LevelOne GSW-2692 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto LevelOne GSW-2692. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoLevelOne GSW-2692 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual LevelOne GSW-2692 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual LevelOne GSW-2692, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual LevelOne GSW-2692 deve conte:
- dados técnicos do dispositivo LevelOne GSW-2692
- nome do fabricante e ano de fabricação do dispositivo LevelOne GSW-2692
- instruções de utilização, regulação e manutenção do dispositivo LevelOne GSW-2692
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque LevelOne GSW-2692 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos LevelOne GSW-2692 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço LevelOne na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas LevelOne GSW-2692, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo LevelOne GSW-2692, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual LevelOne GSW-2692. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    LevelOne GSW-2692 24-Port 10/100M + 2G Combo L2 Stackable Switch User Manual V ersion 1.0-0608[...]

  • Página 2

    [...]

  • Página 3

    i Contents Chapter 1: Intr oduction 1- 1 Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5 Chapter 2: Initial Configuratio n 2-1 Connecting to the Switch 2-1 Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3 Stack Operations 2-3 Selecting th e Stack Master 2-3 Recovering from Stack Failure or Topolo g[...]

  • Página 4

    Contents ii Managing F irmware 3-15 Downloading System Software from a Server 3-16 Saving or Restoring Configuration Settings 3-18 Downloading Configuration Setti ngs from a Server 3-19 Console Port Setti ngs 3-20 Telnet Settings 3-22 Configuring Event Logging 3-24 System Log Configuration 3-24 Remote Log Configuration 3-26 Displaying Log Message s[...]

  • Página 5

    Contents iii Enabling LACP on Selected Ports 3-70 Configuring LACP Parameters 3-73 Displaying LACP Port Counters 3-75 Displaying LACP Settings and Status for the Local Side 3-77 Displaying LACP Settings and Status for the Remote Side 3-79 Setting Broadcast Storm Threshol ds 3-81 Configuring Port Mi rroring 3-82 Configuring Rate Limits 3-83 Rate Lim[...]

  • Página 6

    Contents iv Mapping DSCP Priority 3-131 Mapping IP Port Priority 3-132 Mapping CoS Values to ACLs 3-133 Multicast Filtering 3-135 Layer 2 IGMP (Snooping and Query) 3-135 Configuring IGMP Snoopin g and Query Parameters 3-136 Displaying Interfaces Attached to a Multicast Router 3-137 Specifying Static Interfaces for a Multicast Router 3-138 Displayin[...]

  • Página 7

    Contents v General Commands 4-19 enable 4-19 disable 4-20 configure 4-21 show history 4-21 reload 4-22 end 4-22 exit 4-23 quit 4-23 System Management Comma nds 4-24 Device Designation Commands 4-24 prompt 4-24 hostname 4-2 5 User Access Commands 4-25 username 4-26 enable password 4-27 IP Filter Commands 4-28 management 4-28 show management 4-29 Web[...]

  • Página 8

    Contents vi clear logging 4-46 show logging 4-47 show log 4-48 SMTP Alert Commands 4-49 loggin g sen d m a i l ho st 4-49 logging sendmail l evel 4-50 logging sendmail source-email 4-51 logging sendmail destinatio n-email 4-51 logging sendmail 4- 52 show logging sendmail 4-52 Time Commands 4-53 sntp client 4-53 sntp server 4-54 sntp poll 4-55 show [...]

  • Página 9

    Contents vii TACACS+ Client 4-76 tacacs-server host 4-77 tacacs-server port 4-77 tacacs-server key 4-78 show tacacs-server 4-78 Port Security Commands 4-79 port security 4-79 802.1X Port Authentication 4-81 dot1x system-auth-control 4-81 dot1x default 4-82 dot1x max-req 4-82 dot1x port-cont rol 4-82 dot1x operation-mode 4-83 dot1x re-authenticate 4[...]

  • Página 10

    Contents viii snmp-server enable traps 4-106 show snmp 4-107 Interface Comma nds 4-108 interfac e 4-108 description 4-109 speed-duplex 4-109 negotiation 4-110 capabilities 4-111 flowcontrol 4-112 shutdown 4-113 switchport broadcast packet-rate 4-114 clear counters 4-114 show interfaces status 4-115 show interfaces counters 4-116 show interfaces swi[...]

  • Página 11

    Contents ix spanning-tree cost 4-142 spanning-tree port-pri ority 4-143 spanning-tree edge-p ort 4-144 spanning-tree portfast 4-145 spanning-tree link-typ e 4-145 spanning-tree protoc ol-migration 4-146 show spanning-tree 4-147 VLAN Commands 4-149 Editing VLAN Groups 4-149 vlan database 4-149 vlan 4-150 Configuring VLAN Interfaces 4-151 interface v[...]

  • Página 12

    Contents x Priority Commands (Layer 3 and 4) 4-174 map ip port (Global Configuration) 4-174 map ip port (Interface Configuration) 4-175 map ip precedence (Global Configuration ) 4-175 map ip precedence (Interfa ce Configuration) 4-176 map ip dscp (Global Configuration) 4-1 77 map ip dscp (Interface Configurati on) 4-177 show map ip port 4-178 show [...]

  • Página 13

    Contents xi Appendix A: Software Specifications A-1 Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3 Appendix B: Trouble shooting B- 1 Problems Accessing the Ma nag ement Interface B-1 Using System Logs B-2 Glossary Index[...]

  • Página 14

    Contents xii[...]

  • Página 15

    xiii Tables Table 1-1 Key Featur es 1-1 Table 1-2 System Defau lts 1-5 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-25 Table 3-4 HTTPS System Support 3-40 Table 3-5 802.1X Statistics 3-54 Table 3-6 LACP Port Counters 3-75 Table 3-7 LACP Intern al Configuration Information 3-77 Table 3-8 LACP Neighbor Co nfi[...]

  • Página 16

    T ables xiv Table 4-27 Authentication Commands 4-71 Table 4-28 Authentication Sequence 4-71 Table 4-29 RADIUS Client Comma nds 4-73 Table 4-30 TACACS Commands 4-76 Table 4-31 Port Security Commands 4-79 Table 4-32 802.1X Port Authenti cation 4-81 Table 4-34 IP ACLs 4-90 Table 4-33 Access Control Lists 4-90 Table 4-35 Egress Queu e Priority Mapping [...]

  • Página 17

    xv Figures Figure 3-1 Home Page 3-2 Figure 3-2 Panel Display 3-3 Figure 3-3 System Information 3-8 Figure 3-4 Switch Information 3-10 Figure 3-5 Bridge Extension Configuration 3-11 Figure 3-6 Manual IP C onfiguration 3-13 Figure 3-7 DHCP IP Configuration 3-1 4 Figure 3-8 Copy Firmwa re 3-16 Figure 3-9 Setting the Startup Code 3-1 6 Figure 3-10 Dele[...]

  • Página 18

    Figures xvi Figure 3-43 LACP Configuration 3-71 Figure 3-44 LACP Port Configuratio n 3-74 Figure 3-45 LACP - Port Counters Information 3-76 Figure 3-46 LACP - Port Internal Info rmation 3-78 Figure 3-47 LACP - Port Neighbors Information 3-79 Figure 3-48 Port Broadcast Co ntrol 3-81 Figure 3-49 Mirror Port Configuration 3-83 Figure 3-50 Rate Limit G[...]

  • Página 19

    1-1 Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed i n this manual. The default configurati on can be used for most of the featur es provided by this switch. However , there are many options that you should configure to max[...]

  • Página 20

    Introduction 1-2 1 Description of Software Features The switch provides a wide range of advanced perf ormance enhancing features. Flow control eliminates the l oss of packet s due to bottlenecks caused by port saturation. Broadcast storm supp ression prevents broadcast traffic sto rms from engulfing the network. Port-ba sed and private VLANs, plus [...]

  • Página 21

    Description of Softwa re Features 1-3 1 Port Mirroring – The switch can unobtrusi vely mirror tr affic fro m any port to a monitor port. Y ou can then att ach a protocol analyz er or RMON probe to this port to perform traf fic analysis and verify connect ion integrity . Port T runking – Ports can be combin ed into an aggregate connection . T ru[...]

  • Página 22

    Introduction 1-4 1 Vir tual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same col lision domain regardless of the ir physical location or connecti on point in the netwo rk. The switch suppo rts ta gged VLANs based on the IEEE 802.1Q sta ndard. Members of VLAN group s can be dynamically [...]

  • Página 23

    System Defaults 1-5 1 System Defaults The switch’s system de faults are provided in the configuration file “Factory_Default_Con fig.cfg.” To reset the swi tch defaults, this f ile should be set as the startup config urati on file (page 3-20). The following t able lists some of the basic system defaul ts. T able 1-2 System Defaults Function Pa[...]

  • Página 24

    Introduction 1-6 1 Port Config uration Admin Status Enabled Auto-negotiation Enabled Flow Cont rol Disabled Rate Limiting Input and output limits Disabled Port T runking Static T runks None LACP (all ports) Disabled Broadcast Storm Protection Status Disabled (all ports) Broadcast Limi t Rate 32,000 oc tets per sec ond Spanning T ree Algorithm Statu[...]

  • Página 25

    System Defaults 1-7 1 System Log Status Enabled Messages Logged Levels 0-7 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler En abled (but no serv er defined ) SNTP Clock Synchronization Disabled T abl e 1-2 System Defaults (Continued ) Function Parameter Default[...]

  • Página 26

    Introduction 1-8 1[...]

  • Página 27

    2-1 Chapter 2: Initial Configuration Connecting to the Switch Configuration Options The switch includes a built-in net work management agent. The agent of fers a variety of management option s, including SNMP , RMON and a web-based interface. A PC may also be co nnected directly to the switch f or configuration a nd monitoring via a command line in[...]

  • Página 28

    Initial Configuration 2-2 2 • Configure Class of Servi ce (CoS) priority queuing • Configure up to 4 static or LACP trunks • Enable port mirroring • Set broadcast storm cont ro l on any port • Display syst em information and statistics • Configure any stack unit throug h the same IP address Required Connections The switch provides an RS[...]

  • Página 29

    Stack Operations 2-3 2 Remote Connections Prior to accessing the switch’ s onboard agent via a net wo rk connection, you must first config ure it with a val id IP address, s ubnet mask, and default gatewa y using a console connection, DHCP or BOOTP protocol . The IP address for this switch is obtained v ia DHCP by default. T o manual ly configure[...]

  • Página 30

    Initial Configuration 2-4 2 Recovering from Stack Failure or Topology Change When a link or unit in the st ack fails, a trap message is sen t and a failure event is logged. The stack wil l be rebooted after an y system failure or topolog y change. It takes two to three min utes for the stack to reboo t. Also note that powering down a unit or i nser[...]

  • Página 31

    Basic Configuration 2-5 2 Setting Passwords Note: If this is your first time to log into the CLI program, you should define new passwords for both default user names us ing the “usern ame” command, record them and put them in a safe place. Passwords can consist of up to 8 al phanumeric characters and are case sensit ive. T o pre vent unauthoriz[...]

  • Página 32

    Initial Configuration 2-6 2 Note: The IP address for this switch is obtained via DHCP by default. Before you can assign an IP address to the swi tch, you must obtain the following information from your net wo rk administrator: • IP address for the switch • Default gateway for the network • Network mask for this ne twork T o assig n an IP addr[...]

  • Página 33

    Basic Configuration 2-7 2 5. W ait a few minutes, and the n check the IP configuration sett ings by typing the “show ip interface” command. Pre ss <Enter>. 6. Then save your conf iguration changes b y typing “copy run ning-config startup-con fi g.” Enter the startup file name and press <Enter>. Enabling SNMP Management Access Th[...]

  • Página 34

    Initial Configuration 2-8 2 T o conf igure a community string, compl ete the following step s: 1. From the Privileged Exe c level global configurat ion mode prompt, type “snmp-server community string mode ,” where “string” is the communi ty ac cess string and “mode” is rw (read/wri te) or ro (read only). Press <Ente r>. (Note that[...]

  • Página 35

    Managing System Fi les 2-9 2 2. Enter the name of the sta rt-up file. Press <En te r>. Managing System Files The switch’s flash memory suppo rts three types of system fil es that can be managed by the CLI program, We b interface, or SNMP . The switch’s file sys tem allows fi les to be uploaded an d downloaded, cop ied, deleted, and set as[...]

  • Página 36

    Initial Configuration 2-10 2[...]

  • Página 37

    3-1 Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP W eb agent . Using a Web bro wser you can configure the switch and view statistics to moni tor net work activity . The Web agent can be accessed by any computer on the network usi ng a standard W eb browser (Internet Explorer 5.0 or above, or Net sca[...]

  • Página 38

    Configuring the Switch 3-2 3 Navigating the Web Browser Interface T o access t he web-browser interface you must first ente r a user name and password. The administra tor has Read/W rite access to all co nfi gurati on p arameters and stat is tics. Th e defau lt use r name and p assword for the admi nis trator i s “ad min.” Home Page When your w[...]

  • Página 39

    Panel Display 3-3 3 Configuration Options Configurable p arameters have a dialog box or a drop-down list. Once a configuration change has been made on a p age, be sure to click on the Apply button to confirm the new setting. The followi ng table summarizes the web page configuration buttons. Notes: 1. To ensure prope r screen refresh, be sure that [...]

  • Página 40

    Configuring the Switch 3-4 3 Main Menu Using the onboa rd web agent, you can define sy stem paramet ers, manage and control the s witch, and all i ts port s, or monitor net work conditions. Th e following table brie fly describes the selection s avai lable from this program. T able 3-2 Main Menu Menu Description Page System 3-8 System Information P[...]

  • Página 41

    Main Menu 3-5 3 SSH 3-42 Host-Key Sett ings Gen erates the ho st key pair (public and private) 3-44 Settings Configures Secure Shell s erver settings 3-46 Port Secu rit y Configur e s pe r port secur ity , including st at us , respons e fo r security breach, and maximum allowed MAC addresses 3-47 802.1X Port authent ication 3-49 Information Display[...]

  • Página 42

    Configuring the Switch 3-6 3 Input Trunk Configuration Sets the i nput rate limit f or each trunk 3-84 Output Port Configuration Sets the output rate limit for each port 3-84 Output Trunk Configuration Sets the output rate limit for each trunk 3-84 Port Statistics Lists Ethernet and RMON port stat ist ics 3-85 Address T able 3-90 Static Addresses D[...]

  • Página 43

    Main Menu 3-7 3 Port Information Shows VLAN port type , and associate d primary or secondary VLANs 3-120 Port Configura tion Sets the private VLAN interface type , and associates the interfaces with a private VLAN 3-121 Trunk Information Shows VLAN port type , and as sociated primary or seco ndary VLANs 3-120 Trunk Configuration Sets t he priv ate [...]

  • Página 44

    Configuring the Switch 3-8 3 Basic Configuration Displaying System Information Y ou can easily ident ify the system by displayi ng t he device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location ?[...]

  • Página 45

    Basic Configuration 3-9 3 CLI – S pecify the hostname, loca tion and cont act info rmation. Displaying Switch Hardware/Software Versions Use the Switch Information p age to display hardware/firmware version numb ers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Number[...]

  • Página 46

    Configuring the Switch 3-10 3 These additional p arameters are displayed for the CLI. • Unit ID – Unit number in stack. • Redundant Power Statu s – Displays the status of the redundant power supp ly. Web – Click System, Switch Information. Figure 3-4 Switch Info rmation CLI – Use the following command to di splay version information. Co[...]

