Accton Technology ES3528M-SFP Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Accton Technology ES3528M-SFP an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Accton Technology ES3528M-SFP, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Accton Technology ES3528M-SFP die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Accton Technology ES3528M-SFP. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung Accton Technology ES3528M-SFP sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Accton Technology ES3528M-SFP
- Den Namen des Produzenten und das Produktionsjahr des Geräts Accton Technology ES3528M-SFP
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Accton Technology ES3528M-SFP
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Accton Technology ES3528M-SFP zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Accton Technology ES3528M-SFP und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Accton Technology finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Accton Technology ES3528M-SFP zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Accton Technology ES3528M-SFP, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Accton Technology ES3528M-SFP widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    P owered by Accton www .edge-core.com Manage ment G uide ES3528M -SFP Fast Et hernet Swi tch[...]

  • Seite 2

    [...]

  • Seite 3

    Manage ment Guide Fast Ethernet Switch Laye r 2 Workgr oup Switch with 24 1 00BASE-B X (SFP) P orts, 2 1000B ASE-T (RJ -45) and 2 Com bination G igabit (RJ -45/SFP) P orts[...]

  • Seite 4

    ES352 8M-SFP E12200 7-DG-R0 1 1491000 35500A[...]

  • Seite 5

    v About This Gui de Purp ose This guide gives specific information on how to operate and use the management functions of the s witch. Audience The guide is intended for use by network admin istrators who are responsible for operating and maintaining net work equipment; consequently , it assume s a basic working knowledge of general switch functions[...]

  • Seite 6

    vi[...]

  • Seite 7

    i Contents Chapter 1: Introduc tion 1-1 Key Featu res 1-1 Descripti on of Software Features 1-2 Sys tem Def aults 1-6 Chapter 2: Initial Configuration 2-1 Connectin g to the Swit ch 2-1 Config uration O ptions 2-1 Requi red Connect ions 2-2 Remo te Co nnect ions 2-3 Basi c Confi gurati on 2-3 Conso le Conn ection 2-3 Setting Pa sswords 2-4 Sett ing[...]

  • Seite 8

    Contents ii Savi ng or Resto ring Con figuration Setting s 3-21 Downloa ding Confi guration Se ttings from a Server 3-22 Console Port Setti ngs 3-23 Telnet Setti ngs 3-25 Confi guring Eve nt Loggin g 3-28 Displ aying Lo g Messages 3-28 System Log Configurati on 3-28 Remot e Log Confi guration 3-30 Simple M ail Trans fer Protoco l 3-31 Resettin g th[...]

  • Seite 9

    Contents iii Config uring the SSH Se rver 3-74 Generati ng the Hos t Key Pair 3-75 Importing User Pub lic Keys 3-76 Config uring Port Se curity 3-80 Config uring 802 .1X Port Authen tication 3-81 Displayi ng 802 .1X Globa l Settings 3-83 Config uring 802.1 X Global Settings 3-83 Config uring Port Set tings for 8 02.1X 3-84 Displayi ng 802.1X Statis[...]

  • Seite 10

    Contents iv Setting S tatic Addre sses 3-133 Disp laying the Ad dress Tab le 3-134 Chang ing the Ag ing Time 3-136 Spanning Tree Algori thm Config uration 3-136 Displ aying Global S ettin gs 3 -138 Confi guring Gl obal Setti ngs 3-141 Displ aying Inter face S ettin gs 3-14 4 Confi guring Interfac e Settings 3-147 Confi guring Mu ltiple Spa nning Tr[...]

  • Seite 11

    Contents v Selectin g the Que ue Mode 3-195 Setting the Servic e Weight for Traffic C lasse s 3-1 95 Layer 3/ 4 Priority Se ttings 3-196 Mapping Layer 3/4 Priorities to CoS Values 3-196 Enabling IP DSCP Priority 3-197 Mapping DSCP Priority 3-198 Quality of Service 3-199 Config uring Quali ty of Servi ce Parame ters 3-200 Config uring a C lass Ma p [...]

  • Seite 12

    Contents vi Cluster M ember Con figuration 3-242 Cluster M ember In formation 3-243 Cluster C andida te Informat ion 3-243 UPnP 3 -245 UPnP C onfi gurati on 3-24 5 Chapter 4: Comma nd Line Interfa ce 4-1 Using the Comm and Line I nterface 4-1 Acces sing the CL I 4-1 Cons ole Connec tion 4-1 Telnet Co nnection 4-2 Entering C ommands 4-3 Keywo rds an[...]

  • Seite 13

    Contents vii reload 4- 24 reload c ancel 4-24 show relo ad 4-25 end 4- 25 exit 4- 26 quit 4- 26 System M anageme nt Comm ands 4-27 Devic e Designa tion Comm ands 4-27 prompt 4- 27 hostnam e 4-28 Banner 4- 28 banner c onfigure 4-29 banner c onfigur e company 4-30 banner c onfigure dc -power-info 4-31 banner c onfigur e departme nt 4-31 banner c onfi[...]

  • Seite 14

    Contents viii ip ssh s ave ho st-key 4- 52 show ip ssh 4-52 show ss h 4-53 show pub lic-key 4-54 Event Lo gging Commands 4-55 logging on 4-55 logging histo ry 4-56 logging host 4-57 logging facility 4-57 loggi ng tr ap 4-5 8 clear lo gging 4 -58 show log ging 4-59 show log 4-60 SMTP Alert Comma nds 4-61 logging send mail hos t 4-61 logging send mai[...]

  • Seite 15

    Contents ix jumbo fra me 4-84 Flash/ File Comman ds 4-85 copy 4- 85 delete 4- 88 dir 4-89 whic hboot 4-90 boot syste m 4-90 Authen tication Comm ands 4-91 Authentic ation Seq uence 4-91 authentic ation lo gin 4-92 authentic ation en able 4-93 RADIUS Client 4-94 radius-s erver host 4-95 radius-serv er acct-por t 4-95 radius-serv er auth-port 4-96 ra[...]

  • Seite 16

    Contents x dot1x p ort-control 4-114 dot1x o peration-m ode 4-115 dot1x re -authentic ate 4-115 dot1x re -authentic ation 4-116 dot1x ti meout qui et-period 4-1 16 dot1x ti meout re-a uthperiod 4-117 dot1x ti meout tx -period 4-117 dot1 x intrus ion- actio n 4-11 8 show dot1 x 4-118 Network Ac cess – MA C Address Authenticatio n 4-121 network -ac[...]

  • Seite 17

    Contents xi ip acce ss-group 4-143 show ip a ccess-group 4-144 MAC ACLs 4-144 access -list ma c 4-145 permit, d eny (MAC ACL) 4-146 show mac access -list 4-147 mac acces s-group 4-148 show mac access -group 4-148 ACL I nform ation 4-14 9 show access- list 4 -149 show acc ess-group 4-1 49 SNMP Comma nds 4-150 snmp- server 4 -151 show sn mp 4-151 snm[...]

  • Seite 18

    Contents xii Link Agg regatio n Comman ds 4-180 channe l-group 4-181 lacp 4 -182 lacp sy stem-pr iorit y 4-18 3 lacp a dmin-key (Etherne t Interface ) 4-184 lacp a dmin-key (Por t Channel) 4-185 lacp p ort-priority 4-186 show l acp 4- 186 Address Tab le Commands 4-190 mac-ad dress-tab le static 4-190 clear m ac-address -table dyn amic 4-191 show ma[...]

  • Seite 19

    Contents xiii show lld p info remote-devic e 4-213 show lld p info statistics 4-213 UPnP Comman ds 4-215 upnp de vice 4-2 15 upnp de vice ttl 4-216 upnp de vice adv ertise du ration 4-216 show upn p 4-217 Spanning Tree Comma nds 4-217 spanni ng-tree 4-2 18 spanni ng-tree mod e 4-219 spanni ng-tree forw ard-time 4-220 spanni ng-tree hel lo-time 4-22[...]

  • Seite 20

    Contents xiv vlan da tabase 4-242 vlan 4-2 43 Configuri ng VLAN In terfaces 4-2 44 inter face vlan 4-244 switchpo rt mode 4-245 switchpo rt accept able-frame -types 4-246 switchpo rt ingress -filtering 4-246 switchpo rt native vlan 4-247 switchpo rt allo wed vlan 4-248 switchpo rt forbidde n vlan 4-249 Display ing VLAN Inform ation 4-250 show vla n[...]

  • Seite 21

    Contents xv match 4-2 74 policy -map 4-2 75 class 4-2 76 set 4 -277 police 4-2 77 service -policy 4-2 78 show cla ss-ma p 4-279 show p olicy-map 4-279 show p olicy-map i nterface 4-280 Voice VLAN Comm ands 4-280 voice vl an 4-281 voice vl an aging 4-282 voice vl an mac-addres s 4-282 switchp ort voice vlan 4-283 switchp ort voice vlan r ule 4-284 s[...]

  • Seite 22

    Contents xvi show ip igmp pr ofile 4-302 show ip igmp thrott le inte rface 4-303 Multic ast VLAN Regis tration C ommands 4-304 mvr (Glob al Confi guration) 4-3 04 mvr (Int erface Confi guration) 4-305 show m vr 4-30 7 IP Interface Comm ands 4-309 ip addr ess 4-309 ip defa ult-gate way 4-310 ip dhcp rest art 4-31 1 show i p inte rface 4 -311 show ip[...]

  • Seite 23

    Contents xvii Appendix B: Troub leshooting B-1 Problems Accessing the Ma nagement Int erface B-1 Using Sys tem Logs B-2 Glossa ry Index[...]

  • Seite 24

    Contents xviii[...]

  • Seite 25

    xix Tabl es Table 1-1 Key Featu res 1-1 Table 1-2 System Defaults 1-6 Table 3-1 Configura tion Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-29 Table 3-5 Supported Notification Me ssages 3-47 Table 3-6 HTTPS Syste m Support 3-69 Table 3-7 802.1X Statistic s 3-87 Table 3-8 LACP Port Counters 3-120 Table 3-9 LACP Inte rnal Config ura[...]

  • Seite 26

    T ables xx Table 4-2 8 File Dire ctory Info rmation 4-89 Table 4-2 9 Authe ntication Command s 4-91 Table 4-3 0 Authe ntication Sequence 4-91 Table 4-31 RADIUS Client Comm ands 4-94 Table 4-3 2 TACACS Comma nds 4-98 Table 4-3 4 Port Se curity Comma nds 4-111 Table 4-3 5 802.1X Po rt Authentic ation 4 -112 Table 4-3 6 Network Acces s 4-121 Table 4-3[...]

  • Seite 27

    T ables xxi Table 4-74 Multic ast Filter ing Comma nds 4 -287 Table 4-75 IGMP Snoopi ng Com mands 4-287 Table 4-76 IGMP Query Command s (Layer 2 ) 4-292 Table 4-77 Static Multicast Routing Comma nds 4-295 Table 4-78 IGMP Fi ltering an d Throttlin g Command s 4-297 Table 4-79 Multic ast VLAN Regis tration C ommands 4-304 Table 4-80 show mvr - displa[...]

  • Seite 28

    T ables xxii[...]

  • Seite 29

    xxiii Figu res Figure 3-1 Home Page 3-2 Figure 3-2 Panel Displa y 3-3 Figu re 3- 3 S ystem Info rmati on 3 -12 Figure 3-4 Switch Informatio n 3-14 Figure 3-5 Bridge Extension Configurati on 3-15 Figure 3-6 Manual IP Configu ration 3-17 Figure 3-7 DHCP IP Configuration 3-18 Figure 3-8 Jumbo F rames C onfigurati on 3-19 Figure 3-9 Copy F irmware 3-20[...]

  • Seite 30

    Figures xxiv Figure 3-4 3 AAA Accoun ting Summary 3-66 Figure 3-44 AAA Authorization Setti ngs 3-67 Figure 3-45 AAA Authorization Exec Settin gs 3-68 Figure 3-46 AAA Authorization Summa ry 3-6 9 Figu re 3- 47 HTTPS Setti ngs 3 -70 Figu re 3- 48 HTTPS Setti ngs 3 -71 Figu re 3- 49 SSH S erver S etti ngs 3- 74 Figure 3-5 0 SSH Host-Ke y Settings 3-76[...]

  • Seite 31

    Figures xxv Figu re 3- 88 Confi guri ng Span ning T ree 3-1 43 Figure 3-89 Displayi ng Spanni ng Tree Port Informa tion 3- 146 Figure 3-90 Configu ring Spann ing Tree pe r Port 3-149 Figure 3-91 Configu ring Mul tiple Spann ing Trees 3 -150 Figure 3-92 Displayi ng MSTP Interface Settings 3-152 Figure 3-93 Displayi ng MSTP Interface Settings 3-155 F[...]

  • Seite 32

    Figures xxvi Figure 3-1 33 Static M ulticast Router Po rt Configurati on 3-218 Figure 3-1 34 IP Mu lticast Re gistration Table 3 -219 Figure 3-1 35 IGMP Mem ber Port Tabl e 3-220 Figure 3-1 36 Enabl ing IGMP Filtering and Throttl ing 3-221 Figure 3-1 37 IGMP Prof ile Conf iguration 3-223 Figure 3-1 38 IGMP Fi lter and Th rottling Port Configu ratio[...]

  • Seite 33

    1-1 Chapter 1: Introduction This switc h provides a b road range of fe atures for Layer 2 switching. It inc ludes a manage ment agent th at allows you t o configure th e features listed in this manua l. The defau lt configurat ion can be used for most of the feat ures provide d by this switch . However , there ar e many option s that you sho uld co[...]

  • Seite 34

    Introduction 1-2 1 Description of Software F eatures The sw itch prov ides a w ide range of adva nced pe rformance enhanc ing features . Flow cont rol eliminate s the loss of packets due t o bottlenecks caused by po rt satura tion. Broadcast storm suppr ession preven ts broadcast tra f fic stor ms from engu lfi ng th e n etwor k. Port -bas ed an d [...]

  • Seite 35

    Description of So ftware Feature s 1-3 1 Rate Limiting – This feat ure controls the maximu m rate for traffic receiv ed on an interface . Rate limitin g is configure d on interface s at the edge of a network to li mit traffic into the netw ork. Pac kets that e xceed the acceptabl e amount of traffic ar e dropped . Port Mirroring – The swi tch c[...]

  • Seite 36

    Introduction 1-4 1 seconds or mo re for the older IEEE 802.1D STP st andard. It is intended as a complet e replacemen t for STP , but can still in teroperate wi th switches r unning the older standa rd by automat ically reconfig uring ports to STP-com pliant mod e if they detect S TP prot ocol mess ages fro m attached devices. Multiple Spanning T r[...]

  • Seite 37

    Description of So ftware Feature s 1-5 1 Multicast Filte ring – S p ecific multicas t traffic can be assign ed to its own VLAN to ensure t hat it does not inter fere with norm al network traf fic an d to guarantee real-time delivery by setting t he required priority l evel for the designate d VLAN. T he switch uses IGMP Snoo ping and Que ry to ma[...]

  • Seite 38

    Introduction 1-6 1 System Defaults The switc h’s system defaul t s are pr ovided in the co nfiguration file “Fact ory_Defau lt_Config. cfg.” To rese t the switch defau lts, this file s hould be set as the start up configurati on file (page 3-2 1). The f ollo wing t abl e list s so me of th e basic sy stem defaul t s. T ab le 1-2 S ystem Defau[...]

  • Seite 39

    System Default s 1-7 1 Port Conf iguration Admin St atus Enabled Auto-neg otiation Enabl ed Flow Con trol Disabled Rate Limi ting Input limits Disabled Port Trunking Sta tic T runks None LACP (all ports) Disabled Broa dca st Sto rm Protection Status Enabled (all port s) Broadcas t Limit Rat e 64 kbits per s econd Span nin g T ree Algorithm Status E[...]

  • Seite 40

    Introduction 1-8 1 System L og Status Enabled Message s Logged Levels 0- 6 (all) Message s Logged to Flash Levels 0- 3 SMTP Em ail Alerts Event Ha ndler Enabled (but no se rver define d) SNTP Clock Synchroni zation Disabled NTP Clock Synchroni zation Disabled DHCP Sn ooping Status Disabled IP Source Guard Status Disabled (all por ts) IP Clusteri ng[...]

  • Seite 41

    2-1 Chapter 2: Initia l Configuration Connecting to the Switch Configurati on Options The switc h includes a buil t-in network m anagement agent. The ag ent offers a variety of m anagement options, i ncluding S NMP , RM ON (Groups 1, 2, 3 , 9) and a web-base d interface . A PC may also be con nected directl y to the switch for configur ation and mo[...]

  • Seite 42

    Initial Configur ation 2-2 2 • Configu re up to 8 static or LACP trunks • Enable po rt mirroring • Set br oadcast s torm c ontrol on any po rt • Displa y system inform ation and st atistics Required Connections The switch pr ovides an RS -232 serial por t that enables a co nnection t o a PC or termin al for monitoring an d configur ing the [...]

  • Seite 43

    Basic Co nfiguration 2-3 2 Remote Connections Prior to accessing the sw itch’s onboard agent v ia a net work conn ection, y ou must fi rst c onf igure it w ith a val id I P add ress , su bnet mask, and defa ult g atewa y us ing a console connection, DHCP or BOO TP protocol. The IP address f or this switch is obtained via DHCP by default. T o manu[...]

  • Seite 44

    Initial Configur ation 2-4 2 Setting Passwords Note: If this is yo ur first time to lo g into the CLI program, y ou should define new passwords for both default user names us ing the “u sername” command, record them and put them in a safe place . Passwo rds can consist of up to 8 alphanu meric cha racters and ar e case sensiti ve. T o pre vent [...]

  • Seite 45

    Basic Co nfiguration 2-5 2 Before y ou can assign an IP address to th e switch, you m ust obtain the fol lowing inform ation from your net work admi nistrator: • I P addr ess fo r the sw itch • Default ga teway for the ne twork • Network mask for thi s network T o assig n an IP address to the switch, complete th e following steps: 1. From the[...]

  • Seite 46

    Initial Configur ation 2-6 2 5. W ait a few minutes, an d then check the I P configurat ion settings by t yping the “show ip int erface” com mand. Pre ss <Enter>. 6. Then save y our config uration chang es by typing “co py running-co nfig startup-co nfig.” Enter the start up file name and pr ess <Enter >. Enabling SNMP Managemen[...]

  • Seite 47

    Basic Co nfiguration 2-7 2 The defa ult s tri ngs are: • public - with re ad-only access. A uthorized manageme nt statio ns are o nly able t o ret rieve MIB obje cts. • private - w ith read- write acces s. Author ized manag ement st ations are able to both ret rieve and modify MIB obje cts. T o preve nt unautho rized access to the swi tch from [...]

  • Seite 48

    Initial Configur ation 2-8 2 Configuring Acc ess for SNMP Vers ion 3 Clients T o configu re managem ent access for SNMPv3 cli ents, you need to first create a view tha t defines the po rtions of M IB that the cli ent can read or write, assig n the view to a group , and then assign the user to a group . The following ex ample creat es one view calle[...]

  • Seite 49

    Managing System Files 2-9 2 Managing System Files The s wit ch’ s fl ash memory supp ort s th ree type s of syste m fi les t hat can be mana ged by the CLI program, web interface, or SNMP . The switch’ s file system allows files to be upload ed and downlo aded, cop ied, deleted, a nd set as a start-up file. The thre e types of files are: • Co[...]

  • Seite 50

    Initial Configur ation 2-10 2[...]

  • Seite 51

    3-1 Chapter 3: Config urin g the Switc h Using the Web In terface This swit ch provi des an em bedded HT TP web ag ent. Usin g a web browser yo u can configur e the switch and view statistics to m onitor networ k activity . The web agent can be acce ssed by any computer on the network usi ng a standard web browser (Interne t Explorer 5.0 or a bove,[...]

  • Seite 52

    Configuri ng the Switch 3-2 3 Navigating the Web Brow ser Interface T o access the web-brow ser interfac e you must first enter a user nam e and password . The admin istrator has Read/Write access to all configur ation parame ters and statisti cs. The defaul t user name an d password for the admini strator is “ad min.” Home Page When you r web [...]

  • Seite 53

    Panel Displa y 3-3 3 Configurati on Options Configu rable parame ters have a dialo g box or a drop-down list. O nce a conf iguration change ha s been mad e on a page, be sure to cl ick on the Appl y button to conf irm the new set ting. The followi ng table summ arizes the web page c onfiguration buttons. Notes: 1. To ensure proper screen ref resh, [...]

  • Seite 54

    Configuri ng the Switch 3-4 3 Main Menu Using th e onboard web ag ent, you can de fine system parameters, ma nage and contro l the switch, and a ll its ports, or monitor netw ork condition s. The followi ng table briefly des cribes the sel ections avai lable from th is program. T ab le 3-2 Ma in Menu Menu Descr iption Page System 3-12 System Inform[...]

  • Seite 55

    Main Menu 3-5 3 Remote E ngine ID Sets the S NMP v3 e ngine ID for a remo te device 3-43 Users Configure s SNMP v 3 users on thi s switch 3-4 3 Remo te Us ers Confi gur es SNMP v3 use rs fr om a rem ote devi ce 3-45 Grou ps Conf igu res SN MP v3 gr oups 3-46 View s Confi gures SNMP v3 vie ws 3 -49 Security 3-5 1 User Acco unts Assigns a new passwo [...]

  • Seite 56

    Configuri ng the Switch 3-6 3 Informatio n Displays global c onfiguratio n settings for 802.1X P ort authentic ation 3-83 Configura tion Config ures the g lobal conf iguration setti ngs 3-83 Port Conf iguration Sets p arameters for individual ports 3-84 Statistics Displays p rotocol sta tistics for the select ed port 3-87 Web Auth entication 3-88 C[...]

  • Seite 57

    Main Menu 3-7 3 Port Neig hbors Info rmation Displays s ettings an d operatio nal state f or the remote side 3-124 Port Broa dcast Con trol Sets the b roadcast storm thre shold for e ach port 3-125 Trunk Bro adcast Co ntrol Sets t he broadc ast storm t hreshold for e ach trunk 3 -125 Mirror Port Configura tion Sets t he source and target po rts for[...]

  • Seite 58

    Configuri ng the Switch 3-8 3 GVRP Sta tus Enabl es GVRP on t he switch 3 -158 802.1Q T unnel Configura tion Enables 8 02.1Q (Q inQ) Tunneling 3-170 Basic Info rmation Displa ys informa tion on the VLAN type s upported b y this switc h 3-15 9 Current T able Shows the cu rrent port mem bers of each VL AN and whether or not the po rt is tagge d or un[...]

  • Seite 59

    Main Menu 3-9 3 Remote Port Informatio n Displays L LDP inform ation abo ut a remote d evice conn ected to a port on this switch 3-187 Remote Trunk Informat ion Dis plays LLD P informat ion about a re mote devic e connect ed to a trunk on this switc h 3-187 Remote In formation Details Displays detailed LLDP inf ormation a bout a remote device conne[...]

  • Seite 60

    Configuri ng the Switch 3-10 3 Static Multica st Router Port Configura tion Assigns ports that are atta ched to a neighborin g multicas t router 3-21 7 IP Multicast Reg istration Table Displays a ll multicas t groups a ctive on this s witch, inclu ding multicast IP address es and VL AN ID 3-218 IGMP Memb er Por t Tabl e Indic ates multi cast addr e[...]

  • Seite 61

    Main Menu 3-11 3 Membe r Co nfig urat ion A dds sw itch Memb ers to the cl us ter 3-242 Member I nformation Displa ys cluster Member sw itch informati on 3-243 Candidate Informati on Displays netw ork Cand idate switc h information 3-243 UPNP 3-245 Configura tion Enabl es UPNP a nd defines tim eout valu es 3 -245 T able 3 -2 Mai n Menu (Cont inued [...]

  • Seite 62

    Configuri ng the Switch 3-12 3 Basic Configuration Displaying Syste m Information Y o u can easily id entify the syst em by display ing the device name, loca tion and contac t informati on. Field Attributes • Syst em Name – Name assi gned to the swit ch system. • Object ID – MIB II object ID for switch’s netw ork manage ment subs ystem. ?[...]

  • Seite 63

    Basic Co nfiguration 3-13 3 CLI – S peci fy th e ho stnam e, l ocat ion and co nt act infor mat ion. Displaying Switch Hardware/ Software Versions Use the Sw itch Inform ation page to displa y hardware/ firmware ve rsion number s for the main board and management soft ware, as well as the power status of the s ystem. Field Attributes Main Boar d [...]

  • Seite 64

    Configuri ng the Switch 3-14 3 We b – Click System, Switch Information. Figure 3-4 Switch I nformatio n CLI – Use the foll owing comm and to displ ay version infor mation. Console#show version 4-83 Unit 1 Serial number: Hardware version: EPLD Version: 4.04 Number of ports: 28 Main power status: Up Redundant power status: Not present Agent (mast[...]

  • Seite 65

    Basic Co nfiguration 3-15 3 Displaying Bridge Extensi on Capabilities The Bridg e MIB includes ex tensions for m anaged dev ices that suppor t Multicast Fil ter ing, T raf fic Cl asses , and Vi rtu al L ANs. Y ou can acces s the se ex tens ions to dis play def ault se tti ngs for t he key va riabl es. Field Attributes • Extended Multicast Filteri[...]

  • Seite 66

    Configuri ng the Switch 3-16 3 CLI – Enter the fo llowing comm and. Setting the Switch’s IP Address Thi s sect ion desc ri bes how to conf igur e an IP int erf ace for manage ment ac ces s over the netwo rk. The IP address for th e stack is obtained via DHCP b y default. T o manuall y configure an address, you need to change the switch’s defa[...]

  • Seite 67

    Basic Co nfiguration 3-17 3 Manual Co nfiguration We b – Click Syst em, IP Configur ation. Select the VLAN through whi ch the manage ment station is attached , set the IP Addr ess Mode to “St atic,” ent er the IP address , subnet mask and gateway , then click Ap ply . Figure 3-6 Manu al IP Conf iguration CLI – S pecify the manageme nt inter[...]

  • Seite 68

    Configuri ng the Switch 3-18 3 Using DHCP/BOOTP If your network pr ovides DHCP/BOOTP services, you can configure the switch to be dyna mic ally co nfi gured by thes e serv ices . We b – Click Syst em, IP Configur ation. S pecify the VLAN to which the m anagement statio n is attached, set the IP Address Mode to DHCP or BOO TP . Click Apply to save[...]

  • Seite 69

    Basic Co nfiguration 3-19 3 We b – If the a ddress assigned by DHCP i s no longer functio ning, you will not be able to rene w the IP settings v ia the web inter face. Y ou can only restart DHC P service vi a the web interf ace if the curre nt address is st ill available. CLI – Enter t he following command t o rest art DHCP service. Enabling Ju[...]

  • Seite 70

    Configuri ng the Switch 3-20 3 • File Na me – The file name shoul d not contain slashes ( or / ), the leadi ng letter of the file n ame sh ould not be a period (.), and t he maximu m length f or file na mes on the TFTP ser ver is 127 char acters or 31 char acters for files on t he switch. (Val id cha ract ers: A -Z, a-z, 0-9, “. ”, “-”[...]

  • Seite 71

    Basic Co nfiguration 3-21 3 T o delete a fi le, select Syst em, File, Delete. Sele ct the file na me from the given li st by checki ng the tick box and click Apply . Not e that t he file currently designat ed as the startup code cannot be deleted. Figure 3-1 1 Deletin g Files CLI – T o downlo ad new firmw are form a TFTP se rver , e nter the IP a[...]

  • Seite 72

    Configuri ng the Switch 3-22 3 - tftp to f ile – Copies a f ile from a TFTP serve r to the switch . - tftp to r unning-config – Copies a file from a TFTP server to the r unning confi g. - tftp to sta rtup-config – Copies a file from a TFTP s erver to the star tup config. • TFTP Server IP Address – The IP address o f a T FTP server . • F[...]

  • Seite 73

    Basic Co nfiguration 3-23 3 Note: You can also select any c onfiguration file as the start-up configuration by using the System/File/Set Start-Up page. Figure 3 -13 Settin g the Star tup Config uration Setti ngs CLI – Enter the IP ad dress of the TFTP server, specify the s ource file on the ser ver , set the startup file name on th e switch, and [...]

  • Seite 74

    Configuri ng the Switch 3-24 3 system interface beco mes silen t for a specified am ount of time (s et by the Silen t Time para meter) before allowing the ne xt logon attem pt. (Range: 0-120; Default: 3 att empt s) • Sile nt T ime – Sets the amo unt of time the manageme nt console is inac cessible after the numbe r of unsucce ssful logon at tem[...]

  • Seite 75

    Basic Co nfiguration 3-25 3 CLI – Enter Line Co nfiguration m ode for the con sole, then spe cify the conne ction parameter s as required. T o di splay the curr ent console po rt settings, u se the show line command from the Norma l Exec level . Telnet Set tings Y ou ca n access t he onboard con figuration pr ogram over th e network using T elnet[...]

  • Seite 76

    Configuri ng the Switch 3-26 3 • Password Threshold – Sets the password intrus ion threshold, which limits the number of failed log on attempts. W hen the logon attempt t hreshold is re ached, the system interface beco mes silen t for a specified am ount of time (s et by the Silen t Time para meter) before allowing the ne xt logon attem pt. (Ra[...]

