lengt h of exact ly five bytes .
Access C ontrol Lis ts 3-75 3 We b – Con figure the m ask to ma tch the requ ired rule s in the IP ingress or egress ACLs. S et the mask to check f or any sour ce or dest ination a ddress, a specific host address , or an addr ess rang e.
Configuring the Switch 3-76 3 Configuring a MAC ACL Mask This mask d efines the fields to check in th e packet head er . Command Usage Y ou mus t configure a mask for an ACL rule be fore you can bind it to a po rt.
Access C ontrol Lis ts 3-77 3 CLI – This e xample s how s how to cre ate an Ingres s MAC ACL and b ind it t o a por t. You can the n see that the order of the rules ha ve been change d by the ma sk.
Configuring the Switch 3-78 3 We b – Click Security , ACL, P ort Binding. Mark t he E nable field f or the p ort yo u wan t to bind to an ACL for ing ress or egres s traffic, selec t the requi red ACL fro m the drop-do wn list, then click Appl y .
Port Configurati on 3-79 3 • Media Type 6 – Shows the forced /preferr ed port type to use for com binat ion ports 9-12. (Coppe r-Forced, Copper-P referred-Auto, SFP-Forc ed, SFP-Preferred-A uto) • Trunk Me mber 6 – Sh ows if por t is a trunk me mber.
Configuring the Switch 3-80 3 • Flow control – Shows if flow control i s enabled or disabled . • LACP – Shows if LACP is enab led or di sabled. • Port Security – Show s if port sec urity is en abled or dis abled. • Max MAC count – Sho ws the m axim um numb er of MA C address t hat can be learned by a port.
Port Configurati on 3-81 3 Configuring I nterface Connections Y ou ca n use the Po rt Conf iguration or Trunk Co nfigurat ion page to ena ble/disa ble an interface, set auto-ne gotiati on and the in terface capab ilities to adve rtise, or manually fix the spe ed, duplex m ode, and flow co ntrol.
Configuring the Switch 3-82 3 Note: Auto-negotiation must be disabled before yo u can configure or force the interface to use the Speed/Duplex Mode or Flow Control options. We b – Cli ck Po rt, Port Conf igur ati on or T run k Con figur ati on. Modif y th e re quir ed interface settings, and click Apply .
Port Configurati on 3-83 3 Creating Tr unk Groups Y ou can cr eate mu ltiple links betwee n device s that wor k as one vir tual, aggr egate link. A por t trunk offers a dram atic inc rease in bandwi dth for networ k segmen ts where b ottle necks e xist, a s w ell as provid ing a fault-to lerant link b etwee n tw o devices .
Configuring the Switch 3-84 3 Statically Configuring a Trunk Command Usage • When co nfigur ing stat ic trunk s, you may not be able to link sw itches of differe nt types , dependi ng on the m anufact urer’s implemen tatio n. Howev er, note th at the stat ic trunks on th is switch a re Cisco Et herChann el compatible.
Port Configurati on 3-85 3 CLI – This examp le creat es trunk 2 w ith ports 9 and 10. Just conn ect thes e ports to two static trun k ports on ano ther swi tch to form a t runk.
Configuring the Switch 3-86 3 We b – Clic k Port, LACP , Configurat ion. Sele ct any of the switch ports fro m the scroll-dow n por t list and c lick Add. After you h ave comple ted ad ding p orts to the member list, click Appl y . Figure 3-5 1 LA CP Trunk Config uratio n CLI – The follo wing exam ple ena bles LA CP for por ts 1 to 6.
Port Configurati on 3-87 3 Configuring LACP Pa rameters Dynami cally Creat ing a Port Chann el – Ports assigne d to a com mon port ch annel must meet the follow ing criter ia: • Ports must have the same LACP Syste m Priority. • Ports must have the same LACP port Admin Key.
Configuring the Switch 3-88 3 Web – Click Port , LACP , Aggr egation Po rt. Set the Sys tem Priority , Admin Key , and Por t Prio rit y for the Por t Acto r .
Port Configurati on 3-89 3 Displaying LACP Port Cou nters Y ou can disp lay statist ics for LACP proto col messag es. We b – Click Port, LACP , Port Counters Info rmation. Select a membe r port to disp lay the corres ponding informa tion. Figure 3 -53 L ACP - Port Co unters Informat ion CLI – This funct ion is not su pported by the CLI.
Configuring the Switch 3-90 3 Displaying LACP Settings and Status for the Lo cal Side Y ou can disp lay co nfigurat ion setting s and th e operat ional state for th e local sid e of an link aggr egation. T able 3-8 Interna l Confi guration I nforma tion Field Descr iption Oper Key Cu rrent o perational value o f the k ey for the agg regation p ort.
Port Configurati on 3-91 3 Web – Click Port, LACP , Port Inte rnal Informati on. Select a port channel to display the corres ponding informa tion. Figure 3-54 LAC P - Po rt Inter nal Inf ormati on CLI – This funct ion is not su pported by the CLI.
Configuring the Switch 3-92 3 Displaying LACP Settings and Status for the Rem ote Side Y ou can disp lay co nfigurat ion setting s and the op eratio nal state for th e remote si de of an link ag gregatio n. We b – Clic k Port, LACP , Port Neighbo rs Inform ation.
Port Configurati on 3-93 3 Setting Broadcast Storm Thresholds Broadca st storms may oc cur when a de vice on your net work is m alfunction ing, or if applicat ion progra ms are no t well desi gned or pro perly co nfigured .
Configuring the Switch 3-94 3 CLI – S pecify an y interface , and then enter th e thresho ld. The foll owing dis ables broadca st storm control fo r port 1, and th en sets broadc ast su ppression at 600 packets per sec ond for po rt 2.
Port Configurati on 3-95 3 Configuring Port Mirroring Y ou can m irror traffic fro m any sour ce port to a target port for re al-time an alysis . Y ou can the n attach a logic an alyze r or RMON probe to the target port and s tudy the traffic crossi ng the source port in a comp letely u nobtrus ive m anner .
Configuring the Switch 3-96 3 Configuring Rat e Limits This funct ion allows the netwo rk manag er to cont rol the maxi mum r ate for traffic transmi tted or rec eived on an interfa ce. Rate limi ting is co nfigured on interfa ces at the edge o f a networ k to limit tra ffic into or out of the s witch.
Port Configurati on 3-97 3 Showing Port Statistics Y ou can disp lay standa rd statistics on netw ork traffic from th e Interfac es Grou p and Ethernet- like MIBs, as well as a detailed breakd own of traffic bas ed on the RM ON MIB. Inter faces an d Etherne t-like statisti cs display errors on the traffic passing throug h each port.
Configuring the Switch 3-98 3 Transmit Disc arded Pac kets The number o f out bound pack ets w hich were cho sen to be discar ded even though no errors had b een de tected to preven t their b eing t ransmit ted. One poss ible rea son fo r disca rding such a pac ket cou ld be t o free up buffer spa ce.
Port Configurati on 3-99 3 Received Frame s The total numbe r of fra mes (bad, broadc ast an d multi cast) recei ved. Broadcas t Frame s The total numbe r of go od fram es rec eived t hat were d irected to the broadcas t addre ss. No te that this does not inc lude mu lticast packe ts.
Configuring the Switch 3-100 3 We b – Clic k Port, Port St atistics . Select the re quired inter face, and c lick Quer y . Y o u can also use the Re fresh button at the bot tom of the page to updat e the scre en.
Address T able Settings 3-101 3 CLI – Th is ex ampl e show s st at isti cs f or po rt 12 . Address Table Settings Switche s store the add resse s for all know n devic es. This inf ormatio n is used to pass traffic directly between th e inboun d and outbo und por ts.
Configuring the Switch 3-102 3 We b – Clic k Address T ab le, S tatic Addres ses. Specify the inter face, the MAC addr ess and V LAN, t hen clic k Add S t atic Addr ess . Figure 3 -60 S tatic A ddress es CLI – This exam ple add s an addres s to the static add ress table, but sets it to be deleted when t he switch is re set.
Address T able Settings 3-103 3 We b – Click Ad dress T able, D ynamic Addres ses. Specify the sea rch type (i.e., mark the Inte rfac e, M AC Add res s, or VLAN chec kbox) , se lect th e meth od of sort ing the displaye d addre sses, an d then click Quer y .
Configuring the Switch 3-104 3 Changing the Aging Time Y ou can se t the aging t ime for en tries in the dy nam ic addre ss table. Command Attributes • Aging Status – Enab les/disa bles the aging f unction . • Aging Time – The time afte r which a lear ned entr y is discard ed.
Spanning Tree Algorithm Configurati on 3-105 3 Once a stable network t opology has bee n establishe d, all bridge s listen for He llo BPDUs (Bri dge Protoco l Data Units) transmit ted from the Root Bridge .
Configuring the Switch 3-106 3 • Hello Time – Interval (in seco nds) at w hich the ro ot devic e transmi ts a configur ation mes sage. • Forward Delay – The maximum t ime (in se conds) t he root devic e will wait before changin g states (i.e., discar ding to lea rning to forwa rding) .
Spanning Tree Algorithm Configurati on 3-107 3 inf orma tion tha t woul d mak e it ret urn t o a d isca rdin g st ate; othe rwi se, t empor ary data l oo ps m ig ht res ul t. • Root Hold Time – Th e inte rval (in secon ds) d uring w hich n o mor e than two bridge configur ation prot ocol data un its sha ll be trans mitted by th is node.
Configuring the Switch 3-108 3 CLI – This command displays global ST A settings, followed by settings f or each port . Note: The current root por t and current root cost display as zero when this device is not connected to the network. Configuring Globa l Settings Global s ettings ap ply to the en tire swit ch.
Spanning Tree Algorithm Configurati on 3-109 3 • Multiple S panni ng T ree Pr otocol - To a llow mul tiple spa nning tree s to oper ate over the netwo rk, you must con figure a related se t of bridge s with the sam e MSTP co nfigur ation, all owing the m to participat e in a spec ific set of sp anning t ree instan ces.
Configuring the Switch 3-110 3 • Forward Delay – The maximum time (in s econds) this d evice will wai t before changin g states (i.e., discar ding to lea rning to forwa rding) . This dela y is requir ed because e very de vice mu st receiv e informa tion abo ut topolog y chang es befor e it starts to forward frames.
Spanning Tree Algorithm Configurati on 3-111 3 We b – Clic k S panning Tree, ST A, Con figuratio n. Modify th e required attributes , and click Apply .
Configuring the Switch 3-112 3 CLI – Th is e xampl e en able s S p anni ng T ree Pr otoc ol, set s th e mod e to MST , a nd then configu res the ST A and MSTP parameters. Displaying Int erface Settings The S T A Port Infor mation and ST A Trunk Inform ation pag es dis play the cur rent status of ports and tru nks in th e S panning Tree.
Spanning Tree Algorithm Configurati on 3-113 3 • Oper Link Type – Th e operat ional point -to-poin t status of th e LAN segm ent atta che d to t his in ter face . Thi s par amete r is deter min ed by m anual conf igur ati on or by auto-de tection, as d escrib ed for Admin L ink Type in ST A Port Co nfigurati on on page 3-11 5.
Configuring the Switch 3-114 3 • Priority – Def ines the pr iority used for t his por t in the S panning Tree A lgorithm . If the path cost for all ports on a sw itch is the sa me, t he po rt with the hig hest pri ority (i.e., lowest value) will be configured as an a ctive link in the Spanning Tree.
Spanning Tree Algorithm Configurati on 3-115 3 CLI – This examp le show s the ST A attribut es for port 5. Configuring I nterface Settings Y ou can co nfigure R STP a nd MST P attributes fo r specific i nterface s, including port priority , path cost, link typ e, and edge port.
Configuring the Switch 3-116 3 Protoco l is detecti ng networ k loops. Where m ore than one port is as signed t he highest pr iority, th e port with low est nume ric ide ntifier will be en able d. • Default: 128 • Range: 0- 240, in s teps of 16 • Path Cost – Th is parame ter is used by the STP to de termine th e best path between d evices .
Spanning Tree Algorithm Configurati on 3-117 3 We b – Click Sp anning T ree, ST A, Port Configuration or Tr unk Configuration. Modify the required attribut es, then cl ick Apply . Figure 3 -66 S T A Port C onfigu ration CLI – This examp le sets ST A attributes for port 7.
Configuring the Switch 3-118 3 T o ensure that the MSTI ma intain s connectivity across the networ k, you mus t configure a relat ed set of bri dges with the sa me MSTI settings. Command Attributes • MST Instan ce – Ins tance ident ifier of th is spannin g tree.
Spanning Tree Algorithm Configurati on 3-119 3 CLI – This displays ST A se ttings f or instance 1, followed by settin gs for each port. CLI – Th is ex ampl e se ts t he pr ior ity for MSTI 1 , an d add s VL ANs 1- 5 to thi s MSTI .
Configuring the Switch 3-120 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MS TP T runk I nformat ion pages displa y the curr ent status of por ts and trunks in th e selected M ST ins tance. Field Attributes • MST Instan ce ID – Instance identifie r to configure .
Spanning Tree Algorithm Configurati on 3-121 3 Configuring I nterface Settings for MSTP Y ou can co nfigure t he ST A int erface set tings for an M ST Instanc e using the M STP Port Confi guration and MST P T runk C onfigura tion pages.
Configuring the Switch 3-122 3 • MST Path Cost – This par ameter i s used b y the MSTP t o determi ne the best pa th between d evices . Theref ore, low er values shoul d be assi gned to ports a ttached to faster m edia, and hi gher values assi gned to por ts with slow er media.
VLAN Configurati on 3-123 3 VLAN Configuration Configuring I EEE 802.1Q VLANs In large netw orks, routers ar e used to is olate broa dcast traffic for each su bnet into separate doma ins. This swi tch provide s a similar servi ce at Layer 2 by using VLANs to organ ize any group of netw ork nodes into separat e broadca st doma ins.
Configuring the Switch 3-124 3 Note: VLAN-tagged frames c an pass through VLAN-awa re or VLAN-unaw are network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host that does not support VLAN tagging.
VLAN Configurati on 3-125 3 these hos ts, and core sw itches i n the netwo rk, enab le GVRP on the link s between these dev ices. Y ou should al so deter mine se curity bou ndarie s in the netwo rk and disable G VRP on th e bound ary ports to prev ent adv ertisemen ts from bein g propagate d, or forbid thos e ports from joining re stricted VLA Ns.
Configuring the Switch 3-126 3 Enabling or Di sabling GVRP (Gl obal Settin g) GARP VLAN Regist ration Proto col (GVRP) def ines a way for switche s to excha nge VLAN infor mat ion i n order to reg ister VLAN member s on por ts acros s the ne twork .
VLAN Configurati on 3-127 3 CLI – Enter the fo llowing co mman d. Displaying Current VLANs The VLAN Cu rrent T able show s the curr ent port me mbers of each VLAN an d whether or not the port su pports VLAN taggi ng. Ports assign ed to a large VL AN group th at crosses s evera l switches should use VLAN tagging .
Configuring the Switch 3-128 3 Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4094 , no leadin g zeroes). • Type – Show s how this VLAN was ad ded to the sw itch. - Dynamic : Automa tically le arned via GVRP. - Static : Added as a s tatic e ntry.
VLAN Configurati on 3-129 3 We b – Click VL AN, 802.1Q VLAN, St atic List. T o create a ne w VLAN, en ter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lic k Add . Figure 3 -73 V LAN St atic Li st - Cre ating VLA Ns CLI – Th is ex ampl e cr eate s a ne w VLAN .
Configuring the Switch 3-130 3 Command Attributes • VLAN – ID of con figured VL AN (1-4094 , no leadin g zeroes). • Name – Name of t he VLAN (1 to 32 characters). • Status – Enabl es or disab les the speci fied VLAN. - Enable : VLAN is oper ationa l.
VLAN Configurati on 3-131 3 CLI – The followin g exam ple adds tagged and untagged ports to VLAN 2. Adding Static Members to VLANs (Po rt Index) Use the VLAN S tatic Membershi p by Port men u to assign VL AN groups to the selected interface as a tagged membe r .
Configuring the Switch 3-132 3 Configuring VLAN Be havior for Interfaces Y ou can conf ig ure VLA N beha vior for sp ecif ic in terf aces , in clud ing th e defa ult VL AN identifier ( PVID), acce pted fra me type s, ingress filtering, GVR P status , and GARP time rs .
VLAN Configurati on 3-133 3 Leave or Leave All mess age ha s been issued , the ap plican ts can r ejoin bef ore the port actua lly leave s the grou p. (Range : 60-3000 centis econds; Default: 60 ) •.
Configuring the Switch 3-134 3 CLI – Th is examp le sets p ort 3 to acce pt onl y tagged fr ames, assign s PVI D 3 as the nati ve VL AN ID , e na bles G VR P , sets the GA R P t ime rs, a nd t hen s ets the sw it chp ort mode to hybri d.
VLAN Configurati on 3-135 3 Configuring Upli nk and Downl ink Ports Use the P riva te VL AN Li nk S tat us p age to s et po rt s as d ownl ink or up lin k port s. Ports design ated as d ownlin k ports can not com muni cate with a ny ot her ports on t he swi tch ex cept f or th e upli nk por ts .
Configuring the Switch 3-136 3 Configuring Protoc ol Groups Create a pr otocol gr oup for on e or more pro tocols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type us ed by this prot ocol.
VLAN Configurati on 3-137 3 - If the f rame is untagg ed and t he protocol type match es, the fra me is forwa rded to the appro priate VLAN . - If the f rame is untag ged but the protoc ol type do es not mat ch, the fra me is forwarded to the defaul t VLAN for this interface.
Configuring the Switch 3-138 3 Class of Service Config uration Class of Service (C oS) allows you to sp ecify whic h data packets have greater precede nce when traffic is buffered in the s witch due to conges tion. This switch supports Co S with eig ht priority que ues fo r each por t.
Class of Servi ce Configur ation 3-139 3 We b – Click Priority , Default Port Priori ty or Default T runk Priority . Modify the default priority for any inte rface, then clic k Apply . Figure 3-8 1 De fault P ort Pri ority CLI – Th is ex ampl e assi gns a de faul t pri ori ty o f 5 t o port 3.
