Manuel d'utilisation / d'entretien du produit SMC6752AL2 du fabricant SMC Networks
Aller à la page of 516
T igerSwitch 10/100 48-P ort 10/100Mbps F ast Ether net Managed Switch ◆ 48 auto-MDI/MDI-X 10B ASE-T/100B ASE-TX ports ◆ 2 Gigabit RJ-45 ports shared with 2 SFP transcei ver slots ◆ 2 Gigabit RJ-45 ports ◆ 17.
.
38 T esla Irvine, CA 92618 Phone: (949) 679-80 00 T igerSwitch 10/100 Management Guide From SMC’ s Tiger line of feature-rich workgroup LAN solutions November 2004 Pub.
Infor mation fur nished by SMC Netw orks, Inc . (SMC) is believed to be accu- rate and reliable . Howe ver, no resp onsib il ity is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use .
i L IMITED W ARRANTY Limited W arranty Statement: SMC Netw orks, Inc . (“SMC”) warr ants its products to be fr ee from defects in workmanship an d materials , under nor mal use an d ser vice, for the appl icable warranty ter m.
L IMITED W AR RANTY ii WARRANTIES EX CLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS W ARRANTED ABO VE, CUSTOMER’S SOLE REMED Y SH ALL BE REP AIR OR REPLA CEMENT OF THE PRODUCT IN QUESTION , AT SMC’S OPTION .
iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Feature s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Description of Software Fea tures . . .
C ONTENTS iv Using DHCP/BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 19 Managing Firm ware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Downloading System Softwa re from a Server . . . . . . . . . . 3-22 Saving or Restoring C onfiguration Settings .
C ONTENTS v Configuring a Stan dard IP ACL . . . . . . . . . . . . . . . . . . . . . 3 -80 Configuring an Extend ed IP ACL . . . . . . . . . . . . . . . . . . . 3-82 Configuring a M AC ACL . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84 Binding a Port to an Access Cont rol List .
C ONTENTS vi Configuring VLAN Behavior fo r Interfaces . . . . . . . . . . 3-156 Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159 Displaying Current P rivate VLANs . . . . . . . . . . . . . . . . . 3-160 Configuring Private VLANs .
C ONTENTS vii Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 Showing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Partial Keyword Looku p . . . . . . . . . . . . . . . . . . .
C ONTENTS viii User Access Comman ds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35 enable password . . . . . . . . . . . . . . . . . . . .
C ONTENTS ix logging sendmail le vel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 logging sendmail source-email . . . . . . . . . . . . . . . . . . . . . . 4-70 logging sendmail destina tion-email . . . . . . . . . . . . . . . . . . 4-70 logging sendmail .
C ONTENTS x show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-101 TACACS+ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 tacacs-se rver host . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xi show map access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . 4-134 ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135 show access-list . . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xii lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-171 show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-172 Address Table Commands . . . . . . . . .
C ONTENTS xiii Displaying VLAN Informat ion . . . . . . . . . . . . . . . . . . . . . . . . 4-207 show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-207 Configuring Priva te VLANs . . . . . . . . . . . . . . . . . .
C ONTENTS xiv Multicast Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-236 IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 4-236 ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . .
xv T ABLES Table 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System De faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Configuration Options . . . . . .
T ABLES xvi Table 4-21 SMTP Alert Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 Table 4-22 Time Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 Table 4-23 System Sta tus Commands . . . . . . . . . . . . .
T ABLES xvii Table 4-58 Priority Comm ands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-221 Table 4-59 Default CoS Priority Levels . . . . . . . . . . . . . . . . . . . . . . 4-225 Table 4-60 Priority Command s (Layer 3 and 4) . . . . . . . . .
T ABLES xviii.
F IGUR ES xix F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 3-3 System Information . .
F IGUR ES xx Figure 3-37 ACL Configuration - Extend ed IP . . . . . . . . . . . . . . . . . 3-83 Figure 3-38 ACL Configuration - MAC . . . . . . . . . . . . . . . . . . . . . . . 3- 85 Figure 3-39 Binding a Port to an ACL . . . . . . . . . . . . . . .
F IGUR ES xxi Figure 3-74 Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 172 Figure 3-75 Configuring Queue Sche duling . . . . . . . . . . . . . . . . . . . 3-173 Figure 3-76 IP Precedence/DSCP Priority St atus . . . .
F IGUR ES xxii.
1-1 C HAPTER 1 I NTRODUCTION This switch provides a broad range of featu res for Layer 2 switching. It includes a management agent that allows y ou to configure the features listed in this manual. The default config uration can be used for most of the features provided by this switch.
I NTR ODUCTION 1-2 Description of Software Features The switch provides a wide range of adva nced perfor mance enhancing features . Flow control elimina tes the loss of pack ets due to bottlenecks caused by port saturation. Broadcast stor m suppression prev ents broadcast traffic stor ms from engulfing the netw ork.
D ESCRIPTION OF S OFTWARE F EATURES 1-3 Configuration Backup and Restore – Y ou can sav e the cur rent configuration settings to a file on a TFTP ser ver , and later download this file to restore the switch configuration settings. Authentication – This switch authenticate s managem ent access via the console port, T elnet or web browser .
I NTR ODUCTION 1-4 Rate Limi ting – This featur e controls the maximum rate for tra ffic transmitted or re ceiv e d on an interf ace. Rate limiting is configured on interfaces at the edge of a netw ork to lim it traffic into or out of the networ k.
D ESCRIPTION OF S OFTWARE F EATURES 1-5 Store-and-Forw ard Switching – T he switch copies ea ch frame into its memor y before forwarding them to another port. T his ensures that all frames are a s tandard Ether net size and hav e bee n verified for accuracy with the cyclic redundancy check (CR C ).
I NTR ODUCTION 1-6 switch to res t rict traffic to the VLAN groups to which a us er has been assigned. By segmenting your network into VLANs , you can: • Eliminate broadcast storms which se verely degrade performance in a flat network.
S YSTEM D EFAULTS 1-7 System Defaults The switch’ s system defaults are pr ovided in the configuration file “Factory_Default_Config.cfg .” To reset the switch defaults, this file should be set as the startup configuration file (page 3-23). The following table lists some of the basic system defaults .
I NTR ODUCTION 1-8 Web Management HTTP Server Enabled HTTP Port Numb er 80 HTTP Secure Server Enabled HTTP Secure Port Number 443 SNMP Community Strings “public” (read on ly) “private” (read/w.
S YSTEM D EFAULTS 1-9 Virtual LA Ns Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames GVRP (glo bal) Disabled GVRP.
I NTR ODUCTION 1-10.
2-1 C HAPTER 2 I NITIAL C ONFIGURATION Connecting to the Switch Configuration Options The switch includes a built-in network management agent. T he agent offers a variety of management options , including SNMP , RMON (Groups 1, 2, 3, 9) and a W eb-based in terface .
I NITIAL C ONFIGURATION 2-2 The switch’ s W eb interface, CLI conf iguration program, and SNMP agent allow y ou to perfor m the following manag ement functions: • Set user names and passwords for .
C ONNECTING TO THE S WITCH 2-3 Attach a VT100-compatible terminal, or a PC r unning a ter minal emulation program to the switch. Y ou can use the console cable provided with this pac kag e, or use a null-mode m cable that complies with the wiring assignments shown in the Installation Guide.
I NITIAL C ONFIGURATION 2-4 F or a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI command s and detailed infor mation on using the CLI, refer to “Command Groups” on page 4-12.
B ASIC C ONFIGURATION 2-5 Basic Configuration Console Connection The CLI prog ram provides two di fferent command levels — normal access level (Nor mal Exec) and privileged access level (Privileged Exec).
I NITIAL C ONFIGURATION 2-6 2. T ype “configure” and press <Enter>. 3. T ype “username guest password 0 password ,” f o r t h e N o r m a l E xe c level, where password is your new password. Press <Enter>. 4. T ype “username admin password 0 password , ” for the Privileged Exec level, where password is your new password.
B ASIC C ONFIGURATION 2-7 Manual Configuration Y ou can manually assign an IP address to the switch. Y ou may also need t o specify a defau lt g ateway that resides between this device and management stations that exist on another network segment. V alid IP ad dresses consist of four decimal numbers , 0 to 255 , se parated by periods .
I NITIAL C ONFIGURATION 2-8 Dynamic Configuration If you select the “bootp” or “dhcp” op tion, IP will be en abled but will not function until a BOOTP or DHCP repl y has been received. Y ou therefore need to use the “ip dhcp restar t” co mmand to s tar t broadcasting ser vice requests .
B ASIC C ONFIGURATION 2-9 6. Then sav e your configuration chan ges by typing “copy r unning-config star tup-config .” Enter the star tu p file name and press <Enter>.
I NITIAL C ONFIGURATION 2-10 The default strings are: • public - with read-only access. Author ized management stations are only able to retrieve MIB objects. • private - with read-write access. Aut horized management stations are able to both retrieve and modify MIB objects.
B ASIC C ONFIGURATION 2-11 “community-str ing” is the string associa ted with that host. Press <Enter>. 2. In order to configure the switc h to send SNMP notifications , you must enter at least one snmp-server enable traps command. T ype “snmp-ser ver enable traps type ,” wher e “type” is either authentication or link-up-down .
I NITIAL C ONFIGURATION 2-12 Managing System Files The switch’ s flash memor y supports thr ee types of system files that can be managed by the CLI program, W eb inte rface, or SNMP . The switch’ s file system allows files to be uploaded and do wnloade d, copied, deleted, and set as a start-up file.
3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using the Web Interface This switch provides an embedded HTTP W eb agent. Using a W eb browser you can configure the s w itch and view statistics to monitor netw ork activity . T he W eb agent can be accessed b y any computer on the network using a standard W eb browser (Internet Explorer 5.
C ONFIGURING THE S WITCH 3-2 Notes: 1. You are allowed three att e mpts to enter the correct pa ssword; on the third failed attempt the current connection is terminated. 2. If you log into the Web interface as guest (Normal E xec level), you can view the configuration settings or change the guest password.
N AVIGATING THE W EB B RO WS E R I NTERFACE 3-3 Navigating the Web Browser Interface T o access the web-br owser interface you m ust first enter a user name and password. The administrator has R ead/W rite access to all configuration parameters and statistics .
C ONFIGURING THE S WITCH 3-4 Configuration Options Configurable parameters hav e a dial og box or a drop-down list. Once a configuration change has been made on a page, be sure to clic k on the Apply button to confir m the new settin g . T he following table summarizes the web page configuration buttons .
M AIN M ENU 3-5 Main Menu Using the onboard web agent, you can define system pa rameters , manage and control the switc h, and all its por ts , or monitor network conditions . The following table briefl y describes the selections available from this prog ram.
C ONFIGURING THE S WITCH 3-6 SNTP 3-42 Configuration Configu res SNTP client setting s, including broadcast mode or a spec ified list of servers 3-42 Clock Time Zone Sets the local time zone for the s.
M AIN M ENU 3-7 IP Filter Sets IP addresses of clients allowed management ac cess via th e Web, SNMP, and Telnet 3-76 Port 3-87 Port Informatio n Displays po rt connecti on status 3-87 Trunk Informati.
C ONFIGURING THE S WITCH 3-8 Output Port Conf iguration Sets the output rate limit for each port 3-113 Output Trunk Configurati on Sets the output rate limit for each trunk 3-113 Port Statistics Lists.
M AIN M ENU 3-9 Static Membership by Port Configures m embership type for interfaces, including tagged, untagged or forbidden 3-153 Port Configuration Specifies defa ul t PVID and VLAN attributes 3-15.
C ONFIGURING THE S WITCH 3-10 Queue Scheduling Configures Weighted Rou nd Robin queueing 3-173 IP Precedence / DSCP Priority Sta tus Globally selec ts IP Preceden ce or DSCP Priority, or disables bo th.
B ASIC C ONFIGURATION 3-11 Basic Configuration Displaying System Information Y ou can easily iden tify the system by displa ying the device name, location and contact infor mation. Field Attributes • System Name – Name ass igned to the switch system.
C ONFIGURING THE S WITCH 3-12 We b – Click System, System Infor mat ion. Specify the system name, location, and contact infor mation for th e syste m administrator , then clic k Apply . (This pag e also includes a T elnet button th at allows access to the Command Line Interface via T elnet.
B ASIC C ONFIGURATION 3-13 CLI – Specify the hostname , location and contact infor mation. Displaying Switch Hard ware/Software Versions Use the Switch Information pag e to display hardware/firmware version numb er s fo r the main board and management software, as well as the powe r st atus of the system.
C ONFIGURING THE S WITCH 3-14 Management Softw ar e • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master or Slave.
B ASIC C ONFIGURATION 3-15 CLI – Use the following command to display v ersion infor mation. Displaying Bridge Extension Capabilities The Bridg e MIB includes extensions for manag ed devices that support Multicast Filtering, T raffic Classes, and Virtual LANs .
C ONFIGURING THE S WITCH 3-16 • Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID u sed in frame tag s) and egress status (VLAN-Tagged or Un tagged) on each port. (Refer to “VLAN Configuration” on page 3-141.
B ASIC C ONFIGURATION 3-17 CLI – Enter the follo wing command. Setting the Switch’s IP Address This section describes how to config ure an IP interfa ce for manag ement access over the netw ork. T he IP addr ess for this switch is obtained via DHCP by default.
C ONFIGURING THE S WITCH 3-18 Requests will be broadcast periodically by the swit c h f o r a n I P a d d r e s s . (DHCP/BOOTP values can include the IP address , subnet mask, and default gatewa y.) • IP Address – Address of the VLAN interface that is allowed management access.
B ASIC C ONFIGURATION 3-19 CLI – Specify the management inte rfac e, IP address and de fault gateway . Using DHCP/BOOTP If your netw ork provides DHCP/BOO TP ser vices , you can configure the switch to be dynamically configured b y these ser vices .
C ONFIGURING THE S WITCH 3-20 CLI – Specify the manage ment interface, and set the IP a ddress mode to DHCP or BOOTP , and then ente r the “ip dhcp restart” command. Rene w ing DC HP – DHCP may lease addresses to clients indefinite ly or for a specific period of time.
