SMC Networks SMC8624/48T manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto SMC Networks SMC8624/48T. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoSMC Networks SMC8624/48T vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual SMC Networks SMC8624/48T você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual SMC Networks SMC8624/48T, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual SMC Networks SMC8624/48T deve conte:
- dados técnicos do dispositivo SMC Networks SMC8624/48T
- nome do fabricante e ano de fabricação do dispositivo SMC Networks SMC8624/48T
- instruções de utilização, regulação e manutenção do dispositivo SMC Networks SMC8624/48T
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque SMC Networks SMC8624/48T não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos SMC Networks SMC8624/48T e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço SMC Networks na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas SMC Networks SMC8624/48T, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo SMC Networks SMC8624/48T, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual SMC Networks SMC8624/48T. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    T igerSwitch 10/100/1000 Gigabit Ether net Switch ◆ 24/48 au to-MDI/MDI-X 10 /100/1 000B ASE-T po rts ◆ 4 ports shared with 4 SFP transcei ver s lots ◆ Non-blocking switching architecture ◆ Support for a redundant po wer unit ◆ Spanning T ree Protocol, Rapid STP , and M ultiple STP ◆ Up to six LA CP or static 8-port trunks ◆ Layer 2/3[...]

  • Página 2

    [...]

  • Página 3

    38 T esla Irvine, CA 9261 8 Phone: (9 49) 679-80 00 T igerSwitch 10/100/1000 Manag ement Guide From SM C’ s T iger line of feature-r ich work group LAN so lutions April 2004 Pub. # 15 020004 1000A[...]

  • Página 4

    Infor matio n furnish ed by SMC Netw orks, Inc . (SMC) is believed to be accurate and reliable. Ho wever , no re sponsibili ty is assumed by SMC for its use, nor f or any in fringe ments of patents or othe r rights of third par ties which may result from its use. No license is g ranted by implicatio n or oth- erwise under any pa tent or patent r ig[...]

  • Página 5

    i L IMITED W ARRANTY Limited W ar ranty Statement: SM C Networks, Inc. (“SMC ”) warr ants it s product s to be free from defects in wor kmanship and materials , under normal use and service, for the applicable warranty term . All SMC products carry a standard 90-day limited warranty from the date of purc hase from SMC or its Authorized R eselle[...]

  • Página 6

    L IMIT ED W AR RANTY ii WARRA NTIE S EXCLUSIV E: IF AN SMC PROD UCT DOES NOT OPERA TE AS W ARRANTED ABO VE, CUSTOMER’S SOLE REMED Y SHALL BE REP AIR OR REPLA C EMENT OF THE P RODUCT I N QUESTION , AT SMC’S OPTION . THE FOREGOING W ARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER W ARRANTIES OR CONDITIONS , EXPRESS OR IM PLIED ,[...]

  • Página 7

    iii C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Key Featu res . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Descripti on of Softw are Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 System Defa ults . . . . . . . . . . .[...]

  • Página 8

    C ONTENTS iv Setting th e Switch’s IP Address . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Manual Con figuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Using DHCP/ BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 Managing F irmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 9

    C ONTENTS v Filtering M anagement Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 Port Configu ration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 Displaying C onnectio n Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 Configuri ng Interface C onnections . . . . .[...]

  • Página 10

    C ONTENTS vi Adding Sta tic Membe rs to VLANs ( Port Index) . . . . . . . . . . 3-153 Configuring V LAN Behavior fo r Interfaces . . . . . . . . . . . . . . 3-154 Configuri ng Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158 Enabling P rivate VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 3-158 Configuring Up link an[...]

  • Página 11

    C ONTENTS vii Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Keywor ds and Arg uments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Minimum Ab breviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Command Completion . . . . . . . . . . . . . . . . . . [...]

  • Página 12

    C ONTENTS viii System Man agement Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 Device Desi gnation Command s . . . . . . . . . . . . . . . . . . . . . . . . 4-33 prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 13

    C ONTENTS ix SMTP Alert Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 logging se ndmail host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 logging se ndmail level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 logging se ndmail source -email . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 14

    C ONTENTS x radius-ser ver retransm it . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-97 radius-ser ver timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 show radi us-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 TACACS+ C lient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 15

    C ONTENTS xi MAC ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-135 access-list mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-136 permit , deny (MAC ACL ) . . . . . . . . . . . . . . . . . . . . . . . . . 4-137 show mac a ccess-lis t . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 16

    C ONTENTS xii Interfac e Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-167 interfac e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168 descrip tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-168 speed- duplex . . . . . . . . [...]

  • Página 17

    C ONTENTS xiii Spanning Tr ee Command s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-205 spanni ng-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-206 spanni ng-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-207 spanni ng-tree forward -time . . . . . . . . [...]

  • Página 18

    C ONTENTS xiv Displaying V LAN Informa tion . . . . . . . . . . . . . . . . . . . . . . . . 4-242 show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-242 Configuri ng Protocol-b ased VLANs . . . . . . . . . . . . . . . . . . . . 4-243 protoc ol-vlan pro tocol-gr oup (C onfigurin g Groups) . . . 4-24 4 protoc ol-v[...]

  • Página 19

    C ONTENTS xv Multicast Filtering Com mands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272 IGMP Snoo ping Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . . 4-272 ip igmp snoo ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-273 ip igmp snoo ping vlan static . . . . . . . . . . . . . . . . . . . [...]

  • Página 20

    xvi T ABLES Table 1-1. Key Featur es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Table 1-2. System Defa ults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Table 3-1. Configurat ion Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Table 3-2. Main Menu . . . . . . . . [...]

  • Página 21

    T ABLES xvii Table 4-22. RADIUS Clien t Commands . . . . . . . . . . . . . . . . . . . . . . . . 4-95 Table 4-23. TACA CS+ Client Comma nds . . . . . . . . . . . . . . . . . . . . . . 4-99 Table 4-24. Port Secu rity Comma nds . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 Table 4-25. 802.1x Port Authentication Commands . . . . . . . . . . [...]

  • Página 22

    xviii F IGURES Figure 3-1. Homepage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Figure 3-2. Panel Disp lay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Figure 3-3. System In formation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 Figure 3-4. Switch In formation . . . . [...]

  • Página 23

    F IGU RES xix Figure 3-37. C onfiguring Port Attributes . . . . . . . . . . . . . . . . . . . . . . 3-86 Figure 3-38. Static Trunk Configur ation . . . . . . . . . . . . . . . . . . . . . . . 3-88 Figure 3-39. L ACP Port Configu ratio . . . . . . . . . . . . . . . . . . . . . . . . . 3-90 Figure 3-40. L ACP Aggregati on Port Configura tion . . . . [...]

  • Página 24

    F IGU R ES xx Figure 3-74. Set ting IP Prece dence/DSCP Priority Status . . . . . . . 3-170 Figure 3-75. Map ping IP Preced ence to Cl ass of Serv ice Values . . . 3-172 Figure 3-76. Mapping IP DSCP Priority to Class of Service Values 3-174 Figure 3-77. Glo bally Enabling th e IP Port Priority Stat us . . . . . . . 3-175 Figure 3-78. IP Port Priori[...]

  • Página 25

    1-1 C HAPTER 1 I NTRODUCTION This sw itch provides a broad range of features for La yer 2 switchin g. It include s a managemen t agent that all ows you to configure the featu res listed in this manual. The default configuration can be used for most of t he featu res pro v ided by this s witch . Ho wev er , there ar e many options that y ou should c[...]

  • Página 26

    I NTR ODU CT IO N 1-2 Descri ption of Softwa re Featu res Th e switch provide s a wide rang e of advanced pe rfor man ce enhan cing featu res . Flow cont rol elim inates the loss of pac kets d ue to bo ttlenec ks caused by por t saturation . Broadc ast stor m suppr ession pr events broad cast traffi c stor ms from en gulfing the network. Port-base [...]

  • Página 27

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-3 Authentication – This switc h authentic ates management a ccess via the console por t, T eln et or web br owser . User names and passwords ca n be configur ed locally or can be v erified via a rem ote authenticati on ser ver ( i.e., RADIUS or TA CACS+). Port-bas ed authe nticat ion is also suppor ted v ia[...]

  • Página 28

    I NTR ODU CT IO N 1-4 P ort Mi rro ri n g – The sw itch can unobtrusi vely mirror traffic from any por t to a monito r po rt. Y ou ca n then attach a proto col an alyze r or RM ON probe to this port to perform traffic an alysis and ve rify connec tion integ rity . P or t T r unking – P orts can be co mbined in to an ag gregate connection . T r [...]

  • Página 29

    D ESCRIPTION OF S OFTWARE F EAT UR ES 1-5 T o av oid dro pping fr ames on congested ports, the s witch provi des 1 MB for fram e buffe ring. This buffe r can qu eue packets await ing tran smissio n on cong e sted networks. Spanning T r ee Protocol – The switc h supp orts these spanni ng tre e protoc ols: Spanning T ree Protocol (STP , IEEE 802.1D[...]

  • Página 30

    I NTR ODU CT IO N 1-6 Vir t ua l L AN s – The switch supports up to 255 VLANs . A Vir tual LAN is a collection of ne twork nodes that share the same collisio n domain reg ardles s of thei r physical lo cation or connec tion point in the network. The s witch suppor ts ta g ge d VLANs ba sed on the IEEE 802.1Q sta ndard. Membe rs of VL AN groups ca[...]

  • Página 31

    S YSTEM D EFAULTS 1-7 System Defaults The swit c h’ s system defaults are provided in the config uration file “Factor y_Defau lt_Config.cf g.” To rese t the swit ch defaults, this file should be s et as the star tup configur ation file (page 3-25). The following table lists some of the basic system defaults . Table 1-2. System Defaults Functi[...]

  • Página 32

    I NTR ODU CT IO N 1-8 Port Configuration Admin Sta tus E nabled Auto-negotiation Enabled Flow Control D isabled Port Capability 1000BASE-T – (10 Mbps half d uplex) (10 Mbps full du plex) (100 Mbps half dupl ex) (100 Mbps full duplex ) (1000 Mbps full duplex ) (Full-duplex flo w control) (disabled) (Symmetric f low control) (disabled) 1000BASE-SX/[...]

  • Página 33

    S YSTEM D EFAULTS 1-9 Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filterin g Disabled Switchport Mode ( Egress Mode) Hybrid: tagged /untagged frames GVRP (globa l) Disabled GVRP (port interface) Disabled Traffic Prioritization Ingress Port Priority 0 Weighted Round Robin Q ueue: 0 1 2 3 4 5 6 7 Priority: 2 0 1 3 4 5 6 7 IP [...]

  • Página 34

    I NTR ODU CT IO N 1-10[...]

  • Página 35

    2-1 C HAPTER 2 I NITI AL C ONFIGURATI ON Connect ing to the Switc h Configuration Opt ions The switc h incl udes a b uilt-in ne tw ork managem ent agent. The agent offer s a variety of m anage ment opt ions, including SNM P , RMO N and a W eb-based i nterface . A PC may also be co nnecte d directl y to the s witch for conf iguratio n and mo nitorin[...]

  • Página 36

    I NI TIA L C ONFIGURATION 2-2 The switch’ s W eb int erface, CLI configuratio n prog ram, and SNMP agent allow you to perf or m the following manage ment fu nctions: • Set user na mes and pas swords for up to 16 users • Set an IP i nterf ace fo r a mana gemen t VLAN • Con fig ure SN MP p arame ter s • Enable /disa ble any port • Set the[...]

  • Página 37

    C ONNECTING TO THE S WITCH 2-3 T o connect a ter minal t o the co nsole p ort, complete the foll owing steps: 1. Connect t he cons ole cable t o the serial port on a terminal, or a PC r unning ter minal emulation software, and tighte n the captive retaining screw s on the D B-9 co nnect or . 2. Connect the other end of the ca ble to the RS-232 seri[...]

  • Página 38

    I NI TIA L C ONFIGURATION 2-4 Remote Connections Prior to accessing the swit ch’ s onboard a gent via a net wo rk connectio n, you must first co nfigur e it with a v alid IP addres s , subnet mask, and defaul t g ateway using a con sole con nection, DH CP or B OOTP prot ocol. The IP address for this switch is unassigned by default. T o manually c[...]

  • Página 39

    B ASIC C ONFIGURATION 2-5 Acces s to both CL I levels are co ntrolle d by user na mes and pa sswords . The switch has a default user name and password for each lev el. T o log into the CLI at the Privileg ed Exec lev el using the default us er name and passw ord, perform thes e steps: 1. T o initiate your console co nnection , press <Enter>. [...]

  • Página 40

    I NI TIA L C ONFIGURATION 2-6 T ype “us er name adm in password 0 p assword , ” for the Pr ivile ged Ex ec lev el, where pa ssword is your new pass wo rd. Pres s <Ent er>. Setting an IP Address Y ou must establish IP addre ss infor mation fo r the switch to obtain manag ement a ccess t hroug h the network. Th is can be done i n either of [...]

  • Página 41

    B ASIC C ONFIGURATION 2-7 Before you can assign an IP addr ess to the swit ch, you m ust obta in the following info r matio n from your network admini strat or: • IP addres s for the switch • Default gateway for th e network • Network mask for this networ k T o assign an IP address to the switch, complete th e following ste ps: 1. Fr om the P[...]

  • Página 42

    I NI TIA L C ONFIGURATION 2-8 If the “bo otp” or “dhcp” option is s av ed to th e star tup-co nfig file (s tep 6) , then the switch will st art broadc asting ser vice requests as soon as it is powered on . T o automatica lly config ure the swi tch b y communica ting wi th BOOTP or DHCP addr ess alloca tion ser vers on the network, comple te[...]

  • Página 43

    B ASIC C ONFIGURATION 2-9 6. Then s av e y our conf igur ation c hanges by t yping “ copy running- config star tup-c onfig. ” En ter the star tup file na me and press <En ter>. Enabling SNMP Management Access The swi tch c an be config ured to ac cept ma nagement com mands from Simple Ne twork Manage ment Prot ocol (SNMP ) applicat ions s[...]

  • Página 44

    I NI TIA L C ONFIGURATION 2-10 Th e def ault str ings a re: • public - wit h read-only access. Au thor ized manag ement stat ions are only able to retrieve MIB ob jects. • private - with re ad-write access. A uthorized management stations ar e abl e to bo th re trie ve an d modif y MI B obj ects. Note: If you do no t intend to utilize SNMP, we [...]

  • Página 45

    B ASIC C ONFIGURATION 2-11 Trap Receiver s Y ou ca n also specify SNMP stations that are to re ceiv e traps from t he switch. T o configure a t rap recei v er, complete the follo wing s teps: 1. Fr om the Privil eged Ex ec lev el global co nfigura tion mode prompt, type “s nmp-ser ver host host-address community-string , ” where “host-ad dres[...]

  • Página 46

    I NI TIA L C ONFIGURATION 2-12 Managing System Files Th e switch’ s fl ash memor y sup ports three type s of system f iles that can be managed by the CLI prog ram, W eb interface, or SNMP . The switch’ s file syste m allow s files t o be up loaded and downlo aded, co pied, dele ted, an d set as a start-up file . Th e thre e types of file s are:[...]

  • Página 47

    M ANAGING S YSTEM F ILES 2-13 Note that configuration files should be downloaded using a file name that reflects t he conten ts or us age of the fi le sett ings . If y ou do wnload di rectly to the r unning -config, th e system wi ll reboot, and the setting s will hav e to be copi ed from the r unni ng-conf ig to a per m anent file.[...]

  • Página 48

    I NI TIA L C ONFIGURATION 2-14[...]

  • Página 49

    3-1 C HAPTER 3 C ONFIGU RING THE S WITCH Using the We b Interface This sw itch provides an embedded HTTP W eb agent. Usin g a W eb bro wser y ou can confi gure the s witch an d view stat istics to monitor netw ork ac tivity . T he W eb agent can be access ed by any computer on the network us ing a standa rd W eb browser ( Inte rn et Expl orer 5.0 o[...]

  • Página 50

    C ONFIGURING THE S WI TCH 3-2 Notes: 1. Yo u are allow ed three attempts to enter the correct p assword ; on th e third fail ed atte mpt the curr ent connectio n is terminate d. 2. If you log in to the We b interface as gue st (Normal Exec level), you ca n view t he config uratio n setti ngs or c hange t he gues t password. If you log in as “admi[...]

  • Página 51

    N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-3 Navigati ng the Web Br owser Interfac e T o access the we b-browser in terface yo u must first enter a user name and passw ord. T he adminis trator has R ead/W rite access to all conf iguration parameter s and statisti cs . T he defaul t user nam e and pa ssw ord for the administrator is “ admin[...]

  • Página 52

    C ONFIGURING THE S WI TCH 3-4 Configuration Opt ions Configur able par ameters ha ve a dial og bo x or a drop-do wn list . Once a config urati on change has be en made on a pag e, be sure to click on th e “ Ap ply” or “ Apply Cha nge s” button to confir m t he new s etting . T he following table sum marizes the web pag e configuration butto[...]

  • Página 53

    N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-5 Main Menu Using t he onbo ard we b agent, y ou can def i ne sys tem par ameters , manage and control the switch, and all its po rts, or monitor network condition s . The following table briefly describes the selec tions av ailable from this prog ram . Table 3-2. Main Menu Menu Des cription Page Sy[...]

  • Página 54

    C ONFIGURING THE S WI TCH 3-6 SSH 3-41 Settings Configures Secure Shell server setting s 3-46 Host-Key Settings Generates the host key pair (public and private) 3-43 Port Security Configures per port security, including status, respon se for security breach, and maximum allowed MAC a ddresses 3-48 802.1x Port authentication 3-104 Information Displa[...]

  • Página 55

    N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-7 LACP 3-89 Configuration Allows ports to dynamically jo in trunks 3-89 Aggregat ion Port Configure s system p riority, ad min key, and port priority 3-91 Port Counters Information Displays statistics f or LACP protocol message s 3-94 Port Internal Information Displays settings and operational state[...]

  • Página 56

    C ONFIGURING THE S WI TCH 3-8 Address Aging Sets timeout for d ynamically lear ned entries 3-115 Spanning Tre e 3-116 STA Information Displays STA values u sed for the bridge 3-117 Configura tion Configure s global bridge settings for ST A, RS TP and M STP 3-121 Port Information Displays individual port set tings for STA 3-126 Trunk Information Dis[...]

  • Página 57

    N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-9 VLAN 3-141 802.1Q VLAN GVRP Status Enable s GVRP VLAN registration protocol 3-146 Basic Informa tion Displays informat ion on the VLAN type supported by this swi tch 3-146 Current Table Shows the current port members of each VLAN and whether or not the port is tagged or untagged 3-147 Static List [...]

  • Página 58

    C ONFIGURING THE S WI TCH 3-10 Traffic Classe s Status Enables/di sables traffic class priorit ies ( not implemented) NA Queue Mode Sets queue mode to strict priority or Weighted Ro und-Robin 3-167 Queue Scheduling Configures Weig hted Round Robin queueing 3-168 IP Precedence/ DSCP Priority Sta tus Globally sele cts IP Precedence or DSCP Priority, [...]

  • Página 59

    N AVIGATIN G THE W EB B RO W S E R I NTE RFA CE 3-11 IP Multicast Registration Table Displays all multicast groups active on this switch, includ ing multicast IP add resses and VLAN ID 3-187 IGMP M ember Port Table Indicat es multicas t addresse s associat ed with the selected VLAN 3-188 DNS General Configu ration Ena bles DNS; config ures domain n[...]

  • Página 60

    C ONFIGURING THE S WI TCH 3-12 Basic Configuratio n Displaying System I nformation Y ou ca n easily identify the sys tem b y displa ying the devic e name, locatio n and conta ct infor mation. Field Attribut es • Sy stem Name – Nam e assign ed to the s witch s ystem. • Object ID – MI B II object I D for switc h’s networ k manageme nt subsy[...]

