Gebruiksaanwijzing /service van het product ES3526XA van de fabrikant Accton Technology
Ga naar pagina of 512
P owered by Accton www .edge-core.com Manage ment G uide 24/48 10/1 00 Por ts + 2G E Intellig ent Lay er 2 Fast Et hern et Swit ch.
.
Manage ment Guide Fast Ethernet Switch Layer 2 Stand alone Swi tch with 24/4 8 10/100 BASE- TX (RJ- 45) Port s, and 2 Com binati on Gigab it Ports ( RJ-45/S FP).
ES352 6XA ES355 2XA F2.2.6.3 E12200 6-CS-R 02 1491000 05500 H.
i Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem D efaul ts 1-5 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uratio.
Contents ii Savi ng or Resto ring Con figurati on Setting s 3-22 Downloa ding Confi guratio n Settings from a Server 3-23 Cons ole Port Setti ngs 3-24 Telnet Setti ngs 3-26 Confi guring Eve nt Loggin .
Contents iii Access Control Lists 3-82 Config uring Acc ess Control Lists 3-82 Setting the ACL Na me and Ty pe 3-83 Config uring a Stan dard IP ACL 3-84 Config uring an Exten ded IP ACL 3-85 Config ur.
Contents iv Displ aying Curre nt Private VLANs 3-153 Config uring Private VLAN s 3-154 Associ ating VLAN s 3-154 Displ aying Privat e VLAN Inte rface Inform ation 3-155 Conf igur ing Priv ate VLAN I n.
Contents v Chapter 4: Comma nd Line Interfa ce 4-1 Usin g th e Comm and Li ne I nter fac e 4-1 Acce ssing th e CLI 4-1 Conso le Conn ection 4-1 Telnet C onnecti on 4-1 Ente ri ng Com man ds 4- 3 Keywo.
Contents vi prompt 4 -25 host name 4-26 User Acc ess Comman ds 4 -26 usernam e 4-27 enab le passwor d 4-28 IP Fil ter Comman ds 4-29 manage ment 4 -29 show ma nagement 4-30 Web Server Co mmands 4-31 i.
Contents vii sntp clien t 4-54 sntp ser ver 4-55 sntp poll 4-56 show sntp 4- 56 ntp clie nt 4-57 ntp serv er 4-57 ntp poll 4-58 ntp authe nticat e 4-59 ntp authe nticat ion-key 4- 59 show n tp 4-60 cl.
Contents viii 802.1X Po rt Authentic ation 4-85 dot1 x syste m-a uth- contro l 4-8 6 dot1x defau lt 4-86 dot1 x max-r eq 4-87 dot1x p ort-control 4-87 dot1x o peratio n-mode 4- 88 dot1x re -authentic .
Contents ix snmp- serve r 4-11 7 show sn mp 4-117 snmp- serve r comm unity 4-11 8 snmp- serve r conta ct 4-11 9 snmp- serve r locat ion 4 -119 snmp- serve r host 4-12 0 snmp-serv er enable traps 4-122.
Contents x clear m ac-address -table d ynamic 4-1 58 show mac-addr ess-ta ble 4-158 mac-ad dress-tab le aging-t ime 4-159 show mac-addr ess-ta ble aging -time 4-159 Spanning Tree Com mands 4-160 spann.
Contents xi private-vla n 4-189 priv ate vl an as soci atio n 4-19 0 switchpo rt mode pri vate-vlan 4-191 switchpo rt private-v lan host -associa tion 4-191 switchpo rt private-vla n isolate d 4-192 s.
Contents xii ip igmp snoo ping query -max-res ponse- time 4-218 ip igmp snoopin g route r-port-expire -time 4-218 Stati c Multic ast Routin g Comm ands 4-219 ip igmp snoopin g vlan m router 4-219 show.
Contents xiii cluste r comman der 4-2 50 cluste r ip-pool 4-250 cluste r memb er 4-251 rcomma nd 4-252 show cl uster 4-252 show cl uster member s 4-253 show cl uster candid ates 4-253 Appendix A: Soft.
Contents xiv.
xv Tab les Table 1-1 Key Featu res 1-1 Table 1-2 System Defaults 1-5 Table 3-1 Configura tion Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-29 Table 3-6 HTTPS Syste m Support 3-59 Table 3-7 802.
T ables xvi Table 4-2 7 Authe nticat ion Comm ands 4-76 Table 4-2 8 Authe ntication Sequen ce 4-76 Table 4-29 RADIUS Client Comm ands 4-78 Table 4-3 0 TACACS Com mands 4-81 Table 4-3 1 Port Se curity Com mands 4-84 Table 4-3 2 802 .
T ables xvii Table 4-72 IGMP Fi ltering an d Throttl ing Comm ands 4-221 Table 4-73 Multic ast VLAN Re gistratio n Command s 4-228 Table 4-74 show mvr - displa y des cription 4-231 Table 4-76 show mv .
T ables xviii.
xix Figu res Figure 3-1 Home Page 3-2 Figure 3-2 Panel Displa y 3-3 Figu re 3 -3 Syst em In fo rmat ion 3 -1 0 Figure 3-4 Displayi ng Switc h Information 3-12 Figure 3-5 Bridge Extension C onfigurati .
Figures xx Figure 3-4 3 Network Access Co nfiguratio n 3-76 Figure 3-4 4 Network Access Port Co nfiguratio n 3-77 Figure 3-4 5 Network Access MAC Address Info rmation 3-78 Figure 3-4 6 Network Access .
Figures xxi Figu re 3 -88 P ort P rior ity Conf igur atio n 3-15 9 Figu re 3- 89 Tr affi c Clas ses 3- 161 Figure 3-90 Queue M ode 3-162 Figure 3-91 Configu ring Que ue Sche duling 3-163 Figure 3-92 I.
Figures xxii.
1-1 Chapter 1: Introduction This switc h provides a b road rang e of featur es for Lay er 2 switching . It includes a manage ment ag ent that allo ws you to con figure the fe atures listed in this man ual. The defau lt configur ation can be used for m ost of the feat ures provi ded by this switch .
Introduction 1-2 1 Description of Software F eatures The sw itch pr ovides a wid e range of a dvanc ed perfor mance enha ncing features . Flow cont rol elimina tes the loss of packets due to bot tlenecks caused by po rt satura tion. Broadc ast storm suppress ion preven ts broadcas t traffic storms f rom eng ulfi ng th e net work .
Description of So ftware Feature s 1-3 1 Port Mirroring – The swi tch can un obtrusiv ely mirror traffic from any po rt to a monitor port. Y ou can then attach a protoc ol analyzer or RMON probe to this por t to perform traffic an alysis and v erify c onnection inte grity .
Introduction 1-4 1 Virtual LANs – The switch sup ports up to 255 VLA Ns. A Virtual LAN is a c ollection of network n odes t hat share th e same col lision do main rega rdless of their physi cal location or connec tion point in th e network . The switch s upports tagged VLA Ns based on the IEE E 802.
System Default s 1-5 1 System Defaults The switch’s sy stem defa ults are provide d in the conf iguration f ile “Fact ory_Def ault_C onfig.cfg .” To rese t the switc h defaults, thi s file shou ld be set as the start up configur ation file (pa ge 3-24) .
Introduction 1-6 1 Port Conf iguratio n Admin Status Enabled Auto-neg otiation En abled Flow Con trol Disabled Rate Limi ting Inp ut and ou tput lim its Disabled Port Trunking Sta tic Trunks None LACP.
System Default s 1-7 1 System L og Status Enabled Message s Logg ed Levels 0- 7 (all) Message s Logg ed to F lash Levels 0-6 SMTP Em ail Aler ts Event Ha ndler Enabled (but no server defined) SNTP Clo.
Introduction 1-8 1.
2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a built-in netwo rk mana gement agent. T he agent offers a var iety of mana geme nt option s, inc luding S NMP , RM ON and a Web -based interface .
Initial Configur ation 2-2 2 • Configure up t o 4 static or LA CP trunk s • Enable port m irroring • Set broad cast s torm c ontrol o n an y po rt • Display syst em informa tion and statistics.
Basic Co nfiguration 2-3 2 Remote Connections Prior to acces sing the switc h’s onboa rd age nt via a netw ork c onnection , you must fi rst c onf igure it wit h a va lid IP ad dre ss, s ubnet ma sk, an d de faul t ga tewa y usi ng a console connect ion, DHCP or BOOTP pr otocol.
Initial Configur ation 2-4 2 Setting Passwords Note: If this is yo ur first time to log into the CLI pr ogram, you s hould define new passwords for both default user names us ing the “u sername” comm and, record them and put them in a safe place .
Basic Co nfiguration 2-5 2 Before you ca n assign an IP addres s to the swi tch, you m ust obtain the f ollowing inform ation from y our netwo rk administ rator: • I P address for th e swit ch • Default gatew ay for the ne twork • Ne twork mask for this network T o assig n an IP add ress to the switch, com plete the follow ing steps: 1.
Initial Configur ation 2-6 2 5. W ait a few minutes, an d then chec k the IP con figurat ion settings by typing th e “show ip int erface” co mman d. Press <E nter>. 6. Then save y our con figuratio n changes by typing “co py runni ng-confi g startup-co nfig.
Basic Co nfiguration 2-7 2 The defa ult stri ngs are : • public - with read-on ly acc ess. A uthorize d mana geme nt stat ions are only able to ret rieve MIB obje cts. • private - w ith re ad-write access. Author ized ma nagem ent stat ions are able t o both ret rieve and modif y MIB obje cts.
Initial Configur ation 2-8 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re manag ement access for SN MPv3 cli ents, you need t o first create a view tha t defines the portions of MIB that the cli ent can read or writ e, assign the v iew to a group , and then assign the use r to a group.
Managing System Files 2-9 2 Managing System Files The s wit ch’ s fl ash memor y su ppor ts thre e ty pes of sys tem f il es tha t ca n be m anag ed by the CLI prog ram, Web int erface, or SN MP . The switch ’s file system allow s files to be upload ed and dow nloade d, copied, del eted, and se t as a start-up file.
Initial Configur ation 2-10 2.
3-1 Chapter 3: Config urin g the Switc h Using the Web Interface This swi tch prov ides an embedd ed HT TP Web agent. U sing a Web brows er you c an configure t he switch and vi ew stati stics to mon itor network a ctivity . The Web agent can be acce ssed by any compu ter on the ne twork using a standard Web br owser (Interne t Explorer 5.
Configuri ng the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-br owser interface yo u must first enter a user name and password . The ad ministra tor has Read/ Write acce ss to all configur ation param eters and statisti cs. The de fault user na me and pass word for the adm inistrato r is “admin .
Panel Display 3-3 3 Configurati on Options Configu rable parameters have a dialo g box or a dr op-down list. Once a confi guration change ha s been m ade on a page, b e sure to click o n the Appl y button to co nfirm the new set ting. The following table su mmariz es the web page c onfigurat ion button s.
Configuri ng the Switch 3-4 3 Main Menu Using th e onboard web agent, you can def ine system parameter s, manage an d contro l the switch, and all its ports, or monit or network c ondition s. The foll owing table briefly des cribes the select ions availab le from th is program.
Main Menu 3-5 3 SSH 3-61 Host-Key Setting s Generate s the h ost key pair (pub lic and private) 3-63 Sett ing s Conf igur es Sec ure Shell serv er set ti ngs 3-65 Port Secu rity Configure s per p ort securit y , in cludin g status, re spons e for security b reach, and m aximum all owed M AC ad dresses 3-66 802.
Configuri ng the Switch 3-6 3 Trunk Bro adcast Contro l Sets the b roadcast storm t hreshold f or each trunk 3-10 5 Mirror Port Config uratio n Sets t he sou rce and ta rget po rts for mirr oring 3-10.
Main Menu 3-7 3 Private VL AN 3-152 Informatio n Displays Priv ate VLAN fea ture informatio n 3 -153 Configura tion Th is page is used to create /remove p rimary or commu nity VLANs 3-154 Asso cia tio.
Configuri ng the Switch 3-8 3 IGMP Sn oopin g 3-170 IGMP Con figurat ion Enables m ulticas t filtering; configu res pa rameters f or mult icast query 3-171 IGMP Filte r Configu ration Enables IGMP fil.
Main Menu 3-9 3 Membe r Co nfig ura tion Add s sw itch Member s to the cl us ter 3-195 Member I nforma tion Dis plays clus ter Mem ber sw itch inform ation 3-196 Candidate Inform ation Displays n etwo.
Configuri ng the Switch 3-10 3 Basic Configuration Displaying Syste m Information Y o u can easi ly identif y the system by display ing the de vice nam e, locatio n and conta ct informati on. Field Attributes • Syst em Name – Name assi gned to th e switch syst em.
Basic Co nfiguration 3-11 3 CLI – S peci fy th e ho stna me, l ocat ion and cont act inf ormat io n. Displaying Switch Hardware/ Software Versions Use the Sw itch Infor mation page to di splay ha rdware/fir mware ve rsion nu mbers for the main board and management software, as well as t he power status of the system.
Configuri ng the Switch 3-12 3 These addi tional param eters are dis played f or the CLI. • Unit - This is u nit 1. • Redundant Power Status – Displa ys the statu s of the redu ndant pow er supp ly.
Basic Co nfiguration 3-13 3 Displaying Bridge Extensi on Capabilities The Bridg e MIB includ es extens ions for mana ged dev ices that support Mult icast Fil ter ing, T raf fic Cl asse s, a nd V irt ual LANs. Y ou ca n ac cess t hes e ext ensi ons t o dis play def ault sett ings for the key va riab les.
Configuri ng the Switch 3-14 3 CLI – Enter the fo llowing co mmand. Setting the Switch’s IP Address Thi s sect ion de scri bes how to conf ig ure an IP i nter face for man ageme nt acc ess over the netw ork. Th e IP ad dress f or this switch is obtained via DH CP by defa ult.
Basic Co nfiguration 3-15 3 Manual Co nfiguration We b – Click Sy stem, IP Co nfigurat ion. Select the VLAN throug h which th e manage ment station is at tached, set the IP Address Mode to “St atic,” enter the IP address , subnet ma sk and g ateway , then click Appl y .
Configuri ng the Switch 3-16 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the s witch to be dyna mic ally confi gur ed by th ese serv ic es. We b – Click Sy stem, IP C onfigur ation. S pecify t he VLAN to w hich the m anagem ent statio n is attached, set the IP Address Mode to DHCP or BOO TP .
Basic Co nfiguration 3-17 3 We b – If the address as signed by DHCP is no lon ger functioning, you will not be able to rene w the IP sett ings via the web interf ace. Y ou can onl y restart DHC P service vi a the web in terface i f the curre nt address i s still avai lable.
Configuri ng the Switch 3-18 3 • Drop – Discard s the Op tion 82 infor mation in a pa cket an d then floo ds it to the entire VLAN. • DHCP Relay Server – IP ad dresses of DHCP servers to be used by the switch’s DHCP relay agent in order of p reference.
Basic Co nfiguration 3-19 3 Managing Firmware Y ou ca n upload/ downlo ad firmwar e to or from a TF TP server. By savin g runtime code to a file on a TFTP serve r , that file can later be down loaded to the switch to restore op eration. Y ou ca n also set the switch t o use new fi rmware without overwrit ing the prev ious versi on.
Configuri ng the Switch 3-20 3 Downloadi ng System Softw are from a Server When dow nload ing runtim e code, you can specify the destin ation file nam e to replace th e curren t image, or first download the file usin g a different name f rom the current ru ntime co de file, and th en set the new file as the start up file.
Basic Co nfiguration 3-21 3 T o delete a file select System, File , Delete. Select the file name from the given list by checkin g the tick bo x and click Ap ply .
Configuri ng the Switch 3-22 3 Saving or Restoring Confi guration Settings Y ou ca n upload/ downlo ad confi guration s ettings to/from a TFTP se rver .
Basic Co nfiguration 3-23 3 Downloadi ng Configuration Se ttings from a Se rver Y ou ca n downl oad the con figuratio n file under a new file name an d then set it as the startup file, or you can sp ecify th e curre nt startup configur ation fil e as the destinat ion file to direct ly replac e it.
Configuri ng the Switch 3-24 3 CLI – Enter the IP ad dress of the TFT P server, specify th e source file on th e server, set the startup file name on the switch , and then restart the sw itch. T o selec t another co nfigurati on file as the start -up conf iguration, use the boot system comma nd and then restart the switch .
