Gebruiksaanwijzing /service van het product SMC TigerStack IV SMC6224M van de fabrikant SMC Networks
Ga naar pagina of 522
T igerStack 10/100 24/48-P ort 10/100Mbps Stackable Managed Switch Management Guide ◆ 24/48 auto-M DI/M DI-X 1 0B ASE- T/100B ASE-TX ports ◆ 2 Gigabit RJ -45 ports shared with 2 SFP transc ei v er.
.
38 T esl a Irvi ne, CA 9261 8 Phone: (949) 679 -8000 T igerStack 10/100 Management Guide From SMC’ s T iger line of feature-r ich workgro up LAN solutions Ja nuar y 20 05 Pub.
Infor mation fur nished by SMC Networks , Inc . (S MC) is believed to be accu- rate and reliable. How e ve r, no responsibility is assumed by SMC for its use, nor fo r an y infrin ge ments o f pate nts or other r ights of third par tie s which may result from its use.
i L IMITED W ARRANTY Limited W ar ranty Statement: SMC Ne tworks, Inc. (“SM C”) war ra nts its p roduc ts to be free from defects i n workmanship and material s, under nor mal use and ser vice, for the applicable warranty ter m.
L IM ITE D W AR RANTY ii WARRA NTI ES E X CL USIV E: IF AN SM C PRODUCT DOES NOT OPERA TE AS W ARRANTED ABO VE, CUSTOMER’S SOL E REMED Y SHALL BE REP AI R OR REPLA CEMENT OF THE PR OD UCT IN Q UESTION , A T SMC’S OPTION .
iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descr iption o f Software F eatures . .
C ONTENTS iv Display ing Switch Hard ware/Soft ware Ve rsions . . . . . . . . . . . 3-13 Displaying Brid ge Exte nsion Capabilities . . . . . . . . . . . . . . . . . 3-15 Settin g the Switc h’s IP Addr ess . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS v Filter ing Addres ses for M anageme nt Access . . . . . . . . . . . . . . . 3-75 Acces s Control List s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77 Configu ring Acce ss Contro l Lists . . . . . . . .
C ONTENTS vi Display ing Basic VLAN Informa tion . . . . . . . . . . . . . . . 3-148 Display ing Curren t VLAN s . . . . . . . . . . . . . . . . . . . . . . . 3-149 Creatin g VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151 Addi ng Static M embers to V LANs (VL AN Index) .
C ONTENTS vii Telnet C onnectio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Enter ing Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Keywo rds and A rgumen ts . . . . . .
C ONTENTS viii quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 System Ma nagem ent Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 Device Des ignation Commands . . . . .
C ONTENTS ix clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 show log . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS x RADIUS Clien t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96 radius-s erver ho st . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 radius-s erver po rt . . . . . . . . . . . . . . . . .
C ONTENTS xi MAC AC Ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 access -list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 permit , deny (M AC ACL) . . . . . . . . . . . . . . . .
C ONTENTS xii show rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161 Link Ag greg ation Comm ands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-161 channel -group . . . . . . . . . . . . . . .
C ONTENTS xiii Configu ring VLA N Interfac es . . . . . . . . . . . . . . . . . . . . . . . . . 4-198 interfa ce vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-198 switchp ort mode . . . . . . . . . . . . . . . . . . . . .
C ONTENTS xiv map ip prec eden ce (Int erfac e Configur ation) . . . . . . . . . 4-230 map ip ds cp (Globa l Configur ation) . . . . . . . . . . . . . . . . 4-231 map ip ds cp (Inte rface Config uration) . . . . . . . . . . . . . . . 4-231 show map ip port .
C ONTENTS xv A PPEN DICES : A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Manag ement Fe atures . . . . . . .
C ONTENTS xvi.
xvii T ABLES Table 1-1 Key F eatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System De faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Configu ration Opt ions . . . .
T ABLES xviii Table 4-21 SMTP Al ert Command s . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 Table 4-22 Time Co mmands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 Table 4-23 System Stat us Comman ds . . . . . . . . . . .
T AB LES xix Table 4-58 Priority Comma nds (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-220 Table 4-59 Default C oS Priority Le vels . . . . . . . . . . . . . . . . . . . . . . 4-224 Table 4-60 Priority Command s (Layer 3 a nd 4) . . . . . . . .
T ABLES xx.
xxi F IGUR ES Figur e 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figur e 3-2 Panel Disp lay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figur e 3-3 Syste m Informa tion . . .
F IGU RES xxii Figure 3-37 ACL Config urati on - Exten ded IP . . . . . . . . . . . . . . . . . 3-83 Figure 3-38 ACL Config urati on - MAC . . . . . . . . . . . . . . . . . . . . . . . 3-85 Figure 3-39 Binding a Po rt to an ACL . . . . . . . . . . . .
F IGU R ES xxiii Figure 3-74 Queue Mo de . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173 Figure 3-75 Configu ring Queue Sc heduling . . . . . . . . . . . . . . . . . . . 3-174 Figure 3-76 IP Prece dence/ DSCP Priority Status . .
F IGU RES xxiv.
1-1 C HAPTER 1 I NTRODUCTION Th is switch provides a broad rang e of features for La yer 2 sw itchin g. It incl udes a m anagement agent t hat allo ws y ou to con figure the featu res listed in this manual. The default c onfiguration can be used for most of t he featu res p rovid ed b y this swit ch.
I NTR O DU C TI ON 1-2 Descri ptio n of Softwar e Featu res Th e swit ch provides a wide rang e of advanc ed per for mance e nhanc ing featu res . Flo w contro l elimi nates t he loss of pac ket s due to bottl enecks caus ed by por t satu ration . Broad cas t stor m supp ressio n prevents br oadc ast traff ic stor ms from engulfing the n etw ork.
D ESCRIPTION OF S OFTWA R E F EAT UR E S 1-3 Configuration Backup and Restor e – Y ou ca n sa v e the current configuration s ettings to a file on a TFTP ser ver , and later download th is file to restore the swit c h config uration setting s .
I NTR O DU C TI ON 1-4 Rate Limi ting – T his feature controls the maximum rate for traffic tran smitted o r recei v ed on an interf ace. Rate limi ting i s configu red on in terfa ces a t the ed g e of a netw or k to li mit traf fic in to o r out of th e network.
D ESCRIPTION OF S OFTWA R E F EAT UR E S 1-5 Store-and-F orw ard Switching – T he swit ch co pies eac h frame into its memor y befo re f orward ing the m to an ot her por t. T his en sures that all frames are a st andard E thern et s ize and hav e bee n v erified for ac curacy with the cycli c redund ancy ch ec k (CRC ).
I NTR O DU C TI ON 1-6 switch to restr ict traffic to the VL AN g r oups to w hich a use r has bee n assig ned. By segment ing your network into V LANs, y o u can : • El iminat e broad cast st orms w hich se verel y degr ade perf orma nce in a flat ne twor k.
S YSTEM D EFAULTS 1-7 System Default s Th e switch’ s system defaults are provided in the co nfiguration file “Fac tory_D efault_C onfig.cf g.” To re set the s witch defaul ts, this fi le should be set as the startup conf iguration file (page 3-23).
I NTR O DU C TI ON 1-8 Web Manag ement HT TP S e rv er Ena bl ed HTTP Port Number 80 HTTP Secure Se rver Enabled HT TP S e cu re P o rt Num ber 443 SN MP Co mmu nity Str ing s “pu bli c” ( read on.
S YSTEM D EFAULTS 1-9 Virtual LANs Defaul t VLAN 1 PVID 1 Accept able Frame Type All Ingress Filtering Disabled Switchport Mode (Egres s Mode) Hybrid : tagge d/untagg ed frame s GVRP (global) Disabled.
I NTR O DU C TI ON 1-10.
2-1 C HAPTER 2 I NITI AL C ONFI GURATION Connect ing to the Swi tch Configura tion Options The swi tch in cludes a built-i n netw ork managem ent agent. T he agent offe rs a variety o f mana geme nt opt ions, including S NMP , RM ON (Grou ps 1, 2, 3, 9) and a web-bas ed interf ace .
I NI T IA L C ONFIGURATION 2-2 The sw itc h’ s w eb int erface , CLI co nfigur ation prog ra m, and SN MP agent allow you to per for m th e following manag emen t func tions: • S et us er n ames a.
C ONNECTING TO THE S WITCH 2-3 Attach a VT100-compatible ter minal, or a PC r unning a ter minal em ulatio n pro g ram to the sw itc h. Y ou c an use th e con sole ca ble pro vided with this pac kage, or use a nul l-mod em cable t hat compli es wit h the wi ring assig nments s hown in the I nstalla tion Guide.
I NI T IA L C ONFIGURATION 2-4 F or a des cript ion of ho w to use t he CLI, s ee “U sing th e Comman d Line Interface” on pag e 4-1. F or a list of all the CLI commands and detailed inf or mation on usi ng the CLI , refer to “Com mand Grou ps” on page 4-12.
S TAC K O PERATIONS 2-5 Stack Operation s Y ou can stack up to eight SMC6224M units , four SMC6248M units , or four u nits wh en bo th switc h ty pes are s tack ed together . R efer to t he Installation Guide for details on stacking these units . On e unit in the stack acts as the Mast er for configurat ion tasks and fir mwar e upg rade .
I NI T IA L C ONFIGURATION 2-6 Recovering from Stack Failure or Topology Change Note the fo llowing p oints about r ecov ering from a stack c hang e: • When usin g a “line” topo logy, if any link o r unit in the stack fails, the stack will be sp lit into two se parate segments .
B ASIC C ONFIGURATION 2-7 Basic Configuratio n Console Connectio n The CLI program pr ovid es tw o dif ferent comm and l ev els — n or mal access level (Nor mal Exec) and privileged acc ess level (Pri vileg ed Exec).
I NI T IA L C ONFIGURATION 2-8 Setting Passwor ds Note: If th is is your first time to log into the CLI p rogram, you should defi ne new p assword s for both de fault us er names using t he “usern ame” comman d, reco rd them and put them in a safe place.
B ASIC C ONFIGURATION 2-9 Setting an IP Address Y ou must est ablish IP address in for matio n for the stack to obtain manag em ent ac cess t hroug h the network. T his c an be don e in eith er of the following ways: Manual — Y ou have to input the infor m ation, including IP address and subne t mask.
I NI T IA L C ONFIGURATION 2-10 2. T ype “ip addre ss ip-addr ess netmask , ” where “ip -addr ess” is the swi tch IP addr ess and “netma sk” is th e network mask fo r the network. Pr ess <Ent er>. 3. T ype “ exit” t o return to th e glob al conf igurati on mode pr ompt.
B ASIC C ONFIGURATION 2-11 2. At the int erface -confi gurati on mode pr ompt, use on e of t he follo wing commands: • To o btain IP settings v ia DHC P, type “ip addr ess dh cp” and pr ess <Ent er>. • To ob tai n IP set tings v ia BOOT P, type “ip ad dress bo otp” and press <E nter >.
I NI T IA L C ONFIGURATION 2-12 When SN MP mana gement st ation s se nd request s to the sw itc h (eit her to retur n infor m ation or to set a param eter), the switch provides the reques ted dat a or sets t he spec ified para meter .
B ASIC C ONFIGURATION 2-13 2. T o remove an existing string , simply type “no snmp-se r ver community string , ” wher e “stri ng” is the com mun ity access strin g to re mov e . Press <Ent er>. Trap R eceivers Y ou can a lso sp ecify SNMP station s that are to re ceiv e traps from the swit ch .
I NI T IA L C ONFIGURATION 2-14 2. Enter t he name o f the st ar t-up fi le . Press <E nter>. Managi ng Sys tem F iles Th e switch’ s f lash memo r y suppo r ts three ty pes of sy stem file s that can be man ag ed b y the CLI program, w eb int erface , or SN MP .
M ANAG ING S YSTEM F ILES 2-15 Due to th e size limit of the f l ash memor y , the s witch supp or ts only two operation c ode files . Ho wever , you can hav e as many diagnostic code files and config uration files as av ailable f lash memo r y space allows .
I NI T IA L C ONFIGURATION 2-16.
3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using th e Web Inter face Th is switch pr ovides an e mbed ded HTTP web age nt. U sing a web brows er y ou can configure the s witch and view statis tics to monito r netw ork acti vity .
C ONFIGURING THE S WI T CH 3-2 Notes: 1. You are al lowed th ree at tempts to ente r the cor rect p assword ; on th e third failed at tempt t he curr ent connec tion i s termina ted. 2. If you log into th e web interface as guest (Normal Exe c level), you c an vie w the co nfigura tion s etting s or c hange the gues t password.
N AVIGA TING THE W EB B RO WS E R I NTE RF A CE 3-3 Naviga ting the We b Br owse r Inter face T o access th e web-b rowser in terface yo u must first enter a us er name a nd passw ord. The administrato r has R e ad/W rite ac cess to all co nfiguration paramet ers a nd stati stics .
C ONFIGURING THE S WI T CH 3-4 Configura tion Options Config urable paramet ers ha ve a dialog box or a dro p-do wn list . Once a config urati on chan ge has been ma de on a pag e, be su re to c lick on the Apply button to conf ir m the new se tting .
M AIN M ENU 3-5 Main Menu Using the on board w eb a g ent, y ou can def ine sys tem para meters , manage and cont rol the switch, an d all its por ts , or m onitor network condition s . Th e follo w ing table brie fly des cribes the sele ctions av ailable from this prog ram.
C ONFIGURING THE S WI T CH 3-6 SNTP 3-42 Conf iguration Configu res SNTP client settings , including broadc ast mode or a specif ied list of servers 3-4 2 Cloc k Time Z one Sets the local ti me zone f.
M AIN M ENU 3-7 IP Filter Sets IP addr esses of cli ents allowed manage ment acce ss via the web, SNMP, and Telnet 3-7 5 Por t 3-8 8 Port I nformati on Displays port connecti on stat us 3-88 Trunk Inf.
C ONFIGURING THE S WI T CH 3-8 Output Port C onfigurat ion Sets the output ra te limit for e ach port 3-114 Output Trunk Co nfiguratio n Sets the output ra te limit for e ach trunk 3-114 Port Statisti.
M AIN M ENU 3-9 Static Members hip by Por t Configu res membership ty pe for interfaces, inclu ding tagged, u ntagged or forbidden 3-156 Port Configur ation Spec ifies defaul t PVID and VLAN attribute.
C ONFIGURING THE S WI T CH 3-10 Queue Sched uling Configur es Weighted Ro und Robin qu euei ng 3-174 IP Prece dence/ DSCP Priority Status Globally se lects IP Preced ence or DSCP Priorit y, or disables both.
B ASIC C ONFIGURATION 3-11 Basic Configuratio n Displaying System I nformation Y ou can e asily identify the sys tem b y displa ying the device n ame, l ocatio n and c ontact infor mation . Field Att ributes • System Name – Name as signed t o the s witch s ystem.
C ONFIGURING THE S WI T CH 3-12 We b – Click Syste m, S ystem I nfor matio n. Spe cify the syst em n ame, locati on, and co ntact infor matio n for th e s ystem a dministr ator , then c lick Apply . (Thi s pag e a lso inc ludes a T el net butt on tha t allows access to the Command Line Interfac e via T elne t.
B ASIC C ONFIGURATION 3-13 CLI – Specify the hostname, location and con tact infor m ation. Displaying Switch Hardware/Software Vers ions Use the Switch Infor mation p age to display hardware/fir mware version n umbers for the main board an d management softw are, as well as the po wer status of t he syste m.
C ONFIGURING THE S WI T CH 3-14 • Internal Power Statu s – Disp lays the stat us of the internal po wer supply . Manag ement Softw ar e • Loader Vers ion – Vers ion nu mber of loa der co de. • Boot- ROM V ersio n – Version of Power-On Self-Test (POST) and boot co de.
B ASIC C ONFIGURATION 3-15 CLI – Use the following command to di splay v e rsion infor mation. Displaying Bridge Extension Capabilit ies Th e Brid g e MIB includ es ex tension s for ma nag ed devic es tha t suppor t Multicast Filte ring, T raffic Classe s , and Virtual LANs .
C ONFIGURING THE S WI T CH 3-16 • Configurable PVID Tagging – This switc h allows you to override the defa ult Port VL AN ID (PVID u sed in frame tag s) and egress status (VLAN -Tagge d or Unta gged ) on each port. ( Refer to “VLAN Configuration” on page 3-143.
B ASIC C ONFIGURATION 3-17 CLI – Enter the following comman d. Setting the Switch’s IP Addres s Th is sec tion des crib es how to co nfig ure an IP inte rface for man age ment acces s ov er the netw ork. The IP addres s for the stack i s obtain ed via DHCP b y default.
C ONFIGURING THE S WI T CH 3-18 Requests will be broad cast periodically by the switch for an IP address. (DHCP /BOOTP values can includ e the IP addres s, subn et mask, an d defau lt gatew ay.) • IP Address – Ad dress of the VLA N interface that is allowed manag ement ac cess.
B ASIC C ONFIGURATION 3-19 CLI – Specif y the mana g ement interface , IP ad dress an d default gatew ay . Usin g D HCP/ BOO TP If y o ur ne twork p rovide s D HCP/B OO TP s er vic es, you can con fig ure the swit ch t o be dyna mically co nfigur ed by t hese se r vices .
C ONFIGURING THE S WI T CH 3-20 CLI – Specify the manag eme nt inte rface, and set the I P addre ss mod e to DHCP or BO OTP , and then ente r the “i p dh cp re sta rt” com mand . Renewing DCHP – DHC P may le ase a ddr esses to cli ents i ndef ini tely or for a specific period of tim e.