  • Página 61

    B ASIC C ONFIGURATION 3-13 We b – C lick Syste m, Sy stem I nfor ma tion. S pecify t he sy stem n ame, location , and cont act infor mation fo r th e syst em admi nistrato r, then c lick Apply . (T his pag e also includes a T elnet button that allows access t o the Command Line Interface via T elnet.) Figure 3-3. System Information CLI – Specif[...]

  • Página 62

    C ONFIGURING THE S WI TCH 3-14 Displaying Switch Hardware/Software Versions Use the Swi tch I nfor mation page t o display hardware/fir mware version num b ers f or the main board and manage ment software, as w ell as the power status of the system. Field Attribut es Main Board • Serial Number – The ser ial number of the s witch. • Number of [...]

  • Página 63

    B ASIC C ONFIGURATION 3-15 We b – Click System, Switch Infor m ation. Figure 3-4. Switch Information CLI – Use the followin g command to display version infor mation. Console#show version 3-83 Unit1 Serial number : Hardware version : Number of ports :48 Main power status :up Redundant power status :not present Agent(master) Unit id :1 Loader ve[...]

  • Página 64

    C ONFIGURING THE S WI TCH 3-16 Displaying Bridge Extension Capabilities Th e Bridg e MIB includ es exte nsions for manag ed device s that sup por t Multicast Filtering , T raffic Classes, and V irtual LANs . Y ou can acc ess these exten sions to disp lay defau lt setting s for the ke y variab les . Field Attribut es • Ext ended Mul ticast Fi lter[...]

  • Página 65

    B ASIC C ONFIGURATION 3-17 We b – Click System, Bridge Extens ion. Figure 3-5. Bridge Extension Configuration CLI – Enter the following command. Setting the Switch’s IP Address Th is section d escrib es how to conf igure an IP interf ace fo r manag ement access ov er the n etwo rk. The IP address for this switc h is unassi gned b y default. T[...]

  • Página 66

    C ONFIGURING THE S WI TCH 3-18 Y ou ca n man ually con figure a sp ecific IP addres s , or dire ct the d evice to obtain an address from a BOOTP or DHCP ser ver . V alid IP a ddresses consist of four dec imal numbers , 0 to 255, separated by periods . Anything outside this for mat will not be accepted by the C LI prog ram. Command Att ributes • M[...]

  • Página 67

    B ASIC C ONFIGURATION 3-19 Manual Con figuration We b – Click System, IP Configuration. Select th e VLAN through which the man ageme nt station is attached, s et the IP Ad dress Mo de to “Sta tic, ” enter th e IP addres s , subnet mask and gateway , then click Apply . Figure 3-6. Manual IP Configuration CLI – Specify t he management i nterf[...]

  • Página 68

    C ONFIGURING THE S WI TCH 3-20 Usin g DHCP /BOO TP If you r network p rovide s DHC P/BO OTP s er vic es, you can conf igure the switc h to be d ynamic ally config ured b y these ser vices . We b – Click System, IP Config uration. Specify the VLAN to which the manag ement st ation is atta ched, set th e IP Addre ss Mode t o DHCP or BOOTP . Click A[...]

  • Página 69

    B ASIC C ONFIGURATION 3-21 CLI – Spec ify the man ageme nt interfac e, and set th e IP addre ss mode to DHCP or BOOTP , and then en ter the “ip dhcp res tart c lient ” comma nd. Renewing DCHP – DHCP may lease addr esses to clien ts indef inite ly or for a sp ecific per iod of time . If the ad dress ex pires or the swit ch is mov ed to anoth[...]

  • Página 70

    C ONFIGURING THE S WI TCH 3-22 Managing Firmware Y ou can up load/down load fir m ware to or f rom a TFTP se r ver . By saving r untime code to a file on a TFTP se r v er, that file can later be do wnloaded to the sw itch to rest ore oper ation. Y ou c an also se t the swit ch to use new fir mware without overwriting the previous version. Note: Run[...]

  • Página 71

    B ASIC C ONFIGURATION 3-23 We b – Click Sys tem, Fi le, Firmware . Enter the IP addr ess of the TFTP server , ente r the file name of the s oftw are to do wnload, selec t a file on the switch to ove rwrite or specify a new file nam e , then click T ransfer from Server . T o sta rt the new fi r mware , reb oot the system via the System/R eset menu[...]

  • Página 72

    C ONFIGURING THE S WI TCH 3-24 CLI – Ente r the IP a ddress o f the TF TP ser v er , sele ct “con fig” o r “opcod e” file type, th en ente r the source and destin ation fil e names, set the new file to star t up the sys tem, and then rest art th e switch. . Saving or Restoring Configuration Sett ings Y ou can up load/down load conf igurat[...]

  • Página 73

    B ASIC C ONFIGURATION 3-25 Download ing Configur ation Setti ngs fro m a Server Y ou ca n dow nload t he conf igurati on fi le under a new fi le name and the n set it as the s tartup file, or y ou can specify th e current startup configuration file as the desti nation file to directly re place it. N ote that the file “Factor y_D efault _Conf ig .[...]

  • Página 74

    C ONFIGURING THE S WI TCH 3-26 . If you download the startup configuration file under a new file name, you can set this fi le as the star tup file a t a later time, and th en resta rt t he switch . Resetting the System We b – Clic k Syst em, R eset. C lic k the Re set but ton to rest art the s witc h. Figure 3-12. Resetting the System CLI – Use[...]

  • Página 75

    B ASIC C ONFIGURATION 3-27 Setting the System C lock Simple Network Time Protocol (SNTP) allows the switch to set its int ernal cloc k based on peri odic updat es from a time server (S NTP or NTP) . Maintaining an accurate time on the switch enables the sy stem log to record m eaningful dat es and times for even t entries . Y ou can also manual ly [...]

  • Página 76

    C ONFIGURING THE S WI TCH 3-28 Command Att ributes • SNTP Clie nt – Configures t he swit ch to ope rate as a n SNTP unica s t client . This mode requ ires at leas t one time se rver to be speci fied in the SNTP Server fiel d. • SNTP Broadca st Client – Configures the switch to operat e as an SNTP bro adcast c lient. This mode requ ires no o[...]

  • Página 77

    B ASIC C ONFIGURATION 3-29 Sett ing the T ime Zo ne SNTP uses Co ordinated Univ ersal Time (or UT C, for merly Gre enwich Mean T ime , or G MT) based on the time at the E arth’ s prime mer idian, zero deg rees long itude. T o display a time cor respo nding to your local time, you mu st in dicat e t he numb er o f hou rs a nd minu tes your t ime z[...]

  • Página 78

    C ONFIGURING THE S WI TCH 3-30 Simple Netw ork Management Protocol Simple Ne twork Manage ment Prot ocol (SNMP ) is a communic ation protoc ol desig ned spec ifically for managi ng dev ices on a ne twork. Equipmen t commonly managed wi th SNMP in cludes swit ches , routers and h ost co mput ers . SN MP is ty pica lly us ed to con fig ure th ese de [...]

  • Página 79

    S IMP LE N ETWORK M ANAGEME NT P RO T OC O L 3-31 • Acce ss Mode - Read-Only – Speci fies read-o nly acce ss. Au thorized managemen t stations are only able to re trieve MIB objects. - Read/Write – Specifi es read -write a ccess. Au thor ized mana gement station s are abl e to both retr ieve and mo dify MIB ob jects. We b – Click SN MP , Co[...]

  • Página 80

    C ONFIGURING THE S WI TCH 3-32 Command Att ributes • Trap Manager Capability – This switch supports up to five trap managers. • Trap Manager IP Address – Interne t addr ess of t he host (the target ed recipi ent). • Trap Manager Community String – Community string sent with the notificat ion oper ation. (Ran ge: 1-32 charact ers, ca se [...]

  • Página 81

    U SER A UTHENTICATION 3-33 User Aut henticat ion Y ou can restrict manageme nt access to this switch using the following options: • Passwor ds – Manual ly conf igure access rights on the sw itch for specified us ers. • Authe ntication S ettings – Use r emote authe ntication to configur e access ri ghts . • HTTPS Set tings – Provi de a s[...]

  • Página 82

    C ONFIGURING THE S WI TCH 3-34 We b – Click Secu rity , Passwords . T o chang e the pas sword for th e cur r ent user , enter th e old p assw ord, the new passw ord, con fir m it by en tering it again, then clic k Apply . Figure 3-17. Configuring the Logon Password CLI – Assign a user nam e to acc ess-lev el 15 (i. e., ad ministra tor), then sp[...]

  • Página 83

    U SER A UTHENTICATION 3-35 Re mote Authen tication Dia l-in User Ser v ice (RADIU S) and T er m inal Access Control ler Access Contro l System Pl us (T A CA CS+) are l ogon authe nticat ion prot ocols tha t use so ftware r unn ing on a central se r ver to control ac cess to RADIUS-a ware or T A CA CS -aware de vices on the network. An a uthenti cat[...]

  • Página 84

    C ONFIGURING THE S WI TCH 3-36 Command Att ributes • Authentication – Sele ct the a uthen tica tion, or au thenti catio n sequenc e required : - Local – User authentication is performed only locally by the switch. - Radius – User auth enticati on is pe rformed using a RADIUS ser ver only. - TACA CS – User authen tication is p erformed us [...]

  • Página 85

    U SER A UTHENTICATION 3-37 • TACACS Se ttings - Server IP Address – Addre ss of the TACA CS+ server. (Default: 10.11.12.13) - Serv er Po rt Num ber – Netw ork (TCP) p ort o f TAC ACS+ s erver used for auth enticatio n messages. (Range: 1-65535; Default: 49) - Secret Text String – Encryp tion key u sed to auth entic ate logon access f or cli[...]

  • Página 86

    C ONFIGURING THE S WI TCH 3-38 CLI – Spe cify al l the r equired param eters to enable l ogo n aut henticati on. Configuring H TTPS Y ou ca n configu re the swi tch to enable t he Secure Hyp ertext T ransfer Proto col (HTT PS) over the Se cure Socket Lay er (SSL), providing secure access (i.e ., an encrypted con necti on) to th e switc h’ s we [...]

  • Página 87

    U SER A UTHENTICATION 3-39 • The cli ent and s erver estab lish a secure enc rypte d connecti on. A padloc k icon sh ould appe ar in the st atus bar for Inte rnet Ex plorer 5.x or above and Nets cape Nav igator 4.x or abov e. • The f ollowing web br owsers and operating systems cur rently supp ort HTTPS: • To speci fy a secu re-site certifi c[...]

  • Página 88

    C ONFIGURING THE S WI TCH 3-40 CLI – This example e nables the HTTP secure s er ver an d modifies the por t numbe r . Replacing t he Default Secur e-site Certif icate When you log onto the web interface using HTT PS (for secure access) , a Secure Soc kets La yer (SSL) ce rtificate appears for the sw itch. By d efault, the cer tificate that Netsca[...]

  • Página 89

    U SER A UTHENTICATION 3-41 Configuring th e Secure Shell The Berkley-stan dard includes remote access tools originally design ed for Unix sys tems . So me of thes e tool s have also bee n implem ented fo r Micros oft Windows a nd othe r environm ents . T hese to ols, including comma nds suc h as rlogin (remot e login) , rsh (remote s hell), and rc [...]

  • Página 90

    C ONFIGURING THE S WI TCH 3-42 T o use th e SSH ser ver, complete these s te ps: 1. Generate a Host Key P air – On the SSH Ho st Key Settings p age, crea te a host pu blic/pr iva te key pair . 2. Pr ovide Host Public Key to Clients – Many SSH client prog rams automatically impo rt the host public key during the ini tial connection setu p with t[...]

  • Página 91

    U SER A UTHENTICATION 3-43 6. Challenge-Res ponse Authentication – When an SSH client a ttempts to contact the swi tch, t he SSH server u ses the ho st k ey pair t o negotiate a sessi on ke y and en cr ypti on meth od. Onl y client s that hav e a pri vate k ey correspondi ng to th e public keys stored on the sw itc h can acce ss . The following e[...]

  • Página 92

    C ONFIGURING THE S WI TCH 3-44 Field Attribut es • Public-Key of Host-Key – The pu blic key for the hos t. - RSA: The first field indicates the size of the host key (e.g., 1024), the second field is the encod ed public exponent (e.g., 65537), and the last stri ng is the encode d modulus. - DSA: The firs t field in dicate s that the encr yption [...]

  • Página 93

    U SER A UTHENTICATION 3-45 We b – Click Security , SSH, Host-Key Settings . Select the host-key type from th e drop-down box, select th e option to save the host key fr om memor y to flash (if re quired) prior t o generating the ke y , and then click Generate. Figure 3-20. SSH Host-Key Settings[...]

  • Página 94

    C ONFIGURING THE S WI TCH 3-46 CLI – This example gen erates a h ost-k ey pair u sing bo th the RSA a nd DSA algor ithms , stores the keys to flash memor y , and then displays the host’ s public keys . Configur ing the SS H Server The SSH server inc ludes basi c sett ings for aut henticat ion. Field Attribut es • SSH Se rver S tatus – Allow[...]

  • Página 95

    U SER A UTHENTICATION 3-47 • SSH Authentication Retries – Specifies th e number of authent ication at tempts tha t a client is allow ed before au thentica tion fails an d the cl ient has to resta rt the a uthenticati on proces s. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Sp ecifies the SSH server key s ize. (Range: 512-896 bits[...]

  • Página 96

    C ONFIGURING THE S WI TCH 3-48 CLI – T his examp le ena bles SSH, set s the auth entica tion parame ters , and disp lays the current config uratio n. It shows th at the adminis trator has made a c onnectio n via SH H, and th en disa bles this connect ion. Configuring P ort Security P or t security is a featu re that allows y o u to config ure a s[...]

  • Página 97

    U SER A UTHENTICATION 3-49 T o add new VLAN members at a later time , you c an manually add secure addresses with the Static Address T able (page 3-112), or turn off port security to reenable th e learning function long eno ugh for new VLAN membe rs to b e regist ered. Le ar ning may then be disabl ed again, if desire d, for secu rity . Command Usa[...]

  • Página 98

    C ONFIGURING THE S WI TCH 3-50 We b – Click Security , P or t Securi ty . Se t the actio n to take when an invalid addr ess is de tected on a por t, m ark th e checkbox in the Statu s column to enable s ecurity for a port, set the maxi mum n umber of M A C addresses allowed on a port, and click Apply . Figure 3-22. Configuring Port Security CLI ?[...]

  • Página 99

    U SER A UTHENTICATION 3-51 Configuring 802.1x P ort Authentication Netw ork swit ches can provi de open an d easy acc ess to net w ork resour ces by simply attaching a client PC. Althoug h this automatic config uration and access is a desirable feature , it also allows unauthorized personnel to easily intr ude and poss ibly g ain access to sensit i[...]

  • Página 100

    C ONFIGURING THE S WI TCH 3-52 The operation of 802.1x on the switch require s the following: • The switch must have an IP address ass igned. • RADIUS a uthenti cation must b e enabled o n the swi tch and t he IP address of the RADIUS server sp ecified. • Eac h switch port that wil l be use d must be set to d ot1x “A uto” mode. • Each c[...]

  • Página 101

    U SER A UTHENTICATION 3-53 Command Att ributes • 802.1x Re-authentication – Indicates if switch port requires a client to be re-a uthentic ated after a certain pe riod of tim e. • 802.1x Max Request Count – The maximum number of times the switch port will retransm it an EAP re quest packet to the client before it times ou t the authe nticat[...]

  • Página 102

    C ONFIGURING THE S WI TCH 3-54 CLI – This example shows the default protocol settings for 802.1x. F or a descr iption of the addit ional entries di splayed in the CLI, S ee “show dot1x” on pag e 4-111. Console#show dot1x 3-111 Global 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: 30 ser[...]

  • Página 103

    U SER A UTHENTICATION 3-55 Configur ing 802.1x Global Setti ngs Th e dot1x prot ocol includes gl obal parame ters tha t contr ol the client auth entica tion pro cess th at runs betw een the clien t and the switc h (i.e ., au thenti cator) , as w ell as t he clien t ident ity loo kup pro cess th at r uns betw een the s witch and authent ication s er[...]

  • Página 104

    C ONFIGURING THE S WI TCH 3-56 We b – Select Security , 802.1x, Configuration. Enable dot1x globally for the switc h, modify any of the para meters requ ired, an d then cl ick App ly . Figure 3-24. 802.1x Configuration CLI – T his enables re-authentication and sets all of the global parameters for 802 .1x. Configur ing Port Au thorizatio n Mode[...]

  • Página 105

    U SER A UTHENTICATION 3-57 • Max Count – The maxim um number of hosts t hat can connect to a port when the Multi-Host o peration mode is selected. (Range : 1-20; Default: 5) • Mode – Sets the authenticatio n mode to on e of the follo wing optio ns: - Auto – Requires a dot1x-aw are client to be authorized by the authentication server. Cli [...]

  • Página 106

    C ONFIGURING THE S WI TCH 3-58 CLI – T his examp le sets the a uthentic ation mode to enable 802.1x on por t 2, and allows up to ten clients to connect to this por t. Displaying 802.1x S tatistics This sw itch can display statistics for dot1x proto col exc h anges for any por t. Stat isti cal V al ues Console(config)#interface ethernet 1/2 3-168 [...]

  • Página 107

    U SER A UTHENTICATION 3-59 We b – Select Security , 802.1 X, Statistics . Select the required po r t and then click Query . Click R efresh to update the st atistics . Figure 3-26. 802.1x Stati stics Tx EAPOL Total The num ber of EAPOL frames of an y type that have been transmitted by thi s Authenticator. Tx EAP Req/Id The number of EAP Re q/Id fr[...]

  • Página 108

    C ONFIGURING THE S WI TCH 3-60 CLI – This example displays the 802.1x statistics for por t 4. Access Control Lis ts Access Control Lists (A CL) pro vide pac ket filt ering for I P frames (based on add ress, protocol, L ayer 4 prot ocol por t number or TCP c ontrol cod e) or any fr ames (bas ed on MA C address or Ethernet typ e). To filter incomin[...]

  • Página 109

    A CCES S C ONTROL L ISTS 3-61 Command Usage The following rest rictions apply to ACLs: • Eac h ACL ca n have u p to 32 rule s. • The maximum number of ACLs is also 32. • However , due to resource restricti ons, the avera ge nu mber of rul es bound to the ports sho uld not e xceed 20. • You mus t config ure a mask for an ACL rule befo re you[...]

  • Página 110

    C ONFIGURING THE S WI TCH 3-62 Command Att ributes • Name – Name of the ACL. ( Maximum length: 16 character s) • Type – The re are t hree f ilter ing mo des: - Standard: IP A CL mode t hat fi lters packet s bas ed on the source IP address. - Extended: I P ACL mo de that filte rs pack ets bas ed on so urce or destin ation IP addres s, as we [...]

  • Página 111

    A CCES S C ONTROL L ISTS 3-63 Configur ing a Standar d IP ACL Command Att ributes • Action – An AC L can contain all permit rules or all deny rules. (Default: P ermit rules) • IP – Speci fies the s ource IP a ddress. Use “Any” to inc lude all po ssible address es, “Ho st” to s pecify a specific host ad dress in the Addr ess fiel d, [...]

  • Página 112

    C ONFIGURING THE S WI TCH 3-64 CLI – This example c onfigu res one permit rule for the sp ecific add ress 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Confi guring an Ext ended IP ACL Command Att ributes • Action – An A CL can cont ain either all pe rmit rules or all deny rules. (Default: P erm[...]

  • Página 113

    A CCES S C ONTROL L ISTS 3-65 • Control B itmask – Decimal nu mber repr esentin g the co de bits to match. The co ntrol bi tmask is a decima l numb er (for an equiv alent bi nary bit mask) that is applied to t he control code. Enter a decimal number, where t he equiva lent b inary bit “1” m eans to match a bit an d “0” means to igno re [...]