Basic Co nfiguration 3-25 3 • Speed – Sets the termi nal line’s baud rate for trans mit (to term inal) and rec eive (from term inal). Set the speed to match the ba ud rate of th e device co nnected to the serial po rt.
Configuri ng the Switch 3-26 3 CLI – Enter Line Co nfigur ation mod e for the con sole, then specify the con nectio n parameter s as require d. T o disp lay the curren t consol e port setti ngs, use the show line command fr om the Normal Ex ec level .
Basic Co nfiguration 3-27 3 • Password Threshold – Sets the password intrus ion thresh old, whi ch limits the number of failed log on atte mpts. Whe n the logon attem pt thres hold is re ached, the system interface be com es silent for a specifie d amount of time (set by t he Silent Time para meter) be fore allow ing the next lo gon attem pt.
Configuri ng the Switch 3-28 3 CLI – Enter Line Co nfigur ation mod e for a virtua l terminal, the n specif y the connection parameters as requir ed. T o display the current virtual te rminal setti ngs, use the sho w line command from th e Nor mal Exe c leve l.
Basic Co nfiguration 3-29 3 • RAM Level – Lim its log messa ges s aved t o the s witch’s tempor ary RA M m emory for all l evels up to the spec ified level. For e xample, if level 7 is specified, all messages from l evel 0 to l evel 7 will be logged to RAM.
Configuri ng the Switch 3-30 3 Remote Log Configuration The Remot e Logs page al lows you t o configur e the logging of messag es that are sent to sysl og serve rs or othe r manag ement station s. Y o u can also limit the err or messag es sent to onl y those mes sages below a spec ified level.
Basic Co nfiguration 3-31 3 CLI – Enter the sy slog ser ver host IP ad dress, c hoose the facility type and set the logging trap . Displaying Log Me ssages The Logs page al lows you to scroll through the logged sy stem and eve nt mess ages. The switch ca n store up to 2048 log entries in tem porary r andom ac cess memo ry (RAM; i.
Configuri ng the Switch 3-32 3 Sending Sim ple Mai l Transfer Protocol Alerts T o alert sy stem admin istrator s of proble ms, the swit ch can use SM TP (Sim ple Mail T ransfer Protoco l) to send emai l message s when t riggered b y logging eve nts of a specifie d level.
Basic Co nfiguration 3-33 3 We b – Click Sy stem, Log , SMTP . Enable SMT P , specify a source email add ress, and select the minimum severi ty level. T o add an IP address to the SMTP Serve r List, type the new IP ad dress in the SMT P Server field a nd click Add.
Configuri ng the Switch 3-34 3 CLI – Enter the IP ad dress of at least on e SMT P server, set the syslog s everity l evel to trigger a n email m essage, and speci fy the sw itch (sou rce) and up t o five rec ipient (destina tion) emai l addresses . Enable SM TP with the lo gging sendmail co mmand to compl ete the config uration.
Basic Co nfiguration 3-35 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allows the switch to set its i nternal clock based on per iodic upda tes from a Network Time Protoc ol (NTP) serv er . Maintaining an accu rate time on the swit ch enable s the system log to reco rd meani ngful dat es and time s for even t entries.
Configuri ng the Switch 3-36 3 CLI – This examp le configu res the sw itch to operat e as an SNT P unicast client and then displ ays the cu rrent time and sett ings. Configuring NTP The NTP c lient allow s you to co nfigure u p to 50 NTP se rvers t o poll for time u pdates.
Basic Co nfiguration 3-37 3 Figure 3-2 2 NTP Client Co nfigur ation CLI – Th is ex ampl e co nfi gures the swi tch to op era te as an N TP cli ent and then displays the curr ent settings. Console(config)#ntp authentication-key 19 md5 thisiskey19 4-59 Console(config)#ntp authentication-key 30 md5 ntpkey30 Console(config)#ntp server 192.
Configuri ng the Switch 3-38 3 Setting the T ime Zone SNT P uses Coor dina ted Uni vers al T ime (o r UTC , for mer ly Gr eenw ich Mean T ime, or GMT) based on the tim e at the Ea rth’s prime m eridia n, zero deg rees lo ngitude.
Simple Networ k Management Prot ocol 3-39 3 the form at of th e MIB spe cificat ions and t he prot ocol u sed to a ccess t his inform ation over the net work.
Configuri ng the Switch 3-40 3 Enabling the SNMP Agent Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attributes SNMP Agent St atus – Enables SN MP on the sw itch. We b – Click SN MP , Agent S tatus. Enable th e SNMP Agent by marking the Enabled chec kbox , an d cl ick Ap ply .
Specifying Trap Managers and Trap T ypes 3-41 3 We b – Click SNMP , Co nfiguration. Add n ew community strings as required, s elect the access righ ts from th e Acc ess Mod e drop- dow n list , then clic k Add.
Configuri ng the Switch 3-42 3 To send an i nform to a SNM Pv2c hos t, com plete these st eps: 1.E nabl e the SNMP agen t (p age 3-54 ). 2.Enable t rap inform s as desc ribed in the fol lowing pages. 3.Create a v iew with the require d notificati on messa ges (page 3-53) .
Configuring SN MPv3 Management Acc ess 3-43 3 • Enable Aut hentication Traps 5 – Issue s a notificat ion messa ge to speci fied IP trap mana gers wh enever au thentica tion of an SNMP reques t fails. (Default: En abled) • Enable Link-up a nd Link-down Traps – Issues a no tification mes sage wh eneve r a port link is est ablished or broken.
Configuri ng the Switch 3-44 3 v2c or v3) and secur ity level (i. e., authen ticatio n and privacy ). 4. As sign S NMP users to gro ups, along with their s pecific au thentic ation an d priva cy passwords . Setting a Local Engine ID An SNMP v3 eng ine is an indepe ndent S NMP a gent t hat resid es on t he switch .
Configuring SN MPv3 Management Acc ess 3-45 3 configur e the remot e agent’s SN MP eng ine ID befor e you can send proxy requests or informs to it. (See “Spec ifying Trap M anage rs and Trap Type s” on pag e 3-41 and “Conf iguring Remote SNM Pv3 Us ers” on page 3-47 .
Configuri ng the Switch 3-46 3 availabl e for t he S NMPv3 secur ity mo del). • Authen tication P rotocol – The met hod used f or user au thentica tion. (Opti ons: MD5, SHA; Default: MD5) • Authen tication Passwo rd – A m inimum of eight p lain text ch aracter s is requi red.
Configuring SN MPv3 Management Acc ess 3-47 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user nam e and assign it to a group. Configuring Remote SNMPv3 Users Each SNMP v3 user is defined by a un ique nam e. Users must be conf igured with a specific security level and a ssigned to a group.
Configuri ng the Switch 3-48 3 • Privacy Protocol – The en cryp tion algor ithm us e for d ata priv acy; on ly 56-bi t DES is currentl y available. • Privacy P assw ord – A minim um of eight pl ain text char acters is r equired. We b – Click SN MP , SNMPv 3, Remote Users.
Configuring SN MPv3 Management Acc ess 3-49 3 CLI – Us e th e snmp-s erver u ser comm and to co nfigure a ne w user nam e and assign it to a group. Configuring SNMPv3 Groups An SNMP v3 group se ts the acces s policy fo r its assigne d users, res tricting th em to specific read, write, and notify vi ews.
Configuri ng the Switch 3-50 3 T ab le 3-5 Supp orted N otificati on Mes sages Object La bel Ob ject ID Descripti on RFC 1493 Traps newRoot 1.3.6.1.2. 1.17.0 .1 The newR oot tra p indic ates that t he sen ding agent has become the new root of t he Spannin g Tree; the trap is sent b y a bridge soon a fter its election as the new root, e.
Configuring SN MPv3 Management Acc ess 3-51 3 Private Tr aps - swPowerS tatus ChangeT rap 1.3.6.1.4. 1.259. 6.10.9 5.2.1.0.1 Th is trap is sent when the pow er state change s. swFanFai lureTra p 1.3 .6.1.4.1.2 59.6.1 0.95.2. 1.0.17 This tr ap is sent when t he fan fails.
Configuri ng the Switch 3-52 3 We b – Click SNMP , SNMPv3, Gr oups. Click New to configure a new group. In the New G roup page , define a na me, assi gn a se curity m odel a nd lev el, and t hen sel ect read, wr ite, and notify views. Cli ck Add to sav e the new gr oup and retur n to the Groups list.
Configuring SN MPv3 Management Acc ess 3-53 3 Setting SNMPv3 Views SNMPv 3 views ar e used to restrict use r access to specified portions of the M IB tree. The prede fined view “defaultv iew” include s acces s to the entir e MIB tree. Command Attributes • View Name – The nam e of the SNMP view.
Configuri ng the Switch 3-54 3 CLI – Us e th e snmp-s erver vi ew comma nd to conf igure a new view . This examp le view incl udes the MIB-2 in terfaces t able, and the wildcard mask sele cts all index entries.
User Authentication 3-55 3 • New Account – Displ ays configu ration sett ings for a ne w accoun t. - User Name – The name of the us er. (Maxim um leng th: 8 charac ters) - Access Level – S pecifies the user level. (Options: Normal and Privileged) - Password – Sp ecifies the user passwo rd.
Configuri ng the Switch 3-56 3 Configuring Local/Remote Logon Authentication Use the Authe ntication Setting s menu to r estrict m ana gement a ccess based on specifie d user name s and passwo rds.
User Authentication 3-57 3 Command Attributes • Authen tication – Sele ct t he a uthe nti cat ion, or a uthe nti cati on s equ ence requ ire d: - Local – User authentication is performed only locally by the switch. - Radi us – Use r authentica tion is perfo rmed us ing a RADIUS server onl y.
Configuri ng the Switch 3-58 3 We b – Click Security , Authentication Sett ings. T o configure local or remo te authent ication preferenc es, speci fy the auth entica tion seque nce (i.e. , one to thre e methods), fill in t he parameters for RADIUS or T ACACS+ authentication i f selected, and click Ap ply .
User Authentication 3-59 3 Configuring HTTPS Y ou ca n conf igure the sw itch to enab le the Secur e Hyperte xt T ransf er Protocol (HTTPS ) over the S ecure Soc ket Layer (SSL), prov iding secu re acce ss (i.e., an encrypt ed con nection) to t he sw itch’s web interface .
Configuri ng the Switch 3-60 3 We b – C lick Sec urity , H TTPS Se ttings. Enabl e HTTP S and spe cify th e port num ber , then c lic k A pply. Figure 3-35 H TTPS Settings CLI – This examp le enabl es the HTTP se cure ser ver and m odifies the po rt number.
User Authentication 3-61 3 Configuring the Secure She ll The Berkl ey-standard includes r emote a ccess too ls originall y designe d for Unix systems. Some of these tools hav e also bee n implem ented for M icrosoft Windo ws and other environm ents.
Configuri ng the Switch 3-62 3 3. Import Client ’s Publi c Key to the Switch – Use t he co py tf t p public-ke y comm and (page 4-7 0) to copy a file con taining the public key for a ll the SSH client’s granted managem ent acc ess to the sw itch.
User Authentication 3-63 3 Generatin g the Host K ey Pair A host pub lic/priva te key pair is us ed to pro vide secur e comm unicatio ns betwe en an SSH clie nt a nd th e swi tch.
Configuri ng the Switch 3-64 3 We b – Click Security , SSH, Host-Key Settings. Sel ect the host-key ty pe from the drop-down b ox, select th e option to s ave the host k ey from memory t o flash (if required ) prior to gener ating the key , an d then click G enerate.
User Authentication 3-65 3 Configuring the SSH Server The SSH se rver inc ludes ba sic settings for auth entication . Field Attributes • SSH Server Status – Allo ws you to enab le/disable the SSH serve r on the switch . (Def aul t: D isab led) • Version – The Secu re S hell vers ion numb er.
Configuri ng the Switch 3-66 3 CLI – This examp le enabl es SSH, sets the au thentica tion paramete rs, and dis plays the cur rent conf iguration . It sho ws th at the ad minist rator has made a conn ection vi a SHH, and then disables this connec tion.
User Authentication 3-67 3 • If a por t is disa bled (sh ut d own) d ue t o a se cur ity v iol ati on, it mus t be manu all y re-enab led from the Port/Port Con figuratio n page (pag e 3-91). Command Attributes •P o r t – Port num ber. • Name – Descr ipti ve te xt (pag e 4-132 ).
Configuri ng the Switch 3-68 3 Configuring 802. 1X Port Authentication Net work switch es can pr ovi de ope n and eas y acce ss to ne twor k res ources by simply attac hing a client PC.
User Authentication 3-69 3 • The RADIU S server and 80 2.1X client suppor t EAP. (The sw itch only sup ports EAPOL in order to pass the EAP pa ckets from the server to the client.) • The RADIUS server and clien t also have to suppo rt the same EAP encr yption method for pass ing authentication messages – M D5, TLS, TTLS, PEAP .
Configuri ng the Switch 3-70 3 Configurin g 802.1X Global Setti ngs The 802.1 X protoco l includes po rt authent ication. Th e 802.1X pr otocol mu st be enabled globa lly for the switch syste m bef ore por t sett ings a re activ e. Command Attributes • 802.
User Authentication 3-71 3 • Re-authen – Set s the client to be re-aut henticated af ter the inte rval speci fied by the Re-au thentica tion Period.
Configuri ng the Switch 3-72 3 CLI – Th is e xampl e se ts the 802. 1X p ara meter s on por t 2. For a des cri ptio n of the addition al fields disp layed in this e xample , see “show dot1x” on page 4- 90.
User Authentication 3-73 3 Display ing 802.1X Statistics Thi s swi tch c an d isp lay s ta tist ics for dot1 x prot oco l exc han ges f or an y po rt. T able 3-7 802.1X S tatistic s Paramete r Descri ption Rx EAPO L Start The numb er of E APOL Start fram es tha t have bee n rece ived by this Authentic ator.
Configuri ng the Switch 3-74 3 We b – Select S ecurity , 802.1X , S tatistics. Selec t the requ ired port and then click Query . Click Refresh to update t he statis tics. Figure 3-4 2 Dis playing 8 02.1X Port Statis tics CLI – This examp le display s the 802.
User Authentication 3-75 3 address is forwarde d by the swi tch only if th e source MA C addres s is succe ssfully authenti cated by a central RAD IUS serv er . While authent ication fo r a MAC addr ess is in p rogres s, all traffic is b locked until aut henticat ion is complet ed.
Configuri ng the Switch 3-76 3 We b – Click Sec urity , Net work Acce ss, Con figuratio n. Figure 3-4 3 Net work A ccess Co nfigura tion CLI – This examp le sets and disp lays the re authenti cation tim e.
User Authentication 3-77 3 Note: MAC authentication cannot be configured on tr unk ports. Ports configured as trunk members are indicated on the Network Access Port Configuration page in the “Trunk” column. We b – Click Securit y , Network Access, Port Configur ation.
Configuri ng the Switch 3-78 3 • Query By – Specifies parame ters to use in th e MAC ad dress que ry. • Port – Speci fie s a port inte rf ace. • MAC Address – Specifies a si ngle MA C address informa tion. • Attribute – Displays stat ic or dynam ic addr esses.
User Authentication 3-79 3 CLI – This examp le display s all entr ies currentl y in the secu re MAC address table. Configuring M AC Address Fi lters MAC ad dress filte rs are use d to speci fy MAC add resses t o be exclu ded from network access aut henticat ion.
Configuri ng the Switch 3-80 3 CLI – This examp le configu res filter ID 1 w ith three M AC address es, then applies the fi lter to port 1. Filteri ng Addresses for Management Access Y o u create a list of up to 16 IP ad dress es or IP add ress gro ups that are allow ed access to t he switch thro ugh the web interf ace, SNMP , or T elnet.
User Authentication 3-81 3 We b – Click Se curity , IP F ilter . Enter the IP ad dresses or range of add resses t hat are allowe d manage ment acc ess to an inter face, and cl ick Add IP Filter ing Entry to update the filter list. Figure 3-4 7 Cre ating a We b IP F ilter List CLI – This examp le allows SN MP acce ss for a sp ecific client .
Configuri ng the Switch 3-82 3 Access Control Lists Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 prot ocol port number or TCP c ontrol cod e) or any fram es (bas ed on MAC addre ss or Et hernet ty pe).
Acces s Co ntro l Li sts 3-83 3 The order in which activ e ACLs are che cked is as follows: 1. User-de fined rules i n the Ingr ess MAC ACL for ingres s ports. 2. U ser -def ined rule s in the Ing ress IP AC L for ingr ess por t s. 3. Explicit de fault rule (per mit any an y) in the ing ress IP ACL for ingress ports.