Configuring the Switch 3-140 3 Mapping CoS Values to Egress Queues This switc h process es Class of Service (CoS) prior ity tagged traffic by usin g eigh t priority qu eues for each por t, with servi ce sch edules b ased on strict or Weigh ted Round Ro bin (WRR ).
Class of Servi ce Configur ation 3-141 3 We b – Clic k Priority , T raffic Classes. Ma rk an interfa ce and cl ick Select to display the curren t mapping of CoS value s to outp ut queues . Assign priorities to the traffic classes (i.e., out put queue s) for the se lected interface , then click Ap ply .
Configuring the Switch 3-142 3 Selecting th e Queue M ode Y ou can se t the switc h to service the que ues bas ed on a strict ru le that req uires all traffic in a higher pr iority qu eue to be proce ssed b efore lo wer priorit y queue s are serviced, or use Weigh ted Round -Robi n (WRR ) queuin g that speci fies a rela tive weight o f each queu e.
Class of Servi ce Configur ation 3-143 3 We b – Clic k Priority , Queue Sched uling. Sel ect the inte rface, highl ight a traffic clas s (i.e., output queue ), enter a weigh t, then cl ick Apply . Figure 3- 84 Q ueue S chedu ling CLI – The followi ng exam ple show s how to ass ign WR R weig hts to each of the priority qu eues.
Configuring the Switch 3-144 3 Layer 3/4 Priori ty Settings Mapping Layer 3/4 Pr iorities to CoS Va lues This swi tch suppo rts several c ommon method s of priorit izing laye r 3/4 traffic to m eet applicat ion requirem ents.
Class of Servi ce Configur ation 3-145 3 Mapping IP Preceden ce The T ype of Se rvic e (T oS) octet in the IP v4 head er in clude s thr ee prec edenc e bit s defining eight different priority le vels rangi ng from hi ghest pr iority for ne twork control pac ket s t o lo west pri ori ty fo r ro uti ne tr af fic .
Configuring the Switch 3-146 3 CLI – The followi ng exam ple glob ally enables I P Prece dence ser vice on the sw itch, maps IP Prec edence va lue 1 to CoS v alue 0 (on port 1), and t hen disp lays the IP Pre ceden ce set ting s.
Class of Servi ce Configur ation 3-147 3 We b – Cl ick Pri ori ty , IP DS CP Pr iori ty . Sel ec t an en tr y fr om t he DS CP tab le, ent er a value in th e Class of Serv ice V alue field, then cl ick Apply .
Configuring the Switch 3-148 3 Mapping IP Port Priority Y ou can also map ne twork app licatio ns to Clas s of Service values bas ed on th e IP port numb er (i.e., TCP/UD P port nu mber) in the frame head er . Some of the mor e common TC P service ports include: HTTP: 80, FTP : 21, T e lnet: 23 and PO P3: 1 1 0.
Class of Servi ce Configur ation 3-149 3 CLI – The followin g exam ple global ly enables IP Port Priorit y service on t he switch, maps HTTP traf fic ( on port 1) to CoS value 0, and then displays th e IP Port Priorit y settings .
Configuring the Switch 3-150 3 We b – Click Priority , ACL CoS Priority . Select a port , select an ACL rule, specify a CoS priority , then click Add. Figu re 3- 90 ACL C oS Pri orit y CLI – Th is e xampl e assi gns a CoS val ue of z ero to p ack et s matc hing rul es wi thi n the specif ied ACL on po rt 1.
Class of Servi ce Configur ation 3-151 3 Command Attributes • Port – Port i dentifier. • Name 16 – N ame of ACL. • Type – Type of ACL (IP or MAC) . • Preceden ce – IP Pr ecede nce value . (Range: 0- 7) • DSCP – D ifferent iated Se rvices Code Point value .
Configuring the Switch 3-152 3 Multicast Filtering Multicast ing is used to s uppor t real- time applicat ions s uch as videoc onfe rencing or streaming audi o.
Mult ica st Fi lte ring 3-153 3 Based on t he group m ember ship info rmation learned from IGM P , a router /switch ca n determi ne which ( if any) mu lticast tr affic needs to be fo rwarded to each of its ports.
Configuring the Switch 3-154 3 Configuring IG MP Snooping and Query Parame ters Y ou can co nfigure t he switch to forward m ulticas t traffic intellige ntly . Based on the IGMP quer y and repo rt me ssage s, t he swi tch for wards traf fi c on ly t o the por ts t hat request multicast traffic.
Mult ica st Fi lte ring 3-155 3 We b – Click IGMP Snooping, IGMP Confi guration. Adjust the IGMP settings as required , and then click Apply . (The default settings are show n below .) Figure 3 -92 I GMP C onfigu ration CLI – Th is examp le mo difies t he set tings fo r mult icast fil tering, an d th en disp lays the current status .
Configuring the Switch 3-156 3 Displaying Interfaces Attac hed to a Mu lticast Router Multicast routers t hat are attach ed to ports on th e switch use inform ation ob tained fro m IGM P , al ong with a mu ltic ast rout ing prot ocol suc h as D VMRP or PI M, to supp ort IP mul tic asti ng a cros s th e Int ern et.
Mult ica st Fi lte ring 3-157 3 Specifying Static Inter faces for a M ulticast Router Depend ing on you r netw ork conn ection s, IGMP snooping may n ot always be able t o locate the IGMP quer ier .
Configuring the Switch 3-158 3 Displaying Port Members o f Multicast Se rvices Y ou can disp lay the po rt memb ers ass ociated with a spe cified VLA N and mu lticast serv ice. Command Attribute • VLAN ID – Sele cts the VLAN for which to di splay port members.
Mult ica st Fi lte ring 3-159 3 Assigning Po rts to Mul ticast Service s Multicast filtering ca n be dyna mically co nfigured using IGM P Snoop ing and IGMP Query me ssage s as describ ed in “C onfigur ing IGMP Sn ooping an d Que ry Parame ters” on page 3 -154.
Configuring the Switch 3-160 3 Layer 3 IGMP (Query used wi th Multicas t Routing) IGMP Snoo ping – IGMP Snoo ping is a La yer 2 funct ion (page 3-154 ) that ca n be used to prov ide mul ticast filter ing whe n no other sw itches in the network s uppor t multicast routing.
Mult ica st Fi lte ring 3-161 3 • Last Memb er Quer y In ter val – A mul ticast client sen ds an IGMP l eave m essage when it l eave s a group . Th e rout er t hen c hecks to s ee i f thi s wa s th e last hos t i n the grou p by sendi ng an IGMP query and starting a timer bas ed on this comma nd.
Configuring the Switch 3-162 3 We b – Click IP , IGMP , Interface Setti ngs. S pecif y each interface that will supp ort IGMP ( Laye r 3), s pecify the IGMP parameter s for each interfa ce, th en c lick App ly . Figure 3 -97 IG MP In terface Settings CLI – This example configures the IGMP p arameters for VLAN 1.
Mult ica st Fi lte ring 3-163 3 Displaying Multicast G roup Informatio n When I GMP (La yer 3 ) is enab led on this s witch the curren t mul ticast g roups learn ed via IGMP ca n be displ ayed in the I P/IGMP/G roup In format ion page.
Configuring the Switch 3-164 3 Configuring Domain Name Service The Domain Naming System ( DNS) service on thi s switch allows host n ames to be mapped to IP addre sses u sing static table entrie s or by re direction t o other na me server s on the net work.
Configuring Doma in Name Serv ice 3-165 3 We b – Select DNS, Gener al Config uration. Set the defau lt domai n name or list of domain nam es, spe cify on e or more name serv ers to us e to use for add ress resolution , enab le doma in lookup status , and click Apply .
Configuring the Switch 3-166 3 Configuring Sta tic DNS Host to Address Entries Y ou can m anually co nfigur e static entries i n the DNS table that are used to ma p domai n names to IP addres ses.
Configuring Doma in Name Serv ice 3-167 3 We b – Select DNS, S tatic Host T able. Enter a host nam e and one or more corres ponding addres ses, t hen click Ap ply . Figu re 3 -100 DN S Stat ic Ho st T able CLI - Th is ex ample map s t wo addr ess to a host name, and the n conf igur es a n al ias host nam e for th e same add resse s.
Configuring the Switch 3-168 3 Displaying the DNS Cache Y ou can disp lay en tries in the DN S cac he that have b een lea rned via the designa ted name ser vers. Field Attributes •N o – The entr y number for each res ource rec ord. • Flag – Th e flag is alway s “4” indic ating a cache entry and theref ore unreliab le.
Dynamic Ho st Configura tion Protocol 3-169 3 CLI - This exam ple displa ys all the reso urce reco rds lear ned from the desig nated name se rvers. Dynamic Host Configurati on Protocol Dynami c Host C.
Configuring the Switch 3-170 3 Command Usage Y o u must speci fy the IP address for at l east one DHCP server . Otherwise, t he switch’ s DHCP relay agent wi ll not forwar d client request s to a DHCP server . Command Attributes • VLAN ID – ID of confi gured VLAN .
Dynamic Ho st Configura tion Protocol 3-171 3 Configuring the DHCP Server This switch includes a Dynamic Host Configuration Protocol ( DHCP) server that can assign temp orary IP addr esse s to a ny a ttached host r eques ting ser vice.
Configuring the Switch 3-172 3 We b – Click DHCP , Server , General. Enter a single address or an addr ess range, and click Ad d. Figure 3-1 03 DH CP Se rver G eneral Co nfigur ation CLI – This examp le ena bles the DH CP and sets a n exclude d address range.
Dynamic Ho st Configura tion Protocol 3-173 3 Configuring Addre ss Pools Y ou mus t configure I P address pools for each IP inte rface that will provid e address es to attached clients via the DH CP serve r . Command Usage • First conf igure addr ess po ols for the network int erface s.
Configuring the Switch 3-174 3 • Client-Identifier – A unique desi gnation f or the client device, ei ther a text string (1-15 ch aracters) or hex adecimal value. Setting the Optional Parameter s • Default R outer – The IP ad dress of t he p rimary and al ternate gat eway router.
Dynamic Ho st Configura tion Protocol 3-175 3 Configurin g a Networ k Address Pool We b – Click DHCP , Server , Pool Configu ration. Click the Configure button for a ny entry . Click the rad io button f or “Net work.” Enter the I P addr ess and sub net ma sk for the netwo rk pool.
Configuring the Switch 3-176 3 Configurin g a Host Ad dress Pool We b – Click DHCP , Server , Pool Configu ration. Click the Configure button for a ny entry . Click the r adio button for “Host.” En ter the IP address, subnet mask, and hardwar e addre ss for the cli ent devi ce.
Dynamic Ho st Configura tion Protocol 3-177 3 Displaying Addres s Bindings Y ou can disp lay the ho st dev ices which h ave acq uired an I P address from thi s switch’ s DHCP server . Command Attributes • IP A d dre ss – IP addres s assigne d to host .
Configuring the Switch 3-178 3 Configuring Router Redund ancy Router r edundanc y protoc ols use a vi rtual IP ad dress to support a primary r outer and multipl e backu p routers. The backup rou ters can be co nfigured to take over the work load if the m aster rout er f ails , or can also b e co nfig ured to sha re t he tr af fi c load .
Configuring Rout er Redundan cy 3-179 3 • Se vera l vir tual master rout ers conf ig ured f or mutua l back up and l oad sha ring . Load sharin g can be a ccom plished b y assi gning a s ubset of addres ses to di fferent host address pools using the DHCP server.
Configuring the Switch 3-180 3 • VRRP creates a virtual MAC address for the mas ter rou ter based on a standa rd prefix, wit h the last oc tet equal to t he group I D. When a ba ckup ro uter takes over as the maste r, it c ontinues to for ward traffic a ddre ssed to this virtual M AC address .
Configuring Rout er Redundan cy 3-181 3 Command Attributes ( VRRP Group Configuration Detail ) • Associat ed IP Table – IP interfac es asso ciated wit h this virtu al router g roup.
Configuring the Switch 3-182 3 We b – Clic k IP , VRRP , Gr oup Configu ration. Se lect the VLA N ID, enter the VR ID group num ber , and click Add. Figure 3-108 VR RP Gr oup Co nfigur ation.
Configuring Rout er Redundan cy 3-183 3 Click the Ed it button for a gr oup entr y to open the de tailed config uration w indow. Enter the IP address o f a real interfa ce on th is router to m ake it the mas ter virt ual router fo r the group. Otherw ise, enter th e virtual address f or an exist ing group to make it a b ackup router .
Configuring the Switch 3-184 3 CLI – This example creates VR RP group 1, set s this switch as t he master virtual router by assigning the primary i nterface address for the selected VLAN to the virtual IP address.
Configuring Rout er Redundan cy 3-185 3 CLI – This example displays count ers for protocol er rors for al l the VRRP groups configured on this switch. Displaying VRRP Group Statisti cs The VRRP Group S tatistics page display s counte rs for VRR P protoc ol events and errors t hat h ave o ccurred on a spec ific VRR P in terface.
Configuring the Switch 3-186 3 We b – Clic k IP , VRRP , Gr oup S tatistics. Sele ct the VLAN and virtual rout er group . Figure 3-11 1 VRRP Gro up Statist ics CLI – This example displays VRRP protocol statistics for gr oup 1, VLAN 1.
Configuring Rout er Redundan cy 3-187 3 Command Usage Addr ess A ssig nment – • The des ignated vi rtual IP a ddress m ust be co nfigured o n at leas t one router in the virtual rou ter grou p. If an IP add ress is n ot specified , the desi gnated address i s learned th rough th e excha nge of HS RP mes sages.
Configuring the Switch 3-188 3 stops se nding hel lo messag es or se nds other messag es indic ating that it is no longer act ing as the des igna ted router . • You can add a delay to the preem pt functi on to give add itional time to rece ive an advert isement messa ge from the c urrent m aster before takin g contr ol.
Configuring Rout er Redundan cy 3-189 3 • Authen tication S tring – Key us ed t o aut henti cat e HSR P pack ets recei ved f rom other rout ers. (Ra nge: 1-8 alphanume ric char acters ) - All rou ters in the same HSR P group must be co nfigur ed with the s ame authenti cation st ring.
Configuring the Switch 3-190 3 We b – Clic k IP , HSRP , Group Confi guration . Select the VLA N ID, en ter the HSR P group num ber , and click Add. Figure 3 -1 12 H SRP G roup Con figura tion.
Configuring Rout er Redundan cy 3-191 3 Click the E dit butto n for a group entry to op en the detailed con figuratio n window. Set the values fo r the advertis emen t interval, pree mption, priority , and authentic ation as required . Enter the virtual IP addre ss for the group .
Configuring the Switch 3-192 3 CLI – This example creates H SRP group 1, set s the virtual router’s address, adds a secondary IP address to the group, specifies an interface for tracking, set s all the other HSRP parameters, and then d isplays the configured settings.
IP Routing 3-193 3 IP Routing Overview This switc h suppo rts IP routing an d routing path managem ent vi a static routing definitio ns (page 3-21 1) and dyna mic rout ing such as RIP (page 3-21 3) or OSP F (page 3-223 ).
Configuring the Switch 3-194 3 IP Swit chin g IP Switchi ng (or pac ket forw arding ) encom passes tasks required t o forwa rd packe ts for both Lay er 2 and Lay er 3, as w ell as traditi onal routing .
IP Routing 3-195 3 the high throug hput and lo w laten cy of s witching by e nablin g the t raffic to b ypass the routing en gine once the path calcu lation has been per formed.
Configuring the Switch 3-196 3 Basic IP Interf ace Configuration T o allow routing betw een di fferent IP subne ts, you must enab le IP Routi ng as described in this sect ion. Y ou a lso need t o you defi ne a VLAN f or each IP subnet that will b e connected dir ectly to this switch.
IP Routing 3-197 3 Configuring I P Routing Interfaces Y ou can sp ecify the I P subne ts connecte d to this ro uter by man ually as signing an IP address to e ach V LAN, or b y usi ng t he RIP or OSPF.
Configuring the Switch 3-198 3 We b - Click IP , General, Routin g Interface. S pecify an IP in terface for e ach VLAN that will sup port rou ting to other subne ts.
IP Routing 3-199 3 Address Resolut ion Protocol If IP routin g is enabled (page 3-196) , the route r uses its routi ng tables to make routing de cision s, and use s Address R esolu tion Pro tocol (AR P) to forw ard traffic from one hop to the n ext. ARP is used to ma p an IP a ddres s to a p hysical l ayer (i.
Configuring the Switch 3-200 3 Basic ARP Config uration Y ou can us e the ARP Ge neral co nfiguratio n menu to spe cify the tim eout fo r ARP cac he en tri es, or to enab le P roxy ARP f or sp ecif ic VLAN inte rfac es. Command Usage • The aging time dete rmines ho w long dy namic entries re main the ca che.
IP Routing 3-201 3 Configuring Stat ic ARP Address es For devices that do not re spond to ARP requests, tr affic will be dropped because the IP addres s cann ot be map ped to a phys ical ad dress. If thi s occurs , you can manuall y map an IP address t o the corr espondi ng phy sical addr ess in the A RP .
Configuring the Switch 3-202 3 Displaying Dyna mically Learned ARP Entries The ARP c ache cont ai ns ent rie s th at ma p IP a ddre sses t o t he co rres pondi ng physica l address. Mo st of these entries will be dynamically lea rned through re plies to broadcast messa ges.
IP Routing 3-203 3 CLI - This exampl e shows all ent ries in the ARP c ache. Displaying Local ARP Entries The A RP cac he al so cont ai ns en tri es for loca l int erfa ces, incl udin g subne t, host, and broadca st a ddresse s. Command Attributes • IP A d dre ss – IP addres s of a loca l entry in the ca che.
Configuring the Switch 3-204 3 CLI - This router uses the T ype sp ecificati on “other” to indicate loc al cache entries in the ARP cach e. Displaying ARP Statistics Y ou can disp lay statisti cs for ARP mes sages crossin g all interface s on this router .