  • Página 47

    Basic Configuration 3-11 3 Displaying Bridge Extension Capabilities The Bridge MIB includes ext ensi ons for managed devices that support Multicast Filtering, T raf fic Classes, an d Virtual LANs. Y ou can access these extensions to display default sett ings for the key variables. Field Attributes • Extended Multicast Filtering Services – This [...]

  • Página 48

    Configuring the Switch 3-12 3 CLI – Enter the following command. Setting the Switch’s IP Address This section describes how to con fi gure an IP interface for management access over the network. The IP address for thi s switch is obt ain ed via DHCP by defa ult. T o manually configure an address, you need to change the swit ch’s default setti[...]

  • Página 49

    Basic Configuration 3-13 3 Manual Config uration Web – Click System, IP Configu ration. Select the VLAN through whi ch the management st ation is attached, set the IP Address Mode to “S tatic,” enter the IP address, subnet mask and gat eway , then click Apply . Figure 3-6 Manual IP Config uration CLI – S pecify the management interfac e, IP[...]

  • Página 50

    Configuring the Switch 3-14 3 Using DHCP/BOOTP If your network provides DHCP/BOOTP serv ices, you can confi gure the swi tch to be dynamically con figured by these s ervices. Web – Click System, IP Configura tion. S pecif y the VLAN to whi ch the management statio n is attached, set the I P Address Mode to DHCP or BOOTP . Click Apply to save your[...]

  • Página 51

    Basic Configuration 3-15 3 Web – If the address assigned by DHCP is no longer funct ioning, you will not be able to renew the IP settings via the w e b interface. Y ou can only restart DHCP service via the web interface if the curren t address is still availabl e. CLI – Enter the following command to rest art DHCP service. Managing Firmware Y o[...]

  • Página 52

    Configuring the Switch 3-16 3 Downloading System So ftware from a Serv er When downloading runtime code, you can specify the destination fil e name to replace the current image, or first download the file using a dif ferent name from the current runtime code fi le, and then set the new file as t he startup file. Web –Click System, File Manageme n[...]

  • Página 53

    Basic Configuration 3-17 3 T o del ete a file se lect System, Fil e, Delete. Sel ect the file name from the give n list by checking the tick box and click Apply . Note that t he file currently designated as the startup code cannot be deleted. Figure 3-10 Dele ti ng Files CLI – T o download new firmware form a TFTP server , enter the IP address of[...]

  • Página 54

    Configuring the Switch 3-18 3 Saving or Restoring Configuration Settings Y ou can upload/do wnload configuration setti ngs to/from a TFTP server or copy fil es to and from switch unit s in a st ack. The configurati on files can be later do wn loaded to restore the switch’s settings. Command Attributes • File Transfer Method – The configuratio[...]

  • Página 55

    Basic Configuration 3-19 3 Downloading Configuration Set tings from a Server Y ou can download the conf igurat ion file un der a new file name and then set i t as the startup fi le, or you can specify the current sta rtup configuration fi le as the destination file to directly replac e it. Note that the file “Fac tory_Default_Config.cf g” can b[...]

  • Página 56

    Configuring the Switch 3-20 3 CLI – Enter the IP address of the TFTP server , specify the source file on the server , set the sta rtup file name on the switch, and then rest art the switch. T o selec t another configurati on file as the start -up configuration, use t he boot system command and then rest art the switch. Console Port Settings Y ou [...]

  • Página 57

    Basic Configuration 3-21 3 • Speed – Sets the t erminal line’ s baud rate f or transmit (to termi nal) and receiv e (from terminal ). Set the s peed to match t he baud rate o f the device conn ected to the serial port. (Range: 96 00, 19200, 38400, 57600, or 1 15200 baud; Default: 9600 bps) • Stop Bits – Sets the number of the s top bits t[...]

  • Página 58

    Configuring the Switch 3-22 3 CLI – Enter Line Configuration mode for the con sole, then specify the conne ction parameters a s required. T o display the current console port sett ings, use the show line comm and fro m the No rmal Exec level. Telnet Settings Y ou can access the onboard conf ig uration pr ogram over t he network using T elnet (i.e[...]

  • Página 59

    Basic Configuration 3-23 3 • Password Threshold – Set s the p assword intrusion threshold, which limits t he number of failed l ogon attempts. When the logon attempt threshold is reached, the system interfa ce becomes silent f or a specified amo unt of time (set by the Silent Time parameter) before al lowing the next log on at tempt. (Range: 0-[...]

  • Página 60

    Configuring the Switch 3-24 3 CLI – Enter Line Configuration mode for a virtu al t erminal, then specify the connection p arameters as required. T o display the current virtual te rmi nal settings, use the show li ne command from t he Normal Exec level. Configuring Event Logging The switch allows yo u to co ntrol t he loggi ng of error messages, [...]

  • Página 61

    Basic Configuration 3-25 3 • RAM Level – Limits log messages sav ed to the swi tch’s temporary RAM memory for all levels up to the specified level. For exa mple, if level 7 is specifi ed, all messages from level 0 to level 7 will be logged to RAM. (Ra nge: 0-7, Default: 6) Note: The Flash Level must be equal to or less than the RAM Level. Web[...]

  • Página 62

    Configuring the Switch 3-26 3 Remote Log Configuration The Remote Logs pag e allows you to configure the l ogging of messages that are sent to syslog servers or other management stations. Y ou can also limit the error messages sent t o only those messag es below a specifi ed level. Command Attributes • Remote Log Status – Enables/disables the l[...]

  • Página 63

    Basic Configuration 3-27 3 CLI – Enter the syslog server host I P address, choose t he facility t ype and set the logging tr ap. Displaying Log Messages The Logs pa ge allows you to scro ll through t he logged sy stem and e vent message s. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on [...]

  • Página 64

    Configuring the Switch 3-28 3 Sending Simple Mail Transfer Protocol Alerts T o al ert system administ rators of problems, the switch can use SMTP (Simple Mail T ransfer Protocol) to send emai l messages when triggered by log ging events of a specified le vel. The messages a re sent to spec ified SMTP servers on the network and can be retrieved usin[...]

  • Página 65

    Basic Configuration 3-29 3 Web – Click System, Log, SMTP . Enable SMTP , specify a source email add ress, and select the minimum sev erity level. T o add an IP address to the SMTP Server List, type the new IP address in th e SMTP Server field and click Add. T o delet e an IP address, click the entry in t he SMTP Server List and click Remove. S pe[...]

  • Página 66

    Configuring the Switch 3-30 3 CLI – Enter the IP addres s of at least one SMTP serv er , set the syslog severity level to trigger an emai l message, and spe cify t he switch (s ource) a nd u p to f iv e recipi ent (destination) e mail addresses. Enable SMTP with the logg ing sendmail command to complete t he configuration. Use the show logging se[...]

  • Página 67

    Basic Configuration 3-31 3 Setting the System Clock Simple Network T ime Protocol (SNTP) allo ws the swit ch to set it s internal clock based on periodic upda tes from a time server (SNTP or NTP). Mainta ining an accurate time on the switch enables the system lo g to record meaningful dates and times for event entries . Y ou can also manually set t[...]

  • Página 68

    Configuring the Switch 3-32 3 CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current ti me and settings. Setting the Time Zone SNTP uses Coordinated Universal T ime (or UTC, formerly Greenwich Mean T ime, or GMT) based on the time at the Eart h’s prime meridian , zero degrees longitude. T o d[...]

  • Página 69

    Simple Network Manag ement Protocol 3-33 3 Simple Network Management Protocol Simple Network Management Protoc ol (SNMP) is a communication protocol designed specifi cally for managing devices on a network. Equipment commonly managed with SNMP i ncludes switches, routers and host computers. SNMP is typically used to con fi gure these devices for pr[...]

  • Página 70

    Configuring the Switch 3-34 3 Web – Click SNMP , Configuratio n. Add new communit y strings as required, select the access right s from the Access Mode drop-down list, t hen click Add. Figure 3-22 Configuring SN MP CLI – The following example adds the strin g “spiderman” with read/write access. Specifying Trap Managers and Trap Types T raps[...]

  • Página 71

    User Authentication 3-35 3 Web – Click SNMP , Configuration. Fill in the IP addres s and community string for each trap manager that will receive these messages, specify the SNMP versi on, mark the trap t ypes required, and then click Add . Figure 3-23 Config uri ng IP Trap Managers CLI – This exampl e adds a trap manager and enables both authe[...]

  • Página 72

    Configuring the Switch 3-36 3 Command Attributes • Account List – Displays the current list of user account s and associated access levels. (Defaul ts: admin, and guest) • New Account – Displays configuratio n set tings for a new account. - User Name – The name of the user. (Maximum length: 8 charact ers) - Access Level – Specifies the [...]

  • Página 73

    User Authentication 3-37 3 Configuring Local/Remote Logon Authentic ation Use the Authenticati on Settings menu to restrict mana gement access based on specified user name s and p asswords. Y ou can manually configure access right s on the switch, or you can use a remote access aut hentication server base d on RADIUS or T ACACS+ protocols. Remote A[...]

  • Página 74

    Configuring the Switch 3-38 3 Command Attributes • Authentication – Select the authenticatio n, or authentication sequen ce required: - Local – User authentica tion is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server onl y. - TACACS – User authentication is perf ormed using a TACACS+ [...]

  • Página 75

    User Authentication 3-39 3 Web – Click Security , Authent ication Setti ngs. T o configure local or remote authenticati on pref erences, specify the authenti cation sequence (i.e., one to three methods), fill in the parame te rs fo r RADI US o r T ACACS+ authentica ti on if sel e ct ed , and click Apply . Figure 3-25 Authenticati on Settin gs CLI[...]

  • Página 76

    Configuring the Switch 3-40 3 Configuring HTTPS Y ou can configure the switch t o enable the Secure Hypertext T ransf er Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to th e switch’s we b int erface. Command Usage • Both the HTTP and HTTPS service can be enabled independ ently on t[...]

  • Página 77

    User Authentication 3-41 3 Web – Click Security , HTTPS Sett ings. Enable HTTPS a nd speci fy th e port number , then click Appl y . Figure 3-26 HTTPS Setti ngs CLI – This example enables the HTTP secu re server and modifies the port number . Replacing the Default Secure-site Certificate When you log onto the web int erfa ce using HTTPS (for se[...]

  • Página 78

    Configuring the Switch 3-42 3 Configuring the Secure Shell The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments. These tools, includi ng commands such as rlogin (remo te login), rsh (remote shell), and rcp (remote co[...]

  • Página 79

    User Authentication 3-43 3 3. Import Client’ s Public Key to the Switch – Use the copy t f tp publ ic-key command (page 4-65) to copy a file contai nin g the public key for all the SSH client’ s granted management acces s to the switch. (Note that these cl ie nts must be configured locally on the switch via the User Accounts p age as describe[...]

  • Página 80

    Configuring the Switch 3-44 3 Generating the Host Key Pair A host public/pri vate key p air is used to provide secure communicati ons betwe en an SSH client and the switch. Af t er generating this key p air , you must provide the host public key to SSH clien ts and import the clie nt’s public key to the switch as described in the proceedi ng sect[...]

  • Página 81

    User Authentication 3-45 3 Web – Click Security , SSH, Host-Key Setti ngs. Select the host-k ey type from the drop-down box, select the optio n to save the host key from memory to fla sh (if required) prior t o generating the key , and then click Generate. Figure 3-27 SS H Host-Key Settings CLI – This example generates a host -k ey pair using b[...]

  • Página 82

    Configuring the Switch 3-46 3 Configuring the SSH Server The SSH server incl udes basic sett ings for authe ntication. Field Attributes • SSH Server St atu s – Allows you to enable/ disable t he SSH server on th e switch. (Default: Disa bled) • Version – The Secure Shell vers ion number. Version 2. 0 is displayed, but the switch supports ma[...]

  • Página 83

    User Authentication 3-47 3 CLI – This exampl e enables SSH, set s the authen tication p arameters, and displa ys the current configuration. It shows that th e admini strato r has made a conne cti on via SHH, and then disables th is connection. Configuring Port Security Port security is a feature that allows you to co nfigure a switch port with on[...]

  • Página 84

    Configuring the Switch 3-48 3 • If a port is disabled (shut down) due to a security violation, it mus t be manu ally re-enabled from the Port/Port Confi gurat ion page (page 3-66). Command Attributes •P o r t – Port number. • Name – Descriptive text (page 4-109). • Action – Indicate s the action to be taken when a port security violat[...]

  • Página 85

    User Authentication 3-49 3 Configuring 802.1X Port Auth entication Network switches can provide open and easy access to net work resources by simply att aching a client PC. Alth ough this automatic conf iguration and access is a desirable feat ure, it also al lows unauthorized personnel to easil y intrude and possibly gain access to sensitive netwo[...]

  • Página 86

    Configuring the Switch 3-50 3 • The RADIUS server and clie nt a lso have t o su pport th e same EAP authe nticat i on type – MD5. (Some clients have native sup port in Windows, otherwise the dot1 x client must support i t.) Displaying 802.1X Global Settings The 802.1X proto col provides client authentication . Command Attributes • 802.1X Syst[...]

  • Página 87

    User Authentication 3-51 3 Configuring 802.1X Global Settin gs The 802.1X proto col provides client authentication . Command Attributes • 802.1X System Auth entication Control – Set s the global settin g for 802. 1X. (Default: Disabl ed) Web – Select Security , 802.1X, Configurat ion. Enable 80 2.1X globally for the switch, and click Apply . [...]

  • Página 88

    Configuring the Switch 3-52 3 • Max-Req – Sets the maximum number of times the swit ch port will retransmit an EAP request packet to the clie nt before it times out the aut hentication sessio n. (Range: 1-10; Default 2) • Quiet Peri od – Sets the time tha t a switch port waits af ter the Max Request Count has been exc eeded before attempt i[...]

  • Página 89

    User Authentication 3-53 3 CLI – This example set s the 802.1X paramete rs on port 2. For a description of the additional fields displa yed in this exampl e, see “show dot1 x” on page 4-86 . Console(config)#interface ethernet 1/2 4-108 Console(config-if)#dot1x port-control a uto 4-82 Console(config-if)#dot1x re-authenticat ion 4-84 Console(co[...]

  • Página 90

    Configuring the Switch 3-54 3 Displaying 802.1X Statistics This switch can display st atistics for do t1x protocol exc hanges for any po rt. T able 3-5 802.1X Statistics Parameter Descripti on Rx EAPOL Start The number of EAPOL Start frames that have been rec eived by this Authenticat or . Rx EAPOL Logoff The number of EAPOL Logoff frames th at hav[...]

  • Página 91

    User Authentication 3-55 3 Web – Select Security , 802.1X, S tatistics. Se lect the require d port and then click Query . Click Refresh to update the st atistics. Figure 3-33 802.1X Port Statistics CLI – This example displays the 802. 1X statistics fo r port 4. Filtering IP Addresses for Management Access Y ou create a list of up to 16 IP addre[...]

  • Página 92

    Configuring the Switch 3-56 3 • IP address can be configured for SNMP, web and Telnet access respect ively. Each of these groups can include up to five dif ferent sets of ad dresses, eit her individual addresses or address ranges. • When entering addresses fo r the same group (i.e., SNMP, we b or Telnet), the switch will n ot accept overlappi n[...]

  • Página 93

    Access Control Li sts 3-57 3 CLI – This example allows SNMP access for a specific cli ent. Access Control Lists Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incomin g packets,[...]

  • Página 94

    Configuring the Switch 3-58 3 3. Explicit default ru le (permit any any) in the ingre ss IP ACL for ing ress ports. 4. Explicit default ru le (permit any any) in the ingress MAC ACL for ingress port s. 5. If no explicit rule is mat ched, the implicit defa ult is permit all. Setting the ACL Name and Type Use the ACL Configuration p age to designat e[...]

