Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/newdedyk/domains/bkmanuals.com/public_html/includes/pages/manual_inc.php on line 26
SMC Networks SMC6824M manuale d’uso - BKManuals

SMC Networks SMC6824M manuale d’uso

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608

Vai alla pagina of

Un buon manuale d’uso

Le regole impongono al rivenditore l'obbligo di fornire all'acquirente, insieme alle merci, il manuale d’uso SMC Networks SMC6824M. La mancanza del manuale d’uso o le informazioni errate fornite al consumatore sono la base di una denuncia in caso di inosservanza del dispositivo con il contratto. Secondo la legge, l’inclusione del manuale d’uso in una forma diversa da quella cartacea è permessa, che viene spesso utilizzato recentemente, includendo una forma grafica o elettronica SMC Networks SMC6824M o video didattici per gli utenti. La condizione è il suo carattere leggibile e comprensibile.

Che cosa è il manuale d’uso?

La parola deriva dal latino "instructio", cioè organizzare. Così, il manuale d’uso SMC Networks SMC6824M descrive le fasi del procedimento. Lo scopo del manuale d’uso è istruire, facilitare lo avviamento, l'uso di attrezzature o l’esecuzione di determinate azioni. Il manuale è una raccolta di informazioni sull'oggetto/servizio, un suggerimento.

Purtroppo, pochi utenti prendono il tempo di leggere il manuale d’uso, e un buono manuale non solo permette di conoscere una serie di funzionalità aggiuntive del dispositivo acquistato, ma anche evitare la maggioranza dei guasti.

Quindi cosa dovrebbe contenere il manuale perfetto?

Innanzitutto, il manuale d’uso SMC Networks SMC6824M dovrebbe contenere:
- informazioni sui dati tecnici del dispositivo SMC Networks SMC6824M
- nome del fabbricante e anno di fabbricazione SMC Networks SMC6824M
- istruzioni per l'uso, la regolazione e la manutenzione delle attrezzature SMC Networks SMC6824M
- segnaletica di sicurezza e certificati che confermano la conformità con le norme pertinenti

Perché non leggiamo i manuali d’uso?

Generalmente questo è dovuto alla mancanza di tempo e certezza per quanto riguarda la funzionalità specifica delle attrezzature acquistate. Purtroppo, la connessione e l’avvio SMC Networks SMC6824M non sono sufficienti. Questo manuale contiene una serie di linee guida per funzionalità specifiche, la sicurezza, metodi di manutenzione (anche i mezzi che dovrebbero essere usati), eventuali difetti SMC Networks SMC6824M e modi per risolvere i problemi più comuni durante l'uso. Infine, il manuale contiene le coordinate del servizio SMC Networks in assenza dell'efficacia delle soluzioni proposte. Attualmente, i manuali d’uso sotto forma di animazioni interessanti e video didattici che sono migliori che la brochure suscitano un interesse considerevole. Questo tipo di manuale permette all'utente di visualizzare tutto il video didattico senza saltare le specifiche e complicate descrizioni tecniche SMC Networks SMC6824M, come nel caso della versione cartacea.

Perché leggere il manuale d’uso?

Prima di tutto, contiene la risposta sulla struttura, le possibilità del dispositivo SMC Networks SMC6824M, l'uso di vari accessori ed una serie di informazioni per sfruttare totalmente tutte le caratteristiche e servizi.

Dopo l'acquisto di successo di attrezzature/dispositivo, prendere un momento per familiarizzare con tutte le parti del manuale d'uso SMC Networks SMC6824M. Attualmente, sono preparati con cura e tradotti per essere comprensibili non solo per gli utenti, ma per svolgere la loro funzione di base di informazioni e di aiuto.

Sommario del manuale d’uso

  • Pagina 1

    T igerStack III 10/100 24- P ort F ast Ethern et Swi tch ◆ 24 auto-MDI/ MDI-X 10B ASE-T/100BASE-TX ports ◆ 10B AS E-T/100 B ASE-TX por ts support PoE capabilities* ◆ 2 Gigabit com bo ports (RJ -45/SFP) ◆ 8.8 Gbp s of ag gregate bandwidt h ◆ Stacks up to 8 units ◆ Non-block ing switchi ng architecture ◆ Spanning T ree Prot ocol, RSTP ,[...]

  • Pagina 2

    [...]

  • Pagina 3

    38 T esla Irvine, CA 9261 8 Phone: (9 49) 679-8000 T igerStack III 10/100 Management Guide From SMC’ s T iger line of feature-r i ch workgro up LAN solutions June 200 5 Pub. # 15 0200037700A[...]

  • Pagina 4

    Infor matio n furn ished by SMC Networks , Inc. (SMC) is believed to be accurate and reliable . H ow ever , no responsibility is assumed by SMC for its use, nor f or any in fring ement s of pa tents or other r ights of third pa rt ies which may result from its use. No license is g ranted by implicatio n or other wise und er an y pate nt or pat ent [...]

  • Pagina 5

    i L IMITED W ARRANTY Limited W ar ranty Statement: SMC Networks, Inc. (“S MC”) war r ants its p roduc ts to be fre e from defects in w orkmanship and materials, under nor mal use and service, for the applicable warranty term . All SMC products carr y a standard 90-day li m ited warranty from the date of purchase from SMC or its Authorized R ese[...]

  • Pagina 6

    L IMIT ED W AR RANTY ii WARRA NTI ES EXCLUS IVE: IF AN SMC PR ODUCT DOES NOT OPERA TE AS W ARRA NTED ABO VE, CUSTOMER’S SOLE REMED Y SHALL BE REP AI R OR REPLA CEMENT OF THE PR OD UCT IN Q UESTION , AT SMC’S OP TION . THE FOREGOIN G W ARRANTIES AND REMEDIES AR E EXCL USIVE AND ARE I N LIEU OF ALL OTHER W ARRANTIES OR CONDITION S , EXPRESS OR IM[...]

  • Pagina 7

    iii T ABLE OF C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descript ion of Softwa re Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 System Defa ults . . . . . . .[...]

  • Pagina 8

    T ABLE OF C ONTENTS iv Basic Conf iguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 Displaying Sy stem Info rmation . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 Displaying Sw itch Hardwa re/Software Versions . . . . . . . . . . . 3-15 Displaying Bridge Extension Capabilities . . . . . . . . . .[...]

  • Pagina 9

    T ABLE OF C ONTENTS v Replacing the Default Secure-s ite Certificate . . . . . . . . . . 3-77 Configur ing the Secur e Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 Generating the Host K ey Pair . . . . . . . . . . . . . . . . . . . . . . 3-81 Configur ing the SSH Ser ver . . . . . . . . . . . . . . . . . . . . . . . . 3-83 Confi[...]

  • Pagina 10

    T ABLE OF C ONTENTS vi Power Over Eth ernet Set tings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 Switch P ower Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146 Setting a Switc h Power Bu dget . . . . . . . . . . . . . . . . . . . . . . . . 3-147 Displaying P ort Power Status . . . . . . . . . .[...]

  • Pagina 11

    T ABLE OF C ONTENTS vii Mapping CoS Va lues to Egress Queues . . . . . . . . . . . . . 3-204 Selecting th e Queue Mode . . . . . . . . . . . . . . . . . . . . . . . . 3-206 Setting th e Service W eight for Traffic Cl asses . . . . . . . . . 3-207 Layer 3/4 Prior ity Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 Mapping Lay [...]

  • Pagina 12

    T ABLE OF C ONTENTS viii Negating th e Effect of Commands . . . . . . . . . . . . . . . . . . . . . . . 4-6 Using Comm and Histor y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Understand ing Comman d Modes . . . . . . . . . . . . . . . . . . . . . . . . 4-6 Exec C ommands . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Pagina 13

    T ABLE OF C ONTENTS ix enable pas sword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 IP Filter C ommands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 managemen t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 show mana gement . . . . . . . . . . . . . . . . . . . . [...]

  • Pagina 14

    T ABLE OF C ONTENTS x logging se ndmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 show logg ing send mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 Time Command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-68 sntp client . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Pagina 15

    T ABLE OF C ONTENTS xi radius-se rver key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 radius-se rver retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 radius-se rver timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 show rad ius-server . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Pagina 16

    T ABLE OF C ONTENTS xii match acce ss-list ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-137 show markin g . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138 MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-138 access-list mac . . . . . . . . . . . . . . . . . . . . .[...]

  • Pagina 17

    T ABLE OF C ONTENTS xiii negotiatio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-173 capabilit ies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-174 flowcontr ol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-175 shutdow n . . . . . . . .[...]

  • Pagina 18

    T ABLE OF C ONTENTS xiv spanni ng-tree tra nsmission -limit . . . . . . . . . . . . . . . . . . . . . . . 4-213 spanni ng-tree bac kup-root . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-214 spanni ng-tree mst -configu ration . . . . . . . . . . . . . . . . . . . . . . . 4-214 mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Pagina 19

    T ABLE OF C ONTENTS xv switchpor t private- vlan host- associat ion . . . . . . . . . . . . . 4-246 switchpor t private- vlan mapping . . . . . . . . . . . . . . . . . . . 4-246 show vlan pr ivate-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-247 GVRP and Br idge Exten sion Comma nds . . . . . . . . . . . . . . . . . . . . . 4-248 br[...]

  • Pagina 20

    T ABLE OF C ONTENTS xvi IGMP Quer y Commands (Layer 2) . . . . . . . . . . . . . . . . . . . . 4-273 ip igmp snoo ping querie r . . . . . . . . . . . . . . . . . . . . . . . . . 4-273 ip igmp snoo ping query -count . . . . . . . . . . . . . . . . . . . . . 4-274 ip igmp snoo ping query -interval . . . . . . . . . . . . . . . . . . . . 4-275 ip igmp[...]

  • Pagina 21

    T ABLE OF C ONTENTS xvii A PPEN DICES : A Software Specifications . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Software Fe atures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1 Managem ent Feature s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Standards . . . .[...]

  • Pagina 22

    T ABLE OF C ONTENTS xviii[...]

  • Pagina 23

    xix T ABLES Table 1-1 Key Feat ures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2 System Defa ults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1 Web Pag e Configuratio n Button s . . . . . . . . . . . . . . . . . . . 3-4 Table 3-2 Switch Main Menu . . . . . . . . . . . . . . . [...]

  • Pagina 24

    T ABLES xx Table 4-19 show logg ing flash/ram - d isplay de scription . . . . . . . . 4-62 Table 4-20 show logg ing trap - dis play descr iption . . . . . . . . . . . . . 4-63 Table 4-21 SMTP Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 Table 4-22 Time Command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Pagina 25

    T ABL ES xxi Table 4-56 Spanning Tr ee Command s . . . . . . . . . . . . . . . . . . . . . . 4-204 Table 4-57 VLAN Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-230 Table 4-58 Editing V LAN Groups . . . . . . . . . . . . . . . . . . . . . . . . . 4-230 Table 4-59 Configuri ng VLAN Inte rfaces . . . . . . . . . . . . . . . . . [...]

  • Pagina 26

    T ABLES xxii[...]

  • Pagina 27

    xxiii F IGURES Figure 3-1 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2 Front Pan el Indicator s . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 Figure 3-3 System In formation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14 Figure 3-4 General Switch Information . . . . . . . [...]

  • Pagina 28

    F IGU RES xxiv Figure 3-37 802.1X Global Information . . . . . . . . . . . . . . . . . . . . . . 3-89 Figure 3-38 802802.1X Global Configuration . . . . . . . . . . . . . . . . . . 3-90 Figure 3-39 802.1X Port Configuration . . . . . . . . . . . . . . . . . . . . . . . 3-92 Figure 3-40 Displaying 802.1X Statistics . . . . . . . . . . . . . . . . . [...]

  • Pagina 29

    F IGU R ES xxv Figure 3-74 MSTP Port Inform ation . . . . . . . . . . . . . . . . . . . . . . . . 3-175 Figure 3-75 MSTP Port Configu ration . . . . . . . . . . . . . . . . . . . . . . . 3-178 Figure 3-76 Globally Enab ling GVRP . . . . . . . . . . . . . . . . . . . . . . . 3-183 Figure 3-77 Displaying Bas ic VLAN infor mation . . . . . . . . . . .[...]

  • Pagina 30

    F IGU RES xxvi[...]

  • Pagina 31

    1-1 C HAPTER 1 I NTRODUCTION These swi t ches provide a broad range of featu res for La yer 2 switc hing. They include a m anagement agent that allo ws you to config ure the features listed in this manual. The default configuration can be used for most of the featu res provid ed by t hese switc hes . How ever , there are many opt ions that you s ho[...]

  • Pagina 32

    I NTR OD UC TI ON 1-2 Descri ption of Soft ware Feat ures Th e switch pr ovides a wide rang e of advanc ed perf or man ce enh ancing featu res. Flow contro l eliminates the loss of packet s due to bottlenec ks caused by por t satura tion. Broa dcas t stor m suppres sion pre vents broad cast traff i c s t orms from eng ulfing the ne twor k. Untag ge[...]

  • Pagina 33

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-3 priorit y queue ing ensur es the m inimum del ay for moving real -time multimedia data across the network. While multicast filt ering provides suppor t for real-time network appli cations. Some of the manag ement features are brief ly describ ed below . Configuration Backup and Restore – Y ou ca n sav e t[...]

  • Pagina 34

    I NTR OD UC TI ON 1-4 switch connections. Flow control should also be enable d to control netw ork traff ic during pe riods of c ong esti on and prev ent the los s of pack ets when port buffe r thresholds are exceed ed. The switc h supports flow co ntrol based on the IEEE 802. 3x standard. Rate Limiting – T his feature contr o ls the maximum rate[...]

  • Pagina 35

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-5 IEEE 802.1D Bridge – T he switch supports IEEE 802.1D transparent bridgin g . T he addr ess table facilita tes data switching by le ar ning a ddresse s, and then filterin g or forwarding tra ffic based on this infor mation. The address table supp or ts up t o 8K addresse s. Store-and-F orward S wi tching [...]

  • Pagina 36

    I NTR OD UC TI ON 1-6 for diffe rent VL ANs . It sim plifies ne twork manag ement, pr ovides for e ven faste r converg enc e tha n RSTP by limit ing t he size o f each r egion , and prev ents VLAN m embers fr om being seg m ented from the rest of the gr oup (as so metimes occ urs with I EEE 802.1D STP ). Vir t ua l LA N s – T he switch supports u[...]

  • Pagina 37

    S YSTEM D EFAULTS 1-7 prior ities are map ped to a Class o f Ser vice v alue by th e switch, and the traffi c then se nt to t he cor res pond ing outpu t queu e. Multicast Filteri ng – Specific multicast traffic can be assigned to its own VLAN to ens ure that it does not in terfere wit h nor mal net work traffic an d to guarantee real-time delive[...]

  • Pagina 38

    I NTR OD UC TI ON 1-8 Authentication Privileged Exec Level Username “a dmin” Password “ad min” Normal Exec Level Username “guest” Pass word “guest ” Enable Privilege d Exec from Normal Exe c Level Password “super” RADIUS Authentication Disabled TACACS Authe nti cati on Disab led 802.1X Port Authentication Disabled HTTPS Enabled [...]

  • Pagina 39

    S YSTEM D EFAULTS 1-9 Power over Ethernet * Status Enabled (all ports) Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP Disabled Broadcast St orm Protection Status Enabled (all ports) Broadcast Limit Rate 500 packets per second Spanning Tree Protocol Status Enabled, MSTP (Defaults: All valu es based on IEEE 802.1[...]

  • Pagina 40

    I NTR OD UC TI ON 1-10 IP Settings Management VLAN 1 IP Add ress 0.0.0.0 Subnet Mask 255.0.0. 0 Default Gate way 0.0.0.0 DHCP En abled BOOTP Disabled Multicast Filt ering IGMP Snooping Snooping: Enabl ed Querier: Disable d System Log Status Enabled Messages Logg ed Levels 0-7 (all) Messages Logg ed to Flash Levels 0-3 SMTP Email Alerts Event Handle[...]

  • Pagina 41

    2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Switch Configuration Opt ions The switc h includes a built-in ne twork ma nagement agent. The agent offer s a variety o f manag ement option s, including SNM P , RM ON and a web-base d inte rfa ce. A PC may al so be conn ect ed dire ctly to the s wit ch for config uration a nd monit oring [...]

  • Pagina 42

    I NI TI AL C ONFIGURATION 2-2 The switch’ s CLI configur at ion pro g ram, w e b interface , and SNMP agent allow you to perf or m the following manag emen t functio ns: • Set user nam es an d passw ord s • Set an IP i nterf ace f or th e mana geme nt VL AN • Con fig ure S NM P para met ers • Enable /disa ble any por t • Set th e speed/[...]

  • Pagina 43

    C ONNECTING TO THE S WITCH 2-3 Required Connections The switch provides an RS-232 serial por t that enables a connection to a PC or te r minal for mo nitoring an d configur ing the sw itch . A null -modem console cable is pr ovided with the s witch. Note: When configuri ng a stack, co nnect to the cons ole port on t he Master unit. Attach a VT100-c[...]

  • Pagina 44

    I NI TI AL C ONFIGURATION 2-4 Notes: 1. When usin g HyperTe rminal wi th Micros oft ® Window s ® 200 0, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the p roblem of arrow keys not functioning in HyperTerminal’s VT 100 emulati on. See www.m icrosoft.com fo r information o n Windows 200[...]

  • Pagina 45

    S TACK O PERATIONS 2-5 Note: The onboard program only provides a ccess to basi c configurat ion funct ions. To acc ess the full r ange of SNM P manageme nt funct ions, you mu st use SNMP- b ased network m anagement softwar e. Stack Operations Up to e ight switc hes can be s tacked together as des cribed in th e Installation Gui de . One unit in the[...]

  • Pagina 46

    I NI TI AL C ONFIGURATION 2-6 Resilient IP Int erface for Management Access The stack functions as one int eg ral system for m anagement and confi g uratio n purposes . Y ou can th erefore manage th e stack thro ugh any port configured as part of the VLAN used for managemen t access . The Master unit does not even h ave to include an activ e por t [...]

  • Pagina 47

    B ASIC C ONFIGURATION 2-7 4. The se ssion is opene d and the CL I displays the “Console #” prompt indicat ing you ha ve a ccess at the P rivileged Ex ec leve l. Setting Passwords Note: If th is is your first time to log int o the CLI program, you should define new password s for both default user n ames using t h e “usernam e” command, reco[...]

  • Pagina 48

    I NI TI AL C ONFIGURATION 2-8 Dynamic — The swit ch sends IP configur ation reque sts to BOOT P or DHCP add ress a llocatio n ser vers on the ne twork. Note: Only one VLA N interface can be assigned an IP address (the default is VLAN 1). Th is defines th e manageme nt VLAN, the only VLAN through which you can gai n manage ment access t o the swit[...]

  • Pagina 49

    B ASIC C ONFIGURATION 2-9 4. T o set the IP addr ess of th e default g atew ay for the netw ork to whic h the switch belongs, type “ip de fault-g ate way gateway , ” where “gatewa y” is the IP address o f the default gate way . Press < Enter>. Dynamic Configuration If you select the “boot p” or “dhcp” op tion, IP will be en ab[...]

  • Pagina 50

    I NI TI AL C ONFIGURATION 2-10 4. T ype “ip dhcp restart” to begi n broadcasti ng ser vice reques ts. Press <Ente r>. 5. W ait a few min utes , and then c heck th e IP configur ation setti ngs by typi ng the “sho w ip inte rface” comman d. Press <E nter>. 6. The n save your conf iguratio n changes b y typi ng “copy running-co [...]

  • Pagina 51

    B ASIC C ONFIGURATION 2-11 entire MIB tr ee. However, you may assig n new view s to versio n 1 or 2c comm unity strings that suit y our specific s ecurity requir ements (see page 3-67) . Community Strings (for SNMP version 1 and 2c clients) Comm unity string s are used to control management access to SN MP v ersion 1 and 2c stat ions, as well as to[...]

  • Pagina 52

    I NI TI AL C ONFIGURATION 2-12 communi ty strings. If there are no commun ity strings, th en SNMP manageme nt acc ess from SN MP v1 an d v2c c lients is d isabl ed. Trap Receivers Y ou can a l so sp ecify SNMP stat ions that are to receiv e traps from the switc h. T o config ure a trap recei ver , use the “s nmp-ser ver host” comm and. Fr om th[...]

  • Pagina 53

    B ASIC C ONFIGURATION 2-13 used for authentication , provides t he password “greenpeace” for authen tication, and the pass word “eins tien” for encry ption. F or a more detail ed expla nat ion on how t o co nfigure the swit ch for a ccess from SN MP v3 clien t s , refer t o “Simple N etwor k Management Prot ocol” on pa g e 3-45, or refe[...]

  • Pagina 54

    I NI TI AL C ONFIGURATION 2-14 Managing System File s Th e switch’ s flash me mor y sup por ts three ty pes of syste m files tha t can be managed b y the CLI pr og ram, w eb interfac e, or SNMP . The swit ch’ s file syste m allo ws files to be uploaded an d downloade d, copied, del eted, and set as a start-up file . Th e thre e typ es of fi les[...]

  • Pagina 55

    C ONFIGURING P OWER OVER E THER NET 2-15 Conf iguring Power ove r Etherne t The 24 10/100 Mbps por ts on the SMC6824MPE and SMC6826MPE support th e IEEE 802.3af P ower -over -E thernet (PoE) standard that enabl es DC powe r to be su pplied to attac hed device s ove r the unused pairs of wir es in the connect ing Ethernet cable . Any 802.3af complia[...]

  • Pagina 56

    I NI TI AL C ONFIGURATION 2-16[...]

  • Pagina 57

    3-1 C HAPTER 3 C ONFIGURING THE S WITCH Using the We b Interface This sw itch provides an embedded HTTP W eb ag ent. Using a W eb bro wser you can configure the s w itch and view statis tics to monito r netw ork acti vity . The W eb agent can be accessed b y any computer on the network us ing a stan dard W eb browser (In ter net E xpl orer 5.0 or a[...]

  • Pagina 58

    C ONFIGURING THE S WI TCH 3-2 Notes: 1. Yo u are al lowed th ree attemp ts to en ter the c orrect p assword ; on th e third fai led attempt the current co nnection is terminate d. 2. If you log into th e web interface as guest (Normal Exec level), you ca n view the co nfiguratio n settings or change the guest password. If you log in as “admin” [...]

  • Pagina 59

    N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-3 Navigati ng t he Web Browse r Inter face T o acce ss the W eb-browse r interfac e you must first e nter a us er name a nd passw ord. The administrator h as Read/W rite access to all conf iguration parameter s and stati stics . T he defaul t user name and passw ord for the administrator is “ admin.[...]

  • Pagina 60

    C ONFIGURING THE S WI TCH 3-4 Configuration Opt ions Configur able paramet ers hav e a dialog bo x or a dro p-down lis t. Once a config urati on chang e has been made on a pag e, be sure to click on th e Apply bu tton to c onfir m the new setting. The foll owing table su mmarizes the W eb p ag e configu ratio n button s . Notes: 1. To ensu re prop [...]

  • Pagina 61

    N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-5 Panel Display The we b agent displa ys an image of th e switch ’ s ports . T he Mod e can be set to display different infor mation for the por ts, including Activ e (i.e., up or down), Du plex (i.e., ha lf or ful l duplex) , or Flow Co ntro l (i.e., with o r with out flow cont rol). Clic king on t[...]

  • Pagina 62

    C ONFIGURING THE S WI TCH 3-6 Main Menu Using the onboard W eb agent, y ou can defi ne system pa rameters , mana g e and control the switch, and all its po rts, or monitor ne twork conditions . The following table briefly describes the se lections available from this prog r am. Table 3-2 Switch M ain Menu Menu Des cription Page System 3-13 System I[...]

  • Pagina 63

    N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-7 SNTP 3-43 Configura tion Co nfigures SNTP cl ient setting s, includin g broadcast mo de or a specified list of servers 3-43 Clock Time Zone Sets the local time zone for the system clock 3-43 SNMP 3-45 Configura tion Co nfigures comm unity strings and related trap functions 3-48 Agent Status Allows S[...]

  • Pagina 64

    C ONFIGURING THE S WI TCH 3-8 802.1X Port authentic ation 3-88 Information Displays the g lobal configu ration setti ng 3-89 Configura tion Configure s the global con figurati on setting 3-88 Port Configura tion Set s parame ters for individual ports 3-94 Statistic s Displays protocol statistics for the selected port 3-94 ACL 3-98 Configura tion Co[...]

  • Pagina 65

    N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-9 Broadcast Control Sets the broadca st storm threshol d for each port 3-135 Mirror Port Configura tion Sets the source and target ports for mirroring 3-136 Rate Limit 3-138 Input Port Config uration Sets the input rate limit for each port 3-138 Input Trunk Configu ration Sets the input rate limit for[...]

  • Pagina 66

    C ONFIGURING THE S WI TCH 3-10 Trunk Configuratio n Configures indi vidual trunk settings for STA 3-169 MSTP VLAN Configuration Configures priority and VLANs for a spanning tr ee instance 3-172 Port Information Displays port settings for a sp ecified MST instance 3-175 Trunk Information D isplays tr unk settings for a spec ified MST instance 3-175 [...]

  • Pagina 67

    N AVIGATIN G THE W EB B RO WS ER I NTE RF ACE 3-11 Private VLA N 3-194 Information Shows priv a te VLANs and asso ciated por ts 3-195 Configura tion Co nfigures private VLANs 3-197 Associat ion Maps a second ar y VLAN to a prim ar y VLAN 3-198 Port Informat ion Shows VLAN port typ e, and associat ed primar y o r secondar y VLANs 3-199 Port Config u[...]

  • Pagina 68

    C ONFIGURING THE S WI TCH 3-12 Copy Settings Enables mapping IP Prece dence and DSCP Priority settings to ports, or tru n ks. 3-215 ACL CoS Priority Sets the CoS value and corresponding output queue for packets matching an ACL rule 3-216 ACL Marker Change traffic priorities for frames matching an ACL rule 3-218 IGMP Sno oping 3-220 IGMP Confi gurat[...]

  • Pagina 69

    B ASIC C ONFIGURATION 3-13 Basic Configuratio n Displaying System Inform ation Y ou can e asily identify the system b y provid ing a descript ive n ame, location and contact information. Field Attribut es • Sy stem Na me – Name as signed to th e switch syst em. • Object ID – MI B II object I D for swi tch’s ne twork ma nagemen t subsystem[...]

  • Pagina 70

    C ONFIGURING THE S WI TCH 3-14 We b – Click S ystem, Syst em I nfor mation. Spec ify t he sy stem n ame, location , and contact information for th e s ystem admini strator , then cli ck Apply . (T hi s pag e also inc ludes a T el net butt on that access th e Comma nd Line Inter face via T elnet.) Figure 3-3 System Information[...]

  • Pagina 71

    B ASIC C ONFIGURATION 3-15 CLI – Specify the h ostname, location and contact info r mation. Displaying Switch Hardware/Software Versions Use the Switch Infor mation pag e to display hardware/fir mware version numbe rs for t he main board and management softwa re, as w ell as the pow er status of t he system. Field Attribut es Main Bo ard • Seri[...]

  • Pagina 72

    C ONFIGURING THE S WI TCH 3-16 • Internal Power Status – Displays the st atus of th e internal power supply. Manageme nt Software • Loader Versio n – Version number of loa der co de. • Boot-RO M Version – Versi on of Powe r-On Self-T est (POST) and b oot code. • Operation Code Version – Versio n numbe r of runtime code. • Role –[...]

  • Pagina 73

    B ASIC C ONFIGURATION 3-17 We b – Click System, Switch Infor mation. Figure 3-4 General Switch Informati o n CLI – Use the followin g command to display version infor matio n. Console#show version 4-80 Unit 1 Serial number: A230042447 Service tag: Hardware version: R0B Module A type: Stacking Module Module B type: not present Number of ports: 2[...]

  • Pagina 74

    C ONFIGURING THE S WI TCH 3-18 Displaying Bridge Extension Capabilities Th e Bridg e MIB in cludes ex tens ions for mana g ed device s that sup por t Multicast Filtering , T raffic Classes, an d Virtual LANs . Y ou can access t h ese exten s ions to displa y default setti ngs for the key v ariables . Field Attribut es • Extended Multicast Filteri[...]

  • Pagina 75

    B ASIC C ONFIGURATION 3-19 We b – Click System, Bridg e Extension. Figure 3-5 Displaying Bridge Extensi on Configuration CLI – Enter the following command. Setting the IP Addres s An IP address ma y be used fo r management acce ss to the s witch o ver y our network. By de fault, the swit ch uses DHC P to ass ign IP settings to VLAN 1 on th e sw[...]