B ASIC C ONFIGURATION 3-21 Managing Fir mware Y ou can up load/ download fir m ware to or from a TFTP se r ver, or copy files to and from switch units in a stack. By saving r unti me code to a file on a TFTP ser ver , tha t file can la ter be downloade d to the switch to restore oper ation.
C ONFIGURING THE S WI T CH 3-22 Download ing System Softwar e from a Server When d ownl oading runtime code , yo u can s pecify t he dest inati on fi le name t o replace the cu r rent image, or fi rst do wnload the file us ing a differe nt na me from th e current r untim e code fi le, an d then s et the new file as t he star tup file .
B ASIC C ONFIGURATION 3-23 If you do wnload to a new dest ination file, g o to the Sys tem/File/Se t Start -Up menu, mark the operation code file used at star tup , and click Appl y . T o start the new fir mw are, reboot th e system via the Sys tem/R eset menu.
C ONFIGURING THE S WI T CH 3-24 CLI – T o down load ne w fir mware for m a TFTP se r v er, ente r the IP addr ess of the TFT P ser ver, select “opco de” as th e file type, the n ent er the source and destin ation file names .
B ASIC C ONFIGURATION 3-25 - runn ing-co nfig t o startu p-config – Co pie s the runn ing co nfig to the start up co nfig. - runni ng-co nfig to tftp – Co pies the running configuration to a TFTP serv er. - startu p-config to fi le – Copies t he startup con figuration to a file on the s wit ch.
C ONFIGURING THE S WI T CH 3-26 Download ing Config uration S etting s from a Ser ver Y ou can d ow nload th e conf igurati on fi le under a new file na me an d then set i t as th e startup file , or you c an sp ecify th e cur rent startup configurati on file as th e destination file to directly re place it.
B ASIC C ONFIGURATION 3-27 If you down load to a new file name us ing “tf tp to s tar tup -config ” or “tf tp to file, ” t he file is automatic ally set as the st art-up configuration file. T o use the ne w sett ings , reboot the syst em via the System/R eset me nu.
C ONFIGURING THE S WI T CH 3-28 Conso le P ort Set ting s Y ou can access the onboard c onfig uration program by attach ing a VT100 compa tible de vice to the swi tch ’ s serial consol e port.
B ASIC C ONFIGURATION 3-29 • Speed – Sets th e ter mina l line’ s baud ra te for tr ansmit ( to ter minal ) and receive (from ter minal ). Set the s peed to match the baud rate of the device connected to the serial port .
C ONFIGURING THE S WI T CH 3-30 CLI – Ente r Line Co nfiguratio n mode for the c onsol e, then speci fy the con nection p aramete rs as required. T o displ ay t he current cons ole p or t sett ings , us e the show line command fr om the Nor mal E xec leve l.
B ASIC C ONFIGURATION 3-31 • Telnet Port Numbe r – Set s the TCP port nu mber for T elnet on the switch. (De fault: 23) • Login Timeout – Se ts th e inte r va l tha t the system wa its for a u ser t o log into the CLI. If a login attempt is not de tecte d within th e time out inte rval, t he conne ction i s terminat ed for the ses sion.
C ONFIGURING THE S WI T CH 3-32 We b – Clic k System, Line , T elnet. Spe cify th e connecti on paramet ers for T elne t access , then clic k Apply . Figure 3-14 Enabl ing Telnet CLI – Enter Line Con figuration mode fo r a vir tual ter minal, th en specify the co nnection parameters as requi red.
B ASIC C ONFIGURATION 3-33 Configur ing Event Logging Th e switc h all o ws you to control the log ging of er ror messag es , including the type of ev ents t hat are reco rded in switc h memor y , log ging t o a remote Syst em Log (s yslog) ser ve r , and di spla ys a li st of re cent eve nt messages .
C ONFIGURING THE S WI T CH 3-34 • RAM Level – Limits log messa ges saved to the swi tch’s te mporary RAM memory for all levels up to th e specified level. For example, if level 7 is specified, all me ssages from leve l 0 to level 7 will be lo gged to RAM.
B ASIC C ONFIGURATION 3-35 We b – Click Sys tem, Log, System Logs . Specif y System Log Status , set the lev el of ev ent mes sages to be lo g ged to RAM and f lash me mor y , then cli ck Apply . Figure 3-15 System Logs CLI – Enab le system log ging and then speci fy the l ev el of m essages to be log ged to RAM and flash mem or y .
C ONFIGURING THE S WI T CH 3-36 The fac ility ty pe is us ed by th e sysl og server to disp atch lo g messag es to an approp riate ser vice. The attribute spe cifies the facility type t ag sen t in sys log mess ages. (Se e RFC 3164.) This type has no effect on the kind of messages reported by t he switch .
B ASIC C ONFIGURATION 3-37 We b – Cli ck Sy stem , L og, Remot e L ogs. T o a dd a n IP add res s t o th e Hos t I P L i s t , t y p e t h e n e w I P a d d r e s s i n t h e H o s t I P A d d r e s s b ox , a n d t h e n c l i c k Add. T o delete an IP add ress , cli ck th e entry in the Hos t IP Li st, and th en click R e mov e.
C ONFIGURING THE S WI T CH 3-38 Displaying Log Messages Th e Logs pag e allows y ou to scroll t hrough the log g ed syste m and eve n t messages . Th e switc h can sto re up to 2048 lo g entries in tem porary random access me mor y (RAM; i.e., memo r y f lushed on power reset) and up to 4096 entries in per m anent flash memor y .
B ASIC C ONFIGURATION 3-39 Send ing Simple Mail Transfer Proto col Alerts T o alert sy stem admin istra tors of proble ms , the swi tch can use SMT P (Simpl e Mail T ransfe r Pr otocol ) t o send email messag es when trig g ered by log ging ev ents o f a speci fied lev el.
C ONFIGURING THE S WI T CH 3-40 We b – Clic k System, Log, SMT P . Enabl e SMTP , speci fy a source email addre ss, and select the minimum sev erity lev el. T o add an IP address to the SMTP Ser v er List, type t he new IP add ress in the SMTP Ser ver fie ld and click Add.
B ASIC C ONFIGURATION 3-41 CLI – Enter t he IP addr ess o f at least one SMT P ser v er, set th e syslog severity lev el to trig g er an email messag e, and specify the switch (source) and up to fiv e recip ient (destina tion ) emai l address es . En able S MTP with the lo g g ing sendmail co mmand to com plete th e confi guration .
C ONFIGURING THE S WI T CH 3-42 CLI – Use th e reload com mand to rest ar t th e swit ch. When pro mpted, confir m that you want to reset th e switch.
B ASIC C ONFIGURATION 3-43 • SNTP Se rver – Set s the IP address for up to thr ee time server s. Th e switch a ttempts to update the t ime from the fir st server , if this fails it attemp ts an up date from th e next se rver in the sequ ence. We b – Select SNTP , C onfigurati on.
C ONFIGURING THE S WI T CH 3-44 Setti ng the Ti me Zone SNTP uses Coordi nated Uni v ersal Time ( or UTC , for merly Greenw ich Mean Time , or GMT) based on the time at the E ar th ’ s prim e meri dian, zero deg rees lo ngitud e .
S IMP LE N ETWORK M ANAG EMENT P RO T O C O L 3-45 Simple Ne twork Managemen t Protocol Simpl e Network Manag eme nt Prot ocol ( SNMP) is a c ommunica tion prot ocol designe d spec ifica lly for ma nagi ng dev ices on a network. Equipm ent commo nly managed with SNM P include s switc hes , routers and hos t comp ut ers .
C ONFIGURING THE S WI T CH 3-46 • Acc ess Mo de - Read-Only – Specifies read-o nly acce ss. Au thoriz ed managem ent stations are only able to retrieve MIB objects. - Read/Write – Specifie s read -write a ccess. Au thor ized m anage ment station s are able to both retrieve and mo dify MIB obje cts.
S IMP LE N ETWORK M ANAG EMENT P RO T O C O L 3-47 Command A ttribut es • Trap Manager C apability – T his switc h supports up to five trap managers. • Current – Displ ays a lis t of th e trap m anagers curren tly con figured . • Trap Manager IP Addres s – IP add res s of th e hos t (the targ eted reci pien t).
C ONFIGURING THE S WI T CH 3-48 CLI – This example adds a trap manager and e nables bo th authentica tion and link-u p , link -down traps. User A uthen ticatio n Y ou can rest rict manageme nt access to this sw itch using the following optio ns: • Use r Ac cou nts – Ma nual ly c onfi gur e acce ss r ights on th e switc h fo r specified users.
U SER A UTHENTICATION 3-49 Command A ttribut es • Account List – Disp lays th e current list o f user accounts and associa ted access levels. (D efaults: admin, an d guest) • New Account – Displays configuration sett ings for a new account. - User N ame – The name of the user.
C ONFIGURING THE S WI T CH 3-50 CLI – Assig n a user name to access-lev el 15 (i. e., administ rato r), th en spe cify th e passw ord. Configur ing Local/Remote Logo n Authenticatio n Use the A uthentic ation Setting s men u to restrict manageme nt acces s based on spec ified user nam es and pas sw ords .
U SER A UTHENTICATION 3-51 Command U sa ge • By defau lt, man agement ac cess is always ch ecked again st the auth entica tion d ataba se st ored on the lo cal swit ch. If a remote auth entica tion ser ver is used, y ou must sp ecify t he authent ication seque nce and the corresp onding p arameters f or the remo te authe ntic ation pr otoc ol.
C ONFIGURING THE S WI T CH 3-52 • RADIUS S ettings - Global – Provides glo bally applicable RADIUS set tings. - ServerIndex – Specifies one of five RA DIUS servers that may be config ured. T he swi tch attem pts aut henticat ion usi ng th e listed seque nce of server s.
U SER A UTHENTICATION 3-53 We b – Click Security , A uth entica tion Se ttings . T o co nfigure local or rem ote auth entica tion p referen ces , speci fy the a uthen ticati on seq uence (i.e., one to th ree meth ods), fill in the para meters for RADIUS or T A CA CS+ authent ication if select ed, and clic k Apply .
C ONFIGURING THE S WI T CH 3-54 CLI – Sp ecify a ll the requi red para meters to enable log o n auth entica tion. Configur ing HTTPS Y ou can c onfigure t he swit ch to enable t he Secure H yper text T ransf er Proto col (HT TP S) over the Sec ure S ocket Layer (SS L), providing secur e acces s (i.
U SER A UTHENTICATION 3-55 • When you star t HTTPS, the connect ion is establi shed in th is way: - T he c lient aut hentica tes the server using th e ser ver’s di gital certif icate. - T he cl ient and ser ver nego tiate a se t of secur ity protoc ols to use for the connect ion.
C ONFIGURING THE S WI T CH 3-56 We b – Click Sec urity , HTTPS Settings . Enable HTTPS and specify the por t num ber, then click Ap ply . Figure 3-26 HTTPS Settings CLI – This example e nables t he HTTP secur e ser ve r and modifi es the por t num ber .
U SER A UTHENTICATION 3-57 When y o u ha v e obtain ed these , place t hem on y our TFTP s er v er, an d use the fol lowi ng comm and at th e switc h's comm and-line interface t o replace the d efault ( unr ecogniz ed) cer tifica te wi th an auth oriz ed one : Note: The swi tch mus t be re set for the new certi fic ate to be act ivate d.
C ONFIGURING THE S WI T CH 3-58 Command U sa ge The SSH ser ver on this switc h su pports bot h passw ord and public k ey auth entica tion. I f passw ord authe nticati on is sp ecifie d by t he SSH cl.
U SER A UTHENTICATION 3-59 3. Import Client’ s Public Key to the Switch – Use the copy tftp publ ic-key command (p age 4-86) to copy a fi le contai ning the pu blic k ey for all the SSH c lien t’ s g rante d man ag eme nt acce ss to th e swi tch.
C ONFIGURING THE S WI T CH 3-60 e. T he s witch co mpar es th e de cr yp ted byt es to the origin al byte s it se nt. If the two set s match, this means th at the c lient's priv ate key cor respon ds to an authorized public key , and the client is auth enticate d.
U SER A UTHENTICATION 3-61 the client to select either DES (56-bit) or 3DES (168-b it) for da ta encr yption . • Save Host-Key from Memory to Flash – Saves th e host key from RAM (i.e., vo latile memory to flas h m emory. Otherwi se, t he host key pair is stored to RAM by default.
C ONFIGURING THE S WI T CH 3-62 CLI – This exam ple generates a host-k ey pair usi ng bo th the RSA and DSA a lg or ithm s , sto res t he keys to f l ash me mo r y , a nd th en dis plays the host’ s publ ic keys . Confi guring t he SSH Server The SSH se r ver inc ludes b asic se ttings for auth enticatio n.
U SER A UTHENTICATION 3-63 fails and th e clien t has to restar t the a uthenti catio n proces s. (Range: 1-5 time s; D efault: 3) • SSH Server-Key Size – Specifies t he SSH server key size. (Range: 512-896 bits; Default:768) - The server key is a pr ivate key t hat is neve r shared ou tside the switch.
C ONFIGURING THE S WI T CH 3-64 CLI – This example ena bles SSH, s ets th e auth entica tion para meter s , and disp la ys the cur rent confi gurati on. It sho ws that the admi nistra tor has mad e a connec tion via SHH, an d then disables this connecti on.
U SER A UTHENTICATION 3-65 already in the address table wil l be retained an d will no t ag e out. An y othe r device that attempts to use the por t will be pre v ented from ac cessing the switch. Command U sa ge • A secur e port h as the fo llowing restrict ions: - It c annot u se por t monito ring.
C ONFIGURING THE S WI T CH 3-66 We b – Click Security , P or t S ecurity . Set the action to ta ke when an invalid addr ess i s dete cted on a por t, ma rk th e checkbox in the St atus c olum n to enab le securi ty for a port , s et the m aximu m numb er of MA C add resses allowe d on a por t, and click Appl y .
U SER A UTHENTICATION 3-67 Th is switch uses the Extensib le A uth entica tio n Prot ocol o ver LA Ns (EAPOL ) to ex c hang e au thenti cati on prot ocol m essag es with the cl ient, an d a re mote RA DIUS a uthen tic ation ser v er to v erify user ident ity a nd ac cess righ ts .
C ONFIGURING THE S WI T CH 3-68 • The RADIUS server and 802.1X client support EAP. (The switch only supp orts E APOL in or der to pas s the EA P pa cke ts from the s erve r to the clie nt.) • The RADIUS s erver and clie nt also have to support t he same EAP authe ntic ation type – MD 5.
U SER A UTHENTICATION 3-69 CLI – T his example sho ws the default global setting for 802.1X. Confi guring 802. 1X Global Set tings The 802.1X protocol includes port authentication. The 802.1X protocol mu st be enabled global ly for t he switc h system before port setting s are acti ve .
C ONFIGURING THE S WI T CH 3-70 CLI – This example e nables 802.1X globally for the switch. Confi guring Por t Settin gs for 8 02.1X When 802.1X is enabled, y ou need to configure the parameters for the auth entica tion p roces s that r uns betw een the clien t and t he swi tch ( i.
U SER A UTHENTICATION 3-71 • Max-Req – Se ts the maximum numb er of times the swit ch port will retransmit an EAP request packet to the client before it times out th e au thenti cati on s essio n.
C ONFIGURING THE S WI T CH 3-72 CLI – T his example sets the 802.1X parameters on port 2. For a des cript ion of th e addit ion al field s disp laye d in this e xampl e, see “s how dot1x” on page 4-112.
U SER A UTHENTICATION 3-73 Displaying 802.1X Statistics Th is switch can display statist ics for dot1x protocol e x changes for any por t. Table 3-5 802.1X Statistics Parameter Description Rx EAPOL Start The number of EAP OL St a rt frames that ha ve been receive d by this Authentica tor.
C ONFIGURING THE S WI T CH 3-74 We b – Select Sec urity , 802.1X , Statistics . Select the require d por t and then click Quer y . Click R efresh to upda te the statist ics . Figure 3-33 Displaying 802.1X Port Statistics CLI – This example d isplays the 802.
U SER A UTHENTICATION 3-75 Filte ring Addresses for Managem ent Acce ss Y ou create a list of up to 16 I P address es or IP a ddress groups that ar e allowe d manag ement ac cess to the sw itch through the web interface, SNMP , or T elne t . Command U sa ge • The m anage ment inter faces ar e open to all IP addr esses by d efault.
C ONFIGURING THE S WI T CH 3-76 • Start IP Address – A single I P address, o r the s tarting add ress of a rang e. • End IP Address – Th e end addr ess o f a range. • Add/Remove Filtering Entry – Adds /rem oves an IP ad dress fr om the lis t.
A CCE SS C ONTR OL L IST S 3-77 CLI – This exampl e allo ws SNM P access f or a sp ecific cl ient. Acce ss Cont rol List s Acce ss Contro l Lists (A CL) prov ide pac ket filteri ng for I P frames (based on ad dres s , protoc ol, Layer 4 prot ocol p or t number or TCP c ontrol c ode) or an y frames (b ased on MA C address or Ethernet typ e).
C ONFIGURING THE S WI T CH 3-78 Command U sa ge The fol lo wing restri ctions apply to A CLs: • Eac h AC L can ha ve up to 32 ru les. • The m axi mum numb er o f A CLs i s 8 8. • However , due to reso urce rest rictions, the avera ge number of rul es bound to t he ports s hould not ex ceed 20.
A CCE SS C ONTR OL L IST S 3-79 - MAC : MAC A CL mode that fil ters pac kets b ased on the sou rce or d estination MAC ad dress and t he Ethe rnet frame typ e (RFC 1060).
C ONFIGURING THE S WI T CH 3-80 Confi guring a Stan dard IP ACL Command A ttribut es • Act ion – An ACL can contain any com binatio n of perm it or de ny rules.