B ASIC C ONFIGURATION 3-21 Managing Firmware Y ou can upload/download fir mware to or from a TFTP server , or copy files to and from switch units in a stac k. By saving r untime code to a file on a TFTP ser ver , that file can later be downloaded to the switch to restore operation.
C ONFIGURING THE S WITCH 3-22 Downloading System So ftware from a Server When downloading r untime c ode, you can specify the destination file name to replace the cur rent imag e, or first download the file using a different name from the current r unt ime code file, and then set the new file as the startup file.
B ASIC C ONFIGURATION 3-23 If you do wnload to a new destinati on file, g o to the System/File/Set Start-Up menu, mark the operation code file used at startup , and click Apply . T o start the new fir mware, reboot the system via the System/R eset menu.
C ONFIGURING THE S WITCH 3-24 CLI – T o d o wn lo ad ne w f irm w ar e f orm a TF T P s erv e r , e nt er t h e I P address of the TFTP ser ver , select “opc ode” as the file type, then enter the source and destination file names . W hen the file has finished downloading, set the new file to start up the system, and then res tar t the switch.
B ASIC C ONFIGURATION 3-25 - running-config to tftp – Copies the running configuration to a TFTP server. - startup-config to file – Copies the startup configuration to a file on the switch. - startup-config to running-config – Copies the startup config to the running config.
C ONFIGURING THE S WITCH 3-26 Downloading Configuration Settings from a Server Y ou can download the configuration f ile under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to dire ctly re place it.
B ASIC C ONFIGURATION 3-27 If you do wnload to a new file name us ing “tftp to startup-config” or “tftp to file, ” the file is automatically set as the star t-up configuration file. T o use the new settings , reboot the system via the System/R eset menu.
C ONFIGURING THE S WITCH 3-28 Console Port Settings Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the switch’ s se rial console port. Manage ment access through the console port is controlled by v arious parameters, including a password, timeouts , and basic commun ication settings.
B ASIC C ONFIGURATION 3-29 • Speed – Sets the ter minal line’ s baud rate for transmit (to terminal) and receive (from term inal). Set the speed to match the baud rate of the device connected to the serial por t.
C ONFIGURING THE S WITCH 3-30 CLI – Enter Line Configuration mode for the console , then specify the connection parameters as required. T o display the cur rent console port settings , use the show li ne command from the Normal Exec level. Telnet Settings Y ou can access the onboard configuration prog ram over the netw ork using T elnet (i.
B ASIC C ONFIGURATION 3-31 • Login Timeout – Sets t he inter val th at the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session.
C ONFIGURING THE S WITCH 3-32 We b – Click System, Line, T elnet. Spec ify the connection parameters for T elnet access , then click Apply . Figure 3-14 Enabling Telnet CLI – Enter Line Configuration mode for a virtual ter minal, then specify the connection parameters as required.
B ASIC C ONFIGURATION 3-33 Configuring Event Logging The switch allows y ou to control the log ging of error messag es, inc luding the type of events that are recorded in switch memory , log ging to a remote System Log (syslog) ser ver , and di splays a list of recent event messages .
C ONFIGURING THE S WITCH 3-34 • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all leve ls up to th e specified level. For ex ample, if level 7 is speci fied, all messages from le vel 0 to level 7 will be logged to RAM.
B ASIC C ONFIGURATION 3-35 We b – Click System, Log, System Logs . Specify System Log Status , set the level of ev ent messages to be log ged to RAM and flash memor y , then click Apply . Figure 3-15 System Logs CLI – Enable system log ging and then specify the level of messages to be log g ed to RAM and flash memor y .
C ONFIGURING THE S WITCH 3-36 Command Attributes • Remote Log Status – Enables/disables the logging of debug or error messages to the remote loggin g process. (Default: Enabled) • Logging Facility – Sets the fac ility type for remote loggi ng of syslog messages.
B ASIC C ONFIGURATION 3-37 We b – Cl ick S ys tem , Lo g, Remot e L ogs. T o add an I P a ddr ess to t he Hos t IP List, type the new IP address in th e Host IP Address bo x, and then click Add. T o delete an IP address, c lick th e entry in the Host IP List, and then click R emove.
C ONFIGURING THE S WITCH 3-38 Displaying Log Messages The Logs pag e allows y ou to scroll through the log ged system and event messages . T he switch can store up to 2048 log entries in temporar y random access memory (RAM; i.e ., me mor y f lushed on pow er reset) and up to 4096 entries in per manent flash memor y .
B ASIC C ONFIGURATION 3-39 Sending Simple Mail Transfer Protocol Alerts T o alert system adminis trators of problems , the switch can use SMTP (Simple Mail T ransfer Protocol) to se nd email messages when trig g ered by log ging events of a specified level.
C ONFIGURING THE S WITCH 3-40 We b – Click System, Log, SMTP . Enable SMTP , specify a source email address , and select the mini mum severit y level. T o add an IP address to the SMTP Ser ver List, type the new IP address in the SMTP Server field and click Add.
B ASIC C ONFIGURATION 3-41 CLI – Enter the IP addres s of at least one SMTP server , set the syslog severity lev el to trig ger an email mess age, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the log g ing sendmail command to complete the configuration.
C ONFIGURING THE S WITCH 3-42 CLI – Use the reloa d command to restart the switch. When prompted, confir m that you want to reset the switch. Note: When restarting the syste m, it will always run the Power-On Self-Test.
B ASIC C ONFIGURATION 3-43 • SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the t ime from the first server, if this fails it attempts an up date from the next server in the sequence. We b – Sele ct SNTP , Config uration.
C ONFIGURING THE S WITCH 3-44 Setting the Time Zone SNTP uses Coordinated Univ ersal Ti me (or UTC, formerly Greenwic h Mean Time, or GMT) based on the ti me at the Earth’ s prime meridian, zero deg rees longitude.
S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-45 Simple Network Management Protocol Simple Netw ork Manag ement Protoc ol (SNMP) is a communication protocol designed specifically fo r managing devices on a network. Equipment commonly managed with SN MP includes switches, routers and host computers .
C ONFIGURING THE S WITCH 3-46 • Access Mode - Read-Only – Specifies read-only acce ss. Authorized management stations are only able to retrieve MIB objects. - Read/Write – Specifies read-write acce ss. Authorized management stations are able to both retr ieve and modify MIB objects.
S IMPLE N ETWORK M ANAGEMENT P RO TO C OL 3-47 Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP addres s of the host (the targeted recipient).
C ONFIGURING THE S WITCH 3-48 CLI – This example adds a trap manager and enables both authentication and link-up , li nk-down traps . User Authentication Y ou can restri ct manage me nt access to this switch using the follo wing options: • User Acco unts – Manually con figure access rights on the switch for specified users.
U SER A UTHENTICATION 3-49 Command Attributes • Account List – Displ ays the current list of user accounts and associated access levels. (D efaults: admin, and guest ) • New Account – Displays conf iguration settings for a new account. - User Name – The name of the user.
C ONFIGURING THE S WITCH 3-50 CLI – Assign a user name to access-level 15 (i.e ., administrator), then specify the passw ord. Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passw ords.
U SER A UTHENTICATION 3-51 Command Usag e • By default, manag ement access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.
C ONFIGURING THE S WITCH 3-52 • RADIUS Settings - Global – Provides globally applicable RADIUS settings. - ServerIndex – Specifies one of five RADIUS servers that may be configured. The switch attemp ts authentication using the liste d sequence of servers.
U SER A UTHENTICATION 3-53 We b – Click Security , Authentication Settings. T o configure local or remote authentication preferences , specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or T ACA CS+ authentication if selected, and click Apply .
C ONFIGURING THE S WITCH 3-54 CLI – Specify all the required paramete rs to enable log on authentication. Configuring HTTPS Y ou can configure t he switch to enable the Secure Hypertext T ransfer Protocol (HTTPS) ov er the Secure So cket Layer (SSL), pro viding sec ure access (i.
U SER A UTHENTICATION 3-55 • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https:// device [: port_number ] • When you start HTTPS, the connect ion is established in this way: - The client authenticates the serv er using the server’s digital certificate.
C ONFIGURING THE S WITCH 3-56 We b – Click Security , HT TPS Settings . Enable HTTPS and specify the port number, then click Apply . Figure 3-26 HTTPS Settings CLI – This example enables the HTTP secur e ser ver and mod ifies the port number .
U SER A UTHENTICATION 3-57 When you hav e obtained these, place them on your TFTP se r ver , and use the following command at the switch's command-line interface to replac e the default (unrecognized) certif icate with an authorized one: Note: The switch must be reset for the ne w certificate to be activated.
C ONFIGURING THE S WITCH 3-58 Command Usag e The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then th.
U SER A UTHENTICATION 3-59 3. Import Client’ s Public Key to the Switch – Use the cop y tftp public-key command (page 4-87) to copy a file containing the public key for all the SSH client’ s granted manag ement access to the switch.
C ONFIGURING THE S WITCH 3-60 e. The switch compares the de cr ypted bytes to the original b y tes it sent. If the two sets match, this mean s that the client's pri vate ke y corresponds to an authorized pu blic key , and the client is authenticated.
U SER A UTHENTICATION 3-61 • Host-Key Type – The key type used to genera te the host key pair (i.e., public and private keys). (Range : RSA (Version 1), DSA (Version 2), Both; Default: RSA) The SS.
C ONFIGURING THE S WITCH 3-62 We b – Click Security , SSH, Host-Key Settings . Select the host-key type from the drop-down box, select the option to sav e the host key from memor y to flash (if required ) prior to g enerating the key , and then click Generate.
U SER A UTHENTICATION 3-63 CLI – This example g enerates a host-key pair using both the RSA and DSA alg orithms , stores the keys to flash memor y , and then displays the host’ s public keys . Configuring the SSH Server The SSH se r ver includes basic settings for authentication.
C ONFIGURING THE S WITCH 3-64 • SSH Authentication Retries – Spec ifies the number of authentication attempts that a client is allowed before authentication fails and the client has to resta rt the authentica tion process. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Specifies the SSH se rver key size.
U SER A UTHENTICATION 3-65 CLI – This example enables SSH, sets the authentication parameters , and display s the cur rent configur ation. It shows that the administrator has made a connection via SHH, and then disables this connection.
C ONFIGURING THE S WITCH 3-66 already in the address table will be retained and will not ag e out. Any other device that attempts to u se the port will be prevented fr om accessing the switch. Command Usag e • A secure port has the following restrictions: - It cannot use port monitoring.
U SER A UTHENTICATION 3-67 We b – Click Securi ty , P or t Security . Set the action to tak e when an inv alid address is dete cted on a port, mark the checkbo x in the Status column to enable security for a port, set the maximum number of MA C addres ses allow e d on a port, and click Apply .
C ONFIGURING THE S WITCH 3-68 This switch uses the Extensible Authentication Protocol ov er LANs (EAPOL) to exc hang e authentication protocol messages with the client, and a remote RADIUS authen tication ser ver to verify user identity and access rights .
U SER A UTHENTICATION 3-69 • The RADIUS server and 802.1X clie nt support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) • The RADIUS server and client al so have to support the same EAP authentication type – MD5.
C ONFIGURING THE S WITCH 3-70 CLI – This example sho ws the default gl obal setting for 802.1X. Configuring 802.1X Global Settings The 802.1X protocol includes por t au thentication. The 802.1X protocol must be enabled globally for the switc h system before por t settings are active .
U SER A UTHENTICATION 3-71 Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that r uns betwee n the client and the switc h (i.e., authenticator), as we ll as the client identity lookup process that r uns between the switc h and authentication ser ver .
C ONFIGURING THE S WITCH 3-72 • Quiet Period – Sets the tim e that a switch port wa its after the Ma x Request Count has been exceeded before attempting to acquire a new cli ent. (Rang e: 1-65535 seconds; Default: 60) • Re-authen Period – Sets the time period after which a connected client must be re-authenticated.
U SER A UTHENTICATION 3-73 CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields di splayed in this exam ple, see “show dot1x” on page 4-114.
C ONFIGURING THE S WITCH 3-74 Displaying 802.1X Statistics This switch can display statistics for dot1x protocol ex changes for any port. Table 3-5 802.1X Statistics Parameter Description Rx EAPOL Start Th e number of E APO L Start frames that have been received by this Authen ticator.
U SER A UTHENTICATION 3-75 We b – Select Security , 80 2.1X , Statistics. Select the require d port and then click Query . Click Refresh to update the statistics . Figure 3-33 Displaying 802.1X Port Statistics CLI – This example displays the 802.1X statistics for por t 4.
C ONFIGURING THE S WITCH 3-76 Filtering Addresses for Mana gement Access Y ou create a list of up to 16 IP addr esses or IP address groups that are allow ed manag ement access to the switch through the w eb interface, SNMP , or T elnet. Command Usag e • The management interfaces are open to all IP addresses by default.
U SER A UTHENTICATION 3-77 • End IP Address – The end address of a range. • Add/Remove Filtering Entry – Adds/removes an IP address from the list.
C ONFIGURING THE S WITCH 3-78 CLI – This example allows SNMP access for a specific client. Access Control Lists Access Control Lists (A CL) provide pac k et filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MA C addres s or Ethernet type).
A CCESS C ONTR OL L ISTS 3-79 Command Usag e The following restrictions apply to A CLs: • Each ACL can have up to 32 rules. • The maximum number of ACLs is 88. • However, due to resource restrictions, th e average number of rules bound to the ports should not exceed 20.
C ONFIGURING THE S WITCH 3-80 - MAC : MAC ACL mod e that filters packets b ased on the source or destination MAC address and the Ethernet frame type (RFC 1060).
A CCESS C ONTR OL L ISTS 3-81 • Subnet Mask – A subnet mask containing fo ur integers from 0 to 255, each separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to indicate “ig nore.
C ONFIGURING THE S WITCH 3-82 Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain any comb ination of permit or deny rules.
A CCESS C ONTR OL L ISTS 3-83 - 4 (rst) – Reset - 8 (psh) – Push - 16 (ack) – Acknowledgement - 32 (urg) – Urgent pointer For example, use the code value and mask below to catc h packets with .