  • Página 114

    C ONFIGURING THE S WI TCH 3-66 We b – Specify th e action (i .e ., P er mit or Den y). Spec ify the sour ce and/or desti nation addresses . Sele ct the addr ess type (Any , Host, or I P). If y ou selec t “Host, ” enter a specifi c address . If y ou sel ect “IP , ” enter a subnet address an d the mask for an addr ess range . Set any ot her[...]

  • Página 115

    A CCES S C ONTROL L ISTS 3-67 3. P er mit all TCP pack ets from class C addresses 192.168.1.0 with the TCP contro l code set to “SY N .” Configur ing a MAC AC L Command Att ributes • Action – An AC L can contain all permit rules or all deny rules. (Default: P ermit rules) • Source/Destination MAC – Use “ Any” to incl ude all pos sib[...]

  • Página 116

    C ONFIGURING THE S WI TCH 3-68 • Packet Format – This at tribute incl udes the f ollowing p acket types: - Any – Any E thern et pa cket type . - Untagged-eth2 – Untag ged Ethern et II pa ckets. - Untagged-802.3 – Untagged Ethernet 802.3 packets. - Tagged-eth2 – Ta gged Eth ernet II pa cket s. - Tagged-802.3 – Tagged Ethernet 802.3 pac[...]

  • Página 117

    A CCES S C ONTROL L ISTS 3-69 We b – Specify th e action (i .e ., P er mit or Den y). Spec ify the sour ce and/or desti nation addresse s . Se lect the address type (Any , Host, or MA C). If y ou select “Host,” enter a specific ad dress (e .g ., 11-22-33-4 4-55-66). If you select “MA C, ” enter a b ase address and a hexidecimal bit mask f[...]

  • Página 118

    C ONFIGURING THE S WI TCH 3-70 Configuri ng ACL Masks Y ou can specify option al masks that control th e order in which A CL r ules are c heck ed. The switc h i nclud es tw o system defaul t masks th at pass/fi lter pack ets match ing the per mit/d eny r ul es specifi ed in an i ngress A CL. Y o u can als o configure up to sev en user-de fined mask[...]

  • Página 119

    A CCES S C ONTROL L ISTS 3-71 We b – Click Security , ACL, Mask Configuration. Click Edit for one of the bas ic mask types t o ope n the co nfigur ation page . Figure 3-31. Choosing ACL Types CLI – This exam ple crea tes an I P ingre ss mas k, and then add s two r ules. Each rul e is c hecked in order of preced ence t o look f or a match in the[...]

  • Página 120

    C ONFIGURING THE S WI TCH 3-72 subnet ), or “ IP” to specif y a range o f addres ses. ( Optio ns: An y, Host, IP; Defau lt: Any) • Src/Ds t IP Bitmask – So urce or des tination address of rule mu st match this bitmask. (See the description for SubMask on page 3-63.) • Protocol B itmask – Check the prot ocol field. • Service Type – C[...]

  • Página 121

    A CCES S C ONTROL L ISTS 3-73 We b – Co nfigure the mask to m atch the req uired r ul es in the I P ing ress o r egress A CLs . Set the m ask to c hec k for any so urce or des tination address , a specif ic host add ress , or an addres s range. Include ot her cri teria to se arch for in th e r ules , suc h as a protoc ol type or one of the se r v[...]

  • Página 122

    C ONFIGURING THE S WI TCH 3-74 Confi guring a MAC ACL Mask This mask defin es the fields to chec k in the pack et header . Command Usage Y ou m ust configure a mask for an A CL rule before you c an bind it to a por t. Command Att ributes • Source/Destination MAC – Use “Any” to match any a ddress, “Host” to specif y the host a ddress f o[...]

  • Página 123

    A CCES S C ONTROL L ISTS 3-75 We b – Con figure the mask to match the required ru les in th e MA C ing ress or egress A CLs . Set the mask to chec k for any so urce or des tination address , a host addre ss, or an addre ss range. Us e a bitmask to se arch for specific VL AN ID(s) or E thern et type(s ). Or check for r ules where a pack et f or ma[...]

  • Página 124

    C ONFIGURING THE S WI TCH 3-76 CLI – T his examp le shows how to crea te an Ing r ess MAC A CL and bin d it to a po rt. You can then see that the ord er of the rule s have been cha nged by the ma sk. Binding a Port t o an Access Control List After co nfiguring th e Access Control Li sts (A CL), you can bind th e por ts that n eed to fi lter traf [...]

  • Página 125

    A CCES S C ONTROL L ISTS 3-77 • When an ACL is bound to an inte rface as an egress filter, all e ntries in the ACL must be deny rules. Otherwise, the bind operation will fail. • The swit ch does no t support the explici t “deny a ny any” rul e for the egress IP ACL o r the egre ss MAC ACL s. If t hese rules are in cluded in ACL, and you att[...]

  • Página 126

    C ONFIGURING THE S WI TCH 3-78 CLI – This examples assign s an IP and MA C ingress A CL to port 1, and an IP ing ress ACL to por t 2. Filtering Management Access Y ou ca n speci fy the cli ent IP addresse s that are all owe d management access to the switc h through the w eb inter face , SNMP , or T elnet. Command Usage • The mana gement interf[...]

  • Página 127

    F ILT ERI NG M ANAG EMENT A CCES S 3-79 Command Att ributes • Web IP Fil ter – Co nfigures IP address( es) for th e web group . • SNMP IP Fi lter – Con figures IP add ress(es ) for the SNMP group. • Telnet IP Filte r – Confi gures IP address( es) for the Teln et group. • IP Filter List – IP address which are allowe d management acce[...]

  • Página 128

    C ONFIGURING THE S WI TCH 3-80 Port Conf iguration Displaying Connection Status Y ou can use the Port Infor m ation or Trun k Infor matio n pag es to disp lay the current c onnecti on stat us , incl uding link sta te, sp eed/dupl ex mode , flow co ntrol, and auto-negotiat ion. Field Attribut es (W eb ) • Name – Inter face labe l. • Type – I[...]

  • Página 129

    P ORT C ONFIGURATION 3-81 We b – Click P or t, P ort In for mation or T r unk Infor matio n. Figure 3-36. Port Status Information Field Attribut es (CLI) Basic infor mation: • Port type – Indic ates the p ort typ e. (1000BASE-T, 1000BAS E-SX, 1000BASE-LX or 100BASE-FX) • MAC address – The p hysical layer add ress for this port. (T o acces[...]

  • Página 130

    C ONFIGURING THE S WI TCH 3-82 • Capabilities – Specifies the capab ilities to b e advertised fo r a port durin g auto-n egoti ation. (To acce ss this it em on the web, se e “Confi guring Interfac e Connec tions” on page 3- 48.) The following capabilities are supported. - 10half - Supports 10 Mbps half -duplex op eration - 10full - Supports[...]

  • Página 131

    P ORT C ONFIGURATION 3-83 CLI – This example s hows t he connect ion sta tus for P ort 5. Console#show interfaces status ethernet 1/5 3 -178 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-30-f1-47-58-46 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 100 0full, Br[...]

  • Página 132

    C ONFIGURING THE S WI TCH 3-84 Configuring I nterface Connections Y ou can use the P o rt Config uration or T r unk Configuration page to enable/disable an int erface , set auto- negotia tion a nd the i nte rface capabilities to advert ise, or man ually fix the speed, d uplex mode, and f low contr ol. Command Att ributes • Name – Allows you to [...]

  • Página 133

    P ORT C ONFIGURATION 3-85 - Flow control can elimina te frame los s by “blocki ng” traff ic from en d statio ns or s egment s connect ed direct ly to t he switch when it s buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. (A void using flow control on a port con nected to a hu[...]

  • Página 134

    C ONFIGURING THE S WI TCH 3-86 We b – Click P or t, Po r t Configuration or T r unk Configuration. Mo dify the required interface settings, and c lick Apply . Figure 3-37. Configuring Port A ttributes CLI – Sele ct the in terface, and t hen enter th e requir ed settin gs . Creating Trunk Groups Y ou ca n create m ultiple l inks betwee n devices[...]

  • Página 135

    P ORT C ONFIGURATION 3-87 The swi tch s upports bo th stati c trunking an d dyna mic Link Agg regation Control P rotocol (L A C P). St atic tr unk s have to be manually co nfigured a t both end s of th e link, and t he switc hes m ust compl y with th e Cisco Ether Chann el stand ard. On the ot her hand , LA CP co nfigur ed por ts c an automatically[...]

  • Página 136

    C ONFIGURING THE S WI TCH 3-88 Static ally Configurin g a Trunk Command Usage • When config uring static trunks, you may not be able to lin k switches of diff erent type s, de pending on the manufact urer’s impl ementa tion. However, note th at the st atic trunks on this sw itch are Cisco Ether Channe l compa tible. • To av oid crea ting a lo[...]

  • Página 137

    P ORT C ONFIGURATION 3-89 CLI – This example cre ates trunk 2 with ports 1 and 2. Jus t connect these por ts to t w o static tr unk po rts on anot her swit ch to for m a tr unk. Enabling LACP on Selected Por ts Command Usage • To av oid crea ting a loo p in the networ k, be s ure you enable LACP befor e conn ecting t he port s, and a lso disco [...]

  • Página 138

    C ONFIGURING THE S WI TCH 3-90 • A trunk formed with another switch using LACP will automatically be assign ed the n ext availab le trunk ID . • If more t han four por ts attach ed to the s ame target s witch ha ve LACP enabled, the addition al ports will be placed in stand by mode, and will only be enabled if one of the active links fails. •[...]

  • Página 139

    P ORT C ONFIGURATION 3-91 CLI – T he foll owing e xamp le en ables LACP for p or ts 1 t o 6. Just conn ect these ports to LA CP-enabled tr unk po rts on anothe r switc h to fo r m a tr unk. Configur ing LACP P arameters Dynamically Creating a Port Channel P ort s assigned to a commo n por t channel must meet the foll owing criteria: • Ports mus[...]

  • Página 140

    C ONFIGURING THE S WI TCH 3-92 Note: If the port channel admin key (lacp admin key, page 4-194) is not set (t hroug h the CLI) when a cha nnel grou p is forme d (i.e., it has a null value of 0), this key is set to the same value as the por t admin key used by th e inter faces tha t joined the group (lacp admin key, as describe d in this sec tion an[...]

  • Página 141

    P ORT C ONFIGURATION 3-93 We b – Click P or t, LACP , Ag gre gation P or t. Set the System Priori ty , Admin Key , and Port Priority for the P o rt Ac tor . Y ou can op tionally configure these se ttings for the Port Partne r . (Be a ware that thes e setti ngs only affect the adminis trative state of the par tner, and will not ta ke effect until [...]

  • Página 142

    C ONFIGURING THE S WI TCH 3-94 CLI – The followi ng example co nfigures L A CP parameters for ports 1-6. P or ts 1-4 are used as activ e members of the LA G; por ts 5 and 6 are set to backup mo de. Displaying LACP Port Counter s Y ou can display stat istics f or LACP protoc ol mes sages. Counter I nfor mation Console(config)#interface ethernet 1/[...]

  • Página 143

    P ORT C ONFIGURATION 3-95 We b – Click P or t, LA CP , Port Counters Infor matio n. Select a member port to dis pla y the correspond ing in for mation. Figure 3-41. Displaying LACP Port Counters Information Marker Received Number of valid Marker PDUs rece ived by this channel group. LACPDUs Unknown Pkts Number of frames received that either (1) C[...]

  • Página 144

    C ONFIGURING THE S WI TCH 3-96 CLI – The follow ing examp le displa ys LA CP counte rs for port channel 1. Displaying LACP Settings and Status f or the Local Side Y ou can display configuration setting s and the operation al state for the local side of an link ag g reg ation. Inter nal Conf iguration Infor mation Console#show 1 lacp counters 3-19[...]

  • Página 145

    P ORT C ONFIGURATION 3-97 Adm in Sta te, Oper S tate Administrative or opera tional values of the actor’s state parameters: • Expir ed – The actor’s receive mac hine is in the expired state ; • Defaulted – The a ctor’s receive machine is u sing def aulted operational p artner informat ion, administrat ively configured for th e partner[...]

  • Página 146

    C ONFIGURING THE S WI TCH 3-98 We b – Click P or t, LA CP , P or t Inter nal Infor mation. Sele ct a port channel to disp lay th e cor resp ondin g information. Figure 3-42. Displayi ng LACP Port Information CLI – The follow ing examp le displa ys the LA CP configurat ion settin gs and op erational state for the lo cal side of port ch annel 1. [...]

  • Página 147

    P ORT C ONFIGURATION 3-99 Displaying LACP Settings and Status for the Remote Side Y ou can display configuration setting s and the operation al state for the remote side of an link ag greg ation. Neighbor C onfigurat ion Infor mation Table 3-7. L ACP Remote Side S ettings Field Description Partner Admin System ID LAG partner’s syst em ID assigned[...]

  • Página 148

    C ONFIGURING THE S WI TCH 3-100 We b – Click P or t, LA CP , P or t Neighbors In for mation. Select a por t channel to display the cor respondin g infor mation. Figure 3-43. Displaying Remote LACP Port Information CLI – The follow ing examp le displa ys the LA CP configurat ion settin gs and op erational state for the rem ote side of port ch an[...]

  • Página 149

    P ORT C ONFIGURATION 3-101 Setting Broadcast Storm Thre sholds Broadc ast storms may occu r when a d evice on y our netw ork is malfunctioning, o r if application prog rams are no t well designed or proper ly config ured. I f there i s too m uch broadcas t traf fic on y our network, per for mance can be severel y deg rade d or every thing can c ome[...]

  • Página 150

    C ONFIGURING THE S WI TCH 3-102 We b – Click P or t, P o rt Broadcast Con trol. Set the threshold any por t, click Apply . Figure 3-44. Enabling Port Broadcast Control CLI – Sp ecify any inter face, and then en ter the thresh old. T he f ollowing disab les br oadcast storm control fo r port 1, and then s ets broa dcast suppression at 600 pack e[...]

  • Página 151

    P ORT C ONFIGURATION 3-103 Configuri ng Port Mirrorin g Y ou ca n mirror traffic fr om any sour ce por t to a ta rge t por t for r eal-time analysis . Y ou can then attach a logic analyzer o r RMON pr obe to th e target port and stud y the traffic crossing t he source po rt in a completel y unobtrusiv e manner . Command Usage • Monito r port spee[...]

  • Página 152

    C ONFIGURING THE S WI TCH 3-104 We b – Click P or t, Mirror Port Configuration. Spe cify the source port, th e traffi c type to be mir rored, an d the mon itor por t, then click Add. Figure 3-45. Co nfiguring a Mirro r Port CLI – U se th e int erfac e com mand to sel ect th e moni tor p ort , then use the por t monitor command t o specify th e [...]

  • Página 153

    P ORT C ONFIGURATION 3-105 Command Att ribut e Rate Limit – Sets the ou tput rate limit for an interfa ce. Default Status – Disab led Default Rate – 1000 Mbps Range – 1 - 1000 Mbps We b - Click Rate Limit , Input/ Output Port/T r unk Co nfiguration. Set the Input Rate Limit St atus or Outpu t Rate Limit Status, then set t he rate limit for [...]

  • Página 154

    C ONFIGURING THE S WI TCH 3-106 Showing Port Statistics Y ou ca n displ ay stand ard stat istics o n netw ork traffic from the I nterfaces Group and Ether net-like MIBs , as well as a detailed breakdown of traffic based o n the RMON MI B . Interf aces and Ethernet-li ke stat istics dis play errors on th e traf fic passi ng throug h eac h port. This[...]

  • Página 155

    P ORT C ONFIGURATION 3-107 Received Disca rded Packets The number of inboun d packets which were chose n to be discard ed even though no erro rs had been detected to prevent their being d eliverable to a higher-laye r protocol. One possibl e reason for discarding such a packet cou ld be to free up buffer space. Received Unknown Packets The number o[...]

  • Página 156

    C ONFIGURING THE S WI TCH 3-108 Alignment Errors The nu mber of alignment errors (mis synchronized data pac kets). Late Collisi ons The number of times th at a col lision is detected la ter than 512 bit-times into th e transmission of a packet. FCS Errors A count of frames received on a particula r interface that are an integra l number of octets i[...]

  • Página 157

    P ORT C ONFIGURATION 3-109 Internal MA C Receive Errors A count of frames for whic h reception on a parti cular interface fails due to an internal MA C sublayer receiv e error. RMON St atisti cs Drop Events The total number of events in which packets were dropped due to lack of resources. Jabbers The total numbe r of frames received tha t were long[...]

  • Página 158

    C ONFIGURING THE S WI TCH 3-110 We b – Click P ort, Port Statistics. Sele ct the required interface, and click Quer y . Y ou can also use the Refres h button at the bott om of the pag e to update th e screen. Figure 3-47. Displaying Port Statistics Fragments The total number of frames receiv ed that were less than 64 octets in length (ex cluding [...]

  • Página 159

    P ORT C ONFIGURATION 3-111 Figure 3-48. Displaying Etherlike and RMON Statistics[...]

  • Página 160

    C ONFIGURING THE S WI TCH 3-112 CLI – This example show s statistics for port 13. Addre ss Tabl e Sett ings Switches sto re the addresse s for all known devic es . This infor mation is used to pass t raffic di rectly betwee n the i nbound and outb ound po rts . All the add resses learned by m onitorin g traffic ar e stored in the dy namic address[...]

  • Página 161

    A DDR ESS T ABLE S ETTINGS 3-113 Command Att ributes • Static Address Counts * – The num ber of ma nually co nfigured addr esses. • Current Static Addr ess Table – Lists all the static addresses. • Interface – Port or trunk ass ociated with t he device assigne d a static address. • MAC Address – Physica l address of a device mapp ed[...]

  • Página 162

    C ONFIGURING THE S WI TCH 3-114 Displaying the Address Table The Dynamic Address T able contain s the MA C addre sses learned b y monit oring th e source address f or tra ffic enteri ng the s witch . When th e destination add ress for inbound traffic is found in the database, the pack ets intended fo r that addr ess are fo rwarde d directl y to the[...]

  • Página 163

    A DDR ESS T ABLE S ETTINGS 3-115 CLI – This example a lso dis play s the addre ss table entries fo r port 1. Changing the Agin g Time Y ou can se t the aging tim e for entri es in the d ynamic add ress tab le. Command Att ributes Aging Time – The time after whic h a learned entry is discarded. (Range: 10-1000000 s econds; Default: 300 seconds) [...]

  • Página 164

    C ONFIGURING THE S WI TCH 3-116 Spanni ng Tree Algor ithm Con figura tion The Spa nning T ree Algori thm (S TA ) can b e used to dete ct and disab le network loops, and to provide backup links be tween swit ches , bridg es or routers . T his allows t he switch to int eract with o ther bridging d evices (that is , an STA-compliant switch, bridge or [...]

  • Página 165

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-117 Once a stab le network topolog y h as been e stablished , all bridge s listen fo r Hello BPDUs (Brid ge Protocol Data Unit s) transmitted from the R oot Bridge. If a bridge does not g et a Hello BPDU after a predefined inter val (Maximum Age) , the bridge assumes that the link t o the R oot Bridg e [...]

  • Página 166

    C ONFIGURING THE S WI TCH 3-118 Field Attribut es • Spanning Tree State – Shows if the switch is enable d to participate in an STA-compliant network. • Bridge ID – A unique identifier for th is bridge, consisting of the bridge pr iority and MAC addres s (where the address is ta ken from the swit ch syst em). • Max Age – The maximum time[...]

  • Página 167

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-119 • Configuration Changes – The numb er of tim es the S panning Tree has bee n reconfi gured. • Last Topology Change – Time si nce th e Spannin g Tree w as last reconfi gured. These additio nal parameter s are only display ed for the CLI: • Spanning tree mode – Specifies t he type of span [...]