  • Seite 77

    Basic Co nfiguration 3-27 3 CLI – Enter Line Co nfigurati on mode for a virtua l terminal, the n specify the connection parameters as requir ed. T o display the current virtual termi nal setti ngs, use the sho w line comma nd fr om the No rmal Ex ec lev el . Console(config)#line vty 4-13 Console(config-line)#login local 4-13 Console(config-line)#[...]

  • Seite 78

    Configuri ng the Switch 3-28 3 Configuring Event Logging The sw itch allows y ou to cont rol the l ogging of er ror messag es, includ ing the typ e of events that are re corded in switc h memory , lo gging to a remote Sy stem Log (sysl og) server, and disp lays a list of rec ent event mes sages. Displaying Log Me ssages The Logs page al lows you to[...]

  • Seite 79

    Basic Co nfiguration 3-29 3 The Sys tem Logs page allow s you to config ure and limit sys tem messa ges that are logged to flash or RA M memory . The def ault is for eve nt levels 0 to 3 to be log ged to flash and l evels 0 to 6 to be logg ed to RAM. Command Attributes • Syst em Log St at us – Enables /disables the logging of debug or error mes[...]

  • Seite 80

    Configuri ng the Switch 3-30 3 CLI – Enable system logg ing and then specify the level of messa ges to be log ged to RAM an d flash memory . Use the show lo ggin g command to display the curr ent settings . Remote Log Configuration The Remot e Logs page allow s you to config ure the loggin g of messages t hat are sent to sysl og servers or other [...]

  • Seite 81

    Basic Co nfiguration 3-31 3 We b – Click Sy stem, Log, Remo te Logs. T o ad d an IP address to the Host IP List, type the new IP address in the Host IP Addres s box, and the n click Add. T o de lete an IP addr ess, click the ent ry in the Host IP List, and then cl ick Remove . Figure 3 -18 Rem ote Logs CLI – Enter the sy slog server hos t IP ad[...]

  • Seite 82

    Configuri ng the Switch 3-32 3 • Debuggin g – Sends a debu gging notif ication. (Leve l 7) • Infor mation – Sends info rmatative n otification only . (Level 6 ) • Notice – Sends notif ication of a normal b ut significant condition, s uch as a cold star t. ( Level 5) • War ni ng – S ends noti fic ation of a warn ing condi tio n suc h[...]

  • Seite 83

    Basic Co nfiguration 3-33 3 CLI – Enter the ho st ip addres s, followed by the mail severity le vel, source an d destinat ion email addr esses and e nter the sendm ail comma nd to complete t he action. Us e the show logg ing command to display SM TP information. Resetting the Syste m This feat ure restarts the sy stem. Y ou ca n reboot the s yste[...]

  • Seite 84

    Configuri ng the Switch 3-34 3 CLI – Us e th e reload comma nd to restart the sw itch. When prompted, co nfirm that you wan t to reset the sw itch. Note: When restarting the system, it will al ways run the Power-On Self-Test. It will also retain all configuration info rmation stored in non-volatile mem ory (See “Sa ving or Restoring Configurati[...]

  • Seite 85

    Basic Co nfiguration 3-35 3 Figure 3- 21 SNTP Configura tion CLI – This examp le configure s the switch to oper ate as an SNTP unicast client an d then displ ays the curren t time and set tings. Configuring NTP The NTP c lient allows yo u to configure u p to 50 NTP se rvers to poll f or time updat es. Y ou c an also enable authe ntication to ensu[...]

  • Seite 86

    Configuri ng the Switch 3-36 3 • Authen ticate K ey – Spec ifies the numb er of the key in the NT P Authentication Ke y List to use for authenticat ion with the conf igured serve r. The authe ntication key must matc h the key c onf igur ed o n the N TP s erver . • Key Number – A number t hat spec ifies a ke y value in the NTP Authentica tio[...]

  • Seite 87

    Basic Co nfiguration 3-37 3 CLI – Th is ex ampl e co nfig ures the swit ch t o ope rate as a n NTP cli ent and t hen displays the curr ent settings. Setting the T ime Zone SNT P uses Coor dina ted Unive rsal T i me (o r UTC, for merl y Gre enwic h Mea n T ime, or GMT) ba sed on the time at the Earth’s prime meridi an, zero degre es longitude , [...]

  • Seite 88

    Configuri ng the Switch 3-38 3 We b – Select SNTP , Clock T ime Zone. Set the of fset for y our time zone r elative to the UTC u sing either a pred efined or cust om definition, and click Appl y . Figur e 3- 23 Set ting t he Sys tem Cl ock CLI - This exampl e shows how to set the time zone for the sys tem clock us ing one of the pred efined time [...]

  • Seite 89

    Simple Networ k Management Protoco l 3-39 3 Access to the switch using f rom clients using SN MPv3 prov ides additiona l security features that cover mes sage integ rity , authen tication, and enc ryption; as we ll as cont rol lin g use r ac cess t o sp ecifi c ar eas of th e MIB tre e. The SNMP v3 secur ity structur e consists of secu rity mode ls[...]

  • Seite 90

    Configuri ng the Switch 3-40 3 • Community S tring – A commun it y stri ng that acts like a pa sswor d and pe rmi ts access t o the SNMP proto col. De faul t s trin gs: “public” (rea d-only), “pri vate” (read/w rite) Range: 1-32 characters, case sensitive • Access Mode - Read-Only – Specifies r ead-only a ccess. Author ized managem [...]

  • Seite 91

    Simple Networ k Management Protoco l 3-41 3 • Trap Version – Spe cifies wheth er to send notifications as SNMP v1, v2 c, or v3 traps. (Th e default is ve rsion 1.) • Trap Security Le vel – Specifies th e security level. • Enable Aut hentication Trap s – Issues a trap m essage wh enever an inv alid commu nit y st ring is s ubmi tted duri[...]

  • Seite 92

    Configuri ng the Switch 3-42 3 We b – Click SNMP , Agent S tatus. Figure 3-26 Ena bling SNM P Agent Statu s Configuring SNMPv3 Management Access T o config ure SNMP v3 man agem ent acce ss to t he swit ch, foll ow thes e step s: 1. If you wan t to change the de fault engine ID, it must be cha nged first befo re configur ing other param eters. 2. [...]

  • Seite 93

    Simple Networ k Management Protoco l 3-43 3 We b – Click SNMP , SNMPv3, Engine ID. Figure 3-2 7 Setting an Engin e ID Specifying a Remote Engin e ID T o send in form messa ges to an SNMPv 3 user on a rem ote device, yo u must first specify t he engine ident ifier for the SNM P agent on the r emote device where the user resid es. The remot e engin[...]

  • Seite 94

    Configuri ng the Switch 3-44 3 • Group Name – The name of the SNMP group to which th e user is assign ed. (Ran ge: 1- 32 cha rac ters ) • Model – Th e user secur ity model; SNM P v1, v2c or v3. • Level – The security level use d for the user: - noAuthNoPri v – There is no authe ntication or en cryption use d in SNMP comm unications. ([...]

  • Seite 95

    Simple Networ k Management Protoco l 3-45 3 We b – Click SNMP , SNM Pv3, Users. Click New to conf igure a user nam e. In the New Us er page, define a nam e and assign it to a gr oup, then cli ck Add to save the configur ation an d return t o the U ser Nam e list. T o delet e a u ser , check the box n ext to the user n ame, then click Delete. T o [...]

  • Seite 96

    Configuri ng the Switch 3-46 3 user res ides. The remot e engine ID is use d to compute th e security diges t for aut hent icat ing and en cry pting pa cket s sent t o a u ser on the remo te h ost. Command Attributes • User Name – The name of user c onnecting to the S NMP ag ent. (Ran ge: 1- 32 cha rac ters ) • Group Name – The name of the [...]

  • Seite 97

    Simple Networ k Management Protoco l 3-47 3 Command Attributes • Group Name – The name of the SNMP group to which th e user is assign ed. (Ran ge: 1- 32 cha rac ters ) • Model – Th e user secur ity model; SNM P v1, v2c or v3. • Level – The security level use d for the group: - noAuthNoPri v – There is no authe ntication or en cryption[...]

  • Seite 98

    Configuri ng the Switch 3-48 3 linkUp 1.3.6.1. 6.3.1.1.5. 4 A li nkUp trap signifies that the SNMP entity , acting in a n agent ro le, has de tected that th e ifOperSta tus object for one of its communic ation links left the do wn state and transitione d into som e other st ate (but not in to the notPre sent state ). This oth er state is indicated [...]

  • Seite 99

    Simple Networ k Management Protoco l 3-49 3 We b – Click SNMP , SNMPv3, Groups. Click New to configur e a new group. In th e New G roup page, define a na me, assi gn a secur ity model and lev el, and the n select read and write views. Click Add t o save the new group and return to the Groups list. T o delete a gr oup, check t he box next to the g[...]

  • Seite 100

    Configuri ng the Switch 3-50 3 • Type – Indica tes if the object identifier of a branc h within the MIB t ree is included or excluded from the SNMP view. We b – Click SNMP , SNMPv 3, V iews. Click New to configure a new view . In the New View page, defi ne a name an d specify O ID subtre es in the switc h MIB to be i ncluded or excluded in th[...]

  • Seite 101

    User Authenticati on 3-51 3 User Authentication Y o u can configur e this switch to au thentica te users loggi ng into the sys tem for manage ment acces s using local or remote authen tication met hods. Port-b ased authenti cation using IEE E 802.1X can al so be configur ed to control eithe r manage ment acces s to the uplink por ts or client acces[...]

  • Seite 102

    Configuri ng the Switch 3-52 3 We b – Click Sec urity , User Ac counts. T o configu re a new user acc ount, specify a user nam e, select the use r ’ s acc ess level, then e nter a password an d confirm i t. Click Add to save the new us er account and add it to the Acc ount List. T o change the password for a specific us er , ente r the user nam[...]

  • Seite 103

    User Authenticati on 3-53 3 Configuring Local/Remote Logon Authentication Use the Authent ication Setti ngs menu to res trict mana gement a ccess bas ed on specifie d user n ames and passwo rds. Y ou can manu ally configu re acc ess righ t s on the swit ch, or yo u ca n use a re mote acces s aut hent ica tion ser ver ba sed on RAD IUS or T A CACS+ [...]

  • Seite 104

    Configuri ng the Switch 3-54 3 Command Attributes • Authen tication – Sel ec t the aut hent icat ion, or a uthe nti cati on s equen ce requi red : - Local – User authenticatio n is performed only locally by the switch. - Radi us – Use r authentication is performed us ing a RADIUS server only . - TACACS – Use r authentication is performed [...]

  • Seite 105

    User Authenticati on 3-55 3 We b – Click Securit y , Authentication Settings. T o configure local or remo te authenti cation prefe rences, sp ecify the authen tication se quence (i.e. , one to three methods), fill in t he parameters f or RADIUS or T ACACS+ authentication if s elected, and click Ap ply . Figure 3- 34 Authen tication S ettings[...]

  • Seite 106

    Configuri ng the Switch 3-56 3 CLI – S pecify all th e required paramet ers to enable logon authen tication. Console(config)#authentication login radi us 4-92 Console(config)#radius-server auth-port 1 81 4-96 Console(config)#radius-server key green 4-96 Console(config)#radius-server retransmit 5 4-97 Console(config)#radius-server timeout 10 4-97 [...]

  • Seite 107

    User Authenticati on 3-57 3 Configuring Encry ption Keys The Enc ryption Key feat ure provides a c entral location f or the manage ment of all RADIUS and T ACACS+ server encryption keys. Command Attributes • RADIUS Settings - Global – Provides g lobally appl icable RADIU S encryption key settings. - ServerIndex – Speci fies one of five RADIUS[...]

  • Seite 108

    Configuri ng the Switch 3-58 3 AAA Authorization and Accounting The Auth enti cati on, aut hori zati on, a nd accou nti ng (A AA) feat ure provi des t he m ain framew ork for conf iguring acc ess control o n the switch. The three s ecurity funct ions can be sum marized as f ollows: • Authent ication — Iden tifies users t hat request acc ess to [...]

  • Seite 109

    User Authenticati on 3-59 3 Configuring AAA RADIUS Group Settings The AAA RAD IUS Group Set tings screen defi nes the config ured RADIUS servers to use for acco unting and au thorization . Command Attributes • Group Name - Defi nes a name for t he RADIUS ser ver group. (1- 255 character s) • Server Index - Spefie s the RADIUS server and seq uen[...]

  • Seite 110

    Configuri ng the Switch 3-60 3 We b – Click Secur ity , AAA , T ACAC S+ Group Settin gs. Enter the T ACA CS+ group name, followed by the n umber o f the s erver , then cl ick Add. Figure 3- 37 AAA T ACACS+ G roup Setti ngs CLI – S pecify the group name for a list of T ACAC S+ servers , and then speci fy the index numb er of a T AC ACS+ serve r [...]

  • Seite 111

    User Authenticati on 3-61 3 We b – Click Secur ity , AAA, Accounting, Settings. T o con figure a new acco unting metho d, specify a met hod name and a g roup name, th en click Add. Figure 3 -38 AAA A ccountin g Settings CLI – S pecify the accounting method requi red, followed by the chosen para meters. Console(config)#aaa accounting dot1x tps s[...]

  • Seite 112

    Configuri ng the Switch 3-62 3 AAA Accounting Up date This featu re sets the interval a t which accou nting updates are sent to acco unting serv ers. Command Attributes Periodic Updat e - Specifies the inter val at which th e local account ing service updates informa tion to the acc ounting serve r. (Rang e: 1-2147 483647 minutes; Def ault : Di sab[...]

  • Seite 113

    User Authenticati on 3-63 3 We b – Click Secur ity , AAA , Accounting, 802 .1X Port Settings. Enter the required account ing method an d click Apply . Figure 3-4 0 AAA Ac counting 802.1X P ort Settings CLI – S pecify the accounting method to apply t o the selected interface. AAA Accounting Exec Command Privileges This feat ure specifies a m eth[...]

  • Seite 114

    Configuri ng the Switch 3-64 3 We b – Click Secur ity , AAA , Accounting, C ommand Privi leges. Enter a defi ned metho d name for conso le and T elnet pr ivilege levels . Click Apply . Figure 3 -41 AAA Accountin g Exec Co mmand Priv ileges CLI – S pecify the accounting m ethod to use for console and T e lnet privilege l evels. Console(config)#l[...]

  • Seite 115

    User Authenticati on 3-65 3 AAA Accounting Exec Settings This featu re specifies a m ethod name to apply to cons ole and T elnet connections. Command Attributes Method Na me - Specifies a user defined met hod name to appl y to console and Telnet c onnection s. We b – Click Security , AAA, Accou nting, Exec Settings. Enter a defined method name fo[...]

  • Seite 116

    Configuri ng the Switch 3-66 3 We b – Click Security , AAA , Summary . Figur e 3- 43 AAA Accoun ting Summar y CLI – Use the foll owing comm and to displ ay the current ly applied acc ounting metho ds, and register ed users. Console#show accounting 4-110 Accounting Type : dot1x Method List : default Group List : radius Interface : Method List : [...]

  • Seite 117

    User Authenticati on 3-67 3 Authorization Settings AAA authoriza tion is a feature th at verifies a user has acc ess to specific services. Command Attributes • Method Na me – Specifies an authorization method for se rvice requests . The “ defa ult ” met hod is us ed for a re ques ted se rvi ce i f no ot her meth ods h ave be en defined. (Ra[...]

  • Seite 118

    Configuri ng the Switch 3-68 3 Authorization EXEC Settings This featu re specifies an au thorization method nam e to apply to con sole and T el net connect ions. Command Attributes Method Na me - Specifies a user -defined m ethod name to appl y to console and Telnet c onnection s. We b – Click Secur ity , AAA , Authorization, Exec Settings. Ente [...]

  • Seite 119

    User Authenticati on 3-69 3 We b – Click Secur ity , AAA , Authorization, Sum mary . Figure 3-46 AAA Authoriza tion Sum mary Configuring HTTPS Y ou ca n configur e the switch to e nable the Secur e Hypertext Transfer Proto col (HTTPS ) over the Secu re Socket Lay er (SSL), prov iding secure access (i.e., an encrypt ed connec tion) to the sw itch?[...]

  • Seite 120

    Configuri ng the Switch 3-70 3 • Change HTTPS Po rt Number – Specifies the UDP port number u sed for HTTPS connect ion to the switch ’s web inter face. (Defau lt: Port 443) We b – Click Security , H TTPS Setti ngs. Enable HTTPS and specify th e port numb er , then cli ck Apply. Figure 3-47 HTT PS Setting s CLI – This examp le enables the [...]

  • Seite 121

    User Authenticati on 3-71 3 • Source Certificate File Name – Speci fies the na me of ce rtificate fil e as stor ed on the TFTP serve r. • Source Private File Name – Specif ies the name of the private key f ile as stored on the TFTP ser ver. • Private Pas sword – The pa ssword for the pr ivate key file. We b – Click Security , HTTPS Se[...]

  • Seite 122

    Configuri ng the Switch 3-72 3 SSH-enabl ed manage ment station clien t s, and en sures that data traveling over t he net work ar riv es unal ter ed. Note: You need to install an SSH client on the management station to access the switch for management v ia the SSH protocol. Note: The switch supports both SSH Version 1.5 and 2.0 clients. Command Usa[...]

  • Seite 123

    User Authenticati on 3-73 3 4. Set the Optio nal Paramete rs – On the SSH Settings pa ge, configure the optional parameters, includ ing the authent ication timeou t, the number of retries, and the se rver key size. 5. Enable SSH Service – On the SSH Sett ings page, enabl e the SSH server on the switch . 6. Authen tication – One o f the follow[...]

  • Seite 124

    Configuri ng the Switch 3-74 3 Configuring the SSH Server The SSH se rver include s basic setti ngs for authent ication. Field Attributes • SSH Server Status – Allo ws you to enable/d isable the SSH server on the switch . (Def aul t: D isab led) • Version – The Secu re S hell vers ion number . Ve rsi on 2.0 is d isp laye d, b ut th e switch[...]

  • Seite 125

    User Authenticati on 3-75 3 CLI – This examp le enables SSH, sets the authen tication paramete rs, and displays the cur rent configu ration. It shows th at the ad ministrator h as made a connec tion via SHH, and then disables th is connection. Generatin g the Host Key Pa ir A host pub lic/private ke y pair is used to p rovide sec ure commun icati[...]

  • Seite 126

    Configuri ng the Switch 3-76 3 We b – Click Securit y , SSH, Host-Key Settings. Sel ect the host-key type f rom the drop-down b ox, select the option to save the host key f rom memory to fla sh (if required ) prior to generat ing the key , an d then click G enerate. Figure 3 -50 SSH Host-Key Settings CLI – Th is e xampl e ge nera tes a hos t-ke[...]

  • Seite 127

    User Authenticati on 3-77 3 not exist on the switch, SSH will revert to t he interactiv e password auth entication mechani sm to complete authen tication . Field Attributes • Public-Key of user – The RS A and DSA pub lic keys for the select ed user. - RSA: The first field indic ates the size of th e host key (e.g., 1024), the seco nd field is t[...]

  • Seite 128

    Configuri ng the Switch 3-78 3 We b – Click Securit y , SSH, SSH User Public-Key Settings. Se lect the user name and the pu blic-key type from the respective drop- down boxes, inp ut the TFTP se rver IP addres s and the publi c key source file na me, and the n click Copy P ublic Key . Figure 3-5 1 SSH U ser Public -Key Setting s[...]

  • Seite 129

    User Authenticati on 3-79 3 CLI – Th is ex ampl e im port s an SSH v2 DSA pub lic k ey fo r th e us er adm in and th en displays admin’s importe d public keys . Console#copy tftp public-key 4-85 TFTP server IP address: 192.168.1.254 Choose public key type: 1. RSA: 2. DSA: <1-2>: 2 Source file name: admin-ssh2-dsa-pub.key Username: admin T[...]

  • Seite 130

    Configuri ng the Switch 3-80 3 Configuring Port Security Port securit y is a feature that allows you to co nfigure a switch port with one or mor e device MA C addresse s that are autho rized to acc ess the netw ork through th at port. When por t security is ena bled on a port, the switch stops lear ning new MAC address es on the speci fied port whe[...]

  • Seite 131

    User Authenticati on 3-81 3 We b – Click Security , Po rt Security . Set the action to take when an invalid address is detected o n a port, mark t he checkbox i n the S tatus column to enable securi ty for a port, set the maxim um numb er of MAC a ddresses al lowed on a port, and click Apply . Figure 3- 52 Config uring Por t Security CLI – This[...]

  • Seite 132

    Configuri ng the Switch 3-82 3 This switch uses the Extensible Authentic ation Protocol over LANs (EA POL) to exchan ge authent ication protocol message s with t he client, an d a remot e RADIUS authenti cation se rver to verify user ide ntity a nd access rights . When a clie nt (i.e., Supplican t) connects to a swi tch p ort, th e swi tch (i.e., A[...]

  • Seite 133

    User Authenticati on 3-83 3 Displaying 802 .1X Global Settings The 802. 1X pro toc ol pr ovi des c lien t au then tica tio n. Command Attributes • 802.1X Sy stem Authenti cation Control – The global settin g fo r 80 2.1X. We b – C lick Security , 80 2.1X, Informatio n. Figure 3 -53 802. 1X Global Informati on CLI – Th is ex ampl e sh ows th[...]

  • Seite 134

    Configuri ng the Switch 3-84 3 We b – Select Secur ity , 80 2.1X, Conf iguration. En able 802.1X globally for the switch, and click Ap ply . Figur e 3- 54 802. 1X Gl obal C onfig ura tion CLI – Th is e xampl e en able s 802 .1X gl obally for t he s witc h. Configuring Port Se ttings for 802 .1X When 802 .1X is enabl ed, you need to con figure t[...]

  • Seite 135

    User Authenticati on 3-85 3 • Re-authent ication Period – Set s the time per iod after whi ch a c onn ecte d cli ent must be r e-aut hent ic ated. (Ran ge: 1-655 35 s econd s; De faul t: 3 600 seconds) • Tx Perio d – Sets the time period d uring an a uthenticatio n session tha t the sw itch waits before re-transmitting an EAP packet. ( Rang[...]

  • Seite 136

    Configuri ng the Switch 3-86 3 CLI – This examp le sets the 802.1X parameters on port 2. For a description of the addition al fields displa yed in this examp le, see “show dot1x” on page 4-1 18. Console(config)#interface ethernet 1/2 4-166 Console(config-if)#dot1x port-control aut o 4-114 Console(config-if)#dot1x re-authenticatio n 4-116 Cons[...]

  • Seite 137

    User Authenticati on 3-87 3 Display ing 802.1X Statistics Thi s swit ch c an di spl ay st ati sti cs fo r do t1x pr otoc ol e xch anges for any po rt. T able 3-7 802.1X St atistics Paramete r Descrip tion Rx EAPO L Start T he numbe r of EAPO L Start frames that have been rec eived by this A uthentica tor . Rx EAPO L Logoff T he numbe r of EAPOL L o[...]

  • Seite 138

    Configuri ng the Switch 3-88 3 We b – Sel ect Securit y , 802. 1X, S tatistics. Selec t the require d port and then cli ck Query . Click Refresh to upd ate the statis tics. Figure 3-5 6 Displa ying 802.1 X Port Statis tics CLI – This examp le displays the 8 02.1X statistics for port 4. Web Authenticatio n Web authenti cation allow s stations to[...]

  • Seite 139

    User Authenticati on 3-89 3 Notes: 1. MAC authent ication, web authentication, 802.1X, and port sec urity cannot be configured together on the same port. Only one security mechanism can be applied. 2. RADIUS authentication m ust be activa ted and configured properly for the web authentication feature to work pr operly. (S ee “Configuring Local/Re[...]

  • Seite 140

    Configuri ng the Switch 3-90 3 CLI – This examp le globally enables the syst em authen tication cont rol, configur es the sess ion timeout, quiet period and logi n attempts, and dis plays the co nfigured global par ameters. Configuring We b Authenticatio n for Ports W eb aut hen ticat ion is co nfi gured on a per- port bas is. The foll owin g p a[...]

  • Seite 141

    User Authenticati on 3-91 3 CLI – This examp le enables web authenticat ion for etherne t port 1/5 and display s a summ ary of web auth entication parame ters. Displaying Web Authentication Port Information This switc h can displa y web authent ication inform ation for all po rts and connected hosts. Command Attributes • Inter face – Indicate[...]

  • Seite 142

    Configuri ng the Switch 3-92 3 We b – C lick Security , Web Authent ication, Port Informa tion. Figure 3- 59 Web A uthentica tion Port I nformation CLI – This examp le displays we b authenticat ion parameters f or port 1/5. Re-authentic ating Web Authe nticated Ports The switc h allows an adm inistrator to m anually force re -authenticat ion of[...]

  • Seite 143

    User Authenticati on 3-93 3 CLI – This examp le forces the r e-authentica tion of all hosts conne cted to port 1/ 5. Network Access – MAC Address Authent ication Some dev ices connec ted to switch po rts may not be able to support 802 .1X authenti cation due to ha rdware or softwar e limitations. This is oft en true for devices such as net work[...]

  • Seite 144

    Configuri ng the Switch 3-94 3 Configuring the MAC Authentica tion Reauthentic ation Time MAC ad dress authe ntication is conf igured on a pe r-port basis, how ever there ar e two conf igurable paramet ers that appl y globally to all po rts on the switch. Command Attributes • Authen ticated Age – The se cure MAC ad dress table ag ing time. This[...]

  • Seite 145

    User Authenticati on 3-95 3 • Maximum MAC Count – Sets the max imum numb er of MAC addr esses that can be authen ticated on a port . The maximu m number of MA C addresses per port is 2048, and the maximu m number of se cure MAC a ddresses sup ported for th e switch system is 1024 . When the limi t is reached, al l new MAC add resses are tre ate[...]

  • Seite 146

    Configuri ng the Switch 3-96 3 CLI – This examp le configure s MAC authen tication for po rt 1. Configuring Port L ink Detection The Port Lin k Detection feature can sen d an SNMP trap and/or shut down a port when a lin k event occurs. Command Attributes • Port – Ind icates the port b eing confi gured. • Status – Co nfigures wh ether Link[...]

  • Seite 147

    User Authenticati on 3-97 3 We b – Click Security , Network Acces s, Port Link Det ection Config uration. Modif y the S tat us, Con dit ion an d Acti on. Cl ick Ap ply . Figure 3-6 3 Networ k Access Port Link De tection Co nfiguratio n CLI – This exa mple configu res Port L ink Detection to send an SNMP trap for all link events on por t 1. Disp[...]

  • Seite 148

    Configuri ng the Switch 3-98 3 • Attribute – Indicates a st atic or dynam ic address. • Remove – Click the Remov e button to remo ve selected MAC address es from the secure M AC addres s table. We b – Click Security , Network Access, MAC Address Information. Restrict the displaye d address es by port, MAC Ad dress, or att ribute, then sel[...]

  • Seite 149

    Acces s Con trol Li sts 3-99 3 • Status – Indicat es whet her MAC A uthenticat ion is enab led or di sabled for the port. See “Conf iguring MAC Au thentication for Por ts” on page 3-94 . The following parame ters are unava ilable for mod ification if MAC Authenticati on is not enable d for the port . • Max MAC Count – The ma ximum allow[...]

  • Seite 150

    Configuri ng the Switch 3-100 3 Configuring Access Contr ol Lists An ACL is a seq uential list of permi t or deny condi tions that apply to IP addresses , MAC ad dresses, or ot her more sp ecific criteria. This switch tes ts ingress or egr ess packet s against the c onditions in an ACL o ne by one. A pack et will be accepted as soon as i t matches [...]

  • Seite 151

    Acces s Con trol Li sts 3-101 3 Figure 3- 66 Select ing ACL T ype CLI – This examp le creates a stand ard IP ACL nam ed david. Configuring a Standard IP ACL Command Attributes • Action – An ACL can con tain any comb ination of perm it or deny rules . • Address Typ e – Specifies the sour ce IP addr ess. Use “ Any” to include a ll possi[...]

  • Seite 152

    Configuri ng the Switch 3-102 3 Figure 3 -67 Conf iguring St andard IP ACLs CLI – This examp le configure s one permit rul e for the specific address 10.1 .1.21 and anoth er rule for the add ress range 1 68.92.16.x – 16 8.92.31. x using a bitmas k. Configuring an Extended IP ACL Command Attributes • Action – An ACL can con tain any comb ina[...]

  • Seite 153

    Acces s Con trol Li sts 3-103 3 • Control Code – Decim al number (re presenting a bit str ing) that specif ies flag bits in b yte 14 of th e TCP h ead er. ( Range : 0- 63) • Control Code Bit Mask – De cimal number representin g the code bits t o match. The con trol bitm ask is a decima l number (for an e quivalent binary b it mask) that is [...]

  • Seite 154

    Configuri ng the Switch 3-104 3 We b – Specify the action ( i.e., Permit or D eny). S pecify the sou rce and/or destinat ion addresses . Select the ad dress type (Any , Host, or IP) . If you select “Host,” enter a specific address. I f you s elect “IP ,” e nter a s ubnet ad dress and the mask for an address rang e. Set any other required [...]

  • Seite 155

    Acces s Con trol Li sts 3-105 3 Configuring a MAC ACL Command Attributes • Action – An ACL can con tain any comb ination of perm it or deny rules . • Source/D estination Add ress Type – Use “Any” to include al l possible ad dresses, “Host” to ind icate a specif ic MAC addre ss, or “MAC” t o specify an addr ess range with the Add[...]