C ONFIGURING THE S WITCH 3-84 CLI – This example adds tw o r ules: 1. Accept any incom ing packets if the source address is in subnet 10.7.1.x. F or example, if the rule is matc hed; i.e., the r ule (10.7.1.0 & 255.255.255.0) equals the masked address (10.
A CCESS C ONTR OL L ISTS 3-85 • Ethernet Type – This option can only be used to filter Ethernet II formatted packets. (Range: 0-65535) A detailed listing of Ethernet protocol type s can be found in RFC 1060. A few of the more common ty pes include 0800 (IP), 0806 (ARP), 8137 (IPX).
C ONFIGURING THE S WITCH 3-86 Binding a Port to an Access Control List After configuring Access Control Lists (A CL), you should bind them to the por t s th at n ee d to fil ter tra ffi c. Y o u can as sig n one IP acc es s li st t o any port, but you can only assign one MAC access list to a ll the por ts on the switch.
P ORT C ONFIGURATION 3-87 CLI – T his example as signs an IP and MAC access list to port 1, and an IP access list to port 3. Port Configuration Displaying Connection Status Y ou can use the P or t I.
C ONFIGURING THE S WITCH 3-88 We b – Click P or t, Port Infor mation or T r unk Infor mation. Figure 3-40 Displaying Port/Trunk Information Field Attributes (CLI) Basic Infor mation: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physi cal layer address for this port.
P ORT C ONFIGURATION 3-89 • Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiati on. (To access this item on the web, see “Configuring Interface Connections ” on page 3-48.) The following capabilities are supported.
C ONFIGURING THE S WITCH 3-90 CLI – This example shows the connection status f or Port 5. Configuring Interface Connections Y ou can use the P or t Configuration or T r unk Configuration pag e to en.
P ORT C ONFIGURATION 3-91 • Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotia ti on is enabled, you need to specify the c apabilities to be adve rtised . When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.
C ONFIGURING THE S WITCH 3-92 We b – Click P or t, P or t Configuration or T r unk Configuration. Modify the required interface settings, and click Apply . Figure 3-41 Port/Trunk Configuration CLI – Select the interface , and then enter the required settings .
P ORT C ONFIGURATION 3-93 automatically negotiate a tr unked link with LA CP-configured ports on another device. Y ou can configure any number of ports on the switch as LA CP , as long as they are not already conf ig u r e d a s p a r t o f a s t a t i c t r u n k .
C ONFIGURING THE S WITCH 3-94 Statically Configuring a Trunk Command Usag e • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
P ORT C ONFIGURATION 3-95 We b – Click P ort, T r unk Membership . Enter a tr unk ID of 1-4 in the T r unk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding port s to the member list, click Apply .
C ONFIGURING THE S WITCH 3-96 CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk por ts on another switch to for m a tr unk.
P ORT C ONFIGURATION 3-97 • A trunk formed with another switch using L ACP will automatically be assigned the next available trunk ID. • If more than four por ts attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
C ONFIGURING THE S WITCH 3-98 CLI – The following example enables LA CP for por ts 1 to 6. Just connect these ports to LACP-enabled trunk por ts on another switch to form a tr unk.
P ORT C ONFIGURATION 3-99 Note: If the port channel admin key (lac p admin key, page 4-171) is not set (through the CLI) when a channel group is formed (i.
C ONFIGURING THE S WITCH 3-100 We b – Click P or t, LA CP , Ag g regation P or t. Set the System Pri ority , Admin Key , and Port Priority for t he P or t Actor.
P ORT C ONFIGURATION 3-101 CLI – The following example configures LACP parameters for por ts 1-4. P or ts 1-4 are used as active members of the LA G .
C ONFIGURING THE S WITCH 3-102 Displaying LACP Port Counters Y ou can display statistics for LA CP protocol messages . We b – Click P ort, LACP , P or t Counters Infor mation.
P ORT C ONFIGURATION 3-103 CLI – The follo wing example displa ys LA CP counters . Displaying LACP Settings a nd Status for the Local Side Y ou can display configuration settin gs and the operational state for the local side of an link ag g reg ation.
C ONFIGURING THE S WITCH 3-104 LACP Port Priority LACP port priority assigned to th is interface within th e channel group. Admin State, Oper State Administrati ve or operational values of th e actor.
P ORT C ONFIGURATION 3-105 We b – Click P ort, LACP , P ort Internal Infor mation. Select a por t channel to display the corresponding infor mation. Figure 3-46 LACP - Port Internal Information CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the local side of port channel 1.
C ONFIGURING THE S WITCH 3-106 Displaying LACP Settings a nd Status for the Remote Side Y ou can display configuration settin gs and the operational state for the remote side of an link ag g regation. Table 3-8 LACP Nei ghbor Configuration Infor mation Field Description Partner Admin System ID LAG partner’s system ID ass igned by the user.
P ORT C ONFIGURATION 3-107 We b – Click P ort, LACP , P ort Neighbors Infor mation. Select a port channel to display the corresponding infor mation. Figure 3-47 LACP - Port Neighbors Informat ion CLI – The follo wing example displa ys the LA CP configuration settings and operational state for the remote side of por t channel 1.
C ONFIGURING THE S WITCH 3-108 Setting Broadcast Storm Thresholds Broadcast stor ms may occur when a device on your network is malfunctioning, or if application pr og rams are not well designed or properly configur ed.
P ORT C ONFIGURATION 3-109 We b – Click P ort, Port/T r unk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and click Apply .
C ONFIGURING THE S WITCH 3-110 CLI – Specify any interfa c e, and th en enter the threshold. The following disables broadcast stor m control fo r por t 1, and then sets broadcast suppression at 600 octets per second fo r port 2 (which applies to all por ts).
P ORT C ONFIGURATION 3-111 Command Attributes • Mirror Sessions – Displays a list of current mirror sessions. • Source Unit – The unit whose port traffic will be monitored.
C ONFIGURING THE S WITCH 3-112 Configuring Rate Limits This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on a por t. Rate limiting is configured on ports at the edg e of a network to limi t traffic coming into or out of the networ k.
P ORT C ONFIGURATION 3-113 CLI - This example sets and displays Fa st Ethernet and Gigabit Ether net granularity . Rate Limit Configuratio n Use the rate limit configurati on pag es to apply rate limiting . Command Usag e • Input and output rate limit can be enabl ed or disabled for individual interfaces.
C ONFIGURING THE S WITCH 3-114 We b – Click P or t, Rate Limit, Input/Ou tput P ort/T r unk Configuration. Enable the Rate Limit Status for the re quired interfaces, set the Rate Limit Level, and clic k Appl y .
P ORT C ONFIGURATION 3-115 Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC EliteView. Table 3-9 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets receiv ed on the interface, including framing characters.
C ONFIGURING THE S WITCH 3-116 Transmit Mult icast Packets The total number of pa ckets that higher-level protocols requested be transmitted, a n d which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent.
P ORT C ONFIGURATION 3-117 Multiple Collision Frames A count of successf ully transmit ted frames for which transmission is inhibited by more than one collision. Carrier Sense Er rors The number of tim es that the carrier sense conditio n was lost or never asserted when attempting to transmit a frame.
C ONFIGURING THE S WITCH 3-118 Multicast Frames The total number of good frames received that were directed to this mu lticast address. CRC/Alignment Errors The number of CRC/alignm ent e rrors (FCS or alignment errors).
P ORT C ONFIGURATION 3-119 We b – Click P ort, Port Statistics . Select the require d interface, and click Quer y . Y ou can also use the R efresh button at the bottom of the page to update the screen.
C ONFIGURING THE S WITCH 3-120 CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 4-154 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets ou tput.
A DDR ESS T ABLE S ETTINGS 3-121 Address Table Settings Switches store the addresses for all known devices . This infor mation is used to pass traffic directly betwee n the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table.
C ONFIGURING THE S WITCH 3-122 We b – Click Address T abl e, Static Addresses . Specify the interface, the MA C address and VLAN , then click Add Static Address . Figure 3-53 Configuring a Static Address Table CLI – This example adds an address t o th e static address table, but sets it to be deleted when the switch is reset.
A DDR ESS T ABLE S ETTINGS 3-123 • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort th e information displayed based on MAC address, VLAN or interface (port or trunk). • Dynamic Address Counts – The number of addresses dynamically learned.
C ONFIGURING THE S WITCH 3-124 Changing the Aging Time Y ou can set the aging time for entries in the dynamic ad dress table. Command Attributes • Aging Status – Enables/disables the function. • Aging Time – The time after which a learned entry is discarded.
S PANNING T REE A LGORITHM C ONFIGURATION 3-125 The spanning tree alg orithms supported by this switch include these vers ions: • STP – Spanning Tree Protocol (IEEE 802.
C ONFIGURING THE S WITCH 3-126 that can be used when a node or por t fails , and retaining the forwarding database for ports insensitive to c h anges in the tree str ucture when reconfiguration occurs .
S PANNING T REE A LGORITHM C ONFIGURATION 3-127 • Designated Root – T he priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root.
C ONFIGURING THE S WITCH 3-128 • Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i .e., discarding to learning to forwarding). This delay is requ ired because every device must receive information about topology changes befo re it starts to forward frames.
S PANNING T REE A LGORITHM C ONFIGURATION 3-129 CLI – This command displays global STA settings , follow ed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network.
C ONFIGURING THE S WITCH 3-130 Configuring Global Settings Global settings apply to the entire switch. Command Usag e • Spanning Tree Protocol 10 Uses RSTP for the internal state machine, but sends only 802.
S PANNING T REE A LGORITHM C ONFIGURATION 3-131 • Priority – Bri dge priority is used in se lecting the root de vice, root port, and designa ted port. The device wi th the highest priority becomes the STA root device. However, if all de v ices have the same priority, the device with the lowest MAC address will then become the root device.
C ONFIGURING THE S WITCH 3-132 • Forward Delay – The maximum time (in seconds) this device will wai t before changing states (i.e., discardi ng to learning to forwarding). This delay is required because every device must re ceive information about topology changes before it starts to forward frames.
S PANNING T REE A LGORITHM C ONFIGURATION 3-133 We b – Click Spanning T ree, ST A, Conf iguration. Modify the required attributes , and click Apply . Figure 3-57 STA Configuration CLI – This example enables Spanning T r ee Protocol, sets the mode to RSTP , and then configures the STA and RSTP par ameters.
C ONFIGURING THE S WITCH 3-134 Displaying Interface Settings The STA P ort Infor mation and STA T r unk Infor mation pages display the cur rent status of ports and tr unks in the Spanning T ree. Field Attributes • Spanning Tree – Shows if STA has been enabled on this interface.
S PANNING T REE A LGORITHM C ONFIGURATION 3-135 • Designated Bridge – The bridge priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree.
C ONFIGURING THE S WITCH 3-136 • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only) These additional parameters ar e only displa yed for the CLI: • Admin status – Shows if this interface is enabled. • Path cost – This parameter is used by the STA to determine the bes t path between devices.
S PANNING T REE A LGORITHM C ONFIGURATION 3-137 • Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state .
C ONFIGURING THE S WITCH 3-138 CLI – This example shows the ST A attributes for port 5. Configuring Interface Settings Y ou can configure RSTP attributes fo r specific interfaces, including port priority , path cost, link type, and edge por t.
S PANNING T REE A LGORITHM C ONFIGURATION 3-139 - Learning - Port has transmitted conf iguration messages for an interval set by the Forward De lay parameter with out receiving contradictory information. Port addr ess table is cleared, and the port begins learning addresses.
C ONFIGURING THE S WITCH 3-140 -Default: - Ethernet – Half duplex: 2,000 ,000; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half dupl ex: 200,000; full duplex: 100,000; trunk: 50,000 - Gigabit Ethernet – Full du plex: 10,000; trunk: 5,000 • Admin Link Type – The link type attached to this interface.
VLAN C ONFIGURATION 3-141 We b – Click Spanning T ree, ST A, Port Configuration or T r unk Configuration. M odify the required attributes , then click Apply . Figure 3-59 STA Port Configuration CLI – This example set s STA attribu tes for por t 7.
C ONFIGURING THE S WITCH 3-142 VLANs help to simplify network mana g ement by allowing you to mo ve devices to a new VLAN without ha ving to change any physical connections .
VLAN C ONFIGURATION 3-143 Note: VLAN-tagged frames can pass thr ough VLAN-aware or VLAN-unaware network interconne ction devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging.
C ONFIGURING THE S WITCH 3-144 Automatic VLAN Registration – GVRP (GARP VLAN R egistration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned. If a n end station (or its netw ork adapter) suppor ts the IEEE 802.
VLAN C ONFIGURATION 3-145 F orwarding T a gged/Untagged F rames If you w ant to create a small por t-based VLAN for devices attached directly to a single switch, y ou can assign ports to the same untag ged VLAN .
C ONFIGURING THE S WITCH 3-146 Enabling or Disabling GVR P (Global Setting) GARP VLAN Re gistration Protocol (GVR P) defines a way for switc hes to ex chang e VLAN infor mation in or der to register VLAN members on ports across the network.
VLAN C ONFIGURATION 3-147 We b – Click VLAN , 802.1Q VLAN , Basic Infor mation. Figure 3-61 VLAN Basic Information CLI – Enter the follo wing command. Displaying Current VLANs The VLAN Cur rent Table sho ws the cur rent por t members of each VLAN and whether or not the por t supports VLAN tag ging .
C ONFIGURING THE S WITCH 3-148 • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. We b – Click VLAN , 802.1Q VLAN , Current T able. Select any ID f r om the scroll-down list. Figure 3-62 Displaying Current VLANs Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094).
VLAN C ONFIGURATION 3-149 CLI – Current VLAN infor mation can be displayed with the following command. Creating VLANs Use the VLAN Static List to create or remo ve VLAN groups . T o propagate infor mation about VLAN groups used on this switch to external networ k devices , you must specif y a VLAN ID for each of these g roups .