A CCE SS C ONTR OL L IST S 3-81 We b – Spec ify the action ( i.e ., P er mit or Deny). Se lect t he addres s type (Any , Host , or IP) . If y ou se lect “Host , ” enter a s pecific a ddres s . If y ou sele ct “IP , ” en ter a su bnet addre ss an d the ma sk for an add res s ran ge.
C ONFIGURING THE S WI T CH 3-82 to sp ecify a ra nge of ad dresses with th e Address and SubM ask fields . (Options: Any, Host , IP; Defau lt: Any) • Source/Destination Addr ess – Source o r destin ation IP addres s. • Source/Destination Subnet Mask – Subnet mask for source o r dest inatio n addr ess.
A CCE SS C ONTR OL L IST S 3-83 For exam ple, use the code va lue and mask b elow to c atch p ackets wit h the following flags set: - SYN flag valid, use cont rol-code 2, cont rol bitmask 2 - Bot h SY.
C ONFIGURING THE S WI T CH 3-84 3. P er mit all TCP pack ets from class C addresses 192.168.1.0 w ith the TCP cont rol co de set to “SYN . ” Confi guring a MAC ACL Command A ttribut es • Act ion – An ACL can contain any com binatio n of perm it or de ny rules.
A CCE SS C ONTR OL L IST S 3-85 We b – Specify th e action (i.e ., P er mit or Deny). S pecify th e source an d/or dest inatio n add resses . Se lect the address type ( Any , Ho st, or MA C). I f you select “Ho st, ” ente r a sp ecific ad dress ( e .
C ONFIGURING THE S WI T CH 3-86 Binding a P ort to an Access Control Lis t Aft er con figur ing Acce ss Co ntrol Lists (A CL), y ou shoul d bin d them to the p or ts that n eed to filter traffic. Y ou can assig n one IP acc ess list to any port, bu t yo u can o nly assi gn on e MA C access list t o all the po r ts on the switch.
A CCE SS C ONTR OL L IST S 3-87 We b – Click Security , A CL, P or t Binding . Mark the Enabled field for the port you w ant t o bind to an A CL, select the re quired A CL from the drop-down list, th en click Apply .
C ONFIGURING THE S WI T CH 3-88 Port Con figuratio n Displaying Connection Status Y ou can us e the P or t Infor ma tion or T r un k In for matio n pag es to display the cur rent c onne ction status , incl uding link sta te, s peed/dup lex mod e, flow co ntrol , and aut o-negotiation .
P ORT C ONFIGURATION 3-89 We b – Click P or t, Po r t In for matio n or T r unk In for matio n. Figure 3-40 Displaying Port/Trunk Information Field Attrib utes (CLI) Basic In for mation: • Port t ype – Indicates the port type. ( 100BASE-TX, 1000BA SE-T, or SFP) • MAC address – The p hysic al layer addres s for th is po rt.
C ONFIGURING THE S WI T CH 3-90 - 10full - Suppo rts 10 Mbps full-duple x operat ion - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-dup lex operation - 1000full.
P ORT C ONFIGURATION 3-91 CLI – This exampl e show s the co nnection status fo r P or t 5. Configur ing Interface Connections Y ou can use the P or t Configuratio n or T r unk Conf iguration page to.
C ONFIGURING THE S WI T CH 3-92 • Autonegotiation ( Port Capabilities) – Allows aut o-negot iation to b e enabled/disab led. When auto-n egotiation is enabled, you nee d to speci fy the cap abilities to be a dvertised. W hen auto -negotiat ion is disa bled , you can fo rce th e set ting s for speed , mo de, and flow control.
P ORT C ONFIGURATION 3-93 We b – Click P or t, P or t Config uration or T r unk Configuration. Modi fy the required interface settings , and click Apply . Figure 3-41 Port/Trunk Configuration CLI – Select the inte rface, and t hen ent er the r equire d settin gs .
C ONFIGURING THE S WI T CH 3-94 automatic ally nego tiat e a tr unke d link with L A CP-config ured ports on anoth er device . Y ou can config ure any n umber of por ts on the sw itc h as LA CP , as long as the y are not already co nfigured as par t of a static t r unk.
P ORT C ONFIGURATION 3-95 Stati cally Conf iguring a Tru nk Command U sa ge • When config uring static trunks, you may not be able to link switc hes of di fferent t ypes, de pendi ng on the manu facturer’ s implemen tatio n. Howeve r, note that th e st atic tr unks on this sw itch are Cisco Ethe rCha nnel c ompa tible.
C ONFIGURING THE S WI T CH 3-96 We b – Click P or t, T r unk Membership . Enter a tr unk ID of 1-4 in the T runk field, s elect any o f the switc h ports fro m the scro ll-do wn port list, and c lick A dd. Aft er you hav e comple ted addi ng ports to t he member list, click Apply .
P ORT C ONFIGURATION 3-97 CLI – Th is example cre ates trunk 2 with p or ts 1 and 2. J ust conne ct thes e por ts to two static tr un k por ts on anot her switch to fo r m a tr u nk.
C ONFIGURING THE S WI T CH 3-98 • A trunk formed w ith another switc h using LACP will automatically be assi gned th e next available t runk ID. • If m ore th an eigh t po rts att ach ed to the s .
P ORT C ONFIGURATION 3-99 CLI – T he f oll owing exa mp le en able s LACP f or p or ts 1 t o 6. J us t co nnec t these ports to LA CP-e nabled trunk po r ts on an othe r switc h to fo r m a tr unk.
C ONFIGURING THE S WI T CH 3-100 Note: If the po rt chann el adm in key (l acp adm in key, page 4-168) is not set (t hroug h the CL I) wh en a ch annel gro up is forme d (i.
P ORT C ONFIGURATION 3-101 We b – Click P or t, LA CP , Ag gr eg ation P o rt. Set the System Priori ty , Admin Key , and Po r t Priority for t he P or t Actor .
C ONFIGURING THE S WI T CH 3-102 CLI – The follow ing examp le configure s LA CP paramet ers for ports 1-4. P ort s 1-4 ar e used as a ctiv e me mbers of the LA G .
P ORT C ONFIGURATION 3-103 Displa ying LACP Port Coun ters Y ou can dis play sta tistic s for L A C P prot ocol mes sag es . We b – Click P or t, LA CP , P o rt Counte rs Infor matio n. Select a member port to di spla y the correspond ing in for mation.
C ONFIGURING THE S WI T CH 3-104 CLI – The follo wing ex ample dis pla ys LA CP counte rs . Displa ying LACP Sett ings and Sta tus for the Local S ide Y ou c an display configuration set tings and the oper ational state for th e local side of an link ag g re g ation.
P ORT C ONFIGURATION 3-105 Admi n Sta te, Oper Stat e Administra tive or operatio nal values of the ac tor’s sta te parameters: • Expire d – The actor’s receive machine is in the exp ired stat.
C ONFIGURING THE S WI T CH 3-106 We b – Click P or t, LA CP , P o rt Inter nal Infor matio n. Select a por t channel to disp lay th e cor resp ondin g infor mat ion.
P ORT C ONFIGURATION 3-107 Displa ying LACP Settings and Status for the Remote Side Y ou c an display configuration set tings and the oper ational state for th e remote side of an link ag g reg ation .
C ONFIGURING THE S WI T CH 3-108 We b – Click P or t, LA CP , P o rt Neigh bors Infor mation. Select a por t channel to display the cor re sponding info r matio n.
P ORT C ONFIGURATION 3-109 Setting Broadcast Storm Thresholds Broadc ast st or ms m ay occu r when a d evice on your n etwo rk is malfunctionin g, or if application prog rams are no t w ell d esigned or pro perly co nfigured.
C ONFIGURING THE S WI T CH 3-110 We b – Click P ort, P ort/T r unk Br oadcas t Contro l. Set the t hresh old, mark the En abled fiel d for the desired interface and clic k Apply .
P ORT C ONFIGURATION 3-111 CLI – Specif y any inter face, a nd th en en ter the thre shol d. T he f ollowin g di sables br oadcas t storm contr ol for p ort 1, and then set s broa dcast supp ressio n a t 600 oct ets pe r s econd for por t 2 (w hich a pplies to all por ts).
C ONFIGURING THE S WI T CH 3-112 Command A ttribut es • Mirro r Sessions – Displays a list of current mirro r sessions. • Source Unit – The unit whose port traffic will be moni tored. (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) • Source Port – The po rt who se tr affic wi ll be monito red.
P ORT C ONFIGURATION 3-113 CLI – Use the int erfa ce comm and to se lect the mo nitor por t , the n us e th e port monit or comma nd to s pecify the sourc e port and traffi c type . Configur ing Rate Limits Th is func tion allows the network manag er to cont rol the ma ximum rate for traffic transmi tted or receiv ed on a po rt.
C ONFIGURING THE S WI T CH 3-114 We b – Click P or t, Rate Limit, Granularity . Se lect the require d rate limit g ran ularity for F ast Ethernet and Gigabit Ethe r net, and click app ly . Figure 3-50 Rate Limit Granular ity Configuration CLI - T his exam ple sets and d ispl ays Fast Et her n et an d Gi g abit E th er net g ran ularity .
P ORT C ONFIGURATION 3-115 We b – Click P or t, Rate Limit, Input/Out put P or t/T r unk Co nfiguration. Enable the Rate Limit Statu s for the requir ed interf aces, set the Rate Limit Level, and click Apply .
C ONFIGURING THE S WI T CH 3-116 Note: RMON groups 2, 3 and 9 can only be acce ssed usin g SNMP management so ftware such as SMC EliteView. Table 3-9 Port Statistics Parameter Description Interface Stat istics Received Octets The total number o f octets rece ived on the i nterface, including framing characters.
P ORT C ONFIGURATION 3-117 Transmit Multicast Packets The total number of packets tha t higher-level protocols requested be transmitted, an d whic h wer e addr essed to a multicast address at this sub-laye r, including those that were discar ded or not sent.
C ONFIGURING THE S WI T CH 3-118 Multiple Collis ion Frames A count of succes sfully transm itted frames for which transmiss ion is inhibited by more than one co llision. Carrier Sense Errors The n umber of tim es that the carrier sense con dition was lost or n ever asserted when attemptin g to transmit a fr ame.
P ORT C ONFIGURATION 3-119 Multicast Frames The total number of good frames rec eived that were directed to this multicast ad dress. CRC/ Ali gnme nt E rro rs The num ber of CRC /alignment errors (FCS or alignment errors).
C ONFIGURING THE S WI T CH 3-120 We b – Click P or t, P or t Statistics . Se lect the require d int erface , and click Quer y . Y ou can also u se the Refr esh bu tton at the b ottom o f the pag e to update the screen.
P ORT C ONFIGURATION 3-121 CLI – T his e xample show s statistics for port 13. Cons ole#s how i nter faces cou nters ethe rnet 1/ 13 4-15 2 Ethe rnet 1/ 13 Ift able stats : Octets in put: 86 8453, O.
C ONFIGURING THE S WI T CH 3-122 Addre ss T able Sett ings Switches store t he add resse s for all known devices . Th is infor mation is used to pass traff ic dir ectly be twee n the inb ound and outb ound ports . All the add resse s learned b y moni toring tra ffic are stored in the dy namic addre ss table .
A DDR E SS T ABLE S ETTINGS 3-123 We b – Click Address T a ble, Static Addresses . Specify th e interface, the MA C address and VLAN , then click Add St atic Addr ess . Figure 3-53 Configuring a Static Addr ess Table CLI – T his e xample adds an address to t he static addre ss table , but set s it to be delete d when the sw itch is reset.
C ONFIGURING THE S WI T CH 3-124 Displaying the Address Table The Dynami c Addres s T able c ontain s the MA C ad dresses learned b y moni toring the so urce add ress for traffic e nterin g the s witch .
A DDR E SS T ABLE S ETTINGS 3-125 We b – Clic k Address T able , Dy namic Add resses . Specify t he searc h typ e (i.e., ma rk the In ter face, MA C Ad dres s , or VLAN che ckbox), sel ect t he metho d of sorting t he displa yed addre sses , a nd then click Qu er y .
C ONFIGURING THE S WI T CH 3-126 Changing the Agin g Time Y ou can set th e aging tim e for ent ries i n the dy namic add ress ta ble. Command A ttribut es • Agin g Stat us – Enable s/disab les t he functi on. • Agin g Time – T he time af ter whi ch a lea rned ent ry is dis carded .
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-127 Th e spa nning tree alg o rithm s supp or ted by this swit ch inclu de th ese ve r s i o n s : • STP – Spanning Tree Protocol (IEEE 802.
C ONFIGURING THE S WI T CH 3-128 that can be used whe n a node or po rt fails, and ret aining the for ward ing data base fo r ports ins ensiti ve to chan ges in th e tree s tr ucture wh en reco nfigurati on occur s .
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-129 • Designated Root – T he priori ty and MAC addre ss of th e device in th e Span ning Tree t hat thi s switch ha s accep ted as t he root de vice. - Root Por t – T he numbe r of the port on thi s switch th at is clos est to the r oot.
C ONFIGURING THE S WI T CH 3-130 • Root Forward Delay – T he maximum t ime (in s econds) this d evice will wait b efore chan ging states ( i .e., discarding to learning to forwardi ng). This delay is required because e very device must re ceive information about topology change s before it starts to forward frames.
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-131 CLI – T his comman d displays global ST A se ttings , followed by settings for each p or t. Note: The curren t root port an d current root cost displ ay as zero when this device is not conn ected to the ne twork.
C ONFIGURING THE S WI T CH 3-132 Configur ing Global Settings Global se ttings apply to the ent ire switch. Command U sa ge • Spa nning Tree P rotoc ol 8 Uses RST P for the intern al state m achine, but sends only 802.
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-133 • Priori ty – Bridge priority is use d in se lect ing t he root devi ce, r oot po rt, and d esign ated por t.
C ONFIGURING THE S WI T CH 3-134 • Forward De lay – The maximum time (in s econds) this device will wait b e f o r e c h a n g i n g s t a t e s ( i .
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-135 We b – Click Spanning T ree, ST A, Configuration. Modify the required attributes , and click Apply . Figure 3-57 STA Configuration CLI – Thi s exa mple ena bles S pan ning T ree Proto col, s et s the mode t o RSTP , and th en config ures the ST A and RSTP p arameter s .
C ONFIGURING THE S WI T CH 3-136 Displaying In terface Settings The ST A P ort Infor mation and ST A T r unk In for mation pages d isplay the cur re nt sta tus of por ts and tr u nks in the S pannin g T ree. Field Att ributes • Spanning Tree – Show s if ST A has be en ena bled on this i nterface.
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-137 • Designated Port – The po rt prior ity a nd numb er o f the po rt on the designat ed bridging device through whic h this swit ch must comm unicate with the root of t he Spann ing Tr ee.
C ONFIGURING THE S WI T CH 3-138 • Trunk Member – Indicates if a port is a member of a trunk. (STA Port Informat ion only) These additio nal parameter s are only displa yed for th e CLI: • Admin status – Shows if this in terface is enabled.
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-139 • Adm in Ed ge Po rt – You can enable this option if an inte rface is attac hed to a LAN segm ent th at is at th e end of a bridge d LAN or to an en d node. Sin ce end node s cannot cause fo rwarding l oops, th ey can pas s directly thro ugh to t he spann ing tre e forwardi ng stat e.
C ONFIGURING THE S WI T CH 3-140 CLI – This exampl e show s the ST A attr ibutes for po rt 5. Configur ing Interface Sett ings Y ou can c onfigure RST P attri butes for specifi c interfa ces , in cluding por t prior ity , path c ost, li nk type , and ed g e port.
S PANNING T RE E A LGO RI THM C ONFIGURATION 3-141 contra dictor y informat ion. Port add ress ta ble is clea red, and t he port begi ns lear ning add resse s. - Forwarding - Por t forwards packets, and cont inues learn ing addr esse s. • Trunk – Indica tes if a port is a member of a t runk.
C ONFIGURING THE S WI T CH 3-142 - D e f a u l t – - Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half duplex: 200,000; full duplex: 100,000; trunk: 50,000 - Gigab it Ethernet – Fu ll duplex: 10,000; trunk: 5,000 • Admin Link Type – The link type attache d to this in terface .
VLAN C ONFIGURATION 3-143 We b – Click Spannin g T ree, S T A, P or t Co nfigur ation or T r un k Configuration. Mo dify the requir ed attri butes , th en clic k Apply . Figure 3-59 STA Port Configuration CLI – T his exa mple se ts ST A at tributes for por t 7.
C ONFIGURING THE S WI T CH 3-144 VLANs help to sim plify ne twork manag emen t by allowing you to move device s to a new VLAN withou t having t o c h ang e any p hysical conn ection s .
VLAN C ONFIGURATION 3-145 Note: VL AN-ta gged fra mes ca n pass th rou gh VLAN -aware or VLAN-u naware network interco nnecti on dev ices, bu t the V LAN tags should b e str ipped off be fore pass ing it on to a ny e nd-n ode hos t that does no t supp ort VLA N ta gging.
C ONFIGURING THE S WI T CH 3-146 Automatic VLAN Registration – GVRP (GARP VLAN Registratio n Prot ocol) defines a system whereb y th e switc h can au tomati call y learn the VLANs to wh ich each e nd station shou ld be assigned . If an end station (o r its netw ork adapter) suppor ts the IEEE 802.
VLAN C ONFIGURATION 3-147 F or w a rdi ng T a gged/U nta gged Frame s If you wan t to cr eat e a smal l por t-bas ed VL AN fo r de vices atta ched dire ctly to a sin gle sw itch, you can as sign p or ts to the s ame unt ag g ed VLAN .