  • Página 95

    Access Control Li sts 3-59 3 Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Address Type – Specifies the so urce IP address. Use “Any” to inc lude all possible addresses, “Host” to speci fy a specific hos t address in th e Address fiel d, or “IP” to speci[...]

  • Página 96

    Configuring the Switch 3-60 3 Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destination Address Type – Spec if ies the source or destination I P address. Use “Any” to include al l poss ible addresses, “Hos t” to sp ecify a specific host address in th[...]

  • Página 97

    Access Control Li sts 3-61 3 Web – S pecify the action (i. e., Permit or Deny). S peci fy the source and/or destination addre sses. Select the address type (Any , Host, or IP). If you select “Host,” enter a specific addre ss. If you select “IP ,” enter a subnet address and the mask for an address range. Set any other required criteria , s[...]

  • Página 98

    Configuring the Switch 3-62 3 Configuring a MAC ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destinatio n Address Ty pe – Use “Any” to include all possib le addresses, “Host” to indica te a specific MAC ad dress, or “MAC” to speci fy an address range with the Address and [...]

  • Página 99

    Access Control Li sts 3-63 3 Binding a Port to an Access Control List After configurin g Access Control Lists (ACL), you should bi nd them to the ports that need to filter traf fic. Y ou can assi gn one IP access list to any port, but you can only assign one MAC access li st to all the port s on the switch. Command Usage • You must configure a ma[...]

  • Página 100

    Configuring the Switch 3-64 3 CLI – This example assigns an IP and MAC access list to port 1, an d an IP access list to port 3. Port Configuration Displaying Connection Status Y ou can use t he Port Informati on or T runk Informat ion pages to display the current connection st atus, includi ng li nk state, spe ed/ duplex mode, flow control, and a[...]

  • Página 101

    Port Configuration 3-65 3 Web – Click Port, Port In fo rma ti o n or T runk Inform at io n . Figure 3-40 Displayi ng Port/Trunk Information Field Attributes (CLI ) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 100 0BASE-T, or SFP) • MAC address – The physical layer address for this port. (To access t his item on t[...]

  • Página 102

    Configuring the Switch 3-66 3 • Max MAC count – Shows the maximum number of MAC address that can be learned by a p ort. (0 - 1024 addresse s) • Port security action – Shows the response to take when a security viol ation is detected. (shutdo wn, trap, trap-and-shutdown, or none) Current S tatus: • Link Status – Indicates if the link is [...]

  • Página 103

    Port Configuration 3-67 3 • Flow Control – Allows automatic or manual selection of fl ow cont rol. • Autonegotiation (Port Capabili ties) – Allows auto-n egotiation to be enabl ed/ disabled. When auto -negotiation is enabl ed, you need to specify the capa bilities to be advertised. When aut o-neg otiation is disabled, you can force the sett[...]

  • Página 104

    Configuring the Switch 3-68 3 CLI – Select the interface, and the n enter the required settings. Creating Trunk Groups Y ou can create multipl e li nks between devices that work as one virt ual, aggregate link. A port trun k offers a dramatic increase in bandwi dth for netwo rk segments where bottlenecks exist , as well as providing a fault-to le[...]

  • Página 105

    Port Configuration 3-69 3 • The ports at both ends of a trunk must be configured in an identic al mann er, including communi cation mode (i .e., sp eed, duplex mo de and fl ow control), VLAN assignments, and Co S settings. • All the ports in a trun k have to be treated as a whole when move d from/to, added or deleted from a VLAN. • STP, VLAN,[...]

  • Página 106

    Configuring the Switch 3-70 3 CLI – This example creates trunk 2 wi th ports 1 and 2. Just conne ct these ports to two stati c trunk ports on ano ther switch to form a tru nk. Enabling LACP on Selected Port s Command Usage • To avoid creat ing a loop in t he network, be sure you enable LACP b efore connecting the ports, and also disconnec t the[...]

  • Página 107

    Port Configuration 3-71 3 Command Attributes • Member List (Current) – Shows configured trunks (Unit, Port). • New – Includes entry fields f or creating new trunks. - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-26) Web – Click Port, L ACP , Configuration. Select any of the switch po rts from t he scroll-down po[...]

  • Página 108

    Configuring the Switch 3-72 3 CLI – The followi ng example enables LACP for ports 1 t o 6. Just connect these ports to LACP-enabled trunk port s on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-108 Console(config-if)#lacp 4-125 Console(config-if)#exit . . . Console(config)#interface ethernet 1/6 Console(config-if)#lacp [...]

  • Página 109

    Port Configuration 3-73 3 Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assig ned to a common port channel must me et the followin g criteria: • Ports must have the same LACP Sy stem Priority. • Ports must have the same LACP port Admin Key. • However, if t he “port chan nel” Admin Key is se t (page 4-142), t he[...]

  • Página 110

    Configuring the Switch 3-74 3 Web – Click Port, L ACP , Aggregation Port. Set the System Priority , Admin Key , and Port Priority for the Port Actor . Y ou can optionally conf igure these settings for the Port Partner . (Be aware th at these sett ings onl y af fect the administ rative st ate of the partne r , and will not tak e effect un til the [...]

  • Página 111

    Port Configuration 3-75 3 CLI – The following example configures LACP p arameters for port s 1-4. Ports 1-4 are used as active members of the LAG . Displaying LACP Port Counters Y ou can display st atistics for LACP protocol mess ages . Console(config)#interface ethernet 1/1 4-108 Console(config-if)#lacp actor system-pr iority 3 4-126 Console(con[...]

  • Página 112

    Configuring the Switch 3-76 3 Web – Click Port, LACP , Port Counters Inf ormation. Select a member port to display the corresponding info rmation. Figure 3-45 L ACP - Port Counter s Information CLI – The following example displ ays LACP counters. LACPDUs Unknown Pkts Number of frames receiv ed that either (1) Carry the Slow Protocols Ethernet T[...]

  • Página 113

    Port Configuration 3-77 3 Displaying LACP Settings and Status for the Local Side Y ou can display confi gurat ion settings and the operati onal state for th e loca l side of an link aggrega tion. T able 3-7 LACP Internal Configuration Informat ion Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Cu[...]

  • Página 114

    Configuring the Switch 3-78 3 Web – Click Port, LACP , Port Internal Informati on. Select a port channel to di spl ay the corresponding info rmation. Figure 3-46 LACP - Port Internal Infor mation CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the local side of port channel 1. Console#show lacp [...]

  • Página 115

    Port Configuration 3-79 3 Displaying LACP Set tings an d Status for the Remote Side Y ou can display configurat ion settings and the operati onal state for the remote side of an link aggregat ion. Web – Click Port, L ACP , Port Neighbors In formation. Select a port channel t o display the correspondi ng in formation. Figure 3-47 LACP - Port Neig [...]

  • Página 116

    Configuring the Switch 3-80 3 CLI – The following example displ ays the LACP configuration setti ngs and operational st ate for the remote s ide of port channel 1. Console#show lacp 1 neighbors 4-129 Port channel 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 --------------------------------------- [...]

  • Página 117

    Port Configuration 3-81 3 Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malf unctioning, or if application programs are no t well designed or properl y configured. If there is too much broadcast traf fic on your network, perfo rmance can be severely degraded or everything c an come to complete halt. [...]

  • Página 118

    Configuring the Switch 3-82 3 CLI – S pecify any int erface, and then enter the thres hol d. The following disables broadcast storm contro l for port 1, and then set s broadcast suppressi on at 600 octets per seco nd for port 2 (which applies to all po rts). Configuring Port Mirroring Y ou can mirror traf fic from any source port to a target port[...]

  • Página 119

    Port Configuration 3-83 3 • Target Unit – The unit whose port will “duplica te” or “mirror” the traffic on the source port. • Target Port – The port that will mi rror the traffic o n the source port. Web – Click Port, Mirror Port Configuration. S pecif y the source port/unit, the traffic type to be mirrored, and the moni to r port[...]

  • Página 120

    Configuring the Switch 3-84 3 Rate Limit Granul arity Rate limit granulari ty is an additional fe atu re enabling the network manager great er control over traf fic on the network. The “rate li mit granularity” is multiplie d by the “rate limit level” (p age 3-84) to set the actual rate limit for an interface. Granularit y is a global setti[...]

  • Página 121

    Port Configuration 3-85 3 Web – Click Port, Rate Limit, Input/Output Port/T runk Configuration. Enable the Rate Limit S tatus for the required interfaces, set th e Rate Limit Level, and cli ck Apply . Figure 3-51 Output Rate Li mit Port Configurati on CLI - This example sets the rat e limit level for input and output traf fic passing through port[...]

  • Página 122

    Configuring the Switch 3-86 3 T able 3-9 Po rt Statis tics Parameter Description Interface Stat istics Received Octets The total number of octets received on the interface, in cluding framing characters. Received Unicast Pack ets The number of subnetwo rk-unica st packets delivered to a highe r-layer protocol. Received Multicast Packets The number [...]

  • Página 123

    Port Configuration 3-87 3 Excessive Collisions A count of frames for which tr ansmission on a particular interfac e fails due to excessiv e collisions. This counter does n ot increment when the interface is operating in full-dup lex mode. Single Collision Frames The number of successfully t ransmitted frames for which transmiss ion is inhibited by [...]

  • Página 124

    Configuring the Switch 3-88 3 Fragments The total number of frames received that were less than 64 octets in length (excluding framing bit s, but including FCS octe ts ) and had either an FCS or alignment error . 64 Bytes Frames Th e tot al number of frames (including bad packets) received and transmitted that were 64 octets in length (exc luding f[...]

  • Página 125

    Port Configuration 3-89 3 Web – Click Port, Port S tatistics. Sel ect the required int erface, and click Query . Y ou can also use the Refresh butt on at the bottom of the p age to update the screen. Figure 3-52 Port Statistics[...]

  • Página 126

    Configuring the Switch 3-90 3 CLI – This example shows stat istics for port 13. Address Table Settings Switches store th e addresses for al l known devices. Thi s information is used to pa ss traff ic directly between the inboun d and outbound ports. All the addresses learned by monitoring traf f ic are stored in t he dynamic address t able. Y ou[...]

  • Página 127

    Address T able Settings 3-91 3 Web – Click Address T able, S tatic Ad dresses. S pecify th e interface, the MAC address and VLAN, then click Add S tatic Address. Figure 3-53 Configurin g a Static Address Table CLI – This exampl e adds an address to the st atic address t able, but set s it to be deleted when t he switch is reset. Displaying the [...]

  • Página 128

    Configuring the Switch 3-92 3 Web – Click Address T able, Dynamic Add resses. S pecify the search type (i.e., mark the Interfac e, MAC Ad dress, or VLAN checkbox), select the met hod of sorting the displayed addresses, and the n click Query . Figure 3-54 Configurin g a Dynamic Address Table CLI – This example also displa ys the address table en[...]

  • Página 129

    Spanning Tree Algorithm Configuration 3-93 3 Changing the Aging Time Y ou can set the aging ti me for entries in the dynamic add ress table. Command Attributes • Aging Status – Enables/disables the funct ion. • Aging Time – The time after which a learned entry is di scarded. (Range: 10-30000 seconds; Default: 300 second s) Web – Click Add[...]

  • Página 130

    Configuring the Switch 3-94 3 Once a st able network topolo gy has been est ablished, al l bridges listen for Hello BPDUs (Bridge Protocol Data Unit s) transm itt ed from the Root Bridge. If a brid ge does not get a Hello BPDU af ter a predefined interval (Maximum Age), t he brid ge assumes that the link to th e Root Bridge is down. This bridge wil[...]

  • Página 131

    Spanning Tree Algorithm Configuration 3-95 3 information that would make it return to a discard ing state; othe rwise, temporary data loops mi ght result. • Designated Root – The priority and MAC address of th e device in the Spanning Tree that this switch has accep ted as the root device. - Root Port – The number of the port on this switch t[...]

  • Página 132

    Configuring the Switch 3-96 3 Web – Click S panning T ree, ST A, Informatio n. Figure 3-56 Displaying Spa nning Tree Information CLI – This command displays global ST A settings, followed by settings for each port . Note: The current root port and current root cost display as zero when this device is not connected to the network. Console#show s[...]

  • Página 133

    Spanning Tree Algorithm Configuration 3-97 3 Configuring Global Settings Global setti ngs apply to the entire switch. Command Usage • Spanning Tree Protoco l* Uses RSTP for the internal stat e machine, but sends only 802.1D BPDUs. • Rapid Spanning Tree Protocol * 8 RSTP supports conne ctions to either STP or RSTP nodes by monitoring the incomin[...]

  • Página 134

    Configuring the Switch 3-98 3 • Maximum Age – The maximum time (in sec onds) a device can wait without receiving a configurat io n message before attempting to reconfigure. All device ports (except for designated port s) should receive configuration messag es at regular inte rv als. Any port that ages out STA information (provided in the last c[...]

  • Página 135

    Spanning Tree Algorithm Configuration 3-99 3 Web – Click S p anni ng T ree, ST A, Configuration. Modify the required attributes, and click Apply . Figure 3-57 Config uri ng Spanning Tree CLI – This example enables S panning T ree Protocol, s et s the mode to RSTP , and then configures the ST A and RSTP parameters. Console(config)#spanning-tree [...]

  • Página 136

    Configuring the Switch 3-100 3 Displaying Interface Settings The ST A Port Information and ST A Trunk I nformation pag es display the current status of ports an d trunks in th e S pann ing T ree. Field Attributes • Spanning Tr ee – Shows if STA has been enabled on th is in terface. • STA Status – Displays current state of this port withi n [...]

  • Página 137

    Spanning Tree Algorithm Configuration 3-101 3 • Trunk Member – Indicates if a port is a member of a tr unk. (STA Port Information only) These additional p arameters are only displayed fo r the CLI: • Admin status – Shows if this interface is enabled. • Path cost – This paramet er is used by the STA to determine t he best path between de[...]

  • Página 138

    Configuring the Switch 3-102 3 • Admin Edge Port – You can enable this option if an int erface is attached to a LAN segment that is at th e end of a bridged LAN or to an end node. Since end nodes cannot cause f orwarding loops, they c an pass directly through t o the spanning tree forwarding state. Spe cifying Edge Ports provides quicker co nve[...]

  • Página 139

    Spanning Tree Algorithm Configuration 3-103 3 Configuring Interface Settings Y ou can configure RSTP attributes for s pecific interfa ces, including po rt priority , pat h cost, link type, and edge port. Y ou may use a diff erent priority or path cost for port s of the same media type to in dicate the preferred pat h, link type to indicate a point-[...]

  • Página 140

    Configuring the Switch 3-104 3 • Admin Link Type – The link type attached to this interface. - Point-to-Point – A connection to exac tly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines i f th e interface is attached to a point-to-point link or to s hared media. (This is the de[...]

  • Página 141

    VLAN Configuration 3-105 3 VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to iso late broadcast traff ic for each subnet into separate d omains. Th is switch provides a similar s ervice at Layer 2 by using VLANs to organize any group of network nod es into separate broadcast domains. VLANs confine broadcast traf fic to the[...]

  • Página 142

    Configuring the Switch 3-106 3 Note: VLAN-tagged frames can pass through VLAN-aware or VLAN- unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tag ging. VLAN Classification – When the switch receives a fr ame, it classifies the frame in one of two[...]

  • Página 143

    VLAN Configuration 3-107 3 these host s, and core switches in the network, enabl e GVRP on the links between these devices. Y ou should also determine security boundaries in th e network and disable GVRP on the boundary port s to prevent advertisement s from being propagated , or forbid those ports from jo in ing restricted VLANs. Note: If you have[...]