IP Routing 3-205 3 CLI - This exampl e provid es detailed statist ics on comm on IP -related protoco ls. Displaying Stat istics for IP Protocols IP Statistics The Intern et Protocol (IP) provid es a mecha nism f or transm itting blocks of data (often cal led pack ets or fr ames) from a sour ce to a d estinat ion, w here t hese networ k devices (i.
Configuring the Switch 3-206 3 Datagram s Forw arded The number of inpu t datag rams for w hich th is entit y was n ot their fin al IP destinatio n, as a result of whic h an attem pt wa s made to find a route to forwar d them to that fin al dest ination .
IP Routing 3-207 3 We b - Click IP , S ta tistics, IP . Figure 3-1 21 IP Statis tics CLI - See the exam ple on page 3-204 . ICMP Statistic s Internet C ontrol M essage Pro tocol (IC MP) is a netw ork laye r protocol that transm its mess age p ack et s to repor t e rrors in proces sing IP pac ket s.
Configuring the Switch 3-208 3 We b - Click IP , S ta tistics, I CMP . Figure 3 -122 ICMP S tatisti cs CLI - See the exam ple on page 3-204 . Timestamps Th e number of ICMP Timestam p (requ est) m essage s received /sent. Timestamp Re plies The number of ICM P Timestam p Rep ly mes sages rece ived/s ent.
IP Routing 3-209 3 UDP Statistics User Datagr am Protoco l (UDP) provides a da tagram mod e of packet- switche d commu nic ation s. I t us es IP as t he un derl ying tran spor t me chani sm, prov idin g access to I P-like services.
Configuring the Switch 3-210 3 TCP Statistics The Transmission C ontrol Pro tocol (TCP ) provide s highly re liable hos t-to-ho st connect ions i n packet -switch ed net work s, and is us ed in conj unction with IP t o support a wide varie ty of Inter net protoc ols.
IP Routing 3-211 3 Configuring Sta tic Routes Thi s rout er can d ynami call y co nfig ure rout es to other net wor k segme nt s usi ng dynamic r outing pro tocols (i.e ., RIP or OS PF). Howev er , you can also manual ly enter static ro utes in the routing table.
Configuring the Switch 3-212 3 Displaying the Rout ing Table Y ou can d isplay all the rou tes tha t can b e access ed vi a the local networ k interf aces, via static routes , or via a dyna mical ly learne d route.
IP Routing 3-213 3 CLI - This exampl e shows r outes obtain ed from var ious me thods. Configuring t he Routing Information Protocol The RIP pro tocol is the m ost wide ly used rout ing protoc ol. The RIP pr otocol use s a distance-v ector-bas ed appr oach to r outing.
Configuring the Switch 3-214 3 routing loops may occu r , and its small h op cou nt limitation of 15 restric ts its use to smaller net work s. Moreov er , RIP (version 1) wast es valuab le netwo rk bandw idth by pro pagating routing inform ation via b roadcas ts; it a lso co nsider s too few network variables to make t he best ro uting deci sion.
IP Routing 3-215 3 We b - C lick Ro uting Protoc ol, RIP , Ge neral Se ttings. Enab le or disabl e RIP , set th e RIP version used on previousl y unset inte rfaces to RI Pv1 or RIPv 2, set the ba sic update time r, and th en click App ly.
Configuring the Switch 3-216 3 Specifying Network I nterfaces for R IP Y ou must speci fy netwo rk in terf aces tha t wi ll be inc lude d in the RIP ro utin g pr ocess . Command Usage • RIP only s ends up dates to interfaces sp ecifi ed by this com mand.
IP Routing 3-217 3 Configuring Netw ork Interfaces for RIP For each inte rface that participates in the RIP routing pro cess, you must spec ify the protocol messag e type ac cepted ( i.
Configuring the Switch 3-218 3 Protocol Messa ge A uthentic ation RIPv1 is n ot a secure pr otocol . Any device se nding pr otocol message s from UDP por t 520 will be cons ider ed a rout er by its n eigh bors. Mali cio us or unw ant ed prot ocol messag es can be easily pro pagated througho ut the ne twork if no au thentica tion is required .
IP Routing 3-219 3 • Authen tication K ey – Specifies the key to use for authe nticati ng RIPv2 packe ts. For auth entication to functio n proper ly, both the se nding and receiving interfac e must use t he same pa ssw ord. (Ran ge: 1-16 character s, case sen sitive) We b - C lick Ro uting Protoc ol, RIP , Inter face Sett ings.
Configuring the Switch 3-220 3 Displaying RIP Information a nd Statistics Y ou can disp lay ba sic infor mation ab out the cu rrent glo bal conf iguration se tting s for RIP , sta tistics a bout r out.
IP Routing 3-221 3 We b - C lick Ro uting Prot ocol, RIP , S tatistics. Figure 3 -130 R IP Sta tistics.
Configuring the Switch 3-222 3 CLI - The informa tion displa yed by the R IP S tatistics scr een via the w eb interfa ce can be acce ssed from the C LI u sing the fo llowing comma nds.
IP Routing 3-223 3 Configuring t he Open Shortest Path First Protocol Open Sho rtest Path Firs t (OSPF) is more suited for la rge area ne tworks wh ich experienc e freque nt cha nges in the l inks.
Configuring the Switch 3-224 3 • OSPFv2 is a co mpatible u pgrade to O SPF . It involves enh anceme nts to protocol messag e authent ication , and the addi tion of a poin t-to-m ultipoint interfac e which allows OSPF to run ove r non-br oadca st networ ks, as well as suppo rt for overlappi ng area r anges .
IP Routing 3-225 3 • AS Boundary Router 20 – Allo ws this router to exchang e routi ng inform ation wit h bounda ry ro uters in other auto nomo us system s to which it may be attached. I f a router is enab led as an ASBR, the n eve ry ot her rout er in the autonom ous s yste m can learn about exte rnal rou tes from thi s device .
Configuring the Switch 3-226 3 We b - C lick Ro uting Protoc ol, OSP F , Gene ral Conf iguration. Enable OSPF , spec ify the Route r ID, configu re the ot her globa l parameters a s required, and click Ap ply .
IP Routing 3-227 3 Configuring O SPF Areas An autono mous sys tem m ust be conf igured w ith a backbo ne area , design ated by area ident ifier 0.0. 0.0. By def ault, all o ther areas are creat ed as nor mal tran sit areas. Rout ers i n a norma l area may impor t or ex port routi ng in forma tion ab out indi vidual nodes.
Configuring the Switch 3-228 3 • Routes t hat can be ad vertised with NSS A externa l LSAs inclu de networ k destinat ions outside the AS learne d via OSPF , the default route, stat ic routes, routes der ived from other ro uting protoc ols su ch as RIP, o r directly co nnected network s that are not ru nning OSPF .
IP Routing 3-229 3 We b - C lick Ro uting Protoc ol, OSP F , A rea Configu ratio n. Set any are a to a stub or NSSA as required, specify the cos t for the defa ult summary ro ute sent into a stub, and click Ap ply . Figur e 3- 132 OSP F Area Confi gur atio n CLI - This exampl e config ures area 0.
Configuring the Switch 3-230 3 Configuring Area Ranges (Ro ute Summariz ation for ABRs ) An OSPF area can inc lude a large numb er of node s. If the Area B order Router (ABR) has t o advert ise route inform ation f or each of these node s, th is wastes a l ot of bandw idth and proce ssor tim e.
IP Routing 3-231 3 We b - C lick Ro uting Protoc ol, OSP F , A rea Range C onfigur ation. Specify the area identifie r , the base address and ne twork mask, select w hether or not to adver tise the summ ary route to other areas , and then click Apply .
Configuring the Switch 3-232 3 Configuring O SPF Interfaces Y ou should speci fy a routing in terface f or any local subnet that needs to comm unicate w ith othe r networ k segme nts locat ed on this router or elsew here in the network.
IP Routing 3-233 3 - On sl ow link s, the rout er may sen d pack ets more qui ckly than device s can receive t hem. To avoid thi s probl em, yo u can use t he tran smit dela y to for ce the router to wait a spec ified interva l between transm issio ns.
Configuring the Switch 3-234 3 - You can assig n a unique pa sswor d to each ne twork (i. e., autono mous system) to impro ve the secu rity of the ro uting da tabase. H owever , the passw ord mu st be used cons istentl y on all neig hboring routers th roughou t a networ k.
IP Routing 3-235 3 Chan ge any of the in terf ace- spec ifi c prot ocol param ete rs, an d then cl ick Ap ply . Figure 3-135 OS PF In terface Config uratio n - Det ailed CLI - Th is ex ampl e co nfi gures the int erfa ce p ara meter s f or VL AN 1.
Configuring the Switch 3-236 3 Configuring Virtua l Links All OSPF areas mus t connect to th e backbone . If an area does not h ave a direct phy sical c onnection to the backbone , you c an configur e a vir tual link t hat pr ovid es a log ical path to the back bone.
IP Routing 3-237 3 We b - Click R outing Pr otocol , OSPF , Virtual Link Co nfigurati on. T o create a ne w virtual l ink, spec ify th e Area I D and Neigh bor Rout er ID, configur e the l ink at tributes, and click Ad d.
Configuring the Switch 3-238 3 Configuring Netw ork Area Address es OSPF pro tocol broadca st mess ages (i.e. , Link St ate Adver tisemen ts or LSAs) are restricte d by area to limit their impact on netw ork perfor mance.
IP Routing 3-239 3 We b - C lick Ro uting Protoc ol, OSP F , Net work Area Ad dress C onfigura tion. Conf igur e a b ackbo ne area t hat i s co nti guous wit h al l the oth er a reas i n you r network , configure a n area for all of the othe r OSPF interfac es, then click Appl y .
Configuring the Switch 3-240 3 CLI - This exampl e config ures the back bone ar ea and one trans it area. Console(config-router)#network 10.0.0.0 2 55.0.0.0 area 0.0.0.0 4-267 Console(config-router)#network 10.1.1.0 2 55.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf 4-278 Routing Process with ID 10.
IP Routing 3-241 3 Configuring Sum mary Addresse s (for Extern al AS Routes) An Autono mous Syst em Boun dary Ro uter (ASBR ) can redist ribute rout es learned from oth er protocol s into all at tached autono mous system s.
Configuring the Switch 3-242 3 CLI - Th is ex ample Thi s exa mpl e crea tes a su mmary addr ess f or al l r oute s contained in 192.168. x.x. Redistributing External Routes Y ou can co nfigure t his router to import ext ernal routing in formation from othe r routing pr otocols i nto the auto nomous system .
IP Routing 3-243 3 We b - Click R outing Pr otocol , OSPF , Redistr ibute. Specify the protoco l type to import, the m etric ty pe and path cos t, then clic k Add. Figure 3-1 39 O SPF Re distrib ute Confi guratio n CLI - This exampl e redistrib utes route s learned from RIP as Type 1 external rout es.
Configuring the Switch 3-244 3 Note: This router supports up 16 areas , either normal transit areas, stubs, or NSSAs. We b - Click Routing P rotocol, OSPF , NSSA Settings. Create a new N SSA or modify the routing b ehavi or for an exist ing NSS A, and click Apply .
IP Routing 3-245 3 Displaying Link State Data base Informati on OSPF route rs advertise routes using Li nk S tate Advertisem ents (LSAs). Th e full col lect ion of LS As c ollec ted by a r out er in terf ace f rom the at t ached are a is k nown as a link st ate dat abase.
Configuring the Switch 3-246 3 We b - Click R outing Pr otocol , OSPF , Link St ate Database Informa tion. Specify parameter s for the LSAs y ou want to dis play , then click Query . Figure 3 -141 OSPF Link S tate Datab ase In format ion CLI - The CLI provide s a wide r selecti on of disp lay optio ns for viewi ng the Li nk S tate Database.
IP Routing 3-247 3 Displaying Inform ation on Border Routers Y ou can display e ntries i n the local routing table for A rea Bord er Route rs (ABR) and Autonomo us System Bound ary Route rs (ASBR) k nown by thi s device . Field Attributes • Dest inat ion – Identifier for t he destinat ion rou ter.
Configuring the Switch 3-248 3 Displaying Inform ation on Neighbor Routers Y ou can disp lay ab out neig hboring ro uters on e ach inte rface wi thin an OSP F area. Field Attributes • ID – Ne ighbor’s rout er ID. • Priority – N eighbor ’s ro uter p riority.
Multic ast Rou ting 3-249 3 Multicast Routing This route r can route m ulticas t traffic to different su bnetwork s using ei ther Distan ce V ector Multica st Routing Pr otocol (DV MRP) or Protocol -Indep endent Mul ticasting - Dense Mo de (PIM -DM).
Configuring the Switch 3-250 3 Displaying the Mult icast Routing Table Y ou can disp lay inf ormatio n on eac h multicast route thi s router has learned via DVMRP or PIM. The r outer lear ns multicas t routes from neighb oring rout ers, and also adv ertises thes e routes to its neighbo rs.
Multic ast Rou ting 3-251 3 We b – Click IP , Multicast Routi ng, Multicast Rout ing T able. Click Det ail to display addition al informa tion for an y entry .
Configuring the Switch 3-252 3 CLI – This examp le show s that mul ticast forw arding is en abled. The multi cast routing table displays on e entry fo r a multicas t source routed by DVMRP , and another sou rce rout ed via PIM . Console#show ip mroute 4-293 IP Multicast Forwarding is enabled.
Multic ast Rou ting 3-253 3 Configuring DVMRP The Distance- V ector Multicas t Routing Pr otocol (DVM RP) be haves som ewha t similarly to RIP . A rout er supp orting D VMR P periodi cally floo ds its attached net works to pass inform ation ab out suppo rted mu lticast ser vices alon g to new routers and hosts.
Configuring the Switch 3-254 3 Command Usage Broadca sting pe riodically flo ods the net work wit h traf fic from a ny active mul ticast serv er . If I GMP snoopin g is disabl ed, mult icast traffic is floo ded to all ports on the router.
Multic ast Rou ting 3-255 3 which th is device ha s receiv ed probes , and is use d to verify whether or not these neighbo rs are s till active membe rs of the m ultica st tree.
Configuring the Switch 3-256 3 We b – Click Routing Pr otocol, DVMRP , General Sett ings. Enable or disable DVMRP . Set the glob al paramete rs that contr ol neigh bor timeout , the exc hange of routing inf ormation, or the prune lifetime , and click Appl y .
Multic ast Rou ting 3-257 3 DVMRP Interface Settings • VLAN – Selec ts a VLA N inte rfac e on thi s rou ter. • Metric – Sets the metric f or this inte rface us ed to calcul ate dista nce vecto rs.
Configuring the Switch 3-258 3 Displaying Neigh bor Information Y ou can disp lay all th e neighbo ring DVM RP router s. Command Attributes • Neighbor Addres s – The IP add ress of the net work de vice im mediatel y upstrea m for this multicast deli very tree.
Multic ast Rou ting 3-259 3 Displaying the Routing Tab le The router lea rns so urce-rout ed info rmation from neighbo ring DV MRP rout ers and also adv ertises lear ned rout es to its neighbo rs. The rout er mere ly records path inf orma tion it h as l earn ed on its own or fr om ot her rout ers.
Configuring the Switch 3-260 3 CLI – This examp le display s known DVMRP ro utes. Configuring PI M-DM Protocol -Indepe ndent M ulticasting (PIM) prov ides two different mode s of opera tion: sparse mod e and den se mode.
Multic ast Rou ting 3-261 3 We b – Click Rou ting Prot ocol, PIM-DM , Gener al Settin gs. Enable or disable PIM-DM glo bally for the router, and click Ap ply . Figure 3-1 50 P IM-DM Gener al Setting s CLI – Th is ex ampl e en ables PIM- DM glo ball y an d di spla ys the cur rent st atus .
Configuring the Switch 3-262 3 • Trigger Hello Int erval – Configure s the maximu m time before transmitting a triggered PI M hello mes sage after the router is rebo oted or PIM is enabled on an interface.
Multic ast Rou ting 3-263 3 We b – Click Routing Protocol, PIM-DM, Interfa ce Settings. Select a VLAN, enable or disable PI M-DM for the se lected interface , modify any of the proto col paramet ers as required , and click Ap ply .
Configuring the Switch 3-264 3 Displaying Interfa ce Information Y ou can dis play a summary of the curre nt interfac e status for PIM -DM , including the number of neighbor ing PIM ro uters, and the addre ss of the de signated PIM router . Command Attributes • Inte rfa ce – A VLA N interfac e on this rout er.
Multic ast Rou ting 3-265 3 We b – Click Routing Pr otocol, PIM-DM, Neig hbor Informati on. Figure 3 -153 PIM-DM Neigh bor Inform ation CLI – This examp le display s the only nei ghboring PIM-DM router. Console#show ip pim neighbor 4-310 Address VLAN Interface Uptime Expire Mode --------------- ---------------- -------- -------- ------- 10.
Configuring the Switch 3-266 3.
4-1 Chapter 4: Command Line Interface This chap ter desc ribes how to use the Comman d Line Inter face (CL I). Using the Command Line Interface Accessing the CLI When acc essing t he manag emen t inte.
Command Line I nterface 4-2 4 T o access the switch t hrough a T elnet session , you mus t first set the IP addr ess for the switch , and se t the default gatewa y if you are m anag ing the swit ch from a different IP su bnet.
Entering Co mmands 4-3 4 Entering Commands Thi s sect ion desc ri bes how t o ente r CLI com mands. Keywords and Argument s A CLI comma nd is a ser ies of keywor ds and argu men ts. Keywords iden tify a comm and, and ar guments spec ify con figuration parameters .
Command Line I nterface 4-4 4 Showing Com mands If you ente r a “?” at the co mman d prompt , the syst em will di splay the f irst leve l of keywords for the cu rrent com mand cl ass (Nor mal Exec or Privilege d Exec) or configuration c lass (Global, ACL, DHCP , Interface, Line, Router , VLAN Database, or MSTP).