  • Página 168

    C ONFIGURING THE S WI TCH 3-120 that wou ld make it return to a disca rding stat e; otherwise, temporary data loop s might resu lt. • Root Hold Time – The in terval ( in secon ds) dur ing whic h no more than two bridge conf iguration protoco l data units sh all be transmitte d by this no de. •M a x h o p s – The max nu mber of h op coun ts [...]

  • Página 169

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-121 CLI – This command displays globa l ST A settings, f ollow ed by settings for each port . Note: The current root po rt and curren t root cost disp lay as z ero when this de vice is n ot connect ed to the network. Configuring Global Setti ngs Global sett ings apply to the ent ire switch. Command Us[...]

  • Página 170

    C ONFIGURING THE S WI TCH 3-122 • Rapid Sp anning Tr ee Protoc ol RSTP su pports connec tions to either STP or RSTP nodes by monit oring th e incomi ng prot ocol mes sages and dynamical ly adjust ing the t ype of pro tocol m essages the RSTP no de trans mits, as described below: - STP Mo de – If the switch rece ives an 802.1D BPDU (i.e., STP BP[...]

  • Página 171

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-123 • Priority – Bridge priority is used in se le cting t he root de vice , root po rt, and des ignat ed port. T he devic e with th e high est prio rity b ecomes th e STA root device. However, if all devic es have the same priority, the device with the lowes t MAC address will then become the roo t [...]

  • Página 172

    C ONFIGURING THE S WI TCH 3-124 • Forward Delay – The maximum t ime (in seco nds) this device will wait b e f o r e c h a n g i n g s t a t e s ( i . e . , d i s c a r d i n g t o l e a r n i n g t o f o r w a r d i n g ) . T h i s delay is required be cause every d evice must rece ive informat ion about topology c hanges before it starts to fo[...]

  • Página 173

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-125 • Maximum Hop Count – The max imum number of hops allowed in t h e M S T r e g i o n b e f o r e a B P D U i s d i s c a r d e d . ( R a n g e : 1 - 4 0 ; D e f a u l t : 2 0 ) * Th e MST name and revisio n number are both requi red to unique ly identify a n MST reg io n. We b – Click Spanning[...]

  • Página 174

    C ONFIGURING THE S WI TCH 3-126 CLI – T his ex ample enabl es Span ning Tree Proto col, set s the mode to MST , and then co nfigures t he ST A and M STP paramet ers . Displaying Interface Setti ngs The ST A P or t Information and ST A T r unk Information pages displa y the cur rent s tatus of ports a nd tr unks in the Span ning T ree. Field Attri[...]

  • Página 175

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-127 The r ules defini ng por t status are: - A port on a network segmen t with no oth er STA co mplia nt bri dging device is always for warding. - If two ports of a swit ch are c onnecte d to the s ame segme nt and t here is no othe r STA devic e attache d to this seg ment, the port with the smalle r ID[...]

  • Página 176

    C ONFIGURING THE S WI TCH 3-128 • Port Role – Roles are as signed accor ding to wh ether the po rt is part of the active to pology c onnecting th e bridge to the root bridge (i.e., root p ort), co nnecti ng a LAN thro ugh the br idge to the root bridg e (i.e., designated port), or is the MS TI regiona l root (i.e ., master po rt); or is an alte[...]

  • Página 177

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-129 • Internal path cost – The path cost for t he MST. See the procee ding item. • Priority – Define s the prior ity used for th is port in th e Spannin g Tree Algori thm. If the path cost for al l ports on a switch is the s ame, the port with th e highest priority (i.e ., lowest value) will be [...]

  • Página 178

    C ONFIGURING THE S WI TCH 3-130 We b – Click Spanning T ree, ST A, P or t Information or ST A T r unk Infor m ation. Figure 3-54. Displayi ng STA - Port Status Information CLI – This example s hows t he ST A attr ibutes for po rt 5. Configuring I nterface Settings Y ou ca n configu re RSTP and MSTP attri butes for specific interfaces , includin[...]

  • Página 179

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-131 Command Att ributes The followin g attributes are read-only an d cannot be chan ged: • STA S tate – Di splays cu rrent stat e of this port wi thin the Sp anning Tree. (See Dis playing In terfac e Settings on pa ge 3-126 for addi tional information.) - Discarding - Port receives STA conf iguratio[...]

  • Página 180

    C ONFIGURING THE S WI TCH 3-132 • Path Cost – Th is p arame ter is us ed b y the STP t o det ermi ne t he bes t path b etween devi ces. Therefo re, lower values should be a ssigned to ports attache d to fast er media, and high er values a ssigned to port s with slower m edia. (P ath cost take s precede nce over po rt prior ity.) N ote that wh e[...]

  • Página 181

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-133 • Migration – If at a ny time th e switch detects STP B PDUs, incl uding Configuration or Topology Change Notification BPDUs, it wi ll automatically set the se lected interface to forced STP-compatible mode. Ho wever, you can als o use the Protoc ol Migrat ion button t o manually re-chec k the a[...]

  • Página 182

    C ONFIGURING THE S WI TCH 3-134 By defau lt all VLA Ns are a ssigned to the Internal Spanni ng T ree (MST Instan ce 0) that connec ts all bridges and LANs within the MST region. This switch supports up to 65 instances . Y ou should try to group VLANs wh ich cov er the same g eneral a rea of your network. However , remember that you must configure a[...]

  • Página 183

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-135 • VLAN ID – VLA N to assign to this selected MST instance. (Range: 1-4094) The other global attributes are described under “Displaying Global Settings, ” page 3-121. The attributes displayed b y the CLI for individu al interfaces are describe d under “Display ing Interface Settings, ” pa[...]

  • Página 184

    C ONFIGURING THE S WI TCH 3-136 CLI – T his displays ST A s ettings for instance 1, followed by settings for eac h port. Console#show spanning-tree mst 2 3-228 Spanning-tree information ----------------------------------------------------- ---------- Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :2 Vlans configuration :2 [...]

  • Página 185

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-137 CLI – This example s ets the p riority fo r MSTI 1, an d adds VLANs 1-5 to this MSTI. Displaying Interface Setti ngs for MSTP The MSTP Port Infor mation and MSTP Trunk In for mati on page s display the current s tatus of p orts and trunks in t he sele cted MST i nstance . Field Attribut es MST Ins[...]

  • Página 186

    C ONFIGURING THE S WI TCH 3-138 CLI – T his displays ST A s ettings for instance 0, followed by settings for each por t. T he se ttings for inst ance 0 a re glob al set tings th at app ly to the IST (page 3-117), the settings for other instances only apply to the local spanning tr ee. Console#show spanning-tree mst 0 3-228 Spanning-tree informati[...]

  • Página 187

    S PANNING T RE E A LGOR ITHM C ONFIGURATION 3-139 Configuring I nterface Settings for MSTP Y ou ca n configu re the ST A interface set tings f or an MST I nstance us ing the MSTP P or t Configuration and MSTP T r unk Configuration pag es . Field Attribut es The followin g attributes are read-only an d cannot be chan ged: • STA S tate – Di splay[...]

  • Página 188

    C ONFIGURING THE S WI TCH 3-140 • MST Path Cost – This par ameter is u sed by the M STP to deter mine the be st path between d evices. Ther efore, l ower values should b e assign ed to po rts attac hed to fa ster medi a, and hi gher values assigne d to po rts with slower med ia. (P ath cos t takes prec edence over port pri ority .) No te th at [...]

  • Página 189

    VLAN C ONFIGURATION 3-141 CLI – This example sets the MSTP at tributes for port 4. VLAN C onfig urat ion Overview In la rge netw orks , routers a re used to i solate broadcas t traffi c for eac h subnet into se parate domains . This s witch pro vides a similar ser vic e at Layer 2 by usin g VLANs to org anize any g ro up of net w ork n odes into [...]

  • Página 190

    C ONFIGURING THE S WI TCH 3-142 This sw itch suppor ts the following VLAN fe atures: • Up to 255 VLANs based on the IEEE 802.1Q standard • Distributed VLAN le arning across mu ltiple switches using e xplicit or impli cit t agging and GV RP prot ocol • Port overlapp ing, allowing a port to participate in multiple VL ANs • End s tations can b[...]

  • Página 191

    VLAN C ONFIGURATION 3-143 VLAN Cla ssification – When the switc h recei ve s a frame, it clas sifies the frame in one of t wo wa ys . If the frame is untagg ed, t he switc h assi gns the frame to a n associa ted VLAN (b ased on th e default V LAN ID of the recei ving po r t). But if th e frame is tag ged, the sw itch us es the ta g ged VLAN ID to[...]

  • Página 192

    C ONFIGURING THE S WI TCH 3-144 Automatic VLAN Registration – GVRP (GARP VLA N Re gistra tion Protoc ol) de fines a sys tem where by th e switc h can au tomati cally l earn the VLANs to which each end station should be assigne d. If an end station (or its network a dapter) suppor ts the IEEE 802.1Q VLAN protocol, it can be configu red to broa dca[...]

  • Página 193

    VLAN C ONFIGURATION 3-145 Forwardin g Tagged/Untag ged Frames If you wan t to creat e a smal l por t-ba sed VL AN for devic es atta ched direc tly to a si ngle sw itch, you c an assi gn por ts to th e same u ntag g ed VLAN . However, to par ticipate in a VLAN g roup that crosses s everal switch es , you s hould create a VLAN for that g roup an d en[...]

  • Página 194

    C ONFIGURING THE S WI TCH 3-146 Enabling or Disabling GVRP (Global Setting) GARP VLA N Re gist ration Prot ocol (GV RP) define s a way for swi tch es to exc hang e VLAN infor mation in order to registe r VLAN membe rs on ports acro ss the net w ork. VLAN s are dyna mically co nfigured b ased on join messag es iss ued by host d evices an d propag at[...]

  • Página 195

    VLAN C ONFIGURATION 3-147 We b – Click VLAN , 802. 1Q VLAN , Basic In for mation. Figure 3-60. Displaying Basic VLAN Information CLI – Enter the following command. Displaying Curre nt VLANs The VLAN Curren t T able sho ws the cur rent port member s of ea ch VLAN and whethe r or not the po r t supp orts VLAN t ag ging . P or ts assi gned to a la[...]

  • Página 196

    C ONFIGURING THE S WI TCH 3-148 We b – Click VLAN , 802. 1Q VLAN , Cur rent T able. Select any ID fro m the scr oll-down list. Figure 3-61. Displaying VLAN Information by Port Membership Command Att ributes (CLI) • VLAN – ID of co nfigured VLAN (1-4094, no leading zeroes). • Type – Shows how th is VLAN was a dded to th e switch. - Dynamic[...]

  • Página 197

    VLAN C ONFIGURATION 3-149 CLI – Cur rent VLAN infor mation can be disp layed with the following command. Creati ng VLANs Use the VL AN Static List to cr eate or remove VLAN g ro ups . T o propagate information about VLAN groups used on this switc h to external netw ork devices , you m ust specify a VLAN ID fo r each of t hese gro ups . Command At[...]

  • Página 198

    C ONFIGURING THE S WI TCH 3-150 • Remove – R emoves a VLAN gr oup f rom the current list. If a ny po rt is assign ed to this grou p as untagge d , it will be reassigned to VLAN group 1 as un tagged. We b – Click VLAN , 802. 1Q VLAN , Static List. T o create a new VLAN , enter the VLAN ID and VLAN name, mark t he Enable checkbox to activate th[...]

  • Página 199

    VLAN C ONFIGURATION 3-151 Adding Stat ic Members t o VLANs (VLAN In dex) Use the V LAN Static T able to configu re port members fo r the select ed VLAN index. Assign por ts as tag ged if they are connected to 802.1Q VLAN com pliant d evices , or untagg ed th ey are not connecte d to any VLAN-a war e devices . Or configur e a port as forbi dden to p[...]

  • Página 200

    C ONFIGURING THE S WI TCH 3-152 • Membership Type – Select VLAN memb ership f or each interface by markin g the a ppropriat e radio button for a po rt or tr unk: - Tagg ed : Interface i s a member of the V LAN. All pa ckets transmitted by the port will be tagged , that is, carry a tag and therefo re carry VL AN or CoS i nformati on. - Unta gged[...]

  • Página 201

    VLAN C ONFIGURATION 3-153 CLI – The follow ing exam ple adds tag ged and u ntag ged ports to VLAN 2. Adding Stat ic Members t o VLANs (Port I ndex) Use the VLAN S tatic Membership by P ort menu to assign V LAN g roups to the select ed in terf ace as a tag ge d mem ber . Command Att ributes • Interface – Po rt or trunk i denti fier. • Member[...]

  • Página 202

    C ONFIGURING THE S WI TCH 3-154 Figure 3-64. Assigning VLAN Port and Trunk Groups CLI – This example ad ds P o rt 3 to VLAN 1 as a tag ged port , and re mov es P o rt 3 from VLAN 2. Configuring V LAN Behavior for Interfaces Y ou can configure VLAN behavior for specific int erfaces , including the default V LAN identifi er (PVID ), accepted fram e[...]

  • Página 203

    VLAN C ONFIGURATION 3-155 Command Att ributes • PVID – VLAN ID assig n ed to unta gged fr ames re ceiv ed on th e interface. (Def ault: 1) If an interf ace is not a memb er of VLAN 1 and you ass ign its PVID to this VLAN , the interface will autom atically be added to VLAN 1 as an untagged member. For all othe r VLANs, an interface must first b[...]

  • Página 204

    C ONFIGURING THE S WI TCH 3-156 • GARP J oin Ti mer * – The inter val be tween tr ansmitti ng requ ests/ queries to participate in a VLAN group. (Range: 20-1000 centiseconds; Default: 20) • GARP Leave Time r * – The interval a port waits before leaving a VLAN gr oup. This time shou ld be s et to more than twic e the join time. This ens ures[...]

  • Página 205

    VLAN C ONFIGURATION 3-157 We b – Click VLAN , 802. 1Q VLAN , Port Configuration or VLAN T r unk Configuration. Fill in the required se ttings for each interface, click Apply . Figure 3-65. Configuring VLAN Ports CLI – This example s ets port 3 to accept o nly tagg ed frames , assigns PVID 3 as the na tive VLAN ID , enable s GVRP , sets th e GAR[...]

  • Página 206

    C ONFIGURING THE S WI TCH 3-158 Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isol ation be tween p orts withi n the assi gned VLAN . Data traff ic on do wnlink po rts can only b e forw arded to , and from, uplink ports . (Note that pri v ate VLANs and nor mal VLANs can exist simultane ously within th e same switch.) [...]

  • Página 207

    VLAN C ONFIGURATION 3-159 Confi guring Upli nk and Downlink Ports Use the Pri v ate VLAN Link Stat us page to set ports as dow nlink or uplin k ports . P orts designa ted as do wnlink p orts can not commun icate wi th any other ports o n the swit ch ex ce pt for the uplink po rts. Uplink por ts ca n communic ate with any other p orts on the switch [...]

  • Página 208

    C ONFIGURING THE S WI TCH 3-160 T o av oid th ese probl ems , y ou can configure t his swit ch w ith protoc ol-based VLANs that d ivide the physica l network into log ical VLAN groups for each required proto col. When a frame is receiv ed at a por t, its VLA N member ship can th en be dete r mine d based on the protoc ol t ype b eing u sed by the i[...]

  • Página 209

    VLAN C ONFIGURATION 3-161 We b – Click VLAN, Protocol VLA N , Co nfiguratio n. Enter a protocol group ID , frame t ype and protoc ol typ e, t hen cl ic k Apply . Figure 3-68. Protoc il VLAN Configura tion CLI – The follo wing creates p rotoc ol group 1, and then sp ecifies E thernet frames with IP and ARP protoc ol type s . Mapping Protocols to[...]

  • Página 210

    C ONFIGURING THE S WI TCH 3-162 • When a fr ame enters a p ort that has been assig ned to a pr otocol VLAN, it is p rocessed in the follo wing manner: - If the frame is tagged, it w ill be process ed according to th e standard rules app lied to tagged frames. - If the frame i s untagg ed and th e proto col ty pe matc hes, the frame is forward ed [...]

  • Página 211

    C LASS OF S ER VICE C ONFIGURATION 3-163 CLI – T he fo llow ing maps the traffi c enter ing P ort 1 whic h matc hes th e protoc ol type specif ied in pr otocol g ro up 1 to VLA N 3. Class o f Service Conf iguration Class of Ser vice (C oS) allows you to specify which data packets ha ve greater pr ecedence whe n traffi c is buff ered in th e switc[...]

  • Página 212

    C ONFIGURING THE S WI TCH 3-164 Command Att ributes • Default Priority * – The priority that is ass igned to un tagged fra mes received on the specifie d interface. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffers provided for each port. * CLI displays this infor mation as “Priority for untag ged[...]

  • Página 213

    C LASS OF S ER VICE C ONFIGURATION 3-165 Mappin g CoS Value s to Egr ess Queues This sw itch processes Class of Ser v ice (CoS) priority tag g ed traffic by using e ight priorit y queues fo r each port, with ser vice s chedul es bas ed on strict or W eighte d R ound R o bin (WRR). Up to eight se parate tr affic priorities are defined in IEEE 802.1p[...]

  • Página 214

    C ONFIGURING THE S WI TCH 3-166 We b – Click Priority , T raffic Classes . Ma rk an interface an d click Select t o disp lay the current mappin g of CoS v alues to outp ut queues . Assig n prior ities t o the traf fic clas ses (i. e. , output queues) fo r the se lected interface, then click Apply . Figure 3-71. Configuring Ports and Trunks for Cl[...]

  • Página 215

    C LASS OF S ER VICE C ONFIGURATION 3-167 Selecting the Queue Mode Y ou can se t the swit ch to ser vice the queue s based o n a stric t ru le that require s all tr affic in a higher priorit y queue to be proce ssed bef ore low er prior ity queu es are serviced, o r use W eighted R ound-R obin (WRR) queuing th at specifies a relativ e weight of each[...]

  • Página 216

    C ONFIGURING THE S WI TCH 3-168 Setting the Service Weight for Traffic Classes Th is switch u ses the W eight ed Round Robin (WRR) al g orit hm to deter mine the frequency at which it ser vices each priority queu e. As described in “Mapping CoS V alues to Eg ress Queues ” on page 3-165, the traffic classes are mappe d to one o f the four egress[...]

  • Página 217

    C LASS OF S ER VICE C ONFIGURATION 3-169 CLI – The follow ing examp le sho ws ho w to as sign WRR w eights to eac h of the priority qu eues . Mapp ing Laye r 3/ 4 Pri ori ties to C oS V alu es This sw itch suppor ts several common meth ods of prioritizi ng layer 3/4 traffic to meet application re quirements . T raffic prioritie s can be specified[...]

  • Página 218

    C ONFIGURING THE S WI TCH 3-170 Selecting IP Precedence/DSCP Priority The swi tch all ows you to choose between using I P Precedence or DSCP priorit y. Selec t one of the methods or disable this featu re. Command Att ributes • Disabled – Disables bo th priority servic es. (This is the d efault setti ng.) • IP Precedence – Maps layer 3/4 p r[...]

  • Página 219

    C LASS OF S ER VICE C ONFIGURATION 3-171 Mapping IP Precedence The T ype o f Service (T oS) o ctet in the IPv4 he ader inc ludes three preceden ce bit s defini ng eight differe nt prio rity lev els rangi ng from h ighest prior ity for netw ork cont rol pac kets to low est pri ority fo r routi ne traff ic . The default IP Preceden ce v alues are ma [...]

  • Página 220

    C ONFIGURING THE S WI TCH 3-172 We b – Click Prio rity , IP Preceden ce Prior ity . Select an en try from the IP Preceden ce Priorit y T able , ente r a va lue in the Clas s of Service V alue field, and then click A pply . Figure 3-75. Mapping IP Precedence to Class of Service Values CLI – The follow ing examp le glob ally enabl es IP Prece den[...]