  • Página 144

    Configuring the Switch 3-108 3 Enabling or Disab ling GVRP (Global Setting) GARP VLAN Registration Prot oco l (GVRP) defines a way for switches to exchange VLAN information in order to registe r VLAN members on ports across the network. VLANs are dynamically config ured based on join messages issued by host devices and propagat ed throughout the ne[...]

  • Página 145

    VLAN Configuration 3-109 3 CLI – Enter the following command. Displaying Current VLANs The VLAN Current T abl e shows t he current port members of each VLAN and whether or not the port supp orts VLAN t agging. Port s assigned to a large VLAN group that crosses several switches sh ould use VLAN tagging. However , if you just want to create a small[...]

  • Página 146

    Configuring the Switch 3-110 3 Web – Click VLAN, 802.1Q VLAN, Current T able. Select any ID from t he scroll-down list. Figure 3-62 Disp laying Current VLANs Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no lea din g zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic : Automatic ally learned via GV[...]

  • Página 147

    VLAN Configuration 3-111 3 Creating VLANs Use the VLAN S tat i c List to create or remove VLAN groups. T o propagate information abo ut VLAN group s used on this switch to ex ternal network de vices, you must specify a VLAN ID for each of thes e groups. Command Attributes • Current – Lists all the curre nt VLAN groups created for this system. U[...]

  • Página 148

    Configuring the Switch 3-112 3 CLI – This example creates a new VLAN. Adding Static Members to VLANs (VLAN Index) Use the VLAN S tat ic T able to con figure port members for the selected VL AN index. Assign ports a s t agged if they are co nnect ed to 802. 1Q VLAN co mplian t d evic es, or untagged t hey are not connected to any VLAN-aware device[...]

  • Página 149

    VLAN Configuration 3-113 3 • Membership Type – Select VLAN membership for each int erface by marking the appropriate radio button fo r a port or trunk: - Tagged : Interface is a member of the VLAN. All packet s transmitted by the port will be tagged, th at is, carry a t ag and t herefore c arry VLAN or CoS i nfo rmation. - Untagged : Interface [...]

  • Página 150

    Configuring the Switch 3-114 3 Adding Static Members to VLANs (Port Index) Use the VLAN S tat ic Membership by Port menu to assi gn VLAN groups to the selected interfa ce as a tagged member . Command Attributes • Interface – Port or trunk identif ier. • Member – VLANs for which the select ed i nterface is a tagged membe r. • Non-Member ?[...]

  • Página 151

    VLAN Configuration 3-115 3 Configuring VLAN Behavior for Interfaces Y ou can configure VLAN beh avior fo r specifi c inte rface s, includi ng the d efaul t VLAN identifier (PVID), acce pted frame types, in gress fi ltering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a wa y for switches to exchan[...]

  • Página 152

    Configuring the Switch 3-116 3 • GARP Leave Timer 10 – The interval a port waits before leav ing a VLAN group. This time shoul d be set to more than t wice the joi n time. This ensures that afte r a Leave or LeaveAll message has be en issued, t he applicants can rejoin before the port actually leave s the group. (Range: 60-3000 centisecon ds; D[...]

  • Página 153

    VLAN Configuration 3-117 3 CLI – This exampl e set s port 3 to accept only t agged frames, assi gns PVI D 3 as th e native VLAN ID, enabl es GVRP , set s the GARP timers, and then se t s the switchport mode to hybrid. Private VLANs Private VLANs provide port-based security and isolation between p orts within the a ssigned VLAN. This switch suppor[...]

  • Página 154

    Configuring the Switch 3-118 3 2. Use the Private VLAN Port Configurati on men u (page 3-121) to set the port type to promis cuous (i.e., the single channel t o the external network), or isolated (i.e., havi ng acc ess only to the promiscuous port in it s own VLAN). Then assign the promiscuous port and all host ports to an isolated VLAN. Displaying[...]

  • Página 155

    VLAN Configuration 3-119 3 Configuring Private VLANs The Private VLAN Configuratio n pa ge is us ed to create/ remove primary , community , or isolated VLANs. Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Type – There are three types of private VLANs: - Primary VLANs – Conveys traff ic between promisc uous ports, a nd t[...]

  • Página 156

    Configuring the Switch 3-120 3 Web – Click VLAN, Priva te VLAN, Associatio n. Sele ct the required prima ry VLAN from the scroll -down box, highlight one or more community VLANs in the Non-Association list bo x, and click Add to associate th ese entries with the select ed primary VLAN. (A community VLAN can onl y be associated wit h one primary V[...]

  • Página 157

    VLAN Configuration 3-121 3 Web – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private VLAN Port Info rmatio n CLI – This example shows the switch configured wit h prima ry VLAN 5 and community VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have bee n configured [...]

  • Página 158

    Configuring the Switch 3-122 3 • Community VL AN – A community VLAN conveys traffi c between community ports, and fro m community ports to thei r desig nated promiscuous port s. Set PVLAN Port T ype to “Host,” and then specif y the associated Community VLAN. • Isolated VLAN – Conveys tra ffic only bet we en the VLAN’s is ola ted ports[...]

  • Página 159

    Class of Service Conf iguration 3-123 3 Class of Service Configuration Class of Service (CoS) al lows you to specif y which data packet s have greater precedence when traf fic is buf fered in the switc h due to congestion. Thi s switch supports Co S with four priority queu es for each port. Data p acket s in a port’s high-priority queu e wil l be[...]

  • Página 160

    Configuring the Switch 3-124 3 Web – Click Priority , Default Port Priority or Defau lt T runk Priority . Modify the default priority for an y interface, then cli ck Apply . Figure 3-72 Po rt Priority Configuration CLI – This example assigns a defau lt priority of 5 to port 3. Console(config)#interface ethernet 1/3 4-108 Console(config-if)#swit[...]

  • Página 161

    Class of Service Conf iguration 3-125 3 Mapping CoS Values to Egress Que ues This switch processe s Class of Service (CoS) p riority tagge d traffi c by using four priority queues for each port, wit h servi ce schedules based on strict or We ighted Round Robin (WRR). Up to ei ght separate traf fic priorities are defi ned in IEEE 802.1p. The default[...]

  • Página 162

    Configuring the Switch 3-126 3 Web – Click Priority , T raff ic Classes. The current mapping of CoS val ues t o output queues is displayed. Assign priorities to the traf fic classes (i.e., out put queues), then click Appl y . Figure 3-73 Traffic Classes CLI – The following example shows ho w to change the CoS assignment s to a one-to-one mappin[...]

  • Página 163

    Class of Service Conf iguration 3-127 3 Selecting the Queue Mode Y ou can set the switch to servi ce the queues based on a strict rule that requi res all traff ic in a higher pri ority queue to be processed before l ower priority queues a re serviced, or use W eighted Round-Robin (WRR) queuin g that specifies a relative weight of each queue. WRR us[...]

  • Página 164

    Configuring the Switch 3-128 3 Web – Click Priorit y , Queue Sc hedu li ng. Hi ghl igh t a traf fic class (i .e., ou tpu t que ue), enter a weight, th en click Apply . Figure 3-75 Configuring Queue Scheduling CLI – The following example sho ws how to assign WRR weight s to each of the priority queues. Layer 3/4 Priority Settings Mapping Layer 3[...]

  • Página 165

    Class of Service Conf iguration 3-129 3 Selecting IP Precedence/DSCP Prio rity The switch allows you to choose betwe en using IP Precedence or DSCP priority . Select one of the methods or disabl e this feature. Command Attributes • Disabled – Disables both priority service s. (This is the default setti ng.) • IP Precedence – Maps l ayer 3/4[...]

  • Página 166

    Configuring the Switch 3-130 3 Web – Click Priority , IP Precedence Priority . Select an entry from the IP Preceden ce Priority T able, enter a value i n the Class of Service V alue f ield, and then cl ick Apply . Figure 3-77 IP Precedence Prior ity CLI – The f ollowing example globally ena bles IP Precedence se rvice on the swi tch, maps IP Pr[...]

  • Página 167

    Class of Service Conf iguration 3-131 3 Mapping DSCP Priority The DSCP is six bits wide , allowing coding for up to 64 dif ferent forwarding behaviors. The DSCP replaces the T oS bits, but it retain s backward compatibili ty with the three precede nce bits so that non-DSCP co mpliant, T oS-enabled devices, will not conflic t with the DSCP mapping. [...]

  • Página 168

    Configuring the Switch 3-132 3 CLI – The following example global ly enables DSCP Priority service on t he swit ch, maps DSCP value 0 t o CoS value 1 (o n port 1), and the n displays th e DSCP Priority settings. * Mapping speci fic values for IP DSCP is implemented as an interface configuration command, but any changes will apply to the all inter[...]

  • Página 169

    Class of Service Conf iguration 3-133 3 Click Priority , IP Port Priorit y . Enter the port number for a network application in t he IP Port Number box and the new CoS value in the Cla ss of Service box, and then click Apply . Figure 3-80 IP Port Pr iority CLI – The following example global ly enables IP Port Priority service on the switch, maps [...]

  • Página 170

    Configuring the Switch 3-134 3 Command Attributes • Port – Port identifier. • Name 15 – Name of ACL. • Type – Type of ACL (IP or MAC). • CoS Pr iority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) • ACL CoS Prior ity Mapping – Displays the configured information. Web – Click Priority , ACL CoS Priority . E[...]

  • Página 171

    Multicast Filt ering 3-135 3 Multicast Filtering Multicasting i s used to support real-time applications such as videoconf erencing or streaming audio. A multicast server does not have to est ablish a sep arate connection wit h each client. It merel y bro adcasts it s service to the network, and any host s that want to receive the multicast registe[...]

  • Página 172

    Configuring the Switch 3-136 3 Configuring IGMP Sn ooping and Query P arameters Y ou can configure the switch t o forward multicast traff ic intelligently . Based on the IGMP query and report messages, th e switch forwards traf fic only to the port s tha t request multicast tr affic. This preven ts the switch from broadcast ing the traf f ic to all[...]

  • Página 173

    Multicast Filt ering 3-137 3 Web – Click IGMP Snooping, IGMP Configu ration. Adjust the IGMP set tings as required, and then clic k Apply . (The default settings are shown below .) Figure 3-82 IGMP Configura tion CLI – This exampl e modifies the se ttings for mul ticast filt ering, and then di splays the current st atus. Displaying Interfaces A[...]

  • Página 174

    Configuring the Switch 3-138 3 Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Multicast Router List – Multicast routers dynamically discovered by this swit ch or those that are statical ly assigned to an interfa ce on this switch. Web – Click IGMP Snoopi ng, Multicast Router Port Inf ormation. Select the re quired VLAN I[...]

  • Página 175

    Multicast Filt ering 3-139 3 Web – Click IGMP Snoopi ng, S tatic Multicast Router Port Config uration. S pecify the interfaces att ached to a mult icast router , indicate the VLAN which will forward al l the corresponding mult icast traf fic, and then click Add. Aft er you have finished adding interfaces to the li st, click Apply . Figure 3-84 St[...]

  • Página 176

    Configuring the Switch 3-140 3 Displaying Port Members of Multicast Se rvices Y ou can display the port members associ ated with a specified VLAN and multica st service. Command Attributes • VLAN ID – Selects the VLAN for which to display port members. • Multicast IP Address – The IP address for a speci fic multicast service. • Multicast [...]

  • Página 177

    Multicast Filt ering 3-141 3 Assigning Ports to Multicast Services Multicast f iltering can b e dynamically co nfigured usin g IGMP Snooping an d IGMP Query messages as described in “Config uring IGMP snooping and Query Parameters” on page 3 - 133. For ce rt ain applica tions th at requi re ti ght er control , you may need to st aticall y confi[...]

  • Página 178

    Configuring the Switch 3-142 3 CLI – This example assigns a multic ast address to VLAN 1, and then disp lays all the known multicast services suppo rted on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.1.1.12 ethernet 1/12 4-182 Console(config)#exit Console#show mac-address-table multicas t vlan 1 4-184 VLAN M'cast IP addr. Memb[...]

  • Página 179

    4-1 Chapter 4: Command Line Interface This chapter descri bes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the manage ment interface for the switch over a direct con nection to the server’s console port, or via a T elnet connection, the switch can be managed by entering command key[...]

  • Página 180

    Command Line Interfa ce 4-2 4 Note: The IP address for this switch is obtained via DHCP by default. T o access t he switch through a T elnet session, you must first set the IP address for the Master unit, and set the default gateway if you are managing the switch from a different IP subnet. For exampl e, If your corp orate network is c onnected to [...]

  • Página 181

    Entering Commands 4-3 4 Entering Commands This section describes how to ent er CLI commands. Keywords and Arguments A CLI command is a series of keywords an d arguments. Keywords identify a command, and argument s specify configuration p arameters. For example, in the command “show interfaces st atus ethernet 1/5,” show interfaces and status ar[...]

  • Página 182

    Command Line Interfa ce 4-4 4 Showing Commands If you enter a “?” at the command prompt, the system will displa y the first level of keywords for the current command class (Normal Exec or Privil eged Exec) or configuration cl ass (Global, ACL, Interface, Line or VLAN Dat abase). Y ou can also display a list of valid keywords for a specific comm[...]

  • Página 183

    Entering Commands 4-5 4 Partial Keyword Lookup If you terminat e a partial keyword with a qu estion mark, alternati ves that match t he initial letters are provi ded. (Remember not to leave a sp ace between the command and question mark.) For exampl e “ s? ” shows all the keywords starti ng with “s.” Negating the Effect of Commands For many[...]

  • Página 184

    Command Line Interfa ce 4-6 4 Exec Commands When you open a new console session on the swit ch wit h the user name and password “guest,” the system enters the Normal Exec command mod e (or guest mode), displaying th e “Console>” command prompt. Only a limit ed number of the commands are available in t his mode. Y ou can access all comman[...]

  • Página 185

    Entering Commands 4-7 4 T o ent er the Global Configurati on mode, ente r the command configure in Privileged Exec mode. The s ystem prompt will change to “Consol e(config)#” which gives you access privilege to all Global Configuration comma nds. T o ente r the other modes, at the confi guration prompt type one of the fo llowing commands. Use t[...]

  • Página 186

    Command Line Interfa ce 4-8 4 Command Line Processing Commands are not case sensitive . Y ou can abbreviate commands and p arameters as long as t hey conta in enough letters to diff erentiate them f rom any other curre ntly available comma nds or paramet ers. Y ou can use t he T ab k ey to complete parti al commands, or enter a p artial command fol[...]

  • Página 187

    Command Groups 4-9 4 Command Groups The system commands can be broken down into the functiona l groups shown bel ow . The access mode shown in the followi ng tables is indic ated by these abbreviati ons: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Confi guration) GC (Global Configuratio n) VC (VLAN Database Conf igur[...]

  • Página 188

    Command Line Interfa ce 4-10 4 Line Commands Y ou can access the onboard config uration program b y attaching a VT100 compatib le device to the server’s serial port. These commands are used to set communication p arameters for the serial port or T elnet (i.e., a virtual terminal). line This command identif ies a specifi c line for con figuration,[...]

  • Página 189

    Line Comma nds 4-11 4 Command Usage T elne t is considered a virtual terminal connection and wil l be shown as “Vty” in screen displays such as show users . However , the serial communication paramet ers (e.g., dat abits) do not af fect T elnet connections. Example T o en ter console l ine mode, enter t he following comman d: Related Commands s[...]

  • Página 190

    Command Line Interfa ce 4-12 4 Example Related Commands username (4-26) password (4-12) password This command specifies the password for a line. Use the no form to rem ove the password. Syntax p assword { 0 | 7 } pass wor d no pa ssword •{ 0 | 7 } - 0 means plain password, 7 means encryp ted password • password - Character string t hat specifie[...]