  • Pagina 76

    C ONFIGURING THE S WI TCH 3-20 Y ou can man ually con figure a spec i fic IP address , or dire ct the device to obtain an address from a BOOTP or DHCP server . V alid IP addresses consist of four dec im al numb ers , 0 to 255, separated by periods . Anything other th an this for mat will not be accepted b y the CLI prog ram. Command Att ributes •[...]

  • Pagina 77

    B ASIC C ONFIGURATION 3-21 Manual Con figuration We b – Click System, IP Configuration. Select the VLAN thro ugh which the man age ment statio n is atta ched, set t he IP Add ress Mode to “Sta tic. ” Enter th e IP address , subnet mask and gatewa y , then clic k Apply . Figure 3-6 IP Interface Configuration - Manual CLI – Specify t he manag[...]

  • Pagina 78

    C ONFIGURING THE S WI TCH 3-22 Usin g DHC P/BOO TP If you r network p rovid es D HCP/B OOT P ser vic es, you can con figu re th e switc h to be dyna m ical ly configured b y these se r vices . We b – Click System, IP Configuration. Specify the VLAN to which the manag ement station is attached , set the IP Address Mode to DH CP or BOOTP . Click Ap[...]

  • Pagina 79

    B ASIC C ONFIGURATION 3-23 Renewing DCHP – DHCP may lea se add resse s to cli ents in def inite ly or for a sp ecific period of time . If the addre s s exp ires or the swit ch is mo ved to anothe r network segment, you will lose m anagemen t access t o the switch. In th is case, you can reboo t the switch or submit a clien t request to resta r t [...]

  • Pagina 80

    C ONFIGURING THE S WI TCH 3-24 • File Name – The f ile name should not cont ain slash es ( or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on th e TFTP server is 127 character s or 31 characters for files on the s w itch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ?[...]

  • Pagina 81

    B ASIC C ONFIGURATION 3-25 If yo u download to a new d estination file, go to the File, Set Sta r t-Up menu, mark the operation code file used at star tup , and click Apply . T o start the ne w fir mware , reboot the s ystem via the Sy stem/Re set menu. Figure 3-9 Setting the Startup Code T o delete a file, select System, File, Delete. Select the f[...]

  • Pagina 82

    C ONFIGURING THE S WI TCH 3-26 CLI – T o download new fir mware f or m a TF TP ser ver, enter the IP addres s of th e TFTP se r ver, select “opcode ” as the f ile typ e, then ent er the source and d estination file names. When the file h as finished d ownloading, set the new file to s tart u p the sy stem and then r estar t the sw itch. T o s[...]

  • Pagina 83

    B ASIC C ONFIGURATION 3-27 - file to startup-config - Copies a file in th e switch to the startup config uration. - file to tftp - Copies a file from the switch to a TFTP server. - running-con fig to f ile - Copies th e running config uratio n to a file. - running-c onfig to startup -config - Copies th e run ning config to the startup config. - r u[...]

  • Pagina 84

    C ONFIGURING THE S WI TCH 3-28 Download ing Config uration Setti ngs from a Server Y ou can d ownload t he configur ation fil e under a new file name and then set it as the startup fil e, o r you can specify the c ur rent startup configuration file as the desti nation file t o directly replace it. Note that t he file “Factor y_D efa ult_C onfi g [...]

  • Pagina 85

    B ASIC C ONFIGURATION 3-29 If you downloa d to a ne w file name using “tftp to s tar tup-co nfig ” or “tftp to file, ” the file is automatically set as the star t-up configuration file. T o use the ne w settings , reboot the system vi a the System/R eset me nu. Y ou can also select any configuration file as the st ar t-up configura t ion b [...]

  • Pagina 86

    C ONFIGURING THE S WI TCH 3-30 This example shows how to download a P oE controll er file from a TFTP ser ver. This exam ple shows how to co py a P oE control ler file fr om another un it in the stack. Consol e Port S etti ngs Y ou can access the onboard configuration pr og ram by attac hing a VT100 compa t ible de vice to the s witch’ s serial c[...]

  • Pagina 87

    B ASIC C ONFIGURATION 3-31 • Passwor d Threshold – Sets the pass w ord in tr usion t hresho ld, wh ich limits the number o f failed log on att empts. When the logon attempt thresho ld is reached, the system interf ace becomes sile nt for a specifi ed amoun t of time (s et by th e Silent T ime param eter) b efore allo wing the next logon a ttemp[...]

  • Pagina 88

    C ONFIGURING THE S WI TCH 3-32 We b – Cli ck System, Line, Consol e. Speci fy the consol e port connec tion para met ers as re qui red, then cl ick App ly . Fig ure 3- 13 Con sole Port S etting s CLI – Enter Li ne Configurati on mode for th e console , then specif y the connec tion parame ters as requir ed. T o displa y the current cons ole por[...]

  • Pagina 89

    B ASIC C ONFIGURATION 3-33 Telnet Settings Y ou can access the on board confi guration prog ram o ver the netw ork using T eln et (i.e., a virtual ter m inal). Manag ement access via T elnet c an be enabled/ disabled and othe r various p arameters set, in cluding the TCP port num b er , timeouts , and a passw ord. These para m ete rs can be config [...]

  • Pagina 90

    C ONFIGURING THE S WI TCH 3-34 We b – Clic k System, Line , T elnet. Spe cify the connect ion parameter s for T elnet access , then clic k Apply . Figure 3-14 Configuring the Telnet Interface CLI – Enter Line Conf iguration mode fo r a virtual ter m inal, then specify the co nnection parameters as re quired. T o displ ay the current virtual ter[...]

  • Pagina 91

    B ASIC C ONFIGURATION 3-35 Configuring Event Log ging The switch allows you to control the log ging of e rror messag es, including the ty pe of even ts that are reco rded in swi t c h memo r y , log ging to a r emote System Log (syslog) ser ver , and dis p la ys a list of recent ev ent messages . System Log Co nfigurat ion The syst em allo ws you t[...]

  • Pagina 92

    C ONFIGURING THE S WI TCH 3-36 Command Att ributes • System Lo g Status – E nables /disab les th e loggin g of de bug or er ror messag es to the logging process. • Flash Level – Limits log mes sages saved to the switch’ s permane nt flash memory for all level s up to the specifi ed le vel. For example, if level 3 is specified, all message[...]

  • Pagina 93

    B ASIC C ONFIGURATION 3-37 We b – Click System, Log, System Logs . Specify the Sy s tem Log Status , set the lev el of ev ent messa g es to be l og ged to RAM an d f lash me mor y , and then cl ick Apply . Figure 3-15 System Logs CLI – Enable system log gin g and then spe cify the lev el of m essages to be logg ed to RAM and flash memory . Use [...]

  • Pagina 94

    C ONFIGURING THE S WI TCH 3-38 This att ribute specifi es the facility type tag sen t in s yslog messages. (See RFC 3164.) This t ype has no effect on t he kind of messages reported by the s witch . Howev er, it may b e used by the sy slog s erve r to pro cess messa g es, s uch as sorting o r storing m essag es in the corre sponding database. (Rang[...]

  • Pagina 95

    B ASIC C ONFIGURATION 3-39 CLI – Enter the syslo g ser ver host IP address, c ho ose the facility type and set the minimum level of message s to be log g ed. Displaying Log Mes sages Use the Log s pag e to sc roll thro ugh the log ged system and ev ent messages . The switch can store up to 2048 log en tries in temporary random access memor y (RAM[...]

  • Pagina 96

    C ONFIGURING THE S WI TCH 3-40 CLI – This exampl e shows th e event m essage stored in RAM. Sending Simple Mail Transfer Proto col Alerts T o alert sy stem administra tors of pro blems , the switc h can use SMT P (Simple Mail T r ansfer P rotoc ol) t o send email message s when trig g ered by log ging ev ents of a specified lev el. The messages a[...]

  • Pagina 97

    B ASIC C ONFIGURATION 3-41 We b – Click System, Log , SMTP . Enable SMTP , specify a source email address , and select the minimum sev erity level. T o add an IP address to the SMTP Ser ver List, type the new I P address in the SMTP Ser ver fie l d and click Add. T o delete an IP addr ess , click the entr y in th e SMTP Ser ver List and cli ck Re[...]

  • Pagina 98

    C ONFIGURING THE S WI TCH 3-42 CLI – Enter the IP address o f at least one SM TP ser ver , set th e syslog severity lev el to trig g er an email messag e, and specify the switch (source) and up to five recipie nt (dest ination ) emai l addresse s . En able SMTP w ith the logging sendmai l command to co mplete the co nfiguration . Use th e show lo[...]

  • Pagina 99

    B ASIC C ONFIGURATION 3-43 CLI – Use the reload com m and to reboot t he system. Note: When resta rting the sys tem, it always runs the Pow er-On Self-Test. Setting the System C lock Simple Network Time Protocol (SNTP) allows the switch to set its int ernal cloc k based on pe riodic updat es from a time s er ver (SNTP or NTP). Maintaining an accu[...]

  • Pagina 100

    C ONFIGURING THE S WI TCH 3-44 We b – Se lect SNTP , Con figuration. Modify any of the required p arameters and click Apply . Figure 3-20 SNTP Configuration CLI – This example c onfigures t h e swi t c h to op erate as an SNTP c lient and then displays the c urr ent time and setting s . Setti ng the Time Zone SNTP uses Co ordinated Uni versal T[...]

  • Pagina 101

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-45 • Hours (0-13) – The n umber of hours b efore UTC (0-1 2) or a fter UTC (0-13) . • Minutes (0-59) – The number of minute s befo re/a fter UTC . • Direction – C onfigure s the time zone to be before (east) or after ( west) UTC. We b – Select SNTP , C l ock T ime Zone. Set the offset for [...]

  • Pagina 102

    C ONFIGURING THE S WI TCH 3-46 Infor m ation Bas e (MIB) tha t provides a sta ndard prese ntation of t he infor ma tion contr olled by the ag ent. SNMP d efines both the for mat of the MIB specificatio ns and the proto col us ed to access this info r mation over the netw ork. Th e sw itch incl ud es an onbo ard ag ent tha t sup po rt s SN MP ver si[...]

  • Pagina 103

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-47 Note: The predef ined default grou ps and view can be deleted fr om the system . You can then def ine customized grou ps and vie ws for the SNMP clients that require access. Table 3-4 SNMPv3 Security Model s and Levels Model L evel Group Read View Write View Noti fy View Security v1 noAut h NoPriv pu[...]

  • Pagina 104

    C ONFIGURING THE S WI TCH 3-48 Enabling the SNMP Agent Enables SNMPv3 se r vice for all mana gement clients (i.e., versions 1, 2c, 3). Command Att ributes SNMP Age nt Status – Enables SNMP on the switch . We b – Click SNM P , Ag ent Status . Enable the SNMP Agent by mar ki ng the Enable d checkbo x, and clic k Apply . Figure 3-22 Enabling the S[...]

  • Pagina 105

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-49 • Acce ss Mod e – Spec ifie s the ac ces s right s for th e com munit y str ing: - Read-Only – Authorize d manage ment sta tions are only able to retrieve MIB objects . - Read/Write – A uthorized m anagement stations are able to b oth retr ieve and modify MI B objects . We b – Clic k SNMP ,[...]

  • Pagina 106

    C ONFIGURING THE S WI TCH 3-50 Specifying Trap Managers and Trap Types T raps in dicating st atus chang es a re issued by the switch to sp ecified trap managers . Y ou must specify trap managers so th at key ev ents ar e repor ted by this switch to your man age ment statio n (using network manag ement platforms suc h as SMC Elit eView). Y ou can sp[...]

  • Pagina 107

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-51 3. C reate a view with th e req uire d not ificat ion messa g es (pag e 3- 67 ). 4. Create a g roup that inc ludes the required notify view (p age 3-61). 5. Specify a remote engine ID where the use r resides (page 3-54). 6. T hen confi gure a remo te us er (p age 3-58) . Command Att ributes • Trap [...]

  • Pagina 108

    C ONFIGURING THE S WI TCH 3-52 - Retry times – The maximum number of times to resend an inform message if the recipient does not acknowledge receipt. (Range: 0-255; Default: 3) • Enable Authentication Traps 3 – Issue s a notifi cation messag e to speci fied IP t rap ma nager s wh enev er au thenti catio n of an SN MP r eque st fails. (Default[...]

  • Pagina 109

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-53 Configuring SNM Pv3 Management Access To conf igure SNMPv3 mana gement a ccess to the switch, follow these steps: 1. If y ou want to c hange the default engine I D , it must be changed first before config urin g other param eters. 2. Specify read and write ac cess views for t he switch MIB t ree. 3. [...]

  • Pagina 110

    C ONFIGURING THE S WI TCH 3-54 We b – Click SNMP , SNM Pv3, Engine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Save . Figure 3-25 Setting an Engine ID CLI – This example sets an SN MPv3 engine ID . Specifyin g a Remote Engin e ID T o send info r m messages to an SNMPv3 user o n a remote device , you mus t first specify [...]

  • Pagina 111

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-55 We b – Click SNM P , SNMPv3, Remote Engine ID . Enter an ID of up to 26 hexadecimal ch aracters and then clic k Save . Figure 3-26 Setting an Engine ID CLI – This example sp ecifies a remote SNMPv3 en gine ID . Confi g uring S NMPv3 Users Each S NMPv3 use r is de fined by a u nique nam e. Users m[...]

  • Pagina 112

    C ONFIGURING THE S WI TCH 3-56 - Auth Priv – S NMP comm unication s use bo th authe nticati on an d encrypt ion (only ava i lable f or the SNMPv3 se curity model). • Authentication Proto col – The method u sed for user authen tication. (Opti ons: MD5, SH A; Default: MD5) • Authentication Password – A mini mum of eight plain t ext charac t[...]

  • Pagina 113

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-57 We b – Click SNMP , SNMP v3, Users . Click New to configure a user name. In the New Use r page, defin e a name and assi gn it to a g roup , then click Add to save the configuration and retur n to the User Name list. T o delet e a user , chec k the box ne xt to the user name , then clic k Delete . T[...]

  • Pagina 114

    C ONFIGURING THE S WI TCH 3-58 CLI – Use the snm p-se r ver use r command to con figure a new user nam e and ass ign it to a g ro up. Confi g uring Rem ote SNMPv3 Users Each S NMPv3 use r is de fined by a u nique nam e. Users mu st be config ure d with a specific security level and assigned to a g roup . T he SNMPv3 g roup restrict s users to a s[...]

  • Pagina 115

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-59 Command Att ributes • User Na me – The name of user co nnecting to th e SNMP agent. (Range: 1-32 char acters) • Gro up N ame – The name of the SNMP group to whi ch the user is assigned. ( Range: 1-32 characters) • Engine ID – The en gine ident ifier for th e SNM P ag ent on th e re mote d[...]

  • Pagina 116

    C ONFIGURING THE S WI TCH 3-60 We b – Click SNMP , SNMPv3, Remote Users . Click New to configure a user name . In the New User pa g e, define a name an d assign it to a group , then click Add to save the configuration an d retur n to the Us er Name lis t. T o del ete a u ser, check the b ox next to the use r name, th en click D elete. Figure 3-28[...]

  • Pagina 117

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-61 CLI – Use the snm p-se r ver use r command to con figure a new user nam e and assi g n it to a group . Confi g uring S NMPv3 Groups An SNMPv3 g roup sets the access policy f or its assig n ed user s, restricti ng them to sp ecifi c re ad, w rite, a nd no tif y view s. Y ou c an use the pr e-de fine[...]

  • Pagina 118

    C ONFIGURING THE S WI TCH 3-62 • Notify View – The configured view for notifications. (Range: 1-64 charact ers) Table 3-5 Supported Notification Messages Object La bel Object ID Description RFC 1493 Traps newRoot 1.3.6.1.2.1. 17.0.1 The n ewRoot trap indicates that the sendi ng agent ha s become the new root of the Spanning Tree; t he trap is s[...]

  • Pagina 119

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-63 warmStar t 1.3.6.1.6.3. 1.1.5.2 A warmSta rt trap sig nifies t hat th e SNMP v2 e nti ty , act ing in an agent role, is reinitializing itself su ch that its c onfiguration is unaltered . linkDown * 1.3.6.1. 6.3.1.1.5.3 A linkDown trap sig nifies t hat th e SNMP entity, acting in an agent role , has d[...]

  • Pagina 120

    C ONFIGURING THE S WI TCH 3-64 authenticationFailure * 1.3.6.1.6.3.1.1 .5.5 An authentica tionFailure trap signifies tha t the SNMP v2 e nti ty , act ing in an age nt role, has received a prot ocol messag e that is not properly authen ticated. While all implement ations of the SNMPv2 must be capable of ge neratin g this trap, the snmp Enable Authen[...]

  • Pagina 121

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-65 swIpFilterRejectTrap 1.3. 6. 1.4.1.202.20.28 .63.2.1. 0.40 1.3.6.1.4.1. 202.20.41.63. 2.1.0.40 1.3.6.1.4.1. 202.20.53.63. 2.1.0.40 T h i s t r a p i s s e n t w h e n a n incorrect IP address is rejected by the IP Filter. swSmtpConnFai lure Trap 1.3.6.1.4.1. 202.20.28.63. 2.1.0.41 1.3.6.1.4.1. 202.20[...]

  • Pagina 122

    C ONFIGURING THE S WI TCH 3-66 We b – Click SNMP , SNMPv3, Groups. Clic k Ne w to configure a new g roup . In the Ne w Group p age, def ine a name, a ssign a se curity model and level, and then select read and write view s . Click Add to sav e the new group and return to th e Groups li st. T o dele te a g roup , c heck the box next to the g roup [...]

  • Pagina 123

    S IMP LE N ETWORK M ANAGEME NT P RO TO C OL 3-67 CLI – Use th e snm p-ser ver gr oup comma nd to configu re a new group , speci fying the secur ity model an d level, and restricti ng MIB access to define d read and write vi ews . Setti ng SNMP v3 Views SNMPv3 views are used to restrict user access to speci fied portions of the MIB tre e. The pred[...]

  • Pagina 124

    C ONFIGURING THE S WI TCH 3-68 We b – Click SNMP , SNMPv3, Views . Click New to configure a new view . In the N ew View page, define a name and specify OID s ubtrees in the switc h MIB to be includ ed or ex cluded in the view . Clic k Back to s ave the new view a nd return to the SNMPv3 V iews list. F or a sp ecific view , clic k on View OID Subt[...]

  • Pagina 125

    U SER A UTHENTICATION 3-69 CLI – Us e the snmp-ser ver view comman d to conf igur e a new vie w . Th is exampl e view includes the MIB-2 interfaces table, and the wildcard m ask selects all inde x entries . User Aut henti cation Y ou can r estrict managem ent access to this switc h and pro vide secure network acce ss using the followin g options [...]

  • Pagina 126

    C ONFIGURING THE S WI TCH 3-70 Configuring Us er Accounts Th e gues t only ha s read ac cess f or most configu ratio n parame ters. Ho wev er, th e administrator has write access for all parameters governing the onbo ard agent. Y ou should the refore assign a new administrator password as so on as po ssible, and sto re it in a safe pl ace. The defa[...]

  • Pagina 127

    U SER A UTHENTICATION 3-71 We b – Clic k Security , User Acco unts . T o configure a new user accoun t, enter the user name , access lev el, a n d passw ord, t h en clic k Add. T o ch ange the pa ssword for a specif ic user , enter the user name and new passw ord, confi r m the pas sword b y entering it ag ain, t h en clic k Apply . Figure 3-31 C[...]

  • Pagina 128

    C ONFIGURING THE S WI TCH 3-72 Configuring L ocal/Remote Logon Aut hentication Use th e Authen tication Settings men u to res trict management access based on specif ied user names and pas s w ords . Y ou can man ually configure access rights on the switc h, or you can use a remote ac cess authenticat ion ser ver based on RADI US or TA CACS+ protoc[...]

  • Pagina 129

    U SER A UTHENTICATION 3-73 • You c an specify up to three au thenticati on methods fo r any user t o indicat e the authen tication sequ ence. For exam ple, if you s elect (1) RADIUS, (2) TACACS and (3) L ocal, the user name a nd passwo rd on the RADIUS server is verified first. If the RADIUS se rver is not availabl e, then authent ication is atte[...]

  • Pagina 130

    C ONFIGURING THE S WI TCH 3-74 • TACACS Settings - Server IP Address – Add ress of the TACA CS+ server. (Defau lt: 10.11.12.13) - Server Port N umber – Network (TCP) por t of TACACS+ server used for authentication messag es. (Range: 1-65535; Default: 49) - Secret Text String – En cryption key use d to aut henticate logon access for client. [...]

  • Pagina 131

    U SER A UTHENTICATION 3-75 CLI – Spec ify all the req uired par ameters to enable log o n authen tication. Configuring H TTPS Y ou can c o nfigu re the switch to enable the Secure Hypertext T ransfer Proto col (HT TPS) over the S ecure Socket Layer (S SL), providing se cure access (i.e. , an encrypted con necti on) to the s w itc h’ s we b inte[...]

  • Pagina 132

    C ONFIGURING THE S WI TCH 3-76 • If you enable H T TPS, you mu st indicate th is in the URL that you specify in your br owser : https:/ / device [: po rt_number ] • When you start HTTPS, t he connection is established in this way: - The clien t authenticates the server usi ng the server’s digital cert i ficat e. - The client and se rver negot[...]

  • Pagina 133

    U SER A UTHENTICATION 3-77 We b – Click Sec urity , HTTPS Settings . Enable HTTPS and specify the por t numbe r, then click Apply . Figure 3-33 HTTPS Settings CLI – This example e n ables t he HTTP secure server and mo difies the por t numb er . Replacing t he Default Secure-si te Certificate When you log onto the web interface using HTT PS (fo[...]

  • Pagina 134

    C ONFIGURING THE S WI TCH 3-78 When y ou hav e obtained these , place t h em on your TFTP server , and use the foll owing comm and at the switc h's comman d -line i n terface t o replace the de fault ( unreco gnized) cer tifica te with an author ized on e: Note: The switch m ust be reset for the new cer tificate t o be activated. To rese t the[...]

  • Pagina 135

    U SER A UTHENTICATION 3-79 Command Usage The SSH se r ver on t his swi tch supp or ts both passwo rd and publi c key authen tication. I f passw ord aut hentication i s specified b y the SSH clien t, then the password can b e authen ticated e ither lo cally or via a RADIUS or T ACA CS+ remote aut h enti cation se r ver , as specifie d on th e Authen[...]

  • Pagina 136

    C ONFIGURING THE S WI TCH 3-80 only accept s public k ey files based on standard U NIX for mat as shown in the followin g exampl e for an RSA V ersion 1 key: 1024 35 1341081685 6098939210 4094492015 5425347631 64192187295 8921143 173880 055536 16163105177 5940838686 3110929123 2226828519 2543746031 00937187 721199 696317 81366277414 1689851320 4911[...]

  • Pagina 137

    U SER A UTHENTICATION 3-81 Notes: 1. To use SS H with onl y password a uthenti cation, the host pu blic key must still be give n to the client, either during initial conne ction or manua lly entere d int o the kn own host file. However , you do not need t o configure the client’ s keys. 2. The SSH s erver support s up to four c lient sessio ns. T[...]

  • Pagina 138

    C ONFIGURING THE S WI TCH 3-82 • Gen erate – This button is used to generate the host key pair. Note that you must fi rst generate the hos t key pair be fore you can enable the SSH server on the SSH Server Settings page. • Clear – This butt on clears th e host key from both volatile memo ry (RAM) and no n-volatile me mory (Flash ). We b –[...]

  • Pagina 139

    U SER A UTHENTICATION 3-83 CLI – This example gen erates a host -key p air using bo th the RSA and DSA al g orithm s, stores the keys to f las h memo r y , a nd then dis plays the host’ s publ ic keys . Configur ing the SSH Server The SSH server inc ludes basic se ttings for aut hentication. Field Attribut es • SSH Ser ver St atus – Allo ws[...]

  • Pagina 140

    C ONFIGURING THE S WI TCH 3-84 • SSH Server-Key Size – Sp ecifies the SSH se rver key size. ( Range: 512-896 bits: Default: 768 ) - The server key is a private ke y that is never shared outside th e switch. - The host key is shared with the SSH client, and is fixed at 1024 bits. We b – Click Sec urity , SSH, Settings . Enable SSH and adjust t[...]

  • Pagina 141

    U SER A UTHENTICATION 3-85 Configuring P ort Security P or t security is a feature th at allows you t o configure a switch port with one or m ore devi ce MA C addresses t hat are auth orized to ac cess the network thro ugh t hat por t . Whe n por t secu rity is e nabled on a por t, the swit ch stops lear ning ne w MA C address es on the sp ecified [...]

  • Pagina 142

    C ONFIGURING THE S WI TCH 3-86 • If a po rt is dis abled (shut do wn) d ue to a s ecurity violatio n, it must be manuall y re-enable d from the Port/P ort Configur ation page (page 3-11 7). Command Att ributes • Port – Port number. • Name – Descriptive text (page 3-114). • Action – Indic ates th e action to be taken w hen a port s ecu[...]

  • Pagina 143

    U SER A UTHENTICATION 3-87 We b – Click Secur ity , P or t S ecurity . S et the action to take whe n an invalid addr ess is d etect ed on a por t, ma rk the che ckbox in the Statu s colu mn to enable s ecurity for a por t, set t h e max imum numb er of MA C addresse s allowed on a port, and click Apply . Figure 3-36 Enabling Por t Security CLI ?[...]

  • Pagina 144

    C ONFIGURING THE S WI TCH 3-88 Configuring 802.1X P ort Authentication Netw ork switch es can provid e open and easy access to netw ork resources by simply attaching a client PC. Althoug h this automatic config uration and access is a des irable feature, it also allows unauthoriz ed personne l to easily intr ude and po ssibly g ain access to s ensi[...]

  • Pagina 145

    U SER A UTHENTICATION 3-89 allows the client to acces s the network. Otherwise, network access is denie d and the port rem ains bloc ked. The operation of 802.1X on the switch require s the following: • The s witch must h ave an IP address ass igned. • RAD IUS authentic ation must b e enabled on t he switch and the IP address of the RADIUS ser [...]

  • Pagina 146

    C ONFIGURING THE S WI TCH 3-90 CLI – This example shows the default global setting for 802.1X. Configur ing 802.1X Global Set tings The 802.1X protocol provides client authentication. Command Att ributes 802.1X System Authentication Control – Sets th e glob al setting for 802.1X. (Default: Disabled) We b – Select Security , 802.1X, Configurat[...]

  • Pagina 147

    U SER A UTHENTICATION 3-91 Configur ing Port Settings for 802.1X When 802.1X is enabled, you n eed to configure t he parameters for th e authen tication p rocess th at r uns betw een the cl ient and t he switc h (i. e., authen ticator), as well as t he client i dentity loo kup process that runs betwee n the switc h and authenti cation s er ver . Th[...]

  • Pagina 148

    C ONFIGURING THE S WI TCH 3-92 • Re-authentication Period – S ets the time peri od after w hich a connected clien t mus t be re-authenticated. (Ran g e: 1-65535 seconds; Default: 3600 secon ds ) • TX Period – Se ts the time period d uring a n authen tication session that the switch waits before re-transmitting an EAP packet. (Ran g e: 1-655[...]

  • Pagina 149

    U SER A UTHENTICATION 3-93 Console#show dot1x 4-116 Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized 1/1 disabled Single-Host ForceAutho rized yes 1/2 enabled Single-Host Auto yes . . . 1/25 disabled Single-Host ForceAutho rized n/a 1/26 disabled Single-Host ForceAutho rized n/[...]

  • Pagina 150

    C ONFIGURING THE S WI TCH 3-94 Displaying 802.1X St atistics This sw itch can display statistics for dot1x p rotocol exc h anges for any por t. Table 3-7 802.1X Statistics Parameter Description Rx EXPOL Start The number of EAPOL Start frames that have been receive d by this Authenticator. Rx EAPOL Logoff The number of EAPO L Logoff frames that have[...]

  • Pagina 151

    U SER A UTHENTICATION 3-95 We b – Select Security , 802.1X, Statistics . Select the required port and then click Query . Click Refresh to update the statistics. Figure 3-40 Displaying 802.1X Statis t ics CLI – This example displays the 802.1X statistics for por t 4. Console#show dot1x statistics interface ethernet 1/4 4 -116 Eth 1/4 Rx: EAPOL E[...]