Entering Co mmands 4-5 4 The comman d “ show interf aces ? ” will display the following informa tion: Partial Keyword Lookup If you termi nate a partial keywor d with a ques tion mark, alternat ives that match the initial lette rs are pro vided. (Re membe r not to leav e a space betw een the c omman d and quest ion mark.
Command Line I nterface 4-6 4 Understanding Command Modes The comm and set is divided into Exec and C onfigur ation clas ses. Exe c comma nds general ly displa y inform ation on sys tem status or clear statist ical count ers. Configu ration co mman ds, on th e other hand, m odify in terface para meters o r enab le certain switch ing func tions.
Entering Co mmands 4-7 4 Configurati on Commands Configu ration com mand s are priv ileged le vel com mands us ed to mod ify switc h settings . These com mands m odify the run ning config uration only an d are not saved when the sw itch is reb ooted .
Command Line I nterface 4-8 4 T o enter the ot her mode s, at the con figuratio n prompt type one o f the followi ng comm ands. U se t he exit or end command to r eturn to th e Privileged Exec mo de.
Entering Co mmands 4-9 4 Command Line Processi ng Comma nds are not case se nsitive . Y ou can ab brevia te comma nds and parameters as long as they contain en ough let ters to differenti ate them f rom any oth er curre ntly availabl e comm ands or param eters .
Command Line I nterface 4-10 4 Command Groups The syst em com mands can b e broken dow n into th e funct ional gro ups shown below . T able 4-4 C omm and G roup In dex Comman d Grou p De scripti on Pa.
Line Commands 4-11 4 The access mode shown in th e followi ng tables is indicat ed by the se abbrev iation s: NE (Nor ma l Exec ) VC (V LAN Databa se Conf iguration) PE (Privileg ed Exec) MST (Multip .
Command Line I nterface 4-12 4 line This comm and id entifie s a spe cific line fo r configu ration, and to pr ocess sub seque nt line conf iguratio n comm ands. Syntax line { console | vty } • console - Consol e termin al line. • vty - Vi rtua l ter min al fo r re mote c onso le ac cess (i.
Line Commands 4-13 4 Command Usage • There are three authe nticati on modes provide d by the swi tch itself at login: - log in sel ects auth enticat ion by a sing le globa l passw ord as spec ified by th e password li ne configur ation c omman d. When using this m ethod, the management in terface st arts in No rmal Exec (NE) mode.
Command Line I nterface 4-14 4 number of times a u ser can enter an incor rect pas sword before the sy stem termin ates the line c onnecti on and ret urns the termina l to the idle stat e. • The enc rypted password i s required for comp atibility w ith legac y pass word settings (i.
Line Commands 4-15 4 exec-time out This comm and se ts the interval th at the sys tem waits unti l user inpu t is detect ed. Use t he no form to re store the d efault . Syntax exec-tim eout [ seconds ] no exec-time out seconds - Integer that specifies the number of seconds.
Command Line I nterface 4-16 4 Command Usage • When th e logon att empt thr eshold i s reache d, the sy stem inter face bec ome s silent for a specified amount of time before al lowing the next log on attemp t. (Use the silent-time com man d to se t th is in te rv al.
Line Commands 4-17 4 databits This comm and se ts the number of data bits per charact er that are interpre ted and generat ed by the co nsole po rt. Use the no form to r estore the defaul t value. Syntax da ta b its { 7 | 8 } no databit s • 7 - Seven data b its per ch aracter.
Command Line I nterface 4-18 4 Command Usage Commu nication protoco ls provid ed by dev ices suc h as termi nals and modem s often require a sp ecific parit y bit setting . Example T o specify no parity , enter this command: speed This command set s the ter minal line’ s baud rate.
Line Commands 4-19 4 Default Sett ing 1 stop bit Command Mode Line Co nfigurat ion Example T o specify 2 st op bits, enter this comma nd: disco nnect Thi s comm and te rmi nate s an S SH, T elnet, or c ons ole conne ction . Syntax disconnect session -id sessio n-i d – The session identifier for an SSH, T elne t or console connection.
Command Line I nterface 4-20 4 Command Mode Normal Exec, Priv ileged Exec Example T o show all lines, enter thi s comm and: General Commands Console#show line Console configuration: Password threshold.
General Co mmands 4-21 4 enab le Thi s comm and a ctiva tes Priv il eged E xec mo de. In pr ivi leg ed mode , ad diti onal comm ands a re availa ble, and c ertain c omman ds disp lay addi tional informa tion. See “Unde rstandin g Comma nd Mod es” on page 4-6.
Command Line I nterface 4-22 4 Example Related Commands enable (4-21) configure This c omman d activ ates Global Confi guration mode . Y ou mus t enter this mode to modify an y setting s on the switch.
General Co mmands 4-23 4 Example In this exa mple, th e show hist ory com mand lists the conte nts of the comma nd history bu ffer: The ! comman d re peat s co mmands fro m the Exec utio n comm and hi.
Command Line I nterface 4-24 4 end This comm and retur ns to Privile ged Exec m ode. Default Sett ing None Command Mode Global Co nfigurat ion, Interfac e Config uration, Line Config uration, VLAN Database C onfigura tion, and M ultiple S panning Tree Con figuration .
System Management Commands 4-25 4 Example Thi s exam ple show s how to qu it a CLI sessi on: System Management Co mmands Thes e com mands a re u sed t o con trol sys tem l ogs, p a sswor ds, u ser na mes, brow ser configur ation op tions, and display or configur e a variety of other syst em infor mation.
Command Line I nterface 4-26 4 prompt Thi s comm and c usto mizes the CLI p rompt . Us e th e no f orm t o restore t he defaul t prompt. Syntax prompt string no prompt string - Any alphanum eric string to use for th e CLI prompt.
System Management Commands 4-27 4 User Access Commands The bas ic com ma nds re quired for ma nagem ent a ccess are listed in this secti on. This switc h also inc ludes othe r option s for passwor d c.
Command Line I nterface 4-28 4 Command Usage The encry pted passw ord is requi red for com patibility with l egacy password settings (i.e. , plain text or encr ypted) when readi ng the conf iguration file during system bo otup or when dow nload ing the configur ation file from a TFTP s erve r .
System Management Commands 4-29 4 Related Commands enable (4-21) IP Filt er Commands managem ent This comm and sp ecifies the client IP ad dresses that are a llowed man agem ent access t o the switch through v arious pr otocol s. Use th e no form to res tore the default se tting.
Command Line I nterface 4-30 4 • You can delete an address r ange just by speci fying the star t addre ss, or by specifyi ng both t he start add ress an d end ad dress. Example Thi s exam ple res tri cts m anage ment ac cess t o the in dica ted ad dress es.
System Management Commands 4-31 4 Web Server Commands ip http port This comm and sp ecifies the TCP port number u sed by the we b browse r interface . Use t he no form to us e the defa ult port. Syntax ip http port port- numb er no ip http port port-number - The TCP p ort to be u sed by the browse r interface.
Command Line I nterface 4-32 4 Example Related Commands ip htt p port (4-31) ip http sec ure-server This comm and enabl es the se cure hype rtext tra nsfer protoc ol (HTT PS) over the Secure Socket Layer ( SSL), p roviding secur e access (i.e., an en crypted connec tion) to the swit ch’s web interfac e.
System Management Commands 4-33 4 Example Related Commands ip http secu re-por t (4-33) copy tftp https-certif icate (4-6 4) ip http sec ure-port This comm and speci fies the UDP port num ber used for HTTPS/S SL conn ection to the switch’ s web interf ace.
Command Line I nterface 4-34 4 Telnet Ser ver Commands ip telnet po rt This co mmand speci fies the TCP po rt num ber us ed by the T elnet i nterface . Use the no form to us e the defaul t port. Syntax ip telnet port port-numbe r no ip telnet port port-number - The TCP p ort to be u sed by the browse r interface.
System Management Commands 4-35 4 Related Commands ip tel net port (4-3 4) Secure Shell Command s The Berkl ey-standa rd includ es remote a ccess tools orig inally des igned fo r Unix systems. Some of these too ls have also been imp lemen ted for Micr osoft Windo ws and other environm ents.
Command Line I nterface 4-36 4 The SSH se rver on th is switch su ppor ts both passwor d and pub lic key authenti cation . If password au thentica tion is spe cified by t he SSH cl ient, then t he pas.
System Management Commands 4-37 4 corres ponding to the public ke ys sto red on the switch ca n gain acce ss. The followi ng exchang es take plac e during this proces s: a. The cli ent s ends its pu blic key t o the swi tch. b. The switc h compares the client' s public key to those stor ed in me mory .
Command Line I nterface 4-38 4 ip ssh tim eout This comm and co nfigures the time out for the SSH serv er . Use the no form to r estore the defaul t setting. Syntax ip s sh time out secon ds no ip ssh time out seconds – The timeout for cl ient response during SSH ne gotiation.
System Management Commands 4-39 4 Example Related Commands show ip ss h (4-41) ip ssh se rver-key s ize This comm and sets the SSH se rver key size. Use the no form to restore the de fault setting. Syntax ip ssh serv er-key si ze key-si ze no ip ssh ser ver-key size key-size – The size of server key .
Command Line I nterface 4-40 4 Example ip ssh cr ypto host-k ey generate This comm and ge nerates the host key pai r (i.e., public an d private) . Syntax ip ssh cryp to host-key ge nerate [ dsa | rsa ] • dsa – DSA (V ersion 2) ke y type. • rsa – RSA ( Version 1) key typ e.
System Management Commands 4-41 4 Command Mode Privileged Exec Command Usage • This command c lears the h ost key from vola tile memory (RAM). Use t he no ip ssh save host-k ey command to cle ar the host k ey from fl ash memory. • The SSH se rver mu st be disabl ed before yo u can exe cute this comman d.
Command Line I nterface 4-42 4 Example show ss h This comm and disp lays the current SSH se rver con nectio ns. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.
System Management Commands 4-43 4 show pub lic-key Thi s comm and s hows the publi c key for the s peci fied use r or for the ho st. Syntax show p ublic-key [ user [ userna me ]| host ] username – Name of an SSH user . (Range: 1-8 ch aracters) Default Sett ing Shows all public keys .
Command Line I nterface 4-44 4 Event Logging Commands logging on This comm and co ntrols loggi ng of error messag es, se nding deb ug or erro r message s to switch memory .
System Management Commands 4-45 4 logging his tory This com mand lim its syslog message s saved to switc h memor y base d on seve rity . The no form re turns the logging of syslo g messages to t he default level.
Command Line I nterface 4-46 4 logging hos t This comm and ad ds a syslo g server ho st IP addr ess that will receiv e loggin g messag es. Use th e no form to re move a s yslog se rver host. Syntax [ no ] logging host host_ip_ addre ss host_ip_address - The IP address of a syslog server .
System Management Commands 4-47 4 logging trap This comm and en ables the lo gging of system messag es to a rem ote server, or limits the sysl og mess ages sa ved to a remote ser ver based on sever ity . Use this comm and witho ut a speci fied leve l to enable rem ote log ging.
Command Line I nterface 4-48 4 Related Commands show logg ing (4-4 8) show log ging This comm and disp lays the loggin g configur ation, al ong with an y system and event messa ges stor ed in memo ry . Syntax sh ow logg ing { flash | ram | sendmail | tr ap } • flas h - Event hi story s tored in flas h memo ry (i.
System Management Commands 4-49 4 The follow ing exam ple displ ays settin gs for the t rap functi on. Related Commands show logg ing sendm ail (4-5 2) SMTP Alert Commands These com mands configure SMTP ev ent handli ng, and forwa rding of al ert messag es to the s pecified SMTP serv ers and em ail recipi ents.
Command Line I nterface 4-50 4 logging se ndmail h ost This co mmand specifi es SMTP serv ers that will be s ent al ert mess ages. Use the no form to r emove an SMTP serv er . Syntax [ no ] logging sendmail host ip_addres s ip_address - IP address of an SMTP server that will be sent alert messages for event handling.
System Management Commands 4-51 4 Command Usage The specified level indicates an event threshold. All events at this level or higher will be sent to t he configured email recipient s. (For exampl e, using Level 7 wil l report all even ts from le vel 7 to level 0.
Command Line I nterface 4-52 4 Command Usage Y ou can spe cify up to five recipien ts for alert mes sages . Howev er , you must enter a se parate comm and to spe cify eac h recipien t. Example logging se ndmail This comm and enabl es SMTP ev ent hand ling.
System Management Commands 4-53 4 Time Commands The syste m clock can be dynam ical ly set by pol ling a set of spe cified tim e server s (NTP or SNTP) . Mai nt aini ng a n ac curat e ti me on the swi tch en able s th e sy stem log to record meaningful d ates and times f or event ent ries.
Command Line I nterface 4-54 4 Example Related Commands sntp se rver (4 -54) sntp poll (4-55) show sn tp (4-55 ) sntp serv er This comm and se ts the IP address of the serv ers to which SN TP time requests are issued. U se the this comma nd with no argumen ts to clear all time servers from the current l ist.
System Management Commands 4-55 4 Related Commands sntp cl ient (4-53) sntp poll (4-55) show sn tp (4-55 ) sntp poll This comm and se ts the interval bet ween se nding tim e reques ts when the sw itch is set to SNTP client mode. U se the no form to restore to the def ault.
Command Line I nterface 4-56 4 Example cloc k ti mez one This command set s the t ime zone for t he switch’ s internal clock. Syntax clock timezone name hou r hours minute minutes { before-u tc | after-utc } • name - Nam e of tim ezone , usually an acronym .
System Management Commands 4-57 4 cale nda r se t This comm and se ts the system clock. It ma y be use d if there is no t ime serve r on your net work, or if you have n ot conf igured the swi tch to rec eive si gnals from a t ime serv er . Syntax calenda r set hou r min sec { day month year | mont h day ye ar } • hour - H our in 24-hour forma t.
Command Line I nterface 4-58 4 System Status Commands show sta rtup-config This command dis plays the configur ation file sto red in non-volati le memory that is used to start up the system .
System Management Commands 4-59 4 Example Related Commands show runni ng-con fig ( 4-59) show runn ing-config This comm and disp lays the configura tion inf ormatio n currentl y in use.
Command Line I nterface 4-60 4 - VLA N datab ase (VL AN ID, nam e and stat e) - VLA N configu ratio n settings for each int erface - Mul tiple spa nning tree instanc es (nam e and interfac es) - IP a .
System Management Commands 4-61 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descr iption of th e items sh own b y this comma nd, refe r to “D isplayin g System In formatio n” on page 3- 11.
Command Line I nterface 4-62 4 show us ers Shows all act ive c onsole and T e lnet ses sions, includi ng u ser na me, idl e tim e, and IP address of T el net client. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Usage The sess ion used to exec ute this comm and is indica ted by a “*” symbol next t o the Line (i.
System Management Commands 4-63 4 Example Frame Size Commands jumbo frame This comm and en ables sup port for jum bo frames . Use the no form t o disabl e it.
Command Line I nterface 4-64 4 • Enabling j umbo fram es wi ll limit the ma ximum thr eshold f or broad cast storm contro l to 64 pac kets per sec ond. (Se e the swit chport broa dcast com mand on pag e 4-15 5.) Example Flash/File Commands These c omman ds a re u sed to mana ge t he s ystem c ode o r co nfigurat ion fi les.
Flash/File Commands 4-65 4 Default Sett ing None Command Mode Privileged Exec Command Usage • The sy stem prompts for data requi red to comple te the copy co mmand. • The de stination f ile nam e shou ld not con tain sl ashes ( or /), th e leadi ng letter of the file na me shoul d not be a pe riod (.
Command Line I nterface 4-66 4 The follow ing exam ple shows how to co py the run ning conf iguration to a startup fil e. The follow ing exam ple shows how to do wnloa d a configur ation file: This examp le show s how to cop y a secur e-site ce rtificate from an TFTP s erver .
Flash/File Commands 4-67 4 delete This comm and de letes a file or image. Syntax delete filenam e filename - Name of the configurati on file or image name. Default Sett ing None Command Mode Privileged Exec Command Usage • If the file type i s used for sys tem startup, then t his file c annot be deleted.
Command Line I nterface 4-68 4 Command Usage • If y ou enter the co mmand dir witho ut an y para met ers, the sy stem disp lays all files. • Fi le i nfor mat ion i s show n bel ow: Example The fol.
Flash/File Commands 4-69 4 boot syste m This comm and sp ecifies t he file or imag e used t o start up the sy stem. Syntax boot syst em { boot-rom | config | opcode }: filenam e The type of file or i mage to set as a default includes: • boot-rom - Boot ROM.
Command Line I nterface 4-70 4 Authentication Commands Y ou can co nfigur e this swit ch to authen ticate users log ging into the syste m for manage ment ac cess us ing local or remote au thentica tion m ethods. Y ou can al so enable po rt-based authent ication for network cl ient acce ss using I EEE 802.
Authentication Co mmands 4-71 4 • RADIUS and TACACS+ logon authentication assigns a specif ic privilege level for eac h user name and passw ord pa ir . The user name, pass word , and privilege l evel must be configur ed on the au then tication se rver.
Command Line I nterface 4-72 4 authenti cation is at tempted on the TA CACS + server . If the TACA CS+ ser ver is not avai lable, the lo cal user nam e and passwor d is check ed.
Authentication Co mmands 4-73 4 radius- server por t This comm and s ets the RADI US serv er netwo rk port. Us e the no for m to re stor e the default. Syntax radius-server po rt por t_num ber no radius-server port port_number - RADIUS server UDP port used for authentication messages.
Command Line I nterface 4-74 4 radius- server r etransmit This c omman d se ts the num ber o f ret ries. U se t he no form to rest ore the defa ult. Syntax radi us-s erver re trans mit numb er_o f_re tri es no radius-server retransmit number_of_retries - Numbe r of times the switch will try to aut henticate logon access via t he RADIUS server .
Authentication Co mmands 4-75 4 Example TACACS+ Client T ermina l Access Co ntroller Access Control Sys tem (T ACA CS+) is a logo n authenti cation pro tocol tha t uses softw are running on a cent ral server to control access t o T AC ACS-a ware de vices on t he networ k.