C ONFIGURING THE S WI T CH 3-148 Enabl ing or Disa bling G VRP (Global Settin g) GAR P VLA N R egis tration Protoc ol (GVRP) define s a wa y for swit ch es to ex chang e VLAN info r mation in order to reg ister VLAN memb ers on ports a cross the netw ork.
VLAN C ONFIGURATION 3-149 • Maximum Number of Supported VLANs – Maximum numbe r of VLAN s that can be con figured on thi s swit ch. We b – Click VLAN , 802.1Q VLAN , Basic Infor matio n. Figure 3-61 VLAN Basic Information CLI – Enter the following comman d.
C ONFIGURING THE S WI T CH 3-150 • Status – Shows h ow th is VL AN was added t o the s witch . - Dynamic GVRP : Automatically learned via GVRP. - Permanent : Adde d as a st atic entry. • Egress Ports – Show s all the VL AN port membe rs. • Untagged Ports – Show s the untagged VLAN p ort membe rs.
VLAN C ONFIGURATION 3-151 • Status – Sh ows if this VLAN is enabled or dis abled. - Acti ve : VLAN is op erational. - Susp end : VL AN i s suspe nded; i.e ., do es no t pass pa cket s. • Ports / Channel groups – Shows the VL AN in terfa ce mem bers.
C ONFIGURING THE S WI T CH 3-152 • State (CLI) – Enabl es or d isabl es the sp ecified VLAN. - Acti ve : VLAN is op erational. - Susp end : VL AN i s suspe nded; i.e ., do es no t pass pa cket s. • Add – Ad ds a new VLAN gro up to the curre nt list.
VLAN C ONFIGURATION 3-153 Adding S tatic Members to VLANs (VLAN Index) Use the VLAN S tatic T able t o configu re port members fo r the s elected VLAN index. Assign por ts as tag g ed if they are connected to 802.1Q VLAN compli ant devices , or untag ged they a re not c onnecte d to any VLAN - a ware devi ces .
C ONFIGURING THE S WI T CH 3-154 • Membership Type – Sel ect VLAN m embership for eac h int erface by marki ng th e approp riate r adio bu tton f or a po rt or tr unk: - Ta gged : Interf ace is a member of the V LAN. All pa ckets transmitt ed by the port will be tagged, that is, c arry a tag and therefo re carry VLAN o r CoS infor mation.
VLAN C ONFIGURATION 3-155 We b – Click VLAN , 802.1Q VLAN , Static T able. Se lect a VLAN ID fro m the s croll-down list. Mod ify the VL AN name and status if re quired. Selec t the me mbersh ip type by markin g the approp riat e radio button in the list of por ts or tr un ks .
C ONFIGURING THE S WI T CH 3-156 Adding S tatic Members to VLANs (Port Index) Use th e VLAN Static Membership by P or t men u to assign V LAN g roups to th e sel ect ed in te rfac e as a tag g ed mem ber . Command A ttribut es • Interface – P ort or tru nk id entifi er.
VLAN C ONFIGURATION 3-157 Confi guring VLAN Behavior for Interfa ces Y ou can config ure VLAN behavior for specific interfaces , in cluding the default VLAN iden tifier ( PVID), ac ce pted fr ame typ es , ingress filteri ng, GVRP status , and GARP t imers .
C ONFIGURING THE S WI T CH 3-158 - Ingres s filtering only affects tagged frames. - If ing ress filt ering i s disabled and a port recei ves frames tagged fo r VLAN s for which it is not a member, these frames will b e flooded to all other ports (e xcept for those VL ANs explicitly forbidden on this po rt).
VLAN C ONFIGURATION 3-159 • Mode – Indicate s VLAN memb ership mode for an inte rface. (Default : Hybri d) - 1Q Trunk – Spec ifies a port as an end-point for a VLAN tru nk. A trunk is a direct link betw een two sw itches, so the port transmits tagged frames that ide ntify the source V LAN.
C ONFIGURING THE S WI T CH 3-160 CLI – This exampl e sets po r t 3 to accept only tagg ed frames , assi gns PVID 3 as the native VLAN ID , enables GV RP , sets th e GARP time rs , and the n sets th e swit c h por t mod e to hybrid.
VLAN C ONFIGURATION 3-161 2. Use the P riv ate VL AN Asso ciation menu (pag e 3-16 4) to map the seco ndar y (i.e., com munity) VLA N(s) to the prima r y VL AN . 3. Use the Pr iv ate VLAN P ort Configur ation menu (page 3-166) to set the por t type to prom iscuous ( i.
C ONFIGURING THE S WI T CH 3-162 We b – Click VLAN , Private VLAN , Infor ma tion. S elect th e desir ed por t fr om the VLAN ID dro p-d own m en u. Figure 3-67 Private VLAN Information CLI – T his e xample s how s the s witch config ured with primary VLAN 5 and seco ndary VLAN 6.
VLAN C ONFIGURATION 3-163 Confi guring Pri vate VLANs Th e Private VL AN C onfigu rati on pag e is u sed to c reate /rem ov e pr imar y , community , or isolated VLANs .
C ONFIGURING THE S WI T CH 3-164 CLI – T hi s exa mple c onfigu res VLAN 5 as a pri mar y VL AN , and V LAN 6 as a comm unity VLAN and VLAN 7 as an isolated VLAN . Associating VLANs Eac h comm unit y VLAN m ust b e associ ated wit h a pr imar y VL AN .
VLAN C ONFIGURATION 3-165 CLI – T his exam ple asso cia tes com munit y VL ANs 6 a nd 7 with p rim ar y VLAN 5. Displaying Private VLAN Interface Infor mation Use the Priv ate VLAN P ort Infor mation a nd Pri v ate VLAN T r unk Infor mation men us to display t he interfaces as sociated wit h priv at e VLANs.
C ONFIGURING THE S WI T CH 3-166 We b – Cli ck VL AN, Pr ivate VLAN , Por t Inf orma tio n or Tr unk Infor mation. Figure 3-70 Private VLAN Port Information CLI – T his e xample s how s the s witch config ured with primary VLAN 5 and c ommun ity VLAN 6.
VLAN C ONFIGURATION 3-167 - Host – Th e port is a community po rt or an isolat ed port. A comm unity port can co mmunica te wi th other port s in its ow n commu nity VLA N and wit h desi gnated promisc uous por t(s).
C ONFIGURING THE S WI T CH 3-168 We b – Click VLA N, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Ty pe for each port that will join a pri vate VLA N. As sign promi scuous ports t o a pr imary or isolated VLAN. Assign host por ts to a co mmuni ty or iso lated VL AN.
C LASS OF S ER VICE C ONFIGURATION 3-169 Cla ss of Service C onfigura tion Class of Ser vice (CoS) allows you to specify which data pack ets have greater pr ecedence w hen traf fic is buffered in the s witch due to cong esti on . Th is switch s uppor ts CoS wit h four pr iorit y queue s for each por t.
C ONFIGURING THE S WI T CH 3-170 Command A ttribut es • Default Priority 11 – The prior ity that is assigned to unta gged frame s received on the specified interface. (Range: 0-7, Default: 0) • Number of Egress Traffic Cl asses – The num ber of qu eue buffers provid ed for each port.
C LASS OF S ER VICE C ONFIGURATION 3-171 Mapping CoS Values to Egr ess Queues Th is switch processes Class of Ser v ice (CoS) priority tag g ed traffic by using fo ur priorit y queues for ea ch por t, wit h ser vice sc hedules ba sed on strict o r W eighte d R oun d R obin (WRR).
C ONFIGURING THE S WI T CH 3-172 Command A ttribut es • Priori ty – CoS value. (Ran ge: 0-7, where 7 is the highest priority) • Traffic Class 12 – Output queue buffer. (Rang e: 0-3, where 3 is the highes t CoS priority queue) We b – Click Priority , T raffic Classes .
C LASS OF S ER VICE C ONFIGURATION 3-173 Selecti ng the Queue Mode Y ou can set th e swit ch to ser vice the qu eues ba sed on a strict r ule th at require s all traffi c in a hi gher pri ority qu eue.
C ONFIGURING THE S WI T CH 3-174 Setti ng the Se rvice Weight for Traffic Classes Th is sw itch us es the W eight ed Round Robin (WRR ) al g orit hm to deter min e the frequency at which it ser vices each priority queue.
C LASS OF S ER VICE C ONFIGURATION 3-175 CLI – The follo wing ex ample s hows how to assi gn WRR w eight s to eac h of the priorit y queues . Layer 3/4 Priority Setting s Mapping Layer 3/4 Prio rities to CoS Values Th is switch suppo rt s several common meth ods of pr ioritizing layer 3/4 traffic to meet applicatio n requirements .
C ONFIGURING THE S WI T CH 3-176 Selecti ng IP Precedence/DSCP Priority The swi tch a llow s you to c hoose betw een us ing IP Pre cedenc e or DSCP prior ity . Select o ne of th e methods or dis able th is feature . Command A ttribut es • Disabled – Disables bo th priority services.
C LASS OF S ER VICE C ONFIGURATION 3-177 Command A ttribut es • IP Precedence Priority Table – Sh ows th e IP Pre cedence t o CoS map. • Class of Service Value – Ma ps a CoS val ue to t he select ed IP Preced ence value . Note t hat “0” rep resents low p riority and “7 ” repr esent h igh pr iority.
C ONFIGURING THE S WI T CH 3-178 CLI – The follo wing ex ample gl obally en ables IP Preceden ce ser vice on the sw itc h, maps IP Preceden ce v alue 1 to CoS v alue 0 (on port 1), a nd the n displ ays t he IP Pr ecedence setting s .
C LASS OF S ER VICE C ONFIGURATION 3-179 Command A ttribut es • DSCP Priori ty Table – Sh ows the DSC P Pr iori ty to CoS m ap. • Class of Service Value – M aps a Co S value to the sele cted DSCP Priority value . Note that “0” repr esents low priorit y and “7” repr esent high pr iori ty.
C ONFIGURING THE S WI T CH 3-180 CLI – T he following example globally enables DSCP Priority ser vice on the s witch, maps DSCP value 0 to Co S value 1 (on por t 1), and th en displays the DSCP Priority set tings .
C LASS OF S ER VICE C ONFIGURATION 3-181 We b – Click Priority , IP P o rt Priority St atus . Set IP P ort Priority Status to Ena bled . Figure 3-79 IP Port Prio rity Status Clic k Priority , IP P or t Priori ty .
C ONFIGURING THE S WI T CH 3-182 CLI – T he following example globally enables IP P or t Priority ser vic e on the s witch , maps HTT P tra ffi c on po r t 5 to CoS value 0, and then dis plays all the IP P or t Priority sett ings for tha t por t.
C LASS OF S ER VICE C ONFIGURATION 3-183 • ACL CoS Priority Mapping – Displa ys the conf igured info rmation. We b – Click Priority , A CL CoS Priori ty .
C ONFIGURING THE S WI T CH 3-184 Mu ltic ast Fi lte ring Multicasting is used to suppor t real-t ime application s such as vide oconferencin g or streaming audio . A multicast ser ver doe s not have to estab lish a se para te conn ection with e ach client .
M ULTICAST F ILT ER IN G 3-185 Laye r 2 IG MP (Snooping and Query) IGMP Snoo ping and Quer y – If multicast routing is no t suppor ted on othe r swit ches in your network, you can us e IGMP Sn oopin.
C ONFIGURING THE S WI T CH 3-186 mult icastin g, on e of th ese de vices is electe d “queri er” and assumes t he role o f queryin g the L AN for group members. It then propagates the service requests on to any upst ream multica st switch/ router to en sure that it will continue to re ceive the m ulticas t ser vice.
M ULTICAST F ILT ER IN G 3-187 Notes: 1. A ll sy stems on the subnet must supp ort th e sam e ver sion. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. We b – Clic k IGMP Sn oopin g, IG MP Co nfiguration.
C ONFIGURING THE S WI T CH 3-188 Displaying Interfaces A ttach ed to a Mult icast Router Mult icast r outers t hat are attac hed to ports on the swi tch use information obtained from IGMP , along with a m ulticas t routing protoco l suc h as D V MRP or PIM , to supp or t IP multic ast ing acro ss the Inter n et.
M ULTICAST F ILT ER IN G 3-189 CLI – T his examp le shows th at P or t 11 h as been statically configured as a port attache d to a mult icast router . Specif ying Static Interfaces for a Multicast Router De pendin g on y o ur network conn ecti ons , I GMP snoopin g m a y n ot al wa ys be ab le to loca te th e IGMP queri er .
C ONFIGURING THE S WI T CH 3-190 We b – Click IGMP Sn ooping, Static Multicas t R outer P or t Config uration. Specify the int erfaces at tache d to a m ultic ast router , i ndicate the VLAN which will forward all the corr esponding multicast traffic , and then click Add.
M ULTICAST F ILT ER IN G 3-191 We b – Click IGMP Snoop ing, IP Multicast R egi stration T able. Select a VLAN ID and the IP address for a multicast ser v ice from the scroll-d o wn lists . Th e switch will display all the interfaces that are propag ating this multicast ser vice.
C ONFIGURING THE S WI T CH 3-192 Assigning Por ts to Multicast S ervices Multicast fi ltering can be dynamical ly configured using IGM P Snoopin g and I GMP Query messages as de scribe d in “Con figu ring IGM P snoo ping and Query P arameters” on pag e 3-133.
M ULTICAST F ILT ER IN G 3-193 We b – Clic k IGMP Sn ooping , IGMP Member P o rt T able . Specif y the interface attached to a multicast se r v ice (via an IGMP-en abled switch or multicast rou ter), indica te the VLAN tha t will pr opag at e the multicas t ser vice, s pecify the multicast IP address , and click Add.
C ONFIGURING THE S WI T CH 3-194.
4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This c hapte r descr ibes ho w to u se the Co mmand Line Int erface (C LI). Note: Yo u ca n only ac ces s the co nsole i nter face throug h the Ma ster unit in the stac k.
C OMMAND L IN E I NTE RF A CE 4-2 3. Wh en finished , exit th e ses sion wi th the “q uit” or “exit ” comma nd. Aft er connec ting to the syst em throug h the c onso le port, th e login screen dis plays: Telnet Connection T elnet operat es o ver the IP tran sport proto col.
U SIN G THE C OMMAND L INE I NTE RF A CE 4-3 After y ou config ure the swi tch wi th an I P address , y ou can op en a T elnet sess ion by perfo r ming the se st eps: 1. Fr om the remote hos t, enter the T elnet command a n d the IP a ddress of the d evice you want to acc ess .
C OMMAND L IN E I NTE RF A CE 4-4 Ent ering Comman ds Th is sec tion des crib es how to en ter CL I co mmands . Keywords and Arg uments A CLI com mand is a ser ies of ke yw ords an d arguments . K eyw ords id entify a comman d, and argument s specify con figuration p arameters .
E NTERING C OMMAN DS 4-5 Command C ompletion If you ter minat e input with a T ab key , the CLI will print th e remaining character s of a par tial keyword up to th e point of ambigu ity . In th e “logging hi story” exampl e, t yping lo g follo wed by a tab will result in prin ting the c omman d up to “ lo ggi ng .
C OMMAND L IN E I NTE RF A CE 4-6 Showing Commands If you en ter a “?” at the command prom pt, the sy stem will display the first lev el of k eyw ords fo r the current c ommand class (N or mal Ex ec or Pri vileged Ex ec) or confi guratio n clas s (Globa l, A CL, Int erface, Line or VLAN Dat abase).
E NTERING C OMMAN DS 4-7 The c omm and “ sho w interfaces ? ” will d isplay the following infor mation: Partial Keyword Lookup If y ou ter minate a partial keyw ord with a question mark, alternati ves that match the initial lett ers are provided. (R ememb er not to leav e a space betw een the co mmand and que stion ma rk.
C OMMAND L IN E I NTE RF A CE 4-8 Understanding Command Modes The comman d set is divide d into Ex ec and Con figurati on class es . Ex ec commands g enerally display infor mation on sys tem status or clear stat istical c ount ers .
E NTERING C OMMAN DS 4-9 Pri vi le g ed Ex ec mode from wi thin Nor mal Ex ec mode , by enter ing the ena ble command, followed b y the privileg ed lev el p assw ord “super” (pag e 4-36).
C OMMAND L IN E I NTE RF A CE 4-10 • Line Config urati on - The se co mmands modif y the co nsole port and Teln et configurat ion, an d includ e command such as parity and databits . • VLAN Configurat ion - I ncludes t he comman d to crea te VL AN group s.
E NTERING C OMMAN DS 4-11 Command L ine Processi ng Comma nds are n ot case sensiti v e . Y ou can abb reviate commands and par ame ters as lon g as th ey c ont ain e nou gh lett ers to di ffer ent iat e the m from any other cur rent ly a vai lable c ommands o r para meters .
C OMMAND L IN E I NTE RF A CE 4-12 Comma nd Grou ps The syst em com mands ca n be bro ken down into th e funct ional groups shown be low . Table 4-4 Command Grou ps Command Group Description Page Li n.
C OMMAND G RO UP S 4-13 The access mode sho wn in the fo llow ing tab les is i ndicated by t hese abbr eviat ions: NE (Nor mal Exec) PE (Privileg ed Exec) GC (Glo bal Configuration) ACL (Acce ss Co nt.
C OMMAND L IN E I NTE RF A CE 4-14 Line Comm ands Y ou can access the onboard c onfig uration program by attach ing a VT100 compa tible de vice to th e ser v er’ s serial port. These comman ds are us ed to set co mmuni cation p arameter s for th e serial port or T el net (i.
L INE C OMMAN DS 4-15 line This com mand iden tifies a specific line for config uration, an d to pro cess subs equent line co nfigu ration c ommand s . Synta x lin e { console | vty } - console - Cons ole te rminal line. - vty - Virtual te rmi nal fo r remote con sole access ( i.