  • Seite 156

    Configuri ng the Switch 3-106 3 We b – Specify the action ( i.e., Permit or D eny). S pecify the sou rce and/or destinat ion addres ses. Select the ad dress type (A ny , Host, or MAC ). If you select “Host,” enter a s pecific ad dress (e.g. , 1 1-22- 33-44-55- 66). If y ou select “ MAC,” en ter a base addr ess and a hex adecimal bit mask [...]

  • Seite 157

    Acces s Con trol Li sts 3-107 3 Command Attributes • Port – Fix ed port or SFP mod ule. (Range: 1-2 8) • IP – Specifies the IP ACL to bi nd to a port. • MAC – Specifies t he MAC ACL to bind t o a port. • IN – ACL f or ingr ess packe ts. We b – Click Secur ity , ACL, Port Binding. Clic k Edit to open the c onfiguration page for the[...]

  • Seite 158

    Configuri ng the Switch 3-108 3 an entry to a filter list, access to that interfa ce is restricted to the specified address es. • If anyone t ries to access a manageme nt interface on t he switch from an invalid address , the switch wi ll reject the conne ction, enter an e vent messa ge in the system lo g, and send a trap message to the trap mana[...]

  • Seite 159

    Acces s Con trol Li sts 3-109 3 We b – C lick Security , I P Filter . Enter the IP ad dresses or ran ge of address es that are allowe d managem ent access to an i nterface, and cl ick Add Web IP Filtering Entry to upd ate the filter list. Figure 3 -71 Creat ing an IP Filter List CLI – This examp le allows SNM P access for a sp ecific client. Co[...]

  • Seite 160

    Configuri ng the Switch 3-110 3 Port Configuration Displaying Connect ion Status Y o u can use the Port Information or T runk Inform ation pages to di splay the curr ent connect ion status, including link state, s peed/du plex mode , flow control, a nd auto-n egotiation. Field Attributes (Web) • Name – Inte rface labe l. • Type – Indi cates[...]

  • Seite 161

    Port Conf igur at ion 3-111 3 Field Attributes (CLI) Bas ic Info rma tion : • Port type – Indicate s the port type. (100BASE-FX , 1000BASE-T, or SFP) • MAC address – The physi cal layer add ress for this por t. (To access t his item on the web, see “Setting the Swi tch’s IP Address ” on page 3-16.) Conf igur at ion: • Name – Inte [...]

  • Seite 162

    Configuri ng the Switch 3-112 3 CLI – This exam ple shows the co nnection st atu s for Port 5. Configuring I nterface Connections Y ou can use the Port C onfigurati on or Trunk Conf iguration page to ena ble/disable an interface, set auto-negot iation and the in terface capabilitie s to advertise, or manually fix the spe ed, duplex mod e, and flo[...]

  • Seite 163

    Port Conf igur at ion 3-113 3 (Default : Autonegotiati on enabled; Adve rtised capab ilities for 100BAS E-FX – 100full; 1000BA SE-T – 10half, 10full, 100half, 100full, 1000full; 1000BASE- SX/ LX/ LH – 1000 full ) • Media Type – M edia type used for the c ombo p orts. (Opti ons: Copp per-Force d, SFP-Forced , or SFP-Preferred-Auto; Default[...]

  • Seite 164

    Configuri ng the Switch 3-114 3 Creating Tr unk Groups Y o u can create mu ltiple links bet ween devices that work as o ne virtual, aggr egate link. A por t trunk offers a drama tic increase in bandwidth for net work segmen ts where b ottlenec ks exist, a s well a s prov iding a f ault-tolerant link bet ween tw o devices . Y ou can c reate up to ei[...]

  • Seite 165

    Port Conf igur at ion 3-115 3 Statically Configuring a Trunk Command Usage • When co nfiguring static trunk s, you m ay not be able to link sw itches of dif ferent types , dependi ng on the man ufacturer’s implemen tation. H owever, note th at the static trunks on th is switch are Cisc o EtherChann el compatible. • To avoid cr eating a loop i[...]

  • Seite 166

    Configuri ng the Switch 3-116 3 CLI – This exampl e crea tes tru nk 2 wi th port s 1 and 2. Just connec t thes e port s to two static trun k ports on anothe r switch to form a trunk. Enabling LACP o n Selected Ports Command Usage • To avoid cr eating a loop in the network, be s ure you enabl e LACP befor e connecting the ports, and also d iscon[...]

  • Seite 167

    Port Conf igur at ion 3-117 3 Command Attributes • Member Li st ( Current ) – Shows con figured trunks (Port). • New – Inc ludes entry fie lds for creating ne w trunks. - Port – Port i dentifier. (Rang e: 1-28) We b – Click Port, L ACP , C onfiguration . Select any of the sw itch ports from the scroll-dow n port list and c lick Add . Af[...]

  • Seite 168

    Configuri ng the Switch 3-118 3 CLI – The follo wing examp le enables LA CP for ports 1 to 6. Ju st connect these ports to LACP -enabled trunk po rts on another sw itch to form a trunk . Configuring LACP Pa rameters Dynami cally Creating a Por t Channel – Ports assigne d to a common po rt channel must meet the f ollowing crit eria: • Ports mu[...]

  • Seite 169

    Port Conf igur at ion 3-119 3 - Sys tem priority is com bined with t he switch’s M AC address to form the LAG ide ntif ier . Th is id enti fie r is used to i ndic ate a spec if ic LAG duri ng L ACP negotiat ions with othe r systems. • Admin Key – The LACP admini str ation key mus t be set to t he same va lue f or port s that belon g to the sa[...]

  • Seite 170

    Configuri ng the Switch 3-120 3 CLI – The followi ng example co nfigures LAC P parameters for ports 1-4. Ports 1-4 are used as active mem bers of the LAG . Displaying LACP Port Co unters Y o u can display stati stics for LACP protocol mes sages. Console(config)#interface ethernet 1/1 4-166 Console(config-if)#lacp actor system-prio rity 3 4-183 Co[...]

  • Seite 171

    Port Conf igur at ion 3-121 3 We b – Click Port, L ACP , Port Coun ters Informatio n. Select a member po rt to display the corres ponding info rmation. Figure 3-7 7 LACP - Port Cou nters Informa tion CLI – The followi ng example di splays LAC P counters . Mark er Unk now n Pkts Number of fr ames recei ved t hat ei ther (1) Ca rry t he S low Pr [...]

  • Seite 172

    Configuri ng the Switch 3-122 3 Displaying LACP Settings and Status for the Lo cal Side Y o u can display co nfiguration s ettings and th e operationa l state for the loca l side of an link aggreg ation. T ab le 3-9 LA CP Intern al Configurat ion Inform ation Field Descr iption Oper Key Curren t operational value of th e key for the aggregati on po[...]

  • Seite 173

    Port Conf igur at ion 3-123 3 We b – Click Port, LACP , Port Internal In formation. Sele ct a port c hannel to displa y the corres ponding info rmation. Figure 3 -78 LACP - Port Inte rnal Infor mation CLI – The followi ng example di splays the LAC P configura tion settings and operat ional state for the local side of port chan nel 1. Console#sh[...]

  • Seite 174

    Configuri ng the Switch 3-124 3 Displaying LACP Settings and Status for the Rem ote Side Y o u can display co nfiguration s ettings and th e operationa l state for the remot e side of an link ag gregation. We b – Click Port , LACP , P ort Neighbors Info rmation. Select a port channel to display t he correspo nding informa tion. Figure 3-7 9 LACP [...]

  • Seite 175

    Port Conf igur at ion 3-125 3 CLI – The followi ng example di splays the LAC P configura tion settings and operat ional state for the rem ote side of port ch annel 1. Setting Broadcast Storm Thresholds Broadca st storms m ay occur whe n a device on yo ur network is m alfunctioni ng, or if applicat ion program s are not well des igned or prope rly[...]

  • Seite 176

    Configuri ng the Switch 3-126 3 We b – Click Port, Port/T runk Broadcast Control. Set the threshol d, mark the Enabled field for the des ired interfac e and c lick Apply . Figure 3- 80 Port B roadcast Control CLI – S pecify any i nterface, an d then enter th e threshold. The f ollowing disab les broadca st storm contr ol for port 1, and t hen s[...]

  • Seite 177

    Port Conf igur at ion 3-127 3 Configuring Port Mirroring Y o u can mirror traffic fro m any source port to a target port for re al-time anal ysis. Y ou can then attach a logic an alyzer or RM ON probe to the target port and s tudy the traffic cros sing the source port in a com pletely u nobtrusive manner . Command Usage • Monitor port speed shou [...]

  • Seite 178

    Configuri ng the Switch 3-128 3 Configuring Rat e Limits This funct ion allows the net work manag er to control th e maximum rat e for traffic received on a port or transm itted from a port. Rate limiti ng is configured on ports at the edge o f a network to lim it traffic coming in and o ut of the networ k. Packets that exceed th e acceptable am ou[...]

  • Seite 179

    Port Conf igur at ion 3-129 3 Showing Port Statistics Y o u can display stan dard statistics on ne twork traffic from the Interfaces Group and Ethernet- like MIBs, as we ll as a detailed breakd own of traffic based on the RMON MIB. Inter faces and Et hernet-like statist ics display err ors on the traffic passing throug h each port. This i nformatio[...]

  • Seite 180

    Configuri ng the Switch 3-130 3 Transmit D iscarded Pac kets The number o f outbou nd packets which w ere cho sen to be discarded even though no errors ha d been de tected to pre vent their b eing trans mitted. One poss ible reaso n for disca rding such a p acket cou ld be to fr ee up buffer spa ce. Transmit Errors The nu mber of outb ound pack ets[...]

  • Seite 181

    Port Conf igur at ion 3-131 3 Received Frames Th e total num ber of fra mes (bad, bro adcast an d multicas t) received. Broadcas t Frames The to tal number of good fram es receive d that were d irected to the broadcas t address. Note that this does not include mu lticast pac kets. Multicast Frames Th e total num ber of go od frames rec eived that w[...]

  • Seite 182

    Configuri ng the Switch 3-132 3 We b – Click Port , Port S t atis tics. Select the requ ired interfac e, and click Query . Y ou can also use the Refres h button at the bot tom of the page to upd ate the scre en. Figure 3-8 3 Port St atistics[...]

  • Seite 183

    Address T abl e Settings 3-133 3 CLI – Th is ex ampl e sh ows s tat isti cs f or po rt 13. Address Table Settings Switche s store the addre sses for all know n devices. This informat ion is used to pass traffic directly betw een the inboun d and outbo und ports. All the addr esses learn ed by monito ring traffic are stored in the dynamic addr ess[...]

  • Seite 184

    Configuri ng the Switch 3-134 3 We b – Click Add ress T able, Static Addresses. S p ecify the interf ace, the MAC addr ess and V LAN, t hen clic k Add S tatic Addr ess . Figure 3- 84 Config uring a S tatic Addr ess Table CLI – This exam ple adds an a ddress to the static add ress table, but sets it to be deleted when t he switch is re set. Disp[...]

  • Seite 185

    Address T abl e Settings 3-135 3 We b – Clic k Address T a ble, Dynami c Addresse s. S pecify the s earch type (i.e., m ark the Inte rfac e, M AC Add res s, or VLAN chec kbox) , s elec t th e meth od of sort in g th e displaye d address es, and then click Query . Figur e 3- 85 Conf igur ing a D ynami c Ad dress Table CLI – This exam ple also di[...]

  • Seite 186

    Configuri ng the Switch 3-136 3 Changing the Aging Time Y o u can set the agi ng time for entri es in the dynam ic address table . Command Attributes • Aging Status – Enable s/disables the fu nction. • Aging Time – The time after which a learned entr y is discarded . (Range: 10-630 se conds; Default: 300 seconds) We b – Cli ck A ddr ess T[...]

  • Seite 187

    Spanning Tree Algorithm Configu ration 3-137 3 ports, and disab les all other ports. Network packe ts are therefore on ly forwarded between r oot ports and de signated ports, eli minating any po ssible netw ork loops. Once a stable network top ology has bee n established, all br idges listen fo r Hello BPDUs (Bri dge Protocol Da t a Units) transm i[...]

  • Seite 188

    Configuri ng the Switch 3-138 3 MSTP the n builds a Intern al S panni ng T ree (IST) for the Region containing al l comm only configu red MSTP bridge s. An MST Re gion consists of a gr oup of interconn ected bridges that have th e same MST Con figuration Iden tifiers (inclu ding the Regio n Name, Rev ision Level and Configu ration Diges t – see ?[...]

  • Seite 189

    Spanning Tree Algorithm Configu ration 3-139 3 • Bri dge ID – A unique identifier for this bridg e, consisting of the bridge priority and MAC ad dress (wher e the address is tak en from the swi tch system) . • Max Age – Th e max imum t ime (in secon ds) a dev ice c an wa it w itho ut r ecei ving a configur ation messa ge before atte mpting [...]

  • Seite 190

    Configuri ng the Switch 3-140 3 configur ation mes sage), a new r oot port is selecte d from am ong the device ports attached to the network. (R eferences to “por ts” in this sec tion means “i nterfaces,” which in cludes both por ts and trunks. ) • Root Forward Delay – The maximum time (in seconds) this device will wa it before changin [...]

  • Seite 191

    Spanning Tree Algorithm Configu ration 3-141 3 Note: The current root por t and current root cost display as zero when this device is not connected to the network. Configuring Globa l Settings Global s ettings apply t o the entire swit ch. Command Usage • Spannin g Tree Protocol 9 Uses RSTP for the internal st ate machine, b ut sends only 802 .1D[...]

  • Seite 192

    Configuri ng the Switch 3-142 3 • Priority – Bridge pr iority is used in se lecting the root device, root port, and designa ted port. The device with the highest prior ity becomes th e STA root device. However, if all devices have the same priority, the device with the lowest MAC addr ess will then bec ome t he roo t de vice . (N ote t hat lowe[...]

  • Seite 193

    Spanning Tree Algorithm Configu ration 3-143 3 • Transmission Lim it – The max imum transmissio n rate for BPDUs is specified by set ting the mini mum i nter val betwe en t he t ransm issi on of cons ecu tive prot ocol messag es. (Range: 1-10; Default: 3) Conf igur at ion Se tti ngs f or MST P • Max In stanc e Numbers – The max imum numb er[...]

  • Seite 194

    Configuri ng the Switch 3-144 3 CLI – Th is e xampl e en able s S panni ng T ree Prot ocol , se ts the mode t o RS TP , and then configu res the ST A an d RSTP paramete rs. Displaying Int erface Settings The S T A Port Inform ation and ST A Trunk Info rmation pag es display the curre nt status of ports and tru nks in the Sp anning T ree. Field At[...]

  • Seite 195

    Spanning Tree Algorithm Configu ration 3-145 3 by auto-de tection, as desc ribed for Admin L ink Type in ST A Port Configurati on on page 3-14 7. • Oper Edge Port – This parameter is initialized to th e setting for Admin Edge Port in STA Po rt Configurati on on page 3-147 (i.e., true or false), b ut will be set to false if a BPD U is rec eived,[...]

  • Seite 196

    Configuri ng the Switch 3-146 3 Algorithm is detecting net work loops. W here more tha n one port is assign ed the highest pr iority, the po rt with the lowest num eric ident ifier will be enab led. • Designat ed root – The priority and MA C address o f the device in the Spanning Tree tha t this switch has a ccepted as th e root device. • Fas[...]

  • Seite 197

    Spanning Tree Algorithm Configu ration 3-147 3 CLI – This examp le shows the ST A attributes for port 5. Configuring I nterface Settings Y ou ca n configur e RSTP and MST P attribute s for specific int erfaces, includi ng port priority , path cost, link typ e, and edge por t. Y ou may use a different prio rity or path cost for por ts of the same [...]

  • Seite 198

    Configuri ng the Switch 3-148 3 Protoco l is detecting ne twork loops. Where more t han one port is as signed the highest pr iority, the po rt with lowest num eric identifier will be enable d. • Default: 128 • Range: 0- 240, in steps of 16 • Path Cost – Th is parameter is us ed by the STP to de termine the bes t path between d evices. T her[...]

  • Seite 199

    Spanning Tree Algorithm Configu ration 3-149 3 We b – Click S panning T ree, ST A , Port Confi guration or Tr unk Configuration. Modify the required attributes, the n click Apply . Figure 3- 90 Config uring Spa nning Tre e per Port CLI – This examp le sets ST A attributes for por t 7. Configuring Mult iple Spanning Trees MSTP gene rates a uniq [...]

  • Seite 200

    Configuri ng the Switch 3-150 3 Command Attributes • MST Instan ce – Ins tance identifie r of this spannin g tree. (Defau lt: 0) • Priority – T he prior ity of a spanning tree ins tance. (R ange: 0- 61440 in steps o f 4096; Opt ions: 0, 409 6, 8192, 12 288, 16384, 20 480, 245 76, 28672, 32 768, 3686 4, 40960, 45056, 4 9152, 532 48, 57 344, [...]

  • Seite 201

    Spanning Tree Algorithm Configu ration 3-151 3 CLI – This example sets ST A at tributes for p ort 1, follo wed by settings fo r each port. Displaying Int erface Settings for MSTP The MSTP Po rt Information and MSTP T run k Information pages display the cu rrent status of por t s and tru nks in the sele cted MST instanc e. Command Attributes • M[...]

  • Seite 202

    Configuri ng the Switch 3-152 3 We b – Click Sp anning T r ee, MSTP , Port or Trunk Informati on. Select the req uired MST in st ance to di splay the cu rren t sp anni ng tre e valu es. Figure 3- 92 Displa ying MST P Interfac e Settings[...]

  • Seite 203

    Spanning Tree Algorithm Configu ration 3-153 3 CLI – This displays ST A settings for ins tance 0, follo wed by settings for each port. The settings for inst ance 0 are gl obal settings t hat apply to th e IST , the sett ings for other instan ces only apply to the local spannin g tree. Configuring I nterface Settings for MSTP Y ou ca n configure t[...]

  • Seite 204

    Configuri ng the Switch 3-154 3 - Disca rding – Port recei ves STA configurati on messa ges, but d oes not forward packe ts. - Lear ni ng – Port has trans mitted confi guration mess ages for an in terval set by the Forward Delay parameter with out receiving co ntradictory info rmation. Port address table is cleared , and the port be gins learni[...]

  • Seite 205

    VLAN Configu ration 3-155 3 We b – Click Spanning T ree, MSTP , Po rt Configur ation or Trunk Configura tion. Enter the priority an d path cost for an int erface, and cli ck Apply . Figure 3- 93 Displa ying MST P Interfac e Settings CLI – Th is ex ampl e se ts the M STP a ttri but es f or por t 4 . VLAN Configuration IEEE 802.1Q VLANs In large [...]

  • Seite 206

    Configuri ng the Switch 3-156 3 Thi s swi tch s upp ort s th e fo llow ing VLAN f eat ures : • Up to 255 VLAN s based on the IEEE 802.1Q sta ndard • Distribut ed VLAN learning across multiple swit ches using explicit or imp licit tagging and GVR P protocol • Port overla pping, allowing a port to partic ipate in multiple VLANs • End s tation[...]

  • Seite 207

    VLAN Configu ration 3-157 3 Untagged VLANs – Untagged (or static) VLA Ns are typica lly used to red uce broadca st traffic and to increa se securit y . A grou p of netwo rk users assign ed to a VLAN for m a broadc ast doma in that is separ ate from o ther VLANs c onfigured o n the swi tch. Pack et s are for warde d onl y bet wee n port s that are[...]

  • Seite 208

    Configuri ng the Switch 3-158 3 Forwarding T agged/Unt agged Frames If you wan t to create a small port-based VLAN for devices attache d directly to a single sw itch, you can ass ign ports to the sam e untagged VLAN . However , to participate in a VLAN gr oup that cross es several sw itches, you sh ould create a VLAN for th at group and enab le tag[...]

  • Seite 209

    VLAN Configu ration 3-159 3 Disp layin g Basi c VLAN I nform ation The VLAN Basic Informa tion page displays basic informa tion on the VLAN type support ed by the switch . Field Attributes • VLAN Versio n Number 10 – The VLAN ver sion used by this sw itch as speci fied in the IEEE 802.1Q standa rd. • Maximu m VLAN ID – Maximum VL AN ID reco[...]

  • Seite 210

    Configuri ng the Switch 3-160 3 • Status – Show s how this VLA N was added to the switch. - Dynamic GVRP : Automati cally learned via G VRP. - Permanen t : A dded as a static e ntry. • Egress Ports – S hows all the V LAN port member s. • Untagged Ports – Shows the untagged VLAN port members . We b – Click VLAN, 802.1Q VLAN, Current T [...]

  • Seite 211

    VLAN Configu ration 3-161 3 CLI – Current VLAN information c an be displayed with the followi ng command. Creating VLANs Use the VLAN S tatic List to create or remo ve VLAN groups. T o pro p agate informat ion about VL AN groups us ed on this s witch to ex ternal netw ork devic es, you must spec ify a VLAN ID for eac h of these groups. Command At[...]

  • Seite 212

    Configuri ng the Switch 3-162 3 We b – Click VLA N, 802.1Q VLAN, S tatic Lis t. T o c reate a new VLAN, en ter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then cli ck Add. Figure 3-9 7 Config uring a VL AN Static Lis t CLI – Th is e xampl e cr eates a ne w VLAN . Adding Static Members to VLANs (VLAN In dex) Use[...]

  • Seite 213

    VLAN Configu ration 3-163 3 Command Attributes • VLAN – ID of config ured VLAN (1-4 093). • Name – Name of t he VLAN (1 to 32 characters). • Status – Enabl es or disables the sp ecified VLAN. - Enable : VLAN is oper ational. - Disable : VLAN is suspe nded; i.e., doe s not pass pack ets. • Port – Port i dentifier. • Memb ership Typ[...]

  • Seite 214

    Configuri ng the Switch 3-164 3 Figure 3- 98 Config uring a V LAN Static Table CLI – The followin g example ad ds tagged and untag ged ports to VLAN 2. Adding Static Members to VLANs (Po rt Index) Use the VLAN S tatic Mem bership by Por t menu to assign VL AN groups to the selected interface as a tag ged membe r . Command Attributes • Inte rfac[...]

  • Seite 215

    VLAN Configu ration 3-165 3 Configuring VLAN Be havior for Interfac es Y ou can confi gur e VLAN beh avi or fo r spec ifi c inte rfac es, i ncl udin g the de fau lt VLA N identifier ( PVID), accept ed frame type s, ingress filtering , GVRP status , and GARP time rs. Command Usage • GVRP – GA RP VLAN Regi stration Protoc ol defines a way f or sw[...]

  • Seite 216

    Configuri ng the Switch 3-166 3 or LeaveA ll message ha s been issu ed, the applican ts can rejoin before the port actually leaves the grou p. (Range: 60- 3000 centisec onds; Defaul t: 60) • GARP LeaveAll Timer 9 – The inte rval bet wee n send ing out a Leav eAl l que ry messag e for VLAN group pa rticipants and the port leaving the group . Thi[...]

  • Seite 217

    VLAN Configu ration 3-167 3 CLI – Th is example sets port 3 to accept o nly tagged fr ames, as signs PVI D 3 as the nati ve V LAN ID, ena bles GVR P , sets t he G AR P tim ers, and then sets the swi tchp ort mode to hybri d. Configuring I EEE 802.1Q Tunneling IEEE 802. 1Q T unneling ( QinQ) is design ed for service pro viders carrying t raffic fo[...]

  • Seite 218

    Configuri ng the Switch 3-168 3 process ing. When the packet exits anothe r trunk port on the same core sw itch, the same SPVLAN tag is ag ain added to the packet. When a packe t enters the trun k port on the se rvice provider ’s egre ss switch, th e outer tag is agai n stripped for packe t processing . However , the SPVLAN tag is not added wh en[...]

  • Seite 219

    VLAN Configu ration 3-169 3 5. If the egress port is an unta gged member of the SPVLAN, th e outer t ag will be stripped. If it is a tagged member , the outgoing p ackets will have two tags. Layer 2 Flow for Packets Coming into a T unnel U plink Port An uplink po rt receives on e of the following packe ts: • Untagge d • One tag (CVL AN or SPVL [...]

  • Seite 220

    Configuri ng the Switch 3-170 3 Configu ration Limitation s for QinQ • The native VLAN of uplink por ts should not be used as the SPVL AN. If the SPVLAN is the uplink port's native VLA N, the uplink po rt must be an un tagged memb er of the SPVLAN. Then the outer SP VLAN tag will be strip ped when the pac kets are sent out. An other reason i[...]

  • Seite 221

    VLAN Configu ration 3-171 3 Ide ntif ier (TPID) valu e of the tu nnel port i f the at tach ed cli ent is usin g a nonst an dard 2-byte eth ertype to ide ntify 802.1Q tagged frames. Command Usage • Use the TPI D field to set a cust om 802.1Q e thertype val ue on the select ed interface . This feature allows the switc h to interoperate with third-p[...]

  • Seite 222

    Configuri ng the Switch 3-172 3 CLI – Th is e xampl e set s t he sw itch to operat e i n Qin Q mode . Adding an In terface to a Q inQ Tunnel Follow the guideline s in the prec eding sect ion to set up a QinQ tunnel on th e switch. Use the VLAN Port Configurat ion or VLAN Tr unk Configuration s creen to set the access po rt on the edge swi tch to [...]

  • Seite 223

    VLAN Configu ration 3-173 3 We b – Click VLAN , 802.1Q VLAN, 802.1Q T unne l Configuration o r T unnel Trunk Configu ration. Set the mode fo r a tunnel a ccess p ort to 802.1Q T unnel and a tunne l uplink por t to 802.1Q Tunnel Uplink. C lick Apply . Figure 3-1 02 Tunn el Port Co nfiguration CLI – This examp le sets port 1 to tunn el access mod[...]

  • Seite 224

    Configuri ng the Switch 3-174 3 cont ai ns prom isc uous po rt s that ca n commu nica te wit h all ot her po rt s in th e priva te VLAN gro up, while a seco ndary (or commu nity) VLAN contains community por t s that can on ly commu nicate with other hosts within t he second ary VLAN and w ith any of the prom iscuous ports in the ass ociated pri mar[...]

  • Seite 225

    VLAN Configu ration 3-175 3 We b – Click VLAN , Private VLAN, Inf ormation. Selec t the desired port from the VLAN ID drop-d own menu. Figure 3 -103 Priv ate VLAN Informati on CLI – Th is ex ampl e sh ows th e s witc h conf igur ed w ith p rim ary VL AN 5 and secondar y VLAN 6 . Port 3 has been co nfigured as a prom iscuous port and m apped to [...]

  • Seite 226

    Configuri ng the Switch 3-176 3 We b – Click VL AN, Private VLAN, Configu ration. Enter the VLAN ID number , select Primary , Is olated or Com munity type, the n click Add. T o remov e a private VLAN from the swi tch, highlig ht an entry in the Cur rent list box and then c lick Rem ove. Note that all member ports must be remove d from the VLAN be[...]

  • Seite 227

    VLAN Configu ration 3-177 3 CLI – This examp le associa tes communit y VLANs 6 and 7 wi th primary VLAN 5. Display ing Private VLA N Interfac e Information Use the Priv ate VLAN Port Inf ormation and Pr ivate VLAN Trunk Informatio n menus to d isp lay t he in ter fac es as soci ated wit h pri vate VLAN s. Command Attributes • Port/T runk – Th[...]

  • Seite 228

    Configuri ng the Switch 3-178 3 CLI – This examp le shows the sw itch configu red with prima ry VLAN 5 and comm unity VLAN 6. Port 3 has been co nfigured as a promiscu ous port a nd mapped to VLAN 5, wh ile ports 4 and 5 have been configur ed as host ports and as sociated with VLAN 6. This means th at traffic for port 4 and 5 can on ly pass throu[...]

  • Seite 229

    VLAN Configu ration 3-179 3 We b – Click VL AN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Type for each port th at will join a private VLA N. Assign prom iscuous ports to a primary VLAN. As sign host p orts to a comm unity VLAN. Afte r all the ports have be en conf igured, c lick Apply. Figure 3 -107 Priv ate VLA[...]

  • Seite 230

    Configuri ng the Switch 3-180 3 • Frame Type – Choose either Eth ernet, RFC 1042, or L LC Other as the fram e type used by thi s prot ocol . • Protocol Type – Speci fies the protoc ol type to match . The available op tions are IP, ARP, and R ARP. If LLC Oth er is chosen for the Fr ame Type, the on ly available Protocol T ype is IPX Raw Note[...]

  • Seite 231

    Link Layer D iscovery Protoco l 3-181 3 We b – Click VLAN , Protocol VLAN, Sy stem Configur ation. Figure 3 -109 Prot ocol VLAN System Configuration CLI – Th is ex ampl e show s th e swi tch conf igur ed wi th Pr otoc ol G roup 2 map ped t o VLAN 2 . Link Layer Discovery P rotocol Link L ayer Discov ery Protoco l (LLDP) is used t o discov er ba[...]

  • Seite 232

    Configuri ng the Switch 3-182 3 Command Attributes • LLDP – Enables LLDP globally on the switch. (Def ault: Enabled) • Transm ission Interval – Configure s the periodic tran smit interva l for LLDP advert isements. (Ran ge: 5-32768 seconds; Default: 30 se conds) This attri bute must comply with the following rule: (transm ission-inte rval *[...]

  • Seite 233

    Link Layer D iscovery Protoco l 3-183 3 critical to th e timely startup of LLD P, and theref ore integral to the ra pid availability of Emerge ncy Call Service. We b – Click LLDP , Configu ration. Enab le LLDP , modify a ny of the timi ng parameters as re quir ed, an d click Appl y . Figur e 3- 110 LL DP Conf igur ati on CLI – This exam ple set[...]