Command Line I nterface 4-76 4 tacacs-se rver por t This command specifies the T ACACS+ server network port. Use the no form to restore t he default . Syntax t aca cs-se rver po rt port_n umbe r no tacacs-serv er port port_number - T ACACS+ server TCP port use d for authentication messages.
Authentication Co mmands 4-77 4 show taca cs- ser ver This comm and disp lays the current set tings for the T A CACS + server. Default Sett ing None Command Mode Privileged Exec Example Port Security Commands These com mands can be use d to enabl e port se curity on a po rt.
Command Line I nterface 4-78 4 port se curity This comm and en ables or conf igures por t secur ity . Use the no f orm wi tho ut a ny keywords to disab le por t secu rity . Use t he no form with th e appr opri ate ke yword to restore th e default settings fo r a respons e to security violatio n or for the ma ximum number of allowed a ddres ses.
Authentication Co mmands 4-79 4 Example The follow ing exam ple enab les port sec urity for port 5, and se ts the respon se to a security violation t o issue a trap mess age: Related Commands shutdown (4 -154) mac-a ddress- table static (4-166 ) show mac -addr ess-table (4-1 67) 802.
Command Line I nterface 4-80 4 authentica tion dot1x default This comm and se ts the default au thentica tion serve r type. Use the no form to restore t he default .
Authentication Co mmands 4-81 4 Command Mode Global Co nfigurat ion Example dot1x port-control This comm and se ts the dot1x mode on a port in terface.
Command Line I nterface 4-82 4 dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X-a utho rize d port . Use th e no form with no keyw ords t o restore th e defaul t to single h ost. U se t he no form w ith the multi-host max-count keywor ds to restor e the default maximum co unt.
Authentication Co mmands 4-83 4 Command Mode Privileged Exec Example dot1x re-aut hentication This comm and en ables peri odic re-au thentica tion globa lly for all por ts.
Command Line I nterface 4-84 4 dot1x timeout re-auth period This comm and se ts the time pe riod af ter which a co nnect ed client must be re-authe nticated . Syntax dot1x ti meout re -authperiod secon ds no dot1x timeou t re-authperiod secon ds - The number of seconds.
Authentication Co mmands 4-85 4 show dot 1x Thi s comm and s hows genera l po rt au the ntica ti on rel ated sett in gs on the s witc h or a specific interfac e. Syntax show d ot1x [ statistics ] [ in terfac e in terf ac e ] • stati stics - Displa ys dot1x st atu s for each port.
Command Line I nterface 4-86 4 • Backend St ate Machi ne - Stat e – Current state ( includin g request , respon se, success, fa il, timeout, i dle, initi alize). - Req uest Coun t – Numb er of EAP Req uest pa ckets se nt to the Supplicant without receivin g a response.
Access Contr ol List Commands 4-87 4 Access Control List Com mands Access C ontrol Lists (AC L) prov ide packe t filtering for IP f rames (based on ad dress, protocol , Layer 4 prot ocol port number o r TCP contr ol code) or an y frames (b ased on MAC address or Ethernet type ).
Command Line I nterface 4-88 4 The order in which act ive ACLs are che cked is as follows: 1. User-defined r ules in the Egress MAC ACL f or egress port s. 2. User- defined ru les in the Eg ress IP ACL for egr ess ports. 3. Use r-defined ru les in the I ngress M AC ACL fo r ingress po rts.
Access Contr ol List Commands 4-89 4 access-l ist ip This co mmand adds an IP a ccess list an d enter s con figuratio n mode for stan dard or extende d IP ACLs .
Command Line I nterface 4-90 4 permit , deny (Standard ACL ) This comm and ad ds a rule to a St andard IP ACL. The r ule sets a filter co ndition for packets eman ating from the speci fied sourc e. Use the no f orm to remov e a rule. Syntax [ no ] { permit | deny } { any | source b itmas k | ho st source } • any – Any sour ce IP addr ess.
Access Contr ol List Commands 4-91 4 permit , deny (Extended ACL) This comm and adds a r ule to an Exten ded IP AC L. The rule sets a filter con dition fo r packets with spec ific sour ce or dest ination I P address es, prot ocol types , source or destinat ion protoc ol ports, or TCP con trol co des.
Command Line I nterface 4-92 4 Command Usage • All new rule s are appen ded to the end of the list. • Address bitma sks are s imilar to a subnet mask, containi ng four int egers f rom 0 to 25 5, each sepa rated by a p eriod. T he bina ry mas k use s 1 b its to in dicate “match” and 0 bi ts to ind icate “igno re.
Access Contr ol List Commands 4-93 4 Related Commands acce ss- lis t ip (4 -89 ) show ip access-list This comm and disp lays the rules for co nfigured IP ACLs. Syntax show ip acce ss-lis t { standard | extende d } [ acl_ name ] • standar d – Specifie s a standar d IP ACL.
Command Line I nterface 4-94 4 Command Usage • A mask can only be use d by all ingres s ACLs or all egress ACL s. • The prece dence of the ACL ru les applie d to a packe t is not determ ined by order of th e rules, but instead by the order of the ma sks; i.
Access Contr ol List Commands 4-95 4 Command Mode IP M a sk Command Usage • Packe ts crossing a po rt are che cked ag ainst all the ru les in the ACL until a match is found. The order in whic h these p ackets a re ch ecked is determi ned by the mask , and no t the order in whi ch the ACL rules wer e entered .
Command Line I nterface 4-96 4 This s hows how t o crea te a standard ACL w ith an in gress m ask t o de ny acc ess to the IP hos t 171.69.1 98.102, and perm it acce ss to any othe rs. This show s how to crea te an ex tended ACL with an egr ess mas k to drop pack ets leaving ne twork 171 .
Access Contr ol List Commands 4-97 4 This is a mo re compreh ensive ex ample . It denies any TCP packets in whi ch the SYN bit is ON , and permi ts all other packets. It then sets the ingre ss ma sk to check the deny rul e first, and finally bind s port 1 to this ACL.
Command Line I nterface 4-98 4 Related Commands mas k (IP ACL ) (4-9 4) ip acces s-group This comm and bind s a port to an I P ACL. Use the no form to remove the p ort. Syntax [ no ] ip access-group acl _name { in | out } • acl_name – Name o f the ACL.
Access Contr ol List Commands 4-99 4 Related Commands ip ac cess-g roup (4 -98) map acce ss-list ip This comm and se ts the output queu e for packets mat ching an ACL rule. The specifie d CoS value is only us ed to map the matchi ng packet to an ou tput que ue; it is not writt en to the packet itself.
Command Line I nterface 4-100 4 show ma p access-l ist ip This comm and show s the Co S value m apped to an IP ACL for the cur rent interfa ce. (The Co S value deter mines the output queue for packets matching an ACL rul e.) Syntax show ma p access- list ip [ in terface ] interfa ce • etherne t unit / port - unit - This is devic e 1.
Access Contr ol List Commands 4-101 4 Command Usage • Yo u mus t co nfigu re a n ACL m ask befo re y ou can chan ge f rame prior iti es based o n an AC L rule . • Traffic priorities may be include d in the IEEE 802.1p priority tag. This tag is also incor porated a s part o f the ov erall IEEE 80 2.
Command Line I nterface 4-102 4 MAC ACLs access-l ist mac Thi s com mand a dds a MAC ac ces s lis t an d ent ers MAC AC L conf ig urati on mo de. Use t he no form to re move the sp ecified AC L. Syntax [ no ] access-list mac acl_nam e acl_name – Name of the ACL.
Access Contr ol List Commands 4-103 4 Example Related Commands permit , deny 4-103 mac acce ss-g roup (4 -108 ) show mac acce ss-list (4-10 4) permit , deny (MAC ACL) This comm and adds a rule to a MAC ACL. The ru le filters packets ma tching a specifie d MAC so urce or de stinati on addres s (i.
Command Line I nterface 4-104 4 • destinat ion – De stination M AC addr ess range with bitm ask. • address - bitmas k 25 – Bitmask for MAC address (in hexidec imal form at). • vid – VLAN ID. (R ange: 1- 4095) • vid-bi tmask 25 – VLAN bitm ask.
Access Contr ol List Commands 4-105 4 Example Related Commands permit , deny 4-103 mac acce ss-g roup (4 -108 ) access-l ist mac mas k-preced ence This comm and ch anges to MAC Ma sk mode us ed to co nfigure ac cess co ntrol mask s. Us e th e no form to de lete the m ask table.
Command Line I nterface 4-106 4 mask (M AC ACL) This comm and defines a mask f or MAC AC Ls. Th is mas k defines the fields to check in the packet he ader .
Access Contr ol List Commands 4-107 4 Example This examp le show s how to cre ate an Ing ress MA C ACL an d bind it to a port. You can then s ee that the or der of the ru les have been cha nged by the mask .
Command Line I nterface 4-108 4 show ac cess-list m ac mask-prec edence This comma nd shows the ingress or egress rule masks fo r MAC ACLs. Syntax show a ccess -list m ac mask-p reced ence [ in | out ] • in – Ingr ess ma sk p reced ence for in gress A CLs .
Access Contr ol List Commands 4-109 4 Related Commands show mac acce ss-list (4-10 4) show ma c access-g roup This comm and sh ows the por ts assigne d to MA C ACLs. Command Mode Privileged Exec Example Related Commands mac acce ss-g roup (4 -108 ) map acce ss-list mac This comm and se ts the output queu e for packets mat ching an ACL rule.
Command Line I nterface 4-110 4 Example Related Commands queue c os-map (4-21 0) show m ap acce ss-li st mac (4 -1 1 0) show ma p access-l ist mac Thi s comma nd show s the CoS value mappe d to a MAC ACL for the cu rren t interface. (The Co S value deter mines the output queue for packets matching an ACL rule.
Access Contr ol List Commands 4-111 4 match ac cess-list ma c This comm and ch anges the IEEE 802 .1p prior ity of a Layer 2 frame ma tching th e defined AC L rule. (T his feature i s comm only referre d to as ACL packet marking .) Use t he no form to r emove the ACL marker .
Command Line I nterface 4-112 4 ACL Information show ac cess-list This co mmand show s all AC Ls an d assoc iated rules, as wel l as all the us er-defin ed masks.
SNMP Commands 4-113 4 SNMP Command s Controls a ccess to this switch fr om management st ations using the Simple Netwo rk Manage ment Pr otocol (SNM P), as wel l as the err or types sen t to trap ma nagers.
Command Line I nterface 4-114 4 Command Mode Global Co nfigurat ion Example show sn mp This comm and ca n be used to check the sta tus of SNM P com munica tions.
SNMP Commands 4-115 4 snmp- server com munity This comm and de fines the SNM P v1 an d v2c comm unity acc ess st ring. Us e the no form to rem ove the sp ecifi ed comm unity str ing.
Command Line I nterface 4-116 4 Related Commands snmp -serve r loca tion (4-1 16) snmp- server location This comm and se ts the system location string. Us e the no form to remo ve the location string . Syntax snmp-s erver locat ion te xt no snmp-s erve r location text - St ring that describes the system location.
SNMP Commands 4-117 4 snmp- server host This comm and sp ecifies the recipient of a Simpl e Network M anag ement Protoc ol notificat ion operat ion. Use the no form to remov e the specif ied host .
Command Line I nterface 4-118 4 support s. If the sn mp-ser ver host com mand doe s not sp ecify the SNMP version, the defau lt is to send SNM P vers ion 1 notifi cations. • I f you spe cify an SNMP Ve rsio n 3 host , then t he comm unit y stri ng is interpret ed as an SNMP use r name.
SNMP Commands 4-119 4 Related Commands snmp- serve r host (4- 1 17 ) snmp- server eng ine-id This comm and co nfigures an identific ation stri ng for the SN MPv3 eng ine.
Command Line I nterface 4-120 4 snmp- server vie w This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove an SNMP view . Syntax snmp-s erver view view-na me oid- tree { included | exclude d } no snmp-s erve r view view -name • view-name - Name of an SNMP view .
SNMP Commands 4-121 4 show sn mp view This c omman d show s infor mation on the SNM P v iews. Command Mode Privileged Exec Example snmp- server group This comm and adds a n SNMP gr oup, ma pping SNM P users t o SNMP view s. Use the no form to remove a n SNMP group.
Command Line I nterface 4-122 4 Default Sett ing Default gr oups: public 26 (read on ly), priv ate 27 (read/writ e) readview - Every obje ct belon ging to the Int ernet OID space (1.3.6.1) . writeview - Noth ing i s defi ned. Command Mode Global Co nfigurat ion Command Usage • A group set s the acce ss poli cy for the ass igne d users.
SNMP Commands 4-123 4 show snm p gr oup Four def ault groups are pr ovided – SN MPv1 r ead-onl y access a nd read /write access, and SNM Pv2c r ead-onl y access an d read /write acc ess.
Command Line I nterface 4-124 4 snmp- server use r Thi s com mand a dds a use r to an SNM P grou p, r estr ict ing the user t o a s peci fic SNMP Re ad and a Write View .
SNMP Commands 4-125 4 Example show sn mp user This c omman d show s infor mation on SNMP users. Command Mode Privileged Exec Example snmp ip filter This comm and se ts the IP addres ses of clie nts that are allo wed mana geme nt access t o the switch via SNM P .
Command Line I nterface 4-126 4 Command Usage • You can create a list o f up to 16 IP addr esse s or IP addr ess group s that ar e allowe d access to the switch vi a SNMP managem ent soft ware. • Ad dres s bitma sks ar e simi lar t o a subne t mask, contai ni ng four decima l integers from 0 to 255 , each sep arated b y a period .
DHCP Commands 4-127 4 ip dhcp cl ient-iden tifier This comm and sp ecifies the D CHP clie nt identifier for the cur rent interface . Use the no form to remove this identi fier . Syntax ip dh cp cl ient -i dent ifi er { text text | hex hex } no ip dhcp client-identifier • text - A text strin g.
Command Line I nterface 4-128 4 Example In the follo wing exam ple, the de vice is reassig ned the sam e add ress. Related Commands ip a ddress (4-236) DHCP Relay ip dhcp res tart relay This command enables DHCP re lay for the s pecified VLAN. Use th e no form to disable i t.
DHCP Commands 4-129 4 Example In the follo wing exam ple, the de vice is reassig ned the sam e add ress. Related Commands ip dhcp rela y server (4-129) ip dhcp rela y server This comm and sp ecifies t he addres ses of D HCP se rvers to be us ed by the sw itch’s DHCP relay agent.
Command Line I nterface 4-130 4 DHCP Server servic e dhcp This command enable s the DHCP server on this s witch. Use th e no form t o disable the DHCP server .
DHCP Commands 4-131 4 Example ip dhcp ex cluded-addre ss This comm and sp ecifies IP add ress es that the DH CP ser ver should not assig n to DHCP client s.
Command Line I nterface 4-132 4 host comm and m ust fall withi n the rang e of a configu red ne twork add ress pool. Example Related Commands networ k (4-132) host (4-1 37) network This command confi gures the subne t number and mask fo r a DHCP address pool.
DHCP Commands 4-133 4 default-route r This command specifie s default ro uters for a DHCP pool. Us e the no f orm to remov e the defa ult routers. Syntax defaul t-router ad dress 1 [ addr ess 2 ] no default-router • address 1 - Specifi es the IP ad dress of the primary r outer.
Command Line I nterface 4-134 4 dns-ser ver This command specifies the Domain Name System (DNS) IP servers available to a DHCP client. Use the no form to remove t he DNS server l ist. Syntax dns-server addre ss1 [ address2 ] no dns-serve r • address 1 - Specifi es the IP ad dress of the primary DN S serve r.
DHCP Commands 4-135 4 bootfile This comm and spec ifies th e name of the defau lt boot ima ge for a DH CP cli ent. Th is file should placed on the Trivial File Transfer Protocol (TFTP) server specified with the next-server comman d. Use the no form to dele te the boot im age name .
Command Line I nterface 4-136 4 Related Commands netbios- node-t ype (4- 136) netbios-nod e-type This command confi gures the NetBIOS node ty pe for Micr osoft DHCP client s.
DHCP Commands 4-137 4 Default Sett ing One da y Command Modes DHCP Pool Configuration Example The follow ing exam ple leases an addr ess to clie nts using this poo l for 7 days. host Use this comm and to spe cify the IP addr ess and n etwor k mask t o manu ally bind to a DHCP client.
Command Line I nterface 4-138 4 •T h e no host command only cl ears the a ddress from the DHCP server databas e. It does no t canc el the IP addr ess cu rrently in us e by the hos t. Example Related Commands client-i dentifier (4-1 38) hardwar e-add ress ( 4-139) client-iden tifier This command specifies the client identifier of a DHCP client.
DHCP Commands 4-139 4 hardware-addres s This command specifie s the hardware address of a DHCP client . This command is valid for ma nual bin dings on ly .
Command Line I nterface 4-140 4 Usage Guidelines •A n address sp ecifie s the clien t’s IP addr ess. If an ast erisk (*) is used as the address paramet er, the DHCP server clears all auto matic bindings. •U s e t h e no hos t comma nd t o del ete a manu al b indi ng.
DNS Commands 4-141 4 DNS Commands Thes e comma nds ar e used t o confi gure Do main Naming System (DNS) servic es. Y ou can ma nuall y conf igu re ent rie s in the DNS do main name to IP addr ess m appin g table, config ure defa ult domai n names , or specif y one or mo re name se rvers t o use for domain name to addr ess translati on.
Command Line I nterface 4-142 4 Command Usage Servers or other netw ork devi ces may su pport one or more co nnecti ons via multiple IP address es. If mor e than one IP address is associ ated with a ho st name usin g this com mand, a DNS cli ent can try ea ch address in succ ession , until it establish es a c onnec tion w ith the target device .
DNS Commands 4-143 4 Default Sett ing None Command Mode Global Co nfigurat ion Example Related Commands ip d omai n-l ist ( 4-1 43) ip name-s erver (4 -144) ip d omai n-l ookup (4- 145) ip domain- list This comm and de fines a list of domain na mes tha t can be appe nded t o incom plete host nam es (i.