C OMMAND L IN E I NTE RF A CE 4-16 login This comma nd enabl es pass wo rd ch eckin g at logi n. Use the no fo r m to disa ble pas sw or d checking and allow c onne ction s witho ut a pa ssword. Synta x login [ local ] no logi n local - Selects local pa ssw or d c h ecking .
L INE C OMMAN DS 4-17 Example Related Commands usern ame (4-35) passw ord (4-17) password This com mand speci fies the passw ord for a line . Use the no fo r m to remove the pa ssword.
C OMMAND L IN E I NTE RF A CE 4-18 configuration file from a TF TP server. There is no nee d for you to man ually config ure encr ypted p asswo rds. Example Related Commands login (4-16) password-thr esh ( 4-20) timeout login r esponse Th is command s ets the int er val that th e system waits for a user to lo g into the C LI.
L INE C OMMAN DS 4-19 Example T o s et th e tim eout to t wo min ute s , e nter thi s comm and: Related Commands silent-tim e (4-21) ex ec-timeo ut (4-14) exec-timeout Th is command sets th e inter va l t hat the system waits until user in put is detect ed.
C OMMAND L IN E I NTE RF A CE 4-20 Example T o s et th e tim eout to t wo min ute s , e nter thi s comm and: Related Commands silent-tim e (4-21) tim eout l ogin resp onse (4 -13) password -thresh Th is command sets the pass w ord int r usion th reshold which limits t he number of faile d log on a ttempts .
L INE C OMMAN DS 4-21 Example T o se t the pass w o rd thres hold to five attempts, enter this comma nd: Related Commands silent-tim e (4-21) tim eout l ogin resp onse (4 -13) sil ent-ti me Th is comm.
C OMMAND L IN E I NTE RF A CE 4-22 databits Th is comm and sets th e number of d ata bits per charact er that a re inter pre ted and g ene rated by the conso le po r t. Us e the no fo r m to r es tor e the d efault value. Synta x data bits { 7 | 8 } no data bits - 7 - Seven data bits per charac ter.
L INE C OMMAN DS 4-23 parity Th is comm and define s the g ene ratio n of a par ity bit . Use the no for m to restor e the d efault set ting . Synta x parity { none | even | od d } no parity - none - .
C OMMAND L IN E I NTE RF A CE 4-24 Default Setting 9600 Command Mode Line Con figuration Command Usage Set t he speed to ma tch the baud r ate of th e device co nnected to the seri al por t. Some baud rate s av aila ble on devi ces co nne cted to th e por t mig ht not b e supp or ted.
L INE C OMMAN DS 4-25 disconnect This comma nd ter minates an SSH, T eln et, or conso le connec tion. Synta x disconnect s ession- id sessio n-i d – T he se ssion identif ier for a n SSH, T elne t or co nsole conne ction.
C OMMAND L IN E I NTE RF A CE 4-26 Example T o show all lines, enter this command: General Com mands Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled .
G ENERAL C OMMAN DS 4-27 enable Th is command activates Pri v ileged E x ec mode. In privileg ed mode, additi onal commands ar e av ailable, an d cer tain commands display additi onal infor mation. See “Underst anding Command Mo des” on pag e 4-8.
C OMMAND L IN E I NTE RF A CE 4-28 disable Th is command retur ns to Nor mal Exec mode from privilege d mode. In nor mal access m ode, you ca n only displa y bas ic information o n the switch's configuration or Ether net statistics . T o g ain access to all comm ands, you must use t he pr ivileg ed mod e .
G ENERAL C OMMAN DS 4-29 Example Related Commands end (4-30) sho w hi sto ry This com mand sh ows the cont ents o f the co mmand hi story buffer . Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage The histo r y buffer si ze is fix ed at 10 Ex ecution co mmands an d 10 Conf igurati on c ommand s .
C OMMAND L IN E I NTE RF A CE 4-30 The ! comman d repeats c ommands fro m the Ex ecution co mmand his tory buffer when y ou are in Nor mal Ex ec or Pri vileged Ex ec Mode , and comm ands from th e Configur ation comma nd history buffer when y ou are in any of the co nfiguration modes .
G ENERAL C OMMAN DS 4-31 Command Mode Global C onfigu ratio n, In terface Conf iguration, Line Co nfiguration, and VLAN D atabase Configu ration . Example This examp le sho w s ho w to re tur n to the.
C OMMAND L IN E I NTE RF A CE 4-32 Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage The quit and exi t com mands c an bot h exit th e confi gurati on pr og ram.
S YS TEM M ANAG EMENT C OMMAN DS 4-33 Device Designation Co mmands pro mpt This com mand custo mizes t he CLI pr ompt. Us e the no for m to rest or e the default prom pt. Synta x prompt string no prompt string - Any a lpha nu meric s tring to use for the C LI pr ompt.
C OMMAND L IN E I NTE RF A CE 4-34 hostna me This comman d specifi es or modi fies the h ost name for t his device . Use the no for m t o rest ore th e defau lt hos t name.
S YS TEM M ANAG EMENT C OMMAN DS 4-35 userna me This com mand adds n amed use rs , req uires auth entica tion a t login, spec ifies o r chang es a use r's password (or spe cify that no pass w ord is requ ired ), or spe cif ies or chang e s a user 's a cces s le v e l.
C OMMAND L IN E I NTE RF A CE 4-36 Command Usage Th e encr ypted pa ssw ord is required for comp atibility with leg acy pas sw ord sett ings (i.e ., pl ain te xt o r encrypted) when r eadin g th e con figurat ion file dur ing sy stem boot up or wh en do wnlo ading the config urat ion fi le fr om a T FTP ser ver .
S YS TEM M ANAG EMENT C OMMAN DS 4-37 Command Usage • You c annot set a n ull pa ssword. You will h ave to e nter a p asswo rd to change the command mode from Normal Exec to Privilege d Exec with th e enable command (page 4-27). • The encr ypted password is required for compatibility with legac y pas sword s ettings (i.
C OMMAND L IN E I NTE RF A CE 4-38 management This com mand speci fies the client IP address es that a re allo wed man ag eme nt acc ess to the swit ch t hrough va rious proto cols .
S YS TEM M ANAG EMENT C OMMAN DS 4-39 • You can delet e an addres s range j ust by sp ecifyi ng the st art addres s, or by sp ecifying both the start ad dress and e nd addres s. Example This examp le restri cts managem ent access to the i ndicated addres ses .
C OMMAND L IN E I NTE RF A CE 4-40 Example Web Server Com mands Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address ----------------------- ------------------------ 1. 192.168.1.19 192.168.1.19 2. 192.168.
S YS TEM M ANAG EMENT C OMMAN DS 4-41 ip h ttp port This comma nd specifi es the T CP port n umber u sed b y the web bro wser interface. Use the no for m to use the defa ult por t. Synta x ip http por t por t-nu mber no ip http por t por t- num ber - T h e T C P p o r t t o b e u s e d b y t h e b r o w s e r i n t e r f a c e .
C OMMAND L IN E I NTE RF A CE 4-42 Example Related Commands ip http por t (4-41) ip http secure-server This com mand ena bles t he secure h yper tex t tran sfer prot ocol (HTTPS) over the Se cure Socket Laye r (SSL ), pr oviding se cure acces s (i. e.
S YS TEM M ANAG EMENT C OMMAN DS 4-43 • The cl ient and server establ ish a secure en crypted c onnec tion. A pad lock ic on sho uld app ea r in the stat us ba r for Inte rnet Explor er 5.
C OMMAND L IN E I NTE RF A CE 4-44 Command Mode Glob al Config uration Command Usage • You cannot con figure the HT TP and HT TPS server s to us e the s ame port .
S YS TEM M ANAG EMENT C OMMAN DS 4-45 Default Setting 23 Command Mode Glob al Config uration Example Related Commands ip telne t ser ver (4-45) ip tel net server Th is command allows this device to be monitored or configured from T e lnet. Use the no for m to d isabl e this f uncti on.
C OMMAND L IN E I NTE RF A CE 4-46 Secure Shell Commands The B erkley-standard includes remote access to ols originally designed for Unix s ystem s . Some of thes e tool s hav e also be en imp lemen ted for Micros oft W indows and othe r envir onmen ts .
S YS TEM M ANAG EMENT C OMMAN DS 4-47 The SSH ser ver on this switc h su pports bot h passw ord and public k ey auth entica tion. I f passw ord authe nticati on is sp ecifie d by t he SSH cli ent, the.
C OMMAND L IN E I NTE RF A CE 4-48 2. Provide Host Public Key to Clients – Many SSH client prog rams automatically imp or t the host public key during the initi al connectio n setup w ith the switch. Othe rwise, you need t o manually creat e a known hosts file o n the man ag ement station and plac e the host public key in it.
S YS TEM M ANAG EMENT C OMMAN DS 4-49 a. Th e client send s its publi c key to the switch. b. The swi tch c ompares t he clien t's publi c k ey to t hose stor ed in m emor y . c. If a ma tch is found, the s witch uses th e public key t o encrypt a ran dom seque nce of by tes , and se nds th is stri ng to the clie nt.
C OMMAND L IN E I NTE RF A CE 4-50 Example Related Commands ip ssh cr ypto h ost-key g ener ate (4-52) show ssh (4-55) ip ssh timeout This com mand confi gures the timeout for the SSH ser ver .
S YS TEM M ANAG EMENT C OMMAN DS 4-51 ip ssh auth enticati on-retri es This com mand confi gures the numb er of ti mes th e SSH ser v er attempt s to reau thentic ate a user .
C OMMAND L IN E I NTE RF A CE 4-52 Command Usage • The se rver key is a pr ivate key that i s never shar ed outsid e the switch . • The host key is shared with the SSH client, and is fixed at 1024 bits. Example delete pub lic-key This comma nd deletes the sp ecified us er’ s public key .
S YS TEM M ANAG EMENT C OMMAN DS 4-53 Command Mode Pri vileged Ex ec Command Usage • This comm and st ores the ho st k ey pa ir in me mory (i. e., R AM).
C OMMAND L IN E I NTE RF A CE 4-54 Command Usage • Thi s command clears the host key fr om volatil e memory ( RAM). Use the no ip ss h save hos t-ke y command t o clear the host key from fla sh memory. • The SSH s erver must b e disabled before you can exe cute this command.
S YS TEM M ANAG EMENT C OMMAN DS 4-55 show ip ssh This com mand disp lays the co nnecti on settin gs used when authenti cating clie nt acces s to the SS H ser v er . Command Mode Pri vileged Ex ec Example show ssh This com mand di spla ys the cur ren t SSH ser v er connect ions .
C OMMAND L IN E I NTE RF A CE 4-56 show p ublic- key This com mand sh ows the publ ic k ey for t he spe cified user or fo r the ho st. Synta x show publi c-key [ user [ u ser name ]| host ] user name – Name of an SSH user . (Range: 1-8 c haract ers) Default Setting Shows all public key s .
S YS TEM M ANAG EMENT C OMMAN DS 4-57 Command Mode Pri vileged Ex ec Command Usage • If no p arameters are entered, all keys are displayed. If the user key word is en tered, but no use r name is specified , then the publ ic keys for a ll user s are displ ayed.
C OMMAND L IN E I NTE RF A CE 4-58 Event Logging Command s loggi ng on Th is command controls lo g ging o f er ror messag es, sending debug or er ror messag es to swi tc h me mor y .
S YS TEM M ANAG EMENT C OMMAN DS 4-59 Example Related Commands log ging histo r y (4-59) clear log ging (4 -63) loggi ng hist ory Th is comm and limits syslog me ssag es sav ed to swit c h m emor y ba sed on severity . T he no for m retu rn s the log gin g of syslog me ssag es to th e defau lt level.
C OMMAND L IN E I NTE RF A CE 4-60 Default Setting Flash: errors (lev el 3 - 0) RAM: war nings (level 6 - 0) Command Mode Glob al Config uration Command Usage Th e messag e level specified for f lash memo r y must be a hi gher prio rity (i.e ., n umerically low er) than that specified fo r RAM.
S YS TEM M ANAG EMENT C OMMAN DS 4-61 Command Usage • By using this c ommand more than once yo u can build up a list of ho st IP add res ses. • The maximum n umber of host IP addresses allowed is five. Example loggi ng facility Th is command sets the facility type for remote log ging of sys log messag es .
C OMMAND L IN E I NTE RF A CE 4-62 loggi ng trap This comman d enables t he log ging of system me ssages to a remote ser v er , or l imi ts the sysl og me ssages sav ed to a re mote s er v er bas ed on se veri ty . Use this command w ithout a specified level to enable remote lo g gi ng .
S YS TEM M ANAG EMENT C OMMAN DS 4-63 clear l ogging This comma nd clears m essages from t he log bu ffer . Synta x clear lo gging [ fl a s h | ram ] - fl ash - Even t hist ory st ored in f lash memo ry (i. e., pe rmanent me mory ). - ram - Eve nt hist ory stored in temp orary RAM (i.
C OMMAND L IN E I NTE RF A CE 4-64 Default Setting None Command Mode Pri vileged Ex ec Example Th e following example shows that system log ging is enabled, the me ssag e lev el for f lash memor y is “er rors” (i.e., default level 3 - 0), the messag e level for RAM is “infor mational” (i.
S YS TEM M ANAG EMENT C OMMAN DS 4-65 Related Commands show log ging send mail (4-70) show log This com mand di spla ys the system an d ev ent m essages sto red i n memor y . Synta x sho w log { fl a s h | ram } [ login ] [ tail ] - fl ash - Event h isto ry store d in fl ash memo ry (i.
C OMMAND L IN E I NTE RF A CE 4-66 Command Usage This comman d sho ws the system and ev ent mes sages stored i n memor y , including the time stamp , messag e lev el (p age 4-59), p rogram module, fu nction, a nd event numbe r . Example The follo wing exam ple sh ows s ample m essages sto red in RA M.
S YS TEM M ANAG EMENT C OMMAN DS 4-67 loggi ng se ndmail ho st Th is command spec ifies SMTP ser ve rs t hat will be sent alert messag es . Use the no for m to remo ve an SMTP ser ver . Synta x [ no ] lo ggi ng sendmail host ip_addr ess ip_a ddr ess - IP ad dress o f an SMTP ser ver that will be sent alert me ssages f or ev ent ha ndl ing .
C OMMAND L IN E I NTE RF A CE 4-68 Example loggi ng send mail level Th is comm and sets th e severity thr eshold used to tr ig g er al er t messa g es . Synta x loggi ng s en dma il le v el le vel leve l - One of the syst em messag e lev els (pag e 4-59).
S YS TEM M ANAG EMENT C OMMAN DS 4-69 loggi ng sendmail sou rce-email This comma nd sets the email address used for t he “F rom” field in alert messa g es . Use the no for m to dele te th e source email add ress . Synta x [no] lo g ging sendmail source-email email-add r ess email-add r ess - The sour ce email addre ss used i n alert mes sages .
C OMMAND L IN E I NTE RF A CE 4-70 Command Mode Glob al Config uration Command Usage Y ou can s pecify up to fi v e recipien ts for al ert messages . Ho wev er , y ou mu st enter a separate comman d to speci fy each recipi ent. Example loggi ng se ndmail This com mand ena bles SMT P ev ent hand ling .
S YS TEM M ANAG EMENT C OMMAN DS 4-71 Example Time Command s Th e system clock can be dynam ically set by polling a se t of specified time ser v er s (NTP or SNTP). Mainta ining an accurate tim e on th e switch enab les the s ystem l og to reco rd meani ngful dates and t imes for ev ent entries .
C OMMAND L IN E I NTE RF A CE 4-72 sntp client Th is command enables SNTP c lient requests for time s ync hron ization fr om NTP or SNTP time ser v ers spe cifie d with the sntp ser vers comm and.
S YS TEM M ANAG EMENT C OMMAN DS 4-73 sntp server This com mand set s the IP address of the ser ver s to whic h SNTP ti me reques ts are i ssued. Use the this co mmand with no arg uments to clea r all time ser vers from the cur rent lis t.
C OMMAND L IN E I NTE RF A CE 4-74 sntp po ll This com mand set s the in ter va l betw een sendi ng time req uests when the switch is set to SNT P client mode. Use the no f o r m to rest ore to th e defa ult. Synta x sntp p oll sec onds no sntp poll seconds - Inter v al betwee n time requests .
S YS TEM M ANAG EMENT C OMMAN DS 4-75 Example clock t imezone This comma nd sets the time z one for t he switc h’ s inte r nal clo ck. Synta x clock timezone na me hour hours min ute minutes { befor e-utc | after-utc } • name - Name of timezone, usually an acronym.
C OMMAND L IN E I NTE RF A CE 4-76 Example Related Commands show sntp ( 4-74) calend ar set This com mand sets the sys tem clo ck. It ma y be use d if there is no time ser ver on your network, or if you h a ve n ot conf igu red th e switch to r eceive signa ls from a tim e ser ver .
S YS TEM M ANAG EMENT C OMMAN DS 4-77 show cal endar This com mand disp lays the sy stem clo ck. Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Example System Status Commands Cons.
C OMMAND L IN E I NTE RF A CE 4-78 ligh t unit Th is command displays the uni t ID of a switch using its front-pan el LED indicators . Synta x light unit [ unit ] uni t - sp eci fies a un it in a swit.
S YS TEM M ANAG EMENT C OMMAN DS 4-79 • This c ommand d isplays settings for key comman d modes. Each mo de group is separ ated b y “!” symb ols, an d inclu des the configur ation mode command , and corresponding commands.
C OMMAND L IN E I NTE RF A CE 4-80 Related Commands show r u nning -config (4-80) show run ning-conf ig This com mand disp lays the co nfigur ation infor mation cur rently in use.