  • Página 191

    Line Comma nds 4-13 4 timeout login response This command sets th e interval that the system waits for a user to log into the CLI. Use the no form to restore the default. Syntax timeout l ogin respons e [ seconds ] no timeout lo gin response seconds - Integer that specifies the timeout interval. (Range: 0 - 300 seconds; 0: disabled) Default Setting[...]

  • Página 192

    Command Line Interfa ce 4-14 4 Command Mode Line Configuration Command Usage • If user input is detec ted within the timeout int erval, the session is kept open ; otherwise the sessi on is terminated. • This command app lies to both the local consol e and Telnet con nections. • The timeout for Telnet cannot b e disabled. • Using the command[...]

  • Página 193

    Line Comma nds 4-15 4 Related Commands silent-ti me (4-15) timeout login response (4-13) silent-time This command sets th e amount of time the management cons ole is inaccessible after the nu mber of uns uccessful logon atte mpt s exceeds the threshold set by the p assword-thresh command. Use the no form to remove th e silent time valu e. Syntax si[...]

  • Página 194

    Command Line Interfa ce 4-16 4 Command Usage The databi ts command can be used to mask t he high bit o n input from devices that generat e 7 data bit s with parity . If p arity is being gene rated, specify 7 dat a bits pe r character . If no parity is re quired, specify 8 d ata bit s per character . Example T o speci fy 7 data bit s, enter this com[...]

  • Página 195

    Line Comma nds 4-17 4 speed This command sets th e terminal line’ s baud rate. This command set s both the transmit (to t erminal) an d receive (f rom terminal) sp eeds. Use t he no form to restor e the default sett in g. Syntax speed bps no speed bps - Baud rate in bits per second. (Options: 9600, 19200, 38400, 57600, 1 15200 bps) Default Settin[...]

  • Página 196

    Command Line Interfa ce 4-18 4 disconnect This command termina tes an SSH, T elnet, or console con nection. Syntax disconnec t session-id session-id – The session identifier for an SSH, T elnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage S pecifying session identifier “0” wil l disconnect the console con nec[...]

  • Página 197

    General Comma nds 4-19 4 Example T o sh ow all lines, enter this command: General Commands enable This command activates Pri v il eged Exec mode. In privileged mode, add itional commands are avail able, and cert ain command s display addi tional informat ion. See “Understandin g Command Modes” on page 4-5. Syntax enable [ level ] level - Privil[...]

  • Página 198

    Command Line Interfa ce 4-20 4 Default Setting Level 15 Command Mode Normal Exec Command Usage • “super” is the def ault password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on p age 4-27.) • The “#” character is appended to the end of the prompt to indi[...]

  • Página 199

    General Comma nds 4-21 4 configure This command activates Globa l Configuration mode. Y ou must enter this mode to modify any settings on the switch. Y ou must also enter Global Config uration mode prior to enabling some of the oth er configuration modes, incl uding Interface Configuration, Line Conf iguration, and VLAN Dat abase Configuration . Se[...]

  • Página 200

    Command Line Interfa ce 4-22 4 The ! command repeats commands from the Execution command history buf fer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command hist ory buffer when you are in any of the configuration modes. In this example , the !2 command repeat s the second command in the Execution histo [...]

  • Página 201

    General Comma nds 4-23 4 exit This command returns to the previous conf iguration mode or exit the confi guration program. Default Setting None Command Mode Any Example This example shows how to return to the Pri vileged Exec mode from the Global Configuration mode, and then quit the CLI session : quit This command exit s the configuration program.[...]

  • Página 202

    Command Line Interfa ce 4-24 4 System Management Commands These commands are used to control system l ogs, passwords, user n ames, browser configuration options, and di splay or confi gure a variety of other system information. Device Designation Commands prompt This command customi zes the CLI prompt. Use the no form to restore the default prompt.[...]

  • Página 203

    System Management Comma nds 4-25 4 Example hostname This command specifies or modif ies the host name for this device . Use the no form to restore the de fault host name. Syntax hostname name no hostname name - The name of this host. (M aximum length: 255 characters) Default Setting None Command Mode Global Configurat ion Example User Access Comman[...]

  • Página 204

    Command Line Interfa ce 4-26 4 username This command adds named users, requi res aut hentication at logi n, specifies or changes a user's pas swo rd (o r sp eci fy that no p assword is requ ired), or specifi es or changes a user's a ccess level. Use t he no form to remove a user name. Syntax username name { access-level level | nopassword[...]

  • Página 205

    System Management Comma nds 4-27 4 enable password After initiall y logg ing onto the system, you should se t the Privil eged Exec p asswo rd. Remember to record it in a safe place. Thi s command controls access to the Privileged Exec level f rom the Normal Exec level. Use the no form to reset the default p assword. Syntax enable p assword [ level [...]

  • Página 206

    Command Line Interfa ce 4-28 4 IP Filter Commands management This command specif ies the cli ent IP addresses that are allowed mana gement access to the switch through various protocols. Use the no form to restore the default setti ng. Syntax [ no ] management { all-cl ient | http-client | snmp-client | telnet-client } start-address [ end-address ][...]

  • Página 207

    System Management Comma nds 4-29 4 Example This example re stricts ma nagement access to t he indicated add resses. show managem ent This command displays the cli ent IP addresses that are allowed management access to the swi tch through various protocols. Syntax show management { all-client | http-client | snmp-client | telnet-client } • all-cli[...]

  • Página 208

    Command Line Interfa ce 4-30 4 Web Server Commands ip http port This command specifies the TCP port number used by t he web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 80 Command Mode Globa[...]

  • Página 209

    System Management Comma nds 4-31 4 Example Related Commands ip http port (4 -3 0) ip http secure-server This command enables the secure hype rtext transfer protocol (HTTPS) over th e Secure Socket Layer (SSL), providing se cure access (i.e., an encrypt ed connection) to the switch’ s web interface. Use the no form to disable thi s function. Synta[...]

  • Página 210

    Command Line Interfa ce 4-32 4 Example Related Commands ip http secure-port (4 -32) copy tf tp https-certi ficate (4-65) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’ s web interface. Use the no form to restore the default po rt. Syntax ip http secure- port port_numb er no ip http secu[...]

  • Página 211

    System Management Comma nds 4-33 4 Telnet Server Commands ip telnet port This command specifi es the TCP port number used by t he T elne t interface. Use the no form to use the default port . Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting 23 Comman[...]

  • Página 212

    Command Line Interfa ce 4-34 4 Related Commands ip telnet port (4 -33) Secure Shell Commands The Berkley-st andard includes remote acces s tool s originally designed for Un ix systems. Some of these tool s have also been implemented for Microsof t Windows and other envi ronments. These tools, includi ng commands such as rlogin (remo te login), rsh [...]

  • Página 213

    System Management Comma nds 4-35 4 The SSH server on this switch suppo rts both pas sword and public key authenticati on. If p assword authenticatio n is specified b y the SSH client, then the password can be authe nticated either locall y or via a RADIUS or T ACACS+ remote authenticati on server , as speci fi ed by the authentication login command[...]

  • Página 214

    Command Line Interfa ce 4-36 4 corresponding t o the public keys stored on t he switch can gai n access. The following exch anges take pl ace during this p rocess: a. The client sends it s public key to the switch. b. The switch compar es the client's public key to those st ored in memory . c. If a match is found , the switch uses the public k[...]

  • Página 215

    System Management Comma nds 4-37 4 ip ssh timeout This command config ures the timeout for t he SSH server . Use the no form to restore the default sett in g. Syntax ip ssh timeout seconds no ip ssh timeout seconds – The timeout for client response during SSH negotiation. (Range: 1- 120) Default Setting 10 seconds Command Mode Global Configurat i[...]

  • Página 216

    Command Line Interfa ce 4-38 4 Example Related Commands show ip ssh (4-40) ip ssh server-key size This command sets the SSH serve r key size. Use the no form to restore the default setting. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size – The size of server k ey . (Range: 512-896 bits) Default Setting 768 bits Command M[...]

  • Página 217

    System Management Comma nds 4-39 4 Example ip ssh crypto host-key generate This command generates the host key p air (i.e., public and pri vate). Syntax ip ssh crypto host-key generate [ dsa | rsa ] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) ke y type. Default Setting Generates both the DSA and RSA key p airs. Command Mode Pr[...]

  • Página 218

    Command Line Interfa ce 4-40 4 Command Mode Privileged Exec Command Usage • This command clears the host key from vol atile memory (RAM). Use the no ip ssh save host-key command to clear the host key from f lash memory. • The SSH server must be disabl ed before you can execute this command. Example Related Commands ip ssh crypto host-key genera[...]

  • Página 219

    System Management Comma nds 4-41 4 Example show ssh This command displays the current SSH server connect ions. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# Console#show ssh Connection Version State Username Encryption 0[...]

  • Página 220

    Command Line Interfa ce 4-42 4 show public-key This command shows the public key fo r the specified user or for the host. Syntax show public-key [ user [ username ]| host ] username – Name of an SSH user . (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no para meters are ente red, [...]

  • Página 221

    System Management Comma nds 4-43 4 Event Logging Commands logging on This command controls logging of error messag es, sending debug or error messages to switch memory . The no form disables the logging process. Syntax [ no ] logging on Default Setting None Command Mode Global Configurat ion Command Usage The logging process control s error message[...]

  • Página 222

    Command Line Interfa ce 4-44 4 logging history This command limi ts syslog mes sages saved to s witch memory based o n severity . The no form return s the logging of syslog messages to the default level. Syntax logging histo ry { flash | ram } leve l no logging history { flash | ram } • flash - Event hist ory stored in flash memory (i.e., permane[...]

  • Página 223

    System Management Comma nds 4-45 4 logging ho st This command adds a syslog server host IP address that wi ll receive logging messages. Use the no form to remove a syslog server host. Syntax [ no ] logging host host_ip_address host_ip_address - The IP address of a syslog server . Default Setting None Command Mode Global Configurat ion Command Usage[...]

  • Página 224

    Command Line Interfa ce 4-46 4 logging tra p This command enables the logging of system messages to a remote server , or limits the syslog messages saved to a remote server based on severity . Use this command without a specif ied level to enable re mote logging. Use the no form to disable remote loggi ng. Syntax logging trap [ le vel ] no logging [...]

  • Página 225

    System Management Comma nds 4-47 4 Related Commands show logging (4-47) show logging This command displays the conf iguration settings fo r logging messages to loca l switch memory , to an SMTP event handler , or to a remote syslog server . Syntax show logging { flash | ram | sendmail | trap } • flash - Displays settings for storing event message[...]

  • Página 226

    Command Line Interfa ce 4-48 4 The following example dis plays settings for the trap fun ction. Related Commands show logging s endmail (4-52) show log This command displays the system and event messages stored in memory . Syntax show log { flash | ram } [ login ] [ tai l ] • flash - Event hi story stored in fl ash memory (i.e., p ermanent memory[...]

  • Página 227

    System Management Comma nds 4-49 4 Example The following example shows sampl e messages stored in RAM. SMTP Alert Commands These commands configure SMTP event handl ing, and forwarding of alert messages to th e specified SMTP serv ers and email reci pients. logging sendmail ho st This command specif ies SMTP serve rs that wi ll be sent alert messa [...]

  • Página 228

    Command Line Interfa ce 4-50 4 Command Mode Global Configurat ion Command Usage • You can specify up to three SMTP servers for event han din g. However, you must enter a separate command to speci fy each server. • To send email a lerts, the swit ch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally[...]

  • Página 229

    System Management Comma nds 4-51 4 logging sendmail source- email This command sets th e email address used for the “From” field in al ert messages. Use the no form to delet e the source emai l address. Syntax [no] logging se ndmail sour ce-email email-address email-address - The source email address used in alert messages. (Range: 0-41 charact[...]

  • Página 230

    Command Line Interfa ce 4-52 4 logging s endmail This command enables SMTP even t hand ling. Use the no form to disable this function. Syntax [ no ] loggin g sendmail Default Setting Enabled Command Mode Global Configurat ion Example show logging sendmail This command displ ays the settings for the SMTP event handl er . Command Mode Normal Exec, Pr[...]

  • Página 231

    System Management Comma nds 4-53 4 Time Commands The system clock can be dynamically set by polli ng a set of specified time servers (NTP or SNTP). Maintaini ng an accurate time on the switch ena bles the system log to record meaningful dates and t imes for event entries. If th e clock is not set, the switch will only record the time from the facto[...]

  • Página 232

    Command Line Interfa ce 4-54 4 Example Related Commands sntp server (4-54) sntp poll (4 -55) show sntp (4-55) sntp server This command sets th e IP address of the se rvers to which SNTP time request s are issued. Use the this comman d with no arguments to clear all time servers from the current list. Syntax sntp server [ ip1 [ ip2 [ ip3 ]]] ip - IP[...]

  • Página 233

    System Management Comma nds 4-55 4 sntp poll This command sets th e interval between send ing time requests wh en the switch is set to SN TP client mode. Use the no f orm to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds ) Default Setting 16 seconds Command Mode Globa[...]

  • Página 234

    Command Line Interfa ce 4-56 4 clock timezone This command sets th e time zone for the switch’ s internal clock. Syntax clock timezone name hour hours mi nute minutes { before-utc | af ter-utc } • name - Name of timezone, usua ll y an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 0-12 hou rs) • minute[...]

  • Página 235

    System Management Comma nds 4-57 4 Default Setting None Command Mode Privileged Exec Example This example shows how to set the syste m clock to 15:12:34, April 1st, 2004. show calend ar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileg ed Exec Example System Status Commands light unit This command displ[...]

  • Página 236

    Command Line Interfa ce 4-58 4 Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage The unit ID is displayed using the port status LED in dicators for ports 1 to 8. When the light unit command is ent ered, the LED corresponding to the switch’ s ID will flash for about 15 seconds. Example show startu p-config This command [...]

  • Página 237

    System Management Comma nds 4-59 4 Example Related Commands show running-confi g (4-60) Console#show startup-config building startup-config, please wait... .. ! ! username admin access-level 15 username admin password 0 admin ! username guest access-level 0 username guest password 0 guest ! enable password level 15 0 super ! snmp-server community p[...]

  • Página 238

    Command Line Interfa ce 4-60 4 show running-con fig This command displays the conf ig uration information curre ntly in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjuncti on with the show startup-config command to compare the inf ormation in running memory to the information stored i n non-volatil[...]

  • Página 239

    System Management Comma nds 4-61 4 Example Related Commands show startup-con fig (4-58) Console#show running-config building running-config, please wait... .. ! phymap 00-90-cc-55-44-32 00-00-00-00-00 -00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00- 00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 ! SNTP server 0.0.0.0 0.0.0.0 0.0.0.[...]

  • Página 240

    Command Line Interfa ce 4-62 4 show system This command displays system info rmation. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage • For a description of the items shown by this command, refer to “Displayi ng System Information” on page 3-8. • The POST results should all display “PASS.” If any POST test [...]

  • Página 241

    System Management Comma nds 4-63 4 Command Usage The session used to execute this comman d is indicated by a “*” symbol next to the Line (i.e., sessi on) index number . Example show version This command displ ays hardware and sof twa re version information for the system. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command U[...]

  • Página 242

    Command Line Interfa ce 4-64 4 Example Frame Size Commands jumbo frame This command enables suppo rt for jumbo frames. Use the no form to disable it. Syntax [ no ] jumbo frame Default Setting Disabled Command Mode Global Configurat ion Command Usage • This switch p rovides more effi cient throughput for large sequential data transfers by supporti[...]