Configuri ng the Switch 3-84 3 Configuring a Standard IP ACL Command Attributes • Action – An ACL can con tain any combinat ion of permit o r deny rules .
Acces s Co ntro l Li sts 3-85 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can con tain any combinat ion of permit o r deny rules . • Source/D estination A ddress Ty pe – Spec ifie s th e so urce o r de sti nati on I P address .
Configuri ng the Switch 3-86 3 We b – S pecify the action (i.e., Permit or Deny ). S pecify the source an d/or destinat ion addres ses. Sele ct the addre ss type (Any , Host, or IP) . If you selec t “Host,” enter a spec ific ad dress. I f you selec t “IP , ” ent er a s ubnet address and t he mask for an address r ange.
Acces s Co ntro l Li sts 3-87 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any combinat ion of permit o r deny rules .
Configuri ng the Switch 3-88 3 Binding a Port to an Access Control Lis t After configur ing Access C ontrol Lis ts (ACL), you sho uld bind them to the por ts that need to filt er traffic. Y o u can ass ign one IP access list to any por t, but you ca n only assign o ne MAC ac cess list to all the ports on the switch.
Port Conf ig urat ion 3-89 3 CLI – This examp le assigns an IP and MA C acce ss list to port 1, an d an IP ac cess list to port 3. Port Configuration Displaying Connect ion Status Y o u can use th e.
Configuri ng the Switch 3-90 3 We b – Click Por t, Port Informa tion or Trunk Information . Figure 3-5 3 Dis playing Po rt/Tru nk Informa tion Field Attributes (CL I) Bas ic In form a tion : • Port type – Indicate s the port type. (100B ASE-TX, 1000B ASE-T, or SFP) • MAC address – The physi cal layer address for this port.
Port Conf ig urat ion 3-91 3 • Max MAC count – Sho ws the ma ximum number of MAC add ress that ca n be learned by a port. (0 - 102 4 address es) • Port secu rity act ion – Show s the respon se to take when a sec urity violat ion is detected.
Configuri ng the Switch 3-92 3 • Flow Control – Al lo ws au toma tic or ma nual sel ect ion of fl ow c ont rol . • Autonegotiation (Port Capabilitie s) – Allows auto- negotiat ion to be enab led/ disabled. When auto-n egotiation is enabl ed, you need to specify the ca pabilities to be adv ert ised .
Port Conf ig urat ion 3-93 3 CLI – Select the interface, and then ente r the requ ired settings. Creating Tr unk Groups Y o u can crea te multipl e links betw een de vices that work as one vi rtual, aggregate link.
Configuri ng the Switch 3-94 3 • W hen con figuring st atic trun ks on swit ches of differ ent types, they mu st be compat ible with th e Cisco Ether Channe l standard. • The ports at both ends o f a trunk mu st be conf igured in an identical m anner, including co mmun ication m ode (i.
Port Conf ig urat ion 3-95 3 CLI – This exampl e crea tes tr unk 2 wi th port s 1 and 2. Jus t conn ect th ese po rt s to two static trun k ports on ano ther swi tch to form a t runk.
Configuri ng the Switch 3-96 3 Command Attributes • Member Li st (Curren t) – Shows co nfigured trunks (Uni t, Port). • New – Inc ludes entr y fields for crea ting new trunks. - Port – Port i dentifier. (R ange: 1-26/ 52) We b – Click Por t, LACP , Confi guration .
Port Conf ig urat ion 3-97 3 Configuring LACP Pa rameters Dynami cally Creat ing a Port Chann el – Ports assigne d to a com mon port ch annel mu st meet the f ollowing c riteria: • Ports must have th e same LACP System Priority . • Ports must have the same LACP port Admin Key.
Configuri ng the Switch 3-98 3 We b – Click Por t, LACP , Aggreg ation Port. Set the System P riority , Admin Ke y , and Por t Pri orit y fo r the Por t Act or .
Port Conf ig urat ion 3-99 3 CLI – The followi ng exam ple confi gures LACP para meters f or ports 1-4. Ports 1-4 are used as active me mbers of t he LAG .
Configuri ng the Switch 3-100 3 We b – Click Port, LACP , Port Coun ters Informatio n. Select a member po rt to display the corres ponding informa tion. Figure 3-5 8 LAC P - Port C ounte rs Informa tion CLI – The followi ng exam ple displays LACP c ounters fo r port channe l 1.
Port Conf ig urat ion 3-101 3 Displaying LACP Settings and Status for the Lo cal Side Y o u can disp lay confi guration s ettings an d the oper ational state for the loca l side of an link aggreg ation.
Configuri ng the Switch 3-102 3 We b – Click Port, LACP , Port Internal In formation. Se lect a port c hannel to di splay the corres ponding informa tion. Figure 3 -59 LA CP - P ort Interna l Infor mation CLI – The followi ng exam ple displays the LACP configura tion settin gs and operat ional state for th e local side of port chan nel 1.
Port Conf ig urat ion 3-103 3 Displaying LACP Settings and Status for the Rem ote Side Y o u can disp lay configur ation set tings and th e operat ional state for th e remote side of an link ag gregatio n. We b – Click Po rt, LACP , Port Ne ighbors In formation.
Configuri ng the Switch 3-104 3 CLI – The followi ng exam ple displays the LACP configura tion settin gs and operat ional state for th e remote side of port ch annel 1.
Port Conf ig urat ion 3-105 3 Setting Broadcast Storm Threshol ds Broadca st storms may occu r when a de vice on yo ur netw ork is malfu nctioni ng, or if applicat ion progra ms are no t well designe d or prope rly configur ed.
Configuri ng the Switch 3-106 3 CLI – S pecify any i nterface , and then ent er the thre shold. The f ollowing disables broadca st storm control for po rt 1, and the n sets broadcas t suppres sion at 600 octets per sec ond for port 2 (which appl ies to all por ts).
Port Conf ig urat ion 3-107 3 We b – Click Po rt, Mirror Por t Configur ation. Specify the source po rt, the traffic type to be mirror ed, and the m onitor po rt, then click Ad d.
Configuri ng the Switch 3-108 3 We b – C lick Port, Rate Limit , Granular ity . S elect the required rate limit g ranularity f or Fast Ethern et and Gigabi t Etherne t, and click ap ply . Figure 3 -63 R ate Limit G ranul arity Conf igurati on CLI - This exampl e sets and displays Fast Ether net and Gigab it Etherne t granularity .
Port Conf ig urat ion 3-109 3 We b – Click Port, Rate Limit, In put/Output Port/T runk Configuration. Enable th e Rate Limi t S tatus for the requ ired interfac es, set the R ate Limit Level, and cli ck Apply .
Configuri ng the Switch 3-110 3 T ab le 3-11 Port Sta tistics Paramete r Descr iption Inte rf ace S tati st ics Received Octets The total num ber of octets received o n the interface, includin g fram ing character s. Received Unicas t Pack ets The numb er of s ubnetwork -unica st pack ets deliver ed to a higher-la yer protocol.
Port Conf ig urat ion 3-111 3 Excessive Co llisions A c ount o f frames fo r which transmiss ion on a parti cular interf ace fai ls due to excess ive coll isions. This coun ter does n ot incre ment whe n the interface is oper ating in full-duple x mode .
Configuri ng the Switch 3-112 3 Fragment s The total numb er of fram es rece ived that wer e less tha n 64 oct ets in length (excluding framin g bits, bu t including FCS oct ets) and ha d either an FCS or alignment erro r .
Port Conf ig urat ion 3-113 3 We b – Click Po rt, Port St atistics. Sele ct the requ ired interfac e, and click Q uery . Y ou can also use the Refres h button at the bottom of the page to upd ate the sc reen.
Configuri ng the Switch 3-114 3 CLI – Th is e xampl e sh ows s ta tist ics for port 13. Address Table Settings Switche s store the add resse s for all known devices. Thi s informat ion is used to pass traffic directly between the i nbound and outbound ports.
Address T abl e Settings 3-115 3 We b – Click Ad dress T ab le, S tatic Addres ses. S pecif y the interf ace, the MA C addr ess and V LAN, t hen cli ck Ad d S tati c Ad dres s. Figure 3-6 6 Sta tic Add resses CLI – This examp le adds an a ddress to the static addre ss table, but sets it to be deleted when t he switch is reset.
Configuri ng the Switch 3-116 3 We b – C lick Addr ess T abl e, Dynam ic Addres ses. Specify the sea rch type (i.e., ma rk the Inte rf ace, M AC Add res s, or VL AN ch eckbo x), s elec t t he m ethod of so rt ing the displaye d addre sses, an d then click Query .
Spanning Tree Algorithm Configu ration 3-117 3 Changing the Aging Time Y o u can set the a ging time for entries i n the dyna mic add ress table. Command Attributes • Aging Status – Enab les/disa bles t he fu nction . • Aging Time – The time afte r which a learned entry is di scarded .
Configuri ng the Switch 3-118 3 ports, and disab les all ot her ports. Netw ork packets are th erefore on ly forward ed between r oot ports an d design ated ports, elim inating an y poss ible networ k loops.
Spanning Tree Algorithm Configu ration 3-119 3 MSTP the n builds a Inte rnal S panning Tree (IST) for the Re gion containin g all comm only configu red MSTP br idges.
Configuri ng the Switch 3-120 3 • Bri dg e ID – A unique ide ntifier for this bridge, con sisting of the br idge priority , the MST I ns tanc e ID 0 for th e Comm on Sp anni ng Tr ee w hen s pan ning tre e mod e is set to MSTP (page 3-123), and MA C addr ess (wh ere th e add ress is taken from t he switch syste m).
Spanning Tree Algorithm Configu ration 3-121 3 • Root Maximu m Age – The ma ximum time (in secon ds) this de vice can w ait without re ceiving a co nfigurat ion messa ge befor e attempt ing to reco nfigure. Al l device p orts (exc ept for design ated por ts) shoul d receive config uration m essages at regular in tervals.
Configuri ng the Switch 3-122 3 CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root por t and current root cost display as zero when th is device is not connected to the network.
Spanning Tree Algorithm Configu ration 3-123 3 Configuring Globa l Settings Global s ettings ap ply to the en tire switch. Command Usage • Spa nning Tr ee Protocol 9 Uses RSTP for the internal state mac hine, but send s only 802 .1D BPDUs . This create s one spannin g tree inst ance for the entire net work.
Configuri ng the Switch 3-124 3 addr ess will th en bec ome t he r oot devi ce. ( Note that lo wer nu meri c va lues indi cat e higher p riority.) • Def ault: 327 68 • Ran ge: 0-61 440, in step s .
Spanning Tree Algorithm Configu ration 3-125 3 Conf ig urat ion S etti ngs for MS TP • Max In stanc e Numbe rs – The maximu m numb er of MST P instances to which t his switch can be assig ned. • Configuration Diges t – An MD5 signa ture key that c ontains the VLA N ID to MST ID mappin g table.
Configuri ng the Switch 3-126 3 We b – Click Spanning T ree, ST A, Configu ration. Mo dify the requir ed attribut es, and click Apply . Figure 3-70 S TA Gl obal Confi guratio n.
Spanning Tree Algorithm Configu ration 3-127 3 CLI – Th is ex ampl e en able s S pan ning T ree Prot ocol , set s th e mode to M ST , and then configu res the ST A an d MSTP parameters.
Configuri ng the Switch 3-128 3 • Oper Path Cost – The contribu tion of this port to the pa th cost of pa ths towards the spann ing tree ro ot which include this p ort. • Oper Link Type – Th e operatio nal point -to-point sta tus of the LAN se gme nt atta che d to t his i nte rfac e.
Spanning Tree Algorithm Configu ration 3-129 3 • Intern al p ath cos t – The path c ost for the MST. See the pr ecedin g item. • Priority – Def ines the pr iority us ed for thi s port in the Span ning Tree A lgori thm. If the path cost for all po rts on a swit ch is the sam e, the po rt wit h the h ighest pr iority (i.
Configuri ng the Switch 3-130 3 CLI – This examp le show s the ST A attributes for port 5. Configuring I nterface Settings Y ou ca n conf igure RSTP and MST P attribute s for specifi c interface s, including port priority , path cost, link typ e, and edge port.
Spanning Tree Algorithm Configu ration 3-131 3 The follow ing interfa ce attribut es can be configure d: • Spanning Tree – Enables/dis ables STA on this interface. (Default: Ena bled) • Priority – Defines th e priority used fo r this por t in the Spanning Tree Protocol.
Configuri ng the Switch 3-132 3 oth er S TA-r ela ted time out prob lems. Howe ver , r emembe r t hat Edge Por t sh ould only be en abled for po rts connect ed to an end -node dev ice.
Spanning Tree Algorithm Configu ration 3-133 3 T o use mul tiple spann ing trees: 1. Se t the spanning tree type to MS TP (ST A Con figuratio n, page 3-123 ). 2. En ter the spanning tree priority for the select ed MST instanc e (MSTP VL AN Config uration).
Configuri ng the Switch 3-134 3 We b – Click Spanning T ree, MSTP , VLA N Configu ration. Sele ct an instance identifier fro m the list, set the instance priority , an d click Apply . T o add the VL AN memb ers to an M STI in stance, ent er the in stance identi fier , the VLA N iden tifier , and click Add.
Spanning Tree Algorithm Configu ration 3-135 3 CLI – Th is ex ampl e se ts the prio rit y fo r MST I 1, and adds VLAN s 1-5 to t his MSTI. ----------------------------------------------------- -----.
Configuri ng the Switch 3-136 3 Displaying Int erface Settings for MSTP The MSTP Po rt Informa tion and MS TP T runk Infor mation pages display the cu rrent status of ports and tru nks in the sel ected MS T instance. Field Attributes MST Instan ce ID – Inst ance ide ntifier to conf igure.
Spanning Tree Algorithm Configu ration 3-137 3 Configuring I nterface Settings for MSTP Y ou ca n config ure the ST A i nterface settings for an M ST Instance us ing the MS TP Port Confi guration and MSTP T runk Con figuratio n pages.
Configuri ng the Switch 3-138 3 • Admin MST Path Cost – This parameter is used by the MST P to determine the best path betwee n dev ices . Ther efor e, low er valu es sh ould be assi gned t o port s attached t o faster m edia, and hi gher value s assigne d to ports w ith slower media.
VLAN Configu ration 3-139 3 VLAN Configuration IEEE 802.1Q VLANs In large netw orks, rou ters are use d to isolat e broadc ast traffic for each su bnet into separate doma ins. This swi tch provide s a similar service at Layer 2 by using VLANs to organ ize any group of networ k nodes into separate broad cast dom ains.
Configuri ng the Switch 3-140 3 Note: VLAN-tagged frames c an pass through VLAN-awa re or VLAN-unaw are network interconnection devices, but the VLAN tags should be stripped off before passing it on to any en d-node host th at does not support VLAN t agging.
VLAN Configu ration 3-141 3 these hos ts, and core swi tches in th e network , enable G VRP on the links betwe en these dev ices. Y ou sho uld also det ermine se curity bou ndarie s in the netwo rk and disable G VRP on th e boundar y ports to prev ent advertis ements from be ing propagate d, or forbid thos e ports from joining restric ted VLA Ns.
Configuri ng the Switch 3-142 3 Enabling or Di sabling GVRP (Gl obal Settin g) GARP VL AN Registra tion Protoco l (GVRP) defi nes a way for sw itches to exc hange VLAN infor mat ion i n orde r to re gist er VL AN memb ers on port s acr oss th e netw ork .
VLAN Configu ration 3-143 3 CLI – Enter the fo llowing co mmand. Displaying Current VLANs The VLAN Cu rrent T abl e shows the current por t membe rs of each VLAN and whether or not the port supp orts VLAN tagging. Ports assigned t o a large VLAN group th at crosses s everal sw itches shou ld use VLAN tagging.
Configuri ng the Switch 3-144 3 We b – Click VLAN, 802.1Q VLAN , Current T able. Select any ID from the scroll-down lis t. Figure 3- 78 VL AN Cur rent Table Command Attributes (CLI) • VLAN – ID of con figured VL AN (1-4094 , no leading zer oes).
VLAN Configu ration 3-145 3 CLI – Current VLAN inform ation can be displayed with the foll owing com mand. Creating VLANs Use the VLAN S tatic List to create or remo ve VLAN gr oups. T o propagat e informat ion abo ut VLAN g roups used on thi s switch t o exte rnal netw ork devic es, you must spec ify a VLAN I D for each of thes e groups.