C ONFIGURING THE S WITCH 3-150 • State (CLI) – Enables or disables the specified VLA N . - Active : VLAN is operational. - Suspend : VLAN is suspended; i.e., does not pa ss packets. • Add – Adds a new VLAN group to the current list. • Remove – Removes a VLAN group from the current list.
VLAN C ONFIGURATION 3-151 CLI – This example creates a new VLAN . Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tag g ed if they are connected to 802.1Q VLAN compliant devices , or untag ged they are not connected to any VLAN-aware devices .
C ONFIGURING THE S WITCH 3-152 Command Attributes • VLAN – ID of configured VLAN (1-4094). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable : VLAN is operational. - Disable : VLAN is suspended; i.
VLAN C ONFIGURATION 3-153 We b – Click VLAN , 802.1Q VLAN, Static Table . Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required . Select the membership type by marking the a ppropriate radio button in the list of ports or tr unks.
C ONFIGURING THE S WITCH 3-154 • Non-Member – VLANs for which the selected interface is not a tagged member. We b – Open VLAN , 802.1Q VLAN , Static Membership by P or t. Select an interface from the scroll-down box (P or t or T r unk). Click Query to display membership infor mation for the interface.
VLAN C ONFIGURATION 3-155 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), acce pt ed frame types , ingress filtering, GVRP status , and GARP timers .
C ONFIGURING THE S WITCH 3-156 - If ingress filtering is disabled an d a port recei ves frames tagged fo r VLANs for which it is not a member , these frames will be flooded to all other ports (except for t hose VLANs explicitly forbidden on this port).
VLAN C ONFIGURATION 3-157 • Mode – Indicates VLAN membership mode f or an interface. (Default: Hybrid) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port trans m its tagged frames that identi fy the source VLAN.
C ONFIGURING THE S WITCH 3-158 CLI – This example sets por t 3 to ac ce pt only tag ged frames, assigns PVID 3 as the nativ e VLAN ID , enables GVRP , sets the GARP timers , and then sets the switc hpor t mode to hybrid. Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN .
VLAN C ONFIGURATION 3-159 T o configure pri vate VLANs , follow these steps: 1. Use the Priv ate VLAN Configurati on menu (page 3-161) to designate one or more isolated or commun ity VLANs , and the primary VLAN that will channel traffic outside of the VLAN groups .
C ONFIGURING THE S WITCH 3-160 We b – Click VLAN , Priv ate VLAN , Infor mation. Select the desired port from the VLAN ID drop-down menu. Figure 3-67 Private VLAN Information CLI – This example shows the switch configured with primar y VLAN 5 and secondar y VLAN 6.
VLAN C ONFIGURATION 3-161 Configuring Private VLANs The Private VLAN Configuration page is used to create/remo ve primary or community VLANs . Command Attributes • VLAN ID – ID of configured VLAN (1-4094).
C ONFIGURING THE S WITCH 3-162 CLI – This example configures VLAN 5 as a primar y VLAN , and VLAN 6 as a communit y VLAN and VLAN 7 as an isolated VLAN . Associating VLANs Each community or isolated VLAN mu st be associated with a primar y VLAN . Command Attributes • Primary VLAN ID – ID of primary VLAN (1-4094).
VLAN C ONFIGURATION 3-163 CLI – This example assoc iates community VLAN s 6 and 7 with primary VLAN 5. Displaying Private VLAN Interface Information Use the Pri vate VLAN P or t Infor mation and Priv ate VLAN T r unk Infor mation menus to display the interfaces associated with priv ate VLANs .
C ONFIGURING THE S WITCH 3-164 • Isolated VLAN – Conveys traffic only between the VLAN’s isolated ports and promiscuous ports. Traffic betwee n isolated ports within the VLAN is blocked. • Trunk – The trunk i dentifier . (Port Information only) We b – Click VLAN, Private VLAN, Port Information or Trunk Information.
VLAN C ONFIGURATION 3-165 CLI – This example shows the switch configured with primar y VLAN 5 and comm unity VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while por ts 4 and 5 have been configured as host ports and associated with VLAN 6.
C ONFIGURING THE S WITCH 3-166 specify the asso ciated primary VLAN . F or “Host” type , the Primar y VLAN displayed is the one to whic h the selected secondar y VLAN has been associated . • Community VLAN – A community VLAN conveys traffic between community ports , and from community ports to their designated promiscuous ports.
C LASS OF S ER VICE C ONFIGURATION 3-167 CLI – This example shows the switch configured with primar y VLAN 5 and secondar y VLAN 6. P or t 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 hav e been configured as a host ports and associated with VLAN 6.
C ONFIGURING THE S WITCH 3-168 Command Usag e • This switch provides four priority q u eues for each port. It uses Weighted Round Robin to prevent head-of-queue blockage. • The default priority applies for an untagged frame received on a port set to accept all frame types (i.
C LASS OF S ER VICE C ONFIGURATION 3-169 CLI – This example assigns a default priority of 5 to port 3. Mapping CoS Values to Egress Queues This switch processes Class of Servic e (CoS) priority tag ged traffic by using four priority queues for ea ch port, with ser vice schedules based on strict or W e ighted Round R obin (W RR).
C ONFIGURING THE S WITCH 3-170 The priority levels recommended in the IEEE 802.1 p standard for v arious network applications are shown in th e following table . Howeve r, you can map the priority levels to the switch’ s output queues in any way that benefits application traf fic for your o wn network.
C LASS OF S ER VICE C ONFIGURATION 3-171 We b – Click Priority , Tr affic Classes . Assi gn priorities to the traffic classes (i.e., output queues), then cli ck Apply . Figure 3-73 Traffic Classes CLI – The following example sho ws how to change the CoS assignments .
C ONFIGURING THE S WITCH 3-172 Selecting the Queue Mode Y ou can set the switch to ser vice the queues based on a strict rule that requires all traffic in a higher priori ty queue to be proc essed before lower priority que ues are ser viced, or use W eighted Round-R obin (WRR) queuing that specifies a relative w eight of each queue.
C LASS OF S ER VICE C ONFIGURATION 3-173 Setting the Service Weight for Traffic Classes This switch uses the W eighted Round R obin (WRR) alg orithm to deter mine the frequency at which it ser vi ces each priority queue.
C ONFIGURING THE S WITCH 3-174 CLI – The following example sho ws how to assign WRR weights to eac h of the priority queues . Layer 3/4 Priority Se ttings Mapping Layer 3/4 Prio rities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements .
C LASS OF S ER VICE C ONFIGURATION 3-175 Selecting IP Precedence/DSCP Priority The switch allows you to choos e be tween using IP Precedence or DSCP priority . Select one of the me thods or disable this feature. Command Attributes • Disabled – Disables both priority services .
C ONFIGURING THE S WITCH 3-176 Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. • Class of Service Value – Maps a CoS value to the selected IP Precedence value. Note that “0” represents low priority and “7” represent high priority.
C LASS OF S ER VICE C ONFIGURATION 3-177 CLI – The following example globally enables IP Precedence ser vice on the switch, maps IP Precedence valu e 1 to CoS v alue 0 (on por t 1), and then displa ys the IP Precedence settings .
C ONFIGURING THE S WITCH 3-178 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. • Class of Service Value – Maps a CoS value to the selected DSCP Priority value. Note that “0” represents low priority and “7” represent high priority.
C LASS OF S ER VICE C ONFIGURATION 3-179 CLI – The following example globally enables DSCP Priority ser vice on the switch, maps DSCP v alue 0 to CoS value 1 (on por t 1), and then displays the DSCP Priority settings.
C ONFIGURING THE S WITCH 3-180 We b – Click Priority , IP Port Priority Status . Set IP P o rt P riority Status to Enabled. Figure 3-79 IP Port Priority Status Click Priority , IP P or t Priority .
C LASS OF S ER VICE C ONFIGURATION 3-181 CLI – The following example globally enables IP P or t Priority ser vice on the switch, maps HTTP traffic on por t 5 to CoS value 0, and then displays all the IP P or t Priority settings for that por t.
C ONFIGURING THE S WITCH 3-182 • CoS Priority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) • ACL CoS Priority Mapping – Displays the configured information. We b – Click Priority , ACL CoS Priority . Enable mapping for any por t, select an A CL from the scroll-down list, then click Add.
M ULTICAST F ILTERING 3-183 Multicast Filtering Multicasting is used to support real-time applications such as videoconf erencing or streaming audio . A multicast ser ver does not hav e to establish a separate connection with each client.
C ONFIGURING THE S WITCH 3-184 Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If mult icast routing is not supported on other switches in y our network, you can use IGMP Snooping and Qu.
M ULTICAST F ILTERING 3-185 • IGMP Querier – A router, or multic ast-enabled sw itch, can periodically ask their hosts if they wa nt to receive multicast traffic.
C ONFIGURING THE S WITCH 3-186 • IGMP Version — Sets the protocol vers ion for compatibility with other devices on the network. (Range: 1-2; Default: 2) Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout.
M ULTICAST F ILTERING 3-187 CLI – This example modifies the settings fo r multicast filt ering, and then display s the current status . Displaying Interfaces Atta ched t o a Mul ticast Router Multic.
C ONFIGURING THE S WITCH 3-188 We b – Click IGMP Snooping, Multicast Router P ort Infor m ation. Select the required VLAN ID from the scroll-down list to display the associated mul ti ca st r ou te rs.
M ULTICAST F ILTERING 3-189 • VLAN ID – Selects the VLAN to propa gate all multicast traffic coming from the attached multicast router. • Port or Trunk – Specifi es the interface atta ched to a multicast router. We b – Click IGMP Snooping, Static Mult icast Router P ort Configuration.
C ONFIGURING THE S WITCH 3-190 • Multicast Group Port List – Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service. We b – Click IGMP Snooping, IP Multic ast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from the scroll-down lists .
M ULTICAST F ILTERING 3-191 Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Quer y messages as descri bed in “Configuring IGMP snooping and Quer y P arameters” on page 3-133.
C ONFIGURING THE S WITCH 3-192 We b – Click IGMP Snooping, IGMP Member Port T able. Specif y the interface attached to a m ulticast ser v ice (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast ser vice, specify the multicast IP address , and click Add.
4-1 C HAPTER 4 C OMMAND L INE I NTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manag ement interf ac.
C OMMAND L INE I NTERFACE 4-2 After connecting to the system throug h the console port, the login screen displays: Telnet Connection T el net operates over the IP transpor t protocol. In this environment, your management station and any network de vice you want to manage over the network m ust have a v alid IP address .
U SING THE C OMMAN D L INE I NTERFACE 4-3 2. At the prompt, enter the user name and system password. The CLI will display the “Vty- n #” prompt for the administra tor to show that you are using privileged access mode (i.e ., Privileged Exec), or “Vt y - n >” for the guest to sho w that you are using nor mal access mode (i.
C OMMAND L INE I NTERFACE 4-4 Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keyw ords and arguments . Keywords identify a command, and argu ments specif y configuration parameters.
E NTERING C OMMANDS 4-5 Command Completion If you ter minate input with a T ab key , the CLI will print the remaining characters of a partial keyw ord up to the point of ambiguity . In the “log ging histor y” example, typing log follo wed by a tab w ill result in printing the command up to “ logging .
C OMMAND L INE I NTERFACE 4-6 Showing Commands If you enter a “?” at the command prompt, the system will display the first level of ke y words for the current command class (Nor mal Exec or Privileged Exec) or conf ig uration class (Gl obal, A CL, Interface, Line or VLAN Database).
E NTERING C OMMANDS 4-7 The command “ show interfaces ? ” will display the following informati on: Partial Keyword Lookup If you t e r minate a partial keyw ord with a question mark, alt e rnatives t hat match the initial letters are pro vided. (Remember not to leave a space between the command and question mark.
C OMMAND L INE I NTERFACE 4-8 Understanding Command Modes The command se t is divided into Ex ec and Configuration classes. Exec commands generally display infor mation on system status or clear statistical counters . Configuration commands , on the other hand, modify interface para meters or enable cert ain switching functions .
E NTERING C OMMANDS 4-9 T o enter Privileged Exec mode, enter the following user names and passwords : Configuration Commands Configuration commands are privileged level commands used to modify switch settings . T hese commands mo dify the running configuration only and are not sav ed when the switch is rebooted.
C OMMAND L INE I NTERFACE 4-10 • VLAN Configuration - Includes the command to create VLAN groups. T o enter the Global Configurat ion mode , enter the command config ure in Privileged Exec mode. T he system prompt will change to “Console(config)#” which gi ves you access p rivilege to all Global Configu ration comma nds.
E NTERING C OMMANDS 4-11 Command Line Processing Commands are not case sensiti ve. Y ou can abbreviate commands and parameters as long as they contain e nough le tters to differentiate them from any other cur rently av ailable co mmands or parameters .
C OMMAND L INE I NTERFACE 4-12 Command Groups The system commands can be broken do wn into the functional g roups shown belo w . Table 4-4 Command Groups Command Group Description Page Line Sets commu.
C OMMAND G RO UP S 4-13 The acce ss mode shown in the following tables is indicated by these abbreviations: NE (Nor mal Exec) PE (Privileged Exec) GC (Global Configuration) ACL (Access Control List Co.
C OMMAND L INE I NTERFACE 4-14 Line Commands Y ou can access the onboard configurat ion program by attaching a VT100 compatible device to the ser ver’ s serial port. These commands ar e used to set communication pa rameters for the se rial port or T elnet (i.
L INE C OMMANDS 4-15 line This command id entifies a specific lin e for configuration, and to process subsequent line configuration commands . Syntax line { console | vty } • console - Console te rminal li ne. • vty - Virtual terminal for remote console access (i.
C OMMAND L INE I NTERFACE 4-16 login This command e nables password c hecking at login. Use the no for m to disable password checking and allo w connections without a password. Syntax login [ local ] no login local - Selects local passw ord checki ng .
L INE C OMMANDS 4-17 Example Related Commands username (4-35) password (4-17) password This command spec ifies the password for a line . Use the no for m to remov e the password.
C OMMAND L INE I NTERFACE 4-18 configuration file from a TFTP serv er. There is no need for y ou to manually con figure encrypted passwords. Example Related Commands login (4-16) passw ord-thresh (4-20) timeout login response This command sets the inter val that the system waits for a user to log into the CLI.