  • Pagina 152

    C ONFIGURING THE S WI TCH 3-96 Filtering IP Addr esses for M anagement Access Y ou can create a l ist of up to 16 IP add resses or IP addr ess g roups that are allowed management access to t he switch through the web interface, SNMP , or T elnet. Command Usage • Th e manage ment inter faces are open to all IP addres ses by defau l t. Onc e you ad[...]

  • Pagina 153

    U SER A UTHENTICATION 3-97 We b – Click Security , IP Filter. Enter the IP addresses or range of addresses t hat are allowed manag ement access to an interface, and clic k Add IP Fil tering E ntr y . Figure 3-41 Entering IP Addresses to be Filtered CLI – T his examp le re str icts ma nag em ent ac cess for T e lnet and SN MP clients. Console(co[...]

  • Pagina 154

    C ONFIGURING THE S WI TCH 3-98 Access Control L ists Access Control Lists (AC L) provide packet filtering f or IP frames (b ased on add ress, protocol, L ayer 4 pr otocol p or t number or TCP cont rol cod e) or any fr ames (based on MAC a ddress or E t hernet type). To fi lter incomin g packets, firs t create an acce ss list, add the requi red r ul[...]

  • Pagina 155

    A CCES S C ONTROL L ISTS 3-99 • When an A CL is bound to an interface as an egre ss filter, all entries in the ACL must be deny rules. Otherwise , the bind operatio n will fail. • The s witch does not sup port the expli cit “deny any a ny” rule for t h e egress IP ACL or the egress MAC A CLs. If these rules are in cluded in ACL, and you att[...]

  • Pagina 156

    C ONFIGURING THE S WI TCH 3-100 We b – Click Security , A C L, Configuration. Enter an ACL name in the Name field , selec t the list ty pe (IP St andard , IP Extend ed, or MA C), and click Add to open the config uration pag e for the new list. Figure 3-42 Selecting ACL Type CLI – This example creates a standard IP A CL name d bill. Configur ing[...]

  • Pagina 157

    A CCES S C ONTROL L ISTS 3-101 We b – Spec ify the action (i.e., Permit or Deny ). Select the address type (Any , Host, or IP). If y ou select “ H ost, ” enter a sp ecific address . If you select “IP ,” enter a subn et addr ess an d the ma sk for a n add ress ran ge. T hen click Add. Figure 3-43 Configuring Standard IP ACLs CLI – This e[...]

  • Pagina 158

    C ONFIGURING THE S WI TCH 3-102 • Source/Destination Subnet Mask – Sub net mask for source o r desti nation addr ess. (See th e descripti on for SubM ask on page 3-100.) • Service Type – Packet priority se ttings bas ed on the followi ng criteri a: - Precedence – IP precede n ce level. (Range: 0-7) - TOS – Type of S ervi ce level. (Rang[...]

  • Pagina 159

    A CCES S C ONTROL L ISTS 3-103 We b – Specify the act ion (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti nation addr esses . Select the address type (Any , Host , or IP). If y ou selec t “Host ,” e nter a speci fic address . If y ou select “IP , ” enter a subn et address an d the mask for an address range . Set any other requ[...]

  • Pagina 160

    C ONFIGURING THE S WI TCH 3-104 CLI – This exampl e adds three rules: 1. Accept an y incoming pac kets i f the s o urce a ddress is in subnet 10.7. 1.x . F o r exam ple, if the r u le is mat ched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked addre s s (10.7.1.2 & 255.255.255.0), the p acket pas ses thr ough . 2. Allow TCP p[...]

  • Pagina 161

    A CCES S C ONTROL L ISTS 3-105 • Ethernet Type Bitmask – Protocol bitmask. (Range: 600-fff hex.) • Packet Format – This att ribute includes the following pa cket types: - Any – Any E ther net pack et type . - Untagged-eth2 – Untag ged Ethern et II packets. - Untagged-802.3 – Untagged Ethernet 802.3 packets. - Tagged-eth2 – Ta gged E[...]

  • Pagina 162

    C ONFIGURING THE S WI TCH 3-106 We b – Specify the act ion (i.e ., Permit or Deny) . Speci fy the sour ce and/or desti nation add resses . Select t h e add ress type (A ny , Host, or MA C). If y ou select “Host,” enter a specific ad dress (e .g., 11-22-33-44-55-66). If y ou select “MA C , ” enter a b as e addres s and a h exadecimal bitma[...]

  • Pagina 163

    A CCES S C ONTROL L ISTS 3-107 Configuri ng ACL Masks Y ou must specify masks th at control the orde r in which A CL r ules are chec ked. The sw itch incl udes tw o system defaul t masks that pa ss/filter pack ets matc hing the permit/deny r ules specified in an ingress A CL. Y ou can als o configure up to sev en user-de fined masks for an ingress [...]

  • Pagina 164

    C ONFIGURING THE S WI TCH 3-108 We b – Click Se curity , A CL, Mask Configuration. Click Edit for one of the bas i c mask types t o open the co nfigurati on page . Figure 3-46 Choosing ACL Types CLI – This exam ple creates a n IP ingre ss mask, and then adds two rules. Each rul e is chec ked in order of precedenc e to look for a match in t he A[...]

  • Pagina 165

    A CCES S C ONTROL L ISTS 3-109 • Source/Destination Subnet Mask – Sub net mask for source o r desti nation addr ess. (See th e descripti on for SubM ask on page 3-100.) • Protocol B itmask – Check the prot ocol field. • Service Type Mask – Check the rule for the specified priority type. (Option s: Precedence, T OS, DSCP; Default: TOS) ?[...]

  • Pagina 166

    C ONFIGURING THE S WI TCH 3-110 CLI – This sho ws that th e entries in the mask o verride the p recedence in which th e r ules are en ter ed into th e A C L. I n the fo llowing examp le, pac ke ts with the s ource address 10.1.1.1 are dropped bec ause the “deny 10.1.1.1 255.255.255.255” r ule has the higher prec edence according the “mask h[...]

  • Pagina 167

    A CCES S C ONTROL L ISTS 3-111 We b – Configure the mask to match the required r u les in th e MAC ingress or egress A CLs. Set the mask to c heck for a n y source or destination address , a host ad dress, o r an address range. Use a bitmask to searc h for specific VL AN ID(s) or Ether net ty pe(s). Or check for r ules where a pack et for mat w a[...]

  • Pagina 168

    C ONFIGURING THE S WI TCH 3-112 CLI – T his exa mple shows how to cr eate an Ing res s MAC A CL and bind it to a po r t. You can then see that the ord er of the rules have been changed by the ma sk. Binding a Port t o an Access Control List After co nfiguring th e Acce ss Cont rol Lists (A CL ), you can bin d the por ts that n eed to filter traff[...]

  • Pagina 169

    A CCES S C ONTROL L ISTS 3-113 • When an A CL is bound to an interface as an egre ss filter, all entries in the ACL must be deny rules. Otherwise , the bind operatio n will fail. • The s witch does not sup port the expli cit “deny any a ny” rule for t h e egress IP ACL or th e egress MAC ACLs. If t hese rules are included i n the ACL, and y[...]

  • Pagina 170

    C ONFIGURING THE S WI TCH 3-114 CLI – This example assigns an I P and MA C ing ress A CL to port 1, and an IP ingress A CL to port 2. Port Conf iguration Displaying Connection Status Y ou c an use the Port Inf or mation or T r un k Infor mat ion pag es to display the current c onnection status , includin g link state , speed/dup lex mode, flow co[...]

  • Pagina 171

    P ORT C ONFIGURATION 3-115 We b – Click P or t, P or t Infor mation or T r unk Infor mation. Fig ure 3-5 0 Port - Po rt Inf orm at ion Field Attribut es (CLI) Basic infor mation: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-GBI C, 100BASE-FX-S, 100BASE-FX-M, 1000B ASE-T, or SFP) • MAC address – The physical layer address f[...]

  • Pagina 172

    C ONFIGURING THE S WI TCH 3-116 - 100full - Supp orts 10 0 Mbps full-d uplex op eratio n - 1000full - Supports 1000 Mbps full-duplex operation - Sym - Transmi t s and r eceives pause fr ames for flow co ntrol - FC - Supp orts fl ow contr ol • Broadcast sto rm – Show s if broa dcast st orm cont rol is ena bled or disa bled. • Broadcast storm l[...]

  • Pagina 173

    P ORT C ONFIGURATION 3-117 CLI – This example s hows the co nnection statu s for P or t 13. Configuring I nterface Connections Y ou can use the P o rt Configuration or T r unk Con figuration page to enable/disable an int erface, set auto -neg otia tion a nd the inte rface capabilities to advert ise, or man u ally fix the speed, duple x mode, and [...]

  • Pagina 174

    C ONFIGURING THE S WI TCH 3-118 the cap abiliti e s to b e advertis ed. When auto-neg otiation is di sabled, you can forc e the setti ngs for speed , mode, and flow control .The fol lowing capabilities are supported. - 10half - Sup ports 10 Mb ps half- duplex opera tion - 10full - Supports 10 Mbp s full-dup lex op eratio n - 100half - Supports 100 [...]

  • Pagina 175

    P ORT C ONFIGURATION 3-119 We b – Click Port, Port Configuration or T r unk Configuration. Mo dify the required interface settings, and c lick Apply . Figure 3-51 Configuring Port Attributes CLI – Sele ct the in terfac e, and then ent er the r equired settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 4-17[...]

  • Pagina 176

    C ONFIGURING THE S WI TCH 3-120 Creating Trunk Groups Y ou can creat e multiple l inks between d evices that w o rk as one virt ual, ag g regate link. A port tr unk offers a d ramatic increase in band width for network segments wher e bottlenecks exist , as well as providing a fault-tolerant link between two devices (i.e., single switch or a stack)[...]

  • Pagina 177

    P ORT C ONFIGURATION 3-121 • When configuring stat ic trunks on switches of different types, th ey must be comp atible wi th the Ci sco Ethe rChan nel stan dard. • The port s at both ends of a trunk must be configured in a n identical manner , including co mmunicatio n mode (i.e. , speed, dup lex mod e and flow co ntro l), VLAN assignm ents, an[...]

  • Pagina 178

    C ONFIGURING THE S WI TCH 3-122 We b – Click P or t, T r unk Membership. E nter a tr unk ID of 1-6 in the T r unk field, sel ect any of the switch po r ts from th e scroll-do wn port list, and cl ick Add. Aft er you ha ve comple ted adding p o rts to t h e member list, click Apply . Figure 3-52 Static Trunk Configuration CLI – This example crea[...]

  • Pagina 179

    P ORT C ONFIGURATION 3-123 Enabling LACP on Selected Ports Command Usage • To avoi d creatin g a loop in the ne twork , be sure yo u enable LACP befor e connectin g the po rts, and a lso disconn ect the port s before dis abling L ACP. • If th e target switc h has also enabl ed LACP on the con nected ports, the trunk will be activate d automatic[...]

  • Pagina 180

    C ONFIGURING THE S WI TCH 3-124 Command Att ributes • Member List (Cur rent) – Show s configu red tru nks (Unit , Port). • New – Incl udes entry fields for cr eating new trunks . - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) We b – Click P or t, LA CP , Configuration. Select any of the sw itch ports from th[...]

  • Pagina 181

    P ORT C ONFIGURATION 3-125 Configur ing LACP Parameter s Dynamically Creating a Por t Channel – P or ts assi gned to a commo n por t channel must meet t he following criter ia: • Ports must have th e same L ACP Sy stem Prior ity. • Ports must have the s ame LACP port Ad min Key . • How ever, if the “ port channe l ” Adm in Key is set ( [...]

  • Pagina 182

    C ONFIGURING THE S WI TCH 3-126 Command Att ributes Set Port Actor – This menu sets the local side of an ag g reg ate link; i.e., the por ts on this switch. • Port – Port number. (Range: 1-26) • System P riority – LACP system prio rity is used to determine link aggregation group (L AG) membership , and to identify t his device to other sw[...]

  • Pagina 183

    P ORT C ONFIGURATION 3-127 We b – Click P or t, LACP , Ag g reg ation P o rt. Set the System Priority , Admin Key , and Port Priority for the P o rt Ac tor . Y ou can optionally config ure these se ttings for the P or t Partner. (Be a wa re that thes e settings only affect the adminis trative state of the par tner, and will not take effect u ntil[...]

  • Pagina 184

    C ONFIGURING THE S WI TCH 3-128 CLI – The followi ng example config ures LA CP parameters for p or ts 1-6. P or ts 1-4 are used as acti ve members of the LA G; por ts 5 and 6 are set to backup mo de. Console(config)#interface ethernet 1/1 4-171 Console(config-if)#lacp actor system-priority 3 4-192 Console(config-if)#lacp actor admin-key 120 4 -19[...]

  • Pagina 185

    P ORT C ONFIGURATION 3-129 Displaying LACP Port Coun ters Y ou can dis play stati stics fo r LACP protoc ol mes sag es . We b – Click P or t, LA CP , Port Counters Infor mation. Select a member port to dis play the cor respond ing infor mation . Figure 3-55 Displaying LACP Port Counters Information Table 3-8 LACP Port Counters Field Description L[...]

  • Pagina 186

    C ONFIGURING THE S WI TCH 3-130 CLI – The follow ing example dis plays LA CP counters for port channel 1. Displaying LACP Sett ings and Status f or the Local Side Y ou can display configuratio n settings and th e operational state for th e local side of an link ag g reg ation. Console#show lacp 1 counters 4-196 Channel group : 2 -----------------[...]

  • Pagina 187

    P ORT C ONFIGURATION 3-131 Adm in Sta te , Oper S tate Administrative or opera tional values of the actor’s state parameters: • Expired – The actor’s rec eive machine is in the expire d state; • Defaulted – The ac tor’s receive m achine is using defaulted operational p artner inf ormation, adminis tratively configured for th e partner[...]

  • Pagina 188

    C ONFIGURING THE S WI TCH 3-132 We b – Click P or t, LA CP , P or t Inter nal Infor mation. Se lect a por t channel to disp lay th e correspon ding info r mation. Figure 3-56 Displaying LACP Port Information CLI – The follow ing example dis plays th e LACP configuration settings and op erational sta t e for the local side of port chan nel 1. Co[...]

  • Pagina 189

    P ORT C ONFIGURATION 3-133 Displaying LACP Settings and Sta tus for the Remo te Side Y ou can display configuratio n settings and th e operational state for th e remote side of an link ag gr eg ation. Table 3- 10 LACP Nei ghbor Configur ation Information Field Description Partner Admin System ID LAG partner’s syst em ID assigned by the user. Part[...]

  • Pagina 190

    C ONFIGURING THE S WI TCH 3-134 We b – Click P or t, LA CP , P or t Neighbors Infor mation. Select a port channel to display the cor respon ding infor matio n. Figure 3-57 Displaying Remote LACP Port Information CLI – The follow ing example dis plays th e LACP configuration settings and op erational sta t e for the remote si de of port chan nel[...]

  • Pagina 191

    P ORT C ONFIGURATION 3-135 Setting Broadcast Storm Thre sholds Broadc ast stor ms may o ccur when a devi ce on your net work is malfunctioning, o r if application prog rams are not well designed or proper ly configured. If there is too muc h broadcas t traffic on y our network, per for ma nce can be severely deg raded or every thin g can come to co[...]

  • Pagina 192

    C ONFIGURING THE S WI TCH 3-136 CLI – Sp ecify any inte rfa ce, and th en en ter the thresh old. T he followin g disab les broadcas t storm control fo r port 1, and then sets broadc ast suppr ession a t 60 packet s per sec ond fo r por t 2 . Configuri ng Port Mirr oring Y ou can mirror tra ffic from any sour ce por t to a targ et po rt for re al-[...]

  • Pagina 193

    P ORT C ONFIGURATION 3-137 Command Att ributes • Mirror S essions – Displays a list of curre nt mirror sessions . • Source Unit – The unit whose port traffic will be monitored. (Range: 1-8) • Source Port – The port whose tr affic will be monitored. (Range: 1-26) • Type – Allows yo u to select wh ich traffic to mirror to the t arget [...]

  • Pagina 194

    C ONFIGURING THE S WI TCH 3-138 Configuring Rate Lim its This f unctio n allows the network ma nag er to cont rol the ma ximum rate for traffic transmitted or receiv ed on an interface. Rate limiting is config ured on in terfac es at the edge of a network to limit traff ic coming out of the switch. T raffic that falls wi thin the r ate limit is tr [...]

  • Pagina 195

    P ORT C ONFIGURATION 3-139 CLI - This example sets the rate limit for inpu t and output traffic pass ing through por t 1 to 60 Mbps. Showing Port Statistics Y ou can d isplay stand ard statistics on netwo rk traffic from th e Interfaces Group and Ether net-like MIBs, as w ell as a detailed breakdown of traffic based o n the RM ON MIB . Interf aces [...]

  • Pagina 196

    C ONFIGURING THE S WI TCH 3-140 Received Disca rded Packets The number of inboun d packets which were chosen to be discard ed even though no erro rs had been detected to prevent their being d eli verable to a higher-laye r protocol. One possibl e reason for discarding such a packet could be to free up buffer space. Received Unknown Packets The numb[...]

  • Pagina 197

    P ORT C ONFIGURATION 3-141 Etherlike Statistics Alignment Errors The number of alignmen t errors (missynchronized data pac kets). Late Collisions The number of times that a collisi on is detected later than 512 bit-times into th e tran smission of a packet. FCS Errors A count of frames received on a particular interface that are a n integra l numbe[...]

  • Pagina 198

    C ONFIGURING THE S WI TCH 3-142 Internal MA C Receive Errors A count of fra mes for which reception on a particular interface fails due to an in ternal MAC sub layer receive error. RMON St atistics Drop Events The total number of events in which packe ts were dropped due to lack of resources. Jabbers The total number of fram es received that were l[...]

  • Pagina 199

    P ORT C ONFIGURATION 3-143 64 Bytes Frames The tot al number of frame s (including ba d packets) received an d transmitted that were 64 octets i n leng th (excluding framing bits but including FCS oc tets ). 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames The total number o[...]

  • Pagina 200

    C ONFIGURING THE S WI TCH 3-144 We b – Click P ort, Port Statistics . Select the required interface, and clic k Quer y . Y ou ca n also u se th e Refresh but ton a t the bott om of t he pag e to update th e screen. Fig ure 3- 61 P ort St atist ics[...]

  • Pagina 201

    P OWER O VER E THER NET S ETTINGS 3-145 CLI – This example show s statistics for por t 13. Power Ov er Etherne t Settings The SMC6824MPE and SMC6826MPE can provide DC po wer to a wide range of connected device s, eli minating the n eed for an addit ional pow er source and cutti ng down on the am ount of cables attac hed to each device . Once con [...]

  • Pagina 202

    C ONFIGURING THE S WI TCH 3-146 the p ower requ ired b y a device e xceeds the pow er budget o f the p or t or t h e whole switch, p ower is not supp lied. P or ts can be set to one o f three power priority levels , critical, hig h, or low . T o control th e power supply within the switch’ s budget, por ts set at critic al or high pr iori ty have[...]

  • Pagina 203

    P OWER O VER E THER NET S ETTINGS 3-147 We b – C l i c k Po E , Po w e r S t a t u s. Figure 3-62 Displaying the Gl obal PoE Status CLI – This exampl e displays the current pow er status for the s witch. Setting a Switch Power Budget A maximum PoE pow e r budg et for the s witch (power availabl e to all switch por ts) c an be d efined s o that [...]

  • Pagina 204

    C ONFIGURING THE S WI TCH 3-148 We b – Clic k Po E, Po wer Config . Specify t he desired po wer budget for t he switch. Click Apply . Figure 3-63 Setting the Switch Power Budget CLI – Use th e power mainpower maximum allocation co mmand to se t the PoE power budg e t for th e swit ch. Disp layin g Port Po wer Sta tus Use the P owe r Port Status[...]

  • Pagina 205

    P OWER O VER E THER NET S ETTINGS 3-149 We b – C l i c k Po E , Po w e r Po r t S t a t u s. Figure 3-64 Displaying Port PoE Status CLI – This example displa ys the P oE status and priority of por t 1. Configuring P ort PoE Power If a de vice is conn ect ed to a s witch por t and th e swit ch dete cts th at it requir es more tha n the power bu [...]

  • Pagina 206

    C ONFIGURING THE S WI TCH 3-150 • If a d evice is connecte d to a critical or h igh-priority port and causes the swit ch to exc eed its budget , port power is turned on, bu t the switch drops power to on e or more lower-priorit y ports. Note: Pow er is dr opped f rom l ow-prior ity p orts in se quence start ing from po rt numb er 1. Command Att r[...]

  • Pagina 207

    A DDR ES S T ABLE S ETTINGS 3-151 CLI – This example sets the P oE pow er budget for port 1 to 8 wa tts, t h e pri ori ty to high (2 ), and th en enables the po wer . Addre ss Ta ble Set tings Switches sto re t he addres ses for a ll known devices. This infor matio n is used to pass traff ic directly b etween th e inbound and outbound por ts . Al[...]

  • Pagina 208

    C ONFIGURING THE S WI TCH 3-152 We b – Click Address T able, Static Addresse s . Specify th e interface, the MA C address and VLAN , then click Add St atic Address . Figure 3-66 Mapping Ports to Static Addresses CLI – This example adds an address to the static ad dress table, but sets it to be deleted w hen the switch is reset. Displaying the A[...]

  • Pagina 209

    A DDR ES S T ABLE S ETTINGS 3-153 • VLAN – ID of configured VLAN (1-4093). • Address Table Sort Key – You ca n sort the info rmation display ed based on MAC add ress, VLAN or interface (port or tru nk). • Dynamic Address Counts – The number of a ddresses d ynamically learned. • Current Dynamic Address Tabl e – Li sts all t he dy nam[...]

  • Pagina 210

    C ONFIGURING THE S WI TCH 3-154 Changing the Agin g Time Y ou can c hange the agin g time for entries in t h e dyna mic address ta ble. Command Att ributes • Aging Statu s – Enabl es or disab les the agin g time. • Aging Time – The time af ter which a lea rned entry is discarded. (Range: 10-1000000 seconds; Default: 300 seconds) We b – Cl[...]

  • Pagina 211

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-155 Th e spann ing tr ee alg o rithm s suppor ted by this switch inc lude th ese ve r si o n s : • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanni n g Tree Protocol (IEEE 802.1w) • MSTP – Multiple Spanning Tree Protocol (IEEE 802.1s) ST A uses a dist ributed algorithm to sel[...]

  • Pagina 212

    C ONFIGURING THE S WI TCH 3-156 start learning, predefin ing an alternate route t hat can be used w h en a node or por t fails , and retaining the forwarding database for por ts inse nsitive to chan g es in t h e tr ee str ucture when reconfi guration occur s. When using STP or RSTP , it may be difficult to maintain a stable path betw een all VL AN[...]

  • Pagina 213

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-157 • Forward Delay – The maximum tim e (in seconds ) the root device will wait bef o re chang ing states (i.e., dis carding to learning to forwardin g) . This del ay is required becaus e every device m ust receive inform ation about to pology changes befo re it starts to forwa rd frames. In add i t[...]

  • Pagina 214

    C ONFIGURING THE S WI TCH 3-158 • Priority – Bridge priority is used in se lecting the ro ot device, root port, and d esignated p ort. Th e device with the hig hest prior ity (i.e. , lower numeric value) becomes th e STA root device. However, if all devices have the same priority, the d evice with th e lowest M AC address will then become the r[...]

  • Pagina 215

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-159 We b – Click Spanning T r ee, ST A Infor m ation. Figure 3-69 Displaying the Spanning Tree Algorithm CLI – T his command disp lays global ST A settings, followed b y se ttings for ea ch por t . Console#show spanning-tree 4-227 Spanning-tree information -------------------------------------------[...]

  • Pagina 216

    C ONFIGURING THE S WI TCH 3-160 Note: The current root port an d current root co st display as zero when this de vice is not co nnected to the netw ork. Configuring Global Setti ngs Global sett ings apply to the e ntire switch. Command Usage • Sp annin g Tree Prot ocol 8 Uses RSTP fo r the internal state machine, b ut sends only 802.1D BPDUs. Thi[...]

  • Pagina 217

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-161 • Rapi d Spanning Tree Pr otocol 8 RSTP su pports connec tion s to eith er STP or RSTP no des by monitor ing the i ncoming pro tocol mess ages and dynam ically adjus ting the ty pe of protoc ol m essag es t he RSTP n ode transm its, as d escr ibed b elow : - STP Mode – If the switch receives an [...]

  • Pagina 218

    C ONFIGURING THE S WI TCH 3-162 - RSTP : Rapid Spanning Tree (IEEE 802.1w) RSTP is the default. - MSTP : Multiple Spanning Tree (IEEE 802.1s) • Default Priority Format – Sets the defa ult spann ing tr ee prio rity forma t: - 802.1D 9 : Specifies IEEE 802.1D priority format in increments of 1. - 802.1t : Specifies IEEE 802.1t format in increment[...]

  • Pagina 219

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-163 • Forward Delay – The maxim um time ( i n seco nds) this de vice will wait before changi ng sta tes (i. e., dis cardi ng to lea rning to forw ardin g). This delay is required because e very device must r eceive informati o n about topology change s before it st arts to fo rward fram es. In add i[...]

  • Pagina 220

    C ONFIGURING THE S WI TCH 3-164 We b – Click Spanning T ree, STA Configuration. Modify the required attributes , an d click Apply . Figure 3-70 Configuring the Spanning Tree Algorithm[...]

  • Pagina 221

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-165 CLI – T his examp le en ables S pan ning Tree Protoc ol, set s the mode t o MST , and then configure s the ST A and MSTP parameters . Displaying Interface Setti ngs The ST A P o rt Infor mation and STA T r unk Infor mation pages d isplay the cur rent s tatus o f por ts an d tr unks in the Span nin[...]

  • Pagina 222

    C ONFIGURING THE S WI TCH 3-166 - If two port s of a switch are conn ected to the same seg m ent and there is no o ther STA device a ttached to this segment, the p ort with th e small er ID forwards packets a nd the other is discardi ng. - All po rts are discar ding when the switch is b ooted, then som e of them change st ate to learn ing, and then[...]

  • Pagina 223

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-167 bridges, bridge p orts, or LANs fail or are removed. The role is set to disabled (i.e., disabled port ) if a po rt has n o role wit hin the s p annin g tree. • Trunk Member 11 – Indicates if a port is a member o f a trunk. These additio n al parameter s are only dis p lay ed for the CLI: • Adm[...]

  • Pagina 224

    C ONFIGURING THE S WI TCH 3-168 likely to be blo cked if the Sp anning Tree Algorithm is detect i ng n etwork loops. Where m ore than on e port is assigned the hig hest prio rity, the port with lowest numeric identifier will b e enabled. • Designated root – The priority and MAC address o f the device in t he Spannin g Tree that thi s switch has[...]

  • Pagina 225

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-169 CLI – This example show s g eneral ST A configuration and attributes for por t 5. Configuring I nterface Settings Y ou can c o nfigu re RSTP and MSTP a t tribut es for specific interfaces , including por t priorit y , path cost, link ty pe, and edge po rt. Y ou may use a different p riority or pat[...]

  • Pagina 226

    C ONFIGURING THE S WI TCH 3-170 - Learning - Port has transmitted co nfiguration messages for an inter v al set by the Forward Delay p arameter with out receiving c o ntradi ctory infor m atio n. Port add ress table i s cleared, and t he port begins learning addr esses. - Forwarding - Port fo rwards packets, and continues learning addr esses. • T[...]

  • Pagina 227

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-171 • Admin Link Type – The link type a ttached to this inter face. - Poin t-to-Poin t – A conn ection to exac tly one o ther brid ge. - Sha red – A connec tion to two o r more bri dges . - Auto – T he switch auto m atica lly determin es if t h e int erface is atta ched to a point-to -point li[...]

  • Pagina 228

    C ONFIGURING THE S WI TCH 3-172 CLI – T his examp le sets STA attributes for por t 5. Configuring M ultiple Spanning Trees MSTP generat es a unique sp anning t ree for eac h instance . T his pro vides multiple pathways across th e network, there by balancing the traffic load, prev enting wi de-scale dis r uption when a bridge n ode in a sing le i[...]

  • Pagina 229

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-173 Command Att ributes • MST Instance – Instance iden tifier of this s p anning tree. (Default: 0) • Priority – Th e priority of a spanning tree instance. (Range: 0-61440 in steps of 4096; Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45 056, 49152, 53248, 573 [...]