Configuri ng the Switch 3-146 3 We b – Click VLA N, 802.1Q VLAN, St atic List. T o c reate a new VLAN, ente r the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then c lic k A dd. Figure 3-7 9 VLA N Stat ic List - C reating VLAN s CLI – Th is e xampl e cr eate s a ne w VLA N.
VLAN Configu ration 3-147 3 Adding Static Members to VLANs (VLAN In dex) Use the V LAN S ta tic T able t o conf ig ure po rt membe rs fo r th e sel ect ed VLA N ind ex. Assign p orts as tagged if the y are conn ected to 80 2.1Q V LAN com pliant d evices, or untagged they are not con nected to an y VLAN -aware de vices.
Configuri ng the Switch 3-148 3 We b – Click VLA N, 802.1Q VLAN, St atic T able. Select a VLAN I D from the scroll-down list. Modif y the VLAN nam e and status if requ ired. Select the memb ership typ e by markin g the appropr iate radi o button in the list of ports or trunks.
VLAN Configu ration 3-149 3 We b – Ope n VLAN, 802. 1Q VLAN, St atic Memb ership by Port. Select an int erface from the scroll-down box (Po rt or T runk).
Configuri ng the Switch 3-150 3 Configuring VLAN Be havior for Interfac es Y ou can conf igur e VLAN behavi or fo r spe cif ic in terf aces , in clud ing t he def aul t VLA N identifier ( PVID), acce pted fram e types, in gress filtering , GVR P status, and GAR P time rs .
VLAN Configu ration 3-151 3 • GARP Leav e Timer 10 – The interval a po rt waits befo re leaving a VLAN group. This time sh ould be set to mor e than twice t he join time. Th is ensures that after a Leave or Leave All mess age ha s been issued , the appl icants ca n rejoi n before t he port actua lly leaves th e group.
Configuri ng the Switch 3-152 3 CLI – Th is examp le sets por t 3 to accept only tagge d frames , assi gns PV ID 3 as the nati ve VL AN ID , ena bl es G V RP , se ts t he GA RP t im ers , a nd t hen s ets th e swi tchp or t mode to hybr id.
VLAN Configu ration 3-153 3 2. Use the Priv ate VLAN Port Config uration men u (page 3-156 ) to set the po rt type to prom iscuous (i.e., the sing le channe l to the ext ernal netwo rk), or isolated (i.e., having access only to the prom iscuo us port in its own VLA N).
Configuri ng the Switch 3-154 3 Configuring Priva te VLANs The Privat e VLAN Con figuratio n page is used to create/rem ove prim ary , comm unity , or isolat ed VLAN s.
VLAN Configu ration 3-155 3 We b – Click VL AN, Private VLAN , Associatio n. Select the r equired prima ry VLAN from the scroll-down bo x, highli ght one or m ore commu nity VLA Ns in the Non- Ass ocia tion lis t bo x, and cli ck Add t o as soci ate t hese entr ies w it h the sele cted primary VLA N.
Configuri ng the Switch 3-156 3 We b – Click VLAN, Private VLAN, Port Informa tion or Trunk Inf ormation. Figure 3 -86 P rivate VLAN Por t Inform ation CLI – This examp le shows t he switch configure d with prima ry VLAN 5 an d comm unity VLAN 6.
VLAN Configu ration 3-157 3 • Community VLAN – A commu nity VLAN conv eys traff ic between co mmun ity ports, and from comm unity ports to th eir desig nated pro miscuous ports. S et PVLAN Port T ype to “Host,” a nd then sp ecify the as sociated Commun ity VLAN.
Configuri ng the Switch 3-158 3 Class of Service Config uration Class of Service (C oS) allows you to specif y which data packets have great er precede nce when traffic is buffered in the s witch due to congestion . This swit ch supports Co S with four pri ority queu es for each por t.
Class of Ser vice Configuration 3-159 3 We b – Click Priority , Default Port Priority or Default T runk Priority . Modify the default priority for any in terface, then c lick Apply . Figure 3- 88 Po rt Prior ity Config uration CLI – Th is ex ampl e as sign s a de faul t pr ior ity of 5 to po rt 3.
Configuri ng the Switch 3-160 3 Mapping CoS Values to Egress Que ues Thi s swi tch p roc esse s Cla ss o f Ser vic e (CoS ) pr iori ty tagg ed t raf fi c by u sing fou r priority qu eues for each port , with servic e sched ules base d on strict or Weighted Round Ro bin (WRR ).
Class of Ser vice Configuration 3-161 3 We b – Click Priority , T raf fic Classes. Assign priorities t o the traf fic classes (i.e., output q ueues ), the n click Apply . Figure 3 -89 Tr affic C lasses CLI – Th e fo llow ing e xamp le s hows how to ch ange t he C oS as sign ment s.
Configuri ng the Switch 3-162 3 Selecting th e Queue M ode Y o u can set the s witch to service the queues based on a st rict rule th at requires al l traffic in a higher pr iority queue to be proce ssed bef ore lower pr iority queue s are serviced, or use Weight ed Round -Robin (WR R) queui ng that spe cifies a re lative weight o f each queu e.
Class of Ser vice Configuration 3-163 3 Setting the Se rvice We ight for Traf fic Classes This switc h uses the Weigh ted Rou nd Robin (WR R) algo rithm to deter mine the frequency at which it se rvices eac h priority qu eue.
Configuri ng the Switch 3-164 3 Layer 3/4 Priori ty Setting s Mapping Layer 3/4 Prior ities to CoS Va lues This swi tch suppo rts several c ommon method s of prioritiz ing layer 3 /4 traffic to meet applicat ion requirem ents.
Class of Ser vice Configuration 3-165 3 Mapping IP Preceden ce The T ype of Servi ce (T oS) oc tet i n the IP v4 head er in clud es thr ee pre ceden ce bit s defining eight different prior ity leve ls ranging from highes t priority for network control pac ket s to lo west pri ori ty fo r r out ine traf f ic.
Configuri ng the Switch 3-166 3 CLI – The followi ng exam ple globally enables IP Pr ecedence service on the switch , maps IP Prec edence va lue 1 to CoS v alue 0 (on por t 1), and the n displays the IP Pre ceden ce set ting s.
Class of Ser vice Configuration 3-167 3 Command Attributes • DSCP Priority Table – Shows the D SC P Pr ior ity to Co S m ap . • Class of Se rvice Va lue – Maps a C oS valu e to the select ed DSCP Pr iority val ue. Note tha t “0” represen ts low prior ity and “7” re present high priority .
Configuri ng the Switch 3-168 3 Mapping IP Port Priority Y o u can also map netwo rk applic ations to Clas s of Servi ce values bas ed on the I P port numb er (i.e., TCP/UD P port num ber) in the fram e head er . So me of the mor e common TC P service ports include: HT TP: 80, FTP: 21 , T e lnet: 23 and PO P3: 1 10.
Class of Ser vice Configuration 3-169 3 CLI * – T he follow ing exa mple glo bally ena bles IP Port P riority se rvice on t he switc h, maps HTTP traffic on p ort 5 to CoS value 0 , and th en disp lays all t he IP Port Pri ority settings for that port .
Configuri ng the Switch 3-170 3 We b – Click Priority , ACL CoS Priorit y . Enable mapping for a ny port, sel ect an ACL from the scroll-down l ist, then clic k Add. Figure 3-9 7 AC L CoS Prio rity CLI – Th is e xampl e as sign s a C oS val ue o f ze ro to pac ket s match ing r ules wit hin the specif ied ACL on po rt 24.
Mult icast Filt ering 3-171 3 request ing to join the se rvice an d sends data ou t to those po rts only . It the n propagate s the servic e request up to any ne ighbor ing multic ast switch /router t o ensure tha t it will c ontinue to re ceive the multic ast service.
Configuri ng the Switch 3-172 3 Command Attributes • IGM P S tat us — When enabl ed, the switch w ill monitor network traff ic to determine which hosts want to receive mult icast traffi c.
Mult icast Filt ering 3-173 3 CLI – Th is examp le mo difies the settin gs for m ulticas t filtering, and then disp lays the current status . Enabling IG MP Immedi ate Leave The IGMP snooping immedi.
Configuri ng the Switch 3-174 3 CLI – This exampl e enabl es IGM P immed iat e leav e for VL AN 1 and th en dis play s the curren t IGMP sn ooping status .
Mult icast Filt ering 3-175 3 CLI – This examp le show s that Port 1 1 has bee n statically conf igured as a po rt attached to a m ulticast rout er . Specifying Static Inter faces for a Multicast Router Depend ing on you r networ k conn ections, IGMP sno oping m ay not al ways be a ble to locate the IGMP quer ier .
Configuri ng the Switch 3-176 3 Displaying Port Members o f Multicast Se rvices Y o u can disp lay the port m ember s associate d with a spe cified VLA N and mu lticast serv ice. Command Attributes • VLAN ID – Sele cts the VLAN fo r which to displ ay port me mbers.
Mult icast Filt ering 3-177 3 Assigning Po rts to Mul ticast Service s Multicast filtering ca n be dynam ically co nfigured using IGMP Sn ooping an d IGMP Query me ssage s as describ ed in “Conf iguring IGM P snoo ping and Que ry Parame ters” on page 3 -133.
Configuri ng the Switch 3-178 3 CLI – This example a ssigns a multica st addr ess to V LAN 1, and the n display s all the kno wn mul tic ast serv ic es su ppor ted on VL AN 1. IGMP Filte ring and Throttli ng In certain swit ch applica tions, th e adminis trator may want to contr ol the mul ticast services t hat are avai lable to en d users.
Mult icast Filt ering 3-179 3 We b – Click IGMP Snooping, IGMP Filter Confi guration. Create a profi le number by entering the numb er in text box and clickin g Add.
Configuri ng the Switch 3-180 3 Command Attributes • Profile ID – Sel ects an ex isting prof ile numbe r to config ure. After se lecting an ID number , click the Q uery but ton to disp lay the curr ent confi guration . • Access M ode – Sets the access mod e of the pr ofile; either per mit or de ny.
Mult icast Filt ering 3-181 3 CLI – Th is ex ampl e co nfig ures pro fil e numbe r 19 by sett ing t he a ccess mode to “pe rmit ” and th en spe cify ing a r ange of multi cast gro ups t hat a user ca n join. The current pr ofile con figuratio n is then disp layed.
Configuri ng the Switch 3-182 3 • Trunk – Indicates if a port is a trunk member . We b – Click IGMP Snooping, IGMP Filt er/Throttling Port Con figuration or IGMP Filter/Throt tling Trunk Config uration. Sel ect a profil e to assign to an i nterface , then set the throt tling num ber a nd ac tion.
Multicast VLAN Regi stration 3-183 3 Multicast VLAN Registrati on Multicast VL AN Regis tration (M VR) is a proto col that cont rols access to a single network -wide VLA N most com monl y used for tran smitti ng multica st traffic (such as tel evi sion chan nels or vide o-on- dem and) a cros s a servi ce pr ovi der’s netw ork.
Configuri ng the Switch 3-184 3 4. For mult icast strea ms that will run for a l ong term and be associated with a stable set of hos ts, you can stati cally bind th e multicast group to the par tic ip ati ng i nte rfac es ( see “ Ass igni ng S tatic Mul tica st G roup s to I nter face s” o n page 3-188) .
Multicast VLAN Regi stration 3-185 3 CLI – This examp le first enab les IGM P snoopin g, enables MVR globa lly , and then configur es a range of MVR grou p address es. Displaying MVR Interf ace Status Y ou ca n displa y informat ion about t he interface s attached to t he MVR VL AN.
Configuri ng the Switch 3-186 3 Displaying Port Members of Multicast Groups Y ou ca n displa y the multi cast groups ass igned to the MVR VLAN either throug h IGMP snoop ing or st atic con fig urat ion. Field Attributes • Group IP – Multicast gr oups assi gned to the M VR VLAN.
Multicast VLAN Regi stration 3-187 3 Configuring MVR Interface Status Each int erf ace t hat par tic ip ates in t he MV R VLAN mus t be confi gur ed as an MV R source po rt or receive r port. If onl y one subsc riber attache d to an inter face is receiv ing multicas t servic es, you ca n enable the immed iate leav e function .
Configuri ng the Switch 3-188 3 We b – Click M VR, Port or T runk Co nfiguratio n. Figure 3-1 10 MV R Port Configur ation CLI – Th is e xampl e co nfig ures an M VR sour ce p ort and recei ver port , an d the n enables imme diate l eave on the r eceive r port.
Configuring Dom ain Name Serv ice 3-189 3 We b – Click M VR, Gro up Mem ber Configu ration. Sel ect a port or tru nk from the “Interfac e” fiel d, and click Query to dis play t he ass igned m ulticast groups. Selec t a multicast address from the dis played lis ts, and click the Add or Remove button to modify the M ember list.
Configuri ng the Switch 3-190 3 • If t here is no domain list, the def ault dom ain name is used. If there i s a domain list, the defaul t domain n ame is not us ed.
Configuring Dom ain Name Serv ice 3-191 3 We b – Select DNS, General Configura tion. Set the defaul t domain na me or list of domain nam es, spe cify on e or more nam e servers t o use to use for address resolution , enable domain lo okup status, a nd click Appl y .
Configuri ng the Switch 3-192 3 Configuring Sta tic DNS Host to Address Entries Y o u can man ually conf igure static en tries in the DN S table that are used to map domai n names to IP addresse s.
Configuring Dom ain Name Serv ice 3-193 3 CLI - Th is ex ampl e map s two ad dres s to a hos t na me, a nd th en co nfi gures an alia s host nam e for th e same add resse s. Displaying the DNS Cache Y o u can disp lay entries in the DNS cache tha t have been learned via the designa ted name se rvers.
Configuri ng the Switch 3-194 3 CLI - This examp le displa ys all the reso urce reco rds lear ned from t he desig nated name ser vers. Switch Clustering Switch Clustering is a met hod of grouping swi tches to gether to en able cent ralized manage ment thr ough a single unit.
Switch Clus tering 3-195 3 • Role – Indi cates the curr ent role of the switc h in the clus ter; either Commander , Memb er , or Candidate. • Cluster IP Pool – An “ interna l” IP add ress pool th at is used to assign IP add ress es to Member s witches in th e cluster.
Configuri ng the Switch 3-196 3 We b – Click C luster , Membe r Config uration. Figur e 3-116 C luster Member C onfigu ration CLI – This examp le creates a new clu ster Mem ber by spec ifying the Ca ndidate switch MAC addres s and se tting a Me mber ID.
Switch Clus tering 3-197 3 CLI – This examp le show s informat ion about cl uster Mem ber swi tches. Cluster Candi date Info rmation Displa ys informat ion abou t discover ed switch es in the net work that ar e alread y cluster M embers or are availa ble to becom e cluster Membe rs.
Configuri ng the Switch 3-198 3.
4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Com mand Line Interface (CLI). Using the Command Line Interface Accessing the CLI When acc essing t he manag emen t interf.
Command L ine Interface 4-2 4 T o acce ss the swi tch throug h a T elnet session , you must fi rst set the IP address for the switch , and se t the default gateway i f you are man aging th e switch from a different IP su bnet.
Entering C ommands 4-3 4 Entering Commands Thi s sect ion de scri bes how to ent er CLI co mmand s. Keywords and Argument s A CLI comma nd is a ser ies of keywor ds and argu ments. Keywo rds iden tify a comm and, and argu ments spec ify configu ration parame ters.
Command L ine Interface 4-4 4 Showing Commands If you ente r a “?” at the co mman d prompt, the system will disp lay the first leve l of keywords for the cu rrent comm and clas s (Norm al Exec or Pri vileged Exe c) or configur ation clas s (Globa l, ACL, Inter face, Line or VL AN Database ).
Entering C ommands 4-5 4 Partial Keyword Lookup If you termi nate a partial keyw ord with a questio n mark, alte rnatives that match th e initial lette rs are provide d. (Rem ember no t to leave a space between t he comm and and quest ion mark. ) For examp le “ s? ” shows al l the keyw ords starting wi th “s.
Command L ine Interface 4-6 4 current m ode. The c omman d classes and ass ociated m odes are di splaye d in the following table : Exec Commands When you open a new console se ssion on the switch wi t.
Entering C ommands 4-7 4 Configurati on Commands Configu ration com mand s are privi leged level comm ands used t o modify s witch settings . These comm ands modi fy the running co nfigurat ion only and are not saved when the sw itch is reb ooted.