Command Line I nterface 4-144 4 Example This examp le add s two dom ain name s to the cu rrent list and t hen displ ays the list. Related Commands ip d omai n-na me (4-1 42) ip name-s erver This comm and specif ies the add ress of one or more d omain n ame ser vers t o use for name-to -addres s reso lution.
DNS Commands 4-145 4 Example Thi s exam ple adds two doma in-n ame se rver s to the l ist an d then displ ays th e lis t. Related Commands ip d omai n-na me (4-1 42) ip d omai n-l ookup (4- 145) ip domain- lookup This comm and en ables DN S host nam e-to-ad dress translatio n.
Command Line I nterface 4-146 4 Example This e xample enabl es DN S and then displ ays th e con figuratio n. Related Commands ip d omai n-na me (4-1 42) ip name-s erver (4 -144) show hos ts This comm and disp lays the static host na me-to- address m apping table.
DNS Commands 4-147 4 show dns This comm and disp lays the config uration of th e DNS se rver . Command Mode Privileged Exec Example show dns cache This comm and disp lays ent ries in th e DNS ca che. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
Command Line I nterface 4-148 4 clear dns cac he This comm and clea rs all entri es in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG TYPE I.
Interface Co mmands 4-149 4 Interface Commands Thes e comma nds ar e used to di spl ay or set commun ica tion p aram eter s for an Ethernet p ort, aggregat ed link, or VLAN . interface This comm and co nfigures an inte rface type and enter int erface conf igura tion mode .
Command Line I nterface 4-150 4 Command Mode Global Co nfigurat ion Example T o specify p ort 4, ente r the followi ng comm and: descri ption This comm and ad ds a desc ription to an interfac e.
Interface Co mmands 4-151 4 Default Sett ing • Auto-ne gotiation is enable d by default . • When aut o-negot iation is di sabled , the default speed-du plex set ting is 1000full for Gigabit Ethe rnet por ts.
Command Line I nterface 4-152 4 • If aut onegotiation is dis abled, auto-MDI/MDI- X pin signal c onfiguration will also be disa bled for the RJ-45 ports.
Interface Co mmands 4-153 4 Example The follo wing exa mple c onfigure s Ethern et port 5 c apabilities to 100ha lf, 100ful l and fl ow cont rol. Related Commands negotiat ion (4-151 ) speed-d uplex (4 -150) flo wco ntro l (4-1 53 ) flowcontrol This comm and en ables flow control.
Command Line I nterface 4-154 4 Example The follow ing exam ple enab les flow con trol on p ort 5. Related Commands negotiat ion (4-151 ) capa bilities (flo wcontrol, symme tric) (4-1 52) media-type Thi s comma nd for ces t he por t type sele cted for co mbin ation port s 8 - 12.
Interface Co mmands 4-155 4 Default Sett ing All interface s are enabl ed. Command Mode Interface C onfigur ation (E thernet, P ort Chann el) Command Usage This comm and allow s you to disa ble a port due to abnor mal behav ior (e.g., exces sive collis ions), and then reen able it after the pr oblem ha s been resolved.
Command Line I nterface 4-156 4 Example The fol lowi ng sho ws ho w to conf igur e br oadca st st orm c ontr ol at 600 pac ket s pe r secon d: clear coun ters This comm and clea rs statistics on a n interfac e. Syntax clear cou nter s inte rf ace interfa ce • etherne t unit / port - unit - This is devic e 1.
Interface Co mmands 4-157 4 show inte rfaces status This comm and disp lays the status for an int erface . Syntax show in terface s status [ inte rfac e ] inte rface • etherne t unit / port - unit - This is devic e 1.
Command Line I nterface 4-158 4 show inte rfaces counte rs This c omman d disp lays i nterfac e statist ics. Syntax show i nterf aces counters [ in terface ] interfa ce • etherne t unit / port - unit - This is devic e 1. - port - Port number. • port-chann el cha nnel-id (Rang e: 1-6) Default Sett ing Shows the co unte rs for all interfa ces.
Interface Co mmands 4-159 4 show inte rfaces swi tchport This comm and disp lays t he admi nistrati ve and oper ationa l status of the spe cified int er fac es . Syntax show i nterface s sw itchpo rt [ interface ] inte rface • etherne t unit / port - unit - This is devic e 1.
Command Line I nterface 4-160 4 Mirror Port Commands This secti on descr ibes how to mirror tra ffic from a sour ce port to a target port. port monitor This c omman d co nfigures a mi rror sessio n.
Mirror Por t Commands 4-161 4 Command Usage • You can mirror tra ffic from an y source port to a de stination po rt for real -time analysis . You can th en attac h a logic anal yzer or RM ON pro be to the destinat ion por t and study the tra ffic cro ssing the s ourc e port in a c omp letely unobtr usive mann er.
Command Line I nterface 4-162 4 Example The follow ing show s mirrori ng configu red from port 6 to por t 1 1: Rate Limit Commands This funct ion allows the netwo rk manag er to cont rol the maxi mum r ate for traffic transmi tted or rec eived on an interfa ce.
Link Aggregati on Commands 4-163 4 Example Link Aggregation Comma nds Ports can be statica lly groupe d into an aggregat e link (i.e., trunk) to incr ease the bandwidth of a networ k connect ion or to ens ure faul t recove ry .
Command Line I nterface 4-164 4 channel-gro up This comm and a dds a port t o a trunk . Use the no form to remove a port f rom a trun k. Syntax channel-group chan nel-id no channel-grou p channel-id - T runk index (Range: 1-6) Default Sett ing The current port will be added to this trunk.
Link Aggregati on Commands 4-165 4 • If the targ et swit ch has al so ena bled LACP on th e conn ected po rts, the tr unk will be activated automatic ally.
Command Line I nterface 4-166 4 Address Table Command s Thes e comma nds ar e used t o confi gur e the addr ess tabl e for f ilte ring speci fied addr esse s, dis play ing cu rren t entr ies , clea ring the ta ble, or set ting t he agi ng time . mac-addr ess-table stati c This comm and maps a static ad dress to a destina tion port in a VL AN.
Address T able Co mmands 4-167 4 Command Usage The static add ress for a host device ca n be assi gned to a specific po rt within a specifi c VLAN. Use th is comman d to add static addresse s to the MA C Address T able.
Command Line I nterface 4-168 4 Default Sett ing None Command Mode Privileged Exec Command Usage • The MAC Address Ta ble co ntains the MAC add resses as sociat ed with ea ch interface.
Spanning Tree Commands 4-169 4 Example show ma c-address-tab le aging-time Thi s comma nd show s the agi ng tim e for en trie s in th e addres s ta ble.
Command Line I nterface 4-170 4 span nin g-t ree This comm and enables the S panning Tree Algor ithm gl obally for t he swit ch. Use t he no form to d isable it.
Spanning Tree Commands 4-171 4 Example This examp le show s how to ena ble the Sp anning T ree Algo rithm for the switch: spanning-tre e mode This comm and se lects the spanning tree mod e for this sw itch.
Command Line I nterface 4-172 4 • Multiple S panni ng T ree Pr otocol - To a llow mu ltiple spann ing tree s to oper ate over the network, you must configur e a related se t of bridge s with th e same M STP confi guration , allowing them to p articipa te in a spe cific s et of span ning tr ee ins tance s.
Spanning Tree Commands 4-173 4 spanning-tre e hello-time This comm and co nfigures the spannin g tree bridge he llo time gl obally fo r this switch. Use t he no form to re store the d efault . Syntax spanning-tree hello-time ti me no spanning-tree hello-tim e time - T ime in seconds.
Command Line I nterface 4-174 4 configur ation mess age) bec omes the desi gnated por t for the attached LAN. If it is a root port, a new root po rt is selecte d from amo ng the devi ce ports attached to the ne twork . Example spanning-tre e priority This c omman d co nfigures the s panning tree p riority g lobally for this switch.
Spanning Tree Commands 4-175 4 Default Sett ing Long met hod Command Mode Global Co nfigurat ion Command Usage The path cost me thod is us ed to dete rmine th e best path betwee n device s. Therefo re, lowe r value s sho uld be assigne d to ports attach ed to fas ter m edia, and hi gher va lues a ssigned to ports wit h slow er m edia.
Command Line I nterface 4-176 4 Command Mode Global Co nfigurat ion Example Related Commands mst vlan (4-176 ) mst prio rity (4-1 77) nam e (4 -177 ) revisi on (4- 178) max-ho ps (4-1 79) mst vl an Thi s com mand adds VLAN s to a sp anni ng tr ee in st ance.
Spanning Tree Commands 4-177 4 Example mst priority This c omman d co nfigures the p riority of a spannin g tree instance. Use the no form to restor e the defaul t. Syntax mst instance_id prior ity priority no mst instance_ id prio rit y • instance _id - Insta nce id entifier of th e spann ing tree.
Command Line I nterface 4-178 4 Default Sett ing Switch’s MAC ad dress Command Mode MST Conf iguration Command Usage The MST re gion nam e and revisi on numbe r (page 4-178 ) are used to designa te a unique M ST reg ion. A bridge (i.e., spann ing-tree com plia nt device suc h as th is sw itch ) can only belo ng to on e MST regi on.
Spanning Tree Commands 4-179 4 max-hops This comm and co nfigures the maxim um num ber of hops in th e region before a BPDU is discar ded. U se the no form to rest ore the de fault. Syntax max-h op s hop-numb er hop-number - M aximum hop num ber for multiple spanning tree.
Command Line I nterface 4-180 4 span nin g-t ree cost This comm and co nfigures the spanning tree path cost for the spec ified inter face. Use t he no form to re store the d efault . Syntax spanning-tree cost co st no spanning-tree co st cost - The path cost for the port.
Spanning Tree Commands 4-181 4 Default Sett ing 128 Command Mode Interface C onfigur ation (E thernet, P ort Chann el) Command Usage • This comm and de fines the pri ority for the us e of a port in the Sp anning Tr ee Alg orith m.
Command Line I nterface 4-182 4 Example Related Commands spanning-tr ee po rtfast (4- 182) spanning-tre e portfast This command set s an interf ace to fas t forwarding.
Spanning Tree Commands 4-183 4 spanning-tre e link-type This c omman d co nfigures the li nk typ e for Rapid Sp anning Tree and M ultiple S panning Tree.
Command Line I nterface 4-184 4 Default Sett ing • Etherne t – half duplex : 2,000,00 0; full du plex: 1,00 0,000; trunk: 500, 000 • Fast Ether net – half dup lex: 200 ,000; full duplex: 100, .
Spanning Tree Commands 4-185 4 interface with the highest priority (t hat is, lo west value) will be configured as an active l ink in the sp anning tre e. • Where mor e than one interfac e is assi gned the high est prior ity, the inter face with lowest n umeric identifi er will be enabl ed.
Command Line I nterface 4-186 4 show sp anning-tree This c omman d show s the configu ration for t he com mon s panning t ree ( CST) or for an instance withi n the multiple spa nning tree (MST). Syntax show s panning-tree [ in terface | mst instance_id ] • int er fac e • etherne t unit / port - unit - This is devic e 1.
Spanning Tree Commands 4-187 4 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :0 Vlans configuration :1-4094 Priority :32768 Bridge Hello Time (sec.
Command Line I nterface 4-188 4 show sp anning-tree ms t configuration This c omman d sh ows the con figuratio n of t he multiple spanning tree . Command Mode Privileged Exec Example VLAN Commands A VLAN is a gro up of ports that ca n be locat ed anyw here in the ne twork, but comm unicate as t hough they belo ng to the sam e phys ical segm ent.
VLAN Commands 4-189 4 Editing VLAN Groups vlan databas e This comm and ente rs VLAN da tabase mode. All comm ands in this m ode will take effect imm ediatel y . Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • Use the VLAN data base co mmand mo de to add, c hange , and delete VLANs .
Command Line I nterface 4-190 4 vlan This co mmand configur es a VLAN. Use the no form to restore the defau lt settings or de lete a VL AN . Syntax vlan vlan-i d [ name vl an-nam e ] m edia ethe rnet [ st ate { act ive | suspen d }] no vlan vlan-id [ na me | state ] • vlan-i d - ID of con figur ed VLAN.
VLAN Commands 4-191 4 Configuring VLAN Inte rfaces interfac e vlan This comm and ente rs interfac e configur ation mod e for VLANs , which is use d to configur e VLAN param eters for a physic al interfac e. Syntax interf ace vlan vlan -id vlan-id - ID of the configured VLAN.
Command Line I nterface 4-192 4 switchpo rt mode This comm and co nfigures the VLAN me mbersh ip mode for a port. Us e the no form to restor e the defaul t. Syntax switchport mode { trunk | hybri d } no switchport mode • trunk - Spe cifies a port as an end-p oint for a V LAN trunk.
VLAN Commands 4-193 4 Command Mode Interface C onfigur ation (E thernet, P ort Chann el) Command Usage When set to receive all frame typ es, any re ceived fra mes that ar e untagged are assigne d to the def ault VLAN .
Command Line I nterface 4-194 4 Example The follow ing exam ple shows how to se t the interf ace to por t 1 and then enable ingress fil tering: switchpo rt native v lan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to rest ore the d efault.
VLAN Commands 4-195 4 switchpo rt allowed v lan This c omman d conf igures VLAN groups o n th e sele cted int erfac e. Use the no form to restor e the defaul t. Syntax switchpo rt allo wed vlan { add vlan- list [ t a gged | untagged ] | remo ve vlan -list } no switchp ort allo wed vlan • add vlan-l ist - Lis t of VLAN ident ifi er s to ad d.
Command Line I nterface 4-196 4 switchpo rt forbidden vlan This c ommand conf igures f orbidden VLAN s. Us e the no form to remove the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan-li st | re move vlan-list } no switchp ort forbi dden vlan • add vlan-l ist - Lis t of VLAN ident ifi er s to ad d.
VLAN Commands 4-197 4 Displaying VLAN Information show vl an This c omman d show s V LAN infor mation. Syntax show v lan [ id vlan-id | name vlan-name ] • id - Key word to be foll owed by the VLAN ID. vlan-i d - ID of th e configu red V LAN. (Ran ge: 1-4 094, no leadin g zeroe s) • name - Keyw ord to be foll owed by the VLAN nam e.
Command Line I nterface 4-198 4 Configuring Pri vate VLANs Private VLA Ns prov ide port- based secu rity and is olation between por ts within the assigne d VLA N. Thi s sect ion des cribes comm ands used to c onfigure priva te VlA Ns. pvlan This comm and en ables or con figures a p rivate VLAN.
VLAN Commands 4-199 4 show pv lan This comm and disp lays the con figured pr ivate VLAN . Command Mode Privileged Exec Example Configuring Prot ocol-based VLANs The net work d evices required to support m ultipl e proto cols c annot b e easily group ed into a common VLAN.
Command Line I nterface 4-200 4 protocol-vla n protocol-group ( Confi guring Gr oups) Thi s comman d creat es a pr otocol gro up, or to ad d speci fic prot ocols t o a group.
VLAN Commands 4-201 4 Command Usage • When cre ating a pro tocol-bas ed VLAN, only ass ign interfaces via this comm and. If you as sign inte rfaces u sing any of th e other VLAN comm ands (such as vlan on page 4-190), these in terfaces will admit traffic of any protocol typ e into t he asso cia ted VLA N.
Command Line I nterface 4-202 4 show inte rfaces protoco l-vlan protocol -group This comm and sh ows the ma pping from proto col groups to VLA Ns for the selected int er fac es . Syntax show interface s protocol-vlan prot ocol-group [ interface ] interfa ce • etherne t unit / port - unit - This is devic e 1.
GVRP and Bridge Extens ion Commands 4-203 4 GVRP and Bridge Extens ion Commands GARP VL AN Regi stration P rotocol de fines a wa y for switch es to exch ange VLA N informat ion in order to automa tically reg ister VLAN m ember s on interf aces acro ss the netwo rk.
Command Line I nterface 4-204 4 show bridg e-ext Thi s comm and s hows the confi gurat ion for brid ge ex tens ion comman ds. Default Sett ing None Command Mode Privileged Exec Command Usage See “Di.
GVRP and Bridge Extens ion Commands 4-205 4 show gv rp configuration This c omman d sh ows if G VRP is enabled . Syntax show g vrp configur ation [ interface ] inte rface • etherne t unit / port - unit - This is devic e 1.
Command Line I nterface 4-206 4 Command Usage • Group Ad dres s Reg istration Protocol is u sed by GVR P and GMRP to registe r or deregi st er cl ient att rib utes for clien t se rvic es wi thi n a br idge d LAN . Th e default v alues for the G ARP timers are i ndepende nt of the media acce ss metho d or data rat e.
Priority Co mmands 4-207 4 Related Commands garp timer (4-2 05) Priority Commands The comm ands des cribed in this sect ion allow y ou to sp ecify which data packets have grea ter prec edence w hen traffic is buffered in the switc h due to con gestio n.
Command Line I nterface 4-208 4 queue mod e This comm and se ts the queue mode to str ict priority or Weighted Roun d-Rob in (WR R) for the c lass of se rvic e (C oS) pr ior ity q ueues .
Priority Co mmands 4-209 4 switchpo rt priority default This comm and se ts a priority for inc oming u ntagged fram es. Use th e no form to restore t he default value. Syntax switchport priority default de fault-p riority-id no switchport priority default default-priority-id - The pri ority number for untagged i ngress traffic.
Command Line I nterface 4-210 4 queue ban dwidth Thi s comm and a ssig ns we ight ed r ound-r obi n (WR R) we ight s t o th e eigh t cl ass o f service (Co S) prior ity queues . Use the no form to res tore th e default wei ghts. Syntax queue bandwidth weight1.
Priority Co mmands 4-211 4 Default Sett ing This switc h supports Clas s of Service by using eight priority que ues, with Weighted Ro und Robin queuing f or each por t. Eight separat e traffic classes are defi ned in IEEE 802. 1p. The defau lt priority levels a re assi gned acc ording to recomm endatio ns in the IE EE 802.
Command Line I nterface 4-212 4 Example show que ue bandwi dth This command dis plays the weighted r ound-robin (WRR) bandwid th allocati on for the eight p riority queu es. Default Sett ing None Command Mode Privileged Exec Example show que ue cos-map This co mmand sho ws the cla ss of se rvice pr iori ty map.