  • Pagina 230

    C ONFIGURING THE S WI TCH 3-174 CLI – T his displays ST A settin gs for instance 1, followed by settings for eac h por t. Console#show spanning-tree mst 1 4-227 Spanning-tree information ----------------------------------------------------- ---------- Spanning tree mode: MSTP Spanning tree enabled/disabled: enabled Instance: 1 VLANs configuration[...]

  • Pagina 231

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-175 CLI – This example s ets the priori ty for MSTI 1, and ad ds VLANs 1-5 to this MSTI. Displaying Interface Setti ngs for MSTP The MSTP Port In for mat ion and MS TP T r un k Infor ma tion pa ges display the current s tatus of ports a n d trunks in t h e sele cted MST inst ance. Field Attribut es MS[...]

  • Pagina 232

    C ONFIGURING THE S WI TCH 3-176 CLI – T his displays ST A settin gs for instance 0, followed by settings for each por t. T he settin gs for instan ce 0 a re glob al set tin gs that a pply t o the IST (page 3-156), the settings for other instances only apply to the local spanning tr ee. Console#show spanning-tree mst 0 4-227 Spanning-tree informat[...]

  • Pagina 233

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-177 Configuring I nterface Settings for MS TP Y ou can c o nfigu re the STA interface sett i ngs f o r an MST Instance usi n g the MSTP P o rt Conf iguration and MSTP T r unk Configuration p ages. Field Attribut es The followin g attribut es are read-only an d cannot be ch ang ed: • STA S tate – Dis[...]

  • Pagina 234

    C ONFIGURING THE S WI TCH 3-178 when th e Path Cost Method is set to sho rt (page 3-63) , the maxim um path cost is 65,535. By defa ult, the s ystem automa tically de tects th e speed and d uplex mode used on each port, a n d conf igures the path cost accordi n g to the values shown be low. Path cost “0” is used to indi cate auto-c onfigur atio[...]

  • Pagina 235

    VLAN C ONFIGURATION 3-179 VLAN C onfig ura tion IEEE 802.1Q VL ANs In la rg e netw orks , routers a re used to isol ate broadcas t traffic for ea ch subnet into se parate domains. T his switch provides a similar ser vic e at Layer 2 by usin g VLANs to org anize a ny g rou p of net w o rk nodes into sepa rate br oadcas t domains. VLANs con fine broa[...]

  • Pagina 236

    C ONFIGURING THE S WI TCH 3-180 Assigning Ports t o VLANs Before enabling VLANs for the switch , you m us t first assign eac h port to the VLAN g roup(s) in which it will par ticipate. By default all por ts are assigned t o VLAN 1 as untag ged ports. Add a port as a tagg ed port if yo u want it to carr y traffic fo r one or more VL ANs, and any int[...]

  • Pagina 237

    VLAN C ONFIGURATION 3-181 P o r t Overlapping – Port overlapp ing can be used to all ow acce ss to common ly shared netw ork resource s among differen t VLAN g roups , suc h as file ser vers or printers. Note that if y o u implement VL ANs which do not overlap , but st ill need to communicate, you can connect them by enabled routing on this switc[...]

  • Pagina 238

    C ONFIGURING THE S WI TCH 3-182 should also determine securi ty boundaries i n the networ k and disable GVRP on po r ts to pr event adver tiseme nts bein g prop ag ated, o r forb id por ts from joining restricted VLAN s . Note: If you hav e host device s that do no t support G VRP, you sh ould confi g ure s t atic or untagged V LANs for the s witch[...]

  • Pagina 239

    VLAN C ONFIGURATION 3-183 by t he frame tag . How eve r, when this switc h rece ives an untag ged frame from a VLAN-una ware device , it first decides where to for ward the frame, and th en inserts a VLAN tag reflecting t he ingress port’ s defa ult VID . Enabl ing or Disa bling GVRP (Global Settin g) GARP VLA N R egistrat ion Protocol (G VRP) de[...]

  • Pagina 240

    C ONFIGURING THE S WI TCH 3-184 Displaying Basic VLAN Info rmation The VLAN B asic Information page di spla ys basic i n formation on the VLAN typ e supp ort ed by the s witch. Field Attribut es • VLAN Version Number 14 – The VLAN versio n used by th is switch as specified in the IEEE 802.1Q standard. • Maximum V LAN ID – Maximum VLAN ID re[...]

  • Pagina 241

    VLAN C ONFIGURATION 3-185 Displaying Cur r ent VLANs The VLAN Curren t T able sho ws the current port mem b ers o f each VLAN and whether o r not the port supp or ts VLAN tag ging . P orts assi gned to a lar g e VLAN group t hat crosses sever al switch es should us e VLAN tag gin g . However , if you just want to create a small por t-based VLAN fo [...]

  • Pagina 242

    C ONFIGURING THE S WI TCH 3-186 Command Att ributes (CLI) • VLAN – ID of configured VLAN (1-4093, no leading zeroes). • Type – Shows how this V LAN was added to the swi tch. - Dynamic : Au tomatical ly learne d via GVRP . - Static : A dde d as a sta tic entr y. • Name – Name of the VLAN (1 to 32 characte rs). • Status – Show s if th[...]

  • Pagina 243

    VLAN C ONFIGURATION 3-187 • VLAN I D – ID of configured VLAN (1-4093, no leading zeroes). • VLAN Name – Name of th e VLAN (1 to 32 charac ters). • Status (W eb) – En ables or disa bles the specifie d VLAN. - Enable : VLAN is operation al. - Disable : VLAN is suspend ed; i.e. , does not pass packets. • State (CLI) – Enable s or disab[...]

  • Pagina 244

    C ONFIGURING THE S WI TCH 3-188 CLI – T his examp le cre ates a new VLA N . Adding Stati c Members to VLANs (VLAN Index) Use the V LAN Static T able to confi g ure port member s for the select ed VLAN index. Assign por ts as tag g ed if they are c o nnected to 802.1Q VLAN com pliant devices , or untagg ed they a re not connec ted to any VLAN-a wa[...]

  • Pagina 245

    VLAN C ONFIGURATION 3-189 Command Att ributes • VLAN – ID of configured VLAN (1-4093). • Name – Name of the VLAN (1 to 32 characte rs). • Status – Enables o r disables th e specified VLAN. - Enable : VLAN is oper ational. - Disable : VLA N is suspend ed; i.e., do es not pass packets. • Port – Port id entifier. • Trunk – Trun k i[...]

  • Pagina 246

    C ONFIGURING THE S WI TCH 3-190 We b – Click VLAN , 802.1Q VLAN, S tatic T ab le. Select a VLAN ID from the scrol l-down list. Modify the VLAN name and status if required. Select the membe rship type by marking the ap propriat e radio button in the list of por ts or tr u nks. Click Apply . Figure 3-80 VLAN Static Table - Addi ng Static Members CL[...]

  • Pagina 247

    VLAN C ONFIGURATION 3-191 • Non-Member – VLAN s for whic h the sel ected interfa ce is not a tagg ed member. We b – Click VLAN , 802.1Q VLAN , Static Membership by P or t. Select an interfa ce from th e scroll-down box (P or t or T r unk). Clic k Quer y to displa y membership in for mation for th e interface. Select a VLAN ID , and then click[...]

  • Pagina 248

    C ONFIGURING THE S WI TCH 3-192 • GARP – Group Ad dress Regi stration Prot ocol is us ed by GVRP t o register or d eregister clie nt attributes for client s ervices wit hin a bridged LAN. T h e defau lt values for th e GARP timers are independent of the media acc ess method or data rate . These value s should not be changed unless you are exper[...]

  • Pagina 249

    VLAN C ONFIGURATION 3-193 • GARP J oin Ti mer 15 – The in terval betw een tran smitting requests/ queries t o participate in a VLAN group. (Ran ge: 20-1000 centisecond s; Default: 20) • GARP Leav e Ti mer 15 – The interval a port waits b efore leaving a VLAN grou p. This time shou ld be set to more th an twice the join time. This ensu res t[...]

  • Pagina 250

    C ONFIGURING THE S WI TCH 3-194 We b – Click VLAN , 802. 1Q VLAN , P o rt Configuration o r T r unk Configuration. Fill in the required se ttings for each interface, click Apply . Figure 3-82 VLAN Port Configuration CLI – This example s ets port 1 to accept only tagged frames , assigns PVID 3 as the na tive VLAN ID , enables GVRP , sets the GA [...]

  • Pagina 251

    VLAN C ONFIGURATION 3-195 VLAN , and with their desig nated promi scuous ports . (No t e th at priv ate VLANs and nor mal VLANs can e xist simultaneously wit hin the same switch.) Eac h priv ate VLAN co nsists of two c omponents: a primary VLAN and one or more communi ty VLANs . A prim ar y VLAN allo ws traffi c to pass between promisc uous po rt s[...]

  • Pagina 252

    C ONFIGURING THE S WI TCH 3-196 • Primary VLAN – The pr imary VLA N with whi ch the se lected VLAN is associa ted. (Note t hat this displa ys as VLAN 0 i f the selected VLAN is itself a primary VLAN.) • Ports List – The list o f ports (an d assigned type) in t he selected p rivate VLAN. We b – Click Pr ivate V LAN , Priv ate VLAN Info r m[...]

  • Pagina 253

    VLAN C ONFIGURATION 3-197 Configur ing Private VLANs Th e Private VLA N Config urati on pag e is u sed to c reate/ remove primar y or comm unity VLANs . Command Att ributes • VLAN I D – ID of configured VLAN (1-4093). • Type – Ther e are t wo type s of VLA Ns with in a privat e VLAN: - Primary VLANs - Conveys traf fic between pr omiscuous p[...]

  • Pagina 254

    C ONFIGURING THE S WI TCH 3-198 Associating Commun ity VLANs Eac h communit y VLAN must be associated with a pr im ary VLAN . Command Att ributes • Primary VLAN ID – ID of primary VLAN (1-4093). • Association – Commu nity V LA Ns as sociat ed wi th t he sel ect ed pri mary VLAN. • Non-Association – Co mmunit y VLANs n ot associa ted wit[...]

  • Pagina 255

    VLAN C ONFIGURATION 3-199 Displaying Priva te VLAN I nterface I nformatio n Use the Pri vate V LAN P or t Information and Pri vate V LAN T r unk Infor mation men us to display t h e interfac es associated with pri vate VLANs. Command Att ributes • Port/Trunk – The s w itch i n terface. • PVLAN Port Type – Displays p rivate VLAN port type s.[...]

  • Pagina 256

    C ONFIGURING THE S WI TCH 3-200 CLI – T his e xample show s the switc h configured with primary VLAN 5 and seco ndar y VLAN 6. P ort 3 has been con figured as a pro miscuous port and mapped to VLAN 5, while ports 4 and 5 ha ve been configured as a host ports and associated with V L AN 6. This means that traffic for p o rt 4 and 5 ca n only pa ss [...]

  • Pagina 257

    VLAN C ONFIGURATION 3-201 promisc uous p or ts . I f PVLAN Port T ype is “H ost,” then specif y the associa ted secondary VLAN . We b – Click Private VLAN, Private VLAN Port Config uration or Private VLAN T runk Configura tion. Set the PVLAN Por t Type fo r each port that will join a private VLAN . For prom iscuous po rts, set the associated [...]

  • Pagina 258

    C ONFIGURING THE S WI TCH 3-202 Class o f Service Configura tion Class of Ser vice (CoS) allows you to specify which data packets hav e greater pr ecedence when traf fic is buffered in the swit ch due to cong esti on. T his switch s uppor ts C oS with fou r prio rity que ues fo r each port. Data packets in a p ort’ s high-priority queue will be t[...]

  • Pagina 259

    C LASS OF S ER VICE C ONFIGURATION 3-203 We b – Click Priority , Defa ult P or t P riority or Defau lt T r unk Pr iority . Modify th e default p riority for any interf ace, then c lick Apply . Figure 3-88 Configuring Class o f Service per Port CLI – T his example assigns a defau lt priority of 5 to p or t 3. Console(config)#interface ethernet 1[...]

  • Pagina 260

    C ONFIGURING THE S WI TCH 3-204 Mapping CoS Val ues to Egress Queues This sw itch processes Class of Ser vice (CoS) priorit y tag ge d traffic by using four priority queues for ea ch port, with service sche dules based on W eight ed Round Robin (WR R). Up to 8 se para te traff ic prio rities are defined in IEEE 802.1p . The default priority lev els[...]

  • Pagina 261

    C LASS OF S ER VICE C ONFIGURATION 3-205 We b 18 – Click Priority , T raffic Classes. Mark an interface and click Select to disp lay th e cur rent ma pping of CoS v alues to output queues . Assign prior ities to th e traffic class es (i.e ., output qu eues) for the se lected interface, then click Apply . Figure 3-89 Configuring Traffic Classes CL[...]

  • Pagina 262

    C ONFIGURING THE S WI TCH 3-206 Selecting t he Queue Mode Y ou c an set th e switch to s er vice the qu eues bas ed on a str ict r ule that require s all traffi c in a higher priority queue t o be proce s sed bef ore low er prior ity queues are ser viced, or us e W eighted R ound-R obin (W R R) queuing th at specifies a relative weight of eac h que[...]

  • Pagina 263

    C LASS OF S ER VICE C ONFIGURATION 3-207 Setting the Service Weight for Traffic Classes Th is swi tch us es the W eight ed Roun d Robin (WR R) al g orit hm to deter mine the frequency at which it ser vices each priority queue. As described in “Mapping CoS V alues to Egress Queues” on page 3-204, the traffic classes are map ped to one o f the fo[...]

  • Pagina 264

    C ONFIGURING THE S WI TCH 3-208 CLI – The follow ing example s h ows how to as sign WRR wei ghts of 1, 4, 16 and 64 to the CoS p riority queues 0, 1, 2 and 3. Layer 3/4 Priority Settings Mapping L ayer 3/4 Prio rities to CoS Values This sw itch suppor ts several common me thods of prioritizing layer 3/4 traffic to meet application re quirements .[...]

  • Pagina 265

    C LASS OF S ER VICE C ONFIGURATION 3-209 • IP Precedence – Maps layer 3/4 priori ties using IP Preceden ce. • IP DSCP – Ma ps l ayer 3/4 priori ties using Differentiat ed Services Code Point Mapping. We b – Clic k Priority , IP Precedence/ DSCP Priority Status . Select Disabl ed, IP Preceden ce or IP DSCP from the scroll- down menu, then [...]

  • Pagina 266

    C ONFIGURING THE S WI TCH 3-210 Command Att ributes • IP Precedence Priority Table – Shows the I P Precedence t o CoS map. • Class of Service Value – Ma ps a CoS value to the selected I P Preceden ce value. Note t h at “0” represents lo w priority an d “7” repr esent high priority. Note: IP Precede n ce se ttings apply t o all inter[...]

  • Pagina 267

    C LASS OF S ER VICE C ONFIGURATION 3-211 Mapp ing D SCP Pr ior ity The DSCP is six bits wide, allo wing coding for up t o 64 different forward ing behavior s . The DSCP re pl aces th e T oS bits, and it retains backward compatibility with the three precedence bits so that non-DSCP compliant, T oS-enabled d evices, will not con flict with t he DSCP [...]

  • Pagina 268

    C ONFIGURING THE S WI TCH 3-212 Command Att ributes • DSCP Priori ty Table – Sh ows the DS CP Prio rity to C oS map. • Class of Service Value – Ma ps a CoS value to the selected DSCP Priority va lue. Note th at “0” repr esents low priority and “7” repr esent high prio rity . Note: IP DSCP setting s apply to all interfaces. We b 21 ?[...]

  • Pagina 269

    C LASS OF S ER VICE C ONFIGURATION 3-213 CLI 21 – The following ex ample globally enables DSCP Priority ser vice on the switch , maps DS CP value 0 to CoS value 1 (on p or t 5), and th en displays the DSCP Priority setting s . Mappin g IP Port Pr iority Y ou ca n also ma p network applic ations to Class of S er v ice values based on the IP port n[...]

  • Pagina 270

    C ONFIGURING THE S WI TCH 3-214 We b – Click Priority , IP P o rt Sta tus . Set IP P or t Priori ty Status to Enab led. Figure 3-95 Globall y Enabling the IP Port Priority Status We b 22 – Click Priority , IP Port Priority . Select a por t or tr unk from the Interfac e field . Enter th e por t number for a network applicatio n in the IP P ort N[...]

  • Pagina 271

    C LASS OF S ER VICE C ONFIGURATION 3-215 CLI 22 – T he following example globally enables IP Port Priority ser vice on the switch , maps HTTP tr affic (on p or t 5) to CoS value 0, and then displays the IP P or t Priority settings for that po rt . Copy Se ttings Use the Cop y Settings page to copy IP Pre cedence Prior i ty Sett ings, DSCP Priorit[...]

  • Pagina 272

    C ONFIGURING THE S WI TCH 3-216 We b – Click Priority , Copy Settings . Se lect the source priority setting s to be copi ed, e nter the so urce por t or tr unk number an d choos e the destina tion inte rface/ s to copy to, then click Copy Setting s . Figure 3-97 Mapping Priority Settings to Ports/Trunks CLI – T his fea ture not suppor ted thr o[...]

  • Pagina 273

    C LASS OF S ER VICE C ONFIGURATION 3-217 Command Usage Y ou mus t config ure an A CL mask before you can map CoS values to the rul e . Command Att ributes • Port – Port id entifier. • Name 23 – Name of ACL. • Type – Type of ACL (I P or MAC). • CoS Prio rity – CoS value used for packets matching an IP A CL rule. (Range: 0-7) We b –[...]

  • Pagina 274

    C ONFIGURING THE S WI TCH 3-218 Changing Priorities Based on ACL Rules Y ou can c hang e traffi c priorities for frames matc hing the defined A CL r ule. (This feature is common ly referre d to as A CL packet marking .) Th is switch can ch ang e the IEEE 802.1p priority , IP Precedence, or DSCP Priority of IP fra m es; or change the IEEE 802.1p pri[...]

  • Pagina 275

    C LASS OF S ER VICE C ONFIGURATION 3-219 We b – Click Priority , A CL Marker . Select a por t and an A CL r ule. T o specify a T oS priority , mark the Precedence/DSCP c heck bo x, select Preceden ce or DSCP from th e scroll-dow n box, an d enter a priori ty . T o specify an 802.1p priority , mark the 802.1p Priority c heck box, and en ter a prio[...]

  • Pagina 276

    C ONFIGURING THE S WI TCH 3-220 Mult ica st Fi lte ring Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio . A multicast s er ver does no t have to establish a sep arate conne ction wit h each clie nt. It merely broadc asts its ser vice to the ne twork, and any host s that wan t to re ceive t he mu[...]

  • Pagina 277

    M ULTICAST F ILTE RIN G 3-221 multicast host re gistration pro tocol that allows any host to info r m its local router that it wa nts t o rece ive transm issions add ressed to a specific multicast g roup . A router, or m u lticast-enabled switch, can periodically ask their hosts if they want to receive m u lticas t traffic. If there is more than on[...]

  • Pagina 278

    C ONFIGURING THE S WI TCH 3-222 Static IGM P Host In terf ace – For mult icast applicat ions that you need to control more carefully , you can manually assign a multicast ser vice to specific interfaces on the switch (page 3-228). Confi guring I GMP Snoopin g and Query Paramet ers Y ou can config ure the switch to forward multicast traffic intell[...]

  • Pagina 279

    M ULTICAST F ILTE RIN G 3-223 • IGMP Query Count — Sets the maximum number of queries issued for which t here has be en no resp onse b efore the s witch t akes action to dr op a client from the multicast group. (Range: 2-10; Default: 2) • IGMP Query Interval — Sets the fr equency at whi ch the switch sends IGMP host-query messages. (Ran ge:[...]

  • Pagina 280

    C ONFIGURING THE S WI TCH 3-224 CLI – T his example modifies the set tings for multicast filtering, and the n disp lays the current s t atus . Displaying Interfaces Attached to a Multicast Route r Multi cast routers t hat are attac hed to ports o n the switc h use information obtained from IGM P , along with a multicast routin g protocol such as [...]

  • Pagina 281

    M ULTICAST F ILTE RIN G 3-225 We b – Click IGMP Snooping, Multic ast Router P or t Infor mation. Select the req uired VLAN I D from the scro ll-down list to disp lay the asso ciated multicast routers . Figure 3-101 Mapping Multicast Switch Ports to VLANs CLI – T his example shows that Port 11 has been s tatically configured as a port attached t[...]

  • Pagina 282

    C ONFIGURING THE S WI TCH 3-226 • Port or Trunk – Specifies the interface at tached to a mul ticast router . We b – Click IGMP Snoopin g, Static Mult icast Router P or t Configuration. Specify the interfaces at tached to a multicast r outer , indicate t he VLAN which will forward all the corre sponding multicast traffic, and then click Add. A[...]

  • Pagina 283

    M ULTICAST F ILTE RIN G 3-227 • Multicast Group Port L ist – Shows the in t erface s that have already been assigned to the selected VLAN to propagate a specific multic ast servic e. We b – Click IGMP Snooping, IP Multicast R egi stration T able. Select a VLAN ID and the IP ad dress for a multicast ser vice from the scroll-down lists . T he s[...]

  • Pagina 284

    C ONFIGURING THE S WI TCH 3-228 Assigning Ports to Multicast Services Multicast filte ring can be dyna mically configured usin g IGMP Snoopin g and IG MP Que r y mes sage s as d escri bed in “Con figur ing IGM P Snoop ing and Query Parameter s” on pag e 3-222. F or certain applications that require tighter cont rol, you m ay need to s tatically[...]

  • Pagina 285

    C ONFIGURING D OMAIN N AME S ER VICE 3-229 CLI – This example assigns a m ulticast addres s to VLAN 1, and t h en displays all the known multicast ser vices suppor te d on VLAN 1. Configu ring Domain N ame Service The Domain Naming System (DNS) ser vice on this switch allows host names t o be mappe d to IP add resses u sing s tatic table entries [...]

  • Pagina 286

    C ONFIGURING THE S WI TCH 3-230 through the do main list, append ing each domain name in the list to the host nam e, and checki ng with the specified name s ervers for a m atch. • When more than on e name ser ver is specified, t h e servers a re querie d in the sp ecified sequ ence until a response is r eceived, or th e end of the li st is reache[...]

  • Pagina 287

    C ONFIGURING D OMAIN N AME S ER VICE 3-231 We b – Select DNS, General Configuration. Set the default domain name or lis t of domain name s, sp ecify one or mo re name ser v ers to use f or address resolution, enable domain lo okup status , and click Apply . Figure 3-105 Configuring DNS[...]

  • Pagina 288

    C ONFIGURING THE S WI TCH 3-232 CLI - T his example sets a default domain name and a domain list. Howev er, remember that if a domain list is specified, the default domain name is not u sed. Configuring Stat ic DNS Host to Address Entries Y ou can manually configure static entries in th e DNS table that are used to map domain names to IP addr esses[...]

  • Pagina 289

    C ONFIGURING D OMAIN N AME S ER VICE 3-233 • Alias – Displays th e host na mes that are mapp ed to the same address(es) as a pre viously configur ed entry. We b – Select DNS , Static Hos t T a ble. Enter a host name and one or more correspondin g addresses , then clic k Apply . Figure 3-106 Mapping IP Addresses to a Host Name[...]

  • Pagina 290

    C ONFIGURING THE S WI TCH 3-234 CLI - T his exam ple maps tw o address to a hos t name , and then config ures an alias ho st name fo r the same a ddresse s . Displaying the DNS Cache Y ou can d isplay ent ries in the DNS cache that h ave b een learned via the desi gnated name ser vers. Field Attribut es • No – The entr y number for each r esour[...]

  • Pagina 291

    C ONFIGURING D OMAIN N AME S ER VICE 3-235 We b – Se l e ct D NS, C a ch e. Figure 3-107 Displaying the DNS Cache CLI - T his exa m ple d isplays all the resource records l earned from th e desi gnated name ser vers. Conso le#sh ow dn s cache 4-293 NO FL AG TYPE IP TTL DO MAIN 0 4 CNAME 20 7.46.13 4.222 51 ww w.mic rosoft. akad ns.ne t 1 4 CNAME [...]

  • Pagina 292

    C ONFIGURING THE S WI TCH 3-236[...]

  • Pagina 293

    4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This ch apter descr ibes how t o use the Comma nd Line Int erface (CLI). Using the Com m and Line Interface Accessing the CLI When acces sing the man ag ement i nterface for the switc h ov er a direct connec tion to the s er v er’ s console po r t, or via a T elnet conn ection, the switch ca n be manag e [...]

  • Pagina 294

    U SING THE C OMMAND L INE I NTERFACE 4-2 After c onnecting to the sy stem through the consol e port , th e login screen displ ays: Telnet Conn ection T elnet operates over the IP transpo r t protocol. In this envi ronment, y o ur manageme nt station a nd any netw ork devi ce you w ant to manage o ver the network must hav e a valid IP address . V al[...]

  • Pagina 295

    C OMMAND L INE I NTE RF ACE 4-3 After y ou configure t he switch wi th an IP addre s s , you can open a T elnet session by perfo r ming the se st eps. 1. Fr om the remote host, ente r the T elnet comma nd and the IP a ddress of the de vice you want to ac cess. 2. At the prom pt, enter the user name and sy stem pass w o rd. T he CLI will display the[...]

  • Pagina 296

    E NTERING C OMMANDS 4-4 Y ou can e nter commands as follows : • To ent er a simple c ommand, ente r the command key word. • To enter multiple commands , enter each command in the required order. For ex am ple, to ena ble P rivi leg ed Ex ec com man d mod e, an d disp lay t he startup con figuration, enter: Console> enable Console# show start[...]

  • Pagina 297

    C OMMAND L INE I NTE RF ACE 4-5 Database). Y ou can also display a list of valid k eyword s for a specific comma nd. F or example , the c ommand “ show ? ” displays a list of possible show comma nds: The co mmand “ show interfaces ? ” will display the following infor m ation: Console#show ? access-group Access groups access-list Access list[...]

  • Pagina 298

    E NTERING C OMMANDS 4-6 Partial Keywor d Lookup If yo u ter minate a partial keyw ord with a question mark, alt er nativ es that match the initial letters are provided. ( Re me mber not to leave a space betw een the command and question m ark.) F or example “ s? ” sh ows all the keyw ords starting with “s . ” Negating th e Effect of Command[...]

  • Pagina 299

    C OMMAND L INE I NTE RF ACE 4-7 mode . Y ou can alw ays ente r a question ma rk “ ? ” at the prom pt to d isplay a list of the commands avai lable for the cur rent mode . The command classe s and as soci ated mode s are d ispl ayed in the fo llowing tabl e: Exec Commands When y ou open a ne w console s ession on the switc h with th e user name [...]

  • Pagina 300

    E NTERING C OMMANDS 4-8 Confi g urati on Commands Configuration commands are privileged level commands used to modify switch setting s . Th ese command s modify the r unn ing configuration on ly and are not save d when the switc h is rebo oted. T o store the runnin g config uration in nonvolatile stor age, use the copy runni ng-config star tup-conf[...]

  • Pagina 301

    C OMMAND L INE I NTE RF ACE 4-9 T o ente r the other m odes, at the config uration pro mpt type one o f the follo wing commands . Use the exit or end command to return to the Pri vileged Exec mo de. F or examp le, you ca n us e the fo llowing com man ds to e nter i nterf ace config uration m ode, and th en ret ur n to Privileg ed E xec mode. Table [...]

  • Pagina 302

    E NTERING C OMMANDS 4-10 Command Line Pro cessing Commands are not case sensitiv e. Y ou can abbrevi ate commands and para mete rs as l ong a s they cont ain eno ugh le tter s to d iffer ent iate t hem from any ot her cur rentl y ava ilable comm ands or par ameters . Y ou can us e the T ab key to complete partial comm ands , or enter a partial comm[...]

  • Pagina 303

    C OMMAND L INE I NTE RF ACE 4-11 Comman d Groups The syst em commands c an be br oken do wn into th e functional groups shown below . Table 4-4 Command Group Index Command Group Descripti on Page Line Sets communicati on parameters for the seri al port and Telnet, includ ing baud rate and cons ole time-out 4-1 4 General Basic command s for entering[...]

  • Pagina 304

    C OMMAND G RO UP S 4-12 The access m ode shown i n the follow ing tables i s indi cated by thes e abbr eviations: NE (Nor mal Exec) IC (Int erface Configuration) PE (Privileged Exec) VC (VLAN Database Configuration GC (Global Con figuration) ACL (Acce ss Control List Config uration) LC (Line Configuration) Power over Ethernet * Configure s power ou[...]