L INE C OMMANDS 4-19 Example T o set the timeout to two min utes, enter this command: Related Commands silent-time (4-21) exec-timeout (4-14) exec-timeout This command sets the inter val that the system waits until user input is detected. Use the no for m to restore the defa ult.
C OMMAND L INE I NTERFACE 4-20 Example T o set the timeout to two min utes, enter this command: Related Commands silent-time (4-21) timeout login response (4-13) password-thresh This command sets the password intr usion threshold which limits the number of failed logon attempts.
L INE C OMMANDS 4-21 Example T o set the passw ord threshold to fi ve attempts , enter this command: Related Commands silent-time (4-21) timeout login response (4-13) silent-time This command sets the.
C OMMAND L INE I NTERFACE 4-22 databits This command sets the number of data bits per character that are interpreted and ge nerated by the console port. Use the no form to restore the default value. Syntax databits { 7 | 8 } no databits • 7 - Seven data bi ts per character.
L INE C OMMANDS 4-23 parity This command de fines the genera tion of a parity bit. Use the no for m to restore the defaul t setting. Syntax parity { none | even | odd } no parity • none - No parity .
C OMMAND L INE I NTERFACE 4-24 Default Setting 9600 Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the dev ice connected to the serial port. Some baud rates availa ble on devices connected to the port might not be suppor ted.
L INE C OMMANDS 4-25 disconnect This command ter minates an SSH, T e lnet, or console connection. Syntax disconnect session-id sessio n-id – The se ssion identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection.
C OMMAND L INE I NTERFACE 4-26 Example T o show all lines , enter this command: General Commands Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Logi.
G ENERAL C OMMANDS 4-27 enable This command activates Privileged Exec mode. In privileg ed mode, additional comm ands are available, and certain comman ds display additional infor mation. See “Und erstanding Command Modes” on page 4-8. Syntax enab le [ le vel ] level - Privilege level to log into the device .
C OMMAND L INE I NTERFACE 4-28 disable This command retur ns to Nor mal Exec mode from pri vileg ed mode. In nor mal access mode, y ou can only di splay basic infor mation on the switch's configuration or Ethernet statistics . T o g ain access to all commands, y ou must use the privileged mode.
G ENERAL C OMMANDS 4-29 Example Related Commands end (4-30) show history This command shows the contents of the command histor y buffer . Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The histor y buffer size is fixed at 10 Ex ecution commands and 10 Configuration commands .
C OMMAND L INE I NTERFACE 4-30 The ! command repeats commands from the Ex ecution command histor y buffer when y ou are in Norm al Ex ec or Privileged Ex ec Mode, and commands from the Configuration co mmand h i story buffer when you are in any of the configuration modes .
G ENERAL C OMMANDS 4-31 Command Mode Global Configuration, Interface Configuration, Line C onfiguration, and VLAN Database Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: exit This comm and return s to the previous configuration mode or exit the configuration prog ram.
C OMMAND L INE I NTERFACE 4-32 Command Mode Nor mal Exec , Privileged Exec Command Usage The quit and exit commands can both exit the configuration prog ram.
S YSTEM M ANAGEMENT C OMMANDS 4-33 Device Designation Commands prompt This command customizes the CLI prompt. Use the no for m to restore the default prompt.
C OMMAND L INE I NTERFACE 4-34 hostname This command spec ifies or modifies th e host name for this devi ce. Use the no for m to restore the default host name.
S YSTEM M ANAGEMENT C OMMANDS 4-35 username This command adds nam ed users , requires authentication at login, specifies or changes a user's password (or spec ify that no password is required), or specifies or change s a user's access level.
C OMMAND L INE I NTERFACE 4-36 Command Usage The en cr ypted password is requir ed for compatibility with leg acy passw ord settings (i.e ., plain text or encr ypted) when reading the configuration file duri ng system bootup or when downloading the configuration file from a TFTP se r ver .
S YSTEM M ANAGEMENT C OMMANDS 4-37 Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-27). • The encrypted password is required for compatibility with le gacy password settings (i.
C OMMAND L INE I NTERFACE 4-38 management This command spec ifies the client IP address es that are al lowed management access to the switch th rough va rious protocols.
S YSTEM M ANAGEMENT C OMMANDS 4-39 • You can delete an address range just by specifying the start address, or by specifying both the start address and end address.
C OMMAND L INE I NTERFACE 4-40 Example Web Server Commands Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address --------------------------------------- -------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.
S YSTEM M ANAGEMENT C OMMANDS 4-41 ip http port This command spec ifies the TCP port number used by the web bro wser interface. Use the no form to use the default port. Syntax ip http por t port-num ber no ip http por t port-number - The TCP por t to be used by the browser in terface.
C OMMAND L INE I NTERFACE 4-42 Example Related Commands ip http port (4-41) ip http secure-server This command enables the secure hy pertext transfer protocol (HTTPS) ov er the Secure Soc ket Layer (SSL), providing se cure access (i.e ., an encr ypted connection) to the switch’ s web interface.
S YSTEM M ANAGEMENT C OMMANDS 4-43 • A padlock icon should appear in th e status bar for Internet Explorer 5.x and Netscape Navigator 6.2 or later versions. • The following web browsers and operating systems currently support HTTPS: • To specify a secure-site certific ate, see “Replacing the Defaul t Secure-site Certificate” on page 4-56.
C OMMAND L INE I NTERFACE 4-44 Command Mode Global Configuration Command Usage • You cannot configure the HTTP an d HTTPS servers to use the same port.
S YSTEM M ANAGEMENT C OMMANDS 4-45 Default Setting 23 Command Mode Global Configuration Example Related Commands ip telnet ser ver (4-45) ip telnet server This comm and allows this device to be monitored or configured from T elnet. Use the no for m to disable this function.
C OMMAND L INE I NTERFACE 4-46 Secure Shell Commands The Berkle y-standard includes remote access tools originally designed for Unix systems . Some of these tools hav e also been implemented for Microsoft Windows and other envir onments .
S YSTEM M ANAGEMENT C OMMANDS 4-47 The SSH ser ver on this switch supports both passw ord and public key authentication. If passw ord authentication is specified by the S S H client, then the password.
C OMMAND L INE I NTERFACE 4-48 2. Provide Host Public Key to Clie nts – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it.
S YSTEM M ANAGEMENT C OMMANDS 4-49 a. The cli ent sends its public key to the switch. b. The switch compares the client's publ ic key to those stored in memor y . c. If a match is found, the switc h uses the publ ic key to encrypt a random sequence of bytes , and sends this string to the client.
C OMMAND L INE I NTERFACE 4-50 • You must generate the host key before enabling the SSH serv er. Example Related Commands ip ssh crypto host-key generate (4-53) show ssh (4-55) ip ssh timeout This command configures the timeout for the SSH ser ver .
S YSTEM M ANAGEMENT C OMMANDS 4-51 Related Commands exec-timeout (4-19) show ip ssh (4-55) ip ssh authentication-retries This command configures the number of times the SSH ser ver a ttempts to reauthenticate a user . Use the no form to restore the defa ult setting .
C OMMAND L INE I NTERFACE 4-52 Default Setting 768 bits Command Mode Global Configuration Command Usage • The server key is a privat e key that is never shared outside the switch . • The host key is shared with the SS H clie nt, and is fixed at 102 4 bits.
S YSTEM M ANAGEMENT C OMMANDS 4-53 ip ssh crypto host-key generate This command g enerates the host key pair (i.e., public and priv ate). Syntax ip ssh cr ypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) key type.
C OMMAND L INE I NTERFACE 4-54 ip ssh crypto zeroize This command clear s the host key from memor y (i.e. RAM ). Syntax ip ssh cr ypto zeroize [ dsa | rs a ] • dsa – DSA key type. • rsa – RSA key type. Default Setting Clears both the DSA and RSA key .
S YSTEM M ANAGEMENT C OMMANDS 4-55 Default Setting Sav es both the DSA and RSA key . Command Mode Privileged Exec Example Related Commands ip ssh crypto host-key generate (4-53) show ip ssh This command displays the connection settings used when authenticating client access to the SSH ser ver .
C OMMAND L INE I NTERFACE 4-56 Table 4-16 show ssh - display description Field Description Session The sess ion number. ( Range: 0-3) Version The Secure Sh ell ve rsion numb er. State The a uthentication negotiation state. (Values: Negotiation-Started, Authentication-Started, Session-Started) Username The user name of the c lient.
S YSTEM M ANAGEMENT C OMMANDS 4-57 show public-key This command shows the public k ey fo r the specified user or for the host. Syntax show public-k ey [ user [ user name ]| host ] user name – Name of an SSH us er . (Rang e: 1-8 characters) Default Setting Shows all public k e ys .
C OMMAND L INE I NTERFACE 4-58 Example Console#show public-key host Host: RSA: 1024 35 156849954018676692593339467750546173253 1367489083654725415020245593 199868544358361651999923329781766065830 9586.
S YSTEM M ANAGEMENT C OMMANDS 4-59 Event Logging Commands logging on This command controls log ging of error messag es , sending debug or er ror messages to switch memor y .
C OMMAND L INE I NTERFACE 4-60 Example Related Commands log ging histor y (4-60) clear log ging (4-6 4) logging history This command limits syslog messages sav ed to switch memory based on severity . The no for m retur ns the log ging of syslog messages to the default level.
S YSTEM M ANAGEMENT C OMMANDS 4-61 Default Setting Flash: er rors (level 3 - 0) RAM: warnings (level 6 - 0) Command Mode Global Configuration Command Usage The me ssage level specified for f lash memor y must be a higher priority (i.e., numerically low er) than that specifie d for RAM.
C OMMAND L INE I NTERFACE 4-62 Command Usage • By using this command more than once you can build up a list of host IP addresses. • The maximum numbe r of host IP addresses allowed is five. Example logging facility This command sets the facili ty type fo r remote log ging of syslog messages .
S YSTEM M ANAGEMENT C OMMANDS 4-63 logging trap This command enables the log ging of system messages to a remote ser ver , or limits the syslog messages sav ed to a remote ser ver based on seve rity . Use this command withou t a specified le vel to enable remote log ging.
C OMMAND L INE I NTERFACE 4-64 clear logging This command c lears messages from the log buffer . Syntax clear log ging [ fla sh | ram ] • flash - Event history stored in fl ash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i .
S YSTEM M ANAGEMENT C OMMANDS 4-65 Default Setting None Command Mode Privileged Exec Example The following example shows that system logg ing is enabled, the message level for flash memor y is “er rors” (i.e., default lev el 3 - 0), the messag e level for RAM is “informational” (i.
C OMMAND L INE I NTERFACE 4-66 The following example displays se ttings for the trap f unction. Related Commands show log ging sendmail (4-71) Console#show logging trap Syslog logging: Enabled REMOTELOG status: Enabled REMOTELOG facility type: local use 7 REMOTELOG level type: Informatio nal messages only REMOTELOG server IP address: 0.
S YSTEM M ANAGEMENT C OMMANDS 4-67 show log This command disp lays the system a nd event me ssag es stored in mem or y . Syntax show log { fl as h | ram } [ lo gin ] [ tail ] • flash - Event history stored in fl ash memory (i .e., permanent memory).
C OMMAND L INE I NTERFACE 4-68 SMTP Alert Commands These commands config ure SMTP event handling, and forwarding of alert messages to the specified SMTP ser vers and email recipients . logging sendmail host This command specifies SMTP ser vers that will be sent aler t messages .
S YSTEM M ANAGEMENT C OMMANDS 4-69 • To send email alerts, the switch fi rst opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection.
C OMMAND L INE I NTERFACE 4-70 logging sendmail source-email This command sets the email address used for the “From” fi eld in alert messages. Use the no for m to delete the source email ad dress . Syntax [no] log ging sendmail source-e mail email-address email-address - The source email address used in alert messag es.
S YSTEM M ANAGEMENT C OMMANDS 4-71 Command Mode Global Configuration Command Usage Y ou can specify up to fi ve recipients for aler t messages . Howev er, y ou must enter a separate command to spe cify each recipient. Example logging sendmail This command e nables SMTP event handling .
C OMMAND L INE I NTERFACE 4-72 Example Time Commands The system clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP). Maintaining an accurate time o n the switch enables the s ystem log to record meani ngful dates and times for event entries .
S YSTEM M ANAGEMENT C OMMANDS 4-73 sntp client This co mmand enables SNT P client requests for time synchronization from NTP or SNTP time se rvers specifi ed with the sntp ser vers command.
C OMMAND L INE I NTERFACE 4-74 sntp server This command sets the IP address of the ser ver s to which SNTP time requests are issued. Use the this comm and with no arguments to clear al l time ser vers from the current list. Syntax sntp ser ver [ ip1 [ ip2 [ ip3 ]]] ip - I P a d d r e s s o f a t i m e s e rv e r ( N T P o r S N T P ) .
S YSTEM M ANAGEMENT C OMMANDS 4-75 sntp poll This command sets the inter v al betw een sending time requests when the switch is set to SNTP client mode. Use the no for m to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Inter val betw een time requests.
C OMMAND L INE I NTERFACE 4-76 Example clock timezone This command sets the ti me zone for the switch’ s internal clock. Syntax clock timezone name hour hours minute minutes { befor e-utc | after-utc } • name - Name of timezone, usually an acronym.
S YSTEM M ANAGEMENT C OMMANDS 4-77 Example Related Commands show sntp (4-75) calendar set This command sets the sy stem clock. It may be used if there is no time ser ver on your netw ork, or if you ha ve not configured the switch to receive signals from a time server .
C OMMAND L INE I NTERFACE 4-78 show calendar This command displa ys the system clock. Default Setting None Command Mode Nor mal Exec , Privileged Exec Example System Status Commands Console#show calen.
S YSTEM M ANAGEMENT C OMMANDS 4-79 show startup-config This command displays the configuration file stored in non-volatile memor y that is used to start up the system.
C OMMAND L INE I NTERFACE 4-80 Example Related Commands show running-config (4-81) Console#show startup-config building startup-config, please wait... .