  • Seite 234

    Configuri ng the Switch 3-184 3 Command Attributes • Admin Status – En ables LLDP me ssage tran smit and rece ive modes for LLD P Protocol Data Unit s. (Options: Tx only, Rx only, TxRx, Disabled; Def ault: TxRx) • SNMP Notific ation – Enables t he transmissi on of SNMP trap n otification s about LLDP and LLDP -MED chan ges. (Def ault: Ena b[...]

  • Seite 235

    Link Layer D iscovery Protoco l 3-185 3 configur e the system n ame, see “D isplaying Sy stem Inform ation” on page 3-12. - System Capabilities – The sy stem capabilit ies identifies the pr imary func tion(s) of the syst em and whethe r or not these pr imary func tions are enabled . The informat ion advertised by th is TL V i s described in I[...]

  • Seite 236

    Configuri ng the Switch 3-186 3 CLI – Th is example se ts the interfa ce to both t ransmit and receive LLDP mes sages, enables SNMP trap mess ages, ena bles ME D notific ation, and specifies the TL V , MED-TL V , dot1-TL V and dot3-TL V parameter s to advertis e. Displaying LLDP Local Device Information Use t he LLD P Local D evic e Infor mat ion[...]

  • Seite 237

    Link Layer D iscovery Protoco l 3-187 3 CLI – This example displays LLDP informati on for the local switch. This example dis plays detail ed informati on for a specif ic port on the local switch. Displaying LLDP Remote Port Information Use the LLDP Remote Port/T runk Information screen to display in formation abou t devi ces c onn ected dir ectl [...]

  • Seite 238

    Configuri ng the Switch 3-188 3 CLI – This exam ple displays LL DP inform ation for remo te devices attached to this switch which are adve rtising inform ation through LL DP . Displaying LLDP Remote Infor mation Detail s Use the LLDP Remote Information Details screen to di splay deta iled informatio n about an L LDP-enabled device conne cted to a[...]

  • Seite 239

    Link Layer D iscovery Protoco l 3-189 3 CLI – Th is ex ampl e dis pla ys LLD P in forma ti on for an L LDP- enabl ed re mot e dev ice attached to a sp ecific port on t his switch. Displaying Devic e Statistics Use the LLDP Device S tatist ics scr een to d isplay aggr egate stati stics abou t all LLDP-e nabled devic e connect ed to this switch . W[...]

  • Seite 240

    Configuri ng the Switch 3-190 3 CLI – This exa mple displa ys LLDP statistics received fro m all LLDP-en abled rem ote devices connected di rectly to this sw itch. Displaying Detai led Device Statistics Use the LLDP Device S tatist ics Details screen to display statistics based o n traffic received t hrough all at t ache d LLDP-ena bled interfac [...]

  • Seite 241

    Class of Ser vice Configuration 3-191 3 CLI – Th is ex ampl e dis pla ys det ailed L LDP s ta tist ics for an LL DP-en able d rem ote dev ice attac hed to a spe cific por t on this sw itch . Class of Service Config uration Class of Service (CoS) al lows you to sp ecify which data packets ha ve greater precede nce when traffic is bu f fered in the[...]

  • Seite 242

    Configuri ng the Switch 3-192 3 Command Attributes • Default Prio rity 12 – The priority that is assigned to unt agged frames received on the specif ied interface . (Range: 0-7; Default: 0) • Number of E gres s Traf fic Cl asse s – The nu mber of queue bu ffers provided for each port . We b – Click Priority , Default Port Priority or Defa[...]

  • Seite 243

    Class of Ser vice Configuration 3-193 3 Round Ro bin (WRR). U p to eight separate tra f fic prio rities are define d in IEEE 802.1p. The default prio rity levels are as signed accor ding to recom mendation s in the IEEE 802.1p standard as shown in the following t able. The priorit y levels recomm ended in the IE EE 802.1p standa rd for various netw[...]

  • Seite 244

    Configuri ng the Switch 3-194 3 We b – Click Pri ority , T raf fic Classes. The current mapping of CoS values to output queues is displayed. As sign prioritie s to the traffic classes ( i.e., output queu es), then cli ck Apply. Figure 3- 118 Traffi c Classes CLI – Th e fo llow ing e xamp le s hows ho w to chan ge t he Co S assi gnme nt s. * Map[...]

  • Seite 245

    Class of Ser vice Configuration 3-195 3 We b – Click Priorit y , T r af fic Clas ses S tatus. Figure 3-1 19 Enab le Traffic C lasses Selecting th e Queue M ode Y o u can set the sw itch to service the queues bas ed on a strict ru le that requires al l traffic in a higher pr iority queue to be processed b efore lower priority queue s are serviced,[...]

  • Seite 246

    Configuri ng the Switch 3-196 3 V alue s to Egress Queu es” on page 3-192 , the traffic classe s are mapped to one of the eight e gress queues provided for ea ch port. Y ou ca n assign a weight to each of these que ues (and the reby to the corres ponding traffic prior ities). This we ight sets the frequency a t which each que ue will be polled fo[...]

  • Seite 247

    Class of Ser vice Configuration 3-197 3 a Class o f Service va lue by the sw itch, and the traffic then se nt to the corr esponding output q ueue. Beca use d if fer ent prio rit y inf ormat ion m ay b e cont ained in th e tra f fic, thi s swi tch maps priorit y values to the ou tput queues in the following m anner: • The prece dence for priorit y[...]

  • Seite 248

    Configuri ng the Switch 3-198 3 Mapping DSCP Priority The DSCP is six bits wide, allowi ng coding for u p to 64 different forwar ding behavio rs. The DSC P retains bac kward co mpatibility with the three p recedenc e bits so that non-DSCP comp liant will not con flict with the DSCP mapping. Based on net work poli cies, di f feren t ki nds of tr af [...]

  • Seite 249

    Quality of Service 3-199 3 CLI – The followi ng example gl obally enables DSCP Priorit y service on the switch, maps DSC P value 0 to CoS valu e 1 (on port 1 ), and the n displays t he DSCP P riority settings . * Mapping specific values f or IP DSCP is implemented as an inter face configuration command, but any changes will appl y to the all inte[...]

  • Seite 250

    Configuri ng the Switch 3-200 3 2. You should create a Class Map before cr eating a Policy Map. Otherwise, you will not be able to selec t a Class Map from the P olicy Rule Settings screen (see page 3-205). Configuring Quality of Service Par ameters T o creat e a service policy for a specific c ategory or ingress traffic, follow th ese steps: 1. Us[...]

  • Seite 251

    Quality of Service 3-201 3 • Add Class – Opens the “Class Conf ig urat ion” page. Ent er a clas s name and descript ion on this page , and click Add t o open the “Mat ch Class Setting s” page. Enter the c riteria used to classify ingre ss traffic on this page. • Remo ve Class – Remo ves the sele cted class. Class Configuratio n • [...]

  • Seite 252

    Configuri ng the Switch 3-202 3 We b – Click QoS, DiffServ , then click Ad d Class to c reate a new class, or Edit Rules to change the rules of an ex isting class. Figure 3-1 24 Configuring Cla ss Maps CLI - This exampl e creates a class map cal l “rd_clas s,” and sets it to ma tch packets marked for DSCP service value 3. Console(config)#clas[...]

  • Seite 253

    Quality of Service 3-203 3 Creating QoS Policies This funct ion creates a po licy map tha t can be attached to mu ltiple interf aces. Command Usage • To configur e a Policy Map , follow these steps : - Cre ate a Class Map as described on page 3-200. - Ope n the Policy Map pa ge, and click Ad d Policy. - When the Policy Configu ration page opens, [...]

  • Seite 254

    Configuri ng the Switch 3-204 3 Policy Rule Settings - Class Setting s - • Class N ame – N ame of class map. • Action – Show s the service provided t o ingress traffic by setting a C oS, DSC P , or IP Prece dence value in a matching pack et (as spec ified in Match C lass Set tings on page 3-200) . • Meter – The maxim um throughpu t and [...]

  • Seite 255

    Quality of Service 3-205 3 We b – Click QoS, Dif fSe rv , Policy Map to disp lay the list o f existing policy maps. T o add a new policy map click Add Policy . T o configure t he policy rule se ttings click Ed it Classes. Figure 3- 125 Conf iguring Po licy Maps[...]

  • Seite 256

    Configuri ng the Switch 3-206 3 CLI – This examp le creates a poli cy map called “r d-policy ,” s ets the av erage bandwidth the 1 Mbps, the burst rate to 1522 bps, and th e response to reduce the DSCP value for violati ng packets to 0. Attaching a Policy Map to Ingress Qu eues This funct ion binds a pol icy map to the ing ress queue of a par[...]

  • Seite 257

    V oIP T ra ffi c C onf igur at ion 3-207 3 VoIP Traffic Conf iguration When IP t elephony is dep loyed in an en terprise netwo rk, it is recom mended to isolate the V oice over IP (V oIP) ne twork traffic fr om other d ata traffic. Traff ic isol ation helps preve nt excessive pack et delays, packet loss, and jitter, which results in higher voice qu[...]

  • Seite 258

    Configuri ng the Switch 3-208 3 We b – Click QoS, V o IP T raffic Setting, Co nfiguration. Enable Auto Detection, specify t he V oice VL AN ID, the set the Voice VLAN Aging Time. Click Apply . Figure 3 -127 Conf iguring Vo IP Traffic CLI – Th is e xampl e en able s V oIP t raf fic dete cti on an d spe cif ies the V oic e VL AN ID as 1234, the n[...]

  • Seite 259

    V oIP T ra ffi c C onf igur at ion 3-209 3 address OUI num bers mu st be conf igured in the Teleph ony OU I list so th at the switch recognizes the traf fic as be ing from a VoIP d evice. • 802.1ab – Uses LLDP to discov er VoIP devices a ttached to the port. LLD P checks t hat the “telepho ne bit” in the syste m capability TLV is turned on.[...]

  • Seite 260

    Configuri ng the Switch 3-210 3 CLI – This exam ple configu res V o IP traffic settings fo r port 2 and displa ys the current Voice VLAN status. Configuring Tel ephony OUI V oI P devices at tached to the sw itch can be iden tified by the man ufacturer ’s Organ izational Uniq ue Identifier (OUI) in the sour ce MAC add ress of receiv ed packets. [...]

  • Seite 261

    V oIP T ra ffi c C onf igur at ion 3-211 3 • Telephon y OUI – Specifies a MAC a ddress ra nge to add to the list. Enter the MAC address in format 01-23-4 5-67-89-AB. • Mask – Identifies a rang e of MAC add resses. Selec ting a mask of FF-FF-FF-00-00-00 identifi es all devices with the same OUI (the first th ree octets). Other mask s restric[...]

  • Seite 262

    Configuri ng the Switch 3-212 3 Multicast Filtering Multicast ing is u sed to s upport r eal-time applicat ions suc h as videoc onferenci ng or streaming audio. A m ulticast server does not ha ve to establish a se parate connect ion with each client. It merely broa dcasts it s service to the network , and any hosts that want to receiv e the multica[...]

  • Seite 263

    Multicas t Filter ing 3-213 3 the se so urce s are all pla ced i n the Incl ude lis t, an d tr af fic i s f orwar ded t o t he hos ts from each of these sour ces. IGMPv3 ho sts may also requ est that se rvice be forwar ded from all sour ces except for those speci fied. In this ca se, traffic is filtered from sour ces in the Excl ude list, and forw [...]

  • Seite 264

    Configuri ng the Switch 3-214 3 the multicast filtering table is already ful l, the switch will continue flooding the traffic into the VLAN. • IGM P Q ueri er – A router, or multicas t-enabled sw itch, can pe riodically ask th eir hosts if they wa nt to rec eive mult icast traffi c. If there is more than one router/swi tch on the LAN performing[...]

  • Seite 265

    Multicas t Filter ing 3-215 3 We b – Click IGMP Snoopin g, IGMP Configuration. Adjust the IGMP settings as required , and then click App ly . (The def ault settings are shown belo w .) Figure 3-1 30 IGMP Configura tion CLI – Th is exampl e modifies t he settin gs for mul ticast filterin g, and th en displays the current status . Enabling IG MP [...]

  • Seite 266

    Configuri ng the Switch 3-216 3 is determi ned by the IGMP Q uery Report Del ay (see “Configur ing IGMP Snoop ing and Query Pa rameters” on page 3-213) . • If immedia te leave is ena bled, the sw itch assume s that only one host is connec ted to the inter face. Therefor e, immediat e leave sho uld only be enab led on an inte rface if it is co[...]

  • Seite 267

    Multicas t Filter ing 3-217 3 supp ort IP m ulti casti ng acros s th e Int ern et. T hese rout ers ma y be dyna mical ly discove red by the swit ch or statically assi gned to an inter face on the sw itch. Y ou ca n use the Mul ticast Router Po rt Informat ion page to display the po rts on this swi tch at ta ched t o a neighb ori ng mul ticas t ro u[...]

  • Seite 268

    Configuri ng the Switch 3-218 3 • Port or Trunk – Specifies the in terface at tached t o a mult icast route r. We b – Click IGMP Snooping, St atic Multicast Router Port Configuratio n. S pecify the interfaces attached to a multicast r outer , indicate th e VLAN which will forwa rd all the corres ponding multi cast traffic, and then cl ick Add[...]

  • Seite 269

    Multicas t Filter ing 3-219 3 We b – Click IGMP Snooping, IP Mu lticast Registrat ion T a ble. Select a VL AN ID and the IP add ress for a multic ast service fr om the scroll-do wn lists. The sw itch will display al l the interfaces that are propagat ing this multic ast service. Figur e 3 -134 IP Mu ltic ast R egis trat ion Tabl e CLI – This ex[...]

  • Seite 270

    Configuri ng the Switch 3-220 3 • Multicast IP – T he IP addr ess f or a spec ifi c mul tic ast se rvi ce • Port or Trunk – Specifi es the in terface attached t o a mul ticast rout er/switch . We b – Click IGM P Snooping, IGM P Member Por t T a ble. S p ecify the interfac e attached to a mul ticast servi ce (via an IGMP-en abled swit ch o[...]

  • Seite 271

    Multicas t Filter ing 3-221 3 IGMP th rottling sets a maxi mum numbe r of multicast groups that a port can join at the sam e time. When th e maximum number of grou ps is reached on a port , the switch can take one of two act ions; either “d eny” or “replace ”. If the action is set to deny , any new IGMP join reports will be droppe d. If the[...]

  • Seite 272

    Configuri ng the Switch 3-222 3 CLI – This examp le enables IGMP filtering an d creates a profi le number . It then displays the current status and the existi ng profile numb ers. Configuring IG MP Filter Profile s When you have created an IGMP profile number , you can th en configure t he multicast groups to filter and s et the access m ode. Com[...]

  • Seite 273

    Multicas t Filter ing 3-223 3 We b – Click IGM P Snooping, IGMP Fi lter Profile Configu ration. Select the pr ofile number you want to con figure; then cl ick Query to displ ay the current settings. S pecify the access mode for the profile and then add multic ast groups to the pr ofile li st. Cl ick Apply . Figure 3 -137 IGM P Profile C onfigurat[...]

  • Seite 274

    Configuri ng the Switch 3-224 3 • An IGMP pro file or throttling set ting can also be applied to a trunk inte rface. When ports are co nfigured as t runk member s, the trunk us es the setting s applied to the first port me mber in the trun k. • IGMP throt tling sets a max imum number of multicast group s that a port can join at the sam e time. [...]

  • Seite 275

    Multicast VLAN Regi stration 3-225 3 CLI – This exam ple assigns IGMP profile numb er 19 to port 1, a nd then sets the throttling n umber and a ction. The cu rrent IGMP fi ltering and thrott ling setting s for the interface ar e then disp layed. Multicast VLAN Registrati on Multicast VL AN Registrat ion (MVR) is a pro tocol that cont rols access [...]

  • Seite 276

    Configuri ng the Switch 3-226 3 Gener al Configur ation Gu idelines fo r MVR 1. Enable MVR globally on the switch, select the MVR VLAN, an d add the multicas t groups th at will stre am traf fic to att ached host s (see “Conf iguring Global MVR Settings” on page 3-22 6). 2. Set the inter faces that will jo in the MVR as s ource ports or recei v[...]

  • Seite 277

    Multicast VLAN Regi stration 3-227 3 • MVR Running Status – Indic ates whether or not all nece ssary conditio ns in the MVR environmen t are s atisfied. • MVR VLAN – Identi fier of the VLAN that s erves as the chan nel for stream ing multicast services usi ng MVR. (Ran ge: 1-4093; Default: 1) • MVR Group IP – IP address for an MVR multi[...]

  • Seite 278

    Configuri ng the Switch 3-228 3 • MVR Status – Shows t he MVR stat us. MVR sta tus for so urce ports i s “ACTIVE ” if MVR is glob ally enabled on the switch. MVR status fo r receiver po rts is “ACTIVE” onl y if t her e are su bsc riber s rec eivi ng mul tic ast t raff ic fr om one of t he MVR groups , or a m ulticast group has been s ta[...]

  • Seite 279

    Multicast VLAN Regi stration 3-229 3 We b – Click MVR, Gr oup IP Informati on. Figure 3-1 41 MVR Group IP I nformation CLI – Thi s exampl e fo llow ing s hows in form atio n abou t the i nte rfac es asso ciat ed wi th multicast gr oups assigned to the MVR VLAN. Configuring MVR Interface Status Each int erf ace th at p artici pat es in the MVR V[...]

  • Seite 280

    Configuri ng the Switch 3-230 3 • Immedi ate leave appl ies only to receive r ports. When enabled, the recei ver port is immediat ely removed from the mult icast group iden tified in the leav e message. When imm ediate leav e is disabled, th e switch follow s the standar d rules by sending a group-spec ific query to the re ceiver port a nd waitin[...]

  • Seite 281

    Multicast VLAN Regi stration 3-231 3 CLI – Th is ex ampl e conf ig ures a n MVR sour ce po rt an d re ceiv er por t, and t hen enables immediat e leave on the r eceiver po rt. Assigning St atic Multicast Groups to Inter faces For multicast streams that will run for a long ter m and be associated with a stable set of hosts, you ca n statically bin[...]

  • Seite 282

    Configuri ng the Switch 3-232 3 CLI – This examp le statically assi gns a multicast group to a recei ver port. DHCP Snooping DHCP snooping allo ws a switch to pro tect a network fr om rogue DHCP servers or other devices wh ich send port-rela ted information to a DHCP server . This inform ation can be usef ul in tracking an IP address ba ck to a p[...]

  • Seite 283

    DHCP Snooping 3-233 3 If the DHCP snoop ing is globally disabled, all d ynamic bindings are r emoved from the bindin g table. Additional considerations when the switch it self is a DHCP c lient – The port(s) through which the switch submits a client r equest to the DHCP server must be configured as trusted. Note th at the switch will not add a dy[...]

  • Seite 284

    Configuri ng the Switch 3-234 3 We b – Click DHCP Snooping, VLAN Configurat ion. Figure 3-1 45 DHCP Snooping VLAN Co nfiguration CLI – This example fir st enables DHCP Snooping for VL AN 1. DHCP Snooping Information Opti on Configuration DHCP provides a rel ay mechanism for s ending information a bout the switch and its DHCP client s to the DHC[...]

  • Seite 285

    DHCP Snooping 3-235 3 We b – Click DHCP Snooping , Information Op tion Configuration . Figure 3 -146 DHC P Snoopi ng Informa tion Option C onfigurat ion CLI – This example enables DHCP Snooping Information Option, and sets the policy as re plac e . DHCP Snooping Port Configurati on Configu res switch por t s as tru sted or untrus ted. An untrus[...]

  • Seite 286

    Configuri ng the Switch 3-236 3 CLI – This example shows how to enable the DHCP S nooping T rust S tatus for ports . DHCP Snooping Binding Informati on Displays t he DHCP sno oping bindin g information. Command Attributes • No. – Entry nu mber for DHCP snooping bi nding informatio n. • Unit – Stack unit. • Port – Port num ber. • VLA[...]

  • Seite 287

    IP Source Guard 3-237 3 IP Source Guard IP Source Guard is a secur ity feature th at filters IP traffic on n etwork inter faces based on m anually conf igured entries in the IP Source Guard table, or static and dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping” on page 3-23 2). IP sou rce guard c an be used to prevent [...]

  • Seite 288

    Configuri ng the Switch 3-238 3 CLI – This exam ple shows ho w to enable IP s ource guard on port 5 . Static IP Source Guard Bindi ng Configuration Adds a static addr esses to the sour ce-guard binding tab le. Table entries inc lude a MAC address, IP address, lease time, entr y type (Static, Dynamic), VLAN identi fier, and port ident ifier. All s[...]

  • Seite 289

    IP Source Guard 3-239 3 We b – Click IP Sou rce Guard, St atic Co nfiguration. Figure 3 -150 Stat ic IP Sour ce Guard Binding C onfigurat ion CLI – This exampl e shows how to con figur e a st ati c sour ce-gu ard bi ndin g on por t 5 . Dynamic IP Sour ce Guard Binding Information Displa ys the source-g uard binding tab le for a selected interfa[...]

  • Seite 290

    Configuri ng the Switch 3-240 3 We b – Click IP Source Guard, Dynamic In formation. Figure 3-151 Dy namic IP Source Gu ard Binding Informatio n CLI – This exampl e shows how to con figur e a st ati c source -gu ard bi ndin g on por t 5 . IP Clustering IP Clust eri ng is a me thod o f gr oupi ng s witc hes t oget her t o en able cent ral ized ma[...]

  • Seite 291

    IP Clustering 3-241 3 switch es only become c luster M embers wh en ma nually sel ected by the adminis trator throug h the manage ment station. After the Comma nder and Mem bers have been configure d, any switch in the cl uster can be man aged from the web agent by choosing the de sired Mem ber ID from the Cluster dr op down me nu. From the Com man[...]

  • Seite 292

    Configuri ng the Switch 3-242 3 We b – Click Cluster , Configuration. Figure 3-1 53 Cluster Configur ation CLI – This example first enables c lustering on th e switch, set s the switch as the cluster Co mmander, and then configu res the cluster IP pool. Cluster Member Configuration Adds Cand idat e swi tch es to the c lus ter a s Memb ers . Com[...]

  • Seite 293

    IP Clustering 3-243 3 CLI – Th is ex ampl e cr eate s a ne w clus ter Member by speci fyi ng th e Can did ate switch MAC address an d setting a Me mber ID. Cluster Member Information Displays c urrent cl uster Member s witch informa tion. Command Attributes • Member ID – The ID number of the Membe r switch. (Ran ge: 1-36) • Role – Indicat[...]

  • Seite 294

    Configuri ng the Switch 3-244 3 We b – Click Clust er , Candidate Information . Figure 3-1 56 Cluste r Candida te Informatio n CLI – This exam ple shows inf ormation ab out cluster Ca ndidate swit ches. Vty-0#s how clu ster ca ndidate s 4-328 Cluster Candid ates: Role Mac Des criptio n ------- ------- - ------- ------- --- -------- ------- ----[...]

  • Seite 295

    UPnP 3-245 3 UPnP Universal Plug and Play (UPn P) is a set of protocol s that allows dev ices to connect seamless ly and sim plifies the dep loyment of ho me and office networ ks. UPnP achieve s this by issuing UPnP device control protoc ols designe d upon open , Internet -based comm unication s t anda rds. The firs t step in UPnP networking is dis[...]

  • Seite 296

    Configuri ng the Switch 3-246 3 CLI – This examp le enables UPnP , sets the device advertis e duration to 20 0 seconds , the device TTL to 6, and displ ays inform ation about ba sic UPnP configur ation. Console(config)#upnp device 4-215 Console(config)#upnp device advertise dur ation 200 4-216 Console(config)#upnp device ttl 6 4-216 Console(confi[...]

  • Seite 297

    4-1 Chapter 4: Command Line Interface This chap ter describe s how to use the Command Line Interface (CL I). Using the Command Line Interface Accessing the CLI When acc essing the managemen t interface fo r the switch ove r a direct conne ction to the serve r’s con sole port, or via a T e lnet connec tion, the switc h can be manag ed by enter ing[...]

  • Seite 298

    Command Line Interface 4-2 4 Telnet Connect ion T elnet ope rates over the IP transpor t protocol. In this en vironme nt, your manage ment station and an y network device you wan t to manage ove r the network must have a valid IP addres s. V alid IP ad dresses con sist of four num bers, 0 to 255, separated by pe riods. Each add ress consi sts of a [...]

  • Seite 299

    Entering C ommands 4-3 4 Entering Commands Thi s sect ion desc ri bes how t o ente r CLI com mands. Keywords and Argument s A CLI comma nd is a series of key words and argu ments. Keywo rds identify a comm and, and argum ents specify con figuration parame ters. For examp le, in the comma nd “show inte rfac es s ta tus ether net 1 /5, ” show int[...]

  • Seite 300

    Command Line Interface 4-4 4 Showing Commands If you ente r a “?” at the comm and prompt , the system will display the f irst level of keywords for the curren t command cl ass (Norm al Exec or Privilege d Exec) or configur ation class (G lobal, ACL, Inter face, Line or VL AN Database). Y ou can al so[...]

  • Seite 301

    Entering C ommands 4-5 4 display a l ist of valid keyw ords for a spe cific comma nd. For exampl e, the comm and “ show ? ” disp lays a list of poss ible show co mmands: Console#show ? access-group Access groups access-list Access lists accounting Uses an accounting l ist with this name banner Banner info bridge-ext Bridge extension inf ormatio[...]

  • Seite 302

    Command Line Interface 4-6 4 The comman d “ show interface s ? ” will display the following informa tion: Partial Keyword Lookup If you termi nate a partial keyw ord with a ques tion mark, alte rnatives that m atch the initial lette rs are provide d. (Remembe r not to leave a space between the c ommand and quest ion mark.) F or example “ s? ?[...]

  • Seite 303

    Entering C ommands 4-7 4 current m ode. The com mand clas ses and associ ated mode s are displaye d in the following table : Exec Commands When you open a new cons ole sessio n on the switch w ith the user nam e and pas swor d “gu est ,” t he sy stem ente rs th e Nor mal E xec co mmand mode (or gues t mode), di splaying th e “Console>” c[...]

  • Seite 304

    Command Line Interface 4-8 4 Configurati on Commands Configu ration comma nds are priv ileged level co mmands us ed to modify s witch settings . These comman ds modify the run ning configurat ion only and are not sav ed when the sw itch is reboot ed. T o store th e running co nfiguration in no n-volatile storag e, use the copy running-con fig st ar[...]

  • Seite 305

    Entering C ommands 4-9 4 For exam ple, you can use the followin g command s to enter interfac e configurat ion mode, and th en return to Priv ileged Exec mode Console(config)#interface ethernet 1/5 . . . Console(config-if)#exit Console(config)#[...]

  • Seite 306

    Command Line Interface 4-10 4 Command Line Processi ng Comma nds are not ca se sensitive . Y ou can ab breviate com mands and parameters as long as they contain enoug h letters to differenti ate them from a ny other curre ntly availabl e comman ds or parameters . Y ou can use the T ab key t o complete parti al comm ands, or en ter a partial com man[...]

  • Seite 307

    Command Group s 4-11 4 Command Groups The syst em comma nds can b e broken down into the functiona l groups shown below . T a ble 4-4 C ommand G roups Comman d Group Descripti on Page Line Se ts communica tion param eters for t he serial port and T elne t, including bau d rate and console time -out 4-12 General Basic com mands fo r entering privile[...]

  • Seite 308

    Command Line Interface 4-12 4 The access mode sho wn in the followi ng tables is indicate d by these abbr eviations: ACL (Access Control List Configuration ) MST ( Multiple S panning Tree) CM (Class M ap Configurat ion) NE (Normal Exec) GC (Global Configur ation) PE (Pr ivil eged Exec) IC ( Interface Configurat ion) PM (Policy M ap Configurat ion) [...]

  • Seite 309

    Line Command s 4-13 4 line This comm and ident ifies a spe cific line for con figuration , and to proce ss subseque nt line conf iguration co mmands. Syntax line { console | vty } • console - Console ter minal line. • vty - Vi rtua l ter min al fo r re mote c ons ole ac ces s (i. e., Tel net) . Default Sett ing Ther e is no defaul t li ne. Comm[...]

  • Seite 310

    Command Line Interface 4-14 4 - log in sele cts authenticat ion by a single global passw ord as specified by the password li ne configurati on comman d. When using t his method, the management inte rface starts in Normal Exec ( NE) mode. - login local se lects authenti cation via the us er name a nd password specifi ed by the username command (i.e.[...]

  • Seite 311

    Line Command s 4-15 4 during sys tem boot up or when dow nloading t he configur ation file from a TFTP server . There is no need for you to ma nually conf igure enc rypted passw ords. Example Related Commands login (4-13) passw ord-th resh (4 -16) timeout log in response This comm and sets the inte rval that the sys tem waits for a user to log into[...]

  • Seite 312

    Command Line Interface 4-16 4 Syntax exec-tim eout [ seco nds ] no exec-time out seconds - Integer that specifies the number of seconds. (Range: 0-65535 seconds; 0: no timeout) Default Sett ing CLI: No timeout T elnet: 10 minutes Command Mode Line Co nfiguration Command Usage • If user input is detected wi thin the timeout interval, the ses sion [...]