Command L ine Interface 4-8 4 Command Line Processi ng Comma nds are not case sens itive. Y ou can ab brevia te comma nds and parameters as long as they contain enoug h letters to differentiate th em from a ny other c urrently availabl e comm ands or parame ters.
Command Group s 4-9 4 Command Groups The syst em com mands can be b roken do wn into the fun ctional g roups shown below . T ab le 4-4 Comman d Grou ps Comman d Grou p Descr iption Page Line Se ts com.
Command L ine Interface 4-10 4 The access mode sho wn in the fo llowing tables is indicated by t hese abbr eviation s: NE (Norm al Exec) IC (I nterface Confi guration) PE (Privileg ed Exec) LC ( Line .
Line Command s 4-11 4 Line Commands Y ou ca n acces s the onbo ard config uration pr ogram by attaching a VT100 compatible de vice to the server ’s serial port. The se comm ands are us ed to set communicati on pa rameters for the serial port or T elnet (i.
Command L ine Interface 4-12 4 Command Usage T elnet is co nsidered a vi rtual term inal connec tion and will be sh own as “Vty” in screen di splays such as show use rs . How ever , the serial comm unicat ion parameter s (e.g., databits) do not affect T e lnet conne ctions .
Line Command s 4-13 4 Example Related Commands usernam e (4-27 ) pass word (4-13) passwo rd This comm and sp ecifies the password for a line. Use the no form to remo ve the password .
Command L ine Interface 4-14 4 timeout log in response Thi s com ma nd s ets th e in terv al that the sys tem wai ts fo r a us er to log into the CLI . Use t he no form to re store the d efault. Syntax timeout login respons e [ seco nds ] no time out login r esponse seconds - Integer that specifies the ti meout interval.
Line Command s 4-15 4 Command Mode Line Co nfigurat ion Command Usage • If us er input is det ected wi thin the timeo ut interval , the sessi on is kept ope n; otherwise the session is terminat ed. • Thi s com mand applie s to both the lo cal co nsole a nd T elnet co nnecti ons.
Command L ine Interface 4-16 4 Related Commands silent-tim e (4- 16) timeout lo gin respons e (4-13) silent-time This comm and sets the am ount of time the man agemen t console is inaccessi ble after the numbe r of unsuc cessfu l logon att empts exce eds the thr eshold se t by the passwo rd-th resh command.
Line Command s 4-17 4 Command Usage The d ata b its comman d can be used to m ask th e high bit on i nput from devices that g enerate 7 d ata bits with parity . If parity is being gene rated, specify 7 data bits per ch aracte r . If no pari ty is re quired, specif y 8 data b its per charact er .
Command L ine Interface 4-18 4 speed This command set s the t erminal line’ s baud rate . This command se ts both th e transmi t (to termina l) and re ceive (from termina l) speed s. Use the no form to re stor e the defaul t setting. Syntax speed bps no speed bps - Baud rate in bits per second.
Line Command s 4-19 4 disco nnect Thi s com mand t ermi nate s an SSH, T elnet, or c onsol e connect ion . Syntax disconnect sessio n-id sessio n-i d – The session identifier for an SSH, T elnet or console connection.
Command L ine Interface 4-20 4 Example T o show all lines, en ter this com mand: General Commands enab le Thi s com mand a cti vate s Pri vil eged Exec mode . In pri vile ged mode, addi tio nal comm ands are availabl e, and c ertain comm ands di splay a dditiona l informa tion.
General Command s 4-21 4 Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “s uper” is the defau lt pas sword re quired to change the com mand mode from Normal Exec to Pr ivileged Exec. (To s et this password, s ee the enable password c omman d on page 4-2 8.
Command L ine Interface 4-22 4 configure This c ommand activ ates Gl obal C onfigurat ion mo de. Y ou must enter this m ode t o modify an y setting s on the sw itch.
General Command s 4-23 4 The ! comman d re peat s co mmand s fro m the Exe cuti on c omman d hi stor y buf fer when yo u are in Norm al Exec or Privi leged Exec M ode, and comman ds from the Configu ration comm and history buffer when y ou are in an y of the con figuration mode s.
Command L ine Interface 4-24 4 exit This comm and ret urns to the prev ious conf iguration mode or ex it the confi guration program. Default Sett ing None Command Mode Any Example This examp le shows .
System Management C ommands 4-25 4 System Management Co mmands Thes e co mmand s are u sed to c ontr ol sy stem logs , p assw ords , us er nam es, brows er configur ation op tions, and display or co nfigure a va riety of othe r system inform ation. Device Designation Commands prompt This comm and cust omizes th e CLI prom pt.
Command L ine Interface 4-26 4 Example hostname This comm and sp ecifies or m odifies the host na me for this de vice. Us e the no form to restor e the defaul t host name .
System Management C ommands 4-27 4 username This comm and adds n amed users, requ ires authe ntication at login, speci fies or chang es a user 's passwor d (or sp ecify tha t no passw ord is re quired ), or spec ifies or chang es a user's acc ess leve l.
Command L ine Interface 4-28 4 enable pa ssword After initially log ging on to the s ystem, you shou ld set th e Privilege d Exec password. Remem ber to recor d it in a safe pl ace. This com mand controls ac cess to the Privileged Exec level from the Norma l Exec level.
System Management C ommands 4-29 4 IP Filt er Commands managem ent This comm and speci fies the client IP addr esses tha t are allow ed manage ment access t o the switch through v arious pr otocols.
Command L ine Interface 4-30 4 Example Thi s exam ple res tri ct s mana gement acces s to th e indi cate d addr esses . show ma nagement This comm and disp lays the cl ient IP addr esses th at are allow ed manag ement access t o the switch through v arious pr otocols.
System Management C ommands 4-31 4 Web Server Commands ip http port This comm and speci fies the TCP port num ber used by the web br owser inter face. Use t he no form to us e the defa ult port. Syntax ip http port port- number no ip http port port-number - The TCP p ort to be used by the browser interface.
Command L ine Interface 4-32 4 Example Related Commands ip htt p port (4-31 ) ip http sec ure-server This comm and enabl es the se cure hype rtext transfe r protocol (HTTPS) ove r the Secure Socket Layer (SSL ), pro viding s ecure a ccess ( i.e., an encrypted conn ection) to the swit ch’s web interfac e.
System Management C ommands 4-33 4 Example Related Commands ip http secu re-port (4-33) copy tftp https-certif icate (4-70) ip http sec ure-port This comm and speci fies the UD P port numbe r used for HTTP S/SSL co nnection to the switch’ s web interf ace.
Command L ine Interface 4-34 4 Telnet Ser ver Commands ip telnet po rt This co mmand specifies the TCP port n umb er used by the T elnet int erface . Use the no form to us e the defaul t port. Syntax ip telnet port port-numb er no ip telnet port port-number - The TCP p ort to be used by the browser interface.
System Management C ommands 4-35 4 Related Commands ip tel net port (4-3 4) Secure Shell Command s The Berkl ey-standard includes r emote a ccess too ls originall y designe d for Unix systems. Some of these tools hav e also bee n implem ented for M icrosoft Windo ws and other environm ents.
Command L ine Interface 4-36 4 The SSH se rver on th is switch su ppor ts both password and public key authenti cation. If password auth enticatio n is specifie d by the S SH client, then the password.
System Management C ommands 4-37 4 corres ponding to the public ke ys store d on the switc h can gain a ccess. Th e followi ng exchang es take place du ring this p rocess: a. T he c lien t se nds i ts publ ic key to the swi tch. b. The switc h compares th e client's pub lic key to tho se stored in memor y .
Command L ine Interface 4-38 4 ip ssh tim eout This comm and conf igure s the timeout for the SSH server. Use the no form to res tore the defaul t setting. Syntax ip s sh timeout secon ds no ip ssh time out seconds – The timeout for client re sponse during SSH ne gotiation.
System Management C ommands 4-39 4 Example Related Commands show ip ss h (4-41) ip ssh se rver-key s ize This com mand sets t he SSH serv er key size . Use the no form to rest ore the defa ult setting. Syntax ip ssh serv er-key si ze key- size no ip ssh ser ver-key siz e key-size – The size of server key .
Command L ine Interface 4-40 4 Example ip ssh cr ypto host-k ey generate This comm and gener ates th e host key pair (i.e. , public and pr ivate). Syntax ip ssh cryp to host-key ge nerate [ dsa | rsa ] • dsa – DSA (Ver sion 2) ke y type. • rsa – RSA ( Version 1) key type.
System Management C ommands 4-41 4 Command Mode Privileged Exec Command Usage • This comma nd clear s the host key fr om volatil e memory (RA M). Use t he no ip ssh save h ost-key command to c lear the h ost key fro m flash memor y. • The SSH serv er must be disa bled bef ore you ca n execu te this comm and.
Command L ine Interface 4-42 4 Example show ss h This comm and disp lays the cur rent SSH se rver con nections. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.
System Management C ommands 4-43 4 show pub lic-key Thi s com mand s hows the publ ic ke y fo r th e sp ecifi ed u ser or fo r th e ho st. Syntax show p ublic-key [ user [ usernam e ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Sett ing Shows all public keys .
Command L ine Interface 4-44 4 Event Logging Commands logging on This comm and cont rols loggin g of error m essages, sending debug or er ror message s to switch memory .
System Management C ommands 4-45 4 logging his tory This com mand limi ts syslog me ssage s saved to switch m emory ba sed on s everit y . The no form re turns the logging of sys log messages to t he default level.
Command L ine Interface 4-46 4 logging hos t This comm and ad ds a syslog ser ver host IP addres s that will re ceive logg ing messag es. Use th e no form to remove a syslog server h ost. Syntax [ no ] logging host host_ip_ addre ss host_ip_address - The IP address of a syslog server .
System Management C ommands 4-47 4 logging trap This comm and en ables the logg ing of sys tem mess ages to a re mote serv er , or limits the sysl og mess ages sa ved to a remo te serve r based on severity . Use this comm and witho ut a specifie d level to en able remote logging .
Command L ine Interface 4-48 4 Related Commands show logg ing (4-48) show log ging This comm and disp lays the con figura tion settings for loggin g messag es to local switch memory , to an SMTP event handler, or to a rem ote syslog serve r .
System Management C ommands 4-49 4 The follow ing exam ple displays settings for the trap fu nction. Related Commands show logg ing sendm ail (4-53) show log This c omman d disp lays the sys tem and eve nt me ssage s stor ed in memo ry . Syntax show log { flash | ra m } [ login ] [ tai l ] • flas h - Event histo ry stored in flash memory (i.
Command L ine Interface 4-50 4 Example The fo llowing exampl e show s sam ple me ssage s stored in R AM. SMTP Alert Commands These com mands configure SMTP event handling, an d forward ing of alert messag es to the spec ified SM TP server s and email recipients.
System Management C ommands 4-51 4 Command Mode Global Co nfigurat ion Command Usage • You ca n speci fy up to three SMTP serv ers for ev ent hand ing .
Command L ine Interface 4-52 4 logging se ndmail sourc e-email This comm and sets the em ail addre ss used for the “From ” field in alert m essages . Use t he no form to de lete the sou rce ema il address . Syntax [no] logging sen dmail source-ema il email-add ress email- address - The source email address used i n alert messages.
System Management C ommands 4-53 4 loggin g sendmail This comm and enabl es SMTP ev ent hand ling. Use the no form to disable this func tio n. Syntax [ no ] log ging sendmail Default Sett ing Enabl ed Command Mode Global Co nfigurat ion Example show log ging sen dmail This c ommand displ ays the settings for the SMTP even t hand ler .
Command L ine Interface 4-54 4 Time Commands The syste m clock can be dynami cally set by p olling a set of specified N TP time ser vers . Maint ai nin g an accu rate time on the swi tch en able s the sy stem l og to record me anin gful date s and time s for ev ent entries .
System Management C ommands 4-55 4 Example Related Commands sntp ser ver (4-5 5) sntp poll (4-56) show sn tp (4-56 ) sntp serv er This comm and sets the IP address of the server s to which SN TP time reques ts are issued. U se this comm and wi th no argum ents to clear all t ime servers f rom the current l ist.
Command L ine Interface 4-56 4 sntp poll This comm and sets the in terval betw een send ing time requests when th e switch is set to SNTP client mode. U se the no form to resto re to the def ault. Syntax sntp poll secon ds no sntp poll seconds - Interval between time requests.
System Management C ommands 4-57 4 ntp cli ent This comm and ena bles N TP client requests for t ime syn chronizat ion from N TP time server s specif ied with th e ntp s ervers c omman d.
Command L ine Interface 4-58 4 Default Sett ing V er sion numb er: 3 Command Mode Global Co nfigurat ion Command Usage • This command specifies time servers that th e switch will poll for time updates when set to NTP c lient mode. I t issues ti me synchronization requests based on the interval s et with the ntp p oll comman d.
System Management C ommands 4-59 4 Example Related Commands ntp client (4 -57) ntp au thenticate This comm and enabl es authe ntication for NTP clien t-server communi cations.
Command L ine Interface 4-60 4 • key - An MD5 authent ication key st ring. The key string c an be up to 32 cas e-s ensi tive pri nta ble ASCII cha ract ers ( no s pac es). Default Sett ing None Command Mode Global Co nfigurat ion Command Usage • The key number specifies a key value in the NTP authentication key list.
System Management C ommands 4-61 4 Example cloc k time zon e This comm and se ts the time zone for the swit ch’s internal c lock. Syntax clock timezone name hou r hours minute minutes { before-utc | af ter-utc } • name - Nam e of tim ezone, us ually an acr onym.
Command L ine Interface 4-62 4 Related Commands show sn tp (4-56 ) cale nda r set This command s ets the s ystem clock. It may be used i f there is no time se rver on your net work, or if you have not configur ed the s witch to receive signals from a t ime serv er .
System Management C ommands 4-63 4 System Status Commands show sta rtup-config This comm and disp lays the con figura tion file stored in non-vo latile mem ory that is used to start up the system .
Command L ine Interface 4-64 4 Example Related Commands show runni ng-con fig (4- 65) Console#show startup-config building startup-config, please wait.
System Management C ommands 4-65 4 show runn ing-config This comm and disp lays the con figurat ion inform ation curr ently in use. Default Sett ing None Command Mode Privileged Exec Command Usage •.
Command L ine Interface 4-66 4 Example Related Commands show startu p-config (4-63) Console#show running-config building running-config, please wait...
System Management C ommands 4-67 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Privileged Exec Command Usage • For a descri ption of the ite ms show n by this comm and, re fer to “D isplayin g System In formatio n” on page 3-10 .
Command L ine Interface 4-68 4 Command Usage The sess ion use d to execut e this co mman d is in dicated by a “* ” symb ol next to the Line (i .e., session ) index nu mber . Example show ve rsion Thi s comma nd dis play s hard ware an d sof tw are ver sio n infor mat ion f or the syste m.
System Management C ommands 4-69 4 Example Frame Size Commands jumbo frame This comm and enabl es suppo rt for jumbo frames. Use the no form to di sabl e it.
Command Line Interface 4-70 4 • Ena bling jumb o frame s will limit the maxi mum t hresh old for broad cast s torm contro l. (See the switc hport broadca st comm and on page 4 -137.) • The curre nt sett ing f or jumbo fram es can be display ed with the show system comm and (pa ge 4 -67).
Flash/File Commands 4-71 4 • public-ke y - K eywor d th at a llow s you to co py a SSH k ey f rom a TFTP server. (“Se cure Shell Comman ds” on p age 4-35) Default Sett ing None Command Mode Privileged Exec Command Usage • The system prompts for data r equired to complete the copy command.
Command L ine Interface 4-72 4 The follow ing exam ple shows how to copy t he running c onfigu ration to a startup file. The follow ing exam ple shows how to dow nload a conf iguration f ile: This examp le show s how to cop y a secure- site certifica te from an TFTP server.
Flash/File Commands 4-73 4 delete This comm and dele tes a file or im age. Syntax delete filenam e filename - Name of the configuration f ile or image name. Default Sett ing None Command Mode Privileged Exec Command Usage • If the file type is used fo r system star tup, then thi s file cannot be deleted.
Command L ine Interface 4-74 4 • Fil e inf orm ation is shown bel ow: Example The follow ing exam ple shows how to disp lay all file inform ation: whichboo t This c ommand displ ays w hich file s were booted when the s ystem powe red up.
Flash/File Commands 4-75 4 boot syste m This comm and sp ecifies the image us ed to start up the sy stem. Syntax boot syst em { boot-rom | co nfig | opcode }: filename The type of file or i mage to set as a default includes: • boot-rom * - B o ot RO M.