  • Pagina 305

    C OMMAND L INE I NTE RF ACE 4-13 Line Co mma nds Y ou can access the onboard configuration pr og ram by attac hing a VT100 compa t ible d evice to th e switch’ s seria l port. These comman ds are used t o set communication parameters for the serial por t or T e lnet (i.e., a virtual ter mina l). Table 4-5 Line Commands Command Func tion Mode Page[...]

  • Pagina 306

    L IN E C OMMANDS 4-14 line This command identifies a sp ecific line for configuration , and to process subse quent line config uration c omma nds . Syntax line { console | vty } • console - Console terminal line. • vty - Virtual terminal for r emote console acces s (i.e., Telnet). Default Setting There is n o default line. Command Mode Global C[...]

  • Pagina 307

    C OMMAND L INE I NTE RF ACE 4-15 login This command enables pass word c hecking at l ogin. Use the no for m to disable password checki ng and a llow conne ction s withou t a pass word. Syntax login [ local ] no login local - Selects loc al password c he cking . Authentication is based on the user name s pecif ied with t he user name command. Defaul[...]

  • Pagina 308

    L IN E C OMMANDS 4-16 Related Commands username (4-34) password (4-16) passwo rd This command s p ecifi es the pa ssword fo r a line. Use t he no f or m to rem ove the pas sword. Syntax password { 0 | 7 } password no passw ord •{ 0 | 7 } - 0 mean s plain password, 7 mean s encryp t ed pas s word • password - Character string that specifies the [...]

  • Pagina 309

    C OMMAND L INE I NTE RF ACE 4-17 Related Commands login (4-15) password-thre sh (4-19 ) time out l ogin resp ons e This c ommand sets the inte r val that the system waits for a user to log in to the CL I. Use t he no for m to restor e the defau lt setting. Syntax timeout login response [ second s ] no timeout login response seconds - In teger that [...]

  • Pagina 310

    L IN E C OMMANDS 4-18 exec-ti meout This c ommand sets the inter val that the system waits until user in put is detected. Use the no form to res tore the defa ult. Syntax exec-timeout [ sec onds ] no exec-timeout seconds - In teger that specifies the number of second s . (Range: 0 - 65535 seconds; 0: no timeout) Default Setting CLI and T elnet: 600[...]

  • Pagina 311

    C OMMAND L INE I NTE RF ACE 4-19 passwo rd-th resh This c ommand sets th e password intr usion th reshold which limits t he number of failed logo n attempts. Us e the no for m to remov e the threshold val u e. Syntax passw ord-thresh [ thr e shol d ] no passw ord-thresh thr eshold - The numb er of all owed passw ord att empts . (Range: 1-120; 0: n [...]

  • Pagina 312

    L IN E C OMMANDS 4-20 silent-tim e This c ommand sets the amo unt of time the manag eme nt conso le is inacce ssible after th e number of unsuccessful lo g on attempt s exceed s the threshold set by the pas sword-t hr es h co mmand . Use th e no for m to remov e the silent ti me value . Syntax silent-tim e second s no silent-time seconds - T he num[...]

  • Pagina 313

    C OMMAND L INE I NTE RF ACE 4-21 Default Setting 8 data bits per c haracter Command Mode Line Configuration Command Usage The databits co mmand can be u s ed to mask the high bit on input from devices th at g enerate 7 d ata bits w ith par ity . If pari ty is being g ene rated, s pe c i f y 7 d a t a b i t s p e r c h a r a c t e r . I f n o p a r [...]

  • Pagina 314

    L IN E C OMMANDS 4-22 Command Usage Communic ation pr otoc ols prov ided by dev ices s uch as te r mina ls an d modems o ften req uire a sp ecific par ity bit se tting. Example T o spec ify no parity , enter t h is co mmand: speed This c ommand sets th e ter minal line’ s baud rate. This co mmand sets both the tr ansmit (to te r minal) and recei [...]

  • Pagina 315

    C OMMAND L INE I NTE RF ACE 4-23 stopbits Th is command se ts the number of the stop bits tran smitted pe r byte. Use the no for m to r estore th e defau lt settin g . Syntax stopbits { 1 | 2 } • 1 - On e stop bit • 2 - Two s top bits Default Setting 1 stop bit Command Mode Line Configuration Example T o spec ify 2 stop bits , ente r this comma[...]

  • Pagina 316

    L IN E C OMMANDS 4-24 Example Related Commands show ssh (4-53) show users (4-80) show line This comm and displays the ter minal line ’ s parameters . Syntax show li ne [ console | vty ] • console - Console terminal line. • vty - Virtual terminal fo r remote console acces s. Default Setting Shows all line s Command Mode Nor mal Exec, Pri vile [...]

  • Pagina 317

    C OMMAND L INE I NTE RF ACE 4-25 General Comman ds enable This c ommand activates Pri v ilege d Exec mode . In privileged mo de, addition al commands are av ailable, an d cer tain commands dis p lay add itional infor mation . See “ Und ersta nding Command Mo des” on page 4-6. Syntax enab le [ leve l ] leve l - Privilege level to log into the de[...]

  • Pagina 318

    G ENERA L C OMMANDS 4-26 Command Usage • “supe r” is the default passwo rd required to c hange the command mode from Normal Exec to Priv ileged Exec. (To s et this password, se e the enable passwor d command on page 4-36.) • The “# ” char acter is appen ded to t he end of the prompt t o indic ate tha t the syste m is in privilege d acce[...]

  • Pagina 319

    C OMMAND L INE I NTE RF ACE 4-27 configu re This comm and activates Global Configuration mode. Y ou must enter this mode to m odify any setting s on the switch. Y ou must al so ente r Glob al Config uration mode pri o r to en abling some o f the ot her conf igurat ion modes, including Interf ace Co nfiguratio n, Line Config uration, V LAN Database [...]

  • Pagina 320

    G ENERA L C OMMANDS 4-28 Example In this exam ple, the s how his tor y c omma nd list s the c onte nts of th e comma nd history buffe r: The ! command re peats c ommand s from the Execution c omma nd histor y buffer wh en you are in Nor mal Ex ec or Priv ileg ed Ex ec Mode , and comma nds fr om the Configur ation comm and history buffer w hen yo u [...]

  • Pagina 321

    C OMMAND L INE I NTE RF ACE 4-29 Example Th is example shows how to res et the sw itch: end This command returns to Privile g ed Ex ec mode. Default Setting None Command Mode Global Configuratio n, Interface Co nfiguration, Line Configura tion, VLAN Da tabase Con figura tion, and Mult iple Spanning T re e Configuration. Example This examp le shows [...]

  • Pagina 322

    G ENERA L C OMMANDS 4-30 Example This examp le shows ho w to return to the Privi leged Exec m ode from the Global Configur ation mode , and th en quit the CLI session : quit Use this command to exi t the configurat ion program. Default Setting None Command Mode Nor mal Exec, Pri vile ged Exec Command Usage The quit and exit co mm ands ca n both exi[...]

  • Pagina 323

    C OMMAND L INE I NTE RF ACE 4-31 System Mana gemen t Commands These comman ds are used to control syst em logs , passw ords , user names , browser config uratio n optio ns, and disp lay or con figure a variety of othe r system infor mat ion. Table 4-7 System Management Com man ds Command G roup Function Page Device Designa tio n Configures informat[...]

  • Pagina 324

    S YSTEM M ANAGEM ENT C OMMANDS 4-32 Device Designation Commands prom pt Th is command custo mizes the CL I prom pt. U se the no f o r m t o r e ve r t t o t h e defau lt pro mpt. Syntax prompt st ring no prompt string - Any alph anumeric string to use for the comman d prompt. (Maximu m length: 255 ch aracters) Default Setting Consol e Command Mode [...]

  • Pagina 325

    C OMMAND L INE I NTE RF ACE 4-33 hostnam e This command specifies or modifi es the host name fo r this device. Us e the no for m t o restore the defau lt hos t name. Syntax hostname name no hostname name - T he name of this host. (Maximum length: 255 c haracters) Default Setting None Command Mode Global Config uration Example light un it This comm [...]

  • Pagina 326

    S YSTEM M ANAGEM ENT C OMMANDS 4-34 User Access Commands The basic c ommands requir ed for management access are l i sted i n this sectio n. T his swit ch also incl udes ot her options f or pas sword checking vi a the cons ole or a T elnet connec tion (page 4-13), user authentication vi a a remote authentica tion ser ver ( page 4-151), and host acc[...]

  • Pagina 327

    C OMMAND L INE I NTE RF ACE 4-35 Default Setting • The default access level is Normal Exec. • The f actor y def aults f or the u ser na mes and passw ords are: Command Mode Global Config uration Command Usage The en cr ypted password is required for compatibility with leg acy pas sword settings (i.e ., plain text or en cr ypted) when readin g t[...]

  • Pagina 328

    S YSTEM M ANAGEM ENT C OMMANDS 4-36 enable password After initially log g ing onto the syste m, you should set the Privileged Exec passw ord. Remember t o record it in a safe place. Use this command to control access to the P rivileged Ex ec leve l from the Normal Ex ec level. Us e the no for m to r eset the d efault pa ssword. Syntax enable pas sw[...]

  • Pagina 329

    C OMMAND L INE I NTE RF ACE 4-37 Related Commands enable (4-25) auth enticati on enabl e (4-99) IP Filter Commands management This c ommand sp ecifies the clien t IP addresses that are allowed man ag ement access to the switch thro ugh various pr otocol s. Use the no for m to restore the de fault set ting . Syntax [ no ] m anagement { all-client | [...]

  • Pagina 330

    S YSTEM M ANAGEM ENT C OMMANDS 4-38 Command Usage • If anyo ne tries to access a manag ement interface on the switch from an invalid a ddress, the switch will rej ect the connect ion, enter an eve nt message in the s ystem log, and send a trap messag e t o the trap manag e r. • IP addre ss can be conf i gured f or SNMP, web a nd Telnet acces s [...]

  • Pagina 331

    C OMMAND L INE I NTE RF ACE 4-39 Example Web Server Co m mands Console#show management all-client Management Ip Filter Http-Client: Start ip address End ip address ----------------------------------------- ------ 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 Snmp-Client: Start ip address End ip address ----------------------------------[...]

  • Pagina 332

    S YSTEM M ANAGEM ENT C OMMANDS 4-40 ip http port This command specifies the T CP por t numb er used by t h e web browser interface. Use the no form to use the defa ult por t. Syntax ip http por t port-number no ip http por t por t-nu mbe r - Th e T C P p o rt t o be u s e d b y t h e b r o w s e r i n t e r f a c e . (Range: 1-65535) Default Settin[...]

  • Pagina 333

    C OMMAND L INE I NTE RF ACE 4-41 Example Related Commands ip http po rt (4-40) ip http secur e-server This c ommand enab les the s ecure h ypertext tran sfer prot ocol (HTTP S) ov er the Sec ure Socke t Layer (SSL) , providi ng secure acce ss (i.e ., an encrypted conne ction) to the switch’ s web interfa ce. Use the no fo r m to d isab le thi s f[...]

  • Pagina 334

    S YSTEM M ANAGEM ENT C OMMANDS 4-42 • The f ollowing w eb brow sers a nd oper ating sy stems c urre ntly s upport HTTPS: • To sp ecify a secur e-sit e cer tific ate, see “R epla cing th e Def ault Se cure -sit e Certificate” on page 3-77. Also refer to the copy command on page 4-82. Example Related Commands ip http sec ure-por t (4-42) copy[...]

  • Pagina 335

    C OMMAND L INE I NTE RF ACE 4-43 Command Usage • You can not configure t he HTTP and HTTPS servers to us e the same port . • If yo u change the H TTPS p ort numb er, cl ients attemp ting to c onnec t to the HT T PS se rver must specif y the port number in the URL, in this for mat : https:// de vic e : port_number Example Related Commands ip htt[...]

  • Pagina 336

    S YSTEM M ANAGEM ENT C OMMANDS 4-44 Default Setting •S e r v e r : E n a b l e d • Se rve r Po rt: 23 Command Mode Global Config uration Example Secure Sh ell Commands The Berkley-stan dard includes remote access tools origin ally designed for Unix sy stems . Some of these tools have also been im plemented fo r Microsoft Windo ws and othe r env[...]

  • Pagina 337

    C OMMAND L INE I NTE RF ACE 4-45 The SSH se r ver on t his swi tch supp or ts both passwo rd and publi c key authen tication. If p assw o rd authen tication is sp ecified by the SSH clie nt, then the password can b e authen ticated either loc ally or via a RADI US or TA C A CS+ remote authe nticatio n ser ver, as specified by the authenticatio n lo[...]

  • Pagina 338

    S YSTEM M ANAGEM ENT C OMMANDS 4-46 switch as de scribed in the following se ction. No te that reg ardless of wh ether you use public key or passw ord authenticatio n, you still hav e to g enerate authen tication k eys on the switch a nd enable th e SSH server . T o use the SS H ser ver, complete these s te ps: 1. Gene rate a Host Key Pair – Us e[...]

  • Pagina 339

    C OMMAND L INE I NTE RF ACE 4-47 5. Enable SS H Service – Use the i p ssh ser ver command to enable the SSH server on the swit ch. 6. Configur e Challenge-R esponse A uthentication – Whe n an SSH client attempt s to contac t the switc h, the SSH server u ses the hos t ke y pair t o negotiate a ses sion key a nd encr yption method. Onl y clients[...]

  • Pagina 340

    S YSTEM M ANAGEM ENT C OMMANDS 4-48 Command Usage • The SS H server support s up to fou r client se ssions. Th e maximu m number of client session s include s both curr ent Telnet se ssions and SSH session s. • The S SH se rver uses DSA or RSA for key exc hange when t h e cli ent firs t estab lishes a conn ection with the switch, and then neg o[...]

  • Pagina 341

    C OMMAND L INE I NTE RF ACE 4-49 Command Usage The time out specifies the inter val the switch will wait for a response from t he client du ring the SSH n eg otiation ph ase. On ce an SSH session has bee n establis hed, the t imeout for us er input i s control led by the exec-timeout comman d for vty sessio ns. Example Related Commands ex ec-timeou[...]

  • Pagina 342

    S YSTEM M ANAGEM ENT C OMMANDS 4-50 ip ssh server-key size This command sets the SSH server key size . Use the no for m to restor e the default se tting. Syntax ip ssh ser ver -key siz e ke y - s i z e no ip ssh ser ver -key siz e key -s i z e – T he size of ser ver ke y . (Range : 512-896 bits) Default Setting 768 bits Command Mode Global Config[...]

  • Pagina 343

    C OMMAND L INE I NTE RF ACE 4-51 Example ip ssh crypt o host-key gener ate Use th is command to generate the host key p air (i.e ., public and pri vate). Syntax ip ssh cr ypto host-key generate [ ds a | rsa ] • dsa – DSA ( Version 2) key typ e. • rsa – RSA (Version 1) key type. Default Setting Generat es both the DSA and RSA key pa irs. Com[...]

  • Pagina 344

    S YSTEM M ANAGEM ENT C OMMANDS 4-52 ip ssh crypto zer oize This comma nd clears the ho st key from memor y (i.e . RAM). Syntax ip ssh cr ypto zeroize [ dsa | rsa ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Clears b oth the DS A and RSA key . Command Mode Pri vileged Exec Command Usage • This co mmand clears the ho st ke[...]

  • Pagina 345

    C OMMAND L INE I NTE RF ACE 4-53 Default Setting Saves both the DSA and RSA key . Command Mode Pri vileged Exec Example Related Commands ip ssh cr y pto host-key gene rate (4-51) show ip ssh This comma nd displa ys the connection s ettings used when authenti cating client access to the SS H ser ver . Command Mode Pri vileged Exec Example show ssh T[...]

  • Pagina 346

    S YSTEM M ANAGEM ENT C OMMANDS 4-54 Table 4-16 show ssh - d i splay description Field Description Session The session numb er. (Range: 0-3) Version The Secure She ll versio n number. State The a uthentica tion neg otiation s tate. (Values: Negotiation-St a rte d, Authentication - Started, Session-Started) Username The user name of the client. Encry[...]

  • Pagina 347

    C OMMAND L INE I NTE RF ACE 4-55 show publ ic-key This comma nd shows the public key for the s pecified use r or for the host. Syntax show public-k ey [ user [ user name ]| host ] user na me – Name of an SSH user . (Range: 1-8 chara cters) Default Setting Shows all public keys. Command Mode Pri vileged Exec Command Usage • If no p arameters are[...]

  • Pagina 348

    S YSTEM M ANAGEM ENT C OMMANDS 4-56 Example Event Lo gging Comma nds Console#show public-key host Host: RSA: 1024 35 15684995401867669259333946775054617325313 6748908365472541502024559319 98685443583616519999233297817660658309586 1082591321289023376546801726 27257141342876294130119619556678259566410 4869574278881462065194174677 29848654686157177393[...]

  • Pagina 349

    C OMMAND L INE I NTE RF ACE 4-57 loggi ng on This comm and controls log ging of er ror messag es , sending debug o r error messag es to switch memor y . The no for m disa bles the logging proces s . Syntax [ no ] loggi ng on Default Setting None Command Mode Global Config uration Command Usage The log gin g proces s controls er ror messa g es sa ve[...]

  • Pagina 350

    S YSTEM M ANAGEM ENT C OMMANDS 4-58 • ram - Eve nt history stor ed in temp orary RAM (i.e. , memory flushe d on powe r reset). • level - One of the syslog severit y levels listed in the follow ing table. Messag es sent include t he selected l evel down to level 0. Default Setting • Flash: erro rs (level 3 - 0) • RAM: in form ationa l (lev e[...]

  • Pagina 351

    C OMMAND L INE I NTE RF ACE 4-59 loggi ng host This comm and adds a syslog ser ver host IP address that will receive log ging messages . Use the no for m to remo ve a s yslog server ho st. Syntax [ no ] lo gging host host_i p_addr ess host_ip_ addr ess - The IP addres s of a syslo g ser ver. Default Setting None Command Mode Global Config uration C[...]

  • Pagina 352

    S YSTEM M ANAGEM ENT C OMMANDS 4-60 Command Usage The com mand specifies the facility type tag se nt in syslog me ssages. (See RFC 3164.) This type has no effect on the kind of messages reported by the swi tc h. H ow ev er , it may be u sed b y t he sys log serve r to sort me ssa g es or to sto re m essag es in the cor re spond ing datab ase. Examp[...]

  • Pagina 353

    C OMMAND L INE I NTE RF ACE 4-61 clear l og Use this command to cle ar messages from t h e log bu ffer . Syntax clear lo g [ fla s h | ram ] • fla sh - Even t history s tored in flas h memory (i.e. , permanent memo ry). • ram - Eve nt history stor ed in temp orary RAM (i.e. , memory flushe d on powe r reset). Default Setting Flash and RAM Comma[...]

  • Pagina 354

    S YSTEM M ANAGEM ENT C OMMANDS 4-62 Default Setting None Command Mode Pri vileged Exec Example The following example shows that sys tem log gin g is enabled, the me ssage level for flash memor y is “errors ” (i.e., default lev el 3 - 0), and the message level for RAM is “debug ging” (i.e., default level 7 - 0). The follo wing exampl e displ[...]

  • Pagina 355

    C OMMAND L INE I NTE RF ACE 4-63 Related Commands show log gin g sendmail (4 -68) show log This comma n d disp lays the l o g messa g es stored in local memory . Syntax show log { fl a s h | ram } • fla sh - Even t history s tored in flas h memory (i.e. , permanent memo ry). • ram - Eve nt history stor ed in temp orary RAM (i.e. , memory flushe[...]

  • Pagina 356

    S YSTEM M ANAGEM ENT C OMMANDS 4-64 Example The follo wing exampl e shows t he even t message stored in RAM. SMTP Ale rt Co mm and s Config ures SMTP ev ent handl ing, and forward ing of alert mess ages to the specif ied SMTP servers and e mail recipi ents . loggi ng sendmail host This c ommand specifies SMTP se r vers that will be sent alert me ss[...]

  • Pagina 357

    C OMMAND L INE I NTE RF ACE 4-65 Default Setting None Command Mode Global Config uration Command Usage • You can specify up to three SMTP ser v ers for event handing . However, you mu st enter a sep arate comman d to specify each server. • To se nd email aler ts, the sw itch first open s a connect ion, sends a ll the email alerts waiting in the[...]

  • Pagina 358

    S YSTEM M ANAGEM ENT C OMMANDS 4-66 Command Usage The spe cified level indicates an event thresh old. All events at this level or higher w ill be sen t to the configured email recipient s . (For example, using Level 7 will repor t all events from level 7 to level 0.) Example This example will send em ail alerts for syst em errors from level 3 throu[...]

  • Pagina 359

    C OMMAND L INE I NTE RF ACE 4-67 loggi ng send m ail dest ination-email This command specifies the email recipient s of a l ert messages . Use the no for m to rem ove a recipient. Syntax [ no ] logging sendmail destina ti on-email email -address email-address - The re cip ient email ad dress for a ler t mess ages. (Ran ge : 1- 41 char acte rs) Defa[...]

  • Pagina 360

    S YSTEM M ANAGEM ENT C OMMANDS 4-68 Example show lo gging sendmai l Th is com man d dis plays th e set ting s for th e SM TP even t han dler. Command Mode Nor mal Exec, Pri vile ged Exec Example Ti me Comm ands The sys tem clock can be dynami cally set by polling a set of spe cified time ser vers (N TP or SNTP ). Maintain ing an accu rate time o n [...]

  • Pagina 361

    C OMMAND L INE I NTE RF ACE 4-69 sntp client This comm and enables SNTP client re quests for time synchronization from NTP or SN TP time servers specified with the sntp se r ver s comma nd. Us e the no for m to disable SNT P client reque s ts . Syntax [ no ] sntp client Default Setting None Command Mode Global Config uration Command Usage • The t[...]

  • Pagina 362

    S YSTEM M ANAGEM ENT C OMMANDS 4-70 Example Related Commands sntp ser ver (4 -70) sntp poll (4-71) show sntp (4-72) sntp server This comma nd sets the IP address of t he ser ver s to whic h SNTP time request s are issued. Use the this command w ith no argum ents to clea r all time ser vers from the cur rent lis t. Syntax sntp server [ ip1 [ ip2 [ i[...]

  • Pagina 363

    C OMMAND L INE I NTE RF ACE 4-71 Command Usage This c ommand specifi es time ser vers from which the switch wil l poll for time update s when set to SNTP client mode. Th e client will po ll the time servers in the order specifi ed until a resp onse is recei ved. I t iss ues time synchro nizatio n reque sts bas ed on th e inter val set v ia the sntp[...]

  • Pagina 364

    S YSTEM M ANAGEM ENT C OMMANDS 4-72 Related Commands sntp clien t (4-69) show sntp This c ommand displays the cur rent time and configuratio n settings for th e SNTP clie nt, and ind icates whethe r or not the lo cal time has been properl y updated . Command Mode Nor mal Exec, Pri vile ged Exec Command Usage This comman d displa ys the current time[...]

  • Pagina 365

    C OMMAND L INE I NTE RF ACE 4-73 clock timezon e This command sets the time z one for the swit ch’ s internal clo ck. Syntax clock timezone name hour ho urs minute minutes { before-utc | after-utc } • name - Name of timezone, usually an acronym. (Default: UTC; Range: 1-29 character s) • hours - N umber of hours b efore UTC (0- 12) or after UT[...]

  • Pagina 366

    S YSTEM M ANAGEM ENT C OMMANDS 4-74 calendar set This comman d sets the sys tem cloc k . It m a y be used i f there is n o time s er ver on y our netw ork, or if you h ave no t configured the switc h to recei ve sig nals from a time ser v er. Syntax calendar set hour min sec { month day y ear | day mont h year } • hour - Ho ur in 24-hour format. [...]

  • Pagina 367

    C OMMAND L INE I NTE RF ACE 4-75 Example This examp le shows ho w to dis play the cur rent sys tem cloc k setting . Sys tem S tatu s Com ma nds show startup-config This comman d displays the configuration file stored in non-volatile memor y that is use d to star t up th e system. Default Setting None Command Mode Pri vileged Exec Command Usage • [...]

  • Pagina 368

    S YSTEM M ANAGEM ENT C OMMANDS 4-76 • This command disp lays settings for key command modes. Each mo de group is separ ated by “! ” symbols, and incl udes the conf iguration mode command, and corresponding commands. This comman d displays the following inform ation: - Users (names and acc ess levels) - SNMP community strings - Event logging c[...]

  • Pagina 369

    C OMMAND L INE I NTE RF ACE 4-77 Related Commands show r unn ing-co nfig (4-7 7) show runnin g-config This comma n d disp lays the configur ation infor m ation cur rently in use. Default Setting None Command Mode Pri vileged Exec Command Usage • Use this comman d in conjuncti on with the show startup-config command to compare the information in r[...]

  • Pagina 370

    S YSTEM M ANAGEM ENT C OMMANDS 4-78 Example Related Commands show star tup-con fig (4-75) Console#show running-config ! IP address DHCP ! phymap 00-04-e2-b3-16-c0 00-30-f1-b0-e9-8 0 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00 -00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 10.1.0.19 0.0.0.0 0.0.0.0 ! snmp-server commu[...]

  • Pagina 371

    C OMMAND L INE I NTE RF ACE 4-79 show system This c ommand displays system infor mation . Default Setting None Command Mode Nor mal Exec, Pri vile ged Exec Command Usage • For a descripti on of the it ems shown by this com mand, refe r to “Displaying Sy stem Information ” on page 3-13. • The POST re sults should all display “PASS.” If a[...]

  • Pagina 372

    S YSTEM M ANAGEM ENT C OMMANDS 4-80 show us ers Shows all activ e console and T elne t sessions, including user name, idle time, and IP ad dress of T elnet clie nt. Default Setting None Command Mode Nor mal Exec, Pri vile ged Exec Command Usage Th e sessi on us ed to execute t his comma nd is indic ated by a “*” s ymbo l next to t he Li ne (i.e[...]

  • Pagina 373

    C OMMAND L INE I NTE RF ACE 4-81 Command Mode Nor mal Exec, Pri vile ged Exec Command Usage See “Disp laying Swi tch Hardware/ Software V ersio ns” on pag e 3- 15 for detailed infor mation on the items d isplayed by this comm and. Example Flash/File Commands These comma nds are used to manage the system code or configurat ion fil es. Console#sh[...]

  • Pagina 374

    F LASH /F ILE C OMMANDS 4-82 copy Use th is command to mov e (uploa d/downlo ad) a code image or configu ration file between the switch’ s flash memor y and a TFTP se r ver . Whe n you save the system code or con figurat ion setting s to a file on a TFTP ser ver, that file can later be downloaded to the switch to restore system operation. The s u[...]

  • Pagina 375

    C OMMAND L INE I NTE RF ACE 4-83 Command Usage • The system promp ts fo r data requi red to comple te th e copy comma nd. • The dest ination file name sho uld not cont ain slashes ( or /), the leading letter of the file name should not be a pe riod (. ), and t he maximum l ength for file names on the TFTP server is 127 characters or 31 charact[...]

  • Pagina 376

    F LASH /F ILE C OMMANDS 4-84 Example The follo wing exam ple show s how to upload the co nfiguration settings to a file on the TFTP ser ver . The follo wing exam ple show s how to copy the running conf iguration to a star tup file. Th e following examp le shows how to down l oad a co nfiguration file. This examp le shows ho w to copy a secure-site [...]

  • Pagina 377

    C OMMAND L INE I NTE RF ACE 4-85 This exampl e shows ho w to copy a p ublic-key used by SSH from an TFTP server . No te that pu blic ke y authen ticatio n via SSH i s only su pported for users configured locally on the switch. This ex3ampl e shows how to do w nload a P oE control ler file (to the SMC6824MPE or SMC6826MPE) from a TFTP server . This [...]

  • Pagina 378

    F LASH /F ILE C OMMANDS 4-86 delet e This comm and deletes a file or imag e. Syntax delete [ unit :] filename filename - Name of the configuration file or image name. unit - Specifies the stac k unit. (Range: 1-8) Default Setting None Command Mode Pri vileged Exec Command Usage • I f t h e f i l e t y p e i s u s e d f o r s y s t e m s t a r t u[...]