S YS TEM M ANAG EMENT C OMMAN DS 4-81 Example Console#show running-co nfig building startup-config , please wait..... ! phymap 00-30-f1-ce-2a-2 0 00-00-00-00-00-00 00-00-00-00-00-0 0 00-00-00-00-00-00 00-00 -00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00 -00-00-00-00 ! SNTP server 0.
C OMMAND L IN E I NTE RF A CE 4-82 Related Commands show star tu p-config ( 4-78) show system Th is command dis plays system infor mation. Default Setting None Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage • For a descr ipti on of th e item s show n by this c ommand, refer t o “Displaying System Information” on page -11.
S YS TEM M ANAG EMENT C OMMAN DS 4-83 show us ers Shows all activ e console and T elne t session s , inc luding user name, idle time, and IP address o f T elnet client .
C OMMAND L IN E I NTE RF A CE 4-84 Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage See “Disp la ying Sw itch Hardw are/S oftware V ersions” o n pag e 3 -13 for detailed info r mation on th e items disp layed by this comman d. Example Frame Size Commands jumbo f rame This com mand ena bles supp ort for jumbo frames .
F LASH /F ILE C OMMAN DS 4-85 Command Mode Glob al Config uration Command Usage • This s witch p rovides more efficien t thro ughput for large sequ ential data transfers by supporting jumbo frames up to 9216 bytes. Compa red to standa rd Ethernet fra mes that run only up to 1.
C OMMAND L IN E I NTE RF A CE 4-86 copy Th is comm and mov es (upload /downloa d) a co de ima g e or co nfigur ation file b etw een the sw itc h’ s flash memory and a TFTP server .
F LASH /F ILE C OMMAN DS 4-87 Command Mode Pri vileged Ex ec Command Usage • The syst em p rompts for data requ ired to co mplete the copy command. • Th e desti natio n fi le na me shou ld n ot cont ain sla s he s ( or /), the leading letter of the file name shou ld not be a period (.
C OMMAND L IN E I NTE RF A CE 4-88 Example The f ollo wing example shows ho w to up loa d the co nfigura t io n sett ings to a file on the TFTP ser ver : Th e fo llowing exam ple sh ows how to co py the r unnin g conf igura tion to a star tup file.
F LASH /F ILE C OMMAN DS 4-89 This examp le sho ws ho w to co py a pub lic-key used b y SSH from an TFT P ser v er . No te th at pu blic k ey au thenti catio n via SSH is only supported f or users configure d locally on the swit c h: delete Th is command deletes a fi le or image.
C OMMAND L IN E I NTE RF A CE 4-90 Example Th is example shows how to delete th e test2.cfg con figuration file from flas h memor y for uni t 1. Related Commands dir (4-90) delete pub lic-ke y (4 -52) dir Th is command displays a list of files in f lash memor y .
F LASH /F ILE C OMMAN DS 4-91 • File informatio n is shown below: Example Th e following example shows how to display all file info r mation : whichboot This comma nd displa ys wh ich fil es were bo oted when th e system po w ered up . Synta x whichboot [ un it ] unit - Stack unit.
C OMMAND L IN E I NTE RF A CE 4-92 Example This examp le sho ws the infor matio n displ aye d by t he whichboot comm and. See the t able un der the dir command for a d escription of t he file infor mati on displayed by this command. boot system This com mand speci fies the image used t o start up t he system.
A UTH EN TI CAT IO N C OMMAN DS 4-93 Example Related Commands dir (4-90) whichbo ot (4-9 1) Aut henticat ion Com mands Y ou can conf igure th is sw itc h to authent icate u sers log ging i nto t he sys tem for manag em ent access using loc al or RADIUS auth entic ation meth ods .
C OMMAND L IN E I NTE RF A CE 4-94 auth entication l ogin This co mmand defi nes th e login authen tica tion met hod and prece dence . Use th e no for m to rest ore the defaul t. Synta x authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • local - Us e local pas sword.
A UTH EN TI CAT IO N C OMMAN DS 4-95 Example Related Commands username - for s etting the local us er names and pass wo rds (4-35) authent ication e nable This co mmand defi nes th e auth entic ation .
C OMMAND L IN E I NTE RF A CE 4-96 • You can s pecify three a uthe nticatio n meth ods in a sin gle command to indi cate the auth entic ation sequen ce. For exam ple, i f you e nter “ authentication enable radi us tacacs local ,” th e user name and password o n the RADIUS server is verified first.
A UTH EN TI CAT IO N C OMMAN DS 4-97 radi us-ser ver host This comma nd specifies primary and bac kup RADIUS ser v ers and auth entica tion p aramete rs that apply t o eac h ser v er .
C OMMAND L IN E I NTE RF A CE 4-98 radi us-ser ver port This command s ets th e RADIUS ser v er netw ork port. Use t he no for m to restor e the d efault. Synta x radius-ser ver port port_num ber no radius-ser ver por t por t_ nu mber - RADIUS se r ver UDP por t used fo r authentication messages .
A UTH EN TI CAT IO N C OMMAN DS 4-99 Example radi us-ser ver retran smit This com mand sets the n umber o f retr ies . Use th e no for m to resto re the defa ult.
C OMMAND L IN E I NTE RF A CE 4-100 Command Mode Glob al Config uration Example show rad ius-server This com mand disp lays the current s etti ngs for the RADIUS s er ver .
A UTH EN TI CAT IO N C OMMAN DS 4-101 TACACS+ C lient T er minal Access Controller Acc ess Co ntrol System (TA CA CS+ ) is a log on authe ntic ation prot ocol tha t uses so ftware r unn ing on a centr al ser ver to con trol acces s to T A CA CS-aw are d evices on t he netw ork.
C OMMAND L IN E I NTE RF A CE 4-102 tacacs-server p ort This com mand speci fies the T A CA CS+ ser v er netw ork port. U se the no for m to restor e the defau lt. Synta x tacacs-ser ver port port_nu mber no tacacs-ser ver por t por t_ nu mber - TA CA C S+ ser ver TCP p or t used f or auth enti cation messages .
A UTH EN TI CAT IO N C OMMAN DS 4-103 Example show ta cacs-server This com mand di spla ys the cur ren t setti ngs for the T A CA CS+ ser v er . Default Setting None Command Mode Pri vileged Ex ec Example Po rt Secur ity Comman ds These comm ands can be used t o enable port securi ty on a p ort.
C OMMAND L IN E I NTE RF A CE 4-104 port secu rity This com mand ena bles or co nfigure s port securi ty . Use th e no for m with out a ny k eyw ords to di sable port secu rity .
A UTH EN TI CAT IO N C OMMAN DS 4-105 Command Usage • If y ou ena ble po rt secu rity, t he sw itch stop s lear nin g new MA C addr esses o n the spec ified p or t wh en it has reach ed a co nfigured maxi mum n umber. Only incom ing traffi c with s ource add resse s already stored in the dynamic or static address tab le will be accepted.
C OMMAND L IN E I NTE RF A CE 4-106 802.1X Port Au thenticat ion The swit c h suppor ts IEEE 80 2.1X (dot1x) port -based access co ntrol that prev ents unaut horize d access to the netw ork b y requir ing users to first sub mit crede ntials for aut henticat ion.
A UTH EN TI CAT IO N C OMMAN DS 4-107 dot1 x syste m-auth- contro l This command enables 802.1X port authentication globa l ly o n the switch. Use the no for m to restore the default.
C OMMAND L IN E I NTE RF A CE 4-108 Default 2 Command Mode Interf ace Conf iguratio n Example dot 1x po rt-co ntr ol Th is comman d sets th e dot1x mode on a por t int erfac e .
A UTH EN TI CAT IO N C OMMAN DS 4-109 dot1x o peration-mo de Th is command allows single or multiple host s (client s) to connect to an 802.1X-authorized por t. Use the no for m with no keyw ords to re store t he defau lt to sing le host. Use th e no for m with th e multi-host max-co unt ke yw ords to restore the defaul t maxi mum co unt.
C OMMAND L IN E I NTE RF A CE 4-110 dot 1x re- aut henti cate Th is command forces re-authent ication on all p ort s or a specific interface. Synta x dot1x re-authenticate [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - P ort numb er.
A UTH EN TI CAT IO N C OMMAN DS 4-111 dot1x t imeout quiet -perio d Th is comman d sets the time that a switch po rt waits afte r the Max Request Coun t has be en ex ceeded be fore atte mpting to acquire a new client. Us e the no for m to reset th e default .
C OMMAND L IN E I NTE RF A CE 4-112 Example dot1x t imeout tx -period Th is command se ts the time that an inter face on the switch waits during an auth entica tion ses sion bef ore re-tran smitti ng an EAP p acket. Use the no form to r eset to the defa ult v alue .
A UTH EN TI CAT IO N C OMMAN DS 4-113 Command Mode Pri vileged Ex ec Command Usage Th is command displays the following in for matio n: • Global 802.1X Parameters – Shows whether or not 802.1X port authenticatio n is globally enable d on the switch.
C OMMAND L IN E I NTE RF A CE 4-114 - Max Count – The maximum number of hosts allowe d to access this port (page 4-109) . - P ort-con trol – Shows the do t1x mod e on a por t a s auto , force -authorize d, or for ce-unauthori zed (page 4-10 8). - Supplicant – MAC address o f authorized c lient.
A UTH EN TI CAT IO N C OMMAN DS 4-115 Example Console#show dot1x Global 802.1X Parameter s system-auth-control: e nable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes .
C OMMAND L IN E I NTE RF A CE 4-116 Access Control List Commands Acce ss Contro l Lists (A CL) pro vide pac ket fi lterin g for IP fr ames (b ased on ad dres s , protoc ol, Layer 4 prot ocol p or t number or TCP c ontrol c ode) or any fra mes (based on MA C addr ess or Ethe r net typ e).
A CCE SS C ONTR OL L IST C OMMAN DS 4-117 • Thi s switch suppo rts ACLs for ingre ss filtering on ly. You can only bind one I P ACL to any port and one MAC ACL g lobally f o r in gress filt ering . In othe r word s, only two ACLs can b e bound to an inte rface - In gres s IP ACL and Ing ress MA C ACL.
C OMMAND L IN E I NTE RF A CE 4-118 access-l ist ip This command adds an IP acces s list and ente rs configurat ion mode for stand ard or extende d IP A CLs .
A CCE SS C ONTR OL L IST C OMMAN DS 4-119 Command Usage • Wh en you crea te a new ACL or ente r configu ratio n mode for a n existin g ACL , use th e permit or deny command to add new rules to the bo ttom of t he list. To create an ACL , you must add at least on e rule to the list .
C OMMAND L IN E I NTE RF A CE 4-120 Command Usage • New ru les are append ed to the end of th e list. • Ad dress bi tmasks a re simila r to a su bnet ma sk, conta ining f our integers from 0 to 255, eac h separated by a period. The binary mask uses 1 bit s to indica te “mat ch” and 0 bit s to ind icate “i gnore.
A CCE SS C ONTR OL L IST C OMMAN DS 4-121 [ precedence pr ec edence ] [ tos tos ] [ dscp dscp ] [ source-por t sp o rt [ end ]] [ desti nation-por t dport [ en d ]] [ control-flag control- flags fla g-b itm ask ] • pro tocol- numb er – A specific protocol number.
C OMMAND L IN E I NTE RF A CE 4-122 • The co ntrol-co de bit mask is a deci mal number (repres enting an equiva lent bit ma sk) tha t is appl ied to the cont rol code . Enter a deci mal nu mber, w here the e quivalen t bina ry bit “1 ” means to matc h a bit and “0” me ans to ig nore a bit.
A CCE SS C ONTR OL L IST C OMMAN DS 4-123 Related Commands access-list ip (4-118) show ip access-list This c ommand displays the r ules for configured IP A CLs . Synta x sho w ip access-list { standard | extended } [ acl_name ] • standard – Specifie s a standard IP ACL.
C OMMAND L IN E I NTE RF A CE 4-124 Command Mode Int erface Conf iguratio n (Eth ernet) Command Usage • A p ort can only be bo und to one ACL. • If a port is alread y bound to an ACL and you bind it to a dif ferent ACL, the sw itch will replace the old binding wit h the new o ne.
A CCE SS C ONTR OL L IST C OMMAN DS 4-125 map access-list ip This com mand set s the output q ueue for pack ets matc hing an A CL r ule. The specifi ed CoS v alue is o nly used t o map the matc hing pac ket to an out put queue; i t is no t writ ten to the pac ket its elf .
C OMMAND L IN E I NTE RF A CE 4-126 show map access-list ip This com mand sh ows the CoS v alue map ped to an IP A CL for the current inte rface . (The CoS v alue determines th e output qu eue for pac kets matching an A CL r ule.) Synta x sho w map access-lis t ip [ interface ] interface • ethernet unit / port - unit - Sta ck uni t.
A CCE SS C ONTR OL L IST C OMMAN DS 4-127 MAC ACL s access-list mac This command adds a MA C access list an d ente rs MA C A CL conf iguration mode. Use t he no for m to remo ve t he specifie d A CL. Synta x [ no ] access-l ist mac ac l_ nam e acl_ name – Name of t he A CL.
C OMMAND L IN E I NTE RF A CE 4-128 Command Usage • Wh en you crea te a new ACL or ente r configu ratio n mode for a n existin g ACL , use th e permit or deny command to add new rules to the bo ttom of t he list. To create an ACL , you must add at least on e rule to the list .
A CCE SS C ONTR OL L IST C OMMAN DS 4-129 • address- bitmas k 16 – Bit mask for MAC add ress (in he xidecimal format). • vid – VLAN ID. ( Range: 1-4094) • vid-en d – Upper b ound of VID range. (Range: 1-4094) • pro tocol – A specific Ethernet protocol number.
C OMMAND L IN E I NTE RF A CE 4-130 show mac access-list Th is command displays the r ules for configured MAC A CLs . Synta x show mac access-l ist [ acl_name ] acl_n ame – Name of the A CL.
A CCE SS C ONTR OL L IST C OMMAN DS 4-131 Command Usage • A p ort can only be bo und to one ACL. • If a port is alread y bound to an ACL and you bind it to a dif ferent ACL, the sw itch will replace the old binding wit h the new o ne.
C OMMAND L IN E I NTE RF A CE 4-132 Default Setting None Command Mode Int erface Conf iguratio n (Eth ernet) Command Usage • You mus t configure an ACL mask be fore you can map C oS values to the rul e. • A packet matc hing a rule within the specified ACL is mapped to one of t he ou tput queu es as shown b elow.
A CCE SS C ONTR OL L IST C OMMAN DS 4-133 Command Mode Pri vileged Ex ec Example Related Commands map access-list mac (4-131) ACL I nformation show access-list This command sho ws all A CLs and associated r ules , as well as all the user -defined mas ks .
C OMMAND L IN E I NTE RF A CE 4-134 Example show access-gr oup Th is comm and shows the po r t assign ment s of A CLs . Command Mode Pri vileged Ex ecutiv e Example Console#show access-lis t IP standard access-list david: permit host 10.1.1.21 permit 168.
SNMP C OMMAN DS 4-135 SNMP Commands Controls acces s to this sw itch from manageme nt stations using the Simple Netw ork M anagement Pr otocol (SNM P), as w ell as th e er ror t ypes sen t to trap mana g ers . snmp-s erver communit y This com mand defin es the c ommun ity access string for the Simple Network M anag ement Pr otocol.
C OMMAND L IN E I NTE RF A CE 4-136 • rw - Sp ecifie s read/wr ite acce ss. Au thorized managem ent stat ions are able to both retrieve and modify MIB objects. Default Setting • public - Read-only acce ss. Authorized managemen t stations are only able to retriev e MIB objects.
SNMP C OMMAN DS 4-137 Example Related Commands snmp-ser v er locatio n (4-137) snmp-s erver location This comma nd sets th e system lo cation st ring . Use t he no f o r m t o r e m ov e the l ocat ion string. Synta x snmp-ser ver locati on text no snmp-ser ver location text - String t hat describe s the sy stem locatio n.
C OMMAND L IN E I NTE RF A CE 4-138 snmp-s erver h ost This co mmand specif ies the reci pient of a Sim ple Ne tw ork Ma nagement Prot ocol n otificat ion o peration .
SNMP C OMMAN DS 4-139 enable traps command and the snmp-server ho st comma nd for th at host mus t be en abled . • Som e notif ication type s cann ot be co ntro lled with t he snm p-s er ver enable traps comma nd. For exam ple, so me no tifica tion type s are al ways enabl ed.
C OMMAND L IN E I NTE RF A CE 4-140 Command Usage • If you do no t enter an snm p-s er ve r e nab le t ra ps command, n o not ifica tions contro lled b y this comma nd are se nt. In order to con figure th is device t o send SNMP no tifica tions, you must e nter at least one snmp-server enable traps comma nd.
SNMP C OMMAN DS 4-141 Example Console#show snmp SNMP traps: Authentication: enabled Link-up-down: enabled SNMP communities: 1. private, and the privilege is read-write 2.
C OMMAND L IN E I NTE RF A CE 4-142 Interface Commands These comm ands are used to disp lay o r set co mmunic ation param eters for an Eth ern et p or t, a g g regated link, o r VLAN .
I NTERFACE C OMMAN DS 4-143 interface This com mand conf igures an interf ace type and en ter inter face config urati on m ode. Use the no for m to remo ve a tr unk. Synta x interf ace interfac e no interface port-channel cha nnel -id interface • ethernet unit / port -u n i t - S t a c k u n i t .
C OMMAND L IN E I NTE RF A CE 4-144 Default Setting None Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Example The follo wing exampl e adds a descriptio n to port 24. speed -duplex This comman d conf igures the spee d and dupl ex mode of a giv en interfa ce when auto neg oti atio n is di sab led.