  • Página 221

    C LASS OF S ER VICE C ONFIGURATION 3-173 Mapping DSCP Priority The DSCP is six bits wide, allo w ing cod ing for up to 64 differe nt forwardi ng behaviors. The DS CP re place s the T oS bits, but it ret ains backward compatibility with the three precedence bits so that non-DSCP compliant, T oS-enable d devices, will not c onfli ct with the DSCP map[...]

  • Página 222

    C ONFIGURING THE S WI TCH 3-174 We b – Click Priority , I P DSCP Priority . Select an entr y from t he DSCP table , ente r a val ue in the Cl ass of Se r vice V alue fi eld, then click A pply . Figure 3-76. Mapping IP DSCP Priority to Class of S ervice Values CLI – T he following example globally e nables DSCP Priority ser vic e on the switch ,[...]

  • Página 223

    C LASS OF S ER VICE C ONFIGURATION 3-175 Map ping IP Port Pr iorit y Y ou can also map network ap plications to Class of S er vice value s based on the IP port number (i.e., TCP/UDP po rt number ) in the frame he ader. Some of the more common TCP s er vice ports inc lude: HT TP: 80, FTP: 21, T elnet: 23 and POP3: 110. Command Att ributes • IP Por[...]

  • Página 224

    C ONFIGURING THE S WI TCH 3-176 Click Priority , IP Po rt Priority . Sel ect a port or tr unk from the In terface field. Enter the por t number for a netw ork application in the IP Port Number b ox and the ne w CoS v alue in the Class of Ser vic e bo x, and th en click Add IP P or t. Figure 3-78. IP Port Prio rity Mapping CLI – T he following exa[...]

  • Página 225

    C LASS OF S ER VICE C ONFIGURATION 3-177 Mappin g CoS Value s to AC Ls Use the ACL CoS Mapp ing pag e to set th e output queue for p ackets matching an ACL r ule as shown in th e following table. Not e that the specified CoS value is only used to map the matching pack et to an output queue; it is not writte n to the packet itself. F or infor matio [...]

  • Página 226

    C ONFIGURING THE S WI TCH 3-178 We b – Click Priority , ACL CoS Priori ty . Enable mappin g for any port, select an ACL from the scroll-down list, then click Apply . CLI – This exampl e assign s a CoS v alue of zero to pack ets m atchi ng rules within the sp ecified A CL on por t 24. Changing Priorities Based on ACL Rules Y ou ca n chan ge traf[...]

  • Página 227

    C LASS OF S ER VICE C ONFIGURATION 3-179 Command Usage • You must configure an ACL mask before you can chang e priori ties based on a rule. • Traffic priorities may be included in the IEE E 802.1p priority tag. This tag is also incorporated as part of t he overall IEEE 802.1Q V LAN tag. The 802.1p priority may be set for either Lay er 2 or IP f[...]

  • Página 228

    C ONFIGURING THE S WI TCH 3-180 We b – Click Priority , ACL Marker . Select a por t and an A CL r ule. T o specify a T oS priority , mark t he Precedence /DSCP c heck bo x, select Preceden ce or DSCP from the s croll-dow n bo x, and en ter a pr iority . T o specify an 802.1p priority , mark the 802.1p Priority chec k box, and enter a priority . T[...]

  • Página 229

    M ULTICAST F ILTE RING 3-181 Mult icas t Fi lteri ng Multicasting is used to suppor t real-time applications such as videocon ferencing or streaming audio . A multicast ser ver does no t have to establish a separa te conne ction wit h each client . It mere ly broadc asts its ser vice to the network, and any host s that w ant to receiv e the multica[...]

  • Página 230

    C ONFIGURING THE S WI TCH 3-182 Layer 2 IGMP (Snooping and Que ry) IGMP Snooping and Quer y — If multicast routin g is not suppor te d on other switches in you r network, you can us e IGMP Sn ooping and Que ry (page 3-182) to monitor IGMP ser vice requests passing between multicast clients and se r vers , and dynamica lly configure the sw itch po[...]

  • Página 231

    M ULTICAST F ILTE RING 3-183 • IGMP Querier — A router, or multicast-enabled switch, can periodically ask their hos ts if they want to receive multicast traffic . If there is more tha n one rout er/sw itch on th e LAN pe rforming IP multi casting , one o f these devices i s elec ted “que rier” and assumes t he role of qu erying the LAN for [...]

  • Página 232

    C ONFIGURING THE S WI TCH 3-184 • IGMP Version — Sets the protocol version for compat ibility with other devices on the netw ork. (Ran ge: 1-2; De fault: 2) Notes: 1. All syst ems on the sub net must s uppor t th e same v ersio n. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Ti meout. We b – Click[...]

  • Página 233

    M ULTICAST F ILTE RING 3-185 Displaying Inte rfaces Attach ed to a Multicast Ro uter Multi cast rout ers th at are att ached to ports on the swit ch us e infor mati on obtained from IGM P , along with a multicast routing pro tocol such as D VMRP or PIM, to suppor t IP multic asting a cross the Inter ne t. The se routers may be dynamically discovere[...]

  • Página 234

    C ONFIGURING THE S WI TCH 3-186 CLI – T his example shows that P ort 11 has been statically co nfigured as a port attached to a multicast r outer . Specifyin g Static Inter faces for a Mult icast Router Depe nding o n your network conne ctions, IGMP snoopin g may not a lways be able t o locate the IG MP querier . Therefore , if the IGMP queri er [...]

  • Página 235

    M ULTICAST F ILTE RING 3-187 CLI – T his example configures port 11 as a m ulticast router por t within VLAN 1. Displaying Port Members of Multi cast Services Y ou ca n displ ay th e port members ass ociated wi th a spec ified VLAN and multicast ser vi ce . Command Att ribut e • VLAN I D – Selects the VLA N for which to display port members. [...]

  • Página 236

    C ONFIGURING THE S WI TCH 3-188 We b – Click IGMP Snoop ing, IP Multicast Registration T able. Select a VLAN ID and the IP address for a multicast ser vice from th e scroll-down lists . The switch will display all the interfaces that are propagating th is multicast ser vi ce . Figure 3-83. Displayi ng Port Members of Multicast Services CLI – T [...]

  • Página 237

    M ULTICAST F ILTE RING 3-189 Command Usage • Static multicas t addresses ar e never aged o ut. • When a multicas t address is as signed to an interface in a s pecific VLAN, t he corre spondin g traffi c can only be for warded to ports with in t hat VLAN. Command Att ribut e • Interface – Activates the Port o r Trunk scroll down list. • VL[...]

  • Página 238

    C ONFIGURING THE S WI TCH 3-190 CLI – This example assigns a m u lticast address to VLAN 1, and then displays all the known multicast ser vices suppor ted o n VLAN 1. Configu ring Do main Name Servi ce The Domain Naming System (DNS) s er vice on this switch allows host names t o be mapped to IP addres ses usi ng static ta ble entries o r by redir[...]

  • Página 239

    C ONFIGURING D OMAIN N AME S ER VICE 3-191 • When an i ncomp lete ho st nam e is receiv ed by the DNS server on thi s switch and a domain name list has been specified, th e switch will work through the domain lis t, appen ding each dom ain name in the list to the host nam e, and checking w ith the specified name server s for a match. • When mor[...]

  • Página 240

    C ONFIGURING THE S WI TCH 3-192 We b – Selec t DNS , Ge neral Configuration. Set the default do main name or lis t of domai n names , specify on e or more n ame servers to us e to use for addre ss resolution , enable doma in lookup status , and click Apply . Figure 3-85. Configuring DNS[...]

  • Página 241

    C ONFIGURING D OMAIN N AME S ER VICE 3-193 CLI - T his example sets a default domain name and a domain list. Howev er, r emember th at if a domain list is specified, the d efault domain name is not u sed. Configuring Stat ic DNS Host to Add ress Entries Y ou can manually configure static entries in the DNS table that are used to map domain names to[...]

  • Página 242

    C ONFIGURING THE S WI TCH 3-194 Field Attribut es • Host Name – Name of a host device that is mappe d to one or more IP addre sses. (Rang e: 1-64 chara cters) • IP Address – I nternet addres s(es) associat ed with a ho st name. (Range: 1-8 add resses) • Alias – Dis plays th e host names tha t are map ped to th e same address (es) as a p[...]

  • Página 243

    C ONFIGURING D OMAIN N AME S ER VICE 3-195 Displaying the DNS Cache Y ou ca n displ ay ent ries in th e DNS ca che that hav e been learned via the desi gnated name se r vers . Field Attributes •N o – The entry n umber for each reso urce re cord. • Flag – The fl ag is alway s “4” indi cating a c ache entr y and theref ore unreliable. •[...]

  • Página 244

    C ONFIGURING THE S WI TCH 3-196 We b – S e le c t D NS, C a che. Figure 3-87. Displayi ng the DNS Cache CLI - T his e xample di splays all the res ource reco rds le ar ned from the desi gnated name se r vers . Console#show dns cache 3-165 NO FLAG TYPE IP T TL DOMAIN 0 4 CNAME 207.46.134.222 5 1 www.microsoft.akadns.net 1 4 CNAME 207.46.134.190 5 [...]

  • Página 245

    4-1 C HAPTER 4 C OMMAND L INE I NTERF ACE This ch apter de scribes how t o use th e Command Line In terface (CLI ). Using the Com mand Line Inte rface Accessing the CLI When acces sing th e management interface for the s witch ov er a d irect connec tion to the server’ s consol e port, or via a T elnet conn ection, the switch ca n be ma nag ed by[...]

  • Página 246

    C OMMAND L IN E I NTE RFA CE 4-2 3. Whe n finished, ex it the ses sion with th e “quit” or “e xit” comma nd. After c onnecti ng to the sy stem thr ough th e conso le port, th e login sc reen displ ays: Telnet Connection T elnet op erates o ver the IP tran sport protocol . In th is enviro nment, y our management station and any netw ork devi[...]

  • Página 247

    U SIN G THE C OMMAND L INE I NTE RFA CE 4-3 After y o u con figure th e switch with an I P address , you can open a T elnet session by perfor ming the se ste ps: 1. Fr om the re mote h ost, e nter the T elnet co mmand a nd the I P addr ess of the de vice you want to acc ess . 2. At the prompt , enter the user name and system password. The CLI will [...]

  • Página 248

    C OMMAND L IN E I NTE RFA CE 4-4 Enteri ng Commands Th is section d escrib es how to ente r CLI commands. Keywords and Arguments A CLI comm and is a serie s of keyw ords and argumen ts . K eyw ords ident ify a command, an d arguments specify configurat ion parameter s . F or example , in th e command “show i nterfaces s tatus ethernet 1/5, ” sh[...]

  • Página 249

    E NTERING C OMMANDS 4-5 Command Com pletion If you ter minate input with a Ta b key , the CLI will p rint the remaining characters of a par tial keyword up to th e point of amb iguity . In the “logging his tory” example , typi ng log followed b y a tab will result in printing the comm and up to “ loggi ng .” Getting Help on Commands Y ou ca[...]

  • Página 250

    C OMMAND L IN E I NTE RFA CE 4-6 Sho wing C omm ands If you enter a “?” at the command prompt , the system will dis play the first lev el of k eyw ords for the curren t command class (No r mal Ex ec or Pri vileged Ex ec) or co nfigurati on clas s (Global , A CL, Interface , Line , VLAN Database, or MSTP). Y ou can also display a list of valid k[...]

  • Página 251

    E NTERING C OMMANDS 4-7 The co mmand “ show interfaces ? ” will display the following infor mat ion: Partial Keyword Lookup If yo u ter minate a partial keyw ord with a question mark, alternativ es that match the initial letters are provided. ( R emember not t o lea ve a space betw een the comma nd and questi on mark.) F or example “ s? ” s[...]

  • Página 252

    C OMMAND L IN E I NTE RFA CE 4-8 Understanding Command Modes The command s et is di vided in to Ex ec and Configurat ion class es . Ex ec commands ge nerally display infor mation on sys tem status or clear statisti cal count ers . Co nfigura tion com mands, on the othe r hand, mo dify inte rface paramet ers or en able certain sw itching functio ns [...]

  • Página 253

    E NTERING C OMMANDS 4-9 Y o u ca n al so en t e r P ri vi l eg ed E xe c m o de fr o m w it h i n N or ma l Exe c mo d e, by e nt er i ng the enable c ommand, followed by the privileged level password “super” (p ag e 4-36). T o enter Pri v ileged Ex ec mode, e nter the fo llowi ng user names and passwords: Configura tion Commands Configuration [...]

  • Página 254

    C OMMAND L IN E I NTE RFA CE 4-10 • Interf ace Confi guration - T hese comman ds modify the port config urati on such as speed-duplex and negotiation . • Line Configu ration - Th ese comma nds mod ify the co nsole po rt and Telnet configurati on, and in clude com mand such as parity and databits . • VLAN Con figurati on - Inclu des the comm a[...]

  • Página 255

    E NTERING C OMMANDS 4-11 For exa mple, you ca n use th e follow ing comma nds to ent er interfa ce configuration m ode, and then return to Privileged Exec mode . Command Line Pr ocessing Commands are not ca se sens itiv e. Y ou can abbrevi ate comma nds and para meters as lon g as th ey con tain e nough le tters to di ffere ntiat e the m from an y [...]

  • Página 256

    C OMMAND L IN E I NTE RFA CE 4-12 Comman d Groups The syst em command s can be b rok en do wn into the funct ional groups shown below . Ctrl-R Repeats current command line on a new line. Ctrl-U Deletes fr om the cursor to the b eginning of the line. Ctrl-W Deletes the last word typed. Esc-B Moves the cu rsor back one word. Esc-D Deletes from the cu[...]

  • Página 257

    C OMMAND G RO U P S 4-13 SNMP Activates authentication failure traps; configures community a ccess strings , and trap man agers; als o configures IP address filtering 4-149 Interface Co nfigures the conne ction parameters for a ll Eth ern et p orts, agg regat ed lin ks, a nd V LANs 4-167 Mirror Port Mirrors data to an other port for analys is witho[...]

  • Página 258

    C OMMAND L IN E I NTE RFA CE 4-14 The access m ode sho wn in th e follo wing tab les is in dicated b y these abbr eviation s: NE (Nor ma l Exec) IC (Interface Conf iguration) PE (Privilege d Exec) LC (Line Configuration) GC (Global Con figuration) VC (VLAN Database Configuration) ACL (Access Co ntrol Li st MST (Mult iple Spa nning T ree) Configurat[...]

  • Página 259

    L INE C OMMANDS 4-15 line This comma nd identifi es a speci fic line for confi guration, and to pro cess subse quent line configu ration com mands. Syntax line { console | vty } • console - Console terminal line. • vty - Virtual terminal for remot e console acces s (i.e., Telne t). Default Setting There is n o default line. Command Mode Global [...]

  • Página 260

    C OMMAND L IN E I NTE RFA CE 4-16 Related Commands show line (4-25) show users (4-83) login This command enables p assw ord c heckin g at log in. Use the no for m to disable password checking and allow c onnecti ons witho ut a pass word. Syntax login [ local ] no login local - Selec ts local password checking . Authent ication is base d on the user[...]

  • Página 261

    L INE C OMMANDS 4-17 • This c ommand control s logi n authen ticatio n via th e switch itself. To conf igure u ser name s and passwor ds for rem ote aut henticat ion ser vers, yo u must use the RADIU S or TA CACS so ftware instal led on those se rvers . Example Related Commands username ( 4-35) password (4-17) password This comma nd specifies the[...]

  • Página 262

    C OMMAND L IN E I NTE RFA CE 4-18 • The encrypte d password is required for compatibility wit h legacy passw ord set tings (i .e., plai n tex t or encr ypted) wh en readi ng the configuration file during system bootup o r when downloading the configuration file from a TFTP server. Th ere is no need for you to manual ly con figure e ncrypte d pass[...]

  • Página 263

    L INE C OMMANDS 4-19 Example T o set th e tim eout to tw o min utes , ent er th is com mand : password-thr esh This c ommand sets the password intr usion threshold w hich limits the number of failed lo go n attempts. Use the no for m to re mov e the thresh old val u e. Syntax passw ord-thresh [ thr e shold ] no passw ord-thr esh thr eshold - The nu[...]

  • Página 264

    C OMMAND L IN E I NTE RFA CE 4-20 Related Commands silent-time ( 4-20) silen t-time This c ommand se ts the amount of time the ma nage ment conso le is inacce ssible aft er the n umber of unsuccess ful logon atte mpts ex ceeds the threshold set by the passwor d-th re sh co mmand . Use th e no for m to remov e the silent ti me value . Syntax silent-[...]

  • Página 265

    L INE C OMMANDS 4-21 databits This c ommand se ts the number of d ata bits pe r character tha t are inter preted and g enera ted by the conso le por t. Us e the no for m to rest ore the de fault value. Syntax databi ts { 7 | 8 } no databits • 7 - Seven da ta bit s per ch aracter . • 8 - Ei ght data bi ts per chara cter. Default Setting 8 data b[...]

  • Página 266

    C OMMAND L IN E I NTE RFA CE 4-22 parity Th is comman d define s the g eneratio n of a par ity bit. Use the no for m to restore the default s etting . Syntax parity { none | even | odd } no parity • none - No parity • even - Even parity • odd - Odd parit y Default Setting No parity Command Mode Line Configuration Command Usage Communic ation [...]

  • Página 267

    L INE C OMMANDS 4-23 spee d This command s ets the te r minal line’ s baud rate. This co mmand sets both the tr ansmit (t o terminal) and r eceiv e (from ter minal) speeds . Use the no for m to res tore the d efault setting. Syntax speed bps no speed bps - Ba ud rate in bits per seco nd. (Options: 9600, 19200, 38400, 5760 0, 115200 bps , or auto)[...]

  • Página 268

    C OMMAND L IN E I NTE RFA CE 4-24 stopbit s This c ommand se ts the number of the stop bit s transm itted per byte. Use the no for m to re store the de fault setting. Syntax stopbits { 1 | 2 } • 1 - On e stop bit • 2 - Two s top bits Default Setting 1 stop bit Command Mode Line Configuration Example T o specify 2 sto p bits , enter thi s comman[...]

  • Página 269

    L INE C OMMANDS 4-25 Example Related Commands show ssh (4-55) show users (4-83) show li ne This comm and displays the ter minal line’ s parameters. Syntax show li ne [ console | vty ] • console - Console terminal line. • vty - Virtual terminal for remot e console acces s (i.e., Telne t). Default Setting Shows all line s Command Mode Nor mal E[...]

  • Página 270

    C OMMAND L IN E I NTE RFA CE 4-26 Gener al Comm ands enable This command acti v ates Pr ivil eged Ex ec mode . In p rivi leged mode , additional c ommands are a vailabl e, and c er tain comma nds displa y additional infor mation. (See “U nderstanding Command Mo des” on page 4-8 .) Syntax ena ble [ le vel ] leve l - Pri vilege level to log into [...]

  • Página 271

    G ENERAL C OMMANDS 4-27 Command Mode Nor mal E xec Command Usage • “supe r” is th e default p assword requir ed to chang e the c ommand mode fr om Norm al Exe c to Privi leg ed Exec . (To set t his pa ssword, see th e enable password command o n page 4-36.) • The “# ” charac ter is app ended to the end of th e prompt to indi cate that t[...]

  • Página 272

    C OMMAND L IN E I NTE RFA CE 4-28 Example Related Commands enable (4-26) configure This comm and activ ates Global Con figuration mode. Y ou must enter this mode to m odify any setting s on the sw itch. Y ou must also enter Global Config uratio n mode prio r to en abling some of the other configura tion modes, including Interf ace Co nfigura tion, [...]