  • Pagina 379

    C OMMAND L INE I NTE RF ACE 4-87 dir This comm and displays a list of files in flash me mor y . Syntax dir [ unit : ] {{ boot-rom: | config: | opcode: } [ filename ]} The type of file or image t o display includes: • boot -rom - Boot R OM (or diagnostic) image file • config - Switch configuration file • opco de - Run-time operatio n code imag[...]

  • Pagina 380

    F LASH /F ILE C OMMANDS 4-88 Example The following example shows how to display all file infor m ation: whichboo t This comma nd displa ys which files were booted when the syste m po wered up . Command Mode Pri vileged Exec Example This exa m ple shows th e infor mation displayed by the whichboot command. See the table under the dir command for a d[...]

  • Pagina 381

    C OMMAND L INE I NTE RF ACE 4-89 boot syst em Use th is command to specify t he file or image us ed to start up the sys tem. Syntax boot system [ unit : ] { boot-rom | config | opcode }: filenam e The ty pe of file or imag e to set a s a default inc ludes: • boot-rom * - Boot ROM. • config * - Configuration file. • opco de * - Ru n-time op er[...]

  • Pagina 382

    P OWER OVER E THER NET C OMMANDS 4-90 Power ov er Etherne t Comman ds Th e comm ands in this g roup c ontro l the power tha t can be delivered to attached P oE devices through the switch por ts on the SMC6824MPE and SMC6826MPE. The swit ch’ s power manag ement enables total switch power and individual por t power to be cont rolle d within a confi[...]

  • Pagina 383

    C OMMAND L INE I NTE RF ACE 4-91 power mainpower maximu m allocation This command defines a pow er budget for the switch (i .e., th e power av ailable to all switch ports ). Use the no fo r m to restore the default setting . Syntax pow e r mainpower maximum allocation < wat ts > [ unit unit ] • watts - The power budget for the switch. (Rang[...]

  • Pagina 384

    P OWER OVER E THER NET C OMMANDS 4-92 Default Setting Disabled Command Mode Global Config uration Command Usage • The sw itch auto matically detects a tta ched PoE de vice s by peri odically transmitting test voltages th at over the 10 /100BASE-TX ports. W hen an 802.3af compatible device is plugged into one of these ports, the powere d device re[...]

  • Pagina 385

    C OMMAND L INE I NTE RF ACE 4-93 powe r inline This command i nstructs the swi tch to automati cally detect if a PoE-compl iant device is connected to the specified port, and tur n power on or off ac cordingly . Use the no form to turn off po wer fo r a port. Syntax [ no ] power inline Default Setting Detecti on is enabled for P oE-compliant device[...]

  • Pagina 386

    P OWER OVER E THER NET C OMMANDS 4-94 Command Mode Interf ace Configuratio n Command Usage If a device is connected to a switch p ort and the switch det ects that it requir es more th an the maximum power alloca ted to t he por t, no power is su pplied to t he device (i.e. , port pow er remai ns off). Example powe r inline prio rity This comma nd s[...]

  • Pagina 387

    C OMMAND L INE I NTE RF ACE 4-95 • Powe r is dropped f rom low-pri ority ports in sequenc e starting fro m port number 1. Example Related Commands power mainpower maximum allocation (4-91) show power inl ine status This c ommand displays the cur rent power status for all por ts or for sp ecific por ts. Syntax show power inline status [ interface [...]

  • Pagina 388

    P OWER OVER E THER NET C OMMANDS 4-96 show po wer m ainpo wer Use th i s comm and to disp lay the current p ower st atus for the switch. Command Mode Pri vileged Exec Example Table 4-27 show power inline status parameters Parameter Desc ription Admin The power mode set on the port (see powe r inline on page 4-93) Oper The cu rrent operating po wer [...]

  • Pagina 389

    C OMMAND L INE I NTE RF ACE 4-97 Authen tication Com mands Y ou can config ure this switch to authe nticate users lo g ging into the system for managem ent access using loca l or RADI US auth enticati on meth ods . Y ou can a l so en able po r t-based auth entication for n etw ork client acc ess using IEEE 802.1X. Authenti cation Sequence Table 4-2[...]

  • Pagina 390

    A UTHENTICATION C OMMANDS 4-98 authent ication login This comm and defines th e login authe n ticat ion method and pre cedence . Use the no for m to r estore th e default. Syntax authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • local - Use l ocal password. • radius - Use RADIUS s erver password. • tacacs - Use[...]

  • Pagina 391

    C OMMAND L INE I NTE RF ACE 4-99 Example Related Commands username - for set ting the local us er names and pa ssword s (4-34) authent ication enable This comma nd defines th e authentic ation meth od and prec edence to use when c hanging fro m Ex ec command m ode to Privile g ed Ex ec command mode w ith the ena ble command (see page 4-25). Use the[...]

  • Pagina 392

    A UTHENTICATION C OMMANDS 4-100 • You can specify thre e authenticati on methods in a single comm and to indica te the auth enticatio n sequence. Fo r example, if you enter “ authentication enable radius tacacs loc al ,” th e user name and password on the RADIUS s erver is verified first . If the RADIUS server is not availa ble, the n authent[...]

  • Pagina 393

    C OMMAND L INE I NTE RF ACE 4-101 radi us-server host This command specifies primary and bac kup RADIUS ser vers and authen tication p arameters that apply to each server . Use th e no for m to restore the default values. Syntax [ no ] radius-ser v er index host { host_ ip_addr ess | host_alias } [ auth-por t aut h_po r t ] [ timeo ut timeout ] [ r[...]

  • Pagina 394

    A UTHENTICATION C OMMANDS 4-102 radi us-server port This comma nd sets the RAD I US se r ver netw ork port. Use the no for m to restore the defau lt. Syntax radius-ser ver port port_number no radius-server por t por t_nu mbe r - RADI US ser ver UDP por t used for authe ntication messages . (Rang e: 1-65535) Default Setting 1812 Command Mode Global [...]

  • Pagina 395

    C OMMAND L INE I NTE RF ACE 4-103 Example radi us-server retran smit This comma nd sets the n umber of retr ies . Use the no fo r m to restore t h e defau lt. Syntax radius-server retransmit number_of _ retries no radius-server retransmit number_ of_r etrie s - Number of times the switch will tr y to authe nticate logon access via the RADIUS ser ve[...]

  • Pagina 396

    A UTHENTICATION C OMMANDS 4-104 Command Mode Global Config uration Example show radius- server This comma nd displa ys the cur rent sett ings for th e RADIUS ser ver . Default Setting None Command Mode Pri vileged Exec Example Console(config)#radius-server timeout 10 Console(config)# Console#show radius-server Remote RADIUS server configuration: Gl[...]

  • Pagina 397

    C OMMAND L INE I NTE RF ACE 4-105 TACACS+ Client T er minal Acce ss Controller Ac cess Control Syste m (TA CA CS+) is a log on authent icat ion prot ocol th at uses so ftware r unning on a cen tral se r ver to contr ol access to TA CACS-aw a re de vices on the n etwork. An auth entica tion ser ver co ntai ns a dat abase of multiple us er name/ pass[...]

  • Pagina 398

    A UTHENTICATION C OMMANDS 4-106 tacacs-server p o rt This comma n d speci fies the T A CACS + ser ver net work port. U s e the no for m to res tore the d efault. Syntax tacacs-ser ver port port_number no tacacs-ser ver por t por t_nu mbe r - TA C A CS+ ser ver T CP por t use d for a uthentica tion messages . (Rang e: 1-65535) Default Setting 49 Com[...]

  • Pagina 399

    C OMMAND L INE I NTE RF ACE 4-107 Example show tacacs-ser ver This comma nd displa ys the current set tings for th e TA CACS+ ser ver . Default Setting None Command Mode Pri vileged Exec Example Port S ecurit y Comm ands These comman ds can be used to enable port secu rity on a por t. When us ing port securi ty , the sw itch stop s learning new MAC[...]

  • Pagina 400

    A UTHENTICATION C OMMANDS 4-108 port se curit y This com m and enables or co nfigures por t secu rity . Use the no for m w ithout any k eyword s to disable por t secu rity . Use th e no for m with the appropr iate ke yword to restore the default settings for a re sponse to security v iolation or for the maximum number of allowed addresses . Syntax [...]

  • Pagina 401

    C OMMAND L INE I NTE RF ACE 4-109 Command Usage • If you e nable port secur ity, the swi tch stops learning new MA C addr esses on th e specified por t when it has reach ed a configur ed maximum number. Only incoming traffic with source addres ses already stored in the dynamic or static addr ess table will be ac cepted. • First use the port sec[...]

  • Pagina 402

    A UTHENTICATION C OMMANDS 4-110 802.1X Port Auth entication The switch suppor ts IEEE 802.1X (dot1x) por t-based access control that prev ents unautho rized access to the netw ork by requiring users t o first submit credentials for authenti cation. Cli ent auth enticatio n is control led central ly b y a RADIUS ser v er using EAP (E xtensible Authe[...]

  • Pagina 403

    C OMMAND L INE I NTE RF ACE 4-111 dot1x system-au th-control This command enables IEEE 802.1X por t authentication globally on the switch. Us e the no for m to restore the default. Syntax [ no ] do t1x system-auth-control Default Setting Disabled Command Mode Global Config uration Example dot1x defa ult This comm and sets all configurable dot1 x gl[...]

  • Pagina 404

    A UTHENTICATION C OMMANDS 4-112 Default 2 Command Mode Interf ace Configuratio n Example dot1 x port -con trol This c ommand se ts the dot1x mo de on a p ort int erfac e. Use the no for m to restore the defau lt. Syntax dot1x por t-control { auto | fo rce-authoriz ed | f orce-unauthorize d } no dot1x por t-contr ol • auto – Requ ires a dot1x-aw[...]

  • Pagina 405

    C OMMAND L INE I NTE RF ACE 4-113 dot1x o peration-mode This c ommand allows single or multiple hosts (client s) to conne ct to an 802.1X-authorized port. Use the no for m with no keyw ords to rest ore the default to single hos t. Use the no for m with th e multi-host max-count ke ywords t o resto re the default m aximum co unt. Syntax dot1x operat[...]

  • Pagina 406

    A UTHENTICATION C OMMANDS 4-114 dot1x re-au then ticate This comm and forces re-authentic ation on all por ts or a specific interface. Syntax dot1x re-authenticate [ interfac e ] interface ethernet unit / port - unit - The stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) Command Mode Pri vileged Exec Example dot1x re-a uthentication[...]

  • Pagina 407

    C OMMAND L INE I NTE RF ACE 4-115 dot1x t imeout quiet-perio d This c ommand sets the time that a switch por t waits after th e Max Request Count h as been ex ceeded be fore attempti ng to acquire a n ew client. Use t he no form to re set the de fault. Syntax dot1x timeout quie t-period secon ds no dot1x timeout quiet-period second s - T he n umber[...]

  • Pagina 408

    A UTHENTICATION C OMMANDS 4-116 Example dot1x t imeout tx-period This c ommand sets th e time that an interfa ce on the sw itch waits during an authen tication ses sion before re-t ransmitting an EAP packet. Use the no form to rese t to the default value . Syntax dot1x timeout tx-period se conds no dot1x timeout tx-period second s - T he n umber of[...]

  • Pagina 409

    C OMMAND L INE I NTE RF ACE 4-117 Command Mode Pri vileged Exec Command Usage This c ommand displays t he following infor mation: • Global 802.1X Parameters – Shows whether or not 802.1X port authenticatio n is globally enabled on the s witch. • 802.1X Port Su mmary – Displays th e port access control paramete rs for each interfa ce that ha[...]

  • Pagina 410

    A UTHENTICATION C OMMANDS 4-118 - Supplicant– MAC address of authorized client. - Current Identifier– The intege r (0-255) used b y the Authen ticator to identify the curre nt authen ticatio n session. • Authenticator Stat e Machine - State– Current state (including in itialize, disconnected, connecting, authenticating, authenticate d, abor[...]

  • Pagina 411

    C OMMAND L INE I NTE RF ACE 4-119 Access Co ntrol List Co mmands Access Control Lists (AC L) provide packet filtering f or IP fram es (based on address , protocol , Layer 4 protocol por t n umber or TCP control co de) or any frames (based on MA C address or Eth er net type) . To filt er packets , first create a n access list , add the r equired r u[...]

  • Pagina 412

    A CCESS C ONTR OL L IST C OMMANDS 4-120 soon as it matche s a den y r ule. If no ru les match for a list of all permit rules, the packet is drop ped; and if no rules match for a list of all deny rules, the packet is accepted. There are t h ree fil tering modes: • Stan dard IP ACL mode (STD-A CL) filt ers packets ba sed on the source IP address. ?[...]

  • Pagina 413

    C OMMAND L INE I NTE RF ACE 4-121 • Egr ess MAC ACLs only wor k for destinat ion-mac-kn own packets, not for multicast, broadcast, o r destination-mac -unknown packe ts. The order in wh ich activ e A C Ls are chec ked is as follows : 1. User-defined r ules in the Egress MAC ACL for egress po rts. 2. User-defined r ules in the Egress IP ACL for eg[...]

  • Pagina 414

    A CCESS C ONTR OL L IST C OMMANDS 4-122 IP ACLs Table 4-36 IP ACL Commands Command Function Mode Page access-list ip Creates an IP ACL and enters configura tion mode GC 4-123 access-lis t ip extended fragment- a uto-mas k Automatical ly creates extra masks to support fragmen ted ACL entries GC 4-123 permit, de ny Filters pac kets matchi ng a specif[...]

  • Pagina 415

    C OMMAND L INE I NTE RF ACE 4-123 access-list i p This command adds an IP access list and ente rs config uration mode for stand ard or extende d IP A CLs . Use the no for m to remove the spe cified AC L . Syntax [ no ] access-lis t ip { standard | extended } acl_name • standard – Specifies an ACL t h at filters packets bas ed on the sou rce IP [...]

  • Pagina 416

    A CCESS C ONTR OL L IST C OMMANDS 4-124 access-list i p extended fra gment-auto-mask This c ommand automatically create s extra mas ks to supp or t fragmente d A CL entries . Use the no form to disable t his feature . Syntax [ no ] access-list ip extended fragment-auto-mask Default Setting Disabled Command Mode Global Config uration Command Usage I[...]

  • Pagina 417

    C OMMAND L INE I NTE RF ACE 4-125 Command Mode Standar d A CL Command Usage • New ru l es are appended to the end of the list. • Addres s bitmasks are simil ar to a subnet mask, co ntaining four int egers from 0 to 255, each separated b y a period. The binary mask uses 1 bits to indicate “match ” and 0 bits to in dicate “ignore .” The b[...]

  • Pagina 418

    A CCESS C ONTR OL L IST C OMMANDS 4-126 [ no ] { per m it | den y } tcp { any | source addr ess-bitmask | host sourc e } { any | destination address-bitmask | host destination } [ precedence preceden ce ] [ tos tos ] [ dscp dscp ] [ source-por t spo rt [ bitmask ]] [ desti n ation-por t dport [ port - bitm ask ]] [ control-flag control-flags flag-b[...]

  • Pagina 419

    C OMMAND L INE I NTE RF ACE 4-127 with the a ddress for each IP packe t enteri ng the p ort(s) to which th is ACL has been assigne d. • You can s pecify both Prec edence and ToS in th e same rule. How ever, if DSCP i s used, then neither Precedence nor T oS can be specifi ed. • The cont rol-code bit m ask is a d ecimal number ( representing an [...]

  • Pagina 420

    A CCESS C ONTR OL L IST C OMMANDS 4-128 This per mits all TCP pack ets from class C addresses 192.168.1.0 with the TCP co ntro l co de set to “SY N .” Related Commands access-list ip (4-123) show ip access-list This comm and displays the r ules for configured IP A CLs . Syntax show i p access-list { standard | extended } [ acl_name ] • standa[...]

  • Pagina 421

    C OMMAND L INE I NTE RF ACE 4-129 access-list i p mask-precede n ce This comma nd changes to the IP Mask m ode used to co nfigure acces s control m asks. Use the no form to de lete t he mask t abl e. Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ingress mask for i ngr ess ACLs. • out – Egress mask for egress ACLs. Default[...]

  • Pagina 422

    A CCESS C ONTR OL L IST C OMMANDS 4-130 mask (IP AC L) This c ommand defines a ma sk for I P A CLs. This mask d efines th e field s to chec k in the IP he ader . Use the no for m to remov e a mask. Syntax [ no ] mask [ protocol ] { any | host | sou rce-bi tmask } { any | host | de sti nat ion- bit mas k } [ precedence ] [ tos ] [ dscp ] [ source-po[...]

  • Pagina 423

    C OMMAND L INE I NTE RF ACE 4-131 determ ined b y the mask, a nd no t the o rder in whic h the ACL ru les we re enter ed. • First create the req uired ACLs and ingress or egress masks before mapping an ACL t o an interface . •I f y o u e n t e r dscp , you canno t enter to s or precedence . You can ente r both to s and precedence w ithout ds cp[...]

  • Pagina 424

    A CCESS C ONTR OL L IST C OMMANDS 4-132 This shows ho w to create a standard A CL with an ingress mask to den y access to the IP host 171.69.198.102, and permit access to any others . This sho ws how to create an exten ded A CL with an egress mask to drop packe t s leaving netw ork 171.69.198. 0 when the La yer 4 source port is 23. Console(config)#[...]

  • Pagina 425

    C OMMAND L INE I NTE RF ACE 4-133 This is a mor e comprehens ive ex ample. It d enies any TCP packet s in which the SYN bit is ON , and per mits all othe r pack e ts . It t hen sets the ing re ss mask to check the deny r u le first, a nd fina lly bind s por t 1 to th is A CL . Note that on ce the A C L is bou nd to a n inter face ( i.e., the A C L [...]

  • Pagina 426

    A CCESS C ONTR OL L IST C OMMANDS 4-134 Example Related Commands mask (IP A CL) (4- 130) ip access-gro up Th is comm and bi nds a po rt to an I P ACL. Use th e no for m to remov e the por t. Syntax [ no ] ip access-group acl_name { in | out } • acl_name – Name of the ACL . (Maximum length: 15 c haracters ) • in – Indicates that this list ap[...]

  • Pagina 427

    C OMMAND L INE I NTE RF ACE 4-135 Related Commands show ip access-list (4-128 ) show ip access-grou p This com m and shows th e ports assign ed to IP A CLs . Command Mode Pri vileged Exec Example Related Commands ip access-group (4-134) map access-list ip This command s ets the out p ut queue for pack ets match ing an A CL rule. The specified CoS v[...]

  • Pagina 428

    A CCESS C ONTR OL L IST C OMMANDS 4-136 • A packet mat ching a rule w ithin the sp ecified ACL is m apped to one of the o utput queues as shown in t h e fo l lowing table. For information on mapping the Co S values to output que ues, see queue cos-map on page 4-257. Example Related Commands queue cos-map (4-257) show map access-list ip (4-136) sh[...]

  • Pagina 429

    C OMMAND L INE I NTE RF ACE 4-137 Related Commands map access-list ip (4-135) match access-list ip This command cha ng es the IEEE 802.1p p riority , IP Preced ence, or DSCP Priority of a frame matching th e defined ACL r ule. (Thi s feature is common ly refer red to as A CL pack et marking .) Use the no for m to remov e the ACL marker. Syntax matc[...]

  • Pagina 430

    A CCESS C ONTR OL L IST C OMMANDS 4-138 IP fram e header can incl ude either the I P Precedence o r DSCP prio rity type. • The pr ecedence for pri o rity map ping by this s witch is IP Prece dence or DSCP Priority, and then 802.1p priority . Example Related Commands show marking (4-138) show mark ing This comma n d disp lays the current c onfigur[...]

  • Pagina 431

    C OMMAND L INE I NTE RF ACE 4-139 access-list mac This comma nd adds a MAC ac cess list an d enters MA C A CL configura tion mode. Use the no form to remov e the specif i ed A CL. Syntax [ no ] access-list m ac acl_ nam e acl_n ame – Name o f the A C L. (Maximum len gth: 15 characters) Default Setting None Command Mode Global Config uration ac ce[...]

  • Pagina 432

    A CCESS C ONTR OL L IST C OMMANDS 4-140 Command Usage • An egr ess AC L must c ontain a ll deny ru les. • When y ou create a new ACL or enter confi gurati on mode f or an exist ing ACL, u se the permit or deny comm and to add new rules t o the bott om of the list. To create an ACL, yo u must ad d at least o ne rule to the list. • To remove a [...]

  • Pagina 433

    C OMMAND L INE I NTE RF ACE 4-141 [ no ] { per m it | den y } untagged-eth2 { any | host so urce | sourc e addr ess-b itmask } { any | host destination | destination address-bitmask } [ ether type protocol [ protocol - bitmask ]] [ no ] { per m it | den y } tagged-802.3 { any | host so urce | sourc e addr ess-b itmask } { any | host destination | d[...]

  • Pagina 434

    A CCESS C ONTR OL L IST C OMMANDS 4-142 • A det ailed listing of Ethe rnet p rotoc ol typ es can be foun d in RF C 106 0. A few o f the more commo n types inclu de the following : - 0800 - IP - 0806 - ARP - 8137 - IPX Example Th is r ule per mit s packets from a ny sourc e MA C addre ss to the d estina tion address 00-e0-29-94-34-de where the Eth[...]

  • Pagina 435

    C OMMAND L INE I NTE RF ACE 4-143 access-list mac m ask-precedence This comma nd changes to MAC Mask mode used to configur e access control m asks. Use the no form to de lete t he mask t abl e. Syntax [ no ] access-list ip mask-precedence { in | out } • in – Ingress mask for i ngr ess ACLs. • out – Egress mask for egress ACLs. Default Setti[...]

  • Pagina 436

    A CCESS C ONTR OL L IST C OMMANDS 4-144 mask (MAC ACL) Th is command defines a mask for MAC A C Ls . T his ma sk define s the fie lds to c heck in the pack et header . Use the no fo r m to remov e a mask. Syntax [ no ] mask [ pktf or mat ] { any | host | sou rce-bi tmask } { an y | host | destination-bitmask } [ vid [ vid-bitmask ]] [ ether type [ [...]

  • Pagina 437

    C OMMAND L INE I NTE RF ACE 4-145 Example This examp le shows ho w to creat e an Ingress MA C A CL and bi nd it t o a port. You can then see that the order of the rules have b een changed by the mask. This exampl e creates an Egress MA C A CL. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tag[...]

  • Pagina 438

    A CCESS C ONTR OL L IST C OMMANDS 4-146 show access-list mac mask-pr ecedence This c ommand shows the ing r ess or e gr ess r ule ma sks for MAC A CLs. Syntax show access-li st mac m ask-precedence [ in | out ] • in – Ingress ma sk precedence for ingress AC Ls. • out – Egress mask pre cedence for egre ss ACLs. Command Mode Pri vileged Exec [...]

  • Pagina 439

    C OMMAND L INE I NTE RF ACE 4-147 • If a po rt is already bound to an ACL and you bind it to a different A CL, the switch w ill replace the old binding with th e new one. • You mus t configure a mask for an ACL rule befo re you can b ind it to a port . Example Related Commands show mac access-list (4-142) show mac access-group This com m and sh[...]

  • Pagina 440

    A CCESS C ONTR OL L IST C OMMANDS 4-148 Default Setting None Command Mode Interf ace Configur ation (Eth er net) Command Usage • You mus t confi g ure an ACL mask bef ore you can map Co S values to the rule . • By defau l t, a p acket matching a rul e within the sp ecified ACL is m apped to on e of the outp ut queues as shown belo w. Example Re[...]

  • Pagina 441

    C OMMAND L INE I NTE RF ACE 4-149 Command Mode Pri vileged Exec Example Related Commands map access-list mac (4-147) match access-list mac This command changes the IEEE 802.1p priori t y of a La yer 2 frame matching th e defi ned ACL rule. (T his f eature is c ommon ly refe rr ed to as A CL pac ket marking .) Use the no form to remov e the A CL mar[...]

  • Pagina 442

    A CCESS C ONTR OL L IST C OMMANDS 4-150 Related Commands show marking (4-138) ACL Information show access-list This command shows all ACLs and associated r ules , as well as all the user -defined masks . Command Mode Pri vileged Exec Command Usage Once th e A CL is bo und to a n interf ace (i.e., th e ACL is active), the orde r in which the r ules [...]

  • Pagina 443

    C OMMAND L INE I NTE RF ACE 4-151 show access-group Th is comman d shows t he por t as signment s of A C Ls . Command Mode Pri vileged Executi ve Example SNMP Commands Controls access to th is switch from management stations using the Simpl e Network Manag emen t Proto col (SNMP ), as well as the er ror ty pes sent t o trap manag ers. SNMP V ersion[...]

  • Pagina 444

    SNMP C OMMANDS 4-152 snmp-server This command enables the SN MPv3 engine and services for all management clients ( i.e., versions 1, 2c, 3). Use the no for m to di sable th e ser ver . Syntax [ no ] snmp-server Default Setting Enabl ed Command Mode Global Config uration Example snmp-server location Sets the s ys tem location string GC 4-155 snmp-se[...]

  • Pagina 445

    C OMMAND L INE I NTE RF ACE 4-153 show snmp This command can be used to c heck the s t atus of SNMP communi c ations . Default Setting None Command Mode Nor mal Exec, Pri vile ged Exec Command Usage This command p rovides i nfor mation on th e community ac cess strings , count er infor matio n for SNMP input a nd ou tput pr otoco l dat a units, and[...]

  • Pagina 446

    SNMP C OMMANDS 4-154 snmp-server communit y This comma nd defines the SNMP v1 and v 2c comm unity access s tring . Use the no for m to remove the specified community string. Syntax snmp-ser ver community str ing [ ro | rw ] no snmp-ser ver community string • stri ng - Community string that act s like a password an d permits access to the SNMP pro[...]

  • Pagina 447

    C OMMAND L INE I NTE RF ACE 4-155 Default Setting None Command Mode Global Config uration Example Related Commands snmp-server locatio n (4-155) snmp-server l ocation This comma nd sets the sys tem locatio n string . Use the no for m to re move the lo cat ion str ing . Syntax snmp-ser ver locati o n text no snmp-ser ver location text - String that [...]

  • Pagina 448

    SNMP C OMMANDS 4-156 snmp-server host This co mmand specif ies the rec ipient of a Simple Ne twor k Management Protoc ol notificat ion operat ion. Use the no for m to remov e the specified host. Syntax snmp-server host host -addr [ inform [ re tr y ret ri es | time out se cond s ]] community-string [ ve r s i o n { 1 | 2c | 3 { auth | noauth | priv[...]

  • Pagina 449

    C OMMAND L INE I NTE RF ACE 4-157 Default Setting • Host Ad dress: No ne • Notification Type: Traps •S N M P V e r s i o n : 1 • UDP Port: 162 Command Mode Global Config uration Command Usage • If you do not ent er an snmp-server ho st command, no notific ations are sent. I n ord er to confi gure the switch to send SNMP noti fications, yo[...]

  • Pagina 450

    SNMP C OMMANDS 4-158 3. Specify the targ et host that will receive inform me ssages w ith the snmp-ser ver host co mmand as described in this s ection. 4. Create a view with the required notification messages (page 4-162). 5. Create a group that includes the required n o tify view (page 4-164). To send an inform to a SNMPv3 host, complete the s e s[...]

  • Pagina 451

    C OMMAND L INE I NTE RF ACE 4-159 snmp-server enabl e traps This c ommand enables th is device to se nd Simple Network Manag ement Protoc ol traps or infor ms (i. e., SNM P notificati ons). Use t he no for m to disab le SNMP notificat ions . Syntax [ no ] snmp-ser ver enable traps [ authenti cation | link-up-down ] • authentication - Keywor d to [...]

  • Pagina 452

    SNMP C OMMANDS 4-160 Example Related Commands snmp-ser ver host (4-156) snmp-server engi ne-id This command configures an ide ntification strin g for the SNMPv3 engi ne. Use the no form to restore the defaul t . Syntax snmp-ser ver engi ne -id { loca l | remote { ip-address }} en gineid-string no snmp-ser ver engine-id { local | re mot e { address [...]

  • Pagina 453

    C OMMAND L INE I NTE RF ACE 4-161 the en gine ID of the a uthoritati ve agent . For informs , the auth oritative SNMP agen t is the remot e agent. You therefore need t o configure th e remote agent ’s SN MP engi ne ID before you c an sen d prox y req uests or informs to it. • Trai l ing ze roes need not be entered to uniquely sp ecify a engine [...]