S YSTEM M ANAGEMENT C OMMANDS 4-81 show running-config This comm and displays the configur ation infor mation cur rently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use.
C OMMAND L INE I NTERFACE 4-82 Example Related Commands show startup-config (4-79) Console#show running-config building running-config, please wait... .
S YSTEM M ANAGEMENT C OMMANDS 4-83 show system This command di splays system infor mation. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage • For a description of the items sh own by this command, refer to “Displaying System Info rmation” on page -11.
C OMMAND L INE I NTERFACE 4-84 show users Shows all activ e consol e and T elnet sessions, including user name, idle time, and IP address of T elnet client. Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.
S YSTEM M ANAGEMENT C OMMANDS 4-85 Command Mode Nor mal Exec , Privileged Exec Command Usage See “Displaying Switch Hardware/S oftware V ersions” on pag e 3-13 for detailed infor mation on the items displayed by this command. Example Frame Size Commands jumbo fram e This command enables support for jumbo frames .
C OMMAND L INE I NTERFACE 4-86 Command Mode Global Configuration Command Usage • This switch provides more efficient throughput f or large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared t o standard Ethernet fr ames that run only up to 1.
F LASH /F ILE C OMMANDS 4-87 copy This comm and moves (upload/download ) a code image or configuration file between the switc h’ s flash memor y and a TFTP ser ver . When you sav e the system code or configuration settin gs to a file on a TFTP ser ver , that file can later be downloaded to the sw itch to restore system operation.
C OMMAND L INE I NTERFACE 4-88 Command Mode Privileged Exec Command Usage • The system prompts for data re quired to comple te the copy command. • The destination file name should not contain slashes ( or /), the leading letter of the file name s hould not be a period (.
F LASH /F ILE C OMMANDS 4-89 Example The following exam ple shows ho w to up load the configuration settings to a file on the TFTP ser ver : The foll owing example shows how to c opy the running configuration to a startup file.
C OMMAND L INE I NTERFACE 4-90 This example shows how to copy a pub li c - k e y u s e d b y S S H f r o m a n T FT P ser ver . Note that public key authen tication via SSH is only supported for users configured locally on the switch: delete This command de letes a file or image.
F LASH /F ILE C OMMANDS 4-91 Example This example shows ho w to delete th e test2.cfg configuration file from flash memor y for unit 1. Related Commands dir (4-91) delete public-key (4-52) dir This command di splays a list of files in flash memor y .
C OMMAND L INE I NTERFACE 4-92 • File information is shown below: Example The following example shows how to displa y all file infor mation: whichboot This command displays which files were booted when the system pow ered up .
F LASH /F ILE C OMMANDS 4-93 Example This example shows the information displa yed by the whichboot command. See the table u nder the dir command for a description of the file infor mation displayed by this command. boot system This command specifies the image used to star t up the system.
C OMMAND L INE I NTERFACE 4-94 Example Related Commands dir (4-91) whichboot (4-92) Authentication Commands Y ou can configure thi s switch to authenti cate users log ging into the syst em for management acc ess using local or RADIUS authentication methods .
A UTHENTICATION C OMMANDS 4-95 authentication login This command de fines the login auth entication method and precede nce. Use the no for m to restore the default. Syntax authentication login {[ local ] [ radius ] [ tacacs ]} no authentication login • local - Use local password.
C OMMAND L INE I NTERFACE 4-96 Example Related Commands username - for setting the local user names and passwords (4-35) authentication enable This command defines th e authentication method and pr ecedence to use when changing from Exec command mode to Pri v ileged Exec command mode with the enable command (see pag e 4-27).
A UTHENTICATION C OMMANDS 4-97 • You can specify three authe nticati on methods in a single command to indicate the authentication sequence . For example, if you enter “ authentication enable radius tacacs local ,” the user na me and password on the RADIUS server is verified first.
C OMMAND L INE I NTERFACE 4-98 radius-server host This command spec ifies primar y and backup RADIUS ser vers and authentication parameters that apply to each server .
A UTHENTICATION C OMMANDS 4-99 radius-server port This command sets the RADIUS ser ver netw ork por t. Use the no form to restore the default. Syntax radius-ser ver por t port_number no radius-ser ver port port_number - RADIUS ser ver UDP por t used for authentication messages.
C OMMAND L INE I NTERFACE 4-100 Example radius-server retransmit This command sets the number of retries . Use the no for m to restore the default. Syntax radius-ser ver retransmit number_of_retries no radius-ser ver retransmit number_of_retries - Number of times the switch will try to authenticate log on access via th e RADIUS ser ver .
A UTHENTICATION C OMMANDS 4-101 Command Mode Global Configuration Example show radius-server This command di splays the current settings for the RADIUS ser ver .
C OMMAND L INE I NTERFACE 4-102 TACACS+ Client T er minal Access Controller Access Control System (TA CA CS+) is a log on authentication protocol that uses soft w are r unning on a central ser ver to control access to T ACA CS-aware devices on the netw ork.
A UTHENTICATION C OMMANDS 4-103 tacacs-server port This command spec ifies the TA CACS+ server netw ork por t. Use the no for m to restore the default. Syntax tacacs-ser ver por t port_number no ta cacs-server port port_number - TA CA CS+ ser ver TCP por t used for authentication messages.
C OMMAND L INE I NTERFACE 4-104 Example show tacacs-server This command di splays the current settings for the TA CACS+ ser ver . Default Setting None Command Mode Privileged Exec Example Port Security Commands These commands can be used to enable por t security on a port.
A UTHENTICATION C OMMANDS 4-105 port security This command enables or configur es por t security . Use the no form without any keyw ords to disable port security . Use the no for m with the appropriate keyw ord to restore the default settings for a response to security violation or for the maxi mum nu m ber of allow e d addresses .
C OMMAND L INE I NTERFACE 4-106 Command Usage • If you enable port security, the switc h stops lear ning new MA C addresses on t he specified port wh en it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dy namic or st atic address table will be accepted.
A UTHENTICATION C OMMANDS 4-107 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x ) por t-based access control that prevents unauthorized access to the netw ork by requiring users to first submit credentials for au thentication.
C OMMAND L INE I NTERFACE 4-108 dot1x system-auth-control This command enables 802.1X por t auth entication globally on the switch. Use the no form to restore the default.
A UTHENTICATION C OMMANDS 4-109 dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/i dent ity packet to the clie nt before it times out the authentica tion session. Use the no for m to restor e the default.
C OMMAND L INE I NTERFACE 4-110 Default force-authorized Command Mode Interface Configuration Example dot1x operation-mode This command allows single or multiple hosts (cli ents) to connect to an 802.1X-authorized port. Use the no for m with no keyw ords to restore the default to single host.
A UTHENTICATION C OMMANDS 4-111 • In “multi-host” mode, only one host connected to a port needs to pass authentication for all other hosts to be gra nted network access. Similarly, a port can become unauthor ized for all hosts if one attached host fails re-authentication or sends an EAPOL logoff message.
C OMMAND L INE I NTERFACE 4-112 Example dot1x timeout quiet-period This co mmand sets the time that a swit ch port waits after th e Max Request Count has been exceeded before attemp ting to acquire a new client.
A UTHENTICATION C OMMANDS 4-113 Command Mode Interface Configuration Example dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-tra nsmi tting an EAP packet. Use the no for m to reset to the default value.
C OMMAND L INE I NTERFACE 4-114 show dot1x This command shows general por t auth entication related settings on the switch or a specific interface. Syntax show dot1x [ statistics ] [ interface interf ace ] • statistics - Displays dot1x s tatus for each port.
A UTHENTICATION C OMMANDS 4-115 - tx-period – Time a port waits during authentication session before re-trans mitting EAP packet (page 4-113). - supplicant-timeout – Supplicant timeout. - server-timeout – Server timeout. - reauth-max – Maximum number of re authentica tion attempts.
C OMMAND L INE I NTERFACE 4-116 from the Authentication Server. • Reauthentication State Machine - State – Current state (including init ialize, reauthenticate).
A CCESS C ONTR OL L IST C OMMANDS 4-117 Access Control List Commands Access Control Lists (A CL) provide packet filtering for IP frames (based on address , protocol, Layer 4 protocol port number or TCP control co de) or any frames (based on MA C address or Ether net type).
C OMMAND L INE I NTERFACE 4-118 • This switch supports ACLs for in gress filtering only. You can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering. In other words, only two ACLs can be bound to an interface - Ingress IP ACL and Ingress MAC ACL.
A CCESS C ONTR OL L IST C OMMANDS 4-119 access-list ip This command adds an IP access list and enters configuratio n mode for standard or extend ed IP A CLs .
C OMMAND L INE I NTERFACE 4-120 Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To cr eate an ACL, you must add at least one rule to the list.
A CCESS C ONTR OL L IST C OMMANDS 4-121 Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing f our integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.
C OMMAND L INE I NTERFACE 4-122 permit , deny (Extended ACL) This command adds a r ule to an Extended IP A CL. T he r ule sets a filter condition for packets with specific so urce or destination IP addresses , protocol types , source or destination protocol ports, or TCP control codes .
A CCESS C ONTR OL L IST C OMMANDS 4-123 Default Setting None Command Mode Extended A CL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing f our integers from 0 to 255, each separated by a period.
C OMMAND L INE I NTERFACE 4-124 Example This example accepts any incoming pac kets if the source address is within subnet 10.7.1.x. F or ex ample, if the rule is matched; i.e., the r ule (10.7.1.0 & 255.255.255.0) equals the masked ad dress (10.7.
A CCESS C ONTR OL L IST C OMMANDS 4-125 Example Related Commands per mit, deny 4-120 ip access-g roup (4-125) ip access-group This command binds a por t to an IP A CL. Use the no f o r m to r e m ove t h e port. Syntax [ no ] ip access-gr oup acl_name in • acl_name – Name of the ACL.
C OMMAND L INE I NTERFACE 4-126 Example Related Commands show ip access-list (4-124) show ip access-group This command shows the ports assigned to IP ACLs. Command Mode Privileged Exec Example Related Commands ip access-group (4-12 5) map access-list ip This command sets the output queue for pac kets matching an A CL r ule.
A CCESS C ONTR OL L IST C OMMANDS 4-127 Command Mode Interface Configuration (Ethernet) Command Usage A pack et matching a rule within the specified A CL is mapped to one of the output queues as shown in the follo w ing table. F or infor mation on mapping the CoS values to output queues , see queue cos-map on page 4-226 .
C OMMAND L INE I NTERFACE 4-128 Example Related Commands map access-list ip (4-126) MAC ACLs access-list mac This command adds a MA C access list and ent ers MAC A CL configuration mode. Use the no form to remov e the specified A CL. Syntax [ no ] access-list mac acl_name acl_name – Name of the A CL.
A CCESS C ONTR OL L IST C OMMANDS 4-129 Default Setting None Command Mode Global Configuration Command Usage • When you create a new ACL or en ter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list.
C OMMAND L INE I NTERFACE 4-130 permit , deny (MAC ACL) This command adds a r ule to a MA C A CL. T he r ule filters packets matching a specified MA C source or dest ination address (i.e., ph ysical layer address), or Ethernet protocol type. Use the no f orm t o r e mo v e a rul e .
A CCESS C ONTR OL L IST C OMMANDS 4-131 • A detailed listing of Ethernet pr otocol types can be found in RFC 1060. A few of the more common types include the following: • 0800 - IP • 0806 - ARP .
C OMMAND L INE I NTERFACE 4-132 mac access-group This command binds a port to a MA C ACL. Use the no for m to remove the por t. Syntax mac access-gr oup acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this list applies to ingress packets.
A CCESS C ONTR OL L IST C OMMANDS 4-133 Related Commands mac access-g roup (4-132) map access-list mac This command sets the output queue for pac kets matching an A CL r ule. The specifi ed CoS value is only used to map the matching pack et to an output queue; it is not writte n to the pac ket itself.
C OMMAND L INE I NTERFACE 4-134 Related Commands queue cos-map (4-226) show map access-list mac (4-134) show map access-list mac This command shows the CoS v alue mapped to a MA C A CL for the cur rent interface. (The CoS value dete r mines the output queu e for packets matching an A C L r ule.
A CCESS C ONTR OL L IST C OMMANDS 4-135 ACL Information show access-list This command shows all A C Ls and asso ciated r ules , as well as all the user -defined masks . Command Mode Privileged Exec Command Usage Once the A C L is bound to an interfac e (i.
C OMMAND L INE I NTERFACE 4-136 show access-group This command shows the port assignments of A CLs . Command Mode Pr ivi le g ed Exe cu tive Example SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protoc ol (SNMP), as well as the er ror ty pes sent to trap manag ers .
SNMP C OMMANDS 4-137 snmp-server community This command defines the comm unity access string for the Simple Network Management Protocol. Use the no form t o remove the specified community string .
C OMMAND L INE I NTERFACE 4-138 snmp-server contact This command sets the system contact string. Use the no form to remove the system contact infor mation. Syntax snmp-ser ver contact string no snmp-server contact string - String that describes the system contact infor mation.
SNMP C OMMANDS 4-139 Command Mode Global Configuration Example Related Commands snmp-ser ver contact (4-138) snmp-server host This command specifie s the recipien t of a Simple Netw ork Management Protocol notificati on operation. Use the no form to re mov e the spec ified host.
C OMMAND L INE I NTERFACE 4-140 Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-serve r host command. In order to enable multiple hosts, you must issue a separate snmp-server hos t command for each host.
SNMP C OMMANDS 4-141 snmp-server enable traps This comm and enables this device to send Simple Network Management Protocol traps (SNMP not ifications). Use the no for m to disable SNMP notifications . Syntax [ no ] snmp-ser ver enable traps [ authentication | link-up-down ] • authentication - Keyword to issue authentication fail ure traps.
C OMMAND L INE I NTERFACE 4-142 show snmp This command c hecks the status of S N MP comm unications . Default Setting None Command Mode Nor mal Exec , Privileged Exec Command Usage This command provid.
SNMP C OMMANDS 4-143 Example Console#show snmp SNMP traps: Authentication: enabled Link-up-down: enabled SNMP communities: 1. alpha, and the privilege is read- write 2.