  • Página 243

    Flash/File Co mmands 4-65 4 • Enabling jumbo frames will limit the maximum threshold for broad cast storm control to 64 packets pe r second. (See the switchport broadcast co mmand on page 4-114.) • The current settin g for jumbo frames can b e displayed with t he show system command (page 4-62). Example Flash/File Commands These commands are us[...]

  • Página 244

    Command Line Interfa ce 4-66 4 • public-key - Keyword that allows you to copy a SSH key from a TFTP server. (“Secure Shel l Commands” on page 4-34) • unit - Keyword that allows you to copy to/from a unit. Default Setting None Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. ?[...]

  • Página 245

    Flash/File Co mmands 4-67 4 The following example shows how to cop y the running configurati on to a startup file. The following example shows how to do wnload a configurati on file: This example shows how to copy a secure-site certificate from an TFTP server . It then reboot s the switch to activate the certific ate: This example shows how to copy[...]

  • Página 246

    Command Line Interfa ce 4-68 4 delete This command deletes a file or image. Syntax delete [ un it :] filename filename - Name of the configuration file or image name. unit - Stack unit. (Range: 1-8) Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used f or system startup, then this fi le cannot be deleted. ?[...]

  • Página 247

    Flash/File Co mmands 4-69 4 Command Usage • If you enter the command dir without a ny parameters, the system displ ays all files. • A colon (:) is required after the specified un it number. • File information is sho wn below: Example The following example shows how to di splay all file informatio n: whichboo t This command displ ays which fil[...]

  • Página 248

    Command Line Interfa ce 4-70 4 Example This example shows the informat io n displayed by the whichboot command. See the tabl e under the dir command for a description of the fil e information displaye d by this command. boot system This command specif ies the image used to st art up the sys tem. Syntax boot system [ unit :] { boot-rom | config | op[...]

  • Página 249

    Authentication Commands 4-71 4 Authentication Commands Y ou can confi gure this switch to authen ti cate users logging into the system for management access using l ocal or RADIUS authentication met hods. Y ou can also enable port-based au the ntication for network cli ent access using IEEE 802.1X. Authentication Sequence authentication login This [...]

  • Página 250

    Command Line Interfa ce 4-72 4 • RADIUS and TACACS+ logon authen tication assigns a specif ic privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authenti c at ion server. • You can specif y three authentication methods in a si ngle command to indic ate the authenti cation[...]

  • Página 251

    Authentication Commands 4-73 4 authenticati on is att empt ed on the TACACS+ serve r. I f t he TACACS+ se rv er is not available, the local user name and password is checked. Example Related Commands enable password - sets the password for changing co mmand modes (4-27) RADIUS Client Remote Authent ication Dial-in User Service (RADIUS) is a logo n [...]

  • Página 252

    Command Line Interfa ce 4-74 4 • retransmit - Number of times the switch will try to aut henticate logon access via the RADIUS server. (Range: 1-30) • key - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting • auth-port - 1812 • timeout - 5 seco[...]

  • Página 253

    Authentication Commands 4-75 4 Default Setting None Command Mode Global Configurat ion Example radius-server retransmit This command sets th e number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_ retries no radius-server retransmit number_of_retries - Number of times the switch will try to authentica[...]

  • Página 254

    Command Line Interfa ce 4-76 4 Example show radius-server This command displays the current sett ings for the RADIUS server . Default Setting None Command Mode Privileged Exec Example TACACS+ Client T ermi nal Access Cont roller Access Control Syst em (T ACACS+) is a logon authenticati on prot ocol that uses soft ware running on a central server to[...]

  • Página 255

    Authentication Commands 4-77 4 tacacs-server host This command specifies the T ACACS+ server . Use the no form to restore t he default. Syntax t acacs-server host host_ip_addre ss no t acacs-server host host_ip_address - IP address of a T A CACS+ server . Default Setting 10.1 1.12.13 Command Mode Global Configurat ion Example tacacs-server port Thi[...]

  • Página 256

    Command Line Interfa ce 4-78 4 tacacs-server key This command sets th e T ACACS+ encryption key . Use the no form to r estore the default. Syntax t acacs-server key key_stri ng no t acacs-server key key_string - Encryption key used to authenticate log on access for the client. Do not use blank spaces in the string. (Maximum length: 20 characters) D[...]

  • Página 257

    Authentication Commands 4-79 4 Port Security Commands These commands can be used to enable port securi ty on a port. When using port security , the switch stop s learning new MAC ad dresses on the speci fied port when it has reached a co nfigured maximum nu mber . Only i ncoming traf fic with source addresses already s tored in th e dynamic or st a[...]

  • Página 258

    Command Line Interfa ce 4-80 4 Command Usage • If you enable po rt se curity, th e switch stop s l earning new MAC addre sses on the specified port when it has reached a configured maximum number. Only incoming traffi c with source addresses already s tored in the dynamic or static address table wi ll be accepted. • First use th e port security[...]

  • Página 259

    Authentication Commands 4-81 4 802.1X Port Authentication The switch supports IEEE 802.1X (dot 1x) port-based access control that prevent s unauthorized access to the network by requiring users to first submit creden tials for authenticati on. Client authenticat ion is controlled centrall y by a RADIUS se rver using EAP (Extensible Authent ication [...]

  • Página 260

    Command Line Interfa ce 4-82 4 dot1x default This command sets al l configurable dot1x global and port settings to their default values. Command Mode Global Configurat ion Example dot1x max-req This command sets th e maxi mum number of time s the switch port will ret ransmi t an EAP request/identity p acket to the client bef ore it times out the au[...]

  • Página 261

    Authentication Commands 4-83 4 Default force-authorized Command Mode Interface Configuration Example dot1x operation-mode This command allows singl e or multiple hosts (cl ients) to connec t to an 802.1X-authorized port. Use the no form with no keywords to restore the defau lt to single host. Use th e no form wi th the multi-host max-count keywords[...]

  • Página 262

    Command Line Interfa ce 4-84 4 dot1x re-authenticate This command forces re-authenticat ion on all ports or a specif ic i nterface. Syntax dot1x re-authenticate [ inte rface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) Command Mode Privileged Exec Example dot1x re-authentication This co[...]

  • Página 263

    Authentication Commands 4-85 4 Command Mode Interface Configuration Example dot1x timeout re-authperiod This command sets the time perio d after which a connected clie nt must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-aut hperiod seconds - The number of seconds. (Range: 1-65535) Default 3600 seconds Command[...]

  • Página 264

    Command Line Interfa ce 4-86 4 Example show dot1x This command shows general port aut henticat ion related set tings on the swit ch or a specific interface. Syntax show dot1x [ statistics ] [ interface interface ] • statistics - Displays dot1x status for each port. • interface • ethernet unit / port - unit - S tack uni t . (Range: 1-8) - port[...]

  • Página 265

    Authentication Commands 4-87 4 • 802.1X Port Details – Displays the port access control parameters for each interface, incl uding the following i te ms: - reauth-enabled – Periodic re-authentication (page 4-84). - reauth-period – Time after which a connected client must be re-authenticated (pag e 4-85). - quiet-period – T ime a port waits[...]

  • Página 266

    Command Line Interfa ce 4-88 4 Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mod e Mode Authorized 1/1 disabled Single-Host ForceAuthorized n/a 1/2 enabled Single-Host auto yes . . . 1/26 disabled Single-Host ForceAuthorized n/a 802.1X Port Details 802.1X is disabled o[...]

  • Página 267

    Access Contro l List Comman d s 4-89 4 Access Control List Commands Access Control List s (ACL) provide p acket fi lteri ng for IP f rames (b ased on addre ss, protocol, Layer 4 protocol port nu mber or TCP control code) or any frames (based on MAC address or Ethernet type). To filt er packets, first creat e an access list, add the required rules a[...]

  • Página 268

    Command Line Interfa ce 4-90 4 IP ACLs access-list ip This command adds an IP access list and enters configurat ion mod e for st an dard or extended IP ACLs. Us e the no form to remove t he specif ied ACL. Syntax [ no ] access-li st ip { standard | extended } acl_name • standard – Specif ie s an ACL that filters packets based on the source IP a[...]

  • Página 269

    Access Contro l List Comman d s 4-91 4 Command Usage • When you create a new ACL or enter co nfiguration mode for an exist ing ACL, use the permit or deny command to add ne w rules to the bottom of the li st. To create an ACL, you must add at least one rule to the list. • To remove a rule, use the no permit or no d eny command followed by the e[...]

  • Página 270

    Command Line Interfa ce 4-92 4 Example This example configures one pe rmit rule for the specific add re ss 10.1.1.21 and another rule for the address range 168.9 2.16.x – 168.92.31.x using a bit mask. Related Commands access-list ip (4-90) permit , deny (Extende d ACL) This command adds a rule to an Extende d IP ACL. The rule sets a filt er condi[...]

  • Página 271

    Access Contro l List Comman d s 4-93 4 Default Setting None Command Mode Extended ACL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are simi lar to a subne t mask, contai ning four inte gers from 0 to 255, each s eparated by a peri od. The binary mask uses 1 bits to indicate “match” and 0 bits to indi[...]

  • Página 272

    Command Line Interfa ce 4-94 4 This permit s all TCP pack ets from c lass C addresses 192 .168.1.0 with t he TCP control code set to “SYN.” Related Commands access-list ip (4-90) show ip access-list This command displays the ru le s for configured IP ACLs. Syntax show ip access-list { st andard | extended } [ acl_name ] • standard – Specifi[...]

  • Página 273

    Access Contro l List Comman d s 4-95 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one. • You must configure a mask for an ACL rule bef ore you can bi nd it to a port. Example Related Commands show ip ac[...]

  • Página 274

    Command Line Interfa ce 4-96 4 Command Usage A packet matchi ng a rule within the specifi ed ACL is mapped to one of the output queues as s hown in the followin g table. For i nformation on mappin g the CoS values to o utput queues, see queue cos-map on page 4-171. Example Related Commands queue cos-map (4-171) show map access-list ip (4-96) show m[...]

  • Página 275

    Access Contro l List Comman d s 4-97 4 MAC ACLs access-list mac This command adds a MAC access list and enters MAC ACL confi guration mode. Use the no form to remove the specified ACL. Syntax [ no ] access-li st mac acl_name acl_name – Name of the ACL. (Maximum length: 1 6 characters) Default Setting None Command Mode Global Configurat ion Comman[...]

  • Página 276

    Command Line Interfa ce 4-98 4 Related Commands permit, deny (MAC ACL) (4-98) mac access-g roup (4-99) show mac access-l ist (4-99) permit , deny (MAC ACL) This command adds a rule to a MAC ACL. The rule fi lters pac kets matching a specified MAC source or destinatio n address (i.e., p hysical layer addre ss), or Ethernet protocol ty pe. Use the no[...]

  • Página 277

    Access Contro l List Comman d s 4-99 4 Example This rule permits p ackets from any sou rce MAC address to the destination addre ss 00-90-cc-94-34-de where the Ethernet type is 0800. Related Commands access-list mac (4-97) show mac access-list This command displays the ru le s for configured MAC ACLs. Syntax show mac access-list [ acl_name ] acl_nam[...]

  • Página 278

    Command Line Interfa ce 4-100 4 Command Usage • A port can only be bound to one ACL. • If a port is already bou nd to an ACL and you bind it to a differen t ACL, the switch will rep lace the old binding with t he new one. Example Related Commands show mac access-l ist (4-99) show mac access-group This command shows the ports assigned to MAC ACL[...]

  • Página 279

    Access Contro l List Comman d s 4-101 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • You must configure an ACL mask before you can map CoS valu es to the rule. • A packet matching a rule wit hi n the specified ACL is mapped to o ne of the output queues as sho wn below. Example Related Commands queue cos-map (4-171) show map [...]

  • Página 280

    Command Line Interfa ce 4-102 4 ACL Information show access-list This command shows all ACLs and associated rules, as well as al l the user-defi ne d masks. Command Mode Privileged Exec Command Usage Once the ACL is bound to an interf ace (i.e., the ACL is active), the order i n which the rules are disp layed is determined by th e associated mask. [...]

  • Página 281

    SNMP Commands 4-103 4 SNMP Commands Controls access to thi s switch from management st ations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. snmp-server community This command defines the communi t y access string for the Simple Network Management Proto c ol . Use the no form to remove th e sp[...]

  • Página 282

    Command Line Interfa ce 4-104 4 Example snmp-server contact This command set s the system cont act string. Use the no form to rem ove the system cont act informati on. Syntax snmp-server cont act string no snmp-server cont act string - S tring that describes the system contact information . (Maximum length: 255 characters) Default Setting None Comm[...]

  • Página 283

    SNMP Commands 4-105 4 Related Commands snmp-server contact (4-104) snmp-server host This command specifies the recipient of a Simple Network Manag ement Protocol notificati on operation. Use t he no form to remove the specified host. Syntax snmp-server host host-addr community-string [ version { 1 | 2c }] no snmp-server host host-addr • host-addr[...]

  • Página 284

    Command Line Interfa ce 4-106 4 Example Related Commands snmp-server enable trap s (4-106) snmp-serv er enable traps This command enables this devi ce to send Simple Network Mana gement Protocol traps (SNMP no ti fications). Use the no form to disabl e SNMP notifications. Syntax [ no ] snmp-serve r enable traps [ authentication | link-up-down ] •[...]

  • Página 285

    SNMP Commands 4-107 4 show snmp This command checks the st atus of SNMP communications. Default Setting None Command Mode Normal Exec, Privileg ed Exec Command Usage This command provides information on the commu nity access strings, counter information for SNMP input and output protocol dat a units, and whet her or not SNMP logging has been enable[...]

  • Página 286

    Command Line Interfa ce 4-108 4 Interface Commands These commands are used to display or set co mmunication para meters for an Ethernet port, aggregate d link, or VLAN. interface This command configures an in terface type and enter interf ace co nfiguration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-cha nn[...]

  • Página 287

    Interface Commands 4-109 4 Command Mode Global Configurat ion Example T o sp eci fy port 24, enter t he following command: description This command adds a description t o an interface. Use the no form to remove th e description. Syntax description string no description string - Comment or a d escription to help you remember what is attached to this[...]

  • Página 288

    Command Line Interfa ce 4-110 4 Default Setting • Auto-negotiat ion is enabled by default. • When auto-negoti ation is disabled, the default spe ed-duplex setting is 1 00half for 100BASE-TX ports and 1000full f or Gigabit Ethernet ports. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • To force operation to the[...]

  • Página 289

    Interface Commands 4-111 4 • If autonegoti ation is disabled, auto-MDI /MDI-X pin signal configuratio n will also be disabled for the RJ-45 port s. Example The following example conf igures port 1 1 to use autonegotiation. Related Commands capabili ties (4-1 1 1 ) speed-duplex (4 -109) capabilities This command advertises the port capabilities of[...]

  • Página 290

    Command Line Interfa ce 4-112 4 Example The following example configures Et hernet port 5 cap abilities t o 100half, 100full and flow cont rol. Related Commands negotiation (4-1 10) speed-duplex (4 -109) flowcontrol (4-1 12) flowcontrol This command enable s flow contro l. Use the no form to disable flow control. Syntax [ no ] flowcontrol Default S[...]

  • Página 291

    Interface Commands 4-113 4 Example The following example enab les flow control on port 5. Related Commands negotiation (4-1 10) capabilities (flowcon trol, symmetri c) (4-1 1 1) shutdown This command disables an int erfac e. T o rest art a disabled interfac e, use the no form. Syntax [ no ] shut down Default Setting All interfaces are enabled. Comm[...]