  • Página 273

    G ENERAL C OMMANDS 4-29 Command Mode Nor mal Exec, Pri vileged Exec Command Usage The history buffer si ze is fix ed at 10 Execu tion com mands and 10 Configur ation c ommand s . Example In this exam ple, the s how histo r y comm and list s the c ontent s of the comma nd hist ory buffer: The ! com mand repeats c ommand s from the Ex ecution co mman[...]

  • Página 274

    C OMMAND L IN E I NTE RFA CE 4-30 Default Setting None Command Mode Pri vileged Ex ec Command Usage This comman d resets the ent ire syste m. Example Th is example sh ows how to rese t the switch : end This command returns to Pri vileged Ex ec mode. Default Setting None Command Mode Global Configura tion, I nterface Co nfigura tion, Lin e Configura[...]

  • Página 275

    G ENERAL C OMMANDS 4-31 exit This comm and returns to the previous configuration mo de or exit the config uration p rogr am. Default Setting None Command Mode Any Example This examp le sho ws how to return to the Pri vileged E xec mode from the Global Conf iguratio n mo de, and then quit the CLI se ssion: quit This c ommand exits the conf iguration[...]

  • Página 276

    C OMMAND L IN E I NTE RFA CE 4-32 This e xample sh ows how to quit a CLI session: System Mana gement Com mands These comman ds are use d to con trol sys tem logs , passw ords , user nam es , browser config uration o ptions, and di splay or c onfigur e a variety of other system infor mat ion. Console#quit Press ENTER to start session User Access Ver[...]

  • Página 277

    S YSTE M M ANAGEME NT C OMMANDS 4-33 Device Designation Co mmands prom pt This comma nd customi zes the CLI prompt . Use the no fo r m t o re stor e the def ault pr ompt. Syntax prompt string no prompt string - Any a lphan umer ic strin g to u se for th e CLI pr ompt. (Maximu m length: 255 charact ers) Default Setting Consol e Command Mode Global C[...]

  • Página 278

    C OMMAND L IN E I NTE RFA CE 4-34 hostnam e This command s pecifies or modifies the host nam e for this devi ce. Us e the no for m to r estore th e default h ost name. Syntax hostname name no hostname name - T he name of this host. (Maximum length: 255 c h aracters) Default Setting None Command Mode Global Configura tion Example User Access Command[...]

  • Página 279

    S YSTE M M ANAGEME NT C OMMANDS 4-35 usernam e This comma nd adds na med user s , requires authen ticatio n at log in, specif ies or chang es a us er's pa ssword (or specify that no password is require d), or specifies o r chan ges a user's acc ess lev el. Use the no for m to remov e a user name. Syntax user name name { access-l evel le v[...]

  • Página 280

    C OMMAND L IN E I NTE RFA CE 4-36 Command Usage The en cryp ted password is required for compatibility with le gacy pas sw ord se tting s (i.e ., plai n text or en cr ypte d) when r eading th e conf iguratio n file duri ng syst em bootup or wh en dow nloadin g the config urati on file fr om a T FTP ser ver . Th ere is n o need f or you to man ually[...]

  • Página 281

    S YSTE M M ANAGEME NT C OMMANDS 4-37 Command Usage • You c annot set a null p assword. Yo u will have to enter a password to change the command mod e from Normal Exec to Privileged Exec with the enable comman d (page 4-26). • The encrypte d password is required for compatibility wit h legacy passw ord set tings (i .e., plai n tex t or encr ypte[...]

  • Página 282

    C OMMAND L IN E I NTE RFA CE 4-38 management This command specifies the clien t IP addr esses that ar e allo wed manageme nt acces s to th e switc h thr ough v arious proto cols . Use the no for m to res tore the defau lt setting. Syntax [ no ] managem ent { all-clien t | http-client | snmp-client | telnet-client } start-addr ess [ end-addre ss ] ?[...]

  • Página 283

    S YSTE M M ANAGEME NT C OMMANDS 4-39 • You can not delete a n individua l addres s from a specifie d range. Yo u must del ete th e entire range, a nd reenter t he address es. • You can delete an ad dress ran ge just b y specif ying the st art addres s, or by specifyin g both the start addre ss and end address. Example This exampl e restrict s m[...]

  • Página 284

    C OMMAND L IN E I NTE RFA CE 4-40 Example Web Server Commands Console#show management all-client Management Ip Filter Http-Client: Start ip address End ip address ----------------------------------------- ------ 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 Snmp-Client: Start ip address End ip address -----------------------------------[...]

  • Página 285

    S YSTE M M ANAGEME NT C OMMANDS 4-41 ip http port This command specifies the TCP p ort number u sed by t he W eb brow ser interface. Use the no form to use the default port. Syntax ip http por t port-number no ip http por t por t-nu mber - Th e T C P p or t t o b e us ed b y t h e b r o w s e r i n t e r f a c e . (Range: 1-65535) Default Setting 8[...]

  • Página 286

    C OMMAND L IN E I NTE RFA CE 4-42 Example Related Commands ip http po rt (4- 41) copy tftp ht tps-cer tificate (4-86) ip http secur e-server This comma nd enabl es the se cure h yper text t ransfer p rotocol (HTT PS) over the Sec ure S ocket Laye r (SSL), providi ng se cure ac cess (i. e., an encrypted con nectio n) to th e switc h’ s W eb interf[...]

  • Página 287

    S YSTE M M ANAGEME NT C OMMANDS 4-43 • When yo u start H TTPS, the co nnection is esta blished in th is way: - The client aut hentica tes the s erver usin g the ser v er’s digital certificate. - The c lient an d ser ver ne gotiate a set of secur ity pro tocols t o use for the c onnecti on. - The cli ent and server generate session keys for e nc[...]

  • Página 288

    C OMMAND L IN E I NTE RFA CE 4-44 ip http secure-por t This command specifies t he UDP port num ber used for HTTPS/SSL conne ction to t he switch’ s W eb inte rface. Use the no form to restore the defau lt por t. Syntax ip http secure-por t port_number n o ip h t t p s e c u r e - p o rt por t_nu mber – The UDP port used for HTTPS/ SSL. (Range:[...]

  • Página 289

    S YSTE M M ANAGEME NT C OMMANDS 4-45 Secure Shell Commands The Berkley-stan dard includes remote access tools originally design ed for Unix sys tems . So me of thes e tool s have also bee n implem ented fo r Micros oft Windows a nd othe r environm ents . T hese to ols, including comma nds suc h as rlogin (remot e login) , rsh (remote s hell), and r[...]

  • Página 290

    C OMMAND L IN E I NTE RFA CE 4-46 The SSH se r ver on this switc h supp orts both pas sw ord and public k ey authen ticatio n. If p assw ord authe nticati on is sp ecified b y the SSH client, then the password can be a uthentic ated eith er locally or via a RADIUS or TA CA CS+ remote authe ntication s er ver , as spec ified by the authentication lo[...]

  • Página 291

    S YSTE M M ANAGEME NT C OMMANDS 4-47 2. Provide Host Public Key to Clients – Many SSH clie nt prog rams automatically impor t the host public key during the initi al connection setup with the swit ch. Otherwise, you need t o manually create a known hosts f ile on the manag ement stat ion and place the host publ ic key in it. An entry for a public[...]

  • Página 292

    C OMMAND L IN E I NTE RFA CE 4-48 9. If a mat ch is found, the switc h uses the pub lic key to encrypt a r andom sequenc e of b ytes , and s ends th is string to th e client . 10. The client u ses its priv ate key to d ecr ypt th e byt es , and sends the decrypted b ytes back to the s witc h. 11. Th e swit ch compa res t he decr ypte d bytes to the[...]

  • Página 293

    S YSTE M M ANAGEME NT C OMMANDS 4-49 Example Related Commands ip ssh cr yp to host-key g enerate (4-52) show ssh (4-55) ip ssh timeout Use this co mmand to confi gure the ti meout for the SSH ser ve r . Use the no for m to res tore the d efault setting. Syntax ip ssh timeout seconds no ip ssh tim eout seconds – T he timeo ut for client re sponse [...]

  • Página 294

    C OMMAND L IN E I NTE RFA CE 4-50 Related Commands ex ec-timeout (4 -18) show ip ssh (4-54) ip ssh auth entication- retries Use th is command to conf igure the number of times the SS H ser ver attemp ts to reauth enticate a user. Use the no for m to restore the default setting. Syntax ip ssh a uthentication-retries count no ip ssh authentication-re[...]

  • Página 295

    S YSTE M M ANAGEME NT C OMMANDS 4-51 ip ssh server-key size Use this command to set the SSH server k ey size . Use the no for m to restore the default s etting . Syntax ip ssh ser v er-key s ize key - s i z e no ip ssh ser ver -key siz e key - s i z e – The size of ser ver k ey . (Range: 512-896 bits) Default Setting 768 bits Command Mode Global [...]

  • Página 296

    C OMMAND L IN E I NTE RFA CE 4-52 Command Mode Pri vileged Ex ec Example ip ssh crypt o host-key generate Use th is comm and to gene rate the host k ey pa ir (i.e ., p ublic and pri vat e). Syntax ip ssh cr ypto host-key generate [ ds a | rsa ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Generat es both the DSA and RSA ke y[...]

  • Página 297

    S YSTE M M ANAGEME NT C OMMANDS 4-53 Related Commands ip ssh cr ypto z eroize (4-53) ip ssh save host-key (4- 54) ip ssh crypto zer oize Use this command to cle ar the ho st ke y from memory (i.e . RAM). Syntax ip ssh cr ypto zeroiz e [ dsa | rsa ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Clears b oth the DSA a nd RSA ke[...]

  • Página 298

    C OMMAND L IN E I NTE RFA CE 4-54 ip ssh save host-k ey Use this command to sav e host k ey from RAM t o flash memory . Syntax ip ssh sa ve host-k ey [ dsa | rs a ] • dsa – DSA key ty pe. • rsa – RSA key type. Default Setting Saves both the DSA and RSA key . Command Mode Pri vileged Ex ec Example Related Commands ip ssh cr yp to host-key g [...]

  • Página 299

    S YSTE M M ANAGEME NT C OMMANDS 4-55 show ssh Use this command to disp lay t he current S SH ser v er conne ctions . Command Mode Pri vileged Ex ec Example Console #show ssh Connect ion V ersion State User name En cryption 0 2.0 Session -Starte d admi n ct os aes12 8-cbc-h mac-md5 st oc aes12 8-cbc-h mac-md5 Console # Table 4-13. SSH Information Fi[...]

  • Página 300

    C OMMAND L IN E I NTE RFA CE 4-56 show publ ic-key Use this co mmand to sho w the public key for the sp ecified use r or for the host. Syntax show public-k ey [ user [ user name ]| host ] user name – Name of an SSH user . (Range: 1-8 c haracter s) Encryption The encryption method is a utomatically negotiated between the client and server. Options[...]

  • Página 301

    S YSTE M M ANAGEME NT C OMMANDS 4-57 Default Setting Shows all public keys. Command Mode Pri vileged Ex ec Command Usage • If no param eters are enter ed, all keys are displaye d. If the us er keyword is ent ered, but n o user na me is speci fied, th en the pub lic keys for a ll user s are displayed . • When an RSA key is d isplayed , the fir s[...]

  • Página 302

    C OMMAND L IN E I NTE RFA CE 4-58 Event Logging Commands loggi ng on This c ommand contro ls log ging of er ror mess ages, sending debug or error messag es to switch memor y . The no for m disa bles the logg ing process . Syntax [ no ] loggi ng on Default Setting None Command Mode Global Configura tion Command Usage The log gin g proces s contr ols[...]

  • Página 303

    S YSTE M M ANAGEME NT C OMMANDS 4-59 Example Related Commands log ging h istor y (4-59) clear log ging (4 -62) loggi ng history This c ommand limits syslog me ssage s sav ed to s witch memor y bas ed on severity . The no for m return s the log gin g of syslo g messag es to the defa ult level. Syntax logging hist or y { fl a s h | ram } leve l no lo[...]

  • Página 304

    C OMMAND L IN E I NTE RFA CE 4-60 Default Setting Flash: errors (lev el 3 - 0) RAM: warnings ( level 7 - 0) Command Mode Global Configura tion Command Usage The message level specified for f lash memor y must be a higher prio rity (i.e. , numerically lower) than that spec ified for RAM. Example loggi ng host This comm and adds a syslog ser ver host[...]

  • Página 305

    S YSTE M M ANAGEME NT C OMMANDS 4-61 Command Usage • By u sing this command more th an on ce yo u can build up a list of host IP add resses. • The maximum num ber of host IP addresses allow ed is five. Example logging facility This c ommand sets the facility type for remote log ging of syslog me ssages. Use the no for m to re turn the type to t[...]

  • Página 306

    C OMMAND L IN E I NTE RFA CE 4-62 loggi ng trap This command en ables th e log ging of s ystem me ssages to a remote s er v er, or li mits the sy slog mess ages sa ve d to a remot e server based on sev erity . Use this comm and without a specified level to en able remote log gi ng . Us e the no for m to disable remote logg ing . Syntax log ging tra[...]

  • Página 307

    S YSTE M M ANAGEME NT C OMMANDS 4-63 Command Mode Pri vileged Ex ec Example Related Commands show log ging (4-63) show lo gging This c ommand displays the log ging c onfiguration, along with an y system and event messages s tored in memor y . Syntax show log g ing { fl a sh | ram | sendmai l | tra p } • fla sh - Event h istory s tored in flash me[...]

  • Página 308

    C OMMAND L IN E I NTE RFA CE 4-64 The follo wing ex ample disp lays setting s for the t rap functi on. Console#show logging flash Syslog logging: Enable History logging in FLASH: level errors [0] 0:0:5 1/1/1 "PRI_MGR_InitDefault func tion fails." level: 3, module: 13, function: 0, and event no.: 0 Console#show logging ram Syslog logging: [...]

  • Página 309

    S YSTE M M ANAGEME NT C OMMANDS 4-65 Related Commands show log ging se ndmail (4-69) SMTP Alert Com mands Configur es SMTP ev ent handli ng, and forw ardin g of alert messages to the specif ied SMTP s er vers and ema il recipi ents . REMOTELOG level type The severity thres hold for syslog m essages sent to a remote server as specifi ed in the loggi[...]

  • Página 310

    C OMMAND L IN E I NTE RFA CE 4-66 loggi ng send mail hos t This c ommand specifies SMTP ser vers that will be sent alert messag es. Use the no form to remov e an SMTP server . Syntax [ no ] lo gging sendmail host ip_add r ess ip_address - I P a d d r e s s o f a n S M T P s e rv e r t h a t w i l l b e se n t a l e rt mess ages f or ev ent ha ndlin[...]

  • Página 311

    S YSTE M M ANAGEME NT C OMMANDS 4-67 loggi ng sendmai l level This c ommand se ts the severity thr eshold us ed to trig g er aler t mes sag es . Syntax loggin g se ndma il le vel level leve l - One of the syste m message levels (page 4-59). Messag es sent include the selected level do wn to level 0. (Range: 0-7; Default: 7) Default Setting Leve l 7[...]

  • Página 312

    C OMMAND L IN E I NTE RFA CE 4-68 Default Setting None Command Mode Global Configura tion Command Usage Y ou ma y use an symboli c email address that identi fies the switc h, or the address of a n administra tor respon sible for the s witch. Example This example will send email aler ts for system errors from level 3 through 0. loggi ng sendmai l de[...]

  • Página 313

    S YSTE M M ANAGEME NT C OMMANDS 4-69 Example loggi ng send mail This comma nd enables SMTP ev ent handling . Use the no form to disable this functio n. Syntax [ no ] logging sendmail Default Setting Disabled Command Mode Global Configura tion Example show lo gging sen dmail Th is comm and displ ays the s etting s for the SM TP event h and ler . Com[...]

  • Página 314

    C OMMAND L IN E I NTE RFA CE 4-70 Example Time Command s The sys tem clock can be dynamically se t by polling a set of specified time ser vers (NTP or SNTP), o r by using infor mation broadcast by lo cal time ser vers. Console#show logging sendmail SMTP servers ----------------------------------------- ------ 192.168.1.19 SMTP minimum severity leve[...]

  • Página 315

    S YSTE M M ANAGEME NT C OMMANDS 4-71 sntp server This comma nd sets the IP a ddress of the servers t o whic h SNTP time request s are is sued. Use t he this command wi th no a rguments to clear al l time ser vers fr om the cur re nt list. Syntax sntp server [ ip1 [ ip2 [ ip3 ]]] ip - I P a d d r e s s of a n t i m e s e rv e r ( N T P o r S N T P )[...]

  • Página 316

    C OMMAND L IN E I NTE RFA CE 4-72 sntp poll This comma nd sets t he interval be tw een sendi ng time req uests w hen the switch is set to SNT P client mode. Use the no for m to restore to the defau lt. Syntax sntp p oll sec onds no sntp poll seconds - Inter val betw een time requests . (Range: 16-16384 seconds) Default Setting 16 seconds Command Mo[...]

  • Página 317

    S YSTE M M ANAGEME NT C OMMANDS 4-73 Default Setting Disabled Command Mode Global Configura tion Command Usage • The tim e acquired from time s ervers i s used to record accu rate da tes and times fo r log e vents. Without SNTP, th e switch only re cords the time s tarting from th e fact ory defa ult set at the l ast bo otup (e.g., 00:00:00, Jan.[...]

  • Página 318

    C OMMAND L IN E I NTE RFA CE 4-74 sntp broad cast client T his comman d synchroni zes the swit ch’ s c lock based on time broad cast from tim e ser vers (u sing the mult icast addres s 224.0.1.1). Us e the no for m to disa ble SNTP br oadcast client mo de. Syntax [ no ] sntp broadcast client Default Setting Dis abl ed Command Mode Glob al Config [...]

  • Página 319

    S YSTE M M ANAGEME NT C OMMANDS 4-75 clock timezon e This command sets the time zon e for the s witch’ s inte rnal clock. Syntax clock timezone name hour ho urs minute minutes { before-utc | after-utc } • name - Name of timezone, usually an acronym. (Range: 1-29 character s) • hours - Number of hours bef ore/after UTC . (Rang e: 1-12 hours ) [...]

  • Página 320

    C OMMAND L IN E I NTE RFA CE 4-76 calendar set This comma nd sets t he system cl ock. It may be used i f there is no time ser ver o n your network, or if you have not c onfigured the s witch to r eceive signals f rom a time s er ver . Syntax calend ar set ho ur min sec { day mon th year | mo nth day y ear } • hour - Hour in 24-hour format. (Range[...]

  • Página 321

    S YSTE M M ANAGEME NT C OMMANDS 4-77 Example System Status Commands show startup-config This c ommand displays the configuration file store d in non-volatile memor y tha t is used to s tart u p the syst em. Default Setting None Command Mode Pri vileged Ex ec Console#show calendar 15:12:34 February 1 2002 Console# Table 4-17. System Status Commands [...]

  • Página 322

    C OMMAND L IN E I NTE RFA CE 4-78 Command Usage • Use this comman d in conjuncti on with the show running-config command to compare the information in running mem ory to the information stored in no n-volatile memo ry. • This com mand display s settings for key command modes. Ea ch mode group is separate d by “!” symb ols, and includes th e[...]

  • Página 323

    S YSTE M M ANAGEME NT C OMMANDS 4-79 Example Related Commands show r unning -config (4-80) Console#show startup-config building startup-config, please wait..... ! ! username admin access-level 15 username admin password 0 admin ! username guest access-level 0 username guest password 0 guest ! enable password level 15 0 super ! snmp-server community[...]

  • Página 324

    C OMMAND L IN E I NTE RFA CE 4-80 show runnin g-config This comma nd displ ays the configur a tion info rm ation cur rently in use. Default Setting None Command Mode Pri vileged Ex ec Command Usage • Use this comman d in conjuncti on with the show startup-config command to compare the information in running mem ory to the information stored in no[...]