C OMMAND L INE I NTERFACE 4-144 Interface Commands These commands are used to display or set communication parameters for an Ethernet por t, ag g reg ated link, or VLAN .
I NTERFACE C OMMANDS 4-145 interface This command configures an interfa ce type and enter interface configuration mode. Use the no for m to remov e a tr unk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-146 Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 24. speed-duplex This command configures the speed an d duplex mode of a given interface when autoneg otiation is disabled.
I NTERFACE C OMMANDS 4-147 • When using the negotiation command to e nable auto- negotiation, the optimal settings will be de termined by the capabilities command. To set the speed/duplex mode unde r auto-negotiation, the required mode must be specified in the capabilities list for an interface.
C OMMAND L INE I NTERFACE 4-148 Example The following example configures port 11 to use autoneg otiation. Related Commands capabilities (4-148) speed-duplex (4-146) capabilities This command advertises the port capabilities of a giv en interface during autoneg otiation.
I NTERFACE C OMMANDS 4-149 Command Usage When auto-neg otiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and fl o w c o nt r ol commands.
C OMMAND L INE I NTERFACE 4-150 • To force flow control on or off (with the flowcontr ol or no flowcontrol command ), use the no negotiation command to disable auto-negotiation on the selected interface. • When using the negotiation command to enable auto-negotiation, the optimal settings will be de termined by the capabilities command.
I NTERFACE C OMMANDS 4-151 Command Usage This command allows you to disabl e a port due to abnor mal behavior (e.g ., excessi ve collisions), and then reenable it afte r the problem has been resolv ed. Y ou may a lso want to disable a por t for security reasons.
C OMMAND L INE I NTERFACE 4-152 Example The following shows how to config ure broadcast storm control at 600 packets per second: clear counters This command clear s statistics on an in terface. Syntax clear counter s interface interface • ethernet unit / port - unit - Stack unit.
I NTERFACE C OMMANDS 4-153 show interfaces status This command displays the status for an interface . Syntax show interfaces s tatus [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-154 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number.
I NTERFACE C OMMANDS 4-155 Command Usage If no interface is specified, inform ation on all interfaces is displayed. F or a description of the items displayed by this comma nd, see “Showing P ort Statistics” on pag e 3-114.
C OMMAND L INE I NTERFACE 4-156 show interfaces switchport This command displays the administrativ e and operational status of the specified interfaces. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit.
I NTERFACE C OMMANDS 4-157 Table 4-41 Interfaces Switchport Statistics Field Description Broadcast threshold Shows if broadcast storm suppression is enabled o r disabled; if enabled it also shows th e threshold level (page 4-151). Lacp status Shows if Link Aggregation Con trol Protocol has been enabled or disabled (page 4-166 ).
C OMMAND L INE I NTERFACE 4-158 Mirror Port Commands This section describes how to mir ror tr affic from a source port to a targ et port. port monitor This command configures a mir ror session.
M IR R OR P ORT C OMMANDS 4-159 • The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port. • You can only create a single mirror session.
C OMMAND L INE I NTERFACE 4-160 Example The following shows mirroring configured from port 6 to port 11: Rate Limit Commands This function allows the network ma nager to control the maximum rate for traffic transmitted or receiv ed on an interface.
R ATE L IMIT C OMMANDS 4-161 rate-limit Use this command to define the ra te lim it lev el for a specific interface . Use this command without spec ifying a rate to restore the default rate limit level. Use the no form to restore the default status of disabled.
C OMMAND L INE I NTERFACE 4-162 rate-limit granularity Use this command to define the rate lim it granularity for the F ast Ethernet ports, and the Gigabit Ethernet por ts .
R ATE L IMIT C OMMANDS 4-163 show rate-limit Use this command to display the rate limit g ranularity . Default Setting F ast Ether net interface – 3.3 Mbps Gigabit Ether net interface – 33.3 Mbps Command Mode Privileged Exec Command Usage • For Fast Ethernet inte rfaces, the rate limit granularity is 512 Kbps, 1 Mbps, or 3.
C OMMAND L INE I NTERFACE 4-164 Link Aggregation Commands P or ts can be statically grouped into an ag g regate link (i.e., trunk) to increase the bandwidth of a netw or k connection or to ensure fault recov er y .
L INK A GG RE G A T I O N C OMMANDS 4-165 Guidelines for Creating Trunks General Guidelines – • Finish configuring port trunks be fore you connect the corresponding network cables between switch es to avoid creating a loop. • A trunk can have up to eight ports.
C OMMAND L INE I NTERFACE 4-166 channel-group This comm and adds a por t to a tr unk. Use the no for m to remov e a port from a tr unk. Syntax channel-gr oup channel-id no channel-group channel-id - T r unk index (Range: 1-4) Default Setting The cur rent por t will be ad ded to this tr unk.
L INK A GG RE G A T I O N C OMMANDS 4-167 Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP trunk must be c onfigured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next avai lable port-channel ID.
C OMMAND L INE I NTERFACE 4-168 Example The following shows LA CP enabled on por ts 11-13. Because LA CP has also been enabled on the ports at the other end of the links , the show interfaces status por t-channel 1 command shows that T r unk 1 has been established.
L INK A GG RE G A T I O N C OMMANDS 4-169 lacp system-priority This command configures a por t's LA CP system priority . Use the no form to restore the default setting . Syntax lacp { actor | par tner } sy stem-priority priority no lacp { actor | partner } system-priority • actor - The local side an aggregate link.
C OMMAND L INE I NTERFACE 4-170 lacp admin-key (Ethernet Interface) This command configures a por t's LA CP administration key . Use the no for m to restore the default setting . Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-key • actor - The local side an aggregate link.
L INK A GG RE G A T I O N C OMMANDS 4-171 lacp admin-key (Port Channel) This command configures a port ch annel's LA CP administration key string .
C OMMAND L INE I NTERFACE 4-172 lacp port-priority This command configur es LA CP por t priority . Use the no for m to res tor e the default setting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | partner } por t-priority • actor - The local side an aggregate link.
L INK A GG RE G A T I O N C OMMANDS 4-173 show lacp This command di splays LA CP infor mation. Syntax show lacp [ port-channel ] { counter s | inter nal | neighbors | sysid } • port-channel - Local identifier for a link aggregation group. (Range: 1-4) • counters - Statistics for LACP protocol messages.
C OMMAND L INE I NTERFACE 4-174 Example Console#show lacp 1 counters Port channel : 1 --------------------------------------- ---------------------------- Eth 1/ 1 ------------------------------------.
L INK A GG RE G A T I O N C OMMANDS 4-175 Console#show lacp 1 internal Port channel : 1 --------------------------------------- ---------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 --------.
C OMMAND L INE I NTERFACE 4-176 Admin State, Oper State Administrati ve or operational values of th e actor’s state parameters: • Expired – The actor’s rece ive ma chine is in the expired state; • Defaulted – The actor’s receive mach ine is using defaulted operational partner informat ion, administratively confi gured for the partner.
L INK A GG RE G A T I O N C OMMANDS 4-177 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------------- ---------------------------- Eth 1/1 --------------------------.
C OMMAND L INE I NTERFACE 4-178 Address Table Commands These commands are use d to config ure the address table for filtering specified addresses, displa y ing cur rent en tries, clearing the table , or setting the aging time.
A DDR ESS T ABLE C OMMANDS 4-179 mac-address-table static This command maps a static address to a destination por t in a VLAN . Use the no for m to remove an address . Syntax mac-address-table static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table static mac-address vlan vlan-id • mac-address - MAC address.
C OMMAND L INE I NTERFACE 4-180 • A static address cannot be learned on another port until the address is removed with the no form of this command. Example clear mac-address-table dynamic This comm .
A DDR ESS T ABLE C OMMANDS 4-181 Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains th e MAC addresses a ssociated with each interface.
C OMMAND L INE I NTERFACE 4-182 Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding infor mation. Example show mac-address-table aging-time This command shows the aging time for entries in the address table.
S PANNING T RE E C OMMANDS 4-183 Spanning Tree Commands This section i ncludes commands th at configure the Spanning T ree Alg orithm (ST A) globally for the switch, and commands that configure ST A for the selected interface.
C OMMAND L INE I NTERFACE 4-184 spanning-tree This command enables the Spanning T ree Algorithm globally for the switch. Use the no form to disable it.
S PANNING T RE E C OMMANDS 4-185 spanning-tree mode This command selects the spanning tr ee mode for this swit ch. Use the no for m to restore the default. Syntax spanning-tree mode { stp | rstp } no spanning-tree mode • stp - Spanning Tree Pr otocol (IEEE 802.
C OMMAND L INE I NTERFACE 4-186 spanning-tree forward-time This command configures the spanning tree br idge f orw ard time globally for this switch. Use the no for m to restore the default. Syntax spanning-tree forw ard- time seconds no spanning-tree forw ard- time seconds - Time in seconds .
S PANNING T RE E C OMMANDS 4-187 Default Setting 2 seconds Command Mode Global Configuration Command Usage This command sets the time inter val (in seconds) at which the root device transmits a configuration message. Example spanning-tree max-age This command configures the spanning tree bridg e maximum age globally for this switch.
C OMMAND L INE I NTERFACE 4-188 becomes the designated por t for the atta ched LAN . If it is a root port, a new root port is selected from among the device ports at tached to the network. Example spanning-tree priority This command configures the spanning tree priority globally for this switch.
S PANNING T RE E C OMMANDS 4-189 spanning-tree pathcost method This command configures the path co st method used for Rapid Spanning T ree. Use the no form to restore the default. Syntax spanning-tree pathcost method { long | shor t } no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 0-200,000,0 00.
C OMMAND L INE I NTERFACE 4-190 Command Mode Global Configuration Command Usage This command lim its the maximum transmission rate for BPDUs. Example spanning-tree spanning-disabled This command disables the spanning tree algorithm for the specified interface.
S PANNING T RE E C OMMANDS 4-191 spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port.
C OMMAND L INE I NTERFACE 4-192 spanning-tree port-priority This command configures the priority for the specified int erface. Use the no for m to restore the defa ult. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority priority - The priority for a port.
S PANNING T RE E C OMMANDS 4-193 Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node.
C OMMAND L INE I NTERFACE 4-194 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/ dis able the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and procee d straight to Forwarding.
S PANNING T RE E C OMMANDS 4-195 Default Setting auto Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Specify a point-to-point link if th e interface can only be connecte d to exactly one other br idge, or a shared link if it can be connected to two or more bridges.
C OMMAND L INE I NTERFACE 4-196 Command Usage If at any time the switch detects STP BPDUs, including Configuration or T opolog y Chang e Notification BPDU s , it will automatically set the selected interface to forced STP-compatible mode.
S PANNING T RE E C OMMANDS 4-197 • For a description of the item s displayed under “Spanning-tree information,” see “Configuring Gl obal Settings” on page 3 -130. For a description of the items displa yed for specific interfaces, see “Displaying Interface Settings” on page 3 -134.
C OMMAND L INE I NTERFACE 4-198 VLAN Commands A VLAN is a g roup of ports that can be located anywhe re in the network, but communicate as though they bel ong to the same physical segment.
VLAN C OMMANDS 4-199 Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configurat ion cha nges, you can display the VLAN settings by entering the show vlan command.
C OMMAND L INE I NTERFACE 4-200 Default Setting By default only VLAN 1 exists and is active . Command Mode VLAN Database Configuration Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id na me removes the VLAN name. • no vlan vlan-id state r e turns the VLAN to the default state (i.
VLAN C OMMANDS 4-201 Configuring VLAN Interfaces interface vlan This comm and enters inte rface configuration mode for VLANs, whic h is used to configure VLAN parame ters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN .
C OMMAND L INE I NTERFACE 4-202 Example The following example shows how to se t the interface conf iguration mode to VLAN 1, and then assign an IP address to the VLAN: Related Commands shutdown (4-150) switchport mode This command configures the VLAN membership mode for a port .
VLAN C OMMANDS 4-203 Example The following shows how to set the configuration mode to por t 1, and then set the switchport mode to hy brid: Related Commands switchport acceptable-frame-types (4-203) switchport acceptable-frame-types This command configures the acce ptab le frame types for a port.
C OMMAND L INE I NTERFACE 4-204 Related Commands switchport mode (4-202) switchport ingress-filtering This comm and enables ing ress filtering for an inte rface.
VLAN C OMMANDS 4-205 switchport native vlan This command configures the PVID (i.e ., default VLAN ID) for a port. Use the no for m to restore the default. Syntax switchport nativ e vlan vlan- id no switchport nativ e vlan vlan-id - Default VLAN ID for a port.
C OMMAND L INE I NTERFACE 4-206 switchport allowed vlan This command configur es VLAN g rou ps on the selected interface. Use the no for m to restore the defa ult. Syntax switchport allowed vlan { add vlan-list [ tagged | untagged ] | remo ve vlan-list } no switchport allowed vlan • add vlan-lis t - List of VLAN identifiers t o add.
VLAN C OMMANDS 4-207 • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface.
C OMMAND L INE I NTERFACE 4-208 Example The following example shows ho w to prevent port 1 from being added to VLAN 3: Displaying VLAN Information show vlan This comm and shows VLAN infor mation. Syntax show vlan [ id vlan-id | name vlan-name | priv ate-vlan private-vl an-type ] • id - Keyword to be follo wed by the VLAN ID.
VLAN C OMMANDS 4-209 Command Mode Nor mal Exec , Privileged Exec Example The following example shows ho w to display infor mation for VLAN 1: Configuring Private VLANs Priv ate VLANs provide port-based secu rity and isolation between ports within the assigned VLAN .
C OMMAND L INE I NTERFACE 4-210 T o configure pri vate VLANs , follow these steps: 1. Use the priv ate-vl an command to designate one or more isolated or communi ty VLANs and the primary VLAN that will c hannel traffic outside the community groups . 2.
VLAN C OMMANDS 4-211 private-vlan Use this command to create a primar y , isolated or community pri vate VLAN . Use the no for m to remov e the specified privat e VLAN . Syntax priv ate-vlan vlan-id { community | primar y | isolated } no priv ate-vlan vlan-id • vlan-id - ID of private VLAN.