  • Página 292

    Command Line Interfa ce 4-114 4 switchport broad cast packet-rate This command confi gures broadcast storm contro l. Use the no form to disa ble broadcast storm contro l. Syntax switchport broadcast octet-rate rate no switchport broadcast rate - Threshold level as a rate; i.e., octets per second. (Range: 64-95232000) Default Setting Enabled for all[...]

  • Página 293

    Interface Commands 4-115 4 Command Mode Privileged Exec Command Usage S tat istics are only initia lized for a power reset. This command set s the base value for displayed st atistics to zero for t he current management session. However , i f you log out and back into the manag ement interface, the statistics displayed will sh ow the absolute val u[...]

  • Página 294

    Command Line Interfa ce 4-116 4 Example show interfaces counters This command displays inte rface statis tics. Syntax show interfaces counters [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting Shows the counters for all in[...]

  • Página 295

    Interface Commands 4-117 4 Example show interfaces switchport This command displays the admi nistrative and opera tional statu s of the specified interface s. Syntax show interfaces switchport [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (RAnge: 1-26) • port-cha nnel channel-id (Range: [...]

  • Página 296

    Command Line Interfa ce 4-118 4 Example This example shows the configu ration setting for port 24. Console#show interfaces switchport ethe rnet 1/24 Broadcast threshold: Enabled, 32000 octets/second LACP status: Enabled Ingress rate limit: disable, Level: 30 Egress rate limit: disable, Level: 30 VLAN membership mode: Hybrid Ingress rule: Disable d [...]

  • Página 297

    Mirror Port Commands 4-119 4 Mirror Port Commands This section describes how to mirror traf fic from a source port to a target port. port monitor This command configures a mirror sess ion. Use the no form to clear a mirror session. Syntax port monitor in terface [ rx | tx ] no port monit or interface • interface - ethernet unit / port (source por[...]

  • Página 298

    Command Line Interfa ce 4-120 4 Example The following example conf igures the switch to mirro r received packet s from port 6 to 1 1: show port mo nitor This command displays mirror informa ti on. Syntax show port monit or [ interface ] interface - ethernet unit / port (source port) • unit - Stack unit. (Range: 1-8) • port - Port number. (Range[...]

  • Página 299

    Rate Limit Co mmands 4-121 4 Rate Limit Commands This function allows th e network manager to cont ro l the maximum rate for traf fic transmitted or received on an i nterface. Rate li miting is configured on interfaces at the edge of a network to limit traffic i nto or out of the network. T raf fic that f alls within the rate limit is tran smit ted[...]

  • Página 300

    Command Line Interfa ce 4-122 4 Example rate-limit granularity Use this command to define t he rate li mit granul arity for the Fast Ethernet port s, and the Gigabit Etherne t ports. Use the no form of this command to restore the def ault setting. Syntax rate-limit { fastethernet | gigabitethernet } granularity [ granularity ] no rate-limit { faste[...]

  • Página 301

    Link Aggregation Commands 4-123 4 Command Usage • For Fast Ethern et interfaces, the rate limit granularity can be se t to 512 Kbps, 1 Mbps, or 3.3 Mbps. • For Gigabit Ethernet interfaces, the rat e limit granulari ty is 33.3 Mbps. Example Link Aggregation Commands Ports can b e statical ly grouped into an aggregate link (i .e., trunk) to incre[...]

  • Página 302

    Command Line Interfa ce 4-124 4 Guidelines for Cre a tin g Tru nk s General Guidelines – • Finish configuri ng port trunks b efore you connect the corresponding n etwork cables between swit ches to avoid creating a loop. • A trunk can have up to eight port s. • The ports at both ends of a connect ion must be configured as trunk ports. • A[...]

  • Página 303

    Link Aggregation Commands 4-125 4 Example The following example creat es trunk 1 and then adds port 1 1: lacp This command enables 802.3ad Link Aggrega tion Control Protoco l (LACP) for the current inte rface. Use the no form to disable it. Syntax [ no ] lacp Default Setting Disabled Command Mode Interface Conf iguration (Ethernet) Command Usage ?[...]

  • Página 304

    Command Line Interfa ce 4-126 4 Example The following shows LACP enabled on port s 1 1-13. Because LACP has also been enabled on the port s at the other end of the links , the show in terfaces status port-cha nnel 1 command shows that T runk 1 has been established. lacp system-priority This command configures a port's LACP system priority . Us[...]

  • Página 305

    Link Aggregation Commands 4-127 4 Command Mode Interface Conf iguration (Ethernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined wit h the switch’s MAC address to form the LAG identifier. This ident ifier is used to indicate a specific LAG during LACP negotiations wit[...]

  • Página 306

    Command Line Interfa ce 4-128 4 • Once the remote side of a link ha s been established, LACP operation al settings are already in use on that side. Configuring LACP sett ings for the partner only app li es to its administrati ve state, not its opera tional state, and will only take effe ct t he next time an aggregate link is est ablished with the[...]

  • Página 307

    Link Aggregation Commands 4-129 4 lacp port-priori ty This command configures LACP port priori ty . Use the no form to restore th e default setting. Syntax lacp { actor | pa r t n e r } port-priority priority no lacp { actor | pa r t n e r } port-priority • actor - The local side an aggregat e link. • partner - The remote side of an aggregate l[...]

  • Página 308

    Command Line Interfa ce 4-130 4 Default Setting Port Channel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Port channel : 1 --------------------------------------- ---------------------------------- Eth 1/ 1 --------------------------------------- ---------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Ma[...]

  • Página 309

    Link Aggregation Commands 4-131 4 Console#show lacp 1 internal Port channel : 1 --------------------------------------- ---------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 --------------------------------------- ---------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Adm[...]

  • Página 310

    Command Line Interfa ce 4-132 4 Console#show lacp 1 neighbors Port channel 1 neighbors --------------------------------------- ---------------------------------- Eth 1/1 --------------------------------------- ---------------------------------- Partner Admin System ID : 32768, 00-0 0-00-00-00-00 Partner Oper System ID : 32768, 00-90 -CC-00-00-01 Pa[...]

  • Página 311

    Address T able Co mmands 4-133 4 Address Table Commands These commands are used to configure the addres s table for filtering specified addresses, displayi ng current entries, clearin g the t able, or setting the agi ng time. Console#show lacp sysid Port Channel System Priority Sys tem MAC Address --------------------------------------- -----------[...]

  • Página 312

    Command Line Interfa ce 4-134 4 mac-address-table static This command maps a st atic address to a desti nat ion port in a VLAN. Use the no form to remove an address. Syntax mac-address-t able st atic mac-address interface interf ace vlan vlan-id [ ac tion ] no mac-address-t able st atic mac-address vlan vlan-id • mac-address - MAC address. • in[...]

  • Página 313

    Address T able Co mmands 4-135 4 clear mac-address-table dynamic This command removes any learned entrie s from the forwarding databa se and clears the transmit and receive count s for any static or system configured entries. Default Setting None Command Mode Privileged Exec Example show mac-address-table This command shows classes of entries in th[...]

  • Página 314

    Command Line Interfa ce 4-136 4 means to match a bit and “1” means to ignore a bit . For example, a mask of 00-00-00-00-00-00 mean s an exact matc h, and a mask o f FF-FF-FF-FF-FF -F F means “any.” • The maximum number of address entries is 8191. Example mac-address-table aging-time This command sets th e aging time for entrie s in th e a[...]

  • Página 315

    Spanning Tree Commands 4-137 4 Spanning Tree Commands This section includes co mmands that configure the S panning T ree Algorithm (ST A) globally for the switch, and commands that configure ST A for the selected interface. spanning-tree This command enables the S panning T ree Alg orithm globall y for the switch. Use t he no form to disable it. Sy[...]

  • Página 316

    Command Line Interfa ce 4-138 4 an ST A-compliant switch, bridge or router) in your netwo rk to ensure that only one route exist s between any two stati ons on the network, and provide backup links which auto matically t ake over when a primary link goes down. Example This example shows how to enable the S panning T ree Algorithm for the swit ch: s[...]

  • Página 317

    Spanning Tree Commands 4-139 4 spanning-tree forward-time This command confi gures the spanni ng tree bridge forward t ime globally fo r this switch. Use the no form to restore the defaul t. Syntax sp anning-tree forward-time seconds no spanning-tree forward-time seconds - T ime in seconds. (Range: 4-30 seconds) The minimum value is the higher of 4[...]

  • Página 318

    Command Line Interfa ce 4-140 4 Command Usage This command sets the t ime interval (in seconds) at which the root devi ce transmits a configurati on message. Example spanning-tree max-age This command configures the sp anning tree bridge maximum age glob ally for this switch. Use the no form to restore the defaul t. Syntax sp anning-tree max-age se[...]

  • Página 319

    Spanning Tree Commands 4-141 4 spanning-tree priority This command confi gures the span ning tree priority globally for thi s switch. Use the no form to restore the def ault. Syntax sp anning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range – 0-61440, in steps of 4096; Options: 0, 4096, 8192, 12288, 16384[...]

  • Página 320

    Command Line Interfa ce 4-142 4 Command Usage The path cost met hod is used to determine the best p ath between devices . Therefore, lower values should be assigned to ports att ached to fast er media, and higher values assign ed to ports with slower medi a. Note that path cost (page 4-142) t akes precedence over port prio rity (page 4-143). Exampl[...]

  • Página 321

    Spanning Tree Commands 4-143 4 Default Setting • Ethernet – ha lf duplex: 2,00 0,000; full du plex: 1,000,00 0; trunk: 500,000 • Fast Ethernet – half duplex: 2 00,000; full d uplex: 100,000; trunk: 50,000 • Gigabit Ethern et – full duplex: 10,000; trun k: 5,000 Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usa[...]

  • Página 322

    Command Line Interfa ce 4-144 4 Example Related Commands spanning-t ree cost (4-142) spanning-tree edge-port This command specifi es an interface as an edge port. Use the no form to resto re the default. Syntax [ no ] sp anning-tree edge-por t Default Setting Disabled Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage ?[...]

  • Página 323

    Spanning Tree Commands 4-145 4 spanning-tree portfast This command sets an in terface to fast f orwarding. Use the no form to disabl e fast forwarding. Syntax [ no ] sp anning-tree port fast Default Setting Disabled Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usage • This command is used to enable/di sab le th e fast [...]

  • Página 324

    Command Line Interfa ce 4-146 4 Default Setting auto Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • Specify a po int-to-point link if the interf ace can only be connected to exac tly one other bridge , or a shared link if i t can be connected to two or more bridges. • When automatic detect ion is selected, the [...]

  • Página 325

    Spanning Tree Commands 4-147 4 show spanning-tree This command shows the configuratio n for th e spanning tree . Syntax show sp anning-tree [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exe[...]

  • Página 326

    Command Line Interfa ce 4-148 4 Example Console#show spanning-tree Spanning-tree information --------------------------------------- ------------------------ Spanning tree mode: RSTP Spanning tree enabled/disabled: enab led Priority: 4096 0 Bridge Hello Time (sec.): 2 Bridge Max Age (sec.): 20 Bridge Forward Delay (sec.): 15 Root Hello Time (sec.):[...]

  • Página 327

    VLAN Commands 4-149 4 VLAN Commands A VLAN is a group of port s that can be l ocated anywhere in the network, but communicate as though t hey belong to the same physical segme nt. This section describes commands used to create VLAN grou ps, add port members, specify how VLAN tagging is used, and enable automatic VLAN registrati on for the selected [...]

  • Página 328

    Command Line Interfa ce 4-150 4 Example Related Commands show vlan (4-157) vlan This command config ures a VLAN. Use the no form to restore the defau lt settings or delete a VLAN. Syntax vlan vlan-id [ name vlan -name ] media ethernet [ st ate { active | suspend }] no vlan vlan-id [ nam e | st ate ] • vlan-id - ID of configured VLAN. (Range: 1-40[...]

  • Página 329

    VLAN Commands 4-151 4 Configuring VLAN Interfaces interface vlan This command enters interf ace configuration mode for VLANs, whic h is used to configur e VLA N parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (R ange: 1-4094, no lead ing zeroes) Default Setting None Command Mode Global Configu[...]

  • Página 330

    Command Line Interfa ce 4-152 4 switchport mode This command confi gures the VLAN membership mode for a port. Use the no form to restore the de fault. Syntax switchport mode { trunk | hybrid | private-vlan } no switchport mode • trunk - Specifies a port as an end-point for a VLAN trun k. A trunk is a direct link between two swi tches, so the port[...]

  • Página 331

    VLAN Commands 4-153 4 Command Mode Interface Co nfiguration (Ethern et, Port Channe l) Command Usage When set to receive all frame types, any received fra mes that are untagged are assigned to the def ault VLAN. Example The following example shows how to rest rict the traffic received on port 1 to tagged frames: Related Commands switchport mode (4-[...]

  • Página 332

    Command Line Interfa ce 4-154 4 Example The following example shows how to set the interface to port 1 and then enable ingress filtering : switchport native vlan This command configures the PVID (i.e., def au lt VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Def[...]

  • Página 333

    VLAN Commands 4-155 4 switchport allowed vlan This command confi gures VLAN groups on t he selected int erface. Use the no form to restore the de fault. Syntax switchport allowed vlan { add vlan-list [ ta g g e d | untagged ] | remove vlan-list } no switch port allowed vl an • add vlan-list - List of VLAN identifiers to add. • remove vlan-list [...]

  • Página 334

    Command Line Interfa ce 4-156 4 switchport forbidden vlan This command confi gures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan { ad d vlan-list | remove vlan-list } no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN identi[...]

  • Página 335

    VLAN Commands 4-157 4 show vlan This command shows VLAN information. Syntax show vlan [ id vlan-id | name vlan-name | private-vl an private-vlan-type ] • id - Keyword to be fo ll ow ed by the VLA N ID. - vlan-id - ID of the configured VL AN. (Range: 1-4094, no le ading zeroes) • name - Keyword to be fo ll ow ed by the VLA N na m e . - vlan-name[...]

  • Página 336

    Command Line Interfa ce 4-158 4 Configuring Private VLANs Private VLANs provide port-based security and isolation between port s within the a ssigned VLAN. This switch support s two types of private VLANs: primary/ secondary associated group s, and stan d-alone isolated VLANs. A primary VLAN contain s promiscuous port s that can communicate wi t h [...]

  • Página 337

    VLAN Commands 4-159 4 3. Use the switchport mode private-vlan command to config ure ports as promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e., community port). 4. Use the switchport private-vlan host-association c ommand t o assign a port to a secondary VLAN. 5. Use the switchport private- vlan ma pping command to as[...]

  • Página 338

    Command Line Interfa ce 4-160 4 an associated “primary” VLAN tha t contains promiscuous ports. When usi ng an isolated VLAN, it must be config ured to contain a single promi scuous port. • Port membership for private VLANs is stati c. Once a port has been assig ned to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP. ?[...]

  • Página 339

    VLAN Commands 4-161 4 switchport mode private-vlan Use this command to set the private VLAN mode for an interface. Use the no form to restore the default sett ing. Syntax switchport mode private-vlan { host | promiscuou s } no switchport mo de private-vlan • host – This port type can subsequentl y be assigned to a community or isolated VLAN. ?[...]

  • Página 340

    Command Line Interfa ce 4-162 4 Command Mode Interface Co nfiguration (Ethe rnet, Port Ch annel) Command Usage All ports assi gned to a secondary (i.e., community ) VLAN can pass traf fic between group members, but must co mmunicate with resources out side of the group via promiscuous portsin the associat ed primary VLAN. Example switchport privat [...]