  • Página 325

    S YSTE M M ANAGEME NT C OMMANDS 4-81 Example Related Commands show star tup-conf ig (4-77) Console#show running-config building running-config, please wait..... ! ! snmp-server community private rw snmp-server community public ro ! ! username admin access-level 15 username admin password 7 21232f297a57a5a 743894a0e4a801fc3 username guest access-lev[...]

  • Página 326

    C OMMAND L IN E I NTE RFA CE 4-82 show system This c ommand displays system infor mation. Default Setting None Command Mode Nor mal Exec, Pri vileged Exec Command Usage • For a descri ption of the it ems sh own by this com mand, refer to “Displaying Syst em Information” on page 3-12. • The POST results should all display “PASS.” If any [...]

  • Página 327

    S YSTE M M ANAGEME NT C OMMANDS 4-83 show us ers Shows all activ e console and T elnet sess ions , including user name, idle time, and IP address of T elnet client . Default Setting None Command Mode Nor mal Exec, Pri vileged Exec Command Usage The session us ed to ex ecute this comman d is indica ted by a “ *” symbol next to t he Line (i.e., s[...]

  • Página 328

    C OMMAND L IN E I NTE RFA CE 4-84 Command Usage See “D isplaying S witch Har dware/Sof tware V ersio ns” on pag e 3-14 for detailed infor mation on the items disp layed by this command. Example Frame Size Commands jumbo frame This comma nd enables support for jumbo fra mes . Use th e no for m to disa ble it. Syntax [ no ] jumbo frame Default Se[...]

  • Página 329

    F LASH /F ILE C OMMANDS 4-85 Command Usage • This swi tch provid es more efficient t hroughput for large s equential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard E thernet frames t hat run only up to 1.5 KB, usin g jumb o fram es sign ifican tly red uces the per-pac ket over head requir ed to pro cess pr otocol[...]

  • Página 330

    C OMMAND L IN E I NTE RFA CE 4-86 copy Th is comman d moves (upload/ download ) a code ima ge o r configu ration file b etwee n the swi tch’ s flash memory and a TFTP server . When you s av e the sys tem code o r configur ation setti ngs to a file on a TFTP ser ver, that file can later be downloaded to th e switch to res tore system operation. T [...]

  • Página 331

    F LASH /F ILE C OMMANDS 4-87 Command Usage • The system promp ts for d ata req uired to comple te th e copy command. • The d estin ation file na me sh ould n ot cont ain sla shes ( or /) , the leading letter of the file name should not be a period (. ), and the maximum length for file names on the TFTP server is 127 characters or 31 charac ter[...]

  • Página 332

    C OMMAND L IN E I NTE RFA CE 4-88 Example The foll owi ng ex ample sh ows how to upl oad the configurati on set tings to a file on the TFTP ser ver: Th e following ex ample sh ows how to copy the r unnin g config uration to a star tup file. Th e following example shows how to download a configuration file: Console#copy file tftp Choose file type: 1[...]

  • Página 333

    F LASH /F ILE C OMMANDS 4-89 This examp le sho ws how to copy a secure-s ite certifica te from an TFTP server . It then reboot s the swi tch to acti v ate the certificat e: This exampl e shows h ow t o copy a p ublic-k ey used b y SSH from an TFT P server . Note that publi c ke y auth entica tion v ia SS H is onl y su pported fo r users configured [...]

  • Página 334

    C OMMAND L IN E I NTE RFA CE 4-90 Command Mode Pri vileged Ex ec Command Usage • If the file type is use d for system startup, the n this file cannot be delete d. • “Fa ctory_De fault_ Config.cf g” cann ot be dele ted. Example This e xample shows how to delete the test2.c fg configuration file from flas h memor y . Related Commands dir (4-9[...]

  • Página 335

    F LASH /F ILE C OMMANDS 4-91 Command Mode Pri vileged Ex ec Command Usage • If you e nter the co mmand dir with out any par ameters, th e syste m displays all files. • File informatio n is shown below : Example The following example shows how to display all file infor mation . whichboot This command display s whic h files we re booted wh en the[...]

  • Página 336

    C OMMAND L IN E I NTE RFA CE 4-92 Example This examp le sho ws the info r mation displa yed b y the whichboot comma nd. See t he table under th e dir command fo r a description o f the file infor mation disp layed b y this comman d. boot system This comma nd specifi es the im age used to st art up the sys tem. Syntax boot system { boot-rom | config[...]

  • Página 337

    A UTHE NTI CAT ION C OMMANDS 4-93 Example Related Commands dir (4-90) whichboot (4-91) Authen ticat ion Comma nds Y ou can conf igure t his sw itc h to authentic ate user s logging in to the s ystem for manag ement acce ss using loc al or RADIUS auth entication me thods . Y ou ca n also en able port-based authenticat ion for n etwo rk client access[...]

  • Página 338

    C OMMAND L IN E I NTE RFA CE 4-94 authent ication l ogin This comma nd defin es the lo gin au thentica tion met hod and prece dence . Use the no form to restore the defaul t. Syntax authentication login {[ loca l ] [ radius ] [ tacacs ]} no authentication login • local - Use l ocal password . • radius - Use RADIUS server password. • tacacs - [...]

  • Página 339

    A UTHE NTI CAT ION C OMMANDS 4-95 Example Related Commands username - for set ting t he local user names and pa ssw ords (4 -35) RADIUS Client Re mote Authentication Dia l-in User Ser vice (R ADIUS) is a log on authent icati on prot ocol that u ses softwar e r unning on a cen tral ser ver to control ac cess to RAD IUS-aw are devices on the net wo r[...]

  • Página 340

    C OMMAND L IN E I NTE RFA CE 4-96 Default Setting 10.1.0.1 Command Mode Global Configura tion Example radi us-serve r port This command set s the RADIUS s er ver n etw ork port. Use the no fo r m to restore the default. Syntax radius-ser ver port port_number no radius-server por t por t_nu mber - RADIUS ser ver UDP port used for authentication mess[...]

  • Página 341

    A UTHE NTI CAT ION C OMMANDS 4-97 radi us-serve r key This comma nd sets t he RADIUS enc ryption ke y . Use the no form to restore the default. Syntax radius-server key key_ st ri ng no radius-server key key _ s t ri n g - Encr yption key used to authen ticate log on acce ss for client. Do not use blank spaces in the string. (Maxim um length: 20 ch[...]

  • Página 342

    C OMMAND L IN E I NTE RFA CE 4-98 Command Mode Global Configura tion Example radi us-serve r timeout This c ommand sets th e inter val bet ween transmitting authentica tion request s to the RA DIUS server . Use the no for m to res tore the defau lt. Syntax radius-ser ver ti meout numb er_of_s econds no radius-server timeout number_of_ seconds - Num[...]

  • Página 343

    A UTHE NTI CAT ION C OMMANDS 4-99 Example TACACS+ C lient T er minal Ac cess Controller Access Co ntrol Syst em (TA CA CS+) is a log on authent icati on prot ocol that u ses softwar e r unning on a cen tral ser ver to control access to T A CA CS-awar e devices o n the ne tw ork. An authen ticati on server contai ns a datab ase of m ultiple user nam[...]

  • Página 344

    C OMMAND L IN E I NTE RFA CE 4-100 Command Mode Global Configura tion Example tacacs-server p ort This comma nd specifies the T A CA CS+ server net wo rk port. Use th e no for m to res tore the defau lt. Syntax tacacs-ser ver port port_number no tacacs-ser ver port por t_nu mber - TA C A C S+ ser ver TC P por t used for authen tication messages . ([...]

  • Página 345

    A UTHE NTI CAT ION C OMMANDS 4-101 tacacs-server k ey This comma nd sets t he TA CA CS+ encryption ke y . Use the no form to restore the default. Syntax tacacs-ser ver k ey ke y _ s t ri n g no tacacs-ser ver k ey key _ s t ri n g - Encr yption key used to authen ticate log on acce ss for the client. Do not use blank spac es in the string . (Maximu[...]

  • Página 346

    C OMMAND L IN E I NTE RFA CE 4-102 Port Securi ty Comm ands Th ese comma nds can be used t o disable th e lear ning fu nction o r manually specif y secure add resses for a po rt. Y ou may want to lea ve port security off for an initial training pe riod (i.e., enable the learn ing function) to registe r all the current VLAN members on the se lected [...]

  • Página 347

    A UTHE NTI CAT ION C OMMANDS 4-103 Default Setting Status: Disabled Act ion: None Maximum Addr esses: 0 Command Mode Inter face Confi guration (Ether net) Command Usage • If you enable port se curity, the switch will sto p dynamically learning new address es on the specified port. Only incoming traffic with source addresses already store d in the[...]

  • Página 348

    C OMMAND L IN E I NTE RFA CE 4-104 Example The follo wing example ena bles p ort security for p ort 5, and se ts the respons e to a security viol ation to issue a trap message: Related Commands shutdown (4-175) mac-address-table static (4-201) show mac-address-table (4-202) 802.1x Port Authentication The switch suppor ts IEEE 802.1x (dot1x) port -b[...]

  • Página 349

    A UTHE NTI CAT ION C OMMANDS 4-105 authent ication dot 1x default This com mand sets the defau lt auth entic ation ser ver type. Us e the no for m to res tore the defau lt. Syntax authentication dot1x default radius no authentication dot1x Default Setting RADIUS Command Mode Global Configura tion Example dot1x re-aut henticatio n Ena bles re-authen[...]

  • Página 350

    C OMMAND L IN E I NTE RFA CE 4-106 dot1x defaul t This command sets al l configu rable dot1x global an d por t setti ngs to t heir defau lt values. Syntax dot1x default Command Mode Global Configura tion Example dot1 x max- req This c ommand se ts the maximum number of times the sw itch por t will retransmit an EAP request/identity pack et to the c[...]

  • Página 351

    A UTHE NTI CAT ION C OMMANDS 4-107 dot1x port-c ontr ol This c ommand se ts the dot1x mode on a por t interfa ce. Use the no for m to restore th e default. Syntax dot1x por t-control { auto | force-authorized | f orce-unauthoriz ed } no dot1x por t-control • auto – Require s a dot1x-a ware co nnected client to be auth orized b y the RADIUS s er[...]

  • Página 352

    C OMMAND L IN E I NTE RFA CE 4-108 dot1x o peration- mode This c ommand allows single or multiple h osts (client s) to connect to an 802.1X-authorized port. Us e the no form with no k eyw ords to rest ore the default to single host. Us e the no for m wi th the m ulti-host max-count ke ywo rds to res tore the d efault max imum count. Syntax dot1x op[...]

  • Página 353

    A UTHE NTI CAT ION C OMMANDS 4-109 Command Mode Pri vileged Ex ec Example dot1x re-a uthenticat ion This c ommand enables period ic re-authentication globally for all ports. Use the no for m to disab le re-a uthent ication . Syntax [ no ] do t1x re-authentication Command Mode Global Configura tion Example dot1x t imeout quiet -period This co mmand [...]

  • Página 354

    C OMMAND L IN E I NTE RFA CE 4-110 Command Mode Global Configura tion Example dot1x timeo ut re- authp eriod This com mand s ets the time period after w hich a co nnected client must be re-aut henticat ed. Syntax dot1x timeout re-authperiod second s no dot1x timeout r e-authperiod second s - The number of secon ds . (Range: 1-65535) Default 3600 se[...]

  • Página 355

    A UTHE NTI CAT ION C OMMANDS 4-111 Default 30 seconds Command Mode Global Configura tion Example show dot 1x This c ommand shows gener al por t authentic ation relate d settings on the switch or a specific interface. Syntax sho w dot 1x [sta tistics] [inte rface interface ] interface ethernet unit / port - unit - This is device 1. - port - Port num[...]

  • Página 356

    C OMMAND L IN E I NTE RFA CE 4-112 • 802.1X Po rt Summary – Di splays th e port acces s contro l paramete rs for each i nterface , includ ing the fol lowing it ems: - Stat us– Administrative s tate for po rt access control. - Mode– Dot1x port control mode (page 4-107). - Aut horized– Authori zatio n status (yes or n/a - n ot authori zed).[...]

  • Página 357

    A UTHE NTI CAT ION C OMMANDS 4-113 Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: 300 quiet-period: 350 tx-period: 300 supp-timeout: 30 server-timeout: 30 reauth-max: 2 max-req: 2 802.1X Port Summary Port Name Status Operation Mode Mode Authori zed 1/1 disabled Single-Host ForceAuthor ized n/a 1/2 en abled Si[...]

  • Página 358

    C OMMAND L IN E I NTE RFA CE 4-114 Access Co ntrol List Comm ands Access Control Lists (A CL) pro vide pac ket filt ering for I P frames (based on add ress, protocol, L ayer 4 prot ocol por t number or TCP c ontrol cod e) or any fra mes (based on MA C address or Ethernet type). To fi lter packets , first cr eate an acc ess list, a dd the re quired [...]

  • Página 359

    A CCES S C ONTROL L IST C OMMANDS 4-115 The following rest rictions apply to ACLs: • This sw itch supports ACL s for both ingres s and egress filter ing. However , you can on ly bind one IP A CL and on e MAC ACL to any port for i ngress f il ter ing, and on e IP ACL a nd one M AC ACL to an y port for egres s filte ring. I n othe r words, o nly fo[...]

  • Página 360

    C OMMAND L IN E I NTE RFA CE 4-116 6. Explici t default r ule (permit any any) i n the in g ress M A C A CL for ingres s port s . 7. If no explicit r ul e is matched, the implicit default is per mit all. Masks for A ccess Control Li sts Y ou can specify option al masks that control th e order in which A CL r ules are c heck ed. The switc h i nclud [...]

  • Página 361

    A CCES S C ONTROL L IST C OMMANDS 4-117 permit, deny Filt ers packet s meeting the specifie d criteria, including source and destin ation IP a ddress, TC P/UDP port numbe r, protocol typ e, and TCP control code EXT-ACL 4-120 show ip access-l ist Display s the rules for configured IP ACLs PE 4-123 access-lis t ip mask-preceden ce Access es the IP Ma[...]

  • Página 362

    C OMMAND L IN E I NTE RFA CE 4-118 access-list i p This command adds an IP access list and enters con figuration mod e for stand ard or ex tended I P A CLs . Use the no for m to remove the specified AC L . Syntax [ no ] access-lis t ip { standard | extended } acl_name • standard – Specifie s an ACL th at filter s packets based o n the source IP[...]

  • Página 363

    A CCES S C ONTROL L IST C OMMANDS 4-119 Related Commands per mit, deny 4-119 ip access-group (4-129) show ip access-list (4-123 ) permi t , deny (Stan dard ACL) This command adds a r ule to a Standa rd IP A CL. T he rule sets a filter condi tion for pack ets emanatin g from the speci fied sou rce. Use the no f o rm t o r em o v e a ru l e . Syntax [...]

  • Página 364

    C OMMAND L IN E I NTE RFA CE 4-120 Example This example c onfigures one permit r ule for the s pecific add ress 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Related Commands access-list ip (4-118) permi t , deny (Extend ed ACL) This command adds a r ule to an Extended IP A CL. The rule sets a filter [...]

  • Página 365

    A CCES S C ONTROL L IST C OMMANDS 4-121 • address-bitmask – Decima l number represen ting th e addr ess bits to matc h. • host – Keyword follow ed by a specific IP address. • precedence – IP p recedence level. (Range: 0-7) • tos – Type of Ser vice level. (Range: 0-15) • dscp – DSCP p riority level. (Range: 0-64) • sourc e-por [...]

  • Página 366

    C OMMAND L IN E I NTE RFA CE 4-122 • The cont rol-code b itmask is a d ecimal n umber (rep resenting an equivale nt bit mask ) that is appl ied to the c ontrol cod e. Enter a decim al number , whe re the equival ent bina ry bit “1” mea ns to matc h a bit and “0” mea ns to ignore a bit. The followin g bits may be specifi ed: -1 ( f i n ) ?[...]

  • Página 367

    A CCES S C ONTROL L IST C OMMANDS 4-123 Related Commands access-list ip (4-118) show ip access-list This comm and displays the rules for configured IP A CLs . Syntax show i p access-list { standard | extended } [ acl_name ] • standard – Specifies a stan dard IP AC L. • extended – Specifies an extended IP ACL. • acl_name – Name of the AC[...]

  • Página 368

    C OMMAND L IN E I NTE RFA CE 4-124 Default Setting Defaul t system mask: Filte r inbound pac kets ac cordin g to specifi ed IP AC L s. Command Mode Global Configura tion Command Usage • A mask c an only be used by all ing ress ACL s or all egr ess ACLs. • The pr ecedence of the ACL rules applied t o a packet is not determined by order of the ru[...]

  • Página 369

    A CCES S C ONTROL L IST C OMMANDS 4-125 mask (IP AC L) This command defines a mask fo r IP A CLs. T his mask defines the fields to chec k in the IP header . Use the no for m to remove a mask. Syntax [ no ] mask [ prot ocol ] { any | host | source- bitmas k } { any | host | destination-bitmask } [ precedence ] [ tos ] [ dscp ] [ source-por t [ port-[...]

  • Página 370

    C OMMAND L IN E I NTE RFA CE 4-126 Command Usage • Packets cro ssing a po rt are che cked against all t he rules in the ACL until a matc h is fo und. T he ord er in which these p acke ts are check ed is determined by the mask, and no t the order in which th e ACL rule s were en tered. • First create the required ACLs and ingres s or eg ress mas[...]

  • Página 371

    A CCES S C ONTROL L IST C OMMANDS 4-127 This shows ho w to cr eate a stan dard A CL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others . This sho ws how to cr eate an exten ded A CL with an egress mask t o drop packe ts leaving netw ork 171.69.198.0 when the Layer 4 sourc e port is 23. Console(config)[...]

  • Página 372

    C OMMAND L IN E I NTE RFA CE 4-128 This is a mor e compre hensi ve ex ample . It d enies any TCP pac kets i n which the S YN bit is O N , an d per mi ts all othe r packets . It the n sets th e ing ress ma sk to check the de ny r ule fi rst, and f inally bi nds por t 1 to th is A CL. Note that once th e A CL is bou nd to an int erfa ce (i.e ., the A[...]

  • Página 373

    A CCES S C ONTROL L IST C OMMANDS 4-129 Command Mode Pri vileged Ex ec Example Related Commands mask (IP A CL) (4-125) ip access-gro up This command bind s a port to an IP A CL. Use the no fo r m t o r em ove t he por t. Syntax [ no ] ip access-group acl_name { in | out } • acl_name – Name of the ACL . (Maximum le ngth: 16 ch aracters) • in ?[...]

  • Página 374

    C OMMAND L IN E I NTE RFA CE 4-130 Example Related Commands show ip access-list (4-123 ) show ip access-grou p This co mmand shows th e ports assign ed to IP ACLs. Command Mode Pri vileged Ex ec Example Related Commands ip access-group (4-129) map access-list ip This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule. The specifi[...]

  • Página 375

    A CCES S C ONTROL L IST C OMMANDS 4-131 Default Setting None Command Mode Inter face Confi guration (Ether net) Command Usage • You must co nfigure an ACL ma sk before you can map CoS values to the rul e. • A packet matchin g a rule within the sp ecified ACL is mapped to one of the ou tput queues as shown in the foll owing ta ble. For info rmat[...]

  • Página 376

    C OMMAND L IN E I NTE RFA CE 4-132 show map access-list ip This comma nd sho ws th e CoS v alue map ped to an IP A CL for the cur rent inte rface. (The CoS v alue det er mines th e output queue for pack ets matching an A C L r ule.) Syntax show m ap access-list ip [ interface ] interface ethernet uni t / port • unit - This is device 1. • port -[...]

  • Página 377

    A CCES S C ONTROL L IST C OMMANDS 4-133 match access-list ip This command cha nges the IEEE 802.1p prior ity , IP Precedence , or DSCP Pri ority of a frame matc hing the defi ned A CL r ule . (T his f eature is common ly referred to as A CL pa ck et markin g .) Use the no fo r m to remov e the A CL marker . Syntax match access-list ip acl_ name [ s[...]