Command L ine Interface 4-76 4 Authentication Commands Y o u can conf igure this sw itch to au thentica te users logging in to the sys tem for manage ment ac cess usin g local or RA DIUS a uthentic ation met hods. Y ou ca n also enable po rt-based authent ication for net work clien t access u sing IEEE 802.
Authentication Command s 4-77 4 • RADIUS and TACA CS+ logon authentication as signs a specific privile ge level for eac h user name an d pass word pair . Th e us er n ame, passw ord , and privilege lev el must be c onfigured on the aut henticat ion server .
Command L ine Interface 4-78 4 authenti cation is at tempted on the TAC ACS+ se rver. If th e TACACS+ s erver is not avai lable, the loca l user name and pass word is ch ecked.
Authentication Command s 4-79 4 • retr ansm it - Number of times the switch will try to authent icate logon access via the RA DIUS ser ver. (Ra nge: 1-30) • key - Encryption key used to authenticate logon access for client. Do not use blank spaces i n the string.
Command L ine Interface 4-80 4 Default Sett ing None Command Mode Global Co nfigurat ion Example radius- server r etransmi t This c ommand sets th e numb er of retrie s.
Authentication Command s 4-81 4 Example show radi us-server This comm and disp lays the cur rent sett ings for the RA DIUS server . Default Sett ing None Command Mode Privileged Exec Example TACACS+ C.
Command L ine Interface 4-82 4 tacacs-se rver host This command specifies the T ACACS+ server . Use the no form to restore the default. Syntax t aca cs-serv er host host_ ip_addres s no tacacs-serv er host host_ip_address - IP addr ess of a T ACACS+ server .
Authentication Command s 4-83 4 Syntax t aca cs-serv er key ke y_st ring no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the client.
Command L ine Interface 4-84 4 Port Security Commands These com mands can be use d to enable po rt securi ty on a port. Wh en using po rt securi ty , the sw itch st ops learn ing new M AC ad dresses on the s pecified port w hen it has r eache d a con figur ed max imum nu mber .
Authentication Command s 4-85 4 Command Usage • If you e nable p ort se curity, t he swit ch sto ps learning new MAC a ddre sses on the spec ified port whe n it has reac hed a con figured m aximum number . Only incom ing traffic w ith sour ce addre sses a lready stored in the dyna mic or st atic address table will be ac cepted .
Command L ine Interface 4-86 4 dot1x system -auth-contro l This comm and enabl es 802.1 X port authe ntication g lobally on the switch. U se the no form to restore the default.
Authentication Command s 4-87 4 dot1x max- req This co mmand sets the m aximum numb er of tim es the s witch p ort will re transm it an EAP request/identity packet to the client before it times out the authentication session . Use the no form to r estore t he def ault.
Command L ine Interface 4-88 4 dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X-a utho ri zed port . Use t he no f orm wi th no keywo rds to re store the de fault to single h ost. U se the no form with the multi-host max-count keywords to restore the default maximum c ount.
Authentication Command s 4-89 4 Command Mode Privileged Exec Example dot1x re-aut hentication This comm and enabl es periodi c re-auth entication globally for all ports.
Command L ine Interface 4-90 4 dot1x timeout re-auth period This comm and se ts the time pe riod after wh ich a conne cted clie nt must be re-authe nticated . Syntax dot1x ti meout re-a uthperiod seconds no dot1x timeou t re-authperiod secon ds - The number of sec onds.
Authentication Command s 4-91 4 Syntax show d ot1x [ statistics ] [ in terfac e inte rfac e ] • statistics - Displa ys dot 1x statu s for each por t.
Command L ine Interface 4-92 4 - Port- contr ol – Show s the do t1x mode on a po rt as au to, force-au thorized , or force- unautho rized (pag e 4-87). - Supplican t – MAC ad dress of authorize d client. - Current Ident ifier – The i nteger (0 -255) used by the Au thentic ator to identify t he curren t authentic ation se ssion.
Authentication Command s 4-93 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes .
Command L ine Interface 4-94 4 Network Access The Netw ork Acces s feature co ntrols hos t access to the networ k by authe nticating its MAC a ddress o n the co nnected switch port.
Authentication Command s 4-95 4 Command Usage • W hen enabl ed on a port interface, the authent ication pro cess sends a Passwo rd Authent ication Prot ocol (PA P) reques t to a configured R ADIU S server . The usernam e and pa ssword ar e both equ al to the MAC address being auth entica ted.
Command L ine Interface 4-96 4 Command Mode Interfa ce Configur ation Command Usage The max imum nu mber of MAC add resse s per port is 1024, a nd the m aximum number of secure MAC add resses su pported for the swit ch system i s 1024. When t he lim it is re ached , all new MAC addr esses a re treat ed a s authentication faile d.
Authentication Command s 4-97 4 Example The follow ing exam ple creat es MAC filter 1 and adds M AC addr ess 00-00-E 8-12-1 1-01 to the fil ter . network-ac cess por t-mac-filter Use this command t o apply a MAC add ress filte r to a port int erface. Us e the no form of this comm and to re move a MA C address filter from an interface.
Command L ine Interface 4-98 4 Command Usage • When enabled, the VLAN identifi ers returned b y the RADIUS server will be applied t o the port, prov iding the V LANs hav e been alread y create d on the switch.
Authentication Command s 4-99 4 clear networ k-access Use this comman d to clear en tries from the secur e MAC ad dresses table. Syntax clear net work-ac cess mac -address -table [ static | dynamic ] [ addres s mac-addres s ] [ interface in terface ] • static - Spe cifies stat ic address entries.
Command L ine Interface 4-100 4 Example show ne twork-ac cess mac-fi lter Use this comma nd to display MAC authen tication filt ers. Syntax show n etwork- access m ac-fil ter [ filter-i d ] filte r-id - S pecifies a filter number . (Range: 1-64) Default Sett ing Displays all filters.
Authentication Command s 4-101 4 • etherne t unit / port - unit - This is unit 1. - port - Port num ber. (Rang e: 1-26/ 52) • sort - Sorts di splayed entries by e ither MAC ad dress or interface.
Command L ine Interface 4-102 4 Access Control List Com mands Access C ontrol Lists (ACL) provide packet fil tering for IP fram es (bas ed on ad dress , protocol , Layer 4 prot ocol port number or TCP c ontrol cod e) or any fram es (bas ed on MAC address or Et hernet type ).
Access Control List Commands 4-103 4 IP ACLs access-l ist ip This co mmand adds an IP acce ss lis t and e nters con figuratio n mo de for stan dard or extende d IP ACLs .
Command L ine Interface 4-104 4 Command Usage • W hen you crea te a n ew ACL or enter configu ration m ode f or an e xisting AC L, use the permit or deny command to add new rules to th e bottom of the list. To create an AC L, you mus t add at leas t one rule to th e list.
Access Control List Commands 4-105 4 Example This examp le config ures one pe rmit rule for the specif ic address 10 .1.1. 21 and another rule for the ad dress ran ge 168.9 2.16.x – 168. 92.31.x us ing a bitm ask. Related Commands access- list ip (4-103) permit , deny (Extended ACL) This comm and adds a r ule to an Exten ded IP ACL.
Command L ine Interface 4-106 4 Default Sett ing None Command Mode Ext ended ACL Command Usage • Al l new rules ar e appende d to the end of the list. • Add ress bi tmasks ar e similar to a subn et mask , contai ning four int egers fr om 0 to 25 5, each separa ted by a peri od.
Access Control List Commands 4-107 4 This perm its all TCP packets from class C addres ses 192.1 68.1.0 with t he TCP control code set to “SYN.” Related Commands access- list ip (4-103) show ip access-list This comm and disp lays the ru les for confi gured IP ACL s.
Command L ine Interface 4-108 4 Command Usage • A por t can only be bound to one ACL. • If a po rt is already bound to an ACL and you bind it to a differe nt ACL, the switch will replace the old binding with the new one. • You must con figure a m ask for an A CL rule befor e you can bind it to a port.
Access Control List Commands 4-109 4 Command Usage A packet matchi ng a rule within the specified ACL i s mapped to one of the output que ues as shown in t he follow ing table. For informat ion on m apping th e CoS v alues to out put que ues, s ee queue cos -ma p on page 4-201.
Command L ine Interface 4-110 4 MAC ACLs access-l ist mac Thi s com mand a dds a MAC acces s li st a nd en ters MAC ACL co nfi gur ation mod e. Use t he no form to rem ove the sp ecified ACL . Syntax [ no ] access-list mac acl_nam e acl_name – Name of the ACL.
Access Control List Commands 4-111 4 Related Commands permit, de ny (MAC ACL) (4-1 1 1 ) mac acce ss-g roup (4-1 12) show mac a ccess -list ( 4-1 12 ) permit , deny (MAC ACL) This comm and adds a rule to a MAC AC L. The rule filters packets matc hing a specifie d MAC so urce or de stination a ddres s (i.
Command L ine Interface 4-112 4 Example This rule pe rmits packets from an y source M AC addr ess to th e destinat ion addr ess 00- e0- 29-94- 34-d e wh ere t he E the rnet type is 0800. Related Commands access -list mac (4 -1 10) show ma c access-l ist This comm and disp lays the ru les for confi gured MA C ACLs.
Access Control List Commands 4-113 4 Command Usage • A por t can only be bound to one ACL. • If a po rt is already bound to an ACL and you bind it to a differe nt ACL, the switch will replace the old binding with the new one.
Command L ine Interface 4-114 4 Command Usage • You must c onfigure an ACL ma sk befo re you can map CoS valu es to the rule. • A pac ket matc hing a rule w ithin the sp ecified ACL is mapped t o one of the output q ueues as sh own b elow.
Access Control List Commands 4-115 4 ACL I nfo rmat ion show ac cess-list This co mmand shows a ll ACLs and associate d rules, as we ll as all the us er-defin ed masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to a n interface (i.
Command L ine Interface 4-116 4 SNMP Commands Controls a ccess to th is switch fr om management s tations using the Simp le Network Manage ment Prot ocol (SNM P), as well as the error ty pes sent to trap mana gers.
SNMP Commands 4-117 4 snmp-server This comm and ena bles the SNMPv 3 engine and services fo r all managem ent clients (i.e., versions 1, 2c, 3). Use the no form to disable the server .
Command L ine Interface 4-118 4 Example snmp-server communit y This comm and define s the SNMP v1 and v2c commu nity acces s string. Use the no form to rem ove the sp ecified co mmun ity string.
SNMP Commands 4-119 4 • pr ivate - Re ad/wr ite acce ss. A uthorize d manag ement stations are abl e to bo th ret rieve and modif y MIB obje cts. Command Mode Global Co nfigurat ion Example snmp-server cont act This comm and se ts the system contact string .
Command L ine Interface 4-120 4 Command Mode Global Co nfigurat ion Example Related Commands snmp- server co ntact (4-1 19) snmp-server host Thi s com mand s pec ifie s th e re cipi ent o f a Sim ple Ne two rk Ma nagem ent Prot ocol notificat ion operat ion.
SNMP Commands 4-121 4 • SNMP Ve rsion: 1 • UDP Port: 162 Command Mode Global Co nfigurat ion Command Usage • If yo u do not ente r an snmp- server hos t comm and, no not ifications ar e sent. In ord er to co nfigur e the switch to sen d SNM P noti fications , you m ust e nter a t least one snm p-serve r host c omma nd.
Command L ine Interface 4-122 4 suppo rts. If the snm p-serve r host comm and does no t spec ify the SNM P version, the defaul t is to send SNM P version 1 no tification s. • If you speci fy an SN MP Vers ion 3 ho st, then th e commun it y strin g is interpret ed as an SNMP use r name.
SNMP Commands 4-123 4 conjunc tion with the correspond ing entrie s in the Notify View assigned by the snmp-s erver gro up com mand (p age 4-126). Example Related Commands snmp- server ho st (4-12 0) snmp-server engi ne-id This comm and conf igures an id entificat ion string for the SNMP v3 engine.
Command L ine Interface 4-124 4 • A l ocal eng ine ID is au tomaticall y generate d that is un ique to the switch . This is referred to as the defau lt engine ID. If the loca l engine ID is dele ted or changed, all SNMP users will be clear ed. You will need t o reconfigure al l existing use rs (page 4 -128).
SNMP Commands 4-125 4 snmp-server vi ew This command adds an SNMP view which controls user access to the MIB. Use the no for m to r emove a n SNM P view. Syntax snmp-s erver view view-na me oid-tree { includ ed | exclude d } no snmp-s erver vi ew view -name • view-name - Name of a n SNM P v iew.
Command L ine Interface 4-126 4 show snmp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp-server gr oup This comm and adds a n SNMP gr oup, mapp ing SNMP us ers to SNM P views. Use the no form to remove an SNMP gro up.
SNMP Commands 4-127 4 Default Sett ing • Def ault grou ps: public 23 (read on ly), priv ate 24 (read/w rite) • readvi ew - Every obj ect belonging to the Inte rnet OID space (1.3.6.1). • writ eview - Not hing is defi ned. • notifyvie w - Nothi ng is de fine d.
Command L ine Interface 4-128 4 snmp-server use r Thi s com mand a dds a use r to an SN MP gr oup, res tri ctin g th e user to a spe cifi c SNMP Re ad, Write, or No tify View .
SNMP Commands 4-129 4 • rem ote - Sp ecifies an S NMP engi ne on a rem ote device. • ip-a ddre ss - The Interne t addres s of the remo te device. • v1 | v2c | v3 - Use SNMP ve rsion 1, 2c o r 3. • encr ypte d - Accepts the pa sswor d as encryp ted input .
Command L ine Interface 4-130 4 show snmp user This comma nd shows informatio n on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Nam.
Interface C ommands 4-131 4 Interface Commands Thes e comma nds ar e used t o disp lay or set comm unic atio n pa rame ters for an Ethernet p ort, aggregate d link, or VLAN. interface This comm and conf igures an interfac e type and en ter interfa ce configu ration mo de.
Command L ine Interface 4-132 4 Command Mode Global Co nfigurat ion Example T o specify port 24, enter the following command: descri ption This comm and adds a desc ription to an interface.
Interface C ommands 4-133 4 Default Sett ing • Aut o-nego tiation is en abled by def ault. • W hen aut o-negot iation is disabled , the default sp eed-d uplex s etting is 100hal f for 100BASE- TX ports and 10 00full for Gigabit Ethernet ports.
Command L ine Interface 4-134 4 • If autonegotiati on is disabled, aut o-MDI/MDI-X pin si gnal configuration will also be disa bled for the RJ-45 ports.
Interface C ommands 4-135 4 Example The follo wing exa mple conf igures Et hernet po rt 5 capabil ities to 10 0half, 10 0full and fl ow cont rol. Related Commands negotiat ion (4-133 ) speed-d uplex (4 -132) flo wcon tro l (4-1 35 ) flowcontrol This comm and enabl es flow control.
Command L ine Interface 4-136 4 Example The follow ing exam ple enable s flow con trol on port 5. Related Commands negotiat ion (4-133 ) capa bilities ( flowcontrol, symmetric) (4 -134) shutdown This comm and disa bles an int erface. T o restart a disabled interfac e, use the no form .
Interface C ommands 4-137 4 switchpo rt broadcast pa cket-rate This comm and conf igures bro adcas t storm cont rol. Use the no form to disable broadca st st orm c ontrol. Syntax switchport broadc ast octet-rate rate no switchport broadc ast rate - Threshold level as a rate; i.
Command L ine Interface 4-138 4 Command Mode Privileged Exec Command Usage S t atistics ar e only initial ized for a p ower reset. This c ommand sets th e base value fo r displaye d statistics t o zero for the current managem ent se ssion .
Interface C ommands 4-139 4 Example show inte rfaces counter s This comm and disp lays in terface statistic s. Syntax show i nterface s cou nters [ interface ] inte rface • etherne t unit / port - unit - This is unit 1.
Command L ine Interface 4-140 4 Example show inte rfaces swi tchport This comm and disp lays the adminis trative an d operatio nal status of the spe cified int er fac es. Syntax show i nterface s swi tchport [ interfac e ] inte rface • etherne t unit / port - unit - This is unit 1.
Interface C ommands 4-141 4 Example This examp le show s the configu ration set ting for port 24. Console#show interfaces switchport ethern et 1/24 Broadcast threshold: Enabled, 6 00 octets/second LAC.
Command L ine Interface 4-142 4 Mirror Port Commands This secti on descr ibes how to mirror traffic from a so urce por t to a target port. port monitor This c omman d conf igures a mirro r sess ion.