Priority Co mmands 4-213 4 Example Priorit y Commands (Layer 3 and 4) map ip port (Gl obal Co nfiguratio n) Use this command to enable IP p ort mapping ( i.e., class of service ma pping for TCP/UDP soc kets). Use the no for m to d isa ble I P por t ma ppin g.
Command Line I nterface 4-214 4 Example The follow ing exam ple shows how to en able TCP/ UDP port ma pping glob ally: map ip port (Inte rface Confi guration) This command set s IP port p riority (i .e., TCP/UDP port pri ority). Use the no form to remove a sp ecific setti ng.
Priority Co mmands 4-215 4 Command Usage • The prece dence for priority m apping is I P Port, IP Pre ceden ce or IP DS CP, and defau lt switch port prior ity. • IP Prece dence and IP DSC P cann ot both be e nabled. Enabling one of these priority types will a utomatically dis able the other type.
Command Line I nterface 4-216 4 map ip ds cp (Globa l Configurat ion) This comm and enabl es IP DS CP mapp ing (i.e., Different iated Serv ices Code Point mapping) .
Priority Co mmands 4-217 4 Default Sett ing The DS CP def ault value s are de fine d in the f ollo win g tabl e. Not e th at all the DSCP values that a re n ot spec ified a re ma pped to CoS value 0.
Command Line I nterface 4-218 4 Default Sett ing None Command Mode Privileged Exec Example The follow ing show s that HTT P traffic has be en mappe d to CoS va lue 0: Related Commands map ip port ( Gl.
Priority Co mmands 4-219 4 Example Related Commands map ip prec edenc e (Global C onfigura tion) ( 4-214) map ip prec edenc e (Interface Configur ation ) (4-215) show ma p ip dscp This comm and sh ows the IP DS CP prio rity map. Syntax show m ap ip dscp [ interf ace ] inte rface • etherne t unit / port - unit - This is devic e 1.
Command Line I nterface 4-220 4 Example Related Commands map ip dscp ( Globa l Configur ation) (4-21 6) map ip d scp (I nt erfa ce Conf igu rati on) (4-2 16) Multicast Filtering Comma nds This switc h uses IGM P (Interne t Group M anagem ent Protoco l) to que ry for any attached ho sts that want to re ceive a spe cific mul ticast servic e.
Multicast Filte ring Commands 4-221 4 IGMP Snooping Commands ip igmp sn ooping This comm and enables IGMP sn ooping o n this switch. U se the no form t o di sable i t. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfigurat ion Example The follow ing exam ple enab les IGM P snoopin g.
Command Line I nterface 4-222 4 Command Mode Global Co nfigurat ion Example The follow ing show s how to static ally conf igure a mult icast grou p on a por t: ip igmp sn ooping versio n This c omman d conf igures t he IG MP s nooping versi on. Us e the no form to res tore the defaul t.
Multicast Filte ring Commands 4-223 4 Command Usage See “Con figurin g IGMP Snoopin g and Q uery Pa rameter s” on page 3-154 for a descrip tion of the di splayed items. Example The fo llowing shows the current IGMP snoo ping c onfigu ration: show ma c-address-tab le multicast This comm and sh ows know n multic ast addr esses.
Command Line I nterface 4-224 4 IGMP Query Commands (Layer 2) ip igmp sn ooping qu erier This co mmand enab les the s witch a s an IGMP queri er . Use the no form to dis able it.
Multicast Filte ring Commands 4-225 4 Default Sett ing 2 times Command Mode Global Co nfigurat ion Command Usage The que ry c ount de fines how long t he q uerier wa its for a respo nse f rom a multicas t client befor e taking action.
Command Line I nterface 4-226 4 ip igmp sn ooping qu ery-max-respo nse-time This c omman d co nfigures the q uery r eport delay . Use the no form to res tore the default. Syntax ip igmp s noopin g query-m ax-respons e-time seco nds no ip igmp snooping que ry-max-res ponse-time seconds - The report delay a dvertised in IGMP quer ies.
Multicast Filte ring Commands 4-227 4 Default Sett ing 300 secon ds Command Mode Global Co nfigurat ion Command Usage The swit ch must use IGMPv 2 for thi s command to tak e effe ct.
Command Line I nterface 4-228 4 Command Usage Depend ing on your network connec tions, IGMP snoopi ng may not always be able to loca te the IGMP querier.
Multicast Filte ring Commands 4-229 4 IGMP Com man ds (Layer 3) ip igmp This comm and en ables IGMP on a VLAN interface. Use the no form of th is comm and to disable IGMP on the specif ied interfa ce.
Command Line I nterface 4-230 4 Related Commands ip i gmp s noo ping ( 4-22 1) show ip ig mp snoopin g (4-2 22) ip igmp robu stval This c omman d sp ecifies the r obustne ss ( i.e., ex pecte d packet loss) for this int erf ace. Use t he no for m of this command to restore the default val ue.
Multicast Filte ring Commands 4-231 4 Command Usage • Multicas t routers se nd host query mes sages to de termin e the interfac es tha t are conne cted to do wnstrea m hos ts reque sting a sp ecific mul ticast se rvice.
Command Line I nterface 4-232 4 Related Commands ip ig mp ver sio n (4 -23 2) ip i gmp query- interval (4-230) ip igmp la st-memb-query -interval This c omman d co nfigures the l ast me mber query inte rval. Us e the no form of this comma nd to restor e the de faul t.
Multicast Filte ring Commands 4-233 4 Command Mode Interface C onfigur ation (VLAN ) Command Usage • Al l ro uter s on t he s ubnet must supp ort the same ve rsio n. H owever , t he multicas t hosts on the subnet may supp ort eithe r IGMP ve rsion 1 or 2.
Command Line I nterface 4-234 4 clear ip ig mp group Thi s co mm an d de le tes e ntr ie s fro m the IGM P c ach e. Syntax clear ip igm p grou p [ group-addr ess | interface vlan vlan-id ] • grou p-a ddre ss - IP ad dres s of the multica st group .
Multicast Filte ring Commands 4-235 4 • If the re are Version 1 ho sts present for a particular grou p, the switch will ignore any Leave Group m essag es that it rec eives for t hat group.
Command Line I nterface 4-236 4 IP Interface Commands There are no IP addre sses as signed to t his router by defaul t. Y ou mu st manu ally configur e a new add ress to m anage the router over your n etwork or to connec t the router t o existi ng IP subne ts.
IP Interface Co mmands 4-237 4 Default Sett ing IP addr ess: 0.0.0.0 Net mas k: 255 .0 .0.0 Command Mode Interface C onfigur ation (VLAN ) Command Usage • If this router is directly connecte d to en.
Command Line I nterface 4-238 4 Example In the follo wing exam ple, the de vice is assi gned an address in VLAN 1. Related Commands ip dhcp restar t client ( 4-127) ip default-g ateway This command specifies t he default gateway for dest inations not found in t he local routing table s.
IP Interface Co mmands 4-239 4 show ip interface This command dis plays the setti ngs of an IP inte rface. Default Sett ing All interfaces Command Mode Privileged Exec Example Related Commands show ip red irec ts (4-2 39) show ip redirects This comm and sh ows the d efault ga teway conf igure d for this de vice.
Command Line I nterface 4-240 4 Default Sett ing This comm and ha s no default for the host. Command Mode Normal Exec, Priv ileged Exec Command Usage • Us e the pi ng co mmand to see if anothe r si te on th e netwo rk can be rea ched.
IP Interface Co mmands 4-241 4 Address Resolut ion Protocol ( ARP) arp This comm and ad ds a static entry in the Addres s Resolut ion Protoc ol (AR P) cache. Use t he no form to r emove an entry fro m the cache. Syntax arp ip-addr ess ha rdware- address no arp ip-a dd ress • ip-a ddre ss - IP addres s to map to a spe cified ha rdwar e address .
Command Line I nterface 4-242 4 arp-time out This comm and se ts the aging time f or dynam ic entries i n the Addr ess Reso lution Protocol (ARP) ca che. Use th e no form to restore the default. Syntax arp-timeou t seco nds no arp-timeo ut seconds - The time a dynam ic entry remains in the ARP cache.
IP Interface Co mmands 4-243 4 Command Usage This comm and disp lays infor mation ab out the ARP cache. The first line sho ws the cache timeout . It also sho ws each c ache entr y , including the corres ponding IP address , MAC ad dress, type (static, dyna mic, othe r), and VLAN in terfac e.
Command Line I nterface 4-244 4 IP Routing Commands After you configu re networ k interfac es for this router, you must set the paths use d to send tra ffic between differe nt interfac es. If you ena ble routi ng on this dev ice, traffic will auto maticall y be forwar ded betwe en all of th e local su bnetwor ks.
IP Routing Co mmands 4-245 4 Command Usage • The comm and a ffects both st atic and dy namic unicast routing. • If IP routing is enabled, all IP packets ar e routed us ing either static routing or dynamic r outing via RIP or OSP F, and ot her pack ets for all non-IP p rotocols (e.
Command Line I nterface 4-246 4 clear ip route Thi s comm and r emove s dyn amica lly lea rned e ntri es f rom the I P rou ting ta ble. Syntax clear ip route { netwo rk [ netma sk ] | * } • network – Networ k or subne t address . • netma sk - Net work mask fo r the assoc iated I P subn et.
IP Routing Co mmands 4-247 4 Example show ip host-route This comm and disp lays the interfac e associ ated with kn own route s. Command Mode Privileged Exec Example Consol e#sh ow i p ro ute Ip A ddre ss Ne tmask N ext Hop Protoc ol Metr ic I nter face ------ ---- ---- - ---- ---- ------ - ---- ---- ---- --- --- ---- --- ---- -- --- ---- -- 0.
Command Line I nterface 4-248 4 show ip traffic This comm and disp lays statistic s for IP , ICMP , UDP , TCP and ARP prot ocols. Command Mode Privileged Exec Command Usage For a descr iption of th e informa tion shown by this com mand, see “Display ing S tatistics for IP Proto cols” on page 3 -205.
IP Routing Co mmands 4-249 4 router rip This comm and en ables Rou ting Info rmation Protocol (R IP) routi ng for all IP int erf aces on th e rou ter .
Command Line I nterface 4-250 4 Default Sett ing Upda te: 30 seco nds T imeout : 180 seco nds Garba ge collect ion: 120 sec onds Command Usage •T h e update time r sets th e rate at wh ich updates are sen t. This is the fundamen tal tim er used to cont rol all basi c RIP proc esses .
IP Routing Co mmands 4-251 4 Command Usage • RIP only s ends up dates to inter faces sp ecified b y this com mand. • Subne t addresses are interp reted as c lass A, B or C, ba sed on the f irst field in the specif ied add ress . In othe r w ords, if a sub net add ress nnn.
Command Line I nterface 4-252 4 vers ion This comm and sp ecifies a RIP ve rsion us ed global ly by the ro uter . Use the no form to restor e the defaul t value.
IP Routing Co mmands 4-253 4 ip rip receive v ersion This command specifies a RIP version to receive on an in terface. Use the no form to restore t he default value. Syntax ip rip receiv e versio n { none | 1 | 2 | 1 2 } no ip rip receive version • none - Does no t acce pt incoming RIP packets.
Command Line I nterface 4-254 4 ip rip send version This command specifie s a RIP version to send on an interf ace. Use the no for m to restore t he default value. Syntax ip rip send ver sion { none | 1 | 2 | v2-broadca st } no ip rip send version • none - Do es not tr ansmi t RI P upda tes .
IP Routing Co mmands 4-255 4 ip split-horiz on This comm and en ables spli t-horizo n or poison- revers e (a variation ) on an int erface . Use t he no form to dis able split- horizon. Syntax ip split-horizon [ poison-reverse ] no ip split-horizon poison-reverse - E nables poison -rever se on the c urrent interfac e.
Command Line I nterface 4-256 4 • For auth entication to functio n proper ly, both th e sending and recei ving interfa ce must be co nfigur ed with the sa me pa ssword . Example This examp le sets an authe nticat ion passwor d of “smal l” to verify in comin g routing messag es and to tag ou tgoing rou ting mess ages.
IP Routing Co mmands 4-257 4 show rip g lobals This c omman d disp lays g lobal confi guration settin gs for RIP . Command Mode Privileged Exec Example show ip rip This c omman d disp lays i nforma tion a bout i nterfac es co nfigured fo r RIP .
Command Line I nterface 4-258 4 Example Console #show ip rip c onfig uration In terfa ce S endMo de Rec eiveM ode P oison Authe ntica tion ------- ----- --- ----- ----- ----- - ---- ----- --- - ---- -------- - -- ----- ----- ---- -- 10 .1.0. 253 rip1 Compa tible R IPv1O rv2 Spl itHorizo n noAut henti cati on 10 .
IP Routing Co mmands 4-259 4 Open Shortest Path First (OS PF ) T able 4-85 Open S hortest Path Fi rst Com mand s Comman d Function M ode P age General C onfigu ration router ospf E nables or disable s.
Command Line I nterface 4-260 4 router ospf This c ommand enables Open Shor test Pat h First (OSPF) routing for al l IP inter faces on th e rout er . Use the no form to disable it .
IP Routing Co mmands 4-261 4 Command Usage • The rout er ID mus t be unique fo r every ro uter in the autonomou s syst em. Usi ng th e de faul t se tti ng bas ed on the lowe st i nte rfac e add ress ensu res that each rou ter ID is unique . Also, note t hat you canno t set the router I D to 0.
Command Line I nterface 4-262 4 default-inform ation originate This comm and ge nerates a def ault exte rnal rout e into an auto nomous system . Use the no form t o disabl e th is feat ure.
IP Routing Co mmands 4-263 4 Related Commands ip route (4-245) redistribute (4-266) timers spf This comm and co nfigures the hold time betwee n makin g two conse cutive shortes t path first (SPF) ca lculations . Use the no form to restore the default value.
Command Line I nterface 4-264 4 area rang e This comm and sum marizes the routes ad vertised by an Area Border Router (ABR) . Use t he no form to dis able this funct ion. Syntax [ no ] ar ea area-id ra nge ip-address netmask [ adv ertis e | no t-adver tise ] • area-id - Iden tifi es an are a fo r whi ch th e ro utes are s ummar ize d.
IP Routing Co mmands 4-265 4 Default Sett ing 1 Command Usage • If you e nter this comman d for a normal area, it will changed to a stub. • If t he default c ost is set to “0,” t he router will not a dvertise a default rout e into the attached stub or NSSA.
Command Line I nterface 4-266 4 redistribute This comm and im ports extern al routing info rmation from othe r routing do mains (i.e ., protoc ols) into the auton omou s syst em.
IP Routing Co mmands 4-267 4 network a rea This comm and de fines an OS PF area and t he inte rfaces tha t operate w ithin this area. Use the no form to disable OS PF for a sp ecified interface . Syntax [ no ] ne two rk ip-addres s netma sk area area-i d • ip-a ddre ss - Addres s of the inter faces to add to the area .
Command Line I nterface 4-268 4 area stub This comm and de fines a stub area. T o remov e a stub, use t he no f orm wi tho ut th e optional keyword. T o r emove t he summ ary attribu te, use the no form with the summ ary keyw ord. Syntax [ no ] ar ea area-id stub [ summary ] • area-id - Identifies th e stub area.
IP Routing Co mmands 4-269 4 area nss a This comman d defines a no t-so-stubb y area (NSSA ). T o rem ove an NSSA, use the no form with out an y op tion al k eywor ds. T o remo ve a n opti onal att rib ute, use the no for m with out th e rele vant keywor d.
Command Line I nterface 4-270 4 Example This examp le creat es a stub a rea 10.3.0. 0, and as signs al l interface s with class B addresses 10.3 .x.x to the NSSA. It also instru cts th e router to g enerate external LSAs into the NSSA when it is an NSSA ABR or NSSA ASBR.
IP Routing Co mmands 4-271 4 propagation delays. LSAs have thei r age inc remented by this amo unt before tr ansmissi on. This valu e must be the same for all route rs attached to an autono mous system .
Command Line I nterface 4-272 4 Example This examp le creat es a virtua l link using t he defaults for all optional parameters . This examp le creat es a virtua l link using M D5 aut henticat ion. Related Commands show ip ospf vi rtual-links (4-290) ip ospf authenticati on This command spec ifies the authe ntication type used for an int erface.
IP Routing Co mmands 4-273 4 Related Commands ip ospf authentication-key (4-273) ip ospf message-digest-key (4-274) ip ospf authenticati on-key This comm and as signs a sim ple passw ord to be us ed by neig hboring routers. Use the no form to remove th e passwo rd.
Command Line I nterface 4-274 4 ip ospf message-d igest-key This comm and en ables m essage- digest (MD5) authe nticati on on the sp ecified interface an d to ass ign a key- id and key to be u sed by ne ighboring routers . Use the no form to re move an exis ting key .
IP Routing Co mmands 4-275 4 ip ospf cost This comm and ex plicitly sets the co st of send ing a packet on an interfac e. Use t he no form to restore the default value. Syntax ip o spf cos t cost no ip ospf cost cost - Link m etric for th is interfac e.
Command Line I nterface 4-276 4 Related Commands ip ospf hello-interval (4-276) ip ospf hel lo-interva l This co mman d spe cifies th e inte rval b etween s endi ng hello packets on an i nterface .
IP Routing Co mmands 4-277 4 Command Usage • Set the priority to zero to prev ent a rout er from being el ected as a DR o r BDR . If set to any value othe r than zero, the router with th e highest prio rity will become the DR and the rout er with the ne xt highest priority bec ome s the BDR.
Command Line I nterface 4-278 4 ip ospf trans mit-delay This command set s the es timated time to s end a link-s tate u pdate packet o ver an int erf ace.
IP Routing Co mmands 4-279 4 show ip ospf border-routers This c omman d show s ent ries in the r outing ta ble that lead to an Area B order Rou ter (ABR) or Autonomo us System Bound ary Route r (ASBR).