  • Seite 313

    Line Command s 4-17 4 Command Usage • When th e logon attem pt threshold i s reached, th e system int erface becom es silent for a specified amou nt of time befor e allowing the nex t logon attemp t. (Use the silent-time com man d to se t this inte rval .) Wh en th is thr esh old is reached for Telnet, the Te lnet logon interfac e shuts do wn. ?[...]

  • Seite 314

    Command Line Interface 4-18 4 Syntax da tab its { 7 | 8 } no databit s • 7 - Seven data b its per charac ter. • 8 - Eig ht data bits pe r character. Default Sett ing 8 data bits per charac ter Command Mode Line Co nfiguration Command Usage The d a tab its co mmand ca n be us ed to mas k the hi gh bit on inp ut fro m devices that gene rate 7 d a[...]

  • Seite 315

    Line Command s 4-19 4 Example T o specify no parity , enter this command: speed This comm and sets the termi nal line’s baud rate. This comman d sets both the transmi t (to terminal ) and receive (fr om termina l) speeds. Use t he no form to re store the defaul t setting. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 960[...]

  • Seite 316

    Command Line Interface 4-20 4 Example T o speci fy 2 stop bits, enter this command : disco nnect Thi s com mand t ermi nate s an S SH, T elne t, o r co nsol e conn ect ion. Syntax disconnect sess ion -id sessio n-id – The session identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecify[...]

  • Seite 317

    General Command s 4-21 4 Example T o show all lines, enter thi s command : General Commands enab le Thi s com mand a cti vates Priv il eged E xec m ode. In pr ivi leg ed mode , ad dit ional comm ands are av ailable, a nd certain comm ands disp lay additi onal informa tion. See “Unders t andin g Comma nd Modes” on page 4-6. Syntax enable [ level[...]

  • Seite 318

    Command Line Interface 4-22 4 The device has two predefined privilege levels: 0: Normal Exec, 15: Pri vileged Exec. Enter l evel 15 to access Privileged Exec mode. Default Sett ing Level 15 Command Mode Normal Exec Command Usage • “super ” is the defau lt passwor d required to chan ge the comm and mode from Normal Exec to Pr ivileged Exec. (T[...]

  • Seite 319

    General Command s 4-23 4 configure This c ommand activates Global C onfiguration mode. Y ou must e nter this m ode to modify an y settings on t he switch. Y ou m ust also enter Global Config uration mod e prior to en abling some o f the other configu ration mode s, including Interface Configura tion, Line Con figuration, and VLAN Database Con figur[...]

  • Seite 320

    Command Line Interface 4-24 4 The ! comman d re peat s co mmand s fro m the Exec utio n com mand hi st ory bu ff er when yo u are in Normal Exec or Privileged Exe c Mode, and commands fr om the Configu ration comma nd history buff er wh en you are in an y of the config uration mode s. In t his ex ample , the !2 comman d repeats the se cond comm and[...]

  • Seite 321

    General Command s 4-25 4 Default Sett ing None Command Mode Privileged Exec Example This examp le shows ho w to cancel a co nfigured del ayed reset of the sw itch: show relo ad This comm and displ ays the remaini ng time until a pend ing delaye d reset will take place. Syntax show r eload Default Sett ing None Command Mode Privileged Exec Example T[...]

  • Seite 322

    Command Line Interface 4-26 4 exit This comm and returns t o the previous configuration mode or exit the co nfiguration program. Default Sett ing None Command Mode Any Example This examp le shows ho w to return to the Pri vileged Exec mod e from the Glob al Configu ration mode , and then quit the CLI session: quit Thi s comma nd exi ts th e conf ig[...]

  • Seite 323

    System Management C ommands 4-27 4 System Management Co mmands Thes e co mmands a re u sed t o con trol sys tem l ogs, pa sswor ds, u ser names, brow ser configur ation option s, and display or configure a va riety of other sy stem inform ation. Device Designation Commands prompt This comm and custom izes the CLI pr ompt. Use the no form to rest or[...]

  • Seite 324

    Command Line Interface 4-28 4 Command Mode Global Co nfiguration Example hostname This comm and specif ies or modifi es the host na me for this devi ce. Use the no form to restor e the default host name. Syntax hostnam e name no hostname name - The name of this host. (Maxim um length: 255 characters) Default Sett ing None Command Mode Global Co nfi[...]

  • Seite 325

    System Management C ommands 4-29 4 banner con figure This c ommand allows the admini strator to interac tively sp ecify adm inistrative inform ation for this de vice. Syntax banner configur e Default Sett ing None Command Mode Global Co nfiguration Command Usage The adm inistrator c an batch-inp ut all details for the s witch with on e comman d. Wh[...]

  • Seite 326

    Command Line Interface 4-30 4 Example banner con figure company This c ommand allows the administ rator to configure the company informa tion displaye d in the banner. Use the no form to remove the company name information from t he banner display . Syntax banner conf igure company name no banner con figure company name - The name of the company . [...]

  • Seite 327

    System Management C ommands 4-31 4 Command Usage The us er-e nter ed da ta can not co nt ain sp ace s. The ban ner configure company comma nd interprets space s as data input bound aries. The use of undersc ores ( _ ) or other unob trusive non- letter charact ers is sugge sted for situation s where whites pace is necessa ry for clarity . Example ba[...]

  • Seite 328

    Command Line Interface 4-32 4 Syntax banner conf igure department dept - name no banner con figure company dept-name - The name of the department. (Maximum length: 32 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usage The use r-entered data cannot contain spaces . The banner configur e dep art ment comm and interp re[...]

  • Seite 329

    System Management C ommands 4-33 4 Command Usage The us er-e nter ed da ta can not co nt ain sp ace s. The ban ner configure eq uipme nt- inf o comm and interp rets spaces as data input b oundaries . The use of unde rscores ( _ ) or other unobtrusive non-letter characters is suggest ed for s ituations w here w hitespace is necessar y for c larity .[...]

  • Seite 330

    Command Line Interface 4-34 4 ip-m ask - The IP address and s ubnet mask of the de vice. (Maximum length: 32 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usage The use r-entered data cannot contain spaces . The banner configur e ip-lan comm and interprets spaces as data input boundar ies. The use of und erscores ( _ [...]

  • Seite 331

    System Management C ommands 4-35 4 banner con figure manage r-info This c ommand allows the administ rator to configure the ma nager con t act inform ation disp layed in t he bann er . Us e the no form to r emove the man ager contact inform ation from the bann er display . Syntax banner conf igure manager-info name mgr1-n ame phon e-number mgr1-nu [...]

  • Seite 332

    Command Line Interface 4-36 4 no banner con figure mux muxinf o - The ci rcuit and PVC to which t he switch is connected. (Maximum length: 3 2 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usage The use r-entered data cannot contain spaces . The banner configur e mux comm and interprets spaces as data input boundar ie[...]

  • Seite 333

    System Management C ommands 4-37 4 Example show ba nner This comm and displays all banner infor mation. Syntax sh ow ban ner Default Sett ing None Command Mode Normal Exec, Privileged Exec Example Console(config)#banner configure note !!!!!ROUTINE_MAINTENANCE_firmware- upgrade_0100-0500_GMT-0500_20071022!!!!!_ 20min_network_impact_expected Console([...]

  • Seite 334

    Command Line Interface 4-38 4 User Access Commands The bas ic comm ands re quired for managem ent acc ess are listed in this sect ion. This switc h also include s other option s for password ch ecking via th e console or a T elnet con nection (page 4-1 2), user authe ntication via a re mote authenti cation server (p age 4-91 ), and host ac cess aut[...]

  • Seite 335

    System Management C ommands 4-39 4 Command Usage The encry pted password i s required for com patibility with leg acy password settings (i.e., pl ain text or encryp ted) when reading the conf iguration file duri ng system bo otup or w hen download ing the con figuration file from a TFTP ser ver . There is no nee d for you to manu ally configu re en[...]

  • Seite 336

    Command Line Interface 4-40 4 Related Commands enable (4- 21) aut hent icat ion en able (4-93 ) IP Filt er Commands managem ent This comm and specif ies the client IP addresses that are allowed m anagemen t access t o the switch thr ough various pr otocols. U se the no form to res tore the default se tting. Syntax [ no ] management { all-client | h[...]

  • Seite 337

    System Management C ommands 4-41 4 • You can delete an add ress range just by specifying t he start addre ss, or by specifyi ng both the sta rt address a nd end address . Example Thi s exam ple res tri cts m anage ment ac cess to the in dica ted ad dres ses. show ma nagement This comm and displ ays the client IP a ddresses th at are allowed manag[...]

  • Seite 338

    Command Line Interface 4-42 4 Web Server Commands ip http port This comm and specif ies the TCP port number used by the web browse r interface . Use t he no form to us e the default port. Syntax ip http port port-num ber no ip http port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett ing 80 Command Mod[...]

  • Seite 339

    System Management C ommands 4-43 4 Example Related Commands ip htt p port (4 -42) ip http sec ure-server This comm and enable s the secure hype rtext transfe r protocol (HTT PS) over the Secure Socket Lay er (SSL), p roviding sec ure access (i.e., an encrypted connec tion) to the swit ch’s web interface. Use the no form to disable th is function.[...]

  • Seite 340

    Command Line Interface 4-44 4 Example Related Commands ip http secu re-port (4-44) copy tftp https-certif icate (4-85) ip http sec ure-port Thi s com mand s peci fies the UDP po rt number use d fo r HTTPS conn ect ion t o th e switch’ s web interface. Us e the no f orm to re store the def ault port. Syntax ip http secure-por t port_num ber no ip [...]

  • Seite 341

    System Management C ommands 4-45 4 Telnet Ser ver Commands ip telnet po rt This co mmand s pecifies the TCP port n umber us ed by the T elnet int erface. Use the no form to use th e default port. Syntax ip telnet port port -number no ip telnet port port-number - The TCP p ort to be used by the browser interface. (Range: 1-65535) Default Sett ing 23[...]

  • Seite 342

    Command Line Interface 4-46 4 Related Commands ip tel net port (4-45) Secure Shell Command s The Berkl ey-standard in cludes remote ac cess too ls originally des igned for Un ix systems. Some of these tools have also been imple mented for Mi crosoft Window s and other environmen t s. Thes e tools, includ ing comm ands such as rl ogin (re mot e logi[...]

  • Seite 343

    System Management C ommands 4-47 4 The SSH se rver on this sw itch suppor t s both p ass word and pub lic key authenti cation. If passwor d authentica tion is specifie d by the SSH client, then the password can be authenti cated either locally or via a RAD IUS or T AC ACS+ rem ote authenti cation serve r , as spec ified by the au thentication lo gi[...]

  • Seite 344

    Command Line Interface 4-48 4 corres ponding to the p ublic keys sto red on the switc h can gain acce ss. The followi ng exchanges take place during this process: a. T he cl ien t send s it s p ubli c ke y to t he sw itch . b. The switc h compares the cli ent's public key to those stored in memory . c. If a ma tch is fo und, the swit ch us es [...]

  • Seite 345

    System Management C ommands 4-49 4 ip ssh tim eout This comm and confi gures the time out for the SSH server . Use the no fo rm to restore the defaul t setting. Syntax ip s sh timeout secon ds no ip ssh time out seconds – The timeout for client response during SSH negotiation. (Range: 1- 120) Default Sett ing 10 seco nds Command Mode Global Co nf[...]

  • Seite 346

    Command Line Interface 4-50 4 Example Related Commands show ip ss h (4-52) ip ssh se rver-key s ize This comm and sets the SSH serv er key size. Use the no form to rest ore the defaul t setting. Syntax ip ssh serv er-key siz e ke y-si ze no ip ssh ser ver-key size key-size – The size of server key . (Range: 512-896 bits) Default Sett ing 768 bits[...]

  • Seite 347

    System Management C ommands 4-51 4 Example ip ssh cr ypto host-k ey generate This comm and generat es the host key pai r (i.e., public and pr ivate). Syntax ip ssh cryp to host-key gener ate [ dsa | rsa ] • dsa – DSA (V ersion 2) key type . • rsa – RSA ( Version 1) key t ype. Default Sett ing Generat es both the DSA and R SA key pairs. Comm[...]

  • Seite 348

    Command Line Interface 4-52 4 Command Mode Privileged Exec Command Usage • This comm and clears the host key from volatile mem ory (RAM). Use the no ip ssh save h ost-key comm and to clea r the host key from flash memo ry. • The SSH se rver must be disa bled befor e you can execu te this comman d. Example Related Commands ip ssh cryp to host-ke[...]

  • Seite 349

    System Management C ommands 4-53 4 Example show ss h This comm and displays the current SSH server connec tions. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentica tion retries: 3 Server key size: 768 bits Console# Console#show ssh Connection Version State Use rname Encrypti[...]

  • Seite 350

    Command Line Interface 4-54 4 show pub lic-key Thi s com mand s hows the publ ic ke y for the s pec ifi ed use r or for the host . Syntax show p ublic-key [ user [ userna me ]| host ] username – Name of an SSH u ser . (Range : 1-8 characters) Default Sett ing Shows all public keys. Command Mode Privileged Exec Command Usage • If no para mete rs[...]

  • Seite 351

    System Management C ommands 4-55 4 Event Logging Commands logging on This comm and contro ls logging of error messages, sending deb ug or error messag es to sw itch me mory . T he no form dis ables the lo ggin g proc ess. Syntax [ no ] logging on Default Sett ing None Command Mode Global Co nfiguration Command Usage The logging process co ntrols er[...]

  • Seite 352

    Command Line Interface 4-56 4 logging his tory This com mand limits sy slog messa ges saved to s witch memor y based on s everity . The no form re turns the logging of syslo g messages to t he default le vel. Syntax logging history { flas h | ra m } level no logging history { fla sh | ram } • flas h - Event histor y stored in flas h memory (i.e .[...]

  • Seite 353

    System Management C ommands 4-57 4 logging hos t This comm and adds a syslog server ho st IP addres s that will receiv e logging messag es. Use the no form to remove a syslog se rver host. Syntax [ no ] logging host host_ip_ address host_ip_address - The IP address of a syslog server . Default Sett ing None Command Mode Global Co nfiguration Comman[...]

  • Seite 354

    Command Line Interface 4-58 4 logging trap This comm and enable s the logging of system mess ages to a rem ote server , or limits the sysl og message s saved to a remote serve r based on se verity . Use th is comm and without a spe cified leve l to enable remot e logging. Us e the no form to disable re mote logging. Syntax logging trap [ level ] no[...]

  • Seite 355

    System Management C ommands 4-59 4 Related Commands show logg ing (4-59) show log ging This comm and displays the config uration settings for logging mes sages to loc al switch memory , to an SMTP event han dler , or to a remote sysl og server . Syntax sh ow logg ing { flash | ram | sendmail | tr ap } • flas h - Displays settings for st oring eve[...]

  • Seite 356

    Command Line Interface 4-60 4 The follow ing example di splays sett ings for the trap fu nction. Related Commands show logg ing sendma il (4-64) show log This c ommand displays the sys tem and event message s stored in mem ory . Syntax show log { flash | ram } [ login ] [ tai l ] • flas h - Event histor y stored in flas h memory (i.e ., permanen [...]

  • Seite 357

    System Management C ommands 4-61 4 Example The fo llowing ex ample sh ows sam ple me ssages st ored in RAM. SMTP Alert Commands These com mands con figure SMTP ev ent handling, an d forwarding of alert messag es to the specifi ed SMTP serv ers and email rec ipients. logging sendmail h ost This co mmand sp ecifies SMTP servers t hat will be s ent al[...]

  • Seite 358

    Command Line Interface 4-62 4 Command Mode Global Co nfiguration Command Usage • You can spec if y up to thr ee SMTP se rve rs for ev ent ha ndin g. How ever, you must en ter a separate command to sp ecify each s erver. • To se nd email a lerts, the s witch firs t opens a connection, sends a ll the emai l alerts wai ting in the queue one by one[...]

  • Seite 359

    System Management C ommands 4-63 4 logging se ndmail sourc e-email This comm and sets the emai l address used for the “From ” field in alert mes sages. Use t he no form to de lete the sourc e email addr ess. Syntax [no] logging sen dmail source-email ema il-address email- address - The source email address use d in alert messages. (Range: 0-41 [...]

  • Seite 360

    Command Line Interface 4-64 4 logging se ndmail This comm and enable s SMTP event hand ling. Use the no form to disable this func tion . Syntax [ no ] log ging sendmail Default Sett ing Enab led Command Mode Global Co nfiguration Example show log ging sendma il This command displays the settings for the SMTP event handler . Command Mode Normal Exec[...]

  • Seite 361

    System Management C ommands 4-65 4 Time Commands The syste m clock can be dy namically set by polling a set of specified time servers (NTP or SNTP) . Mai nt ain ing a n ac cura te ti me on the swi tch enabl es t he sy stem log to record meaningful d ates and times f or event ent ries. If the clock is not set, the switch will only record th e time f[...]

  • Seite 362

    Command Line Interface 4-66 4 Command Usage • The time ac quired from time servers is us ed to record accurate dates and times for lo g events. Without SNTP, the switch only rec ords the time starting from the factory default se t at the last boot up (i.e., 00:00 :00, Jan. 1, 2001) . • This com mand enable s client time requ ests to tim e serve[...]

  • Seite 363

    System Management C ommands 4-67 4 Example Related Commands sntp cl ient (4-65) sntp poll (4-67 ) show sn tp (4-67) sntp poll This comm and sets the inte rval between se nding time requests when the sw itch is set to SNTP client mode. Use th e no for m to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time [...]

  • Seite 364

    Command Line Interface 4-68 4 Example ntp cli ent This comm and ena bles NTP clie nt requests for ti me synchron ization from NTP time serv ers specifie d with the ntp s ervers command. Use the no form to disable NTP client reque sts. Syntax [ no ] nt p c lie nt Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • The SNTP[...]

  • Seite 365

    System Management C ommands 4-69 4 ntp se rver Thi s com mand s et s the IP ad dres ses o f t he ser vers to w hich NTP ti me reques ts are issued. U se the no form of the com mand to c lear a sp ecific time server or all serve rs from the current list. Syntax ntp server i p-addre ss [ ve rsion number ] [ key ke y-numb er ] no ntp server [ ip-a ddr[...]

  • Seite 366

    Command Line Interface 4-70 4 ntp pol l This comm and sets the inte rval between se nding time requests when the sw itch is set to NTP clie nt mode. Use the no form to rest ore to the defaul t. Syntax ntp poll seconds no ntp poll seconds - Interval between time requests. (Range: 16- 16384 seconds) Default Sett ing 16 seco nds Command Mode Global Co[...]

  • Seite 367

    System Management C ommands 4-71 4 Example Related Commands ntp authent ication-key (4-71) ntp au thentication-k ey This comm and config ures authe ntication keys and key numbe rs to use whe n NTP authenti cation is enabled. Use the no f orm of the command to clear a spe cific authenticat ion key or all ke ys from the curr ent list. Syntax ntp auth[...]

  • Seite 368

    Command Line Interface 4-72 4 show ntp This comm and displays the current tim e and configur ation setting s for the NTP client, and indicates w hether or not the loc al time has bee n properly upd ated. Command Mode Normal Exec, Priv ileged Exec Command Usage This c ommand displays t he curre nt time, t he poll i nterval u sed for sending time syn[...]

  • Seite 369

    System Management C ommands 4-73 4 Command Usage This c ommand sets the loc al time zone relat ive to the Coord inated U niversal T ime (UTC, former ly Gre enwi ch Mea n T ime or GMT), ba sed on the ear th’ s prime m eridian, z ero de grees longi tude. T o display a time co rrespondi ng to your l ocal time, you must indicate the num ber of ho urs[...]

  • Seite 370

    Command Line Interface 4-74 4 cloc k summ er-tim e (da te) Thi s com mand a llo ws th e user to manua lly conf igur e t he st art , end , an d of fs et ti mes of summe r-time (dayl ight savings time) for the sw itch on a one-tim e basis. Us e the no form to dis able summer -time. Syntax cloc k summer-t ime name date b-mont h b- day b-yea r b- hour [...]

  • Seite 371

    System Management C ommands 4-75 4 Example Related Commands show sn tp (4-67) clock sum mer-time (pred efined) This comm and config ures the summ er time (dayl ight savings time) status and settings for the switch using prede fined configur ations for se veral major reg ions of the world. Use the no f orm to disable summer time. Syntax clock s umme[...]

  • Seite 372

    Command Line Interface 4-76 4 Related Commands show sn tp (4-67) cloc k summ er-tim e (re currin g) Thi s com mand a llo ws th e user to manua lly conf igur e t he st art , end , an d of fs et ti mes of summe r-time (da ylight savings time) for the sw itch on a recurr ing basis. Use the no form to dis able summer -time. Syntax cloc k summer-t ime n[...]

  • Seite 373

    System Management C ommands 4-77 4 Example Related Commands show sn tp (4-67) cale ndar set This comm and sets the sys tem clock. It ma y be used if ther e is no time serve r on your net work, or if y ou have n ot configur ed the swi tch to recei ve signals from a time serv er . Syntax calenda r set hour min se c { day m onth y ear | mont h day yea[...]

  • Seite 374

    Command Line Interface 4-78 4 System Status Commands show sta rtup-config This command dis plays the configur ation file sto red in non-volati le memory that is used to start up the system. Default Sett ing None Command Mode Privileged Exec Command Usage • Use this command in conjunct ion with the s how running-config command to compar e the info[...]

  • Seite 375

    System Management C ommands 4-79 4 Example Related Commands show runni ng-config ( 4-79) show runn ing-config This comm and displays the config uration inform ation currentl y in use. Default Sett ing None Command Mode Privileged Exec Command Usage • Use this comma nd in conj unct ion wi th t he show startup-co nfig command to compar e the inform[...]

  • Seite 376

    Command Line Interface 4-80 4 is s epar ated by “ !” sy mbol s, an d in clud es t he con fi gurat ion mode c omman d, and corr esponding co mmands. This comman d displays th e following inf orm atio n: - MAC address for ea ch switch in the stack - SNTP server settings - Lo cal time zone - SNMP communi ty strin gs - Use rs (na mes, ac cess lev e[...]

  • Seite 377

    System Management C ommands 4-81 4 Example Related Commands show startu p-config (4-78 ) Console#show running-config building startup-config, please wait..... ! phymap 00-12-cf-ce-2a-20 00-00-00-00-00-0 0 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00 -00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.[...]

  • Seite 378

    Command Line Interface 4-82 4 show sy stem This command displays system information. Default Sett ing None Command Mode Normal Exec, Priv ileged Exec Command Usage • For a descr iption of the ite ms shown by this command, refer to “Displ aying System In formation” o n page 3-12. • The POST result s sh ould a ll displ ay “P ASS.” If a ny[...]

  • Seite 379

    System Management C ommands 4-83 4 Command Usage The sess ion use d to exec ute this co mmand is indicated by a “* ” symbol n ext to the Line (i.e ., session) ind ex number . Example show ve rsion This c ommand displays h ardware and s oftware version informa tion fo r the sy stem. Default Sett ing None Command Mode Normal Exec, Privileged Exec[...]

  • Seite 380

    Command Line Interface 4-84 4 Example Frame Size Commands jumbo frame This comm and enable s support for jum bo frames. Use t he no form t o disa ble it . Syntax [ no ] jumbo frame Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • This swi tch provides m ore efficient t hroughput for large seque ntial data transfer s by[...]

  • Seite 381

    Flash/File C ommands 4-85 4 • Enabling j umbo frame s will limit the ma ximum thres hold for broad cast storm contro l to 64 packe ts per sec ond. (See t he switchport broa dcast comm and on pag e 4-17 2.) • The cur rent s etti ng for jumb o frame s ca n be di splaye d wit h the show sy stem comm and (page 4-82) . Example Flash/File Commands Th[...]

  • Seite 382

    Command Line Interface 4-86 4 • htt ps-ce rtifi cate - Copi es an H TTPS ce rti ficat e fr om an TFT P ser ver t o the switch . • public-ke y - Keywor d th at a llo ws yo u to copy a SSH k ey f rom a TFTP server. ( “Secure Shell Com mands” on pa ge 4-46) • unit - Keyword th at allows you t o copy to/from a u nit. Default Sett ing None Com[...]

  • Seite 383

    Flash/File C ommands 4-87 4 Example The follow ing example sh ows how to up load the configu ration sett ings to a file on the TFTP serve r: The follow ing example sh ows how to co py the running c onfigurati on to a startup file. The follow ing example sh ows how to do wnload a co nfiguration file: This examp le shows ho w to copy a secur e-site c[...]

  • Seite 384

    Command Line Interface 4-88 4 This examp le shows how to copy a public-key used by SSH from a TFT P server . Note that pu blic key authe ntication v ia SSH is only supp orted for user s configured locally on the switch : delete This comm and delete s a file or image. Syntax delete [ un it :] file name filename - Name of the configurati on file or i[...]

  • Seite 385

    Flash/File C ommands 4-89 4 dir This command dis plays a list of files in fl ash memory . Syntax dir [ unit :] {{ boot-rom: | config: | opc ode: } [: fi lenam e ]} The type of fil e or image to displa y includes: • boot-rom - Boot R OM (or diagnostic) ima ge file. • config - Swi tch c onfi gur ation fi le. • opcode - Run -time opera tion code[...]

  • Seite 386

    Command Line Interface 4-90 4 whichboo t This c ommand displays w hich fi les were booted wh en the system p owered up. Syntax whichboot [ unit ] unit - S tack uni t. (Range: 1) Default Sett ing None Command Mode Privileged Exec Example This examp le shows the i nformation d isplayed by th e whichboot comma nd. See the table un der the dir com mand[...]

  • Seite 387

    Authentication C ommands 4-91 4 Example Related Commands dir (4-89) whi chboo t (4- 90) Authentication Commands Y o u can configur e this switch to au thentica te users loggi ng into the sys tem for manage ment acces s using local or RADIUS au thenticatio n methods. Y ou ca n also enable po rt-based aut hentication for network clien t access using [...]

  • Seite 388

    Command Line Interface 4-92 4 authentica tion login This co mmand d efines the login authe ntication m ethod and precedenc e. Use the no form to rest ore the defaul t. Syntax aut henti cation l ogi n {[ local ] [ radius ] [ t acac s ]} no authenticat ion login • loc al - Use local p assword. • radius - Use RADIUS server passwor d. • t aca cs [...]

  • Seite 389

    Authentication C ommands 4-93 4 authentica tion enable This comm and define s the authentica tion metho d and preceden ce to use whe n changin g from Exec comm and mode to Priv ileged Exec com mand mode w ith the enable co mmand (see page 4 -21). Use th e no form to restore the default. Syntax authenti cation enabl e {[ lo cal ] [ radius ] [ tacacs[...]

  • Seite 390

    Command Line Interface 4-94 4 RADIUS Client Remote Authenticati on Dial-in User Ser vice (RADIUS ) is a logon authent ication protoc ol that uses softwar e running on a central serve r to control acce ss to RADIUS- aware dev ices on the netwo rk. An authenti cation server con tains a database of m ultiple user na me/passwo rd pairs with associ ated[...]

  • Seite 391

    Authentication C ommands 4-95 4 radius- server hos t This comm and specif ies primary an d backup RAD IUS server s and authent ication par amet ers that ap ply to ea ch ser ver . Us e the no form to re store the defaul t values. Syntax [ no ] radius -se rver in de x host { host_i p_add ress | host_alias } [ auth-por t auth_por t ] [ timeout ti meo [...]

  • Seite 392

    Command Line Interface 4-96 4 Command Mode Global Co nfiguration Example radius- server aut h-port This comm and sets the RAD IUS server network port fo r authenticat ion messages . Use t he no form to re store the def ault. Syntax radi us-s erver au th- port port_numbe r no radius-server auth-p ort port_number - RADIUS server UDP port used for aut[...]

  • Seite 393

    Authentication C ommands 4-97 4 radius- server r etransmit This c ommand sets the num ber of retries. U se the no form to rest ore the defaul t. Syntax radi us-s erver re trans mit numb er_o f_re tri es no radius-server retransmit number_of_retries - Numbe r of times the switch will try to authenticate logon access via t he RADIUS server . (Range: [...]

  • Seite 394

    Command Line Interface 4-98 4 Example TACACS+ Client T erminal Access Co ntroller Access Control System (T ACA CS+) is a logon authenti cation proto col that uses softw are running on a ce ntral server to control access t o T ACACS -aware devi ces on the net work. An authent ication ser ver contains a d atabase o f multiple us er name/ password pai[...]

  • Seite 395

    Authentication C ommands 4-99 4 • timeout - Number of seconds the switch waits for a reply before rese nding a request. (Range: 1-540 seconds) • retr ansmi t - Number o f times the switch will resen d an authentica tion request to the TACACS+ se rver. (Ran ge: 1-30) • key - Encryption key used to authenticate logon access for client. Do not u[...]

  • Seite 396

    Command Line Interface 4-100 4 Syntax t aca cs-serv er key key_s tring no tacacs-serv er key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 2 0 characters) Default Sett ing None Command Mode Global Co nfiguration Example tacacs-se rver retr ansmit This c ommand s[...]

  • Seite 397

    Authentication C ommands 4-101 4 Default Sett ing 5 second s Command Mode Global Co nfiguration Example show tacac s-ser ver This comm and displays the current set tings for the T ACACS + server . Default Sett ing None Command Mode Privileged Exec Example Console(config)#tacacs-server timeout 10 Console(config)# Console#show tacacs-server Remote TA[...]