  • Pagina 454

    SNMP C OMMANDS 4-162 snmp-server view This command adds an SNMP view which con trols user acce ss to the MIB . Use the no form to remov e an SNMP view . Syntax snmp-ser ver view view-n ame oid- tr ee { included | e xcl uded } no snmp-ser ver view view- name • view-name - Name of an SNMP view. (Range: 1- 64 characters ) • oid-tree - Object iden [...]

  • Pagina 455

    C OMMAND L INE I NTE RF ACE 4-163 Examples This view includes MIB-2. This view in cludes the MIB-2 interfaces table, ifDescr . The wild card is used to select all the ind ex values in this table. This view incl udes the MIB - 2 interfac es table, and the mask selects all ind ex entries . show snmp view This comma nd shows i nformation on the SNMP v[...]

  • Pagina 456

    SNMP C OMMANDS 4-164 snmp-server group This command adds an SNMP group , mapping SNMP users to SNMP views . Use the no form to remov e an SNMP gr oup . Syntax snmp-server group gr oupna m e { v1 | v2c | v3 { auth | noauth | priv }} [ rea d rea dvie w ] [ write write view ] [ notify notify view ] no snmp-ser ver group gr oupname • groupname - Name[...]

  • Pagina 457

    C OMMAND L INE I NTE RF ACE 4-165 Command Usage • A group set s the access policy for th e assign ed users. • When au thentica tion is select ed, the MD5 or SHA algori thm is used a s specified in the snmp-server us er command. • When privacy is select ed, the DES 56-bit algorit hm is used for data encr yption • For additio nal info rmat io[...]

  • Pagina 458

    SNMP C OMMANDS 4-166 Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1 Read View: defaultview Write View: defaultview Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v2c Read[...]

  • Pagina 459

    C OMMAND L INE I NTE RF ACE 4-167 snmp-server user This command adds a us er to a n SNMP group , restricting the user to a specific SNMP Read and a W rit e View . Use the no form to remov e a user from an SNMP g roup . Syntax snmp-server user user na me gr oupname [ rem ote ip-address ] { v1 | v2c | v3 [ encr ypted ] [ auth { md5 | sha } auth-passw[...]

  • Pagina 460

    SNMP C OMMANDS 4-168 ID with the snmp-server engine-id command before using this configuration c ommand. • Before you configure a remote user, u se the snmp-server engine-i d command (page 4-160) to specify the engine ID for the remote device where th e user resides. T hen us e the snmp-server user command to specify t he user and the IP addres s[...]

  • Pagina 461

    C OMMAND L INE I NTE RF ACE 4-169 show snmp u ser This command s hows infor mation on SNMP users. Command Mode Pri vileged Exec Example Console#show snmp user EngineId: 01000000000000000000000000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active SNMP remote user EngineId: 800000000300[...]

  • Pagina 462

    I NTE RF ACE C OMMANDS 4-170 Interface Commands These commands are used to displa y or set communic ation param eters for an Ethernet port, a g greg ated link, o r VLAN . Table 4-46 Interface Commands Command Function Mode Page interface Configures an inte rface type an d enters interface configurat ion mode GC 4-171 descriptio n Adds a des criptio[...]

  • Pagina 463

    C OMMAND L INE I NTE RF ACE 4-171 int erfa ce This comman d configures an interface type and enter interface configuration mode. Use the no for m to remov e a tr unk. Syntax interf ace interface no interface por t-channel channel-id interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) • port[...]

  • Pagina 464

    I NTE RF ACE C OMMANDS 4-172 Default Setting None Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Example The follo wing example adds a descriptio n to port 25 speed-duplex This comma nd configures t he speed and d uplex mode of a giv en interface when a utonegotiati on is dis abled. Us e the no for m to restore the default. Syn[...]

  • Pagina 465

    C OMMAND L INE I NTE RF ACE 4-173 •W h e n u s i n g t h e negotiation comma nd to en able auto-n egotia tion, the optimal setti ngs will be dete rmined by the capabilities command. To set the sp eed/duplex mod e under auto-nego t iati on, the requir ed mode must be specified in the capabilities list for an interface. Example The following exampl[...]

  • Pagina 466

    I NTE RF ACE C OMMANDS 4-174 Example The follo wing example confi gures port 1 1 to use autone g otiation Related Commands nego tiation (4-173) speed-duplex (4-172) capa biliti es This comm and advertises the po rt capabi lities of a given interface during auto neg otia tion. Us e the no form with parameters to remo ve an a d v er tised capability [...]

  • Pagina 467

    C OMMAND L INE I NTE RF ACE 4-175 Command Usage Whe n auto-neg o tiation is enabled with the negotiation command, the switch will ne go tiate the best sett ings fo r a link base d on th e capabi lities comma nd. When aut o-neg otia tion is d i sabled, you must manually specify the link attr ibutes w ith the speed-duplex and fl o w c on t r ol c omm[...]

  • Pagina 468

    I NTE RF ACE C OMMANDS 4-176 • To for ce flow control on or off (with th e flowcontrol or no flowco ntrol comm and), use t he no negot iation comma nd to disa ble auto -negot iation on the sel ected in terface . •W h e n u s i n g t h e negotiation comma nd to en able auto-n egotia tion, the optimal se ttings will be determine d by the capabili[...]

  • Pagina 469

    C OMMAND L INE I NTE RF ACE 4-177 Example The follo wing example disabl es por t 5. switc hport bro adcas t pac ket- rate This comma n d conf igures broadcas t stor m contro l . Use th e no for m to disable br oadca st stor m c ontrol. Syntax swi tc hpor t broadcast packet-rate rate no switchpor t broadcast rate - Threshol d level as a rate; i.e., [...]

  • Pagina 470

    I NTE RF ACE C OMMANDS 4-178 clear co unters This comma nd clears s tatistics on an interface . Syntax clear counters interf ace interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Exec Command Usage Stati[...]

  • Pagina 471

    C OMMAND L INE I NTE RF ACE 4-179 show interfaces status This comm and displays the status for an interface. Syntax show i nterfaces status [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) • port-channel chann el-id (Range: 1-6) • vlan vlan-id (Range: 1-4093) Default Sett[...]

  • Pagina 472

    I NTE RF ACE C OMMANDS 4-180 Example show interfaces co unters This comm and displays interface statistics. Syntax show interfaces counters [ interface ] interface • ethernet unit/p ort - unit - Stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) • port-channel chann el-id (Range: 1-6) Default Setting Shows the counters for all int[...]

  • Pagina 473

    C OMMAND L INE I NTE RF ACE 4-181 Command Usage If no interface is spe cified, infor mat ion on all interfaces is displayed. For a desc riptio n of the ite ms displ ayed b y this comman d, see “Sho wing P ort Statistics” on pag e 3-139. Example Consol e#sh ow i nterfac es c ounter s et hern et 1/7 Ethern et 1 /7 Iftabl e stats: Octe ts i nput :[...]

  • Pagina 474

    I NTE RF ACE C OMMANDS 4-182 show interfaces swi tchport This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) • port-channel chann el-id (Range: 1[...]

  • Pagina 475

    C OMMAND L INE I NTE RF ACE 4-183 Table 4-47 show interfaces switchport - display description Field Description Broadcast threshol d Shows if broadcast stor m suppres sion is enabled or disabled; if enabled it also sho ws the thresho ld level (pag e 4-177). LACP status Shows if Link Aggregation Control Prot ocol has been enabled or disabled (pag e [...]

  • Pagina 476

    M IR R OR P ORT C OMMANDS 4-184 Mirror Port Commands Th is sectio n desc ribes how to mir ror tr affic f rom a so urce por t to a targ et por t. port m onit or This command con figures a mir ror sess ion. Use the no for m to clear a mir ror sess ion. Syntax por t monitor interface [ rx | tx | bo th ] no por t monitor interface • interface - ether[...]

  • Pagina 477

    C OMMAND L INE I NTE RF ACE 4-185 • The destinat ion port is set by sp ecifying an Ethe rnet interface. • The mir ror por t and mo nitor po rt spee ds sho uld match , othe rwise t raffic may be d roppe d from the moni tor port . • You can create multi ple mirror sessions, but all sessions must share the same destination p ort. However, you sh[...]

  • Pagina 478

    R ATE L IMIT C OMMANDS 4-186 Example The foll owing show s mir rorin g configured from port 6 to po r t 11: Rate Limit Commands This f unctio n allows the network ma nag er to cont rol the ma ximum rate for traffic t ransmitted or recei ved on an in te rface. Rate limiting is configured on inte rfaces at the edge of a net work t o limit tr affic in[...]

  • Pagina 479

    C OMMAND L INE I NTE RF ACE 4-187 rate-limit This c ommand defines t he rate limit for a specific interface. Use this command without spec ifying a rate t o resto re the default rate . Use the no for m to restore the default st atus of d isabled . Syntax rate-lim it { input | output } [ rate ] no rate-limit { input | output } • input – Input ra[...]

  • Pagina 480

    L IN K A GG R E G A T I O N C OMMANDS 4-188 Link Aggregation Comman ds P or ts can be st atically g rouped into an ag g reg ate link (i.e., tr unk) to inc rease the ba ndwidth of a netw ork connect ion or to en sure fault recov er y . Or yo u can u s e th e Link Ag greg ation Co ntrol Protoco l (LA CP) to auto matically neg otiat e a tr un k link b[...]

  • Pagina 481

    C OMMAND L INE I NTE RF ACE 4-189 Guidelines for Creating Trunks General Guidelines – • Finis h configuring port trunks befo re you conn ect the corres ponding network c ables betwee n switches to avo id creating a loop. • A trunk ca n have up to eight ports . • The po rts a t both ends of a conn ecti on mus t be con figure d as tr unk port[...]

  • Pagina 482

    L IN K A GG R E G A T I O N C OMMANDS 4-190 channel- group This command adds a port to a trunk. Use the no fo r m to remov e a port from a trun k. Syntax channel-group channel-id no channel-group channel- id - T r unk index (Rang e: 1-6) Default Setting Th e cur ren t por t will be adde d to this t r unk. Command Mode Interf ace Configur ation (P o[...]

  • Pagina 483

    C OMMAND L INE I NTE RF ACE 4-191 Command Mode Interf ace Configur ation (Eth er net) Command Usage • The po rts o n both en ds of a n LACP trunk mu st be co nfigur ed for f ull duple x, either by forced mo de or auto-negotia tion. • A trunk formed with ano ther switch using LACP will automatica lly be assigne d the ne xt available port-cha nne[...]

  • Pagina 484

    L IN K A GG R E G A T I O N C OMMANDS 4-192 lacp system-priority This comma nd configures a port's LA CP sys tem priori ty . Use th e no for m to restore the default s etting. Syntax lacp { actor | par tner } system-priority priority no lacp { actor | par tner } system-priority • actor - The local side an aggr egate link. • partner - Th e [...]

  • Pagina 485

    C OMMAND L INE I NTE RF ACE 4-193 • Once the remo te side of a link ha s been establis hed , LACP ope ratio nal sett ings are alrea dy in use on that side. Configuring L ACP settin gs for the partner only applie s to its ad ministrati ve state, no t its operational stat e, and will only take effect the next t ime an aggregate link is est ablished[...]

  • Pagina 486

    L IN K A GG R E G A T I O N C OMMANDS 4-194 • Once the remo te side of a link ha s been establis hed , LACP ope ratio nal sett ings are alrea dy in use on that side. Configuring L ACP settin gs for the partner only applie s to its ad ministrati ve state, no t its operational stat e, and will only take effect the next t ime an aggregate link is es[...]

  • Pagina 487

    C OMMAND L INE I NTE RF ACE 4-195 Example lacp port -priori ty This command configures LA CP port priority . Use the no for m to res tore the de fault set ting . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | par tner } po r t-priority • actor - The local side an aggr egate link. • partner - Th e remote side of a n a[...]

  • Pagina 488

    L IN K A GG R E G A T I O N C OMMANDS 4-196 show lacp This c ommand displays LA CP infor mation. Syntax show lacp [ port-chann e l ] { counter s | internal | neighbor s | sys-id } • port-cha nnel - Local identifier for a lin k aggregation grou p. (Range: 1-6 ) • counters - Statis tics for LACP protocol mes sages. • internal - Configuration se[...]

  • Pagina 489

    C OMMAND L INE I NTE RF ACE 4-197 Marker Receive d Number of valid Marker PDUs recei ved by this cha nnel group. LACPDUs Unk nown Pk ts Number of frames received tha t either (1) Carry the Slow Protocols Ethernet Type value, but contain an un known PDU, or (2) are address ed to the Slow Protoc ols group MAC Address, but do not carry the Slow Protoc[...]

  • Pagina 490

    L IN K A GG R E G A T I O N C OMMANDS 4-198 LACP Port Priority LACP port priority assigned to this interface within the channel group. Adm in Sta te , Oper S tate Adm inistr ative or ope ration al val ues of the a ctor’s state parameters: • Expired – The ac tor’s receive m achine is in the expired state; • Defaulted – The actor’s rece[...]

  • Pagina 491

    C OMMAND L INE I NTE RF ACE 4-199 Console#show lacp 1 neighbors Channel group 1 neighbors ----------------------------------------- ---------------------------- Eth 1/1 ----------------------------------------- ---------------------------- Partner Admin System ID : 32768, 00-00- 00-00-00-00 Partner Oper System ID : 32768, 00-00-0 0-00-00-01 Partner[...]

  • Pagina 492

    A DDR ES S T ABL E C OMMANDS 4-200 Addre ss Ta ble Com man ds These comma nds are used to confi gure the addre ss table for filtering speci fied addres ses, display i ng curren t entries , clearin g the tab le, or settin g the agin g time. Console#show lacp sysid Channel group System Priority Syste m MAC Address ------------------------------------[...]

  • Pagina 493

    C OMMAND L INE I NTE RF ACE 4-201 mac-address-tabl e static Th is c omm and map s a st at ic ad dre ss to a destination por t in a VLAN . Use the no for m to remo ve an addr ess. Syntax mac-address-tabl e static mac-addr ess interface inter face vlan vl an -id [ action ] no mac-address-table sta t ic mac-address vlan vlan-id • mac-address - MA C [...]

  • Pagina 494

    A DDR ES S T ABL E C OMMANDS 4-202 Example clear mac-add ress-table dynamic This comma n d remo ves an y lear ned ent ries from the forwarding database and cl ears the tra nsmit and re ceiv e counts for any static or system configured entries . Default Setting None Command Mode Pri vileged Exec Example show mac-addr ess-table This c ommand shows cl[...]

  • Pagina 495

    C OMMAND L INE I NTE RF ACE 4-203 Default Setting None Command Mode Pri vileged Exec Command Usage • The MAC A ddres s Tab le cont ains the MA C add resse s ass ociate d with each i nterface. Not e that the Type field m ay include the following t ypes: - Learned - Dyn amic address en tries - Per manent - Static entry - Delete-on -reset - Static e[...]

  • Pagina 496

    S PANNING T RE E C OMMANDS 4-204 Command Mode Global Config uration Command Usage The aging t ime is used to age out dy namically lear ned forwarding infor mation . Example show mac-add ress-table agin g-time This c ommand shows the aging time for entries in the address tab le. Default Setting None Command Mode Pri vileged Exec Example Spanni ng Tr[...]

  • Pagina 497

    C OMMAND L INE I NTE RF ACE 4-205 spanning-tre e hello-time Configur es the spanni ng tree bridge hello time GC 4-209 spanning-tre e max-age Configu res the spanni ng tree bridge maximum a ge GC 4-210 spanning-tre e defaul t priority Sets the spanning-tree prio rity to use increments specifi ed by IEEE 802.1D (steps of 1) or 802.1t (steps of 4096) [...]

  • Pagina 498

    S PANNING T RE E C OMMANDS 4-206 spanning-tree This c ommand enable s the Spanning Tree Algorit hm globally for th e switch. Use the no form to disable it. Syntax [ no ] spanning-tr ee Default Setting Spanning tree is enabled. Command Mode Global Config uration Command Usage The Spannin g T ree Alg orithm (STA) ca n be used to det ect and disable n[...]

  • Pagina 499

    C OMMAND L INE I NTE RF ACE 4-207 ensure t hat only on e route exists be tween an y two st ations on the network, and pr ovide back up links wh ich automa tically ta ke ov e r when a primar y link g oes down. Example This examp le shows ho w to enab le the Spannin g T ree Algorithm for the switch: spanni ng-tr ee mode Use th i s comm and to select [...]

  • Pagina 500

    S PANNING T RE E C OMMANDS 4-208 • Rapi d Spanning Tree Proto col RSTP supports co nnections to eithe r STP or RST P nodes b y monitorin g the inco ming prot ocol mes sages and dynam ically adj usting th e type o f protoc ol messa ges the RST P node transmit s, as desc ribed b elow: - STP Mode – If t h e switch receive s an 802.1D BPDU after a [...]

  • Pagina 501

    C OMMAND L INE I NTE RF ACE 4-209 Default Setting 15 seconds Command Mode Global Config uration Command Usage This c ommand sets the maximum time (in seconds) th e root device will wai t before c hanging stat es (i.e ., discardi ng to learning to forwardi ng). This dela y is required becau se every device m ust receiv e infor mation about to polog [...]

  • Pagina 502

    S PANNING T RE E C OMMANDS 4-210 Example spanning -tree max-age This comm and configures the spanning tree bridge maximum age globally for this switch. Use the no for m to restore the default. Syntax spanning-tree ma x-age seco nds no spanning-tree max-a ge seconds - Time in seconds . (Rang e: 6-40 seconds) The minimum value is the higher of 6 or [[...]

  • Pagina 503

    C OMMAND L INE I NTE RF ACE 4-211 spanni ng-tr ee de fault prio rity Use th i s comm and to confi g ure the spanning-tree priority to use increments specified by IEEE 802.1D (steps of 1) or 802.1t (st eps of 4096). Use th e no for m to restore the default setting to increments specified b y IEEE 802.1t. Syntax spanning-tree default priority { 802.1[...]

  • Pagina 504

    S PANNING T RE E C OMMANDS 4-212 Default Setting 32768 Command Mode Global Config uration Command Usage Bridge prio rity is used in selec ting the root d evice, root por t, and designa ted po rt . Th e devic e with th e high est prio rity (i.e ., lower numeri c value) beco mes the ST A root device . Howev er, if all devices ha ve th e same priority[...]

  • Pagina 505

    C OMMAND L INE I NTE RF ACE 4-213 Command Usage The path c ost meth od is used to deter mine the best path betw een devices . T heref ore , lower v alues sho uld be assigned t o por ts att ached to faster media, and higher values as signed to por ts wi th slow er media. No te that path cost (pag e 4-212) takes precedence ov er por t priority (page [...]

  • Pagina 506

    S PANNING T RE E C OMMANDS 4-214 spanni ng-tr ee ba ckup -root This c ommand ad justs the b ridg e priority in an attempt to take ov e r as the new root bridg e if it loses con tact with th e original root device. Use the no for m to di sable the command. Syntax [ no ] spanning-tr ee backup-root Default Setting Disabled Command Mode Global Config u[...]

  • Pagina 507

    C OMMAND L INE I NTE RF ACE 4-215 Related Commands mst vlan (4-215) mst priority ( 4-216) name (4-217) revision (4-218) max-hops (4-218) mst vlan This comman d adds VLANs to a sp anning tree in stance. Use the no for m to remove the spe cifi ed VLAN s . U sing th e no form withou t any VLA N paramete rs to remove all VLANs . Syntax [ no ] mst insta[...]

  • Pagina 508

    S PANNING T RE E C OMMANDS 4-216 MSTI region as a sing le node, co nnecting all regions to the Common Spanni ng Tree. Example mst priori ty This command configures the priority of a s panning tree instance . Use the no for m t o restore the de fault. Syntax mst instance_id priority priority no mst instance_id priority • instance_id - Instance ide[...]

  • Pagina 509

    C OMMAND L INE I NTE RF ACE 4-217 Example name This comm and configures the name for the multiple spanning tree region in which this switch is loc ated. Use the no for m to cl ear the nam e. Syntax name name name - Name of the sp anning tree. Default Setting Switc h’ s MA C address Command Mode MST Configuration Command Usage The MST region name [...]

  • Pagina 510

    S PANNING T RE E C OMMANDS 4-218 revisi on This comm and configures the revisio n number for this multiple spanning tree configuration of th is switch. Use the no for m to r estore the de fault. Syntax revision number number - Rev ision number of the span ning tree. (Range: 0-65535) Default Setting 0 Command Mode MST Configuration Command Usage The[...]

  • Pagina 511

    C OMMAND L INE I NTE RF ACE 4-219 Default Setting 20 Command Mode MST Configuration Command Usage A n M S T I r e g i o n i s t r e a t ed a s a s i n g l e n o d e b y t h e S T P a n d R S T P protoc ols. Ther efor e, the mes sag e ag e for B PDUs in side a n MSTI region is ne ver c hanged. H owev er, each spann ing tree inst ance withi n a regio[...]

  • Pagina 512

    S PANNING T RE E C OMMANDS 4-220 spanning -tree cost This comma n d conf igures the span ning tree path cost for the s pecified interface. Use the no form to restore th e defaul t . Syntax spanning-tree cost cost no spanning-tree cost cost - The p ath cost for the port. (Range: 1-200,000,000)) The recom mended range is : • Ethernet: 200,000 -20,0[...]

  • Pagina 513

    C OMMAND L INE I NTE RF ACE 4-221 spanning -tree port-pri ority Use this command to conf igure the pr i ority fo r the specifi ed interface. Use the no for m to r estore th e default. Syntax spanning-tree por t-priority priority no spanning-tree por t-priority prio rity - The priority for a port. (Range: 0-240, in steps of 16) Default Setting 128 C[...]

  • Pagina 514

    S PANNING T RE E C OMMANDS 4-222 Default Setting Disabled Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • You can en able this option if an interface i s attache d to a LAN segmen t that is at the end of a bridged LAN or to an end node. Since end nodes cann ot caus e forwardin g loop s, they can pass directly t[...]

  • Pagina 515

    C OMMAND L INE I NTE RF ACE 4-223 Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • This c ommand is used t o enable/disabl e the fast spann i ng-tr ee mode for the s elected port. In this mode, ports skip th e Discarding and Learning states, and procee d straight to Fo rwarding. • Sin ce end-nodes cannot cause[...]

  • Pagina 516

    S PANNING T RE E C OMMANDS 4-224 Default Setting auto Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • Specify a point-t o-point link if the int erface can only be co nnected to exact ly one other br idge, or a shared l ink if it can be con nected to two or more bridges. • When au tomatic det ection is s elect[...]

  • Pagina 517

    C OMMAND L INE I NTE RF ACE 4-225 Default Setting • Ethernet – half duplex: 2,000,000; full duplex: 1,000,000; trunk : 500,000 • Fast Ethernet – half duplex: 200,000; full duplex: 100,000; t runk: 50,000 • Gigabit Etherne t – full du plex: 10,000; trunk: 5,000 Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command U[...]

  • Pagina 518

    S PANNING T RE E C OMMANDS 4-226 Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • This co mmand defin es the p riority for the use of a n interfac e in the multiple spanning-tre e. If the path cost for all interfaces on a swit ch are the same, the interface wit h the highest priority (that is, lowest value) w il[...]

  • Pagina 519

    C OMMAND L INE I NTE RF ACE 4-227 Command Usage If at any time t h e switc h detects ST P BPDUs, in cluding Configuration or T opolog y Change Not ification BPDUs, it will automatically se t the sele cted int erfa ce to f orce d ST P-co mp atibl e mod e. However, you can also use the spanning-tree protocol-mig ration co mmand at any ti me to man ua[...]

  • Pagina 520

    S PANNING T RE E C OMMANDS 4-228 •U s e t h e show spanning-tree interface command t o display the spann ing tree co nfiguration for an interfac e within the Co m mon Span ning Tree (CST). •U s e t h e show spanning-tree mst instance_id command to display the spann ing tree co nfiguration for an in stance within the Multiple Spanning Tree (M ST[...]

  • Pagina 521

    C OMMAND L INE I NTE RF ACE 4-229 show spa nning-tree ms t configuration This comm and shows the configuration of the multiple spanning tree. Command Mode Pri vileged Exec Example ----------------------------------------- ---------------------- Eth 1/ 1 information ----------------------------------------- ---------------------- Admin status: enabl[...]

  • Pagina 522

    VLAN C OMMANDS 4-230 VLAN Commands A VLAN is a g roup of por ts that can be located a nywhere in the network , but co m mun icate as though they belong to the same p hysical s egment. This secti o n d escribes c o mmand s used to create VLAN g roups , add p o rt members , spe cify how VLA N tagging is use d, and enable auto matic VLAN registrat ion[...]

  • Pagina 523

    C OMMAND L INE I NTE RF ACE 4-231 Command Mode Global Config uration Command Usage • Use th e VLAN database command mode to add , change, and d elete VLANs. After finishi ng configurat i on ch anges, you can di splay the VLAN set tings by e nterin g the show vlan command . •U s e t h e interface vlan command mo de to define the port membersh ip[...]

  • Pagina 524

    VLAN C OMMANDS 4-232 Command Mode VLAN Da tabase Con figura tion Command Usage • no vlan vlan- id dele tes the VLAN. • no vlan vlan- id name rem oves the VL AN name. • no vlan vlan -id state returns the VLAN t o the default s tate ( i.e., a ctive). • You can configure up to 255 VLANs on the switch. Example The following example adds a V LAN[...]

  • Pagina 525

    C OMMAND L INE I NTE RF ACE 4-233 interface vlan This comma n d enter s interface co nfig uration mode for VLANs, which is used to configure VLA N par ameters for a p hys ical interface . Syntax interface vlan vlan- id vlan-id - ID of the configured VLAN . (Range: 1-4093, no leading zero es) Default Setting None Command Mode Global Config uration E[...]

  • Pagina 526

    VLAN C OMMANDS 4-234 switc hport mode Th is com mand co nfig ures the VLAN membe rshi p mode for a por t. Us e the no for m t o restore the de fault. Syntax swi tc hpor t mode { tr unk | hyb ri d } no switchpor t mode • trunk - Specifies a port as an end-point for a V LAN trunk. A trunk is a direct link between two switches , so the po rt transmi[...]

  • Pagina 527

    C OMMAND L INE I NTE RF ACE 4-235 switchport accep table-frame-types This comma n d con figures t he acceptable fra m e ty pes for a port. Use t he no for m to res tore the d efault. Syntax swi tc hpor t acceptable-frame-types { all | tagged } no switchpor t acceptable-fr am e-types • all - Th e port accepts all frames, t agged or untagged. • t[...]

  • Pagina 528

    VLAN C OMMANDS 4-236 switchpor t ingress-fi ltering This c ommand enables in g ress filt ering f o r an in terface. Use t he no for m to restore the defau lt. Syntax [ no ] switchpor t ing ress-filtering Default Setting Disabled Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Command Usage • Ingress filtering only affe cts tag[...]

  • Pagina 529

    C OMMAND L INE I NTE RF ACE 4-237 switc hport nati ve vlan This comman d configures the PVI D (i.e ., default VLAN ID) for a port. Use the no for m to r estore th e default. Syntax swi tc hpor t nativ e vlan vl an- id no switchpor t nativ e vlan vlan-id - Default VLAN ID for a p or t. (Range: 1-4093, no leading zero es) Default Setting VLAN 1 Comma[...]

  • Pagina 530

    VLAN C OMMANDS 4-238 switc hport allo wed v lan This comma nd confi gures VLAN groups on th e selected inter face. Us e the no for m t o restore the de fault. Syntax swi tc hport allowed vlan { add vl an- list [ tagged | untagged ] | remov e vlan-list } no switchpor t allo wed vlan • add vlan -list - List of VLAN identifiers t o add. • remove v[...]

  • Pagina 531

    C OMMAND L INE I NTE RF ACE 4-239 • If a VLAN on the forbidden list for an interface is manually added to th at interface, the VLAN is automatica lly removed from the for bidden list for that in terface. Example The following example shows ho w to add VLANs 1, 2, 5 and 6 to the allowed list as tagg ed VLA Ns for por t 1: switc hport forbi dden vl[...]

  • Pagina 532

    VLAN C OMMANDS 4-240 Example Th e following examp le shows how to prevent p or t 1 fro m being added to VLAN 3: Displaying VLAN Inform ation show vlan This command shows V LAN in for mation. Syntax show v lan [ id vlan -id | name vlan-name ] • id - Keyword to be followed by the VLAN ID . vlan-id - ID of the configured VLAN. (Range: 1-4093, no lea[...]