Command Line I nterface 4-280 4 show ip ospf databas e This c omman d show s infor mation abou t different OSPF Link S tate Adve rtisements (LSAs) st ored i n this route r ’s database .
IP Routing Co mmands 4-281 4 Command Mode Privileged Exec Examples The follow ing show s output fo r the show ip ospf data base command. Consol e#sh ow i p os pf d atabas e Displ ayin g Rout er Lin k States (Are a 10.1 .0.0) Link ID ADV Router Age Seq# Checksu m ------ ---- ---- - ---- ---- ------ - ---- -- --- ---- ---- -- ---- ----- 10.
Command Line I nterface 4-282 4 The follow ing show s output w hen usin g the asbr-summary keyword. Consol e#sh ow i p os pf d atabas e as br-s umma ry OSPF Ro uter with id(1 0.
IP Routing Co mmands 4-283 4 The follow ing show s output w hen usin g the dat abase-summa ry keyw ord. Console#show ip ospf database database-summary Area ID (10.
Command Line I nterface 4-284 4 The follow ing show s output w hen usin g the ex ternal keyw ord. Consol e#sh ow i p os pf d atabas e ex tern al OSPF Ro uter with id(1 92.168 .5.1) (A uton omous sy stem 5) Disp layi ng A S Exte rnal Lin k St ates LS age: 433 Optio ns: (N o TOS-ca pabili ty) LS Type : AS Ext ernal Li nk Link S tate ID: 10.
IP Routing Co mmands 4-285 4 The follow ing show s output w hen usin g the networ k ke yword . Consol e#sh ow i p os pf d atabas e ne twor k OSPF Ro uter with id(1 0.
Command Line I nterface 4-286 4 The follow ing show s output w hen usin g the ro uter keyw ord. Consol e#sh ow i p os pf d atabas e ro uter OSPF Ro uter with id(1 0.
IP Routing Co mmands 4-287 4 The follow ing show s output w hen usin g the summary keyw ord. Number o f TOS me trics Type of Service metric – This router only supp orts TOS 0 (or no rmal s ervice) Metrics Cost of the link Consol e#sh ow i p os pf d atabas e su mmar y OSPF Ro uter with id(1 0.
Command Line I nterface 4-288 4 show ip ospf interface This comma nd displays summary in formation for OSPF interfa ces. Syntax show ip ospf interfa ce [ vlan vlan-i d ] vlan-i d - VLAN I D (Range : 1-4094) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.
IP Routing Co mmands 4-289 4 show ip ospf neighbor This c omman d disp lays in forma tion a bout n eighbor ing r outers on eac h i nterface wit hin an OS PF ar ea. Syntax show ip ospf neighbor Command Mode Privileged Exec Example Console#show ip ospf neighbor ID Pri State Address --------------- ------ ---------------- - -------------- 10.
Command Line I nterface 4-290 4 show ip ospf summary- address This co mmand dis plays all s ummary addre ss infor mation. Syntax show ip osp f summary -address Command Mode Privileged Exec Example This examp le sho ws a summ ary addr ess and associa ted netwo rk mask .
Multicast Routi ng Commands 4-291 4 Multicast Routing Comman ds This route r uses IGM P snoopi ng and qu ery to deter mine the ports connecte d to downstr eam mu lticast hosts, and to propagat e this .
Command Line I nterface 4-292 4 Default Sett ing No static mult icast router ports are config ured. Command Mode Global Co nfigurat ion Command Usage Depend ing on your network connec tions, IGMP snoopi ng may not always be able to loca te the IGMP querier.
Multicast Routi ng Commands 4-293 4 General Multicas t Routing Commands ip multica st-routing This comm and enables IP mult icast rou ting. Use the no form to disabl e IP mu lticast routing.
Command Line I nterface 4-294 4 Command Mode Privileged Exec Command Usage This c omman d disp lays inf ormat ion for mul ticast routing. If no option al parameter s are selec ted, detailed information for each en try in the m ulticast address table is display ed.
Multicast Routi ng Commands 4-295 4 This example l ists al l entries in th e multicast t able in summary form: DVMRP Multicast Routing Commands router dvmrp This comm and enabl es Distance -V ector Multic ast Routing (DVMR P) globally fo r the router and to enter rou ter conf iguration m ode.
Command Line I nterface 4-296 4 Command Mode Global Co nfigurat ion Command Usage This comm and enabl es DVM RP global ly for the router and enter s router configur ation mod e.
Multicast Routi ng Commands 4-297 4 Command Usage Probe me ssages ar e sent to ne ighborin g DVMRP r outers fro m which thi s device ha s receiv ed probes , and is use d to verify whether or not these neighbors are still activ e members of the multicast tree.
Command Line I nterface 4-298 4 Command Mode Rout er C onfi gura tion Example flash-upda te-interval This co mmand specif ies how often to send tr igger u pdates, w hich reflect chang es in the netwo rk topolo gy . Use the no fo rm to restor e the defa ult value.
Multicast Routi ng Commands 4-299 4 Example default-gate way This comm and sp ecifies the de fault DV MRP gate way for IP m ulticas t traffic. Use the no form to remove the default gateway . Syntax defaul t-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway .
Command Line I nterface 4-300 4 Default Sett ing Disabled Command Mode Interface C onfigur ation (VLAN ) Command Usage T o fully enable DV MRP , you need to ena ble mult icast routi ng globall y for t.
Multicast Routi ng Commands 4-301 4 Example clear ip dv mrp route This comm and clea rs all dyna mic route s learne d by DVM RP . Command Mode Privileged Exec Example As show n belo w , this com mand clea rs ever ything f rom the route tab le exce pt for the default rout e.
Command Line I nterface 4-302 4 Example The defau lt settings are show n in the follo wing exam ple: show ip dvmrp route This comm and disp lays all en tries in the DV MRP ro uting table.
Multicast Routi ng Commands 4-303 4 show ip dvmrp neighbo r This comm and disp lays al l of the DVMR P neigh bor rout ers. Command Mode Normal Exec, Privileged Exec Example show ip dvmrp interface This comm and displays the DV MRP c onfigura tion for interfaces whic h have enabled DVMRP .
Command Line I nterface 4-304 4 PIM-DM Multicast Routing Commands router pim This comm and enabl es Prot ocol-Inde pende nt Multicast - Dense Mo de (PIM -DM) globally fo r the router and to enter router conf igurati on mode. Use the no form to disable PI M-DM mu lticast rou ting.
Multicast Routi ng Commands 4-305 4 Example ip pim den se-mode This comm and enabl es PIM -DM on the spe cified int erface. Use the no form to disable PI M-DM on this interfac e.
Command Line I nterface 4-306 4 ip pim hel lo-interval This comm and co nfigures the frequen cy at whic h PIM hel lo messag es are transmi tted. U se t he no form to rest ore the de fault value. Syntax ip p im he llo -in terv al seconds no pim hello-interval secon ds - Interval betw een sending PIM he llo messages.
Multicast Routi ng Commands 4-307 4 Example ip pim trigge r-hello-interval This comm and co nfigures the maxim um time before tra nsmittin g a triggered PI M Hello mes sage after the router is rebo oted or PIM is enabled on an interfa ce. Use the no f orm to res tore the def ault va lue.
Command Line I nterface 4-308 4 Default Sett ing 210 secon ds Command Mode Interface C onfigur ation (VLAN ) Command Usage The multica st interfac e that fir st receive s a multicast stream from a particula r sour ce f orwar ds th is tr af fic to all othe r PIM i nter fac es on th e rou ter .
Multicast Routi ng Commands 4-309 4 ip pim ma x-graft-retr ies This comm and configu res the m aximu m numb er of time s to res end a Gr aft message if it has not be en ackn owledge d.
Command Line I nterface 4-310 4 Example show ip pim neighbor Thi s comma nd dis play s inf ormat ion ab out PI M nei ghbor s. Syntax show ip pim neighbor [ ip-address ] ip-address - IP address of a PIM neighbor . Default Sett ing Displays i nformat ion for all kno wn PIM neigh bors .
Router Redundan cy Commands 4-311 4 Router Redundancy Commands Router r edundanc y protoc ols use a vi rtual IP ad dress to support a primary r outer and multipl e backu p routers. The backup rou ters can be co nfigured to take over the work load if the m aster rout er f ails , or can also b e co nfig ured to sha re t he tr af fi c load .
Command Line I nterface 4-312 4 vrrp ip This comm and en ables the Virtual R outer Re dunda ncy Proto col (VRRP ) on an interfa ce and speci fy the IP add ress of the virtual router . Use the no form to disable VRRP on an i nterface and remo ve the IP address from the vir tual rout er .
Router Redundan cy Commands 4-313 4 vrrp authentic ation This comm and sp ecifies the key used to authen ticate VRR P packets rece ived from other rout ers. Use the no form to prevent authenti cation. Syntax vrrp group a uth enti cati on key no vrrp group auth enticati on • group - Iden tifies the v irtual rout er group .
Command Line I nterface 4-314 4 Command Usage • A router tha t has a phys ical inte rface wi th the sam e IP addres s as tha t used for the virtual router will become th e master vir tual router. Th e backup router with the hi ghest pr iority will be come the master ro uter if the cur rent m aster fails.
Router Redundan cy Commands 4-315 4 • VRRP advertise ments a re sent to th e multic ast addre ss 224.0 .0.8. Usin g a multicas t address reduc es the am ount of tra ffic that has to proces sed by network devices that are not par t of the desi gnated VRR P group .
Command Line I nterface 4-316 4 Related Commands vrrp priorit y (4-313) show vrrp This comm and disp lays status i nformat ion for VR RP . Syntax show v rrp [ brief | group ] • brief - D isplays summ ary inform ation f or al l VRR P gr oups on t his r outer .
Router Redundan cy Commands 4-317 4 This examp le disp lays the brief listing of status inform ation for all groups. T able 4-109 s how vr rp - dis play de scriptio n Field Descr iption State VRRP rol.
Command Line I nterface 4-318 4 show vrrp interface This comm and disp lays status inf ormati on for the spe cified VR RP inter face. Syntax show v rrp interf ace vl an vla n-id [ brief ] • vlan-i d - Ide ntifier of con figured VLA N interf ace.
Router Redundan cy Commands 4-319 4 show vrrp interface coun ters This comm and disp lays cou nters for VRR P prot ocol even ts and errors that have occurr ed for the s pecifie d group and interf ace. show v rrp grou p int erfa ce vl an int erfa ce co unters • group - Iden tifies a VRR P group .
Command Line I nterface 4-320 4 Defaults None Command Mode Privileged Exec Example Hot Standby Router Protocol Commands T o configure HSRP , add the interface for e ach router that will p articip ate in the virtual router gro up, set the priorities , and confi gure an aut henticat ion string.
Router Redundan cy Commands 4-321 4 standb y ip This comm and enabl es the Hot S tandby Route r Protocol (HS RP) on an i nterface and spec ify the IP ad dress of the vir tual rou ter . Use the no f orm to d isable HSRP on an interface and rem ove the IP address for the vir tual router.
Command Line I nterface 4-322 4 Example This examp le creates HSRP gr oup 1 for VLAN 1, and al so adds a sec ondar y interface as a membe r of the grou p. standby pri ority This comm and se ts the priority of th is router in a HS RP gro up. Use th e no form to restore t he default setting.
Router Redundan cy Commands 4-323 4 Related Commands standby a uthent ication (4- 324) standby tr ack (4-326) standb y preempt Thi s com mand c onfi gure s th e ro uter to t ake over as t he mas ter vir tual rout er fo r an HSRP g roup if it ha s hig her pr iori ty th an th e curr ent ma ster v irt ual ro uter .
Command Line I nterface 4-324 4 stan dby auth enti cat ion This command spec ifies the key use d to authenticate HSRP p ackets received from other rout ers. Use the no form to delete an authenti cation st ring. Syntax standby [ group ] auth enticatio n strin g no standby [ group ] au thenticat ion • group - Iden tifies the H SRP gr oup.
Router Redundan cy Commands 4-325 4 standby tim ers This comm and se ts the time betw een the m aster an d standby rou ter send ing hello pac ket s, an d the ti me be fore ot her ro uter s decl are th e acti ve mast er ro uter or standby rou ter down.
Command Line I nterface 4-326 4 stan dby trac k This comm and co nfigures an interfa ce so that the HSRP pr iority chan ges bas ed on the avail ability of othe r IP inter faces on thi s router .
Router Redundan cy Commands 4-327 4 show sta ndby This comm and disp lays status i nformat ion for HS RP . Syntax show st and by [ active | init | listen | st andby ] [ brief ] •a c t i v e - Di splays HSRP gr oup s in the ac tiv e stat e. •i n i t - Disp lays HS RP groups in th e initial state.
Command Line I nterface 4-328 4 This examp le disp lays the brief listing of status inform ation for all groups. priority Priority of this router. may pree mpt Router wi ll attem pt to ta ke over a s the m aster r outer if its prio rity is high er .
Router Redundan cy Commands 4-329 4 show sta ndby interface This comm and disp lays H SRP status in formation for the sp ecified interface . Syntax show s tandby inte rface vlan vlan-id [ group grou p ] [ acti ve | init | listen | standby ] [ bri ef ] • vlan-i d - Ide ntifier of con figured VLA N interf ace.
Command Line I nterface 4-330 4.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T A CACS, Port (802.1x), HTTPS, SSH, Port Securi ty Acce ss Cont rol L ist s IP , M AC (up to 3 2 li sts) DHCP C.
Software Specifi cations A-2 A Multicast Filt ering IGMP S noopi ng (La yer 2) IGMP (Layer 3) Multicast Ro uting DVMRP , PIM-DM IP R outing ARP , Proxy ARP S t at ic rout es RIP , RIPv2 and OSPFv2 dy .
Management Infor mation Bases A-3 A IEEE 802.3x Full-duplex flow contro l (ISO/IEC 8802-3) IEEE 80 2.3z G igabit E thernet , IEEE 802.3ab 1000BA SE-T IEEE 802.
Software Specifi cations A-4 A PIM MIB (RFC 29 34) Port Acce ss E ntity MIB (IEE E 802.1 x) Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB (RFC 2621) RIP1 MIB (RFC 1058).
B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Interface T able B-1 T rou blesho oting Chart Sympt om Act io n Cannot co nnect using T e lnet, web brow ser, or SNMP software • Be sure th e swit ch is po wered up . • Check ne twork c abling betwee n the man ageme nt sta tion an d the switc h.
T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer t o the Insta llation Guid e to ensure that the problem y ou encount ered is ac tually ca used by the switch. If the prob lem appear s to be caus ed by th e swit ch, fol low th ese st eps : 1.
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it netw ork traf fic an d rest ric t acces s to cer tai n user s or dev ices by checkin g each packet for certain IP or MAC (i. e., Laye r 2) informa tion. Address Reso lution Protocol (ARP) ARP conv erts between IP addresse s and MAC (i.
Glossary Glossar y-2 of automa tic allocat ion of reus able net work ad dresses and addit ional conf iguration options. Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authenticatio n protocol used by this switch to ve rify the network access rig hts for any de vice that is pl ugged in to the swit ch.
Glos sary -3 Glossary IEEE 802.1p An IEEE standard for providing qu ality of service (QoS) in Ethernet network s. The standard u ses packet tags th at define up to eigh t traffic classe s and all ows swi tches to transm it packets based on the tagged priority value.
Glossary Glossar y-4 IP Multicast Filtering A process whereb y this swit ch can pass multicast traffic along to partici pating hosts. IP Precedence The T ype of Se rvic e (T oS) octet in the IP v4 hea.
Glos sary -5 Glossary Network Time Prot ocol (NTP) NTP prov ides the m echan isms to syn chroni ze time acr oss the ne twork. The time server s operate in a hierarc hical-m aster-sla ve conf igurati on in order t o synchro nize local clo cks within the sub net and to nat ional time standards via wire or ra dio.
Glossary Glossar y-6 Remote Monitorin g (RMON) RMON pr ovides c ompreh ensive ne twor k monitor ing capabilit ies. It elim inates the polling requ ired in stand ard SNMP , and can set alarms on a v ariety of tra ffic conditi ons, including spe cific error types.
Glos sary -7 Glossary Termin al Access Con troller Ac cess Cont rol System Plus (TACACS+) TACACS+ is a logon authe nticati on proto col that us es software ru nning on a central server to co ntrol a ccess to T AC ACS- com pliant d evices on the ne twork.
Glossary Glossar y-8.
Index-1 Numerics 802.1x, po rt authe ntication 3-57, 4-79 A accepta ble fram e type 3-132 , 4-192 Acce ss Cont rol L ist Se e ACL ACL Extende d IP 3- 67, 4-87 , 4-88 , 4-91 MAC 3-67, 4- 87, 4-10 2, 4-.
Index-2 Index F firmware displayi ng ver sion 3- 12, 4- 62 upgrading 3-20, 4-64 G GARP VLAN Registration Protocol Se e GVRP gateway , default 3-1 6, 3-196 , 4-238 GVRP global s etting 3-12 6, 4-203 in.
Index-3 Index mir ror po rt, c onfi guri ng 3- 95, 4- 160 MSTP 4- 171 global s ettings 3-117, 4-16 9 interface s ettings 3 -115, 4-170 multicast filtering 3 -152, 4-220 multicast groups 3-158, 3-163, .
Index-4 Index specifyi ng inte rfaces 3-216, 4-25 0 sta tist ics 3-220, 4 -258 router r edun dancy HSRP 3-1 86, 4-32 0 protocol s 3-178, 4- 311 VRRP 3-179 , 4-311 routing tabl e, disp laying 3-21 2, 4.
Index-5 Index egress m ode 3-13 3, 4-192 interface c onfigur ation 3-132 , 4-192–4 -196 private 3-1 34, 4- 198 protocol 3- 135, 4-1 99 VRRP 3-179 , 4-311 authenti cation 3- 181, 4 -313 configur atio.
Index-6 Index.
.
ES4612 E092004-R 01 15000004 6400A.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Microsoft ES4612 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Microsoft ES4612 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Microsoft ES4612, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Microsoft ES4612 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Microsoft ES4612, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Microsoft ES4612.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Microsoft ES4612. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Microsoft ES4612 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.