Mirror Port Command s 4-143 4 Example The follow ing exam ple configur es the swi tch to mirr or receive d packets from port 6 to 1 1: show port monitor This c ommand displ ays mir ror inf ormation. Syntax sh ow port mon itor [ in terf ace ] inte rface - ethernet unit / port (source port) • unit - This is unit 1.
Command L ine Interface 4-144 4 Rate Limit Commands This funct ion allows the network manager to control th e maximum rate for traffic transmi tted or recei ved on an in terface. R ate limiti ng is configur ed on interf aces at the edge of a network to limit tr affic into or out of the network.
Rate Limit Commands 4-145 4 Example rate-limit gra nularity Use this com mand to define t he rate lim it granular ity for the Fas t Ethernet ports, and the Gigab it Ethernet por ts.
Command L ine Interface 4-146 4 Command Usage • For Fast Ethe rnet int erfaces, th e rate limit gr anulari ty is 512 Kb ps, 1 Mbp s, or 3.3 Mbp s. • For Gigabit Et hernet inter faces, th e rate limit gran ularity is 33.3 Mbps. Example Link Aggregation Comma nds Ports can be statica lly groupe d into an aggr egate link (i.
Link Aggr egation Command s 4-147 4 Guidelines for Creati ng Trunks General Guidelines – • Fi nish co nfiguring p ort trun ks befor e you connect the co rrespon ding net work cabl es be twe en sw itc hes to av oid c rea ting a lo op. • A tr unk can hav e up to eig ht ports.
Command L ine Interface 4-148 4 Command Usage • W hen con figuring st atic trun ks, the sw itches mu st comp ly with the Cisc o EtherCh annel stand ard. •U s e no channel-gr oup to remove a po rt group from a trunk. • U se n o interf aces port -channel to remove a tru nk from t he switch.
Link Aggr egation Command s 4-149 4 Example The follow ing shows L ACP en abled on po rts 1 1 -13. Beca use LACP has also be en enabled on the ports at the oth er end of t he links, the s how interf aces status port-chann el 1 c omma nd show s th at Trunk 1 has bee n establis hed.
Command L ine Interface 4-150 4 Command Mode Interfa ce Configur ation (Eth ernet) Command Usage • Por t must be co nfigured with the s ame system priority to join the sam e LAG. • Sys tem pr iority is comb ined with the s witch’ s MAC addr ess to form the LAG ide nti fier .
Link Aggr egation Command s 4-151 4 • O nce the rem ote side of a link has been establis hed, LACP op eratio nal settings are already in use on that side.
Command L ine Interface 4-152 4 lacp port-priorit y This comm and conf igures LA CP port pr iority . Use t he no form to restore th e default setting. Syntax lacp { actor | pa r t n e r } port-priority pri ority no lacp { actor | pa r t n e r } po rt-p rior ity • actor - Th e local side an ag gregat e link.
Link Aggr egation Command s 4-153 4 Default Sett ing Port Ch annel: a ll Command Mode Privileged Exec Example Console#show lacp 1 counters Channel group : 1 ----------------------------------------- -.
Command L ine Interface 4-154 4 Console#show lacp 1 internal Port Channel : 1 ----------------------------------------- -------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------.
Link Aggr egation Command s 4-155 4 Console#show lacp 1 neighbors Port channel 1 neighbors ----------------------------------------- -------------------------------- Eth 1/1 --------------------------.
Command L ine Interface 4-156 4 Address Table Command s Thes e comma nds ar e used t o conf igur e the ad dres s ta ble fo r fil teri ng spe cif ied addr esse s, di spla yin g curr ent en tri es, cle arin g the t abl e, or sett ing th e agin g time .
Address T abl e Commands 4-157 4 mac-addr ess-table stati c This comm and maps a static ad dress to a destination port in a VLAN. Use the no form to rem ove an addr ess.
Command L ine Interface 4-158 4 clear mac -address- table dynamic This comm and rem oves a ny learne d entries fro m the forwa rding da tabase and clears the transm it and rece ive counts for any static or syst em confi gured ent ries.
Address T abl e Commands 4-159 4 means t o match a bi t and “1” mea ns to ignore a bit. For exam ple, a mas k of 00-00-0 0-00-0 0-00 means an exact m atch, and a m ask of FF-FF-FF -FF-FF-FF m eans “any .” • The maxim um num ber of addre ss entries is 8191.
Command L ine Interface 4-160 4 Spanning Tree Command s This section include s comm ands that con figure th e S panning Tree Algorithm (S T A) globally fo r the switch , and com mands tha t configur e ST A for th e selected i nterface .
Spanning Tree Commands 4-161 4 spanning-tr ee Thi s com mand en able s the S panni ng T ree Al gori thm gl obal ly f or t he sw itch. Use the no form to disab le it.
Command L ine Interface 4-162 4 - This cre ates one sp anning tre e instance for the en tire netwo rk. If multipl e VLANs ar e impleme nted on a net work, the pa th betwe en spec ific VLAN memb ers may be inadverte ntly disabl ed to preven t network loops, thu s isolating group memb ers.
Spanning Tree Commands 4-163 4 Global Co nfigurat ion Command Usage This command set s the maximum time (in seconds) the r oot device wil l wait before changing sta tes (i.
Command L ine Interface 4-164 4 spanning-tr ee max-age Thi s comma nd conf igu res th e span nin g tre e brid ge maxi mum age gl oba lly for th is switch. Use the no fo rm to res tore the defau lt. Syntax spanning-tree m ax-age seconds no spanning-tree max-age seconds - T ime in seconds.
Spanning Tree Commands 4-165 4 Command Mode Global Co nfigurat ion Command Usage Bridge prior ity is used in selecting the r oot device, root port, an d designa ted port. The de vice with th e highest pr iority (i.e. , lower num eric value ) becom es the ST A root device.
Command L ine Interface 4-166 4 spanning-tr ee transmi ssion-limit This c ommand conf igures t he min imum i nterval betwee n the transm ission of consecutive RSTP/MST P BPDUs. Use the no form to restore the default. Syntax spanning-tree tran smissi on-limit count no spanning-tree t ransmiss ion-limit count - The transmission limit in seconds.
Spanning Tree Commands 4-167 4 mst vlan Thi s com mand adds VLAN s to a sp anni ng tr ee i nst anc e. Us e the no form t o remove the spec ified VLA Ns. Usin g the no f orm without any V LAN parame ters to rem ove all VLANs. Syntax [ no ] mst instance_i d vlan vlan-r ange • instance _id - Insta nce ident ifier of the spa nning tree .
Command L ine Interface 4-168 4 mst priori ty This c ommand conf igures t he prio rity of a spannin g tree instance. Use the no form to restor e the defaul t. Syntax mst instance_id prior ity priority no mst instance_ id prio rit y • instance _id - Insta nce ident ifier of the spa nning tree .
Spanning Tree Commands 4-169 4 The MST re gion name an d revision numbe r (page 4-169) are us ed to designa te a unique M ST regio n. A bridge (i.e., spanning- tree comp liant dev ice suc h as th is s witc h) can only belo ng to one MST reg ion. And a ll br idg es in the same re gion must be configure d with the sam e MST in stances.
Command L ine Interface 4-170 4 Default Sett ing 20 Command Mode MST Conf iguration Command Usage An MSTI regi on is treated as a single node by the STP and RSTP pr otocols. Ther ef ore, th e mess age ag e for B PDUs in side an MSTI regio n is nev er changed.
Spanning Tree Commands 4-171 4 The recommended r ange is: •Etherne t: 200,000 -20,000 ,000 •Fast Ethe rnet: 20,000 -2,000 ,000 •Gigab it Ethernet: 2, 000-200 ,000 Default Sett ing By default , t.
Command L ine Interface 4-172 4 Command Usage • Thi s comman d define s the priority for the use of a port in the Spann ing Tree Alg orit hm. I f th e path co st f or al l port s on a swit ch ar e the same, t he po rt wit h the highest priority (that is, lowest val ue) will be configu red as an active link in the spann ing tree.
Spanning Tree Commands 4-173 4 spanning-tr ee portfast This comm and sets an int erface to fas t forwardi ng. Use th e no form to d isable fast forwar ding.
Command L ine Interface 4-174 4 Default Sett ing auto Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • Spe cify a po int-to-point link if the inter face can only be conn ected to exa ctly one oth er bridge , or a sh ared lin k if it can be conne cted to two or m ore br idges.
Spanning Tree Commands 4-175 4 Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage • Eac h spann ing-tree in stance is as sociated w ith a uniq ue set of VLAN I Ds. • Thi s comman d is used by the multiple spanning -tree alg orithm to det ermine the best pat h between devices .
Command L ine Interface 4-176 4 Example Related Commands spanning-tr ee ms t cost (4-174) spanning-tr ee protoc ol-migratio n This comm and re-c hecks the app ropria te BPDU for mat to send on the selected int er fac e. Syntax spanning-tree protocol-migra tion interface inte rface • etherne t unit / port - unit - Stack un it.
Spanning Tree Commands 4-177 4 • port-chann el cha nnel-id (Rang e: 1-32) • instance _id - Insta nce ident ifier of the m ultiple spa nning tree . (Range: 0-409 4, no leadin g zero es) Default Set.
Command L ine Interface 4-178 4 show spanning-tree mst configura tion This c ommand shows the c onfigu ration of the multiple spanning tree. Command Mode Privileged Exec Example ----------------------.
VLAN Commands 4-179 4 VLAN Commands A VLAN is a gro up of ports that ca n be located anywher e in the netwo rk, but comm unicate as t hough they belong to the same ph ysical segment .
Command L ine Interface 4-180 4 Example Related Commands show vlan (4-187) vlan This co mmand configur es a VLA N. Use the no form to restore th e default settin gs or de lete a V LA N. Syntax vlan vlan-i d [ name vlan -name ] media et hernet [ state { acti ve | suspend }] no vlan vlan-id [ nam e | state ] • vlan-i d - ID of con figured VL AN.
VLAN Commands 4-181 4 Configuring VLAN Inte rfaces interfac e vlan This comm and ente rs interface co nfigurat ion mode fo r VLANs, whic h is used to configur e VLAN parame ters for a ph ysical inter face. Syntax interf ace vlan vlan-i d vlan-id - ID of the configured VLAN.
Command L ine Interface 4-182 4 switchpo rt mode This comm and conf igures the VLAN me mbersh ip mode for a por t. Use the no form to restor e the defaul t. Syntax switchport mode { trunk | hyb rid | pri vate- vl an } no switchport mode • trunk - Spe cifies a por t as an end-poi nt for a V LAN trun k.
VLAN Commands 4-183 4 Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage When set to receive all frame types , any receiv ed frames t hat are un tagged are assigne d to the defau lt VLAN.
Command L ine Interface 4-184 4 Example The follow ing exam ple shows how to set the i nterface to port 1 and then enable ingress fil tering: switchpo rt native v lan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to rest ore the d efault.
VLAN Commands 4-185 4 switchpo rt allowe d vlan This c ommand conf igures V LAN gr oups on the se lected interfac e. Us e the no form to restor e the defaul t. Syntax switchpo rt allow ed vlan { add vlan-list [ t agged | untagged ] | remo ve vlan -li st } no switchp ort allow ed vlan • add vlan-l ist - Lis t of VLA N ide nti fier s t o add .
Command L ine Interface 4-186 4 switchpo rt forbidden vlan This c ommand configur es forbi dden V LANs. Use th e no form to re move the list of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan -list | remove vlan-list } no switchp ort forbi dden vlan • add vlan-l ist - Lis t of VLA N ide nti fier s t o add .
VLAN Commands 4-187 4 show vl an This c ommand shows VLAN inform ation. Syntax show v lan [ id vlan-id | name vlan -na me | priv ate- vlan priv ate-vlan -type ] • id - Key word to be foll owed by the VLAN ID. - vlan-i d - ID of the c onfigure d VLAN.
Command L ine Interface 4-188 4 Configuring Pri vate VLANs Private VLA Ns prov ide port-bas ed secu rity and isolat ion betwee n ports within the assign ed VLAN. Thi s switch sup ports two types of private VLAN s: primary/ secondar y asso ciated gro ups, and stand-alo ne isolate d VLANs.
VLAN Commands 4-189 4 3. U se th e switc hport m ode private-vl an c omman d to config ure ports as promiscuous (i .e., havi ng access to all ports in the primary VLAN) or host (i. e., comm unity port). 4. U se th e switc hport private-vlan host-associati on command to as sign a por t to a secondar y VLAN.
Command L ine Interface 4-190 4 an asso ciated “prim ary” V LAN tha t cont ains p romiscu ous por ts. Wh en us ing an isolat ed VLAN, it mus t be con figured to contai n a sin gle prom iscuous port. • Por t membe rship for pri vate VLANs is static.
VLAN Commands 4-191 4 switchpo rt mode priv ate-vlan Use this com mand to set the pri vate VLAN mode fo r an interfac e. Use the no form to restore t he default setting.
Command L ine Interface 4-192 4 Command Mode Interfa ce Configur ation (Eth ernet, Por t Channel ) Command Usage All ports assign ed to a seco ndary (i.e., co mmunit y) VLAN ca n pass traffic between group m embers, but must co mmuni cate with resource s outside of th e group via pr omiscuou s ports in the ass ociated pr imary VLAN .
VLAN Commands 4-193 4 switchpo rt private-v lan mapping Use this com mand to m ap an interfac e to a primary VLAN. Use th e no form to remov e this mapp ing. Syntax swit chpor t pr ivat e-vl an ma pping pr imar y-vl an-i d no switchp ort privat e-vlan map ping primary-vlan-id – ID of primary VLAN.
Command L ine Interface 4-194 4 Example GVRP and Bridge Extens ion Commands GARP VL AN Regist ration Pro tocol define s a way for sw itches to ex change VLA N inform ation in order to automa tically regis ter VLAN mem bers on int erface s across the netwo rk.
GVRP and Bridge Exten sion Commands 4-195 4 Example show bridg e-ext This comm and show s the con figuratio n for bridge ext ension comma nds. Default Sett ing None Command Mode Privileged Exec Comman.
Command L ine Interface 4-196 4 show gv rp configuration This c ommand shows if G VRP is enabl ed. Syntax show g vrp configur ation [ in terface ] inte rface • etherne t unit / port - unit - This is unit 1.
GVRP and Bridge Exten sion Commands 4-197 4 Command Usage • Gro up Ad dress Registrati on Protoc ol is u sed by GVR P and GMRP to r egister or deregi ster cl ient att rib utes for cli ent servi ces wit hin a bri dged L AN. The default v alues for the G ARP tim ers are inde pendent of the media ac cess metho d or data rate.
Command L ine Interface 4-198 4 Related Commands garp time r (4-19 6) Priority Commands The comm ands des cribed in this sect ion allow yo u to specif y which data pack ets have grea ter preced ence whe n traffic is buffered in the switch du e to conges tion.
Priority Commands 4-199 4 queue mod e This comm and sets the que ue mo de to strict pri ority or Weighted Round- Robin (WR R) for the clas s of servi ce ( CoS) pri orit y que ues.
Command L ine Interface 4-200 4 Default Sett ing The priorit y is not set, and the de fault val ue for untagged frames re ceived on the inter face is zero .
Priority Commands 4-201 4 Command Mode Global Co nfigurat ion Command Usage WRR co ntro ls ban dwid th s hari ng at th e egre ss por t by de fini ng sch edul ing weights.
Command L ine Interface 4-202 4 Command Usage • CoS value s assigne d at the ingres s port are al so used at the e gress por t. • Thi s comman d sets th e CoS priority for all interface s.
Priority Commands 4-203 4 Example show que ue cos-map This co mmand sho ws the cla ss of se rvice pr iori ty map. Syntax show q ueue cos-ma p [ interface ] inte rface • etherne t unit / port - unit - This is unit 1.
Command L ine Interface 4-204 4 Priority Comma nds (Layer 3 and 4) map ip port (Gl obal Co nfiguratio n) This co mmand en ables I P port mapping (i.e., class of ser vice map ping f or TCP/UDP socke ts).
Priority Commands 4-205 4 map ip port (Inte rface Confi guratio n) This command set IP p ort priority ( i.e., TCP/UDP port priority). Use the no form to remove a sp ecific setti ng. Syntax map ip port port numb er cos co s-va lue no map ip port por t-numb er • port -num be r - 1 6-bit T CP/UDP port number .