  • Pagina 533

    C OMMAND L INE I NTE RF ACE 4-241 Example Th e following examp le shows how to dis play infor mati on for V LAN 1 : Configur ing Private VLANs Pri vate VLAN s provide por t-based security and isolation be tween ports within th e as signed VLAN . T his sw itch su ppor ts two type s of p rivate VLAN por ts: pro miscuou s, and community po rts. A prom[...]

  • Pagina 534

    VLAN C OMMANDS 4-242 T o config ure priv ate VLANs , follo w these steps: 1. Use the pri vate-vlan com m and to designa te one o r more comm unity VLANs and the primar y VLAN that will channel traffic outs ide the comm unity groups . 2. Use the pri vate-vlan ass o ciation command to map the secondar y (i.e ., comm unity) VLAN(s ) to the pri mar y V[...]

  • Pagina 535

    C OMMAND L INE I NTE RF ACE 4-243 private- vlan Use this co mmand to create a pri mar y or secondary (i.e ., communit y) priv ate VLAN . Use th e no for m to remove the specified private VLAN . Syntax pri vate-vlan vlan-id { community | primar y } no priv ate-vlan vlan-id • vlan-id - ID of private VLAN. (Range: 1-4093, no leading zeroes). • com[...]

  • Pagina 536

    VLAN C OMMANDS 4-244 private- vlan ass ociation Use th i s comm and to associat e a primary VLAN wi th a secondary (i.e ., comm unity) VLAN . Use the no for m to remov e all associations for the specified p rimar y VLAN . Syntax pri vate-vlan primar y-vlan-id association { secondar y-vlan-id | add secondar y-vlan- id | rem ov e secondar y-vlan-id }[...]

  • Pagina 537

    C OMMAND L INE I NTE RF ACE 4-245 switc hport mode priv ate- vlan Use th i s comm and to set the priv ate VLAN mode for an interface . Use the no for m to r estore th e defau lt settin g . Syntax swi tc hpor t mode priv ate-vlan { host | promiscuous } no switchpor t mode priv ate-vlan • host – This port ty pe can co mmuni cate wi th all othe r [...]

  • Pagina 538

    VLAN C OMMANDS 4-246 switchport p r ivate-v lan host-association Use this co m mand to associate an inter face with a secondary VLAN . Use the no for m to remo ve this association. Syntax swi tc hpor t priv ate-vlan host-association secondary-vlan-id no switchpor t pri vate-vlan host-association • secondary-v lan-id – ID of sec ondary ( i.e, co[...]

  • Pagina 539

    C OMMAND L INE I NTE RF ACE 4-247 Default Setting None Command Mode Interface Configurati on (Ethernet, Port Channel) Command Usage Promi s cuou s ports assigned to a primary VLAN can comm unicate with any ot her promi scuou s por ts in the sam e VLAN , and with the g roup members within any asso ciated secondary VLANs . Example show vl an pr ivat [...]

  • Pagina 540

    GVRP AND B RIDGE E XTEN SION C OMMANDS 4-248 Example GVRP and Bridg e Exte nsion Comman ds GARP V LAN Registra tion Prot ocol d efines a way for switches to exchange VLAN infor m ation in order to automatically register VLAN memb ers on interfaces a cross the netw ork. This section d escribes how to ena ble GVRP for individual interfaces and glob a[...]

  • Pagina 541

    C OMMAND L INE I NTE RF ACE 4-249 bridge-e xt gvrp This comma n d ena bles GVRP globall y for the sw i tc h. Use the no for m to disa ble it. Syntax [ no ] bridge-ex t gvr p Default Setting Disabled Command Mode Global Config uration Command Usage GVRP defines a way for switches to exchange VLAN infor mation in order to register VLAN members o n po[...]

  • Pagina 542

    GVRP AND B RIDGE E XTEN SION C OMMANDS 4-250 Example switchp ort gvrp This command enables GVRP for a p or t. Use the no form to disable it. Syntax [ no ] s w i tc h po rt g v rp Default Setting Disabled Command Mode Interf ace Configur ation (Eth er net, P ort Channel ) Example show gv rp configura tion This comm and shows if GVRP is enabl ed. Syn[...]

  • Pagina 543

    C OMMAND L INE I NTE RF ACE 4-251 Default Setting Shows both glob al and interface-spe cific configuration. Command Mode Nor mal Exec, Pri vile ged Exec Example garp t imer This comm and sets the values for the join, le av e and leav eall tim ers . Use the no for m to r estore th e timer s' defau lt values . Syntax gar p timer { jo in | leave [...]

  • Pagina 544

    GVRP AND B RIDGE E XTEN SION C OMMANDS 4-252 unless you are experi encing diffi culties with GM RP or GVRP regi stration/d eregistrati on. • Timer values are applied to GVRP for all the ports on all VLANs. • Timer values must meet the follo wing restrictions : - leave >= (2 x join) - leaveall > leave Note: Set GVRP timers on all Layer 2 d[...]

  • Pagina 545

    C OMMAND L INE I NTE RF ACE 4-253 Example Related Commands garp timer (4-251) Priority Commands The com mands described in this section allow you to specify which data pack ets ha ve greater prec edence when traffic is bu ffered in the swi tch due to cong esti on. T his switch s uppor ts C oS with fou r prio rity que ues fo r each port. Data pack e[...]

  • Pagina 546

    P RIORITY C OMMANDS 4-254 Priority Commands (Layer 2) queue mode This c ommand se ts the queu e mode to stric t priority or W e ighted Round-R o bin (WRR) for the cla ss of ser vice (Co S) priorit y queues. Use the no for m t o restore the de fault value. Syntax queue mode { strict | wrr } no queue mode • strict - Servic es the egress queue s in [...]

  • Pagina 547

    C OMMAND L INE I NTE RF ACE 4-255 Command Mode Global Config uration Command Usage Y ou can s et the switc h to service the queues b ased on a stri ct r ule that requires all traffic in a higher priority queue to be proc essed before lower prior ity queues ar e ser viced, or use W eigh ted R ound-R obin (WRR) queuing that specifie s a relativ e wei[...]

  • Pagina 548

    P RIORITY C OMMANDS 4-256 Command Usage WRR con trols bandw idth sharing at the egress port by d efining schedul ing weight s . Example The fol lowing ex ample sho ws how to as sign WRR w eights of 1, 3, 5 and 7 to the CoS priority queues 0, 1, 2 and 3: Related Commands sho w queue bandw i dth ( 4-259) switc hport pri ority defa ult This comma nd s[...]

  • Pagina 549

    C OMMAND L INE I NTE RF ACE 4-257 the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. • This switc h prov ides fou r prio rity qu eues fo r ea ch port . It is con figur ed to use We ighted Round Rob in, which can b e viewed with th e show queue bandwidth comman d . Inbo und frames that do not h[...]

  • Pagina 550

    P RIORITY C OMMANDS 4-258 Default Setting This s witch suppor ts Class of Ser v ice by using eight priority queues, with W eight ed Round Robin que uing f or each po rt. Eig ht sep arat e traff ic classes are defined in IEEE 802.1p . The default priority levels are assign ed according t o recommendatio ns in the IEEE 802.1p standard as shown below [...]

  • Pagina 551

    C OMMAND L INE I NTE RF ACE 4-259 show queue mode This comma nd shows the current queue mod e. Default Setting None Command Mode Pri vileged Exec Example show queue ban dwidth This comma n d disp lays the w eighted roun d-robin (WRR) ban dwidth allocatio n for the p riority que ues. Default Setting None Command Mode Pri vileged Exec Example Console[...]

  • Pagina 552

    P RIORITY C OMMANDS 4-260 show queue cos-map This com m and shows th e class of ser vice prior ity map . Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Exec Exa[...]

  • Pagina 553

    C OMMAND L INE I NTE RF ACE 4-261 map ip port (Glob a l Configuration) This comma nd enables I P por t map ping (i.e., class of service mappi ng for TCP/UDP so ckets). Us e the no fo rm t o d is ab l e IP po rt m ap pi n g . Syntax [ no ] m ap ip por t Default Setting Disabled Command Mode Global Config uration Command Usage Th e pr eced ence for p[...]

  • Pagina 554

    P RIORITY C OMMANDS 4-262 map ip port ( Interface Conf iguration) This comm and sets IP por t priority (i.e., TCP/UDP por t priority). Use the no form to remov e a specific s etting . Syntax map ip por t port-number cos cos-value no map ip por t port-number • port-number - 16-bit TCP/UDP port number. (Range: 0-65535) • cos- value - Class-of-Ser[...]

  • Pagina 555

    C OMMAND L INE I NTE RF ACE 4-263 Command Mode Global Config uration Command Usage • The prece dence for prio rity mapping is IP Port, IP Precedence or I P DSCP, an d def ault swit chpor t priorit y. • IP Preced ence and IP DSCP cannot both be enabled. Enabl ing one of these priority types will aut omatically disable the other type . Example Th[...]

  • Pagina 556

    P RIORITY C OMMANDS 4-264 Command Usage • The prece dence for prio rity mapping is IP Port, IP Precedence or I P DSCP, an d def ault swit chpor t priorit y. • IP Preced ence values are mapped to default Class of Service values on a one-to-o ne basis accord ing to reco mmenda tions in th e IEEE 802.1p standard , and then subseque ntly mapped to [...]

  • Pagina 557

    C OMMAND L INE I NTE RF ACE 4-265 Example Th e following exampl e shows how to enable IP DSCP mapping gl obally: map ip dscp (Inter fa ce Co nfig urat ion) This comm and sets IP DSCP priority (i.e., Differentiated Ser vices Cod e P oint priorit y). Use the no for m to re store the defau lt tab le. Syntax map ip dscp dscp-v alue cos co s-value no ma[...]

  • Pagina 558

    P RIORITY C OMMANDS 4-266 • DSCP priority values are mapped to default Class of Service values according to recommend ations in the I EEE 802.1p standard, and then subsequen t ly mapped to the four ha rdware priority queues . • This co mmand sets the IP DSCP pr iority for all in terfaces. Example The follo wing example shows ho w to map I P DSC[...]

  • Pagina 559

    C OMMAND L INE I NTE RF ACE 4-267 Related Commands map ip port (Global Configuration) (4-261) map i p port (Interf ace Config uration) (4-262) show map ip precedence This comma nd shows the IP prece dence priori ty map . Syntax show map ip precedence [ in terface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Po rt [...]

  • Pagina 560

    P RIORITY C OMMANDS 4-268 show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range: 1-8) - port - Po rt numb er. (Ra nge: 1 -26) • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Exec Example Related Comm[...]

  • Pagina 561

    C OMMAND L INE I NTE RF ACE 4-269 Mult icast Filt ering Co mmand s Th is switch uses IGMP (I nter net Gr oup Mana ge ment Pr otocol) to quer y f or any att ached host s that want to recei ve a speci fic multicas t ser vice. It ident ifies the po r ts containi ng hosts requesting a se r vice and sen ds data out to th ose ports only . It then p ropag[...]

  • Pagina 562

    M ULTICAST F ILTERING C OMMANDS 4-270 ip igmp snooping This c ommand enable s IGMP snoo ping on this switch. Use the no for m to disa ble it. Syntax [ no ] i p igmp snooping Default Setting Enabl ed Command Mode Global Config uration Example The follo wing exam ple enables I GMP snooping . ip igmp sno oping vlan static This c ommand adds a po rt to[...]

  • Pagina 563

    C OMMAND L INE I NTE RF ACE 4-271 Example Th e following shows how to statically config ure a mult icas t gr oup on a por t: ip igmp snooping ve rsion This comma nd configures t he IGMP snoop ing vers ion. Use the no fo r m to restore the defau lt. Syntax ip igm p snooping ve r sion { 1 | 2 } no ip igmp snooping version • 1 - IGMP Version 1 • 2[...]

  • Pagina 564

    M ULTICAST F ILTERING C OMMANDS 4-272 show ip ig m p snoopi ng Th is comman d shows t he IGMP snoopin g config uratio n. Default Setting None Command Mode Pri vileged Exec Command Usage See “ Confi guring IGMP Snoop ing and Que r y Parameter s” on pag e 3-2 22 for a description of t he displayed items. Example Th e following shows the c ur rent[...]

  • Pagina 565

    C OMMAND L INE I NTE RF ACE 4-273 Command Mode Pri vileged Exec Command Usage Membe r types di splayed i nclude IGMP o r USER, depend ing on sel ected options. Example The following shows the multicast entries lear ned through IG MP snooping for VLAN 1: IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the sw itch as a n [...]

  • Pagina 566

    M ULTICAST F ILTERING C OMMANDS 4-274 Default Setting Enabl ed Command Mode Global Config uration Command Usage If enabled, the switch will ser ve as querier if elected. The querier is respon sible for as king ho sts if they w ant to rec eive m ulticast t raffic . Example ip igmp snoopi ng query-count This command configures the quer y count. Use t[...]

  • Pagina 567

    C OMMAND L INE I NTE RF ACE 4-275 quer y-max- response-time . If the coun tdown fin ishes , and the cli ent still has not respond ed, then t hat client is c onsidered to have left the multicast g roup . Example The follo wing sho ws how t o configure the query count to 10: Related Commands ip i gmp sn ooping q uery- max-res ponse-t ime (4-2 76) ip [...]

  • Pagina 568

    M ULTICAST F ILTERING C OMMANDS 4-276 ip igmp s nooping query- max-response -time This com mand config ures the snoop i ng repo r t dela y . Use the no for m of this command to restor e the default. Syntax ip igmp snooping quer y-max-response-time seconds no ip igmp snooping quer y-max-response-time seconds - T he r epo rt d elay adver tised in IGM[...]

  • Pagina 569

    C OMMAND L INE I NTE RF ACE 4-277 ip igmp s nooping router -port-expir e-time This comm and configur es the query timeout . Use the no for m to rest ore the defau lt. Syntax ip igm p snooping router- por t-expi r e-tim e seco nds no ip igmp snooping router-por t-expire-time seconds - T he time the switch waits after the pr evious quer ier stops bef[...]

  • Pagina 570

    M ULTICAST F ILTERING C OMMANDS 4-278 Static Multicast Routing Command s ip igmp s nooping vlan mrouter This com mand statically configures a multica st router port. Use th e no for m to remove the configu ration. Syntax [ no ] i p igmp snooping vlan vlan -id mr outer interface • vlan-id - VLAN ID (Range: 1-4093) • interface • ethernet unit /[...]

  • Pagina 571

    C OMMAND L INE I NTE RF ACE 4-279 Example Th e following shows how to co nfigure por t 11 as a multic ast route r por t within VLAN 1: show ip ig m p snoopi ng mrouter This comman d displays infor mation on statically configured and dynamically lear ned multicast router po rts. Syntax show ip igmp snoo ping mrouter [ vlan vlan-id ] vlan-id - VLAN I[...]

  • Pagina 572

    IP I NTERFACE C OMMANDS 4-280 IP Inte rface Commands An I P a dd r e ss e s m ay b e us e d f o r m a n a g e me n t a c ce s s to t h e sw i t ch o ver y ou r network. The IP address for th is switch is obtained via DHCP by default. Y ou can man ually con figure a spec i fic IP address , or dire ct the device to obtain an address from a BOOTP or D[...]

  • Pagina 573

    C OMMAND L INE I NTE RF ACE 4-281 Default Setting DHCP Command Mode Interf ace Configur ation (VLA N) Command Usage • Yo u m u s t a s s i g n a n I P a d d r e s s t o t h i s d e v i c e t o g a i n m a n a g e m e n t a c c e s s over the network. Yo u can manually c onfigure a sp ecific IP addr ess, or direc t the device t o obtain an address[...]

  • Pagina 574

    IP I NTERFACE C OMMANDS 4-282 ip def ault -ga teway This c ommand establ ishes a static route between t h is sw itch and devi ces that exist on another n etwork segment. Use the no for m to remov e the static route . Syntax ip default-gatew ay gat ewa y no ip default-gateway gat e wa y - IP address of th e default g ateway Default Setting No static[...]

  • Pagina 575

    C OMMAND L INE I NTE RF ACE 4-283 Command Usage • This com man d iss ues a B OO TP or DHCP clien t req uest f or a ny I P interface th at has b een set to B OOTP or DHCP mod e via the ip address command. • DHCP requires the server to reassign the client’s last address if available. • If the BOOTP or DHCP s erver has been moved to a differen[...]

  • Pagina 576

    IP I NTERFACE C OMMANDS 4-284 show ip re directs This comma nd shows the default gatew ay configu red for this device. Default Setting None Command Mode Pri vileged Exec Example Related Commands ip default-gateway ( 4-282) ping Th is comm and se nds ICM P echo re ques t packets to anothe r node on the network. Syntax ping host [ co unt coun t ][ si[...]

  • Pagina 577

    C OMMAND L INE I NTE RF ACE 4-285 • Followin g are some result s of the pi ng command: - Normal respon se -T he normal resp onse occurs i n one to ten s econds, depe nding on networ k traffi c. - Destination does not respond - If the host d o es not respon d, a “timeout” appears in t en seconds. - Destinati on unreachable - The g ateway for t[...]

  • Pagina 578

    DNS C OMMANDS 4-286 DNS Commands These commands are used to config ure D omain Nami ng System (DNS) ser vices. Y ou can manually configure entries in the DNS domain name to IP addres s mappin g table, conf igure de fault dom ain names, or specify one or more name ser vers to use for doma in name to add ress tr anslation . Note that domain name se r[...]

  • Pagina 579

    C OMMAND L INE I NTE RF ACE 4-287 ip ho st This comma nd creates a stat ic entry in the DNS tabl e that maps a ho st name to an IP ad dress . Use the no for m to re move an entr y . Syntax [ no ] ip ho st nam e addre ss1 [ a ddr ess2 … addr ess8 ] • name - Name of the host. (Rang e: 1-255 characters) • address1 - Corre sponding IP addre ss. ?[...]

  • Pagina 580

    DNS C OMMANDS 4-288 clear host This c ommand delete s entries from the DNS tabl e. Syntax clear host { name | * } • name - Name of the host. (Rang e: 1-255 characters) • * - Removes all entries. Default Setting None Command Mode Pri vileged Exec Example This exampl e clears all static entri es from the DNS tab le. ip do mai n-n ame This command[...]

  • Pagina 581

    C OMMAND L INE I NTE RF ACE 4-289 Example Related Commands ip domain-lis t (4-289) ip name-ser ver (4-290) ip domain-lookup (4-291) ip domain-list Th is comman d def ines a list of doma in name s that ca n be ap pende d to incomple te host names (i. e., host names pa ssed fr om a client t hat ar e not for matt ed with d otted n otation ). Use the n[...]

  • Pagina 582

    DNS C OMMANDS 4-290 • If there is no domain lis t, the domain n ame specified wit h the ip domain-name co mmand is used. If there is a do main list, the default domain name is not used. Example This examp le adds tw o domain names to t he cur rent l ist and th en displa ys the list. Related Commands ip domain-name (4-288) ip nam e-s erv er This c[...]

  • Pagina 583

    C OMMAND L INE I NTE RF ACE 4-291 Command Usage Th e liste d nam e ser vers ar e que rie d in th e spec ified seq uenc e unti l a respon se is recei ved, o r the end of th e list is reac hed with n o respo nse. Example This exampl e adds tw o domain-nam e ser vers to the li st and then disp lays th e list. Related Commands ip domain-name (4-288) ip[...]

  • Pagina 584

    DNS C OMMANDS 4-292 Example This examp le enables DNS an d then dis plays the co nfiguration. Related Commands ip domain-name (4-288) ip name-ser ver (4-290) show host s This c ommand displays the static ho st name-to-ad dress mapping t able. Command Mode Pri vileged Exec Example Note that a host name will be dis played as an alias if it is mapp ed[...]

  • Pagina 585

    C OMMAND L INE I NTE RF ACE 4-293 show dn s This comm and displays the configuration of th e DNS ser ver . Command Mode Pri vileged Exec Example show dns cache This comma nd displa ys ent ries in the DN S cache . Command Mode Pri vileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List[...]

  • Pagina 586

    DNS C OMMANDS 4-294 clear dns cache This comm and clears all entries in the DNS cache. Command Mode Pri vileged Exec Example Table 4-75 Show DNS Outpu t Description Field Description NO The en try nu mber for each re source reco rd. FLAG The flag is alway s “4” indicatin g a cache entry and theref ore unreliable. TYPE Thi s field include s CNAM[...]

  • Pagina 587

    A-1 A PPENDIX A S OFTWARE S PECIFI CATIONS Software Features Authenticatio n Local, RADIUS, T ACA CS, Port (802.1X ), HTTPS (HTT P/SSL), SSH, P or t Security Access Control Lists IP , MAC (u p to 32 l ists) PoE P ower over Ethernet 29 DHCP Cl ient Port Confi gurat ion 100BASE-TX: 10/100 M bps, half/full duple x 1000BASE-T: 10 /100 Mbp s at half/ful[...]

  • Pagina 588

    S OFTWARE S PECIFICATIONS A-2 Port Trun king Static tr unks (Cis co Et herChanne l complia nt) Dynamic tr unks (Link Ag g reg ation Control Protocol) Spanning Tree Protocol Spanning T ree Pro tocol (STP , IEEE 802. 1D) Rapid Spanning Tree Protocol (RSTP , IEEE 802.1 w) Multiple Spanning T ree Protocol (MSTP , IEEE 802.1s) VLAN S upport Up to 255 gr[...]

  • Pagina 589

    S OFTWARE S PECIFICATIONS A-3 SNMPv3 Management access via MIB database T rap manageme nt to specified hosts RMON Groups 1, 2, 3, 9 (Statisti c s , History , Alarm, Event) Standards IEEE 802.1D Spanning Tree Pr otocol and traffic priorities IEEE 802.1p priority tags IEEE 802.1 Q VLAN IEEE 802.1w Rapid Spanning Tree Pr o tocol IEEE 802.1X P ort Auth[...]

  • Pagina 590

    S OFTWARE S PECIFICATIONS A-4 Management Informat ion Bases Bridge MIB (RF C 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665 ) Extended Brid ge MIB (RFC 2674) Extensible SNMP Agent s MIB (RFC 2742) F orwarding Table MIB (RFC 2096) IGMP MIB (RFC 293 3) Interface Gro up MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP Mult icasting rela ted[...]

  • Pagina 591

    B-1 A PPENDIX B T ROUBLESHOOTING Problems Accessing the Management Int erface Table B-1 Tr oublesho oting C hart Symptom Action Cannot con nect using Telnet, web browse r, or SNMP software • Be sure the switch is powered up. • Check network cabling between the management station and the swit ch. • Check that you have a valid net w ork connect[...]

  • Pagina 592

    T R OUBLESHOOTING B-2 Cannot con nect using Secure Shell • If you cannot connect u s ing SSH, you m ay have excee ded the maximum number of concurrent Telnet /SSH sessions permitt e d. Try connecting again at a later t im e. • Be sure the contr ol parameters for the SSH server are pr operly conf igured on the switch , and that t he SSH clien t [...]

  • Pagina 593

    U SIN G S YSTEM L OGS B-3 Using System Logs If a fault does occur, refer to the In stallation Guid e to ensu re that the probl em you en cou ntere d is ac tual ly cau sed by the swi tch. If th e pro blem appea rs to be cause d by the sw itch, follow th ese s te ps: 1. Enable log gin g . 2. Set t he er ror mess ages repor ted to i nclude all categor[...]

  • Pagina 594

    T R OUBLESHOOTING B-4[...]

  • Pagina 595

    Glossary-1 G LOSSA RY Acc ess Co ntro l Li st (ACL) A CLs can lim it network traffic and restrict access to cer tain users or devices by checking each pack e t for cert ain IP or MAC ( i.e., Layer 2) infor mation. Address Re solution Protoc ol (ARP) ARP converts between IP addresse s and MAC (i.e ., hardware) ad dresses. ARP is used to locate the M[...]

  • Pagina 596

    G LOSSAR Y Glossary-2 Dynamic Ho st Control Protoc ol (DHCP) Provides a framework for passing c onfiguration in for mation to hos ts on a TCP/IP network. DHCP is based on the Bootstrap Protocol ( BOOTP), addin g the capabilit y of automatic all ocation of reu sable network addresses and additiona l configurat ion opt ions. Extensible Authentication[...]

  • Pagina 597

    G LOSSAR Y Glossary-3 IEEE 802.1Q VLAN T a g ging—De fines Ether net fra me tags wh ich car r y VLAN infor mation. It allows switches to assign ends tations to different vir tual LANs, and defines a standard wa y for VLANs to communicate across switched networks . IEEE 802.1p An IEEE standard for providing qual ity of ser vic e (QoS) in Ether net[...]

  • Pagina 598

    G LOSSAR Y Glossary-4 IGMP Query On each subnetwork, one IGMP-capa ble device will act as the querier — that is , the device that asks all hosts to rep ort on the IP multicast g roups they wish to join or to which they already belong . T he elected querie r will be the device with the lowest IP address in the subnetwork. Internet Co ntrol Message[...]

  • Pagina 599

    G LOSSAR Y Glossary-5 Link Aggregation See P o rt Trunk. Link Ag g reg ation Control Protocol (LACP) Allows ports to automa tica lly negotiate a tr unked link with LA CP-configured ports on another devi ce. Management Inf or mation Base (MIB) An acronym fo r Manag ement Infor mat ion Base. It is a set of dat abase objec ts that contains inf or mati[...]

  • Pagina 600

    G LOSSAR Y Glossary-6 Port Trunk Defines a network link ag g reg atio n and tr unking met hod which specifies how to create a single hig h-speed log ical link that combine s several lower - speed physical links . Private VLANs Private VLANs provide port- based se curity and isolation between por ts with in the assigned V LAN . Data tra ffic on down[...]

  • Pagina 601

    G LOSSAR Y Glossary-7 Simple Networ k Time Proto col (SNTP) SNTP allows a device to set it s inter nal clock based on periodic updates from a Network Time Protocol (NTP) ser ver. Updates can be requeste d from a specific NTP ser ver, or can be receiv ed via broadcasts se nt by NTP ser vers . Spanning Tree Algorithm (STA) A technolog y that checks y[...]

  • Pagina 602

    G LOSSAR Y Glossary-8 Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same co llision domain reg ardless of their physical location or con nection point in the network. A VLAN ser ves as a logical workg roup with no physical ba rrie rs, and allows users to share infor m ation and resources as though located on the s[...]

  • Pagina 603

    Index-1 Numerics 802.1X configure 3 -88 , 4-110 port authentication 3- 88 , 4-110 A Access Con trol Lists See ACL ACL configuratio n guide lines 3-98 , 4-119 Extended IP 3- 99 , 4-120 , 4-12 2 , 4-125 MAC 3-99 , 4-120 , 4- 138 – 4-142 Standard IP 3-99 , 4-120 , 4-122 , 4-124 address table 3-151 , 4-200 aging time 3- 154 , 4-204 B BOOTP 3-22 , 4-2[...]

  • Pagina 604

    I NDE X Index-2 H hardware version, displ aying 3- 15 , 4-80 HTTPS, secure server 3-75 , 4-41 I IEEE 802.1D 3- 155 , 4-207 IEEE 802.1s 3-155 , 4-207 IEEE 802.1w 3-155 , 4- 207 IEEE 802.1X 3-88 , 4-110 IGMP configuring 3-2 20 , 4-269 descriptio n of prot ocol 3-220 Layer 2 3-220 , 3-221 , 4-269 query 3-221 , 3-222 , 4 -273 snooping 3-221 , 4-26 9 sn[...]

  • Pagina 605

    I NDEX Index-3 power budgets port 3-147 , 4-93 port priority 3-150 , 4-94 Power over Ethernet configuring 2-1 5 priority, default p ort ingress 3-202 , 4-25 6 priority, STA 3- 167 , 4-221 R RADIUS, logon authentication 3-72 , 4-100 rate limits, setting 3-138 , 4-186 remote logging 3-37 , 4-60 RSTP 3-155 , 4-207 global config uration 3-161 , 4-207 S[...]

  • Pagina 606

    I NDE X Index-4 W Web interface access requirements 3-1 configurat ion butt ons 3-4 home page 3-3 menu list 3-6 panel dis play 3-5[...]

  • Pagina 607

    [...]

  • Pagina 608

    38 T e sla Irvine, C A 9261 8 Phone: (949 ) 679-800 0 Model Nu mbers: SMC6 824M ( F2.4.2.13) SMC 6824MPE (F 2. 4.2.11 ) SMC6826MPE (F2.4. 2.11) Pub. Nu mber: 15 0200037 700A E06200 5-R02 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Canada (2 4 hours a day , 7 da ys a week) (800) SMC-4-YOU; (94 9) 679-800 0; Fax: (949) 679-1481 From E urope (8:00[...]