I NTERFACE C OMMAN DS 4-145 Command Usage • To force operati on to the speed a nd dup lex mode s pecified in a speed-duplex command, us e the no negotiation command to disa ble auto-n egotiat ion on the sele cted in terface.
C OMMAND L IN E I NTE RF A CE 4-146 auto-negotiatio n is disabled, you must manually specify the link attr ibutes w ith the speed-duplex and flowcontrol c ommands. • If autone gotiat ion is dis abled , auto-M DI/MDI -X pin sig nal configuratio n will also be disabled for th e RJ-45 ports.
I NTERFACE C OMMAN DS 4-147 Default Setting • 100BASE-TX: 10h alf, 10full, 100half, 100full • 1000BASE-T: 10h alf, 10full, 100half, 100full, 1000full • SFP: 1000full Command Mode Inte rface C on.
C OMMAND L IN E I NTE RF A CE 4-148 Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Command Usage • Flow c ontrol can eliminate frame loss by “blocking” traffic from end sta tions or se gmen ts co nnec ted dire ctly to th e swi tch whe n its bu ffe rs fill.
I NTERFACE C OMMAN DS 4-149 Default Setting All interfaces are enable d. Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage Th is com mand a llows you to dis able a por t du e to ab nor m al be havior (e.g ., excessiv e collis ions), and then reenable it after the prob lem has been r esolv ed.
C OMMAND L IN E I NTE RF A CE 4-150 • This command can en able or disab le broa dcast sto rm contro l for t he select ed interfac e. However, the speci fied thr eshold val ue appli es to all po rts on the s witch .
I NTERFACE C OMMAN DS 4-151 Example The follo wing exam ple clears statist ics on por t 5. show i nterfac es st atus Th is command displays the status for an interface. Synta x sho w interfaces status [ interface ] interface • ethernet uni t / port -u n i t - S t a c k u n i t .
C OMMAND L IN E I NTE RF A CE 4-152 Example show interfaces counters Th is command displays interface statistic s . Synta x show interfaces counter s [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number.
I NTERFACE C OMMAN DS 4-153 Command Mode Nor m al Exe c, Pri vileg ed Exec Command Usage If no inte rface is specified , infor mation on all in terfaces is dis played. F or a descri ption o f the items displa yed b y this command, s ee “Showing P or t Statistics ” on pag e 3-115.
C OMMAND L IN E I NTE RF A CE 4-154 sho w interfa ces swit chpo rt Th is command displays the adminis trati ve and operational status o f the specified interfaces . Synta x show interfaces s witchpor t [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t .
I NTERFACE C OMMAN DS 4-155 Table 4-41 Interfaces Switchport Statistics Field Description Broadcas t threshol d S hows if broa dcast stor m suppression is enab led or disable d; if enable d it also shows the threshold level (page 4-149). Lacp status Shows if Link Agg regation Co ntrol Protocol has been enable d or disable d (page 4 -164).
C OMMAND L IN E I NTE RF A CE 4-156 Mirror Port Commands Th is sec tion des crib es how to mir ror tr affic from a sourc e por t to a targ et por t. port monit or This comma nd configures a mirror sess ion. Use th e no for m to clear a mir ror session .
M IR R OR P ORT C OMMAN DS 4-157 • T he dest inati on por t is se t by sp ecify ing an Ethe rne t interf ace. • T he mirror port an d monit or po rt spe eds sh ould m atch, o ther wise traf fic ma y be dr opped from the monito r port. • You can on ly cre ate a si ngle mirror session .
C OMMAND L IN E I NTE RF A CE 4-158 Example The fol lo wing sh ow s mir r oring co nfigured from port 6 to po r t 11: Rate Limit Commands Th is func tion allows the network manag er to cont rol the ma ximum rate for traffic transmitted or receiv ed on an i nterface .
R ATE L IMIT C OMMAN DS 4-159 rate-limit Use thi s comma nd to de fine the rat e li mit lev el for a specific interface. Use this comm and w ithout s pecifyin g a rate to restor e the d efault rate limit level. Use the no for m to re stor e the defa ult sta tus of di sabled .
C OMMAND L IN E I NTE RF A CE 4-160 rate-limit granularit y Use th is command to defi ne the rate lim it g ranu larity for th e F ast Ethernet por ts , and the Gig abit E ther net p or ts . Use th e no for m of this co mmand to re stor e the defa ult se tting .
L INK A GG RE G A T I O N C OMMAN DS 4-161 show rate-limit Use this comman d to display the rate limit g ranularity . Default Setting F ast Ethernet int erfa ce – 3.
C OMMAND L IN E I NTE RF A CE 4-162 Guidelines for Creating Trunks General Guidelin es – • Fini sh conf iguri ng port tr unks be fore you connect the corre spondi ng netw ork cable s bet ween sw itches to a void creat ing a loop. • A tr unk can have up to eigh t ports.
L INK A GG RE G A T I O N C OMMAN DS 4-163 • All th e ports in a trunk ha ve to be tre ated a s a whol e when mo ved from /t o, adde d or dele ted fr om a VL AN v ia the speci fie d port -chann el. • STP , VLA N, and IG MP se tting s can o nly b e made fo r the en tir e trunk via the sp ecified po rt-chann el.
C OMMAND L IN E I NTE RF A CE 4-164 Command Usage • When co nfiguring st atic trunks, the swi tches must comp ly with the Cis co Et her Chann el s tanda rd. •U s e no channel-group to remo ve a por t group from a tru nk. •U s e no interfaces po rt-channel to remove a tr unk from the swit ch.
L INK A GG RE G A T I O N C OMMAN DS 4-165 Example Th e fo llowing shows LA CP e nab led on po r ts 1 1-13. Be caus e LA CP has also been enab led on the po r ts at the other end o f the lin ks , the show interfaces status por t-channel 1 command sh ows that T r unk 1 has been establish ed.
C OMMAND L IN E I NTE RF A CE 4-166 lacp system-priority This comman d config ures a port's LA CP syste m priori ty . Use t he no for m to re stor e the defa ult se tting . Synta x lac p { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The local s ide an aggregate link.
L INK A GG RE G A T I O N C OMMAN DS 4-167 lacp admin-key (Ethernet In terfa ce) Th is comm and configur es a po rt' s LA CP a dminist ration key . Use th e no for m to restor e the d efault set ting . Synta x lac p { actor | par tner } admin-k ey ke y [ no ] lacp { actor | par tner } admin-k ey • actor - The lo cal side a n aggregate li nk.
C OMMAND L IN E I NTE RF A CE 4-168 lacp admin-key ( Port Channel) This comma nd confi gures a port ch annel's LA CP adminis tration key st ring .
L INK A GG RE G A T I O N C OMMAN DS 4-169 lacp port-prio rity This comman d conf igures LA CP p or t pr iority . Use th e no for m to res to re the d efault s ettin g . Synta x lac p { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The lo cal side a n aggregate li nk.
C OMMAND L IN E I NTE RF A CE 4-170 sho w lac p Th is command displays LA CP infor mati on. Synta x sho w lacp [ port-cha nnel ] { counters | inter nal | neighbors | sysid } • port-chan nel - Local identifier for a link aggregation group . (Range: 1-4) • counters - Statistic s for LACP protoc ol message s.
L INK A GG RE G A T I O N C OMMAN DS 4-171 Example Console#show lacp 1 cou nters Port channel: 1 ----------------------- ------------------------------------ -------- Eth 1/ 1 ----------------------- .
C OMMAND L IN E I NTE RF A CE 4-172 Console#show lacp 1 int ernal Port channel : 1 ----------------------- ------------------------------------ -------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------.
L INK A GG RE G A T I O N C OMMAN DS 4-173 Adm in S tat e, Oper Sta te Adminis trative or operat ional values of the actor’s st ate parameters: • Exp ired – The actor’s receiv e machine is in .
C OMMAND L IN E I NTE RF A CE 4-174 Console#show lacp 1 nei ghbors Port channel 1 neighbors ----------------------- ------------------------------------ -------- Eth 1/1 ----------------------- ------.
A DDRESS T AB LE C OMMAN DS 4-175 Addr ess T abl e Com mands These comm ands are used to config ure the ad dress t able for filter ing spe cified addresse s , displa yi ng current ent ries , clear ing t he tabl e, o r set ting the agin g time.
C OMMAND L IN E I NTE RF A CE 4-176 mac-ad dress-ta ble st atic Th is command map s a static ad dress to a destinatio n po rt in a VLAN . Use the no for m to remo ve an addres s .
A DDRESS T AB LE C OMMAN DS 4-177 • A st at ic add ress c ann ot be le arne d on anot her po rt u ntil th e add res s is removed w ith the no fo rm of this command.
C OMMAND L IN E I NTE RF A CE 4-178 • vlan - id - VLAN ID (Range: 1-4094 ) • sort - Sor t by addr ess, vlan or interfa ce. Default Setting None Command Mode Pri vileged Ex ec Command Usage • The M AC Addres s Table con tains the MAC ad dresses a ssocia ted with each int erface .
A DDRESS T AB LE C OMMAN DS 4-179 ma c-ad dres s-ta ble agi ng- tim e Th is comman d sets the aging time for entries i n the addres s table. Use the no for m t o restor e the d efault a ging tim e . Synta x mac-address-ta ble a ging-time seco nds no mac-address-ta ble agi ng-time seconds - Aging time .
C OMMAND L IN E I NTE RF A CE 4-180 Spanni ng Tre e Comma nds This sect ion inc ludes co mmands t hat con figure the Spann ing T ree Alg orith m (STA) globally for the sw itch, and c ommand s that co nfigure ST A for t he select ed interfac e.
S PANNING T REE C OMMAN DS 4-181 spanning- tree This com mand ena bles the Spannin g T ree Alg ori thm glo bally for the swit ch. Use t he no for m to disable it.
C OMMAND L IN E I NTE RF A CE 4-182 spanning- tree mode This com mand sele cts th e spanni ng tr ee mode f or this s witch . Use t he no for m to restor e the defau lt. Synta x spanning-tree mode { stp | rs tp } no spanning-tree mode • stp - Spanning Tree Protocol ( IEEE 802.
S PANNING T REE C OMMAN DS 4-183 spanning- tree forward-tim e Th is command configures th e spanning tree bridg e forward time glo bally for this switch. Use the no for m to res tore the d efault. Synta x spanning-tree for w ard -t ime se con ds no spanning-tree forw ar d-ti me secon ds - Time in second s .
C OMMAND L IN E I NTE RF A CE 4-184 Default Setting 2 second s Command Mode Glob al Config uration Command Usage Th is com mand se ts the time i nter val (in s econd s) at wh ich the ro ot device tran smits a configuration message.
S PANNING T REE C OMMAN DS 4-185 a new roo t por t is selec ted from among th e device port s attache d to the network. Example spanning- tree priority Th is command configure s the spanning tree prio rity globally for this swit ch. Use t he no for m to res tore the d efault.
C OMMAND L IN E I NTE RF A CE 4-186 spanning- tree pathcost method This comma nd confi gures the path cost method u sed for Rap id Spanning T re e . Use the no for m t o resto re the d efault.
S PANNING T REE C OMMAN DS 4-187 Default Setting 3 Command Mode Glob al Config uration Command Usage Th is command limits the m aximum transmission rate for BPDUs . Example spanning- tree spanning-disabled This co mmand di sables the sp annin g tree algori thm for the spe cified interface.
C OMMAND L IN E I NTE RF A CE 4-188 spanning- tree cost This com mand conf igures the spanni ng tree p ath co st for th e specifi ed interface. Use the no for m to rest ore the default. Synta x spanning-tree cost cost no spanning-tree cost cost - Th e path cost for the po r t.
S PANNING T REE C OMMAN DS 4-189 spanning- tree port-pr iority This comma nd config ures the pr iority fo r the spec ified in terface . Use th e no for m t o res tore th e defau lt. Synta x spanning-tree por t-priority priority no spanning-tree por t-priority priority - The priority for a port.
C OMMAND L IN E I NTE RF A CE 4-190 Default Setting Disabled Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Command Usage • You can enable this option if an interfa ce is att ached to a LA N segmen t that i s at the en d of a bri dged LA N or to an en d node.
S PANNING T REE C OMMAN DS 4-191 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage • This co mmand is used to enabl e/disabl e the fast spann ing-tree mode for the se lected port. In this mo de, ports skip th e Discardin g and Learni ng states, and proceed s traight to Forwardi ng.
C OMMAND L IN E I NTE RF A CE 4-192 Default Setting auto Command Mode Inte rface Conf igur ation ( Ethernet, P ort Channel ) Command Usage • Spe cify a poin t-to-po int link i f the i nterface can on ly be conn ected t o exactl y one othe r bridge , or a sh ared lin k if it can b e conne cted to tw o or more bri dge s.
S PANNING T REE C OMMAN DS 4-193 Command Usage If at any time the switch detects STP BPDUs , including Configuratio n or T opolo g y Chang e Notific ation BPDUs , it will automatically se t the selecte d interface to forced STP-co mpatible mode.
C OMMAND L IN E I NTE RF A CE 4-194 • For a descri ption o f the it ems dis played under “Sp anning- tree information,” see “Configuring Global Settings” on page 3-132. For a descripti on of the items displayed for specific interfaces, see “Displaying Interface Settings” on page 3-136.
VLAN C OMMAN DS 4-195 VLAN Comman ds A VLAN is a g r oup of po r ts that can be lo cate d anywh ere in the network, but commun icate a s though they bel ong to the sam e ph ysical s egment.
C OMMAND L IN E I NTE RF A CE 4-196 Command Mode Glob al Config uration Command Usage • Use the VLAN databas e command mode to add, chang e, and d elete VLA Ns. Af ter fin ishing config ura tion cha nges, y ou can display the VLA N sett ings by e nteri ng the show vla n comman d.
VLAN C OMMAN DS 4-197 • state - Keywo rd to be follo wed by t he VLAN state. - active - VLA N is operational. - suspend - VLAN i s suspe nded. Suspende d VLANs do no t pass packets . Default Setting By default only VLAN 1 exis ts and is active . Command Mode VLAN D atabase Configu ration Command Usage • no vlan vl an-id deletes th e VL AN.
C OMMAND L IN E I NTE RF A CE 4-198 Configur ing VLAN Interf aces interface vlan This com mand enter s inte rface confi g uration mode fo r V LANs , which is used to con figure VLA N paramete rs for a ph ysical i nterface . Synta x interface vlan vlan- id vlan-i d - ID of the configured VLAN .
VLAN C OMMAN DS 4-199 Example Th e followi ng examp le shows how to se t the inte rfac e configu ratio n mode to VLAN 1, and then a ssign an IP address to the VLAN: Related Commands shutdown (4-148) swit chpo rt mo de This com mand conf igures t he VLAN membershi p mode fo r a port.
C OMMAND L IN E I NTE RF A CE 4-200 Example Th e fo llowing shows how to se t the c onfigu rat ion mode to por t 1, an d then set the s witchpo rt mo de to h ybr id: Related Commands switchpor t acceptable-frame-types (4-2 00) switchpor t acceptable-fra me-types This com mand conf igures t he acceptab le frame ty pes fo r a port.
VLAN C OMMAN DS 4-201 Related Commands switchpor t mode (4-1 99) switchp ort ingress-fi ltering Th is command en ables ing res s filt erin g for an i nterface .
C OMMAND L IN E I NTE RF A CE 4-202 swit chpo rt nat ive vlan Th is comm and configur es the P VID (i. e ., de fault VLA N ID) for a por t. Use th e no for m to rest ore the defaul t. Synta x s witchpor t nativ e vlan vl an- id no s witchpor t nativ e v lan vlan-i d - Default VL AN ID for a por t.
VLAN C OMMAN DS 4-203 swit chpo rt a llow ed vl an This com mand confi gures VLA N g roups o n the s elected i nterface . Use the no for m to r estor e the defa ult.
C OMMAND L IN E I NTE RF A CE 4-204 • If a VLAN on the forbidden list for an interface is manually added to that in terface , the VLA N is autom atically rem oved from the forbidden list for th at interface.
VLAN C OMMAN DS 4-205 Example Th e fo llowing exa mpl e shows how to prevent p or t 1 fro m being add ed to VLAN 3: Displaying VLAN Inform ation show vlan Th is comm and shows VL AN infor matio n. Synta x sho w vlan [ id vlan -id | name vlan- name | priv ate-vlan private-v lan-type ] • id - Key word t o be follo wed by the VLA N ID.
C OMMAND L IN E I NTE RF A CE 4-206 Command Mode Nor m al Exe c, Pri vileg ed Exec Example Th e fo llowing exa mpl e shows how to dis play infor ma tion f or V LAN 1: Configur ing Private VLA Ns Pri vate VLA Ns pro vide port-based securit y and i solation betw een p or ts within the ass igned VLAN .
VLAN C OMMAN DS 4-207 This s ection de scri bes comm ands u sed to c onfigu re pri v ate VL ANs . T o confi gure pr imar y/seco ndary associated g roups , fol low these steps : 1. Use the pri v ate-vlan comm and to d esign ate one o r mor e commu nity VLANs and the primar y VLA N that will channel traffic out side of the comm unity g roup s .
C OMMAND L IN E I NTE RF A CE 4-208 5. Use the s witchpor t pri v ate-vlan m apping command to assign a por t to a primar y VLAN . 6. Use the sho w vlan pri v ate-vlan command to v erify your config urati on settin gs . T o confi gure iso lated VLA Ns , follo w thes e steps: 1.
VLAN C OMMAN DS 4-209 Default Setting None Command Mode VLAN Co nfiguration Command Usage • Pri vate VLAN s are u sed to r estric t traffi c to po rts within the s ame commun ity or isolat ed VLAN , and ch annel traffic p assing outsi de the co mmunity t hrough pr omisc uous p orts.