  • Página 341

    VLAN Commands 4-163 4 switchport privat e-vlan mapping Use this command to map an interface t o a pri mary VLAN. Use th e no form to remove this mapping. Syntax switchport privat e-vlan mapping prima ry-vlan-id no switchport private-vlan mapping primary-vlan-id – ID of primary VLAN. (Range: 1 -4094, no leading zeroes). Default Setting None Comman[...]

  • Página 342

    Command Line Interfa ce 4-164 4 Example GVRP and Bridge Extension Commands GARP VLAN Registration Protoco l def ines a way for switches to exch ange VLAN information in order to automatical ly register VLAN members o n interfaces across the network. This section describ es how to enable GVRP for individual inte rfaces and globally for the switch, a[...]

  • Página 343

    GVRP and Bridge Extension Commands 4-165 4 Example show bridge-ext This command shows the configuratio n for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Enabling or Disabling GVRP (Global Setting)” on p age 3-108 and “Displaying Bridge Extensi on Cap abilities” o n p age 3-1 1 for a des cr[...]

  • Página 344

    Command Line Interfa ce 4-166 4 show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp conf iguration [ interfa ce ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting Shows both global and interfa ce-specific co[...]

  • Página 345

    GVRP and Bridge Extension Commands 4-167 4 Command Usage • Group Address Registration Protocol is used b y GVRP and GMRP to register or deregister client attri butes for client services withi n a bridged LAN. The default values fo r the GARP timers are independent of the media access method or da ta rate. These value s should not be c hanged unle[...]

  • Página 346

    Command Line Interfa ce 4-168 4 Related Commands garp timer (4-166) Priority Commands The commands described in this secti on allow you to specify which dat a packet s have greater precedence when traf fic is bu f fered in the switch due to cong estion. This switch support s CoS with four priority queu es for each port. Dat a packet s in a port’s[...]

  • Página 347

    Priority Commands 4-169 4 queue mode This command sets th e queue mode to strict priorit y or Weighted Round -Robin (WRR) for the class of se rvice (CoS) pri orit y queues. Use t he no form to re store the default value. Syntax queue mode { strict | wrr } no queue mode • strict - Services the egre ss queues in sequential order, trans mitting all [...]

  • Página 348

    Command Line Interfa ce 4-170 4 Default Setting The priority is not set, and the default value for unt agged frames recei ved on the interface is zero. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, and default switchp ort pri ority. • T[...]

  • Página 349

    Priority Commands 4-171 4 Command Mode Global Configurat ion Command Usage WRR controls bandwid th sharing at the egress port by defining scheduling weights. Example This example shows how to assign WRR weigh ts to priority queues 1 - 3: Related Commands show queue bandwid th (4-172) queue cos-map This command assigns class of servi ce (CoS) values[...]

  • Página 350

    Command Line Interfa ce 4-172 4 Command Usage • CoS values assigned at the ingre ss port are also used at the egress port. • This command sets the CoS priority for all interfaces. Example The following example shows how to map CoS val ues 0, 1 and 2 to eg ress queue 0, value 3 to egress queue 1, va lue s 4 and 5 to egress qu eue 2 , an d values[...]

  • Página 351

    Priority Commands 4-173 4 Example show queue cos-map This command shows the class of se rvice priority map. Syntax show queue cos-map [ interface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. (Range: 1-26) • port-cha nnel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Exam[...]

  • Página 352

    Command Line Interfa ce 4-174 4 Priority Commands (Layer 3 and 4) map ip port (Global Configuration) This command enables IP port mapping (i .e., class of service mapping for TCP/UDP sockets). Use th e no form to disable IP port mapping. Syntax [ no ] map ip po rt Default Setting Disabled Command Mode Global Configurat ion Command Usage The precede[...]

  • Página 353

    Priority Commands 4-175 4 map ip port (Interface Configuration) This command set IP port priority (i. e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port number cos cos-value no map ip port port-number • port-number - 16-bit TCP/UDP port number.(Range 1-65535) • cos-value - Class-of-Service val ue. [...]

  • Página 354

    Command Line Interfa ce 4-176 4 Example The following example shows how to en able IP precedence mapping globa lly: map ip precedence (Interface Config uration) This command sets IP preced ence priority (i.e. , IP T ype of Service priority). Use the no form to restore the def ault tabl e. Syntax map ip preceden ce ip-precedence-value cos cos-val ue[...]

  • Página 355

    Priority Commands 4-177 4 map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Dif ferentiate d Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [ no ] map ip dscp Default Setting Disabled Command Mode Global Configurat ion Command Usage • The precedence for priority mappin g is IP Port, I[...]

  • Página 356

    Command Line Interfa ce 4-178 4 Default Setting The DSCP default values are defi ned in the following t able. Note that all the DSCP values that are not specif ied are mapped to CoS value 0. Command Mode Interface Co nfiguration (Eth ernet, Port Ch annel) Command Usage • The precedence for priority mappin g is IP Port, IP Precedence or IP DSCP, a[...]

  • Página 357

    Priority Commands 4-179 4 Default Setting None Command Mode Privileged Exec Example The following s hows that HTTP traf fic has been mapp ed to CoS value 0: Related Commands map ip port (Global Configu ration) (4-174) map ip port (Interface Config uration) (4-175) show map ip precedence This command shows the IP precedence priorit y map. Syntax sho[...]

  • Página 358

    Command Line Interfa ce 4-180 4 Example Related Commands map ip port (Global Configu ration) (4-174) map ip precedence (Interface Conf iguration) (4-176) show map ip dscp This command shows the IP DSCP priori t y map. Syntax show map ip dscp [ in terface ] interface • ethernet unit / port - unit - Stack unit. (Range : 1-8) - port - Port number. ([...]

  • Página 359

    Multicast Filter ing Commands 4-181 4 Example Related Commands map ip dscp (Global Conf iguration) (4-177) map ip dscp (Interface Config uration) (4-177) Multicast Filtering Commands This switch uses IGMP (Internet Group Manage ment Protocol) to query for any attache d host s tha t want to rece ive a specif ic mul ticast servi ce. It identif ies th[...]

  • Página 360

    Command Line Interfa ce 4-182 4 ip igmp snoopi ng This command enables IGMP sno opi ng on t his swi t ch. Use the no form to disab le i t. Syntax [ no ] ip igmp snooping Default Setting Enabled Command Mode Global Configurat ion Example The following example enab les IGMP snooping. ip igmp snoopi ng vlan static This command adds a port to a multic [...]

  • Página 361

    Multicast Filter ing Commands 4-183 4 ip igmp snoo ping ver sion This command confi gures the IGMP snooping ve rsion. Use the no form to restore the default. Syntax ip igmp snoopi ng version { 1 | 2 } no ip igmp snoo ping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Setting IGMP V ersion 2 Command Mode Global Configurat ion Command[...]

  • Página 362

    Command Line Interfa ce 4-184 4 Example The following s hows the current IGMP snooping configu ration: show mac-address -table multicast This command shows kn own multicast addresse s. Syntax show mac-addre ss-t able multicast [ vlan vlan-id ] [ user | igmp -snooping ] • vlan-id - VLAN ID ( 1 to 4094) • user - Displa y only the user-co nfigured[...]

  • Página 363

    Multicast Filter ing Commands 4-185 4 IGMP Query Commands (Layer 2) ip igmp snoopi ng querier This command enables the swit ch as an I GMP queri er . Use the no form to disable it. Syntax [ no ] ip igmp snooping querier Default Setting Enabled Command Mode Global Configurat ion Command Usage If enabled, the switch will serve as querie r if elected.[...]

  • Página 364

    Command Line Interfa ce 4-186 4 Default Setting 2 times Command Mode Global Configurat ion Command Usage The query count defines how lon g the querier waits for a respon se from a multicast cli ent before taking ac tion. If a querier has sent a number of queries defined by t his command, b ut a client ha s not responded, a countdown timer is starte[...]

  • Página 365

    Multicast Filter ing Commands 4-187 4 ip igmp snoopi ng qu ery-max-response-time This command configures the que ry report delay . Use the no form to resto re the default. Syntax ip igmp snoopi ng qu ery-max-response-time seconds no ip igmp snoo ping query-max-response-time seconds - The report delay advertised in IGMP querie s. (Range: 5-25) Defau[...]

  • Página 366

    Command Line Interfa ce 4-188 4 Default Setting 300 seconds Command Mode Global Configurat ion Command Usage The switch must use IGMPv2 for this comma nd to take ef fect. Example The following shows how to confi gure th e default timeout to 300 seco nds: Related Commands ip igmp snooping version (4-183) Static Multicast Routing Commands ip igmp sno[...]

  • Página 367

    Multicast Filter ing Commands 4-189 4 Command Usage Depending on your network connect ions, IGMP snooping may not always be able to locate the IGMP querier . Ther ef ore, if the IGMP querier is a known multicast router/swit ch connected over the network to an in terface (port or trunk) on your router , you can manually configure that interf ace to [...]

  • Página 368

    Command Line Interfa ce 4-190 4 IP Interface Commands An IP addresses may be used for management access to the swi tch over your network. The IP address for th is switch is obtain ed via DHCP by default. Y ou can manually configure a spe cific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on. Y[...]

  • Página 369

    IP Interface Commands 4-191 4 • If you select the bootp or dhcp option, IP is en abled but wi ll not fun ction until a BOOTP or DHCP reply has been rece ived. Requests will be br oadcast periodically b y this device in an effort to lea rn its IP address. (BOOTP and DHCP values can include t he IP address, default g ateway, and subnet mask ). • [...]

  • Página 370

    Command Line Interfa ce 4-192 4 ip dhcp restart This command submit s a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request fo r any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires t he server to reassi[...]

  • Página 371

    IP Interface Commands 4-193 4 show ip re directs This command shows the default gateway configured for th is device. Default Setting None Command Mode Privileged Exec Example Related Commands ip default-g ateway (4-191) ping This command sends ICMP echo reques t p ackets to another node on the network. Syntax ping host [ size size ] [ count count ][...]

  • Página 372

    Command Line Interfa ce 4-194 4 Example Related Commands interface (4-108) Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 [...]

  • Página 373

    A-1 Appendix A: Software Specifications Software Features Authentication Local, RADIUS, T ACACS, Port (802. 1X), HTTPS, SSH, Port Security Access Control List s IP , MAC (up to 88 lists) DHCP Client Port Configuration 100BASE-TX: 10/100 Mb ps, half/ full duplex 1000BASE-T : 10/100 Mbps at hal f/full dupl ex, 1000 Mbp s at full duplex Flow Control F[...]

  • Página 374

    Software Specifications A-2 A Additional Featu res BOOTP client SNTP (Simple Network T ime Protoco l) SNMP (Simple Network Ma nagement Protocol) RMON (Remote Monitoring, group s 1,2,3,9) SMTP Email Alerts Management Features In-Band Management T elne t, Web-based HTTP or HTTPS, SNMP manager , or Secure Shell Out-of-Band Manageme nt RS-232 DB-9 cons[...]

  • Página 375

    Management Inform ation Bases A-3 A Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674 ) Extensible SNMP Age nts MIB (RFC 2 742) Forwarding T able MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evoluti on MIB (RFC 2863) IP Multicasti ng relat[...]

  • Página 376

    Software Specifications A-4 A[...]

  • Página 377

    B-1 Appendix B: Troubleshooting Problems Accessing the Management Int erface T abl e B-1 T roubleshooting Cha rt Symptom Action Cannot connect us ing T elnet, web browser , or SNMP software • Be sure the switch is powered up. • Check network cabling between the management s tation and the s witch. • Check that you have a valid network connect[...]

  • Página 378

    T roubleshootin g B-2 B Using System Logs If a fault does occur , refer to the Install ation Guide to ensure that the probl em you encountered is actual ly caused by the switch. If the problem app ears to be caused by the switch, follow these s teps: 1. Enable logging. 2. Set the error messages reported to incl ude all categories. 3. Designate the [...]

  • Página 379

    Glossary-1 Glossary Access Control List (ACL) ACLs can limit netwo rk tr af fic and restrict ac cess to certain users or devices by checking each p acket for certain IP or MAC (i.e., Laye r 2) information. Boot Protocol (BOOTP) BOOTP is used to provide boot up information fo r network devices, includin g IP address informati on, the address of the [...]

  • Página 380

    Glossary Glossary-2 GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VL AN information in order to register necessary VLAN members on p orts along the S panning T ree so that VL ANs defined in each switch can work automati cally over a S panning T ree net work. Generic Attribute Regi stration Protocol (GARP) GARP is a p[...]

  • Página 381

    Glossary-3 Glossary IGMP Snooping Listening to IGMP Query and IGMP Re port packet s transferred between IP Multicast Routers and IP Multicast host group s to identif y IP Mult icast group members. IGMP Query On each subnetwork, on e IGMP-cap able device wi ll ac t as t he querier — t hat i s, the device that asks all ho sts to report on the IP mu[...]

  • Página 382

    Glossary Glossary-4 MD5 Message-Digest Algorithm An algorithm that is used to crea te digit al signatures . It is intended for use wi th 32 bit machines and is safe r than the MD4 algori t hm, which has been broken. MD5 is a one-way hash funct ion, meaning that it takes a messag e and converts i t i nto a fixed string of digit s, also called a mess[...]

  • Página 383

    Glossary-5 Glossary Remote Monitoring (RMON) RMON provides comprehensi ve net work monitoring cap abilities. It eliminates the polling requi red in st andard SNMP , and can set alarms on a variety of traf fic conditions, in cluding specific error types. Rapid Spanning Tr ee Protocol (RSTP) RSTP reduces the convergence time for n etwork topology c h[...]

  • Página 384

    Glossary Glossary-6 User Datagram Protocol (UDP) UDP provides a dat agram mode for p acket-switched communi catio ns. It uses IP as the underlying transpo rt mechanism to provide access to I P-like services. UDP packet s are delivered just like IP p ackets – con nect ion-less datagrams th at may be discarded before reachi ng their target s. UDP i[...]

  • Página 385

    Index-1 Numerics 802.1X, port authe ntication 3-49 A acceptable frame type 3-115, 4-152 Access Control List See ACL ACL Extended IP 3-58, 4-89, 4-90, 4-92 MAC 3-58, 4-89, 4-97, 4-97–4-99 Standard IP 3-58, 4-89, 4-90, 4-91 address table 3-90, 4-133 aging time 3-93, 4-136 B BOOTP 3-14, 4-190 BPDU 3-94 broadcast storm, t hreshold 3-81, 4-114 C Class[...]

  • Página 386

    Index-2 Index IGMP groups, display ing 3-140, 4-184 Layer 2 3-135, 4-181 query 3-135, 4-185 query, Layer 2 3-136, 4-185 snooping 3-135, 4-182 snooping, config urin g 3-136, 4-181 ingress filtering 3-115, 4-153 IP address BOOTP/DHCP 3-14, 4-190, 4-192 setting 2-5 , 3-1 2 , 4- 190 IP precedence enabling 3-129, 4-174, 4-175 mapping priorities 3-129, 4[...]

  • Página 387

    Index-3 Index Q queue weights 3-127, 4-170 R RADIUS, logon a uthentication 4-73 rate limits, setting 3-8 3, 4-121 remote logging 4-46 restarting th e s y st e m 3-30, 4-22 RSTP 3-93, 4-138 global configuratio n 3-94, 4-138 S secure sh ell 3-42, 4- 34 Secure Shell configuration 3-42, 4-37 serial port configur ing 4-10 Simple Network Ma nagement Prot[...]

  • Página 388

    Index-4 Index W Web interface access requirements 3-1 configuration but tons 3-3 home page 3-2 menu lis t 3-4 panel display 3-3[...]

  • Página 389

    [...]

  • Página 390

    GSW-2692 E072006-R01[...]