  • Seite 398

    Command Line Interface 4-102 4 AAA Commands The Auth enti cati on, aut hori zati on, a nd accou nti ng (A AA) feat ure provi des t he m ain fra mewo rk fo r conf ig urin g acce ss c ont rol o n th e swit ch. T he AA A f unct ions r equi re the use of con figured RAD IUS or T AC ACS+ serv ers in the netwo rk. aaa gr oup server Use this command to na[...]

  • Seite 399

    Authentication C ommands 4-103 4 Example serv er This comman d adds a security se rver to an AAA server group . Use the no form to remov e the associat ed server from th e group. Syntax [ no ] server { index | ip-address } • index - Specifies the serve r index. (Range: RADIUS 1-5, TACACS+ 1) • ip-a ddress - Specifies the host IP addre ss of a s[...]

  • Seite 400

    Command Line Interface 4-104 4 - radius - Spec ifies all RADI US hosts conf igure with th e r adius-serv er host comm and descri bed on page 4-95 . - tacacs+ - Specifies all TAC ACS+ hosts co nfigure with th e tacacs- server host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he aaa g[...]

  • Seite 401

    Authentication C ommands 4-105 4 - radius - Spec ifies all RADI US hosts conf igure with th e r adius-serv er host comm and descri bed on page 4-95 . - tacacs+ - Spec ifies all TAC ACS+ ho sts co nfigure wi th the tacacs-ser ver host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he a[...]

  • Seite 402

    Command Line Interface 4-106 4 - tacacs+ - Specifies all TAC ACS+ hosts co nfigure with th e tacacs- server host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he aaa gro up server com mand desc ribed on 4-102. (Range: 1-2 55 charact ers) Default Sett ing Account ing is not enabled No[...]

  • Seite 403

    Authentication C ommands 4-107 4 Example accounting dot1x This comm and applies an accountin g method for 80 2.1X service r equests on an int erf ace. Use the no form to disabl e accounting on the interfa ce. Syntax accounting dot1x { de fau lt | lis t-name } no account ing dot1x • default - Speci fie s the defa ult m ethod li st cr eate d wit h [...]

  • Seite 404

    Command Line Interface 4-108 4 Example accounting comma nds This comm and applies an accountin g method to ent ered CLI com mands. Use the no form to dis able accoun ting for ente red command s. Syntax accounting command s leve l { default | list-name } no account ing commands l evel • level - The privilege level for execut ing comman ds. (Rang e[...]

  • Seite 405

    Authentication C ommands 4-109 4 - tacacs+ - Spec ifies all TAC ACS+ ho sts co nfigure wi th the tacacs-ser ver host comm and descri bed on page 4-98 . - serv er-gro up - S pecifies t he name of a server group confi gured with t he aaa gro up server com mand desc ribed on 4-102. (Range: 1-2 55 charact ers) Default Sett ing Authoriz ation is not ena[...]

  • Seite 406

    Command Line Interface 4-110 4 Example show ac counting Thi s com mand d ispl ays the c urre nt a ccoun ting set tings pe r fun ctio n and per port . Syntax show a ccounting [ commands [ leve l ]] | [[ dot1x [ statistics [ user name user - name | interfac e interface ]] | ex ec [ st atis tics ] | statistics [ us ername user - name | inte rface ]] ?[...]

  • Seite 407

    Authentication C ommands 4-111 4 Port Security Commands These com mands can be used to ena ble port securi ty on a port. When us ing port securi ty , the swit ch stops lea rning new M AC addr esses on th e specified port when i t has r eache d a conf igur ed max imum num ber . Only i ncomi ng tra f fic wit h sour ce address es already s tored in th[...]

  • Seite 408

    Command Line Interface 4-112 4 Command Usage • If you e nable p ort securi ty, the swi tch sto ps learning n ew MAC a ddresse s on the spec ified port when it has reached a configured m aximum num ber. Only incomin g traffic wit h source add resses al ready stored i n the dyna mic or static address table will be acce pted. • First use the po rt[...]

  • Seite 409

    Authentication C ommands 4-113 4 dot1x system -auth-contro l This comm and enable s 802.1X port authe ntication g lobally on the swi tch. Use the no form to restore the default. Syntax [ no ] do tx sy stem- aut h-con trol Default Sett ing Disabled Command Mode Global Co nfiguration Example dot1x default This c ommand sets all co nfigurable d ot1x g[...]

  • Seite 410

    Command Line Interface 4-114 4 dot1x max- req This co mmand se t s the maximum number of times th e switch p ort will retra nsmit an EAP request/identity packet to the client before it times out the authentication session . Use the no for m to res tore th e default. Syntax dot1x ma x-req count no dot1x max- req count – The m aximum number of requ[...]

  • Seite 411

    Authentication C ommands 4-115 4 dot1x operation-m ode This command allows single or multiple hosts (client s) to connect to an 802. 1X-a utho rize d port . Use th e no form with no keyw ords to rest ore the defaul t to single h ost. Use the no form with the multi-host max -count keywords to re store the default max imum cou nt. Syntax dot1x o pera[...]

  • Seite 412

    Command Line Interface 4-116 4 Command Mode Privileged Exec Example dot1x re-aut hentication This comm and enable s periodic re-au thentication globally for all por t s. Us e the no form to disa ble re-authe ntication. Syntax [ no ] dot1x re-a uthen tica tion Command Mode Interface C onfigurat ion Example dot1x timeout quiet- period This command se[...]

  • Seite 413

    Authentication C ommands 4-117 4 dot1x timeout re-auth period This comm and sets th e time period af ter which a conne cted client must be re-authe nticated. Syntax dot1x ti meout re-authper iod secon ds no dot1x timeou t re-authperiod secon ds - The n umber of seconds. (Range: 1- 65535) Default 3600 seco nds Command Mode Interface C onfigurat ion [...]

  • Seite 414

    Command Line Interface 4-118 4 dot1x intrusion-a ction This comm and sets the port ’ s respon se to a failed au thenticat ion, either to bloc k all traf fic, or t o assign all traffic for the port to a guest VLAN. Use the no form to reset the defaul t. Syntax dot1x intrusion-action { block -traffic | g uest-vlan } no dot1x intrusion-ac tion Defau[...]

  • Seite 415

    Authentication C ommands 4-119 4 - Status – Admini strative stat e for port ac cess control. - Ope ration Mode – Dot1x port control operation m ode (page 4-115) . - Mod e – Dot1x por t control mode (page 4-114) . - Autho rized – Au thorization st atus (yes or n/a - n ot authorize d). • 802.1X Port Details – D isplays th e port a ccess c[...]

  • Seite 416

    Command Line Interface 4-120 4 - Ide ntif ier (Ser ver) – Id ent ifie r carr ied i n the mos t rece nt EA P Succe ss, Failure or R equest pack et received from the Authenticatio n Server. • Reauthe ntication State Mac hine - Stat e – Curr ent state (includ ing initialize , reauthentica te). Example Console#show dot1x Global 802.1X Parameters [...]

  • Seite 417

    Authentication C ommands 4-121 4 Network Access – MAC Address Authent ication The Netw ork Access feat ure control s host access to the network by authenticat ing its MAC a ddress on t he connect ed switch port. Traffic received from a spec ific MAC address is forwarded by the switch on ly if the source MA C address is successfull y authenti cate[...]

  • Seite 418

    Command Line Interface 4-122 4 Default Sett ing Disabled Command Mode Interface C onfigurat ion Command Usage • When ena bled on a port inte rface, the authe ntication process sends a Password Authenticatio n Protocol (PAP) r equest to a config ured RADIUS server . The username and passwor d are both equ al to the MAC addr ess being auth enticate[...]

  • Seite 419

    Authentication C ommands 4-123 4 count - The maximum number of authenticated MAC addresses allowed. (Range: 1 to 2048; 0 for unlimited) Default Sett ing 2048 Command Mode Interface C onfigurat ion Command Usage The max imum num ber of MAC addresse s per port is 20 48, and the maximum number of secure MA C addresse s supported for th e switch system[...]

  • Seite 420

    Command Line Interface 4-124 4 Default Sett ing 1024 Command Mode Interface C onfig Example network-ac cess dyna mic-qos Use this com mand to ena ble the dynam ic QoS feature for an authentica ted port. Use t he no form to re store the def ault. Syntax [ no ] ne two rk- acces s dyn amic- qos Default Sett ing Disabled Command Mode Interface C onfigu[...]

  • Seite 421

    Authentication C ommands 4-125 4 • The VLAN settings spec ified by the first authe nticated M AC address are implem ented for a p ort. Other au thenticate d MAC add resses on t he port must have sam e VLAN config uration, or they ar e treated as authe ntication fai lure. • If dynamic VLAN assignm ent is enabled on a port and the RA DIUS server [...]

  • Seite 422

    Command Line Interface 4-126 4 Default Sett ing Disabled Command Mode Interface C onfigurat ion Example network-ac cess link-d etection link -down Use this command to con figure the lin k detection feat ure to detect and link down events. When a link down eve nt is detecte d, the feature can shut down the port, send an S NMP trap, or bo th. Use the[...]

  • Seite 423

    Authentication C ommands 4-127 4 Command Mode Interface C onfigurat ion Example network-ac cess link-d etection link-up-down Use this command to con figure the lin k detection feat ure to detect link-up and link-down events. When either a link-up or link-down ev ent is detected, the feature can shut d own the port, se nd an SNMP trap, or both. Us e[...]

  • Seite 424

    Command Line Interface 4-128 4 Command Usage • The reaut hentication t ime is a global set ting and applies to all ports. • When th e reauthenti cation time ex pires for a secu re MAC add ress it is reauth enticated wit h the RADIU S server. D uring the re authentica tion process traffic thro ugh the port remains unaf fected. Example clear netw[...]

  • Seite 425

    Authentication C ommands 4-129 4 Default Sett ing Displa ys the settings fo r all interfaces . Command Mode Privileged Exec Example show ne twork-ac cess mac-a ddress-table Use this command to di splay secur e MAC addres s table entries . Syntax show n etwork-acc ess mac- address-table [ static | dyn ami c ] [ addres s mac-address [ mask ]] [ inter[...]

  • Seite 426

    Command Line Interface 4-130 4 Command Usage When usi ng a bit mask to filter di splayed M AC addresse s, a 1 means "ca re" and a 0 mean s "don't care". Fo r example, a MAC of 00-00-01- 02-03-04 an d mask FF-FF- FF-00-00-00 w ould result in all MAC s in the range 00-00-01- 00-00-00 to 00-00 -01-FF-FF-FF t o be displayed. Al[...]

  • Seite 427

    Authentication C ommands 4-131 4 web-auth logi n-attempts This comm and defin es the limit for failed web authen tication login a ttempts. After the limit is r eached, the switch r efuses fu rther login attempts unt il the quiet t ime exp ires. Use t he no form to re store the def ault. Syntax web-aut h login-attem pts count no we b-auth log in-att[...]

  • Seite 428

    Command Line Interface 4-132 4 fail-u rl - The URL to w hich a host is directed after a failed web authentication attempt. Default Sett ing None Command Mode Global Co nfiguration Command Usage This comm and is not suppo rted in the curren t release of th e firmware. Example web-auth login-page-url This comm and define s the external aut henticatio[...]

  • Seite 429

    Authentication C ommands 4-133 4 success-url - The URL to which a host is di rected after a successful web authentication login. Default Sett ing None Command Mode Global Co nfiguration Command Usage This comm and is not suppo rted in the curren t release of th e firmware. Example web-auth quie t-period This comm and define s the amount of tim e a [...]

  • Seite 430

    Command Line Interface 4-134 4 timeout - The amount of t ime that an authenticated session remains valid. (Range: 300-3600 seconds) Default Sett ing 3600 seco nds Command Mode Global Co nfiguration Example web-auth sys tem-auth-contro l This comm and globall y enables web au thenticat ion for the switc h. Use the no form to restor e the default. Sy[...]

  • Seite 431

    Authentication C ommands 4-135 4 Command Usage Both we b-au th sys tem-a uth -cont rol for the switch and web-a uth for an interface m ust be enabl ed for the web aut hentication fe ature to be activ e. Example show web-a uth This comm and displays global web aut hentication parameters. Syntax show web- auth Default Sett ing None Command Mode Privi[...]

  • Seite 432

    Command Line Interface 4-136 4 Command Mode Privileged Exec Example web-auth re-au thenticate (Port) This comm and ends a ll web authent ication sess ions connecte d to the port and forces t he use rs to re- authenticate . Syntax web-auth r e-authenticate i nterface in terface • int erfa ce - Specifies a port interfac e. • etherne t unit / port[...]

  • Seite 433

    Authentication C ommands 4-137 4 Default Sett ing None Command Mode Privileged Exec Example show web-a uth summary This c ommand displays a summa ry of we b auth entication p ort paramet ers and statistics. Syntax show web- auth sum mary Default Sett ing None Command Mode Privileged Exec Console#web-auth re-authenticate interfac e ethernet 1/2 192.[...]

  • Seite 434

    Command Line Interface 4-138 4 Example Console#show web-auth summary Global Web-Auth Parameters System Auth Control : Enabled Port Status Authenticated H ost Count ---- ------ --------------- --------- 1/ 1 Disabled 0 1/ 2 Enabled 0 1/ 3 Disabled 0 1/ 4 Disabled 0 1/ 5 Disabled 0 1/ 6 Disabled 0 1/ 7 Disabled 0 1/ 8 Disabled 0 1/ 9 Disabled 0 1/10 [...]

  • Seite 435

    Access Control List Commands 4-139 4 Access Control List Com mands Access C ontrol Lists (ACL) prov ide packet filte ring for IP frames ( based on ad dress, protocol , or Laye r 4 protocol port nu mber) or a ny frames (based o n MAC a ddress or Etherne t type). To filter packe ts, first creat e an acce ss list, add the requ ired rules and then b in[...]

  • Seite 436

    Command Line Interface 4-140 4 IP ACLs access-l ist ip This co mmand ad ds an IP a ccess lis t and ent ers configu ration mo de for standar d or extende d IP ACLs. Us e the no form to re move the speci fied ACL. Syntax [ no ] access-list ip { st andar d | ex tende d } acl_ name • standar d – Specifies an AC L that filters pac kets based on the [...]

  • Seite 437

    Access Control List Commands 4-141 4 Related Commands permit , deny 4-141 ip ac cess-g roup (4 -143) show ip acc ess-list (4-1 43) permit , deny (Standard ACL ) This comm and adds a rule to a S t anda rd IP ACL. The r ule sets a filter conditi on for packets eman ating from the spe cified sourc e. Use the no for m to remove a r ule. Syntax [ no ] {[...]

  • Seite 438

    Command Line Interface 4-142 4 Syntax [ no ] { permit | deny } [ protocol - number | ud p ] { any | sour ce addres s-bitmask | host sou rce } { any | d estination address- bitmask | host destination } [ source -port sport [ end ]] [ desti nation-port dpo rt [ end ]] [ no ] { permit | deny } tcp { any | sour ce addres s-bitmask | host sou rce } { an[...]

  • Seite 439

    Access Control List Commands 4-143 4 This allow s TCP packets from class C addresses 192.168.1.0 to any destinati on address when set for destin ation TCP port 80 (i. e., HTTP). Related Commands access- list ip (4-140) show ip access-list This comm and displays the rules for co nfigured IP ACL s. Syntax show ip access- list { standard | exte nded }[...]

  • Seite 440

    Command Line Interface 4-144 4 Command Mode Interface C onfigurat ion (Ethernet) Command Usage • A port can onl y be bound to one ACL. • If a port is alre ady bound to an ACL and you bind it to a di fferent ACL, the switch will replace the old binding with the new one. • You must configure a m ask for an ACL ru le before you ca n bind it to a[...]

  • Seite 441

    Access Control List Commands 4-145 4 access-l ist mac This comm and adds a MAC access list and enters MAC ACL configura tion mode. Use t he no form to re move the speci fied ACL. Syntax [ no ] access-list mac acl _name acl_name – Name of the ACL. (Maximum length: 16 characters) Default Sett ing None Command Mode Global Co nfiguration Command Usag[...]

  • Seite 442

    Command Line Interface 4-146 4 permit , deny (MAC ACL) This comm and adds a rule t o a MAC ACL. The ru le filters packets matching a specifie d MAC sour ce or destinati on address (i. e., physical la yer address ), or Ethernet p rotocol type. Us e the no form to re move a rule. Syntax [ no ] { perm it | deny } { any | host source | source addres s-[...]

  • Seite 443

    Access Control List Commands 4-147 4 Default Sett ing None Command Mode MAC ACL Command Usage • New rules are added to th e end of the list. •T h e ether ty pe option can only be used to filter Ethern et II formatted pac kets. • A detaile d listing of Eth ernet protoc ol types can b e found in RFC 1060. A few of the mor e common type s includ[...]

  • Seite 444

    Command Line Interface 4-148 4 mac access -group This comm and binds a po rt to a MAC ACL. Use the no form to r emove the port. Syntax mac acce ss-group acl_ name in • acl_name – Name of the ACL . (Maximum le ngth: 16 charac ters) • in – Indicate s that t his list applies to ingress packets . Default Sett ing None Command Mode Interface C o[...]

  • Seite 445

    Access Control List Commands 4-149 4 ACL I nform ation show ac cess-list This co mmand s hows all ACLs and associated rules, as w ell as all the user -defined masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to a n inter face (i.e., the ACL is active), the order in which th e rules are disp layed is determ ined by the ass oci[...]

  • Seite 446

    Command Line Interface 4-150 4 SNMP Command s Controls a ccess to this switch fr om management st ations using the Simple Netwo rk Manage ment Protoc ol (SNMP), as wel l as the error ty pes sent to trap ma nagers. SNMP V ersi on 3 also provid es security feat ures that cove r message int egrity , authenti cation, and en cryption; as well as control[...]

  • Seite 447

    SNMP Commands 4-151 4 snmp-server This comm and enables the SN MPv3 engi ne and services fo r all managemen t clients (i.e., versions 1, 2c, 3). Use the no form to disable the server . Syntax [ no ] sn mp-ser ver Default Sett ing Enabled Command Mode Global Co nfiguration Example show snmp This comm and can be used to check t he status of SNMP co m[...]

  • Seite 448

    Command Line Interface 4-152 4 Example snmp-server communit y This comm and defines t he SNMP v1 an d v2c commu nity access strin g. Use the no form to rem ove the speci fied comm unity string. Syntax snmp-s erver commun ity string [ ro | rw ] no snmp-s erver comm unity string • strin g - Communi ty string that acts l ike a passwor d and permits [...]

  • Seite 449

    SNMP Commands 4-153 4 • private - Read/wri te access. Authorize d manag ement stat ions are abl e to both ret rieve and modify MIB obje cts. Command Mode Global Co nfiguration Example snmp-server cont act This comm and sets the sys tem contact string . Use the no form to remov e the system cont act informa tion. Syntax snmp-s erver contact strin [...]

  • Seite 450

    Command Line Interface 4-154 4 Command Mode Global Co nfiguration Example Related Commands snmp- server contact (4-1 53) snmp-server host Thi s com mand s pec ifie s th e reci pi ent o f a Si mple Net work Mana gement Pro toco l notificat ion operation. Use the no form to remov e the specifi ed host. Syntax snmp-s erver host host -addr [ inform [ r[...]

  • Seite 451

    SNMP Commands 4-155 4 • SNMP Version: 1 • UDP Port: 162 Command Mode Global Co nfiguration Command Usage • If you do not en ter an snmp- server host co mmand, no not ifications ar e sent. In ord er to co nfigure the switch to send S NMP not ifications, you must enter a t least one snm p-server hos t comma nd. In or der to en able multip le ho[...]

  • Seite 452

    Command Line Interface 4-156 4 support s. If the snmp-s erver hos t comman d does not sp ecify the SN MP version, the default is to sen d SNMP vers ion 1 notification s. • If you spe cify an SNMP Ve rsio n 3 host , then t he com munit y stri ng is interpret ed as an SNMP user name . If you use the V3 “a uth” or “priv” options, the user na[...]

  • Seite 453

    SNMP Commands 4-157 4 conjunc tion with the corre sponding entr ies in the Notify Vie w assigned by the snmp-s erver group command (page 4-160). Example Related Commands snmp- server ho st (4-154) snmp-server engi ne-id This comm and config ures an identif ication string for the SNMPv 3 engine. Use the no form to restore the default. Syntax snmp-s [...]

  • Seite 454

    Command Line Interface 4-158 4 • A local eng ine ID is au tomatically ge nerated that is unique to the switch. Th is is referred to as the defaul t engine ID. If the lo cal engine ID is del eted or changed, all SNMP users will be clear ed. You will need to re configure all existin g users (page 4 -163). Example Related Commands snmp-se rver host [...]

  • Seite 455

    SNMP Commands 4-159 4 snmp-server vi ew This command adds an SNMP view which controls user access to the MIB. Use the no for m to re move an SNMP view. Syntax snmp-s erver view view -name oid- tree { includ ed | excluded } no snmp-s erver view view-name • view-name - Name of an SN MP view . (Range : 1-64 cha racters) • oid-tre e - Obje ct i den[...]

  • Seite 456

    Command Line Interface 4-160 4 show snmp view This comma nd shows informa tion on the SNMP views. Command Mode Privileged Exec Example snmp-server gr oup This comm and adds an SN MP group, ma pping SNMP us ers to SNMP view s. Use the no form to remove an SNMP group. Syntax snmp-s erver group groupnam e { v1 | v2c | v3 { auth | noa uth | priv }} [ r[...]

  • Seite 457

    SNMP Commands 4-161 4 Default Sett ing • Default gr oups: public 19 (rea d only ), pr ivat e 20 (r ead/write) • readvi ew - Every o bject belongin g to the In ternet OID space (1.3.6.1). • writevie w - Nothing is defi ned. • notifyvie w - Noth ing is de fi ned. Command Mode Global Co nfiguration Command Usage • A group set s the access po[...]

  • Seite 458

    Command Line Interface 4-162 4 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1 Read View: defaultview Write View: defaultview Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model[...]

  • Seite 459

    SNMP Commands 4-163 4 snmp-server use r Thi s com mand a dds a use r to an SN MP grou p, r estr ic ting the user t o a s pec ifi c SNMP Re ad, Write, or Notify View . Use the no form to remove a us er from an S NMP group. Syntax snmp-s erver user us ername g roupname [ re mote ip-address ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sha } auth-pa[...]

  • Seite 460

    Command Line Interface 4-164 4 Default Sett ing None Command Mode Global Co nfiguration Command Usage • The SNM P engine ID is use d to compute t he authentica tion/privac y digests from the password. You should therefor e configure t he engine ID wi th the snmp-s erver engine- id comman d before usi ng this conf iguration com mand. • Before y [...]

  • Seite 461

    SNMP Commands 4-165 4 show snmp user This c ommand shows infor mation o n SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active SNMP remote user EngineId: 80000000030004e2b316c5432[...]

  • Seite 462

    Command Line Interface 4-166 4 Interface Commands Thes e comma nds ar e used t o displ ay or set commun ica tion p ara mete rs for an Ethernet p ort, aggregated link , or VLAN. interface This co mmand c onfigures a n interface type an d enters in terface co nfiguration mode. Use t he no form to r emove a trunk. Syntax inte rfac e inte rfac e no int[...]

  • Seite 463

    Interface C ommands 4-167 4 Example T o spec ify por t 24, ent er the fo llowing com mand: descri ption This comm and adds a description to an interface. Use the no f orm to remov e the descri ption. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface. (Range: 1-64 chara[...]

  • Seite 464

    Command Line Interface 4-168 4 • When aut o-negotiat ion is disabled , the default spe ed-duplex setting for both 100BAS E-FX and Gigabit Ethernet ports is 10 0full. Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • To force operation to the speed and duplex mod e specified in a speed-dup lex comm and, use the no [...]

  • Seite 465

    Interface C ommands 4-169 4 Example The fo llowing ex ample co nfigures p ort 1 1 to use autonegoti ation. Related Commands capabili ties (4-1 69) speed-d uplex (4-1 67) capabiliti es This c ommand advertises the port capabilities o f a giv en interfa ce during autoneg otiation. U se the no form wit h pa ramet ers to remove an adver tis ed cap abi [...]

  • Seite 466

    Command Line Interface 4-170 4 Example The follow ing example co nfigures Eth ernet port 25 c apabilities to 100ha lf, 100full and flow control. Related Commands negotiat ion (4-168) speed-d uplex (4-1 67) flo wcont rol (4-1 70) flowcontrol This comm and enable s flow control. Us e the no form to disabl e flow control. Syntax [ no ] flowcontrol Def[...]

  • Seite 467

    Interface C ommands 4-171 4 Example The follow ing example en ables flow con trol on port 5. Related Commands negotiat ion (4-168) capa bilities (f lowcontrol, sy mmetric) (4-1 69) shutdown This comm and disables an interface. T o restart a disabled interface, use t he no form . Syntax [ no ] shut down Default Sett ing All interface s are enabled. [...]

  • Seite 468

    Command Line Interface 4-172 4 switchpo rt packet- rate This comm and config ures broadcas t and multic ast and unkno wn unicast stor m cont rol . Us e th e no form to restore t he default sett ing. Syntax switchpo rt broadc ast p acket -rate rate no switchport broadc ast • broadcas t - Spec ifies storm control for broad cast tr affic. • rate -[...]

  • Seite 469

    Interface C ommands 4-173 4 Command Mode Privileged Exec Command Usage S t atistics are only initializ ed for a power r eset. This comman d sets the base value fo r displayed stati stics to zero for the current manageme nt session . How ever , if you log out and ba ck in to t he ma nageme nt i nter fac e, th e st ati stics displayed will show the a[...]

  • Seite 470

    Command Line Interface 4-174 4 Example show inte rfaces counter s This c ommand displays i nterface statistics. Syntax show i nterface s counters [ interfac e ] interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default Sett ing Shows the co unters fo[...]

  • Seite 471

    Interface C ommands 4-175 4 Example show inte rfaces swi tchport This comm and displays the adminis trative and op erational status of the specified int erfa ces . Syntax show i nterfaces switchpo rt [ interfac e ] inte rface • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-i[...]

  • Seite 472

    Command Line Interface 4-176 4 Example This examp le shows the c onfiguration setting for port 24. Console#show interfaces switchport ethern et 1/24 Broadcast threshold: Enabled, 64 Kbits/second LACP status: Enabled Ingress Rate Limit: Disabled, 100000 Kbits per second Egress Rate Limit: Disabled, 100000 Kbits per second VLAN membership mode: Hybri[...]

  • Seite 473

    Mirror Port Command s 4-177 4 Mirror Port Commands This secti on describes ho w to mirror tra ffi c from a source por t to a target port. port monitor This c ommand configures a mirro r sessio n. Use t he no form to clear a mirror session . Syntax port mo nitor interface [ rx | tx ] no port monitor in terf ace • interface - ethern et unit / port [...]

  • Seite 474

    Command Line Interface 4-178 4 Example The follow ing example co nfigures th e switch to mirr or received packe t s from port 6 to 1 1: show port monitor This command displays mirror informa tion. Syntax sh ow port moni tor [ in terfa ce ] interfa ce - ethernet unit / port ( source port) • unit - Stack un it. (Range: 1) • port - Port num ber. ([...]

  • Seite 475

    Rate Limit Commands 4-179 4 Rate Limit Commands This funct ion allows the net work manag er to control th e maximum rat e for traffic received on an interface . Rate limiting is configured on i nterfaces at the edge of a network to limit traf fic into the network. Packets that exceed the accepta ble amount of traffic are dro pped. Rate limit ing ca[...]

  • Seite 476

    Command Line Interface 4-180 4 Link Aggregation Comma nds Ports can be statica lly grouped int o an aggregat e link (i.e., trunk ) to increase the bandwidth of a network co nnection or to ens ure fault rec overy . Or you c an use the Link Aggreg ation Cont rol Protocol (LA CP) to automati cally negotiate a t runk link between this swi tch and a not[...]

  • Seite 477

    Link Aggregati on Commands 4-181 4 Guidelines for Creati ng Trunks General Guidelines – • Finish co nfiguring p ort trunks before you connect t he corres ponding net work cabl es be twe en sw itch es to avoi d creati ng a loop . • A trunk ca n have up to eig ht ports. • The port s at both ends o f a connection must be config ured as trunk p[...]

  • Seite 478

    Command Line Interface 4-182 4 Example The follow ing example cr eates trunk 1 and then add s port 1 1: lacp Thi s com mand e nab les 8 02. 3ad Li nk A ggr egati on Co ntro l Pr ot ocol (LAC P) f or th e cur ren t inte rf ace. U se t he no form to disabl e it. Syntax [ no ] la cp Default Sett ing Disabled Command Mode Interface C onfigurat ion (Eth[...]

  • Seite 479

    Link Aggregati on Commands 4-183 4 Example The follow ing shows L ACP enabled on ports 1 1 -13. Becaus e LACP has also been enabled on the ports at the oth er end of the links, the s how interfac es status port-chann el 1 com mand s hows th at T runk 1 has b een establ ished. lacp system- priority This c ommand configures a port's LACP sys tem[...]

  • Seite 480

    Command Line Interface 4-184 4 Command Mode Interface C onfigurat ion (Ethernet) Command Usage • Port must be configured with the same sy stem prior ity to join the sam e LAG. • System priority is comb ined with the s witch’s MAC ad dress to form the LAG ide ntif ier . Th is id enti fie r is used to i ndic ate a spec if ic LAG duri ng L ACP n[...]