C OMMAND L IN E I NTE RF A CE 4-210 private vla n association Use th is comm and to as sociate a prima r y VLAN w ith a sec ondary (i.e ., comm unity) VLAN .
VLAN C OMMAN DS 4-211 swit chpo rt m ode p riva te- vlan Use th is command t o set the p riv ate VLA N mode for an in terface . Use the no for m t o restor e the d efaul t settin g .
C OMMAND L IN E I NTE RF A CE 4-212 switchpor t private-v lan host-association Use th is command to ass ociate an in terface w ith a seco ndar y VLAN .
VLAN C OMMAN DS 4-213 Default Setting None Command Mode Inte rface C onfigu ration (Ether ne t, P or t Chan nel) Command Usage Host ports assig ned to a i solated VLAN cannot pass tr affic bet ween group members , and m ust comm unicat e with res ources ou tside o f the group via a promiscu ous port.
C OMMAND L IN E I NTE RF A CE 4-214 Example sho w v lan pri vat e- vla n Use t his com mand to sho w the p ri va te VLAN conf igurati on sett ings on this sw itch.
GVRP AND B RIDGE E XTENSION C OMMAN DS 4-215 GVRP a nd B ridg e Exte nsio n Com mands GARP V LAN Registra tion Pr otoc ol defi nes a way for swit ches to ex chang e VLAN infor m ation in orde r t o auto matic ally re gis ter V LAN memb ers on in terface s acro ss the net w ork.
C OMMAND L IN E I NTE RF A CE 4-216 Command Mode Glob al Config uration Command Usage GVRP define s a wa y for switches to ex change VL AN info r mation in order to reg ister VL AN membe rs on p or ts ac ross the net w o rk.
GVRP AND B RIDGE E XTENSION C OMMAN DS 4-217 swi tchpor t gvrp This comma nd enables GVRP for a p or t. Use t he no for m to disable it. Synta x [ no ] s w i t c h p o rt g v rp Default Setting Disabled Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Example show gv rp configura tion Th is command shows if GVRP is enabled.
C OMMAND L IN E I NTE RF A CE 4-218 Example gar p tim er Th is command sets th e v alues for the join, leav e and leaveall timers . Use the no for m to re store the timers’ d efault values .
GVRP AND B RIDGE E XTENSION C OMMAN DS 4-219 • Timer values mus t meet th e follow ing re striction s: - leave > = (2 x join) - leaveall > leave Note: Set GVRP ti mers on all Layer 2 devi ces con nected in the sam e networ k to the sa me values .
C OMMAND L IN E I NTE RF A CE 4-220 Example Related Commands g arp timer (4-218) Priority Commands Th e commands desc ribed in this sect ion allow y ou to sp ecify which data pac ke ts hav e greater pre cedence wh en traffic is buffer ed in the switc h due to congestion .
P RIORI TY C OMMAN DS 4-221 queue mode Th is comman d sets the queue mod e to stric t priority or W eighte d R ound -R obin (WRR) fo r the class of se r vice (CoS) pri ority queues .
C OMMAND L IN E I NTE RF A CE 4-222 Command Usage Y ou can s et the swit ch to ser vice th e queues based o n a strict r ule that require s all traffic in a h igher prio rity queue to b e proces sed b.
P RIORI TY C OMMAN DS 4-223 frames). This priority does not ap ply to IEEE 802.1Q VLAN tagged frames. If the in coming frame is an IEEE 802.1Q VLAN tagg ed frame, the IEEE 802.1p User Priority bits will be used. • T his swit ch prov ides e ight prio ri ty queu es for ea ch por t.
C OMMAND L IN E I NTE RF A CE 4-224 Command Usage WRR c ontrols bandw idth sha ring at the egress port b y defi ning sched uling weight s . Example This examp le sho ws ho w to as sign WRR w eights t .
P RIORI TY C OMMAN DS 4-225 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage • CoS value s assign ed at the ing ress po rt are also us ed at the egres s port. • This command sets t he CoS priority for all interface s.
C OMMAND L IN E I NTE RF A CE 4-226 show queu e bandwidt h This com mand disp lays the we ighted r ound-ro bin (WRR) bandwidt h allocatio n for the fo ur priori ty queues. Default Setting None Command Mode Pri vileged Ex ec Example show queue cos-map This co mmand show s the cl ass of ser vice pri ority map .
P RIORI TY C OMMAN DS 4-227 Example Priorit y Commands (Layer 3 and 4) Console#show queue cos- map ethernet 1/1 Information of Eth 1/1 CoS Value : 0 1 2 3 4 5 6 7 Priority Queue: 0 0 0 1 2 2 3 3 Conso.
C OMMAND L IN E I NTE RF A CE 4-228 map ip port ( Global C onfigu ration) Th is command enables IP por t mapping (i.e., class of se r v ice mapp ing for TCP/UDP sock ets).
P RIORI TY C OMMAN DS 4-229 Command Mode Inte rface C onfigu ration (E ther ne t, P or t Channe l) Command Usage • The prece dence fo r priorit y mapping is IP Port, IP Precedence o r IP DSC P, an d defa ult s witch port priorit y. • This command sets the IP p ort priority for all interfaces.
C OMMAND L IN E I NTE RF A CE 4-230 map ip precedence (I nterface Conf iguration) This command sets IP preced ence priori ty (i.e., IP T ype of Ser vice pri ori ty). U se the no for m to res tore the defau lt table . Synta x map ip precedence ip-pr ecedence-value cos cos- value no map ip precedence • prec edence -va lue - 3-bit precedence value .
P RIORI TY C OMMAN DS 4-231 map ip dscp ( Global Configuration) Th is command enables IP DSCP mapp ing (i.e., Differentiated Ser vices Code P oint mapping).
C OMMAND L IN E I NTE RF A CE 4-232 Default Setting Th e DS CP default v alu es are de fined in the fo llo w ing table. No te that all the DSCP v alues th at are not s pecifi ed are map ped to CoS v alue 0.
P RIORI TY C OMMAN DS 4-233 show map ip port Use thi s comm and to s how the IP po rt pri ority m ap . Synta x show map ip por t [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number.
C OMMAND L IN E I NTE RF A CE 4-234 show m ap ip prece dence This com mand sh ows the IP preceden ce prio rity ma p . Synta x show map ip precedence [ interface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number.
P RIORI TY C OMMAN DS 4-235 show map ip dscp Th is command shows the IP DSCP prio rity map . Synta x show map ip dscp [ in terface ] interface • ethernet unit / port -u n i t - S t a c k u n i t . (Range – SMC6224M: 1-8, SMC6248M : 1-4, mixed stack: 1-4) - port - Port number.
C OMMAND L IN E I NTE RF A CE 4-236 Mult ica st Fi lte ring Comm and s Th is switch u ses IGMP ( Inter n et Grou p Manag e ment Prot ocol) to que r y for an y attac h ed ho sts t hat want to rece iv e a s pecific m ulticas t ser vic e. I t ident ifies the ports co ntainin g host s reques ting a ser vice a nd sends data out to those ports only .
M ULTICAST F ILTERING C OMMAN DS 4-237 ip ig mp snoopi ng Th is command enables IG MP snoopin g on this switch. Use the no for m to d isable it. Synta x [ no ] ip igmp snooping Default Setting Ena bled Command Mode Glob al Config uration Example The follo wing ex ample ena bles I GMP sno oping .
C OMMAND L IN E I NTE RF A CE 4-238 Command Mode Glob al Config uration Example Th e following shows how to statically configure a multicast g roup on a por t: ip ig mp snoopi ng vers ion This com mand con figures t he IGMP s nooping ve rsion. U se the no for m to resto re the default.
M ULTICAST F ILTERING C OMMAN DS 4-239 show ip ig mp snoopi ng Th is comm and shows the IG MP sn oopin g config ura tion. Default Setting None Command Mode Pri vileged Ex ec Command Usage See “Con figuri ng IGMP Sn oopin g and Que r y P arameters ” on pag e 3-1 85 for a d escr iption of th e dis played ite ms .
C OMMAND L IN E I NTE RF A CE 4-240 Command Mode Pri vileged Ex ec Command Usage Mem ber ty pes d ispla yed inclu de IG MP or USE R, d e pe nding on sele cted opti ons.
M ULTICAST F ILTERING C OMMAN DS 4-241 ip ig mp snoopi ng qu erier This com mand enabl es the sw itc h as an IGM P querier . Use the no fo r m t o dis able i t. Synta x [ no ] ip igmp snooping querier Default Setting Ena bled Command Mode Glob al Config uration Command Usa ge If enabled, the sw itch will ser ve as querier if elected.
C OMMAND L IN E I NTE RF A CE 4-242 Command Usage Th e qu er y count d efine s how lon g the querie r waits fo r a re spon se from a multica st clie nt bef ore takin g ac tion.
M ULTICAST F ILTERING C OMMAN DS 4-243 ip ig mp snoopi ng query- max-res ponse-t ime This com mand conf igures the quer y report dela y . Use the no for m to restor e the d efault. Synta x ip igmp snooping quer y-max-response-time seconds no ip igmp snooping quer y -max-response-time seconds - T he report del ay adv er tis ed in IGMP qu eries .
C OMMAND L IN E I NTE RF A CE 4-244 ip ig mp snoopi ng router -port-ex pire-t ime This com mand con figures the query timeo ut. Use the no fo r m to r estore the d efaul t.
M ULTICAST F ILTERING C OMMAN DS 4-245 Static Multicast Routing Commands ip ig mp snoopi ng vlan mrouter Th is command statically config ures a m ulticast rout er por t.
C OMMAND L IN E I NTE RF A CE 4-246 Example Th e fo llo w ing shows how to conf igure por t 11 as a multicast r outer por t within VL AN 1: show ip igmp snoopi ng mrout er Th is command displays infor mation on static ally configured and dynamically le arned multicast router por ts .
IP I NTERFACE C OMMAN DS 4-247 IP In terface Commands An IP add res ses may be used for manag emen t ac ces s to the swit ch ov e r y our networ k . The IP address for this switch is obtained via DHCP b y default .
C OMMAND L IN E I NTE RF A CE 4-248 Default Setting DHCP Command Mode Int erface Conf iguratio n (VLA N) Command Usage • You must assi gn an IP add ress to this device t o gain management access over t he netw ork. You can manual ly conf igure a s pecifi c IP addres s, or dir ect the devi ce to obt ain an add ress from a BOOTP or DHC P server .
IP I NTERFACE C OMMAN DS 4-249 ip default-gateway Th is command establis hes a stat ic route between this switch and devices that exis t on ano ther ne twork segmen t.
C OMMAND L IN E I NTE RF A CE 4-250 Command Usage • This command is sues a BOOTP or DHCP client r equest fo r any IP interfa ce that has been set to BOOTP or DHCP mo de via the ip address co mmand. • D HCP req uire s t he se rver to re ass ig n the cli ent ’s l ast a ddr ess if available.
IP I NTERFACE C OMMAN DS 4-251 show ip redirects This com mand sh ows the defaul t gatewa y con figured for thi s device . Default Setting None Command Mode Pri vileged Ex ec Example Related Commands ip default-gatewa y (4-249) ping Th is comm and send s ICM P echo re ques t packets to ano ther no de on the network.
C OMMAND L IN E I NTE RF A CE 4-252 Command Usage • Us e the pin g comman d to se e if an other s ite on the netw ork c an be reached . • Follow ing are so me results of the ping command: - Normal re sponse - The nor mal res ponse o ccurs in one to ten seco nds, depe ndin g on netw ork tr affic.
A-1 A PPENDI X A S OFTWARE S PECIFI CATIO NS Software Features Authentication Local, RADIUS , TA CA CS , P or t (802.1X) , HTTPS , SSH, P or t Security Acc ess Co nt ro l Lis ts IP , MA C (up to 88 li.
S OFTWA R E S PECIFIC ATIONS A-2 Spanning T ree Algorithm Spanning T ree Pr otocol (STP , IEEE 802.1D ) Rapid Span ning T ree Protocol (RSTP , IEEE 802.
S OFTW AR E S PECIFICATIONS A-3 RMON Groups 1, 2, 3, 9 (Statisti cs , Hi stor y , Alar m, Ev ent) Standards IEEE 802.1D Spanning T ree Protocol and traffic prio rities IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Sp anning T ree Pr otocol IEEE 802.
S OFTWA R E S PECIFIC ATIONS A-4 Manage ment Info rmati on Bas es Bridge MIB ( RFC 1493) Entity MIB (RFC 2737) Ether -like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Ag ents MIB (RF.
B-1 A PPEND IX B T ROUBLESHOOTING Problems Accessing the M a nagement Interface Table B- 1 Troubleshoot ing Chart Symptom Acti on Cannot con nect using Telnet, web browse r, or SNMP software • Be sur e the swi tch is pow e re d up. • Chec k network cab ling betw een the manage ment stat ion and the swit ch.
T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • I f you cannot conne ct using SSH, you may have exce eded the maxim um number of concurre nt Telnet/SSH sessio ns perm itted.
U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the Installatio n Guide to e nsure th at the prob lem you enco unt ere d is ac tual ly ca us ed by the sw itch . If th e probl em app ears to be cau sed by the sw itch, follow thes e ste ps : 1.
T R OUBLESHOOTING B-4.
Glossary-1 G LO SSARY Acc ess Cont rol L ist (ACL) A CLs ca n limit netw ork tr affic and restrict access t o certain users or devices by c hec king eac h pac ke t for certain IP or MA C (i.
G LOSSAR Y Glossary-2 Dynamic H ost C ontrol Pr otocol (DHC P) Pro vides a fram ew ork for pas sing conf i guration infor mation to hosts on a TCP/ IP netw ork. DH CP is based on t he Boot strap Protocol (BOOT P), adding the c apability of automatic allo ca tion of reusable network addresse s and ad ditio nal conf igu ration o ption s .
G LOSSAR Y Glossary-3 IEEE 802.1D Specifies a g eneral method for the operation of MA C bridg es , inc luding the S pan ning T r ee Pr otoc ol. IEEE 802.
G LOSSAR Y Glossary-4 IGMP Query On each subnetw ork, on e IGMP-capable device w ill act as the querier — that is , the device that asks all hosts to re por t on th e IP multic ast g ro ups they wish t o join or to which they already belong . Th e elected querier will be the device wi th the l ow est I P address in the s ubnetw ork.
G LOSSAR Y Glossary-5 Link Aggregation See Por t Trunk. Link Ag g regation Contr ol P rotocol (LA CP) Allows por ts to autom atically neg otiat e a tr unked link with LA CP-con figu red ports on an othe r device . Manag ement Infor m ation Base (MIB) An acro nym for Management Infor mation Base .
G LOSSAR Y Glossary-6 Port Mirr oring A method w hereb y data on a target port is mir rored to a monitor po r t for troub lesho oting with a logi c an aly zer or R MON p rob e. This allows da ta on the ta rg et por t to be studie d uno bstr uctively .
G LOSSAR Y Glossary-7 Sim ple Net wor k Ma nage ment Pr otoc ol (S NMP) The app licat ion p rotocol in t he Inte r net suite of pro tocol s whi ch offers network mana g ement se r v ices .
G LOSSAR Y Glossary-8 User Datagr am Pr otocol (UDP ) UDP pro vides a datagram mode for pa ck et-switc hed com munica tions . I t uses IP as th e underl ying tr ansport mec hanis m to pr ovid e access to IP-l ike ser vi ces.
Index-1 Numeri cs 802.1X, port authen tication 3-66 A accept able frame t ype 3 -157 , 4-200 Access Contro l List Se e ACL ACL Extended I P 3-78 , 4-1 16 , 4-117 , 4-120 MAC 3 -79 , 4-116 , 4-127 , 4-.
I ND EX Index-2 GVRP global setti ng 4-215 interface con figurati on 3-158 , 4-2 17 GVRP, g lobal setting 3-1 48 H hardware version, displ aying 3-13 , 4-83 HTTPS 3-54 , 4-42 HTTPS, secure server 3-54 , 4- 42 I IEEE 8 02.1D 3-127 , 4-182 IEEE 8 02.1w 3-127 , 4-182 IEEE 8 02.
I NDEX Index-3 port priority configuring 3 -169 , 4-22 0 default i ngress 3-169 , 4-222 STA 3-138 , 4-189 port security, configuring 3-64 , 4- 103 port, statistics 3-115 , 4-152 ports autoneg otiati o.
I ND EX Index-4 setting 3-22 , 4-92 static addr esses, s etting 3 -122 , 4-176 statis tics port 3-115 , 4-1 52 STP 3-132 , 4-182 STP Also see STA system cl ock, s etting 3-42 , 4-71 System Logs 3-33 s.
.
38 T esl a Irvi ne, CA 92 618 Phone : (949) 679-8 000 FOR TECHNICAL SUPPOR T , CALL: From U. S.A. and Ca nada (24 hou rs a day , 7 days a wee k) (800) SMC- 4-Y OU ; Phn: (949) 679- 8000; Fax: (9 49) 679-1 481 Fro m Eur ope : Cont act det ail s can be f ound on www .
Een belangrijk punt na aankoop van elk apparaat SMC Networks SMC TigerStack IV SMC6224M (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen SMC Networks SMC TigerStack IV SMC6224M heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens SMC Networks SMC TigerStack IV SMC6224M vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding SMC Networks SMC TigerStack IV SMC6224M leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over SMC Networks SMC TigerStack IV SMC6224M krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van SMC Networks SMC TigerStack IV SMC6224M bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de SMC Networks SMC TigerStack IV SMC6224M kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met SMC Networks SMC TigerStack IV SMC6224M . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.