Command L ine Interface 4-206 4 Example The follow ing exam ple shows how to enabl e IP precede nce m apping glob ally: map ip pr ecedence (Interface Configu ration) This co mmand sets IP prec edence p riority (i. e., IP T ype of Service p riority). U se the no form to restore the default t able.
Priority Commands 4-207 4 map ip ds cp (Globa l Config uration) This comm and enabl es IP DSC P mappi ng (i.e., Differenti ated Services Code Poi nt mapping) .
Command L ine Interface 4-208 4 Default Sett ing The DS CP def ault valu es are de fin ed in the fol lowi ng t abl e. Not e that al l the DSCP values t hat a re not specified are m apped to CoS val ue 0.
Priority Commands 4-209 4 Default Sett ing None Command Mode Privileged Exec Example The follow ing shows t hat HTTP traffic ha s been map ped to CoS val ue 0: Related Commands map ip port ( Global Configuratio n) (4-204) map ip port (Interface Configurat ion) (4-2 05) show ma p ip precede nce This comm and show s the IP prec edenc e priority map .
Command L ine Interface 4-210 4 Example Related Commands map ip port ( Global Configuratio n) (4-204) map ip prec edence (I nterface Configurat ion) (4-2 06) show ma p ip dscp This command shows th e IP DSCP priority map . Syntax show m ap ip dscp [ interf ace ] inte rface • etherne t unit / port - unit - This is unit 1.
Multicas t Filtering C ommands 4-211 4 Example Related Commands map ip dscp ( Global Co nfigurat ion) (4-20 7) map ip d scp ( Int erfac e Co nfi gura tion ) (4 -207 ) Multicast Filtering Comma nds This switc h uses IGM P (Internet Gr oup Mana gement Protocol ) to query for an y attached ho sts that want t o rece ive a s pecific multicas t se rvice.
Command L ine Interface 4-212 4 ip igmp sn ooping This comm and enables I GMP sn ooping o n this swi tch. Use t he no form to disa ble i t. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfigurat ion Example The follow ing exam ple enable s IGMP sno oping.
Multicas t Filtering C ommands 4-213 4 Command Mode Global Co nfigurat ion Example The follow ing shows h ow to staticall y configur e a multicas t group on a port: ip igmp sn ooping v ersion This c ommand config ures the IGM P snoo ping v ersion. Use the no form to restor e the defaul t.
Command L ine Interface 4-214 4 Default Sett ing Disabled Command Mode Interface C onfigur ation (VLAN) Command Usage The IGM P snoop ing immed iate-le ave featur e enabl es a Layer 2 LAN int erface to be r emoved fr om th e mul tic ast forw ardi ng t abl e wi thout fi rst send ing an IGMP g roup -specific query to the interfac e.
Multicas t Filtering C ommands 4-215 4 Syntax show m ac-add ress-table mul ticast [ vl an vlan-id ] [ user | igmp - snooping ] • vlan-i d - VLAN ID (1 to 4094 ) • user - Display onl y the user-c onfigure d multic ast entries. • igmp-snooping - Display onl y entries lear ned throug h IGM P snoopin g.
Command L ine Interface 4-216 4 IGMP Query Commands (Layer 2) ip igmp sn ooping qu erier This co mmand enables the sw itch as an IG MP quer ier . Use the no form to disable it.
Multicas t Filtering C ommands 4-217 4 Default Sett ing 2 times Command Mode Global Co nfigurat ion Command Usage The que ry coun t de fines ho w long the q uerier waits for a res ponse f rom a multicas t client befor e taking a ction.
Command L ine Interface 4-218 4 ip igmp sn ooping qu ery-max-re sponse-time This c ommand conf igures t he que ry rep ort de lay . U se the no form to restor e the default. Syntax ip igmp s nooping query-max -respons e-time seconds no ip igmp snooping que ry-max-respon se-time seconds - The report delay a dvertised in IGMP queries.
Multicas t Filtering C ommands 4-219 4 Default Sett ing 300 secon ds Command Mode Global Co nfigurat ion Command Usage The swit ch must use I GMPv2 for thi s command to t ake ef fect.
Command L ine Interface 4-220 4 Command Usage Depend ing on your net work conn ection s, IGMP snooping ma y not alway s be able to loca te the IGMP querier .
Multicas t Filtering C ommands 4-221 4 IGMP Filterin g and Throttling Commands In certain swit ch applica tions, th e administr ator may want to contr ol the mul ticast services t hat are avai lable to en d users. For exampl e, an IP/TV ser vice based on a specific subscripti on plan.
Command L ine Interface 4-222 4 • IG MP filtering and throttlin g only appli es to dyna mically lear ned multic ast groups, it does not appl y to statica lly configu red group s. • The IG MP fil teri ng fe atur e oper ates in the sa me manne r whe n MVR is used to f orw ard the mu lti cast tra ffi c.
Multicas t Filtering C ommands 4-223 4 Command Usage • Eac h profile has only one ac cess mod e; either permit or deny . • W hen th e acces s m ode is s et to perm it, IGMP join reports are proces sed when a mul ticast grou p falls within t he contr olled rang e.
Command L ine Interface 4-224 4 Default Sett ing None Command Mode Interfa ce Configur ation Command Usage • The IGMP filtering pro file must first be c reated wi th the ip igmp profil e comm and befor e being ab le to assign it to an interfa ce. • O nly one prof ile can be as signed to an i nterface .
Multicas t Filtering C ommands 4-225 4 Example ip igmp ma x-groups acti on This comm and se ts the IGMP throt tling action for an inter face on the sw itch. Syntax ip igmp max-g roup s acti on < re place | deny > • replace - The new mul ticast gro up replaces an existin g group.
Command L ine Interface 4-226 4 Command Mode Privileged Exec Example show ip igmp profile This comm and disp lays IGMP f iltering prof iles crea ted on the sw itch. Syntax show ip igmp profile [ profile-numbe r ] profile-number - An existing IGMP filter profile number .
Multicas t Filtering C ommands 4-227 4 • port-chann el cha nnel-id (Rang e: 1-4) Default Sett ing None Command Mode Privileged Exec Command Usage Usi ng t his comma nd wit hout spe cif yin g an i nter fac e di spla ys al l in ter fac es.
Command L ine Interface 4-228 4 mvr (Global Configu ration) This comm and enabl es Multic ast VLAN Registrat ion (MVR ) globally on the switch, statically co nfigures MVR mul ticast group IP addres s(es) usin g the group keyw ord, or specifie s the MVR VLA N identi fier using the vlan key word.
Multicas t Filtering C ommands 4-229 4 mvr (Interfa ce Configu ration) This comm and conf igures an in terface as an MVR rece iver or sour ce port us ing the type keyw ord, en ables imme diate leav e capabilit y using the immediate keywo rd, or configur es an interfac e as a static m ember of the M VR VLAN usi ng the group keywor d.
Command L ine Interface 4-230 4 respons e to det ermine if there are a ny rem aining sub scribers for that mu lticast group bef ore remov ing the port from the gro up list.
Multicas t Filtering C ommands 4-231 4 Command Usage Ent er t his c omman d wi thout any keyw ords to disp lay the glob al s etti ngs f or MVR. U se t he interface keyword to display inf ormati on about int erfaces attached to the M VR VLAN. Or use the members keyword to dis play inform ation about m ulticast gr oups assigne d to the MVR VLAN.
Command L ine Interface 4-232 4 The follow ing shows i nformat ion abou t the interface s asso ciated wit h multicas t groups assign ed to the MVR VLAN: Domain Name Service Commands Thes e comma nds ar e used t o conf igur e Domai n Nami ng Syst em (DN S) ser vice s.
Domain Name Se rvice Command s 4-233 4 ip host This comm and crea tes a static en try in the DNS table that maps a host name to an IP ad dres s. Use t he no f orm to remove a n entry . Syntax [ no ] ip host name ad dress1 [ ad dres s2 … ad dress8 ] •n a m e - Name of t he host .
Command L ine Interface 4-234 4 • * - Removes a ll entries. Default Sett ing None Command Mode Privileged Exec Example This examp le clea rs all static entries fro m the DNS table. ip domai n-name This comm and define s the def ault doma in name a ppended t o incompl ete host names ( i.
Domain Name Se rvice Command s 4-235 4 ip do main-lis t This comm and de fines a list of do main nam es that ca n be append ed to inco mplete host nam es (i.e., ho st name s passed from a cl ient that ar e not form atted with dotted notation). Use the no form to remove a name from this list.
Command L ine Interface 4-236 4 ip name- server This comm and specifies t he addre ss of one or mor e domain n ame ser vers t o use for name-to -addres s resolu tion.
Domain Name Se rvice Command s 4-237 4 Default Sett ing Disabled Command Mode Global Co nfigurat ion Command Usage • At least one nam e serve r must be spe cified befor e you can en able DNS . • If all name serve rs are deleted, DNS will automatically be disabled.
Command L ine Interface 4-238 4 show dns This comm and disp lays the con figura tion of the DN S servic e. Command Mode Privileged Exec Example show dns cache This comm and disp lays ent ries in th e DNS cache . Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.
Domain Name Se rvice Command s 4-239 4 clear dns cache This comm and clea rs all entries in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache NO FLAG T.
Command L ine Interface 4-240 4 DHCP Commands Thes e comma nds ar e used t o conf igur e Dynam ic Hos t Conf igur ati on Pro toc ol (DHCP) relay and Option 82 fu nctions.
DHCP Command s 4-241 4 ip dhcp r elay in formation pol icy This command sets the DHCP snooping informa tion option polic y for DHCP client packets that i nclude Optio n 82 i nformat ion.
Command L ine Interface 4-242 4 Usage Guidelines Y ou must specify the I P address for at least one DHCP ser ver . Otherwi se, the switch’ s DHCP relay agent will not o perate and all DHCP request and reply packets will b e flo oded to the entire V LAN.
IP Interface Command s 4-243 4 IP Interface Commands An IP addre sses ma y be used for manage ment acces s to the swi tch over you r network . The IP add ress for this switch is obtain ed via DHC P by default .
Command L ine Interface 4-244 4 Command Usage • You must ass ign an IP ad dress to this dev ice to gain man agemen t acce ss over the net work. Yo u can manu ally conf igure a spec ific IP ad dress, or dir ect the device to o btain an address from a BOOTP or DHCP server.
IP Interface Command s 4-245 4 Example The follow ing exam ple defines a d efault gat eway for this device: Related Commands show ip red irec ts (4-2 46) ip dhcp r estart This command submit s a BOOTP or DHCP client request.
Command L ine Interface 4-246 4 Example Related Commands show ip red irec ts (4-2 46) show ip redirects Thi s com mand s hows the defa ult g atew ay co nfi gured for thi s dev ic e.
IP Interface Command s 4-247 4 - Normal resp onse - The norm al respons e occurs i n one to ten sec onds, dependi ng on netwo rk traf fic. - Destin ation does no t respon d - If the host do es not res pond, a “tim eout” appears in ten sec onds.
Command L ine Interface 4-248 4 Switch Cluster Command s Switch Clustering is a met hod of grouping swi tches to gether to en able cent ralized manage ment thro ugh a sing le unit. A switch cluster has a “Comm ander” un it that is used to manag e all oth er “Mem ber” s witches in t he clu ster .
Switch Clust er Command s 4-249 4 Example cluster commander This comm and enabl es the swi tch as a clus ter Com mander. Use the no form to disable t he switch as cluster Command er .
Command L ine Interface 4-250 4 Command Usage • An “ internal” IP address pool is used to as sign IP ad dresses to Member switch es in the clus ter. Inter nal cluste r IP address es are in the form 10. x.x.memb er-ID . Only the base IP ad dress of the pool need s to be se t since Memb er IDs can on ly be between 1 and 36.
Switch Clust er Command s 4-251 4 Command Mode Privileged Exec Command Usage • Thi s comman d only ope rates thro ugh a Teln et connec tion to the C ommande r switch . Managin g cluste r Member s using the l ocal cons ole CLI on the Comma nder is no t supporte d.
Command L ine Interface 4-252 4 show cluster candidat es This c omman d show s the disco vered Candidat e sw itches in the n etwor k. Command Mode Privileged Exec Example Console#show cluster candidat.
A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802.1X), HTTPS, SSH , Port Security Acce ss Cont rol List s IP , MA C ( up to 88 li sts) DHCP Cli.
Software Specifi cations A-2 A Addi tio nal Feat ures BOOTP client SNTP (Simpl e Network Time Protocol) SNMP (Si mple Netwo rk Manag ement P rotocol) RMON (R emote M onitoring , groups 1,2,3 ,9) SMTP .
Management Inf ormation Bases A-3 A Management Information Bases Bridge MIB (R FC 1493) Entity MI B (RFC 2737) Ether-l ike MIB (RFC 2 665) Extende d Bridge MIB (RF C 2674) Extensible SNMP Age nts MIB .
Software Specifi cations A-4 A.
B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Inter face T able B -1 T roubles hoot ing C hart Sympt om A ctio n Cannot co nnect using T elne t, web brow ser, or SNMP software • Be sure the s witch i s powered up. • Ch eck netwo rk cabl ing bet ween the manag ement sta tion an d the s witch.
T roubleshooti ng B-2 B Using System Logs If a fau lt does occu r , re fer to the I nstallati on Guide to ensure that the problem you encount ered is act ually cause d by the sw itch. If the pr oblem app ears to be c aused by th e swit ch, fol lo w these st ep s: 1.
Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can li mit net work traf f ic and restri ct ac cess t o cert ain users or devi ces by checkin g each packet for certain IP or MAC (i.
Glossar y Glossar y-2 GARP VLAN Registration Protoco l (GVRP) Defines a way for swit ches to exc hange V LAN inform ation in orde r to register necessa ry VLAN m embers o n ports along t he S panning Tree so that VLAN s define d in each swi tch can wo rk automa tically over a S panning Tree network.
Glos sary -3 Glossar y IGMP Snoo ping Listenin g to IGMP Query and IGMP Repo rt packets transferred betwee n IP Multicas t Routers and IP Mul ticast ho st groups to ident ify IP Mu lticast gro up mem bers.
Glossar y Glossar y-4 MD5 Mes sage-Dige st Algorithm An algo rithm that is used to creat e digital signature s. It is intended for use with 32 bit machines and is saf er than the MD 4 algorithm , whic h has been br oken.
Glos sary -5 Glossar y Remote Monitorin g (RMON) RMON pr ovides comprehens ive net work mon itoring capabi lities. It elim inates the polling requ ired in standar d SNMP , and can set alarm s on a variety of traffic conditi ons, including spe cific error types.
Glossar y Glossar y-6 User Datagram Protocol (UDP) UDP provide s a datagram mode for pack et-switched com municat ions. It uses IP as the under lying trans port mech anism to provide ac cess to IP-li ke service s. UDP packets are deli vered just like IP packets – co nnection- less datagra ms that m ay be discarded before r eaching their targets.
Index-1 Numerics 802.1X, por t authe ntication 3-68 A accepta ble fram e type 3-150, 4-18 2 Acce ss Cont rol List See ACL ACL Ext ended IP 3-83, 4 -10 2, 4-10 3, 4-105 MAC 3-83, 4- 102, 4 -11 0, 4-110.
Index-2 Index G GARP VLAN Registration Protocol See GVRP gateway , default 3-14, 4- 245 GVRP global s etting 4-194 interface co nfigurat ion 3-150, 4-19 5 GVRP, global setti ng 3-142 H har dware ver sion , di spla ying 3-11, 4-68 HTTPS 3-59, 4-32 HTT PS, se cur e serv er 3-59, 4- 32 I IEEE 802.
Index-3 Index path c ost 3 -120, 3-128 metho d 3-12 4, 4-1 65 STA 3-120, 3-12 8, 4-165 por t auth enti cati on 3-68 port pri ori ty configur ing 3 -158, 4-198 default ing ress 3-158, 4-199 STA 3-129, .
Index-4 Index T TACACS +, logon auth entica tion 3- 56, 4-81 time, setti ng 3-35, 4-54 traffic clas s weigh ts 3- 163, 4-2 00 trap ma nager 2-7, 3-41, 4-120 troubles hooting B- 1 trun k configur ation.
.
ES352 6XA ES355 2XA E1220 06-CS -R02 D 149100 00550 0H.
Een belangrijk punt na aankoop van elk apparaat Accton Technology ES3526XA (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Accton Technology ES3526XA heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Accton Technology ES3526XA vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Accton Technology ES3526XA leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Accton Technology ES3526XA krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Accton Technology ES3526XA bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Accton Technology ES3526XA kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Accton Technology ES3526XA . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.