  • Seite 481

    Link Aggregati on Commands 4-185 4 • Once the re mote side of a link has been est ablished, LA CP operatio nal settings are already in use o n that side. Con figuring LACP settings for the partne r only applies to its administrati ve state, not its operationa l state, and will only tak e effect the ne xt time an aggre gate link is esta blished wi[...]

  • Seite 482

    Command Line Interface 4-186 4 lacp port-priority This comm and config ures LACP po rt priority . Use t he no form to res tore the defaul t setting. Syntax lacp { ac tor | par tn e r } port-priority priority no lacp { actor | pa r tn e r } p ort-p rior ity • actor - Th e local side an aggr egate link. • partner - The remote side o f an aggregat[...]

  • Seite 483

    Link Aggregati on Commands 4-187 4 Default Sett ing Port Ch annel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel : 1 ----------------------------------------- -------------------------------- Eth 1/ 1 ----------------------------------------- -------------------------------- LACPDUs Sent : 21 LACPDUs Received : [...]

  • Seite 484

    Command Line Interface 4-188 4 T ab le 4-53 s how lacp in ternal - dis play descr iption Field Descr iption Oper Key Current oper ational val ue of the k ey for the aggregation port. Admin Ke y Current admi nistrative v alue of th e key for the a ggregatio n port. LACPDUs Internal Number of se conds be fore invalidatin g received LACPDU information[...]

  • Seite 485

    Link Aggregati on Commands 4-189 4 T ab le 4-54 s how lacp n eighbors - display d escription Field Desc ription Partner A dmin Syste m ID LAG partne r’s sys tem ID ass igned by t he user. Partner O per System ID LAG partner ’s system ID assigned by the LAC P protoco l. Partner A dmin Port Num ber Current administra tive value of the por t numbe[...]

  • Seite 486

    Command Line Interface 4-190 4 Address Table Command s Thes e comma nds ar e used t o confi gur e the addr ess tabl e for filte ring spec ifi ed addr esse s, dis play ing cu rren t entr ies , clea ring the t able , or set tin g the agi ng tim e. mac-addr ess-table stati c This comm and maps a static addr ess to a destina tion port in a VLAN. U se t[...]

  • Seite 487

    Address T abl e Commands 4-191 4 Command Usage The static add ress for a host de vice can be assi gned to a spec ific port within a specifi c VLAN. Use this com mand to add static addr esses to the MA C Address T abl e. S tatic addresse s have the follow ing characte ristics: • Static a ddresses will n ot be removed from the address tab le when a[...]

  • Seite 488

    Command Line Interface 4-192 4 • sort - Sort by add ress, vlan or int erface. Default Sett ing None Command Mode Privileged Exec Command Usage • The MAC Address Tabl e contains the MAC address es associat ed with each interface. Note that the Ty pe field may incl ude the follow ing types: - Lear ned - Dyna mic a ddr ess en tri es - Perm anent -[...]

  • Seite 489

    LLDP Commands 4-193 4 Example show ma c-address-tab le aging-time Thi s comma nd show s the agi ng tim e for en trie s in th e addres s ta ble. Default Sett ing None Command Mode Privileged Exec Example LLDP Commands Link L ayer Discov ery Protoco l (LLDP) is used t o discov er basic in formation a bout neighbo ring devices on the local broadca st [...]

  • Seite 490

    Command Line Interface 4-194 4 lldp reinit- delay Configure s the dela y before attem pting to r e-initialize after LLDP por ts are disa bled or the link goes down GC 4-198 lldp tx-del ay Config ures a de lay between th e succes sive transm ission of advertisem ents initia ted by a c hange in local LLDP MI B variab les GC 4-198 lldp admin -status E[...]

  • Seite 491

    LLDP Commands 4-195 4 lldp This comm and enable s LLDP globally on the switch. Us e the no form to dis able LLDP . Syntax [ no ] lld p Default Sett ing Enabled Command Mode Global Co nfiguration Example lldp holdtim e-multiplier This co mmand c onfigures the time-to-l ive (TTL) va lue sen t in LLDP advertisem ents. Use t he no form to res tore the [...]

  • Seite 492

    Command Line Interface 4-196 4 Command Mode Global Co nfiguration Command Usage The time- to-live tells the rece iving LLDP ag ent how long to retain all inform ation pertaining to the sending LLD P agent if it does not tran smit updates in a ti mely mann er . Example lldp medFa stStartCount This command specifies th e amount of MED Fast S tart LLD[...]

  • Seite 493

    LLDP Commands 4-197 4 Default Sett ing 5 second s Command Mode Global Co nfiguration Command Usage • This param eter only appli es to SNMP app lications whic h use data store d in the LLDP MIB for netwo rk monitoring or manageme nt. • Inform ation about cha nges in LLDP nei ghbors tha t occur between SNMP notificat ions is not trans mitted. Onl[...]

  • Seite 494

    Command Line Interface 4-198 4 lldp reinit-de lay This command configures the delay before attemp ting to re-initialize after LLDP ports are disa bled or the link g oes down. Us e the no form to rest ore th e defa ult setting. Syntax lld p reinit-del ay se conds no lldp reinit-delay seconds - S pecifies the delay before attempting to re-initialize [...]

  • Seite 495

    LLDP Commands 4-199 4 • This attr ibute must com ply with the fol lowing rule: (4 * tx-d elay ) ≤ refres h-interval Example lldp admin -status This comm and enab les LLDP tr ansmit, rece ive, or transm it and receive mode on the specifie d port. Use the no form to disab le this featur e. Syntax lldp admin-status { r x-only | tx-only | tx-rx } n[...]

  • Seite 496

    Command Line Interface 4-200 4 the LLDP MIB (IEEE 802.1AB), or organi zation-speci fic LLDP-EXT-DOT1 and LLDP-EXT-DOT3 MIBs. • SNMP trap desti nati ons ar e defi ned us ing t he snmp- ser ver hos t command (page 4- 154). • Inform ation about addit ional changes in LLDP neighbo rs that occur bet ween SNMP n otifications is no t transmitt ed. Onl[...]

  • Seite 497

    LLDP Commands 4-201 4 Example lldp basic -tlv manage ment-ip-addres s This comm and config ures an LLDP-e nabled por t to advertise the m anagemen t address for this device. U se the no form to disa ble this featur e. Syntax [ no ] lldp basic-tlv man agement-ip-address Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t[...]

  • Seite 498

    Command Line Interface 4-202 4 Syntax [ no ] lldp basic-tlv port-de scription Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage The port descr iption is ta ken from the ifDescr object in RFC 28 63, which includes information about the manuf acturer , the prod uct name, and the version of the i n[...]

  • Seite 499

    LLDP Commands 4-203 4 Syntax [ no ] l ld p basic- tlv system-des cription Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage The syst em descript ion is taken from the sysDe scr object in R FC 3418, wh ich includes the full na me and ver sion identifi cation of the s ystem's hardware t ype, [...]

  • Seite 500

    Command Line Interface 4-204 4 Syntax [ no ] lldp dot1-tlv proto-ident Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Thi s opti on adv erti ses th e prot oco ls that are acc ess ible t hroug h thi s inte rfac e. Example lldp dot1-tlv proto-vid This comm and configur es an LLDP-e nabled por t[...]

  • Seite 501

    LLDP Commands 4-205 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage The port’s default VLAN identifier (PVID) indicate s the VLAN with which untagged or prior ity-tagged frame s are associa ted (see “switch port native vlan ” on page 4 -247). Example lldp dot1-tlv vlan-name This comm a[...]

  • Seite 502

    Command Line Interface 4-206 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage This optio n advertises link aggregat ion capabilities, aggr egation statu s of the link, and the 802.3 agg regated po rt identifier if this interface is currentl y a link aggr egat ion m ember . Example lldp dot3-t[...]

  • Seite 503

    LLDP Commands 4-207 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Refer to “Frame Siz e Comman ds” on pag e 4-84 for inf ormation on configur ing the maxi mum frame size f or this switc h. Example lldp dot3-tlv poe This comm and config ures an LLDP-e nabled por t to advertise its Power[...]

  • Seite 504

    Command Line Interface 4-208 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Thi s opti on adv erti ses ex tende d Powe r-ov er-E ther net ca pab ili ty det ail s, s uch as power ava ilability fro m the switch, and power state of the swi tch, includin g whether the switch is opera ting from [...]

  • Seite 505

    LLDP Commands 4-209 4 Default Sett ing Enabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage This o ption adver tises loc ation iden tification d etails. Example lldp medtlv med-cap This comm and config ures an LLDP-M ED-ena bled port to adver tise its Media Endpoint De vice capabilities. U se the no form to disable[...]

  • Seite 506

    Command Line Interface 4-210 4 Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Thi s opt ion adve rti ses ne twor k pol ic y conf igur ati on i nfor mati on, aidi ng in the dis cov ery an d di agnos is o f VL AN co nfig urat ion m isma tche s on a por t. Imprope r network pol icy configurat ions frequen tly result in [...]

  • Seite 507

    LLDP Commands 4-211 4 Example Console#show lldp config LLDP Global Configuation LLDP Enable : Yes LLDP Transmit interval : 30 LLDP Hold Time Multiplier : 4 LLDP Delay Interval : 2 LLDP Reinit Delay : 2 LLDP Notification Interval : 5 LLDP MED fast start counts : 4 LLDP Port Configuration Interface |AdminStatus NotificationEnab led --------- + ------[...]

  • Seite 508

    Command Line Interface 4-212 4 show lld p info local-de vice This comm and shows LLDP global an d interface- specific con figuration se ttings for this devi ce. Syntax show lldp info local-device [ det ail interface ] • detail - Sh ows d etai led info rmat ion. • int erfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Po[...]

  • Seite 509

    LLDP Commands 4-213 4 show lld p info remote-de vice This comm and shows LLDP global an d interface- specific con figuration se ttings for remote de vices attach ed to an LLDP-en abled port . Syntax show lld p info remote-device [ detail inte rfa ce ] • detail - Sh ows d etai led info rmat ion. • interface • etherne t unit / port - unit - Sta[...]

  • Seite 510

    Command Line Interface 4-214 4 • detail - Sh ows d etai led info rmat ion. • int erfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Command Mode Privileged Exec Example switch#show lldp info statistics LLDP Device Statistics Neighbor Entries List Las[...]

  • Seite 511

    UPnP Commands 4-215 4 UPnP Command s Universal Plug and Play (UPn P) is a set of protocol s that allows dev ices to connect seamless ly and sim plifies the dep loyment of ho me and office networ ks. UPnP achieve s this by issuing UPnP device control protoc ols designe d upon open , Internet -based comm unication s t anda rds. upnp devic e This comm[...]

  • Seite 512

    Command Line Interface 4-216 4 upnp devic e ttl This co mmand s ets the time-to -live (TTL) v alue for se nding of U PnP mes sages from the device . Syntax upnp device ttl { va lue } • value - Th e number of rou ter hops a UPnP pa cket can trave l before it is discarded . (Ran ge:1-255) Default Sett ing 4 Command Mode Global Co nfiguration Comman[...]

  • Seite 513

    Spanning Tree Commands 4-217 4 Related Commands upnp devi ce ttl (4-216) show upn p This c ommand displays t he UPnP manag ement s t atus and time out set tings. Command Mode Privileged Exec Example Spanning Tree Command s This secti on includes co mmands that configure th e S panni ng T ree Algorit hm (ST A) globally fo r the switch, and co mmands[...]

  • Seite 514

    Command Line Interface 4-218 4 span ning -tree This comm and ena bles the S panning Tree Algor ithm globa lly for the swit ch. Use the no form to d isable it. Syntax [ no ] sp anning-tree Default Sett ing S panning tree is ena bled. Command Mode Global Co nfiguration Command Usage The S panning Tree Algorithm (ST A ) can be used to det ect and disa[...]

  • Seite 515

    Spanning Tree Commands 4-219 4 an ST A- compliant sw itch, brid ge or router ) in your netw ork to en sure that on ly one rout e exists between an y two stations on the network, an d provide ba ckup links wh ich automatic ally take over when a primary link go es down. Example This examp le shows ho w to enable the Sp anning T ree Algorithm for the [...]

  • Seite 516

    Command Line Interface 4-220 4 • Multiple S panning Tree Pr otocol - To a llow multiple sp anning tre es to operate ov er the network, you must configur e a related set of bridges with th e same MSTP co nfiguration , allowing them to participa te in a specific s et of s panning t ree insta nces. - A sp anning tree in stance can ex ist only on bri[...]

  • Seite 517

    Spanning Tree Commands 4-221 4 spanning-tre e hello-time This comm and config ures the spannin g tree bridge hello t ime globally fo r this switch. Use t he no form to re store the def ault. Syntax spanning-tree hello-time ti me no spanning-tree hello-tim e time - T ime in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(ma[...]

  • Seite 518

    Command Line Interface 4-222 4 ports (except for designat ed ports) should rece ive configur ation me ssages at reg ular inter val s. Any po rt th at age s out ST A inf orma tion (p rovi ded i n the la st configur ation message ) becomes the design ated port for the attached LAN . If it is a root port, a new root port is sel ected from amo ng the d[...]

  • Seite 519

    Spanning Tree Commands 4-223 4 no spanning-tree pathcost m ethod • lon g - Specifies 32-bit base d values that rang e from 1-20 0,000,000. This me thod is based on th e IEEE 8 02.1w Ra pid Spann ing Tree Protocol. • short - Speci fies 16-bit bas ed values that ra nge from 1-655 35. This meth od is based on the IEEE 802.1 Spanni ng Tree Protoco [...]

  • Seite 520

    Command Line Interface 4-224 4 • No VLANs ar e mapped to any MST instance. • The regi on name is set t he switch’s M AC address . Command Mode Global Co nfiguration Example Related Commands mst vlan ( 4-224) mst priori ty (4-2 25) nam e (4-22 5) revisi on (4-22 6) max-ho ps (4-2 26) mst vl an Thi s com mand adds VLAN s to a sp anni ng tr ee i[...]

  • Seite 521

    Spanning Tree Commands 4-225 4 Example mst priority This c ommand configures the prio rity of a spanning tree instance. Use the no form to restor e the default. Syntax mst instance_id prior ity priority no mst instance_ id pri ori ty • instance _id - Instance identifier of th e spanning tree . (Range: 0- 4094) • priority - Priority o f the a sp[...]

  • Seite 522

    Command Line Interface 4-226 4 MST Conf iguration Command Usage The MST re gion name an d revision numbe r (page 4-226) are us ed to designa te a unique MST region. A brid ge (i.e., spanning- tree complia nt device suc h as th is sw itch ) can only belo ng to one MST regi on. A nd all bri dges in th e same re gion must be con figured with th e same[...]

  • Seite 523

    Spanning Tree Commands 4-227 4 hop-number - M aximum hop number for m ultiple spanning tree. (Range: 1-40) Default Sett ing 20 Command Mode MST Conf iguration Command Usage An MSTI re gion is treated as a si ngle node by the STP and RSTP pr otocols. Ther efor e, th e mess age age for BPD Us insi de an MSTI reg ion i s never changed. Howeve r , each[...]

  • Seite 524

    Command Line Interface 4-228 4 cost - T he path cost for the p ort. (Range: 0 for auto-configuration, or 1-200,000,000) The recommended r ange is: • Etherne t: 200,000-2 0,000,000 • Fast Eth ernet: 20, 000-2,000,0 00 • Gigabit Ethe rnet: 2,000- 200,000 • 10 Gigab it Et hern et: 20 0-20 ,00 0 Default Sett ing By default , the system au tomat[...]

  • Seite 525

    Spanning Tree Commands 4-229 4 Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • This comm and defines t he priority for the us e of a port in the Span ning Tree Alg orith m. I f the p ath co st fo r all port s on a sw itch are th e sa me, the port with the highest priority (that is, lowe st value) will be con figured as an acti[...]

  • Seite 526

    Command Line Interface 4-230 4 Related Commands spanning-tr ee portfast (4-230) spanning-tre e portfast This command set s an interf ace to fas t forwarding. Us e the no form to d isable fast forwar ding. Syntax [ no ] sp anning-tree portfast Default Sett ing Disabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage ?[...]

  • Seite 527

    Spanning Tree Commands 4-231 4 spanning-tre e link-type This c ommand configures the link type for Rapid Spanning Tree and Multiple S panning Tree. Use the no form to restor e the default . Syntax spanning-tree link -type { auto | point-to -point | shared } no spanning-tree lin k-type • auto - Auto matically de rived from the duplex mod e setting[...]

  • Seite 528

    Command Line Interface 4-232 4 9.3.4 (Note 1). • Port Loopback Detection will not be active if Spanning Tree is disabled on the switch . Example spanning-tre e loopback-d etection relea se-mode This c ommand configures the rele ase mo de for a port tha t was pl aced in the discardi ng state because a l oopback BPD U was received . Use the no form[...]

  • Seite 529

    Spanning Tree Commands 4-233 4 spanning-tre e loopback-d etection trap This comm and enable s SNMP trap notif ication for S panning Tree loopback BPD U detectio ns. Use the no form to restor e the default. Syntax spanning-tree lo opback-det ection trap no spanning-tree loopb ack-detection trap Default Sett ing Disabled Command Mode Interface C onfi[...]

  • Seite 530

    Command Line Interface 4-234 4 • Each sp anning-tree in stance is assoc iated with a un ique set of VLAN I Ds. • This comm and is used by the multiple span ning-tree al gorithm to dete rmine the best pat h between dev ices. Theref ore, lower value s should be ass igned to inte rfaces a ttached to faster m edia, and highe r values a ssigned to i[...]

  • Seite 531

    Spanning Tree Commands 4-235 4 spanning-tr ee mst c ost (4-2 33) spanning-tre e protocol-migra tion This comm and re-che cks the appropr iate BPDU form at to send on the s elected int erfa ce. Syntax spanning-tree protocol-migra tion interf ace inte rface • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28[...]

  • Seite 532

    Command Line Interface 4-236 4 Command Mode Privileged Exec Command Usage •U s e t h e show span ning-tree comman d with no pa rameters to di splay the spannin g tree configur ation for the switc h for the Comm on Spanning Tree (CST) a nd for e very inte rface in the tree . • Use the show sp anning-tree interface command to display t he span ni[...]

  • Seite 533

    Spanning Tree Commands 4-237 4 show sp anning-tree ms t configuration This c ommand shows the configu ration of t he mul tiple spanning tree. Command Mode Privileged Exec Example ----------------------------------------- ---------------------- Eth 1/ 1 information ----------------------------------------- ---------------------- Admin status: enable[...]

  • Seite 534

    Command Line Interface 4-238 4 VLAN Commands A VLAN is a gro up of ports that can be l ocated anyw here in the netwo rk, but comm unicate as tho ugh they belo ng to the same ph ysical seg ment. This sect ion describes commands used to creat e VLAN groups, add port members, specify ho w VLAN taggi ng is u sed, and enable a utomatic VL AN registr ati[...]

  • Seite 535

    VLAN Commands 4-239 4 bridge-ext g vrp This comm and enable s GVRP global ly for the switch. Use the no for m to disable i t. Syntax [ no ] bridg e-ex t gvrp Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage GVRP defines a way for sw itches to excha nge VLAN infor mation in orde r to register VLAN mem bers on po rts across [...]

  • Seite 536

    Command Line Interface 4-240 4 switchpo rt gvrp This command enab les GVRP for a port . Use the no form to disabl e it. Syntax [ no ] s witchport gvrp Default Sett ing Disabled Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Example show gv rp configuration This c ommand shows if GVRP is enabled . Syntax show g vrp configuration [ [...]

  • Seite 537

    VLAN Commands 4-241 4 garp timer This comm and sets the valu es for the join, lea ve and leavea ll timers. Use th e no form to r estore the time rs’ default v alues. Syntax garp t imer { join | leave | leaveal l } ti mer_va lue no garp timer { join | leave | leavea ll } •{ join | leave | leaveall } - Which timer to set. • time r_value - Value[...]

  • Seite 538

    Command Line Interface 4-242 4 Syntax sh ow garp time r [ interface ] interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default Sett ing Shows all GARP timers. Command Mode Normal Exec, Priv ileged Exec Example Related Commands garp time r (4-24 1) E[...]

  • Seite 539

    VLAN Commands 4-243 4 Command Usage • Use the VLAN da tabase co mmand m ode to add, chan ge, and delete VL ANs. After finishi ng configura tion chang es, you can displ ay the VLAN settings by entering the show vlan command. •U s e t h e in terfac e vlan command mode to defin e the port membership mo de and add or r emove ports fro m a VLAN. The[...]

  • Seite 540

    Command Line Interface 4-244 4 Example The follow ing example ad ds a VLAN, us ing VLAN ID 10 5 and name R D5. The VLA N is activa ted by default. Related Commands show vlan (4-250) Configuring VLAN Inte rfaces interfac e vlan This comm and enters inte rface configur ation mode for VL ANs, which is use d to configur e VLAN parame ters for a physica[...]

  • Seite 541

    VLAN Commands 4-245 4 Example The follow ing example sh ows how to se t the interface configuratio n mode to VLAN 1, and t hen assign an IP address to the VLAN : Related Commands shutdown (4 -171) switchpo rt mode This comm and configur es the VLAN me mbership mo de for a port. Use th e no form to restor e the default. Syntax switchport mode { trun[...]

  • Seite 542

    Command Line Interface 4-246 4 switchpo rt accepta ble-frame-type s This co mmand co nfigures the a cceptable fra me types for a port. U se the no form to restore t he default. Syntax switchpo rt acceptable-fra me-types { all | ta gg ed } no switchp ort acceptable-fr ame-types • all - The por t accepts all fram es, tagged or un tagged. • tagged[...]

  • Seite 543

    VLAN Commands 4-247 4 Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • Ingres s filtering only affec ts tagged f rames. • With ingr ess filtering enabled, a port will discard received frames t agged for VLANs for it which it is n ot a member. • Ingress filt ering does not aff ect VLAN indepen dent BPDU fram es,[...]

  • Seite 544

    Command Line Interface 4-248 4 switchpo rt allowed v lan This c ommand configures VLAN gr oups on th e selected interfac e. Use t he no form to restor e the default. Note: Each port can only ha ve one unta gged VLAN . If a secon d VLAN is defi ned for a port as u ntagged, the other VLAN that ha d untagged status will automatically b e changed to ta[...]

  • Seite 545

    VLAN Commands 4-249 4 Example The follow ing example sh ows how to ad d VLANs 1, 2, 5 and 6 to the allowed lis t as tagged VLANs for port 1: switchpo rt forbidden vlan This c ommand co nfigures f orbidden V LANs. Us e the no form to re move the lis t of forbidde n VLANs. Syntax switchport forbidden vlan { add vlan-li st | re move vlan-list } no swi[...]

  • Seite 546

    Command Line Interface 4-250 4 Displaying VLAN Infor mation show vl an This comma nd shows VLAN information . Syntax show v lan [ id vla n-id | name vlan-name | pr ivat e-v lan private- vlan-type ] • id - Key word to be followe d by the VLAN ID. - vlan-i d - ID of t he co nfi gured VLAN . (Ra nge: 1-4092 , no l eadi ng ze roes ) • name - Keyw o[...]

  • Seite 547

    VLAN Commands 4-251 4 Configuring I EEE 802.1Q Tunneling IEEE 802.1Q tunneling (Q inQ tunneling) uses a single Ser vice Provider VLAN (SPV LAN) for cust omer s wh o have mult iple VL ANs. Cust omer VLAN I Ds are pre serve d an d tr af fic f rom di ffer ent custom ers i s se greg ated wit hin the se rvi ce provider ’s net work even when t hey use [...]

  • Seite 548

    Command Line Interface 4-252 4 Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage QinQ tunn el mode mus t be enabled on th e switch for Qin Q interface sett ings to be functional. Example Related Commands show dot1 q-tunnel (4-2 53) show interf aces switc hport (4-175 ) switchpo rt dot1q-tunnel m ode This comm and config ure[...]

  • Seite 549

    VLAN Commands 4-253 4 switchpo rt dot1q-tunnel tp id This comm and se t s the T ag Prot ocol Identif ier (TPID) v alue of a tun nel port. Us e the no form to restore the default setting. Syntax switchport dot1q-tu nnel tpid tpid no switchport dot1q-t unnel tpid tpi d – Sets the ethertype value for 802.1Q encapsulation. This identifier is used to [...]

  • Seite 550

    Command Line Interface 4-254 4 Example Related Commands switch port dot1q- tunnel m ode (4-25 2) Configuring Pri vate VLANs Private VLA Ns provide po rt-based secu rity and isolati on between por ts within the assign ed VLAN. This swit ch supports two types of private VLAN s: primary/ secondar y associat ed groups, and stand-al one isolated VLA Ns.[...]

  • Seite 551

    VLAN Commands 4-255 4 T o conf igure p rimary/seco ndary a ssociate d groups, follow the se steps: 1. U se th e priv ate- vlan command to design ate one or mo re commu nity VLANs and the pri mary VLAN that will channe l traffi c outsid e of the community groups. 2. Use the private-vl an association comm and to map t he comm unity VLA N(s) to the pr[...]

  • Seite 552

    Command Line Interface 4-256 4 private -vlan Use thi s comman d to create a primary , commu nity , or isolated p rivate VLA N. Use the no form to remove the s pecif ied private VLAN. Syntax private- vlan vlan -id { community | primary | isol ated } no private- vlan vlan-i d • vlan-i d - ID of privat e VLAN. (Ran ge: 1-4092, no leading zeroes ). ?[...]

  • Seite 553

    VLAN Commands 4-257 4 no private- vlan prim ary-vlan -id assoc iation • primary -vlan-id - ID of primary VL AN. (Range: 1-4092, no leading zeroes). • seco ndar y-vl an-id - ID of secondary (i. e, community) VLAN. (Range: 1-4092, no leading zeroes). Default Sett ing None Command Mode VLAN C onfiguration Command Usage Secondar y VLANs provid e se[...]

  • Seite 554

    Command Line Interface 4-258 4 • To assign a promiscuou s port or host por t to an isolated VLAN, use the switchport private-vlan isola ted command. Example switchpo rt private-v lan host-ass ociation Use this com mand to ass ociate an inter face with a seco ndary VLAN. U se the no form to r emove this associ ation. Syntax swit chp ort pr ivat e-[...]

  • Seite 555

    VLAN Commands 4-259 4 Default Sett ing None Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage Host ports assign ed to a isolate d VLAN cannot pass traffic bet ween group memb ers, and must c ommunicat e with resourc es outside of the grou p via a promisc uous port. Example switchpo rt private-v lan mapping Use this com [...]

  • Seite 556

    Command Line Interface 4-260 4 Syntax show v lan privat e-vlan [ community | isol ated | pr ima ry ] • communit y – Display s all community VLANs, along wi th their associ ated primary VLAN and assign ed host interfa ces. • isolated – Displays an isolated VLA N, along with the as signed promisc uous interface and host interfac es. The Prima[...]

  • Seite 557

    VLAN Commands 4-261 4 Configuring Prot ocol-based VLANs The net work dev ices required to sup port multipl e protoco ls cannot b e easily grouped into a common VLAN. This may require non-standard devices to pass traf fic between d iff ere nt VLANs in order to encompass all th e devices participating i n a specific protocol. This kind of configur at[...]

  • Seite 558

    Command Line Interface 4-262 4 • group-id - Group identifi er of this protocol group. (Ran ge: 1-21474836 47) • fram e 1 - Frame type used by t his protocol. (O ptions: ether net, rfc_104 2, llc_othe r) • protocol - Protocol type. T he only option for th e llc_other fram e type is ipx_raw . The options for all other frames t ypes include: ip,[...]

  • Seite 559

    VLAN Commands 4-263 4 applied t o tagged fram es. - If the f rame is untagge d and the prot ocol type match es, the fram e is forwarded to the appropriate VLAN. - If the f rame is untagg ed but the pr otocol type do es not match, t he frame is forwarded to the default VLAN fo r the interf ace. Example The follow ing example m aps traffic matching t[...]

  • Seite 560

    Command Line Interface 4-264 4 This shows that t raffic matching the spe cifications for protocol group 2 will be mapped to VLAN 2: Priority Commands The comm ands descr ibed in this se ction allow yo u to specify whi ch data packets have grea ter preced ence when traffic is buffered in the switch du e to congestio n. This switch su pports CoS with[...]

  • Seite 561

    Priority Commands 4-265 4 queue mod e This comm and sets the que ue mode to stric t priority or Weighted Round-Rob in (WR R) for the c lass of se rvic e (C oS) pr ior ity q ueues . Us e the no fo rm to res tore th e default va lue. Syntax queue mod e { strict | wrr } no queue mode • strict - Se rvices the egr ess queues in sequential orde r, tran[...]

  • Seite 562

    Command Line Interface 4-266 4 Default Sett ing The priorit y is not set, and the de fault value for untagged frames recei ved on the inter face is zero. Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • The prece dence for pr iority mapping i s IP DSCP, and default swit chport priority . • The defau lt priority a[...]

  • Seite 563

    Priority Commands 4-267 4 Command Mode Global Co nfiguration Command Usage WRR co ntro ls ban dwid th sh arin g at the eg res s port by defi nin g sched ulin g weights. Example Thi s exa mple s hows how t o as sign WRR we ight s to pri orit y qu eues 0 - 2 : Related Commands show que ue bandwidth (4 -268) queue cos -map This comm and assign s class[...]

  • Seite 564

    Command Line Interface 4-268 4 Command Usage • CoS value s assigned at the ingress por t are also used at the egress por t. • This comm and sets the C oS priority for all inter faces. Example The follow ing example sh ows how to ch ange the CoS ass ignments: Related Commands show queue c os-map (4- 269) show que ue mode This c ommand shows the [...]