C OMMAND L INE I NTERFACE 4-212 Example private vlan association Use this command to associate a primar y VLAN with a secondar y (i.e ., community) VLAN .
VLAN C OMMANDS 4-213 switchport mode private-vlan Use this command to set the pri vate VLAN mode for an interf ace. Use the no for m to restore the defa ult setting .
C OMMAND L INE I NTERFACE 4-214 switchport private-vl an host-association Use this command to associate an in terface wit h a secondar y V LAN . Use the no for m to remove t his association. Syntax switchport priv ate-vlan host-association second ar y-vlan-id no switchport priv ate-vlan host-association secondar y -vlan-id - ID of secondar y (i.
VLAN C OMMANDS 4-215 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage All ports assigned to an isolated VLAN can pass traffic between group members , but must co mmunicate with resource s outside of the group via a promiscuous port.
C OMMAND L INE I NTERFACE 4-216 show vlan private-vlan Use this command to show the priv at e VLAN configuration settings on this switch. Syntax show vlan pri vate-vlan [ community | isolate d | primar y ] • community – Displays all community VLANs, along with their associated primary VLAN and assigned hos t interfaces.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-217 GVRP and Bridge Extension Commands GARP VLAN Registrati on Protocol defines a way for switc hes to ex chang e VLAN infor mation in orde r to automatic ally regist er VLAN members on interfaces across the netw or k.
C OMMAND L INE I NTERFACE 4-218 Command Mode Global Configuration Command Usage G V R P d e f i n e s a w a y f o r s w i t c h e s t o e x c h an g e V L A N i n f o rm a t i o n i n order to registe r VLAN member s on ports across the network.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-219 switchport gvrp This co mmand enables GVR P for a por t. Use the no for m to disab le it. Syntax [ no ] s wi t ch p ort g vrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example show gvrp configuration This command shows if GVRP is e nabled.
C OMMAND L INE I NTERFACE 4-220 garp timer This comm and sets the values for the join, leav e and leaveall timers . Use the no for m to restore the timers’ defaul t values . Syntax gar p timer { join | leav e | leaveall } ti mer_value no gar p timer { join | leave | leav eall } •{ join | leave | leaveall } - Which timer to set.
GVRP AND B RIDGE E XTENSION C OMMANDS 4-221 Example Related Commands show garp timer (4-221) show garp timer This comm and shows the GARP timers for the selected interface. Syntax show gar p timer [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-222 Priority Commands The com mands described in this section allow you to specify which data packets ha ve g reater precedence when tr affic is buffered in the switch due to congestion. T his switch supports CoS with four priority queues for each port.
P RIORITY C OMMANDS 4-223 queue mode This command sets the queue mode to strict pri ority or W eighted Round-R obin (WRR) for the class of se r vice (CoS) priority queues .
C OMMAND L INE I NTERFACE 4-224 Example The following ex ample sets the queue mode t o strict priority service mode: switchport priority default This command sets a priority for incoming untag ged frames. Use the no for m to restore the default value .
P RIORITY C OMMANDS 4-225 Therefore, any inbound fr ames that do not have priority tags will be placed in queue 0 of th e output port. (Note that if the output port is an untagged mem ber of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission.
C OMMAND L INE I NTERFACE 4-226 Related Commands show queue bandwidth (4-227) queue cos-map This command assigns cl ass of ser vice (CoS) val ues to the priority qu eues (i.e., hardware output queues 0 - 3). Use the no for m set the CoS map to the defaul t values .
P RIORITY C OMMANDS 4-227 Example The fol lowing example shows ho w to map CoS v alue s 0, 1 and 2 to egre ss queue 0, value 3 to egress queue 1, values 4 and 5 to eg ress queu e 2, and va lues 6 and 7 to eg ress queue 3: Related Commands show queue cos-map (4 -228) show queue mode This command show s the cur rent queue mod e.
C OMMAND L INE I NTERFACE 4-228 Command Mode Privileged Exec Example show queue cos-map This command shows the class of service priority map . Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit. (This is unit 1) - port - Port number.
P RIORITY C OMMANDS 4-229 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP por t mapping (i.e., class of ser vice mapping for TCP/UDP sock ets).
C OMMAND L INE I NTERFACE 4-230 Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP P o rt, IP Preceden ce or IP DSCP , and default switchport priority .
P RIORITY C OMMANDS 4-231 Example The following example shows how to map HTTP traffic to CoS value 0: map ip precedence (Global Configuration) This command e nables IP precedence ma pping (i.e., IP T ype of Ser vice). Use the no form to disabl e IP precedence mapping .
C OMMAND L INE I NTERFACE 4-232 map ip precedence (Interface Configurat ion) This command sets IP prec edence priority (i.e ., IP T ype of Ser vice priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-va lue cos cos-value no map ip precedence • precedence-value - 3-bit precedence value.
P RIORITY C OMMANDS 4-233 map ip dscp (Global Configuration) This command e nables IP DSCP mapping (i.e ., Differentiate d Ser vices Code P oint mapping).
C OMMAND L INE I NTERFACE 4-234 Default Setting The DSCP default values are defined in the follo wing table. Note that all the DSCP values that are not specified are mapped to CoS value 0.
P RIORITY C OMMANDS 4-235 show map ip port Use this command to show the IP port priority map . Syntax show map ip port [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-236 show map ip precedence This co mmand shows the IP precedence priori ty map . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - Stack unit.
P RIORITY C OMMANDS 4-237 show map ip dscp This command shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - Stack unit.
C OMMAND L INE I NTERFACE 4-238 Multicast Filtering Commands This switch uses IGMP (Interne t Gr oup Management Protocol) to quer y for any attac hed hosts that w ant to re ceive a spec ific multicast ser vice. It identifies the ports containing hosts requesting a ser vice and sends data out to those ports only .
M ULTICAST F ILTERING C OMMANDS 4-239 ip igmp snooping This command enables IGMP snooping on this switch. Us e the no for m to disable it. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping .
C OMMAND L INE I NTERFACE 4-240 Command Mode Global Configuration Example The following shows how to statica lly configure a multicast g roup on a port: ip igmp snooping version This command configures the IG MP snooping version. Use the no for m to restore the default.
M ULTICAST F ILTERING C OMMANDS 4-241 show ip igmp snooping This command shows the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping and Quer y Pa rameters” on page 3-184 for a description of the displayed items .
C OMMAND L INE I NTERFACE 4-242 Command Mode Privileged Exec Command Usage Member types displayed includ e IGMP or USER, de pending on selected options.
M ULTICAST F ILTERING C OMMANDS 4-243 ip igmp snooping querier This command enables the switch as an IGMP querier . Use the no for m to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will ser ve as querier if elected.
C OMMAND L INE I NTERFACE 4-244 Command Usage The quer y count defines how long the querier waits for a response from a multicast client before taki ng action.
M ULTICAST F ILTERING C OMMANDS 4-245 ip igmp snooping query-max-response-time This command configur es the quer y repor t dela y . Use the no for m to restore the default. Syntax ip igmp snooping quer y-max-r esponse-time seconds no ip igmp snooping quer y-max-response-time seconds - The re por t delay adv er tised in IGMP queries .
C OMMAND L INE I NTERFACE 4-246 ip igmp snooping router-port-ex pire-time This command configur es the quer y timeout. Use the no for m to restore the default.
M ULTICAST F ILTERING C OMMANDS 4-247 Static Multicast Routing Commands ip igmp snooping vlan mrouter This comm and statically configures a mult icast router port.
C OMMAND L INE I NTERFACE 4-248 Example The following shows how to configure port 11 as a multicast router port within VLAN 1: show ip igmp snooping mrouter This command di splays infor mati on on statically configured and dynamically lear ned multicast router por ts .
IP I NTERFACE C OMMANDS 4-249 IP Interface Commands An IP addresses ma y be used for ma nagem ent access to the switch ov er your netw ork. The IP address for this switch is obtained via DHCP b y default.
C OMMAND L INE I NTERFACE 4-250 Default Setting DHCP Command Mode Interface Configuration (VLAN) Command Usage • You must assign an I P address to this device to gain management access over the network. You can ma nually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.
IP I NTERFACE C OMMANDS 4-251 ip default-gateway This command e stablishes a static ro ute between this switch and devices that exist on another network segment.
C OMMAND L INE I NTERFACE 4-252 Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires the server to reassign the client’s last address if available.
IP I NTERFACE C OMMANDS 4-253 show ip redirects This command shows the default gateway confi gured for this device . Default Setting None Command Mode Privileged Exec Example Related Commands show ip interface (4-252) ping This command sends ICMP echo request pack ets to another node on the network.
C OMMAND L INE I NTERFACE 4-254 Command Usage • Use the ping command to see if another s i te on the network can be reached. • Following are some results of the ping command: - Normal response - The normal response occurs in one to ten seconds, depending on network traffic.
A-1 A PPENDI X A S OFTWARE S PECIFICATIONS Software Features Authentication Local, RADIUS , TA CACS , Port (802. 1X), HTTPS , SSH, Port Security Access Control Lists IP , MA C (up to 88 lists) DHCP Cl.
S OFTWARE S PECIFICATIONS A-2 Spanning T r ee Algorithm Spanning T ree Protocol (STP , IEEE 802.1D) Rapid Spanning T ree Prot ocol (RSTP , IEEE 802.1w) VLAN Suppor t Up to 255 groups; por t-based or tag g ed (802.
S OFTWARE S PECIFICATIONS A-3 RMON Groups 1, 2, 3, 9 (Statistics , Histor y , Alar m, Event) Standards IEEE 802.1D Spanning T ree Pr otocol and traffic priorities IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Spanning T ree Protocol IEEE 802.
S OFTWARE S PECIFICATIONS A-4 Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-lik e MIB (R FC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) .
B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connec t using Telnet, web browser, or SNMP software • Be sure the switc h is powered up. • Check network cabling between the managemen t station and the switch.
T R OUBLESHOOTING B-2 Cannot connec t using Secure Shell • If you cannot connect usin g SSH, you may have exceeded the maximum number of concurrent Te lnet/SSH sessions permitted.
U SING S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem y ou encountered is actually caused by the swi tch. If the problem appears to be caused b y the switch, follo w these ste ps: 1.
T R OUBLESHOOTING B-4.
Glossary-1 G LOSSARY Access Control List (ACL) A CLs can limit network traffic and re strict access to certain users or devices by c hecking each pack et for certain IP or MAC (i.
G LOSSAR Y Glossary-2 Dynamic Host Control Protocol (DHCP) Provides a framew ork for passing conf iguration infor mation to hosts on a TCP/IP netwo rk. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allo cation of reusable ne twork addresses and additional configuration options .
G LOSSAR Y Glossary-3 IEEE 802.1D Specifies a general method for the operation of MA C bridg es , including the Spanning T ree Protocol. IEEE 802.1Q VLAN T ag ging—Defines Ethernet frame tags which carr y VLAN infor mation.
G LOSSAR Y Glossary-4 IGMP Query On each subnetw ork, one IGMP-capable devi ce will act as the querier — that is , the device that asks all hosts to repor t on the IP multicast g roups they wish to join or to which they already belong . The elec ted querier will be the device with the lo west IP address in the subnetw ork.
G LOSSAR Y Glossary-5 Link Aggregation See Port T r unk. Link Ag g regation Contr ol Protocol (LAC P) Allows ports to automatically negotiate a tr unked link with LA CP-configured por ts on another device. Management Infor mation Base (MIB) An acronym for Management Infor mati on Base.
G LOSSAR Y Glossary-6 Port Mirroring A method whereby data on a targ et por t is mirrored to a monitor port for troubleshooting with a logi c analyzer or RMON probe .
G LOSSAR Y Glossary-7 Simple Network Management Protocol (SNMP) The application protocol in the Intern et suite of protocols which offers network management services. Simple Network Ti me Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Netw ork Time Protocol (NTP) ser ver .
G LOSSAR Y Glossary-8 User Datagram Protocol (UDP) UDP provides a dat a gram mode for pa cket-s witched communications . It uses IP as the underlying transpor t mechanism to pro vide access to IP-like ser vices . UDP packets are deli vered ju st like IP pac kets – connection-less datag rams that may be discarded before reaching their targets .
Index-1 Numerics 802.1X, port authentication 3-67 A acceptable fr ame type 3-15 5 , 4-203 Access Cont rol List See ACL ACL Extend ed IP 3-79 , 4-117 , 4-118 , 4-122 MAC 3-80 , 4-117 , 4-128 , 4-128 .
I NDEX Index-2 G GARP VLAN Regist ration Protocol See GVRP gateway, default 3-18 , 4-250 GVRP global setting 4-216 interface configuration 3-156 , 4-218 GVRP, global se tting 3-146 H hardware version, displaying 3-13 , 4-84 HTTPS 3-54 , 4-42 HTTPS, secure server 3-54 , 4-42 I IEEE 802.
I NDEX Index-3 P password, line 4-1 7 , 4-18 passwords 2-5 administrator setting 3-48 , 4-35 path cost 3-127 , 3-136 method 3-13 2 , 4-189 STA 3-127 , 3-136 , 4-189 port authentication 3-67 port prior.
I NDEX Index-4 STA 3-124 , 4-183 edge port 3-137 , 3-140 , 4-192 global settings, configuring 3-130 , 4-184 – 4-189 global settings, displaying 3 -126 , 4-196 interface settings 3-134 , 4-191 – 4-.
.
38 T esla Irvine, CA 92618 Phone: (949) 679-8 000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. and Canada (2 4 hours a day , 7 days a week) (800) SMC-4-Y OU; Phn: (949) 679 -8000; Fax: (949) 679-1481 From Europe: Contact details can be found on www .smc-europe.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté SMC Networks SMC6752AL2 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du SMC Networks SMC6752AL2 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation SMC Networks SMC6752AL2, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le SMC Networks SMC6752AL2 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le SMC Networks SMC6752AL2, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du SMC Networks SMC6752AL2.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le SMC Networks SMC6752AL2. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei SMC Networks SMC6752AL2 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.