  • Seite 565

    Priority Commands 4-269 4 Example show que ue cos-map This co mmand sho ws the cla ss of se rvice pr iori ty map. Syntax show q ueue cos -map [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default Sett ing None Command Mode Privilege[...]

  • Seite 566

    Command Line Interface 4-270 4 Syntax [ no ] m ap ip dscp Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • The prece dence for pr iority mapping i s IP DSCP, and default swit chport priority . Example The follow ing example sh ows how to en able IP DSCP mapping globa lly: map ip ds cp (Int erface Confi gurati on) This [...]

  • Seite 567

    Priority Commands 4-271 4 Command Mode Interface C onfigurat ion (Ethernet, Por t Channel) Command Usage • The prece dence for pr iority mapping i s IP DSCP, and default swit chport priority . • DSCP pr iority valu es are mapp ed to d efault Class of Service v alues acc ording to recomme ndations in the IEEE 802.1p st andard, and then subse que[...]

  • Seite 568

    Command Line Interface 4-272 4 Example Related Commands map ip dscp ( Global Conf iguration) (4-26 9) map ip d scp (I nt erfa ce Co nfigu rati on) (4-2 70) Quality of Service Comm ands The comm ands descr ibed in this sect ion are used to c onfigure Differen tiated Services ( DiffServ) class ification criter ia and serv ice policies. Y ou can class[...]

  • Seite 569

    Quality of Service C ommands 4-273 4 T o crea te a serv ice policy for a sp ecific categ ory of i ngress traffic , follow the se steps: 1. Use the cl ass-map comman d to design ate a class nam e for a speci fic category of traffic, and enter the Class M ap configurati on mode. 2. U se th e match comman d to se lect a spec ify typ e of traffic b ase[...]

  • Seite 570

    Command Line Interface 4-274 4 • The class map is used wit h a policy map ( page 4-275) to cr eate a service policy (pa ge 4-278) fo r a specific inter face that def ines packet cl assificatio n, service tagging, and band width policing. Example This examp le creates a class map cal l “rd_class,” and s ets it to match packets marked for DSCP [...]

  • Seite 571

    Quality of Service C ommands 4-275 4 This examp le creates a class map cal l “rd_class# 2,” and sets it to matc h p ack ets mark ed f or IP Prec edenc e se rvic e val ue 5: This examp le creates a class map cal l “rd_class# 3,” and sets it to matc h p ack ets marked for VLAN 1: policy- map This c ommand creates a p olicy map that c an be a [...]

  • Seite 572

    Command Line Interface 4-276 4 class This comm and defi nes a traffic classi fication upon which a po licy can act, an d enters Policy Ma p Class config uration mod e. Use the no form to delete a class m ap and ret urn to P olicy Map con figur at ion mod e. Syntax [ no ] class cl ass- map- name class-map-name - Name of t he c lass map. (Ran ge: 1-1[...]

  • Seite 573

    Quality of Service C ommands 4-277 4 set This comm and services IP traf fic by setti ng a CoS, DSCP , or IP Preced ence value in a matc hing pack et (a s specif ie d by the match com mand on page 4- 274). Use the no form to remo ve the traf fic class ification. Syntax [ no ] set { cos new-co s | ip ds cp new-d scp | ip prec edence new-pr eceden ce [...]

  • Seite 574

    Command Line Interface 4-278 4 Policy M ap Class Configur ation Command Usage • You ca n configure up to 64 policer s (i.e., mete rs or class maps) for ea ch of the following ac cess list types : MAC ACL, IP ACL (including Stan dard ACL and Extende d ACL), IPv6 Standa rd ACL, and IPv6 Exte nded ACL. This limitat ion applies t o each switch chip ([...]

  • Seite 575

    Quality of Service C ommands 4-279 4 Example This examp le applies a se rvice policy to an ingr ess interfa ce. show cl ass-map Thi s com mand dis play s th e QoS clas s ma ps whic h def ine matc hing cri ter ia u sed f or classifyin g traf fic. Syntax show c lass-ma p [ class- map-nam e ] class-map-name - Name of t he c lass map. (Ran ge: 1-16 cha[...]

  • Seite 576

    Command Line Interface 4-280 4 Example show pol icy-map inte rface Thi s comma nd dis play s the ser vic e polic y ass igned t o the sp ecif ied int erf ace. Syntax show po licy-map in terface interface input interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Ran[...]

  • Seite 577

    V oice VLAN Commands 4-281 4 voic e vlan This comm and enable s V oIP t raffi c detec tion and defi nes the V oice VLAN ID. Use the no form to di sabl e the V oic e VLAN . Syntax voice vlan voice-vlan -id no voice vlan voice-vlan-id - S pecifies the voice VLAN ID. (Range: 1-4094) Default Sett ing Disabled Command Mode Global Co nfiguration Command [...]

  • Seite 578

    Command Line Interface 4-282 4 voic e vlan aging This command set s the V oice VLAN ID time out. Use t he no form to restore the default. Syntax voice vlan ag ing minutes no voice vlan minutes - S pecifies the port V oice VLAN membership time out. (Range: 5-43200 mi nutes) Default Sett ing 1440 minut es Command Mode Global Co nfiguration Command Us[...]

  • Seite 579

    V oice VLAN Commands 4-283 4 Command Usage • VoIP devi ces attached to the switch can be identified by the manufact urer’s Organ izational Uniq ue Identifier (O UI) in the source MAC addres s of received packets . OUI numb ers are assi gned to m anufacturer s and form t he first thre e octets of device MA C addres ses. The MA C OUI n umbers for[...]

  • Seite 580

    Command Line Interface 4-284 4 switchpo rt voice v lan rule This co mmand se lects a meth od for det ecting VoIP traffic on a port. Use the no form to disabl e the detection m ethod on the port. Syntax [ no ] s witchport vo ice vlan rule { oui | lld p } • oui - Traffic from VoIP devices is detected by the O rganizationall y Unique Identifie r (OU[...]

  • Seite 581

    V oice VLAN Commands 4-285 4 Command Usage • Securi ty filtering dis cards any n on-V o IP packets rece ived on the po rt that are tagged with voi ce VLAN ID. VoIP traff ic is iden tified by sourc e MAC addresse s configur ed in the T eleph ony OUI list, or t hrough LLDP th at discovers V oIP devices attached to th e switch. P ackets rec eived fr[...]

  • Seite 582

    Command Line Interface 4-286 4 show vo ice vlan This command display s the Voice VLAN settings o n the switch and t he OUI Telepho ny list. Syntax show voic e vlan { oui | st atus } • oui - Di spl ays th e OUI Tel ephon y li st. • status - Displays the gl obal and port Vo ice VLAN settings . Default Sett ing None Command Mode Privileged Exec Ex[...]

  • Seite 583

    Multicas t Filtering Command s 4-287 4 Multicast Filtering Comma nds This switc h uses IGMP (Inter net Group M anagement Protocol) to que ry for any attached ho sts that wa nt to re ceive a s pecific mul ticast se rvice. It ide ntifies t he ports containing hosts reques ting a serv ice and sen ds data out to those ports only . It then propagate s t[...]

  • Seite 584

    Command Line Interface 4-288 4 ip igmp sn ooping This comm and ena bles IGMP sn ooping on t his switch. Use the no form to di sable i t. Syntax [ no ] ip igm p snooping Default Sett ing Enabled Command Mode Global Co nfiguration Example The follow ing example en ables IGM P snooping. ip igmp sn ooping vlan static This comm and adds a po rt to a mul[...]

  • Seite 585

    Multicas t Filtering Command s 4-289 4 ip igmp sn ooping versio n This c ommand configures the IGMP snooping version . Use th e no form to re store the defaul t. Syntax ip igmp s nooping ver sion { 1 | 2 | 3 } no ip igmp snooping ve rsion • 1 - IGMP Version 1 • 2 - IGMP Version 2 • 3 - IGMP Version 3 Default Sett ing IGMP V ersion 2 Command M[...]

  • Seite 586

    Command Line Interface 4-290 4 Command Usage • The IGMP snooping lea ve-proxy fea ture suppre sses all unnec essary IGM P leave mes sages so that the non-que rier switch forw ards an IGMP leave packet o nly when the last dynamic mem ber port lea ves a multicast group. • The leave -proxy featur e does not function when a switch is set as the que[...]

  • Seite 587

    Multicas t Filtering Command s 4-291 4 show ip igmp snoopin g This c ommand shows the IGMP s nooping c onfiguration . Default Sett ing None Command Mode Privileged Exec Command Usage See “Con figuring IGM P Snoopin g and Que ry Parameter s” on page 3-213 for a descrip tion of the disp layed items. Example The fo llowing sh ows the current IG MP[...]

  • Seite 588

    Command Line Interface 4-292 4 Example The follow ing shows the multicast entrie s learned thro ugh IGMP snoo ping for VLAN 1: IGMP Query Commands (Layer 2) This secti on describes c ommands u sed to configu re Layer 2 IGM P query on the switch. ip igmp sn ooping qu erier This co mmand e nables the s witch as an IGM P querier . Use the no form to d[...]

  • Seite 589

    Multicas t Filtering Command s 4-293 4 Example ip igmp sn ooping query-c ount This c ommand configures the que ry count . Use th e no form to re store the default. Syntax ip igmp s nooping quer y-count count no ip igmp snooping que ry-count count - The maximum n umber of queries issued for which there has be en no response before the switch t akes [...]

  • Seite 590

    Command Line Interface 4-294 4 Default Sett ing 125 secon ds Command Mode Global Co nfiguration Example The fo llowing sh ows how to con figure th e query i nterval to 100 se conds: ip igmp sn ooping qu ery-max-respo nse-time This c ommand configures the que ry repor t delay . U se the no form to rest ore the default. Syntax ip igmp s nooping quer [...]

  • Seite 591

    Multicas t Filtering Command s 4-295 4 ip igmp sn ooping router-port-e xpire-time This c ommand configures the que ry timeou t. Use the no form to res tore the defa ult. Syntax ip igmp s nooping router-por t-expire-time seconds no ip igmp snooping router-po rt-expire-time seconds - The tim e the switch waits af ter the previous querier stops before[...]

  • Seite 592

    Command Line Interface 4-296 4 ip igmp sn ooping vlan mrouter This comm and statically c onfigures a mul ticast router por t. Use the no form to remov e the configurat ion. Syntax [ no ] ip igm p snooping vlan vlan-id mrouter in terface • vlan-i d - VLAN ID (Ra nge: 1-4092 ) • int erfa ce • etherne t unit / port - unit - Stack un it. (Range: [...]

  • Seite 593

    Multicas t Filtering Command s 4-297 4 Command Usage Multicas t router port typ es displaye d include St atic. Example The fol lowi ng sho ws t hat port 1 1 in VL AN 1 is at ta ched to a m ult icas t r outer : IGMP Filterin g and Throttling Commands In certain swit ch application s, the adm inistrator may want to control the multicast services t ha[...]

  • Seite 594

    Command Line Interface 4-298 4 ip igmp filt er (Global Configu ration) This comm and globall y enables IGMP f iltering and throt tling on the switch . Use the no form to disable the feature. Syntax [ no ] ip igmp filter Default Sett ing Disabled Command Mode Global Co nfiguration Command Usage • IGMP fi lter in g enab les you to ass ign a prof il[...]

  • Seite 595

    Multicas t Filtering Command s 4-299 4 Command Usage A prof ile defines the mu lticast gro up s tha t a s ubscriber is permitted or den ied to join. The sam e profile can be applied to man y interfaces, bu t only one profile can be assigned to one i nterface. Each pr ofile has only on e access mode ; eit her per mit or deny . Example permit, den y [...]

  • Seite 596

    Command Line Interface 4-300 4 Command Mode IGMP Prof ile Confi gur ation Command Usage Enter this command multiple t imes to s pecify mor e than one multicast address or addres s range for a profi le. Example ip igmp filt er (Interfa ce Configu ration) This comm and assign s an IGMP filterin g profile to an inte rface on the swi tch. Use the no fo[...]

  • Seite 597

    Multicas t Filtering Command s 4-301 4 number - The m aximum number of m ulticast groups an interface can join at the same time. (Range: 0-64) Default Sett ing 64 Command Mode Interface C onfigurat ion Command Usage • IGMP thro ttling sets a ma ximum num ber of multicast groups that a po rt can join at the same time. When the maxim um num ber of [...]

  • Seite 598

    Command Line Interface 4-302 4 Example show ip igmp filter This command displays the global and interface setti ngs for IGMP filtering. Syntax show ip igmp filt er [ in terf ace in terf ace ] interfa ce • etherne t unit / port - unit - Stack un it. (Range: 1 ) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1-8) Default[...]

  • Seite 599

    Multicas t Filtering Command s 4-303 4 Example show ip igmp throttle int erface This comm and displays the interface se ttings for IGM P throttling. Syntax show ip igmp throttl e interface [ interface ] inte rface • etherne t unit / port - unit - Stack un it. (Range: 1 ) - port - Port num ber. (Range: 1-28) • port-chann el channe l-id (Range: 1[...]

  • Seite 600

    Command Line Interface 4-304 4 Multicast VLAN Registrati on Commands Thi s sec tio n desc ribe s co mmand s use d to conf igur e Mul tic ast VL AN R egis trat ion (MVR). A si ngle network-w ide VLAN can be used to transm it multicast traffic (such as telev ision c hannels) ac ross a service p rovider ’s netw ork. Any multicast traffic entering an[...]

  • Seite 601

    Multicast VLAN Regi stration Commands 4-305 4 Command Usage •U s e t h e mvr group comma nd to statica lly configure a ll multicast group addresses that will join the MVR VLAN. Any multicast data asso ciated an MVR grou p is sent from all source ports , and to all recei ver ports that hav e register ed to receive da ta from that mul ticast group.[...]

  • Seite 602

    Command Line Interface 4-306 4 Command Usage • A port whi ch is not configur ed as an MVR receiver or so urce port can use IGMP snoop ing to join or leav e mult icas t grou ps usi ng the st anda rd rul es for multicas t filtering. • MVR rec eiver ports c annot be mem bers of a tru nk. Receiv er ports can b elong to differen t VLANs, but shou ld[...]

  • Seite 603

    Multicast VLAN Regi stration Commands 4-307 4 show mv r This comm and sh ows informa tion abou t the global M VR config uration set tings when entered w ithout any key words, the inter faces attached to the MVR VLAN us ing the inte rfac e keyword, or the multicast gr oups assigned to th e MVR VLAN us ing the member s keywor d. Syntax show m vr [ in[...]

  • Seite 604

    Command Line Interface 4-308 4 The fo llowing disp lays infor mation a bout the interfaces attached to the M VR V LAN: The follow ing shows inf ormation a bout the interface s associat ed with multic ast groups assign ed to the MVR VL AN: Console#show mvr interface Port Type Status I mmediate Leave ------- -------- ------------- - -------------- et[...]

  • Seite 605

    IP Interface Command s 4-309 4 IP Interface Commands An IP addre sses may be us ed for mana gement acces s to the switch o ver your network . The IP address f or this switch i s obtained via DHC P by default. Y ou can manuall y configure a sp ecific IP add ress, or direct the device to obtain a n address from a BOOTP or DHCP server when it is power[...]

  • Seite 606

    Command Line Interface 4-310 4 • If you select th e bootp or dhcp option, IP is e nabled but will not f unction unt il a BOOTP or DH CP reply has been received. Requests wi ll be broadcast periodic ally by this devi ce in an effort to le arn its IP address . (BOOTP and DHCP values can include the IP address, de fault gateway, and subnet mask). ?[...]

  • Seite 607

    IP Interface Command s 4-311 4 ip dhcp res tart This command submit s a BOOTP or DHCP client re quest. Default Sett ing None Command Mode Privileged Exec Command Usage • This comma nd issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode vi a the ip address command . • DHCP requires t he server to re[...]

  • Seite 608

    Command Line Interface 4-312 4 show ip redirects Thi s comm and s hows the defaul t g atewa y con figur ed f or t his d evic e. Default Sett ing None Command Mode Privileged Exec Example Related Commands ip default- gateway (4- 310) ping This comm and sends ICMP echo re quest packets to anothe r node on the net work. Syntax ping host [ size size ] [...]

  • Seite 609

    IP Source Guard Command s 4-313 4 Example Related Commands interface ( 4-166) IP Source Guard Comma nds IP Source Guard is a secur ity feature th at filters IP traffic on n etwork inter faces based on m anually conf igured entries in the IP Source Guard table, or static and dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snoopi[...]

  • Seite 610

    Command Line Interface 4-314 4 • sip-mac - Filters traffic based on IP addresse s and corresp onding MAC address es stored in th e binding table. Default Sett ing Disabled Command Mode Interface C onfigurat ion (Ethernet) Command Usage • Source gu ard is used to fil ter traffic on an un secure port w hich receives messag es from ou tside the ne[...]

  • Seite 611

    IP Source Guard Command s 4-315 4 yet confi gured, the sw itch will drop all IP traffic on that por t, except for DHCP packets. Example This e xample ena bles IP source guard on port 5 . Related Commands ip so urce -guar d bind ing ( 4-315 ) ip dhcp sno oping (4-317) ip d hcp s noo ping vla n (4- 319) ip source- guard bind ing This comm and adds a [...]

  • Seite 612

    Command Line Interface 4-316 4 - If ther e is no entry with sa me VLAN ID an d MAC addr ess, a new entry i s added to b inding table usi ng the type of stat ic IP source gua rd binding. - If ther e is an entry with sa me VLAN ID an d MAC addres s, and the typ e of entry is stat ic IP source gua rd binding , then the new ent ry will replace the old [...]

  • Seite 613

    DHCP Snooping C ommands 4-317 4 Example DHCP Snooping Command s DHCP snooping allo ws a switch to pro tect a network fr om rogue DHCP servers or other devices wh ich send port-rela ted information to a DHCP server . This inform ation can be usef ul in tracking an IP address ba ck to a physical port. This section desc ribes commands used to configur[...]

  • Seite 614

    Command Line Interface 4-318 4 messag es recei ved on an unsecu re interf ace from outside the net work or firewall. When D HCP sno oping is e nabled globally by this c ommand, and enabled on a VLAN interface by the ip dhcp snooping vlan comm and (page 4-31 9), DHCP messages re ceived on an un trusted int erface (as specifi ed by the no ip d hcp sn[...]

  • Seite 615

    DHCP Snooping C ommands 4-319 4 switch will not add a dynamic entry for itself to the binding table when it receives an ACK message f rom a DHCP server. Also, when th e switch sends out DH CP client pa ckets for itself, no filtering ta kes place. H owever, when the switch receives any message s from a DHC P server, an y packets received from unt ru[...]

  • Seite 616

    Command Line Interface 4-320 4 Related Commands ip dhcp sno oping (4-317) ip dhcp sno oping trust (4- 320) ip dhcp snoop ing tr ust This c ommand configures the spe cified inte rface as t rusted. U se the no form to restore t he default sett ing. Syntax [ no ] ip dhcp snooping tru st Default Sett ing All interface s are untrusted Command Mode Inter[...]

  • Seite 617

    DHCP Snooping C ommands 4-321 4 ip dhcp snoop ing verify mac-address This command verifi es the client ’s hardware address stored in t he DHCP packet against t he source M AC address in the Ethernet header . Use the no form to disa ble thi s func tion . Syntax [ no ] ip dhcp snooping v erify mac-address Default Sett ing Enabled Command Mode Globa[...]

  • Seite 618

    Command Line Interface 4-322 4 • When the DHCP Snoopi ng Information Optio n is enabled, clients can be ide ntif ied by the swi tch p ort t o whi ch the y ar e conn ecte d ra ther than just thei r MAC ad dress. DHC P client-serve r exchange m essages a re then forward ed directly be tween the ser ver and client without having t o flood them to th[...]

  • Seite 619

    DHCP Snooping C ommands 4-323 4 ip dhcp snoop ing data base flash This comm and writes al l dynamically le arned snoop ing entries to flas h memory . Command Mode Global Co nfiguration Command Usage This comm and can be us ed to store the cu rrently learned dy namic DH CP snoopin g entries to flash m emory . The se entries w ill be restored to the [...]

  • Seite 620

    Command Line Interface 4-324 4 show ip dhcp snooping binding This comm and shows the DHCP sn ooping bindin g table entries. Command Mode Privileged Exec Example IP Cluster Commands IP Clust eri ng is a me thod o f gr oupi ng s witc hes t oget her t o en able cent ral ized manage ment throug h a single unit. A swi tch cluster has a “Command er” [...]

  • Seite 621

    IP Cluster C ommands 4-325 4 Command Usage • To creat e a switch cluster, firs t be sure th at cluste ring is enab led on the switch (the defau lt is enabled), th en set the switch as a Cluster Com mander. Set a Cluste r IP Pool that doe s not confli ct with any ot her IP subne ts in the netw ork. Cluste r IP addr esses are assigne d to sw itches[...]

  • Seite 622

    Command Line Interface 4-326 4 cluster ip- pool This comm and sets the clus ter IP address p ool. Use the no fo rm to reset t o the default ad dress. Syntax cluster ip -pool < ip-a ddre ss > no cluster ip-pool ip-address - The base IP address for IP addresses assigned to cl uster Members. The IP address must start 10.x.x.x. Default Sett ing 1[...]

  • Seite 623

    IP Cluster C ommands 4-327 4 Command Usage • The maxi mum numbe r of cluster Me mbers is 36. • The maxim um numbe r of switch Ca ndidates is 10 0 . Example rcommand This comm and provid es access to a c luster Membe r CLI for configur ation. Syntax rcommand id < member- id > member-id - The ID number of the Member switch. (Range: 1-36) Co[...]

  • Seite 624

    Command Line Interface 4-328 4 show cluster members This comma nd shows the curren t switch cluster membe rs. Command Mode Privileged Exec Example show cluster candidat es This c ommand shows the disco vered Cand idate s witches in the n etwork. Command Mode Privileged Exec Example Console#show cluster members Cluster Members: ID: 1 Role: Active me[...]

  • Seite 625

    A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802.1X, MAC Authenticatio n, Web Authentication), HTTPS, SSH, Port Securi ty Acce ss Cont rol L ist s IP , MAC; 1000 r ules per system DHCP Client Port Co nfiguration 100 BASE- FX: 10 0 Mbp s full dupl ex 1000BASE- T : 10/10 0 Mbps at half/full du[...]

  • Seite 626

    Software Specifi cations A-2 A Multicast VLAN Registr ation Quality of Se rvice DiffServ supp orts class maps, polic y maps, and servi ce policies Addi tio nal Fe atur es BOOTP client SNTP (Simpl e Network Time Protocol) SNMP (Si mple Network Manageme nt Protocol) RMON (R emote Mon itoring, groups 1,2 ,3,9) SMTP Ema il Alerts DHCP Snooping IP Sour [...]

  • Seite 627

    Management Inf ormation Bases A-3 A RADIUS+ (RFC 2 618) RMON (R FC 1757 grou ps 1,2,3,9) SNMP (RFC 1 157) SNMPv2 (R FC 2571) SNMP v3 ( RFC DRA FT 34 14, 3410, 227 3, 34 1 1, 3415 ) SNTP (RFC 2030) SSH (V ersion 2.0) TFTP (RFC 1350 ) Management Information Bases Bridge MIB (R FC 1493) Diffe rentiated Services MIB (RFC 3289) Entity MI B (RFC 2737) Et[...]

  • Seite 628

    Software Specifi cations A-4 A[...]

  • Seite 629

    B-1 Appe ndix B: Trou blesho oting Problems Accessing the Management Interface T a ble B-1 Troublesho oting Chart Sympt om Act io n Cannot co nnect usin g T e lnet, web brow ser , or SN MP software • Be su re the switch i s powered up. • Check network cabl ing betwee n the man agement station and th e switch. • Check that you have a valid ne [...]

  • Seite 630

    T roubleshooti ng B-2 B Using System Logs If a fau lt does occur , refer to the I nstallati on Guide to ens ure that the problem you encount ered is actual ly caused by the switch. If the pr oblem app ears to be caused by th e swit ch, fol low t hese st ep s: 1. Enable logg ing. 2. Set the erro r messages reported to includ e all categor ies. 3. De[...]

  • Seite 631

    Glos sary -1 Glossary Acces s Control Lis t (ACL) ACLs can lim it netw ork traf fi c and rest ric t acce ss to cer tai n users or dev ices by checkin g each packet fo r certain IP or MAC (i .e., Layer 2) in formation. Boot Protocol (BOOTP) BOOTP is use d to provide boo tup inform ation for netw ork device s, including IP address information, the ad[...]

  • Seite 632

    Glossar y Glossar y-2 GARP VLAN Registration Protoco l (GVRP) Defines a way for switche s to exchange VLAN informat ion in order to re gister necessa ry VLAN me mbers on po rts along the S panning Tree so that VLAN s defined in each swi tch can work automatica lly over a S panning Tree network. Generic Att ribute Registration Protocol (GARP) GARP i[...]

  • Seite 633

    Glos sary -3 Glossar y IGMP Snoo ping Listenin g to IGMP Query and I GMP Report packets trans ferred betwee n IP Multicast Routers and IP Multicas t host groups to id entify IP Multi cast group me mbers. IGMP Query On eac h subne twork, one I GMP-capable d evice w ill act as the querier — that is, the device tha t asks all hosts to re port on the[...]

  • Seite 634

    Glossar y Glossar y-4 Multicas t Switching A proce ss wher eby the switch fi lters incom ing mu lticast fram es for se rvices for which n o attached host has registere d, or for wards the m to all ports con t ained within the design ated multicas t VLAN group. Network Time Prot ocol (NTP) NTP prov ides the mech anisms to syn chronize ti me across t[...]

  • Seite 635

    Glos sary -5 Glossar y Secure Shell (SSH) A secure r eplacement for remote acces s functions, including T eln et. SSH can authenti cate users with a cryptograph ic key , an d encrypt da t a con nections betw een manage ment clients and t he switch. Simple Netw ork Managemen t Protocol (SNMP) The ap pli cati on pro tocol in the I nte rnet suite of p[...]

  • Seite 636

    Glossar y Glossar y-6 Vir tual LAN (VLAN) A Virtual LAN is a colle ction of netwo rk nodes that sh are the same co llision doma in regardle ss of their physi cal location or conn ection point in the network. A VL AN serves as a logical work group with no physical barri ers, and allow s users to share informat ion and resou rces as though l ocated o[...]

  • Seite 637

    Index-1 Numerics 802.1Q tu nnel 3-167, 4 -251 configur ation, guidel ines 3-170 configur ation, limitat ions 3-170 desc rip tion 3- 167 ethern et type 3-171 interface c onfiguration 3-172, 4-252–4 -253 mode sel ection 3-17 2 status, c onfiguring 3-1 70 TPID 4-253 uplink 3-172 802.1X, po rt authenticatio n 3-81, 3-99 802.1X, por t authenticat ion [...]

  • Seite 638

    Index-2 Index defa ult s etti ngs, syste m 1- 6 DHCP 3-18, 4-215, 4-216, 4-309 client 3-16 dynamic c onfiguration 2-5 DHCP snooping glo bal co nfig urat ion 4-317 , 4-324 , 4-325 specifyi ng truste d interfac es 4-320 verifying M AC addres ses 4-321, 4-322 VLAN conf igur ati on 4-319 Different iated Code Point Service See DSCP Different iated Servi[...]

  • Seite 639

    Index-3 Index param eters 3-213 snoo ping , co nfi guri ng 3-213, 4-287 import ing user public ke ys 3-76 ingress fil tering 3-165, 4-246 IP ad dress BOOTP /DHCP 3-18, 4 -215, 4-216, 4-309, 4-311 set ting 2-4, 3-1 6, 4-21 5, 4-2 16, 4-309 IP pr ecede nce enabling 3 -197 IP so urce gu ard configur ing static entr ies 4-315 setting fi lter criteria 4[...]

  • Seite 640

    Index-4 Index MSTP 4- 219 configur ing 3-149 global s ettings 4 -217 global s ettings, configuring 3 -141 global s ettings, displaying 3- 138 int erf ace s etti ngs 4-218 interface s ettings, c onfiguring 3-1 47, 3-153 int erf ace s etti ngs, dis play ing 3-151 multicast filtering 3-21 2, 3-225, 3-240, 4-287 multicast groups 3 -218, 4-291 displayi [...]

  • Seite 641

    Index-5 Index R RADIUS , logon auth entication 4-94 RADIUS, settings 3-54 rate limits, setting 3-128, 4-179 rem ote lo ggin g 4-5 8 restartin g the system 3- 33, 4-24, 4 -25 RSA encryp tion 3-75, 3-76 RSTP 3-136 , 4-219 glo bal co nfig urat ion 4-219 global s ettings, configuring 3 -141 global s ettings, displaying 3- 138 int erf ace se tti ngs, co[...]

  • Seite 642

    Index-6 Index Type Lengt h Value See also LLDP-ME D TLV U upgrading softwar e 3- 20 UPnP 3- 245 configur ation 3-245 user pas swor d 3-51, 3- 59, 3-60 , 3-6 2, 3-65, 4-38, 4-39 V VLANs 3-1 55–3-191, 4 -238 802.1Q tu nnel mode 3-1 72 adding sta tic member s 3 -162, 3-164, 4-248 creating 3-161, 4-2 43 descript ion 3 -155, 3-191 displayi ng basic in[...]

  • Seite 643

    [...]

  • Seite 644

    ES3528M- SFP E1220 07-DG-R01 149100 035500A[...]