  • Página 378

    C OMMAND L IN E I NTE RFA CE 4-134 Example Related Commands show marking (4-134) show mark ing This comma nd displa ys the cur ren t configu ration fo r pack et marking . Command Mode Pri vileged Ex ec Example Related Commands match access-list ip (4-133) Console(config)#interface ethernet 1/12 Console(config-if)#match access-list ip b ill set dscp[...]

  • Página 379

    A CCES S C ONTROL L IST C OMMANDS 4-135 MAC AC Ls Table 4-28. MAC ACL Commands Comman d Func tion Mode P age access -list mac Creates a MAC ACL and enters configura tion mode GC 4-136 permit, deny Fil ters packets m atching a specifi ed sourc e and dest ination ad dress, packet format, and Ethe rnet type MAC-ACL 4 -137 show mac access-list Disp lay[...]

  • Página 380

    C OMMAND L IN E I NTE RFA CE 4-136 access-list mac This command adds a MA C access list and ente rs MA C A CL conf iguration mode. Use the no form to remov e the specif ied A CL. Syntax [ no ] access-list mac ac l_nam e acl_n ame – Name o f the A CL. (Maximum len gth: 16 charac ters) Default Setting None Command Mode Global Configura tion Command[...]

  • Página 381

    A CCES S C ONTROL L IST C OMMANDS 4-137 permi t , deny (MAC ACL) This comm and adds a rule to a MAC A CL. The r ule filters p ack ets matching a specified MAC source or destination address ( i.e., physical la yer addres s), or Ether net protoc ol type. Use th e no for m to remo ve a rule. Syntax [ no ] { per mit | deny }{ any | host source | sou r [...]

  • Página 382

    C OMMAND L IN E I NTE RFA CE 4-138 • vid-bit mask* – VLAN bitmask. (Range: 1-4095) • prot ocol – A specific Ethernet protocol number. (Range: 600-fff hex.) • prot ocol - bit mas k* – Protocol bitmask. (Range: 600-fff hex.) * F or all bitmasks , “1” means care and “0” mean s ignore. Default Setting None Command Mode MA C A CL Com[...]

  • Página 383

    A CCES S C ONTROL L IST C OMMANDS 4-139 show mac access-list This comm and displays the rules for configured MAC A CLs. Syntax show mac access-lis t [ acl_name ] acl_n ame – Name o f the A CL. (Maximum len gth: 16 charac ters) Command Mode Pri vileged Ex ec Example Related Commands per mit, deny 4-137 mac access-group (4-144) access-list mac mask[...]

  • Página 384

    C OMMAND L IN E I NTE RFA CE 4-140 Command Usage • You mu st confi gure a ma sk for a n ACL rule be fore yo u can bind i t to a port or set the queue or frame p rioritie s assoc iated with the rule. • A mask c an only be used by all ing ress ACL s or all egr ess ACLs. • The pr ecedence of the ACL rules applied t o a packet is not determined b[...]

  • Página 385

    A CCES S C ONTROL L IST C OMMANDS 4-141 • vid-bitmask – VLAN ID of rule mus t match this bitmas k. • ethertype – Check th e Ethernet type field. • ethertype-bitmask – E thernet t ype of rule mu st match this bitmask. Default Setting None Command Mode MA C Mask Command Usage • Up to seven m asks can be a ssigned to an i ngres s or e gr[...]

  • Página 386

    C OMMAND L IN E I NTE RFA CE 4-142 Example This examp le sho ws how to cr eate an Ingress MA C ACL and bin d it to a port. You can then see th at the o rder of the rules have been changed by the mas k. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-[...]

  • Página 387

    A CCES S C ONTROL L IST C OMMANDS 4-143 This exampl e creates an Egress MA C A CL. show access-list mac mask-pr ecedence This c ommand shows the ing res s or eg ress r ule ma sks for MAC A CL s . Syntax show access-li st mac mask-precedence [ in | out ] • in – Ingres s mask pr ecedence for ingres s ACLs. • out – Egress mask precede nce for [...]

  • Página 388

    C OMMAND L IN E I NTE RFA CE 4-144 Related Commands mask (MA C A C L) (4-140) mac access-group Th is comman d binds a por t to a MAC A C L. Use th e no for m to remov e the po rt . Syntax mac access-group ac l_na me { in | out } • acl_name – Name of the ACL . (Maximum le ngth: 16 ch aracters) • in – Indicates that this list app lies to ingr[...]

  • Página 389

    A CCES S C ONTROL L IST C OMMANDS 4-145 show mac access-group This co mmand shows th e ports assign ed to MA C ACLs. Command Mode Pri vileged Ex ec Example Related Commands mac access-group (4-144) map access-list mac This comma nd sets the outpu t queue for pac kets matc hing a n A CL r ule. The specifie d CoS v alue is only used to map the matc h[...]

  • Página 390

    C OMMAND L IN E I NTE RFA CE 4-146 Command Usage • You must co nfigure an ACL ma sk before you can map CoS values to the rul e. • A packet matchin g a rule within the sp ecified ACL is mapped to one of the outp ut queues as show n belo w. Example Related Commands queue cos-map (4-260) show map access-list mac (4-146) show map access-list mac Th[...]

  • Página 391

    A CCES S C ONTROL L IST C OMMANDS 4-147 Example Related Commands map access -list mac (4-145) match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 fr ame matching th e defi ned ACL r ule. (This fe ature is commonly refer red to as A CL pa cket mark ing .) Us e the no for m to remo ve the A CL mark er . Syn tax match acce[...]

  • Página 392

    C OMMAND L IN E I NTE RFA CE 4-148 Related Commands show marking (4-134) ACL Informatio n show access-list This command shows all ACLs and associated r ules , as well as all t he user -defined m asks . Command Mode Pri vileged Ex ec Command Usage Once th e A C L is boun d to an inte rface (i. e., the A CL is ac tiv e), th e order i n whic h the rul[...]

  • Página 393

    SNMP C OMMANDS 4-149 show access-group Th is comman d shows the po rt assignme nts of ACLs . Command Mode Pri vileged Ex ecuti ve Example SNMP Commands Control access to this switch from managem ent stations using th e Simple Netw ork Managemen t Protoc ol (SNM P), as we ll as the error types sen t to trap manag ers. Console#show access-group Inter[...]

  • Página 394

    C OMMAND L IN E I NTE RFA CE 4-150 snmp communit y This comma nd defines th e comm unity acce ss str ing for the Simple Network Man ageme nt Pr otocol. Use the no for m to remo v e the speci fied comm unity st ring . Syntax sn mp co mmun ity stri ng [ ro | rw ] no snmp community strin g • stri ng - Community str ing that acts like a password and [...]

  • Página 395

    SNMP C OMMANDS 4-151 snmp co ntact This comma nd sets the sys tem cont act stri ng . Use the no for m to remo ve the system con tact informatio n. Syntax snmp contact st rin g no snmp contact string - String that describes the system co ntact infor mation . (Maximum length: 255 characters) Default Setting None Command Mode Global Configura tion Exa[...]

  • Página 396

    C OMMAND L IN E I NTE RFA CE 4-152 Command Mode Global Configura tion Example Related Commands snmp contact (4-151) snmp hos t This co mmand sp ecifies the rec ipient of a Si mple Ne tw ork Ma nagement Protoc ol noti fication operat ion. Use the no form to remov e the specified host. Syntax snmp host ho st-addr community -string [ ver s io n { 1 | [...]

  • Página 397

    SNMP C OMMANDS 4-153 Command Usage • If you do n ot enter an snmp host comm and, no not ificat ions ar e sent. In or der to confi gure the swi tch to send SNMP not ifications, you must enter at least one snmp host command. In order to enable multiple hosts, yo u must issue a separate snmp host command for each host. •T h e snmp-server host c om[...]

  • Página 398

    C OMMAND L IN E I NTE RFA CE 4-154 snmp enable traps This c ommand enables th is device to send Si mple Network Management Protoc ol trap s (SNMP n otifi cations) . Use the no for m to disable SNMP notificatio ns . Syntax [ no ] s n m p e n a b l e t r a p s [ authentication | link-up-do wn ] • authentication - Keywor d to issue authent ication f[...]

  • Página 399

    SNMP C OMMANDS 4-155 Related Commands snmp host (4-1 52) show s nmp This comma nd che cks th e status of SNMP com munica tions . Default Setting None Command Mode Nor mal Exec, Pri vileged Exec Command Usage This c ommand provides infor mat ion on the community access strings, count er infor ma tion fo r SNMP inp ut and ou tput pro tocol da ta unit[...]

  • Página 400

    C OMMAND L IN E I NTE RFA CE 4-156 Example Console#show snmp System Contact: Paul System Location: WC-19 SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. alpha, and the privilege is read -write 2. private, and the privilege is re ad-write 3. public, and the privilege is rea d-only 328 SNMP packets input 0 Bad SNMP versio[...]

  • Página 401

    DNS C OMMANDS 4-157 DNS Commands These commands are used to configure Dom ain Naming System (DN S) ser vices. Y ou can manually configure entries in the DNS domain name to IP ad dress m apping table, co nfigur e defau lt doma in nam es , or s pecif y one or more name s er vers to use for domain name to address translation. Note that domain nam e se[...]

  • Página 402

    C OMMAND L IN E I NTE RFA CE 4-158 ip host This comma nd create s a stat ic ent r y in th e DNS ta ble that maps a host name to an I P address . Use the no f or m to remov e an entry . Syntax [ no ] ip ho st name address1 [ addr ess2 … address8 ] • name - Name of the host. (Range: 1-64 charact ers) • address1 - Corre spondin g IP address. •[...]

  • Página 403

    DNS C OMMANDS 4-159 clear host This c ommand deletes e ntries from the DNS table. Syntax clear host { name | * } • name - Name of the host. (Range: 1-64 character s) • * - Removes all entries. Default Setting None Command Mode Pri vileged Ex ec Example This exampl e clears al l static e ntries from the DNS tabl e. ip domain-name This command de[...]

  • Página 404

    C OMMAND L IN E I NTE RFA CE 4-160 Command Mode Global Configura tion Example Related Commands ip domain-lis t (4-160) ip name-ser ver (4-162) ip domain-lookup (4-163) ip domain-list Th is comman d define s a list of do main na mes that can be ap pended t o incomple te host names (i.e., host names passe d from a clie nt that ar e not for m atted wi[...]

  • Página 405

    DNS C OMMANDS 4-161 Command Usage • Domain names are added to the end of the list one at a time. • When an i ncomplete h ost name is rece ived by t he DNS server on this switch, it will w ork through the do main list, app ending each domain name in the list to the h ost name, a nd checking w ith the sp ecified name ser vers fo r a match. • If[...]

  • Página 406

    C OMMAND L IN E I NTE RFA CE 4-162 ip name-server This comman d specifies the addres s of one or mor e domain nam e ser ve rs to us e for n ame- to-a ddre ss re solu tio n. Us e the no fo r m t o rem ove a name ser ver from this list. Syntax [ no ] ip name-ser v er ser ver-addr e ss1 [ se r ver-addr ess2 … ser ver-address6 ] • ser ver- addr ess[...]

  • Página 407

    DNS C OMMANDS 4-163 Related Commands ip domain-name (4-159) ip domain-lookup (4-163) ip domain-lookup This command enables DNS host name-to-ad dress trans lation. Use the no for m to disable DNS . Syntax [ no ] ip domain- lookup Default Setting Disabled Command Mode Global Configura tion Command Usage • At least one name se rver must be specifi e[...]

  • Página 408

    C OMMAND L IN E I NTE RFA CE 4-164 Related Commands ip domain-name (4-159) ip name-ser ver (4-162) show h ost s This c ommand displays the static ho st name-to-address mapping table. Command Mode Pri vileged Ex ec Example Note that a host na me will be displayed as an alias if it is mapped to the same addre ss(es) as a previously conf igured entry [...]

  • Página 409

    DNS C OMMANDS 4-165 show d ns This comm and displays the configuration of the DN S server . Command Mode Pri vileged Ex ec Example show d ns ca che This comma nd displ ays en tries i n the DN S cache . Command Mode Pri vileged Ex ec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.c[...]

  • Página 410

    C OMMAND L IN E I NTE RFA CE 4-166 clear dns cache This comm and clears all entries in the DNS cache. Command Mode Pri vileged Ex ec Example Field Description NO The entry number for each resource record. FLAG The flag is alwa ys “4” indicati ng a cache entry and the refore unreliable. TYPE This field include s CNAME which specifies the cano ni[...]

  • Página 411

    DNS C OMMANDS 4-167[...]

  • Página 412

    C OMMAND L IN E I NTE RFA CE 4-167 Interface Commands These comman ds are us ed to d ispla y or set co mmuni cation paramet ers for an Ethernet port, a g g regated link, o r VLAN . Table 4-32. Interface Commands Command Function Mode Page interface Configu res an interface type and enters interface conf iguration mode GC 4-168 descriptio n Adds a d[...]

  • Página 413

    I NTERFACE C OMMANDS 4-168 interface This comma nd config ures an int erface ty pe and enter inte rface config uration m ode. Use the no for m to remo ve a tr unk. Syntax interf ace interface no interface port-channel ch annel -id • interface - ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Ran[...]

  • Página 414

    C OMMAND L IN E I NTE RFA CE 4-169 Default Setting None Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Example The follo wing exam ple adds a descrip tion to port 24. speed-duplex This command co nfigur es the spee d and duplex m ode of a gi ven interfa ce when a utone g oti atio n is dis abled. Use the no for m to restore the[...]

  • Página 415

    I NTERFACE C OMMANDS 4-170 Command Usage • To force op eration to the spe ed and dup lex mode s pecified in a speed-duplex co mmand, use the no negotiation command to disabl e auto-neg otiation on the selected i nterfac e. • When u sing th e negotiation command to enable au to-neg otiat ion, the optimal se ttings will be determined by th e capa[...]

  • Página 416

    C OMMAND L IN E I NTE RFA CE 4-171 Command Usage • Wh en auto-negotiat ion is enabled the switch will ne gotiate the be st setting s for a l ink bas ed on the capabilities comma nd. When auto-negotiation is dis abled, you must manually specify the link attribu tes with the speed- duplex and flowco ntrol commands. • I f autoneg otiation is disab[...]

  • Página 417

    I NTERFACE C OMMANDS 4-172 capabilities This comm and advertises the po rt capabi lities of a give n interface during auto negotia tion. Use the no for m w ith parame ters to re mov e an adver tised capability , or the no for m without parame ters to restor e the default values. Syntax [ no ] capabi lities { 1000full | 100f ull | 100hal f | 10full [...]

  • Página 418

    C OMMAND L IN E I NTE RFA CE 4-173 Example The fo llowing example configures Ethe r net por t 5 capabilities to 100half, 100full and flow control. Related Commands nego tiation (4 -170) speed-duplex (4 -169) flowcontro l (4 -173) flowcontrol This command enables flo w control . Use th e no for m to disable flow contr ol. Syntax [ no ] flo w c o n t[...]

  • Página 419

    I NTERFACE C OMMANDS 4-174 • When u sing th e negotiation command to enable au to-neg otiat ion, the optimal se ttings will be determined by th e capabi lities command . To enab le flo w contro l under auto-neg otiati on, “f lowc ontrol ” must be included in th e capabilities lis t for any port • Avoid using flow contro l on a port connecte[...]

  • Página 420

    C OMMAND L IN E I NTE RFA CE 4-175 Default Setting sfp-pref erred-auto Command Mode Interf ace Conf igurati on (Eth ernet) Example This forces t he switc h to use the bu ilt- in RJ- 45 port fo r t he combin ation port 21. shutdown This comman d disabl es an inter face . T o restart a disa bled int erface, use the no for m. Syntax [ no ] shutdown De[...]

  • Página 421

    I NTERFACE C OMMANDS 4-176 switchport broadcas t packet-rate This comma nd config ures broa dcast sto r m contro l. Use the no fo r m to disable br oadcast st or m cont rol. Syntax swi tchpor t broadcast packet-rate rate no switchpor t broadcast rate - Threshol d level as a rate; i.e., pac kets per secon d. (Range: 500 - 262143) Default Setting Ena[...]

  • Página 422

    C OMMAND L IN E I NTE RFA CE 4-177 clear counters This comma nd clears st atistics on an interface . Syntax clear counters interf ace interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-6) Default Setting None Command Mode Pri vileged Ex ec Command Usage Statistics are only init[...]

  • Página 423

    I NTERFACE C OMMANDS 4-178 show i nterfaces status This comm and displays the status for an interface. Syntax show i nterfaces status [ in terface ] • interface - ethernet unit / port - unit - This is device 1. - port - Port number. - port-channel chann el-id (Range: 1-6) - vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all in [...]

  • Página 424

    C OMMAND L IN E I NTE RFA CE 4-179 Example show interfaces counters This comm and displays interface statistics . Syntax show interfaces counters [ interface ] • interface - ethernet unit / port - unit - This is device 1. - port - Port number. - port-channel chann el-id (Range: 1-6) Default Setting Shows the counters for all interfaces. Console#s[...]

  • Página 425

    I NTERFACE C OMMANDS 4-180 Command Mode Nor mal Exec, Pri vileged Exec Command Usage If no interface is specified, infor mation on all inte rfaces is displayed. F or a d escription o f the item s displa yed b y this co mmand, see “Showing P or t Statistics ” on page 3-106. Example Consol e#sh ow int erface s coun ters e ther net 1/ 7 Ethern et [...]

  • Página 426

    C OMMAND L IN E I NTE RFA CE 4-181 show i nterface s swit chport This comm and displays the administrative and operational status of the specified in terfaces . Syntax show interfaces s witchpor t [ in terface ] • interface - ethernet unit / port - unit - This is device 1. - port - Port number. - port-channel chann el-id (Range: 1-6) Default Sett[...]

  • Página 427

    I NTERFACE C OMMANDS 4-182 Field Description Broadcast threshold Shows if broadcas t storm suppression is enabled or disabled; if enabl ed it also shows the thre shold level (page 4-176). Lacp status Shows if Link Aggregation Control Pro tocol has been enabled o r disabled (pa ge 4-190). Ingress/Egress rate limit Shows if rate limiting is enable d,[...]

  • Página 428

    C OMMAND L IN E I NTE RFA CE 4-183 Mirror Port Commands Th is section d escrib es how to mir ror traffic from a so urce por t to a targ et por t. port monitor This command con figures a mirror sessi on. Use the no form to clear a mir ror sess ion. Syntax por t monitor interface [ rx | tx | both ] no por t monitor interface • interface - ethernet [...]

  • Página 429

    M IR R OR P ORT C OMMANDS 4-184 Command Usage • You can mirror traffic from any source port to a destination po rt for real-time analysis. Y ou can then at tach a logic analyz er or RMON prob e to the d estination port and s tudy th e traffic cros sing the s ource port in a completely unobtrusive manner. • T he dest inati on port is set by sp e[...]

  • Página 430

    C OMMAND L IN E I NTE RFA CE 4-185 Command Usage This comman d displ ays th e currently confi gured so urce port, destinat ion por t, and m ir ror mode (i.e., RX, TX , RX/TX). Example The foll owin g sho ws mirrorin g confi gured fro m port 6 to port 11. Rate Limit Commands This f unction allows t he network manag er to co ntrol the maximum rate fo[...]

  • Página 431

    R ATE L IMIT C OMMANDS 4-186 rate-limit This c ommand defines the rate limit for a specific interface. Use this command without specifyi ng a rate t o restore the defaul t rate . Use the no for m to res tore the d efault sta tus of disab led. Syntax rate-lim it { input | output } [ rate ] no rate-limit { input | output } • input – In put rate ?[...]

  • Página 432

    C OMMAND L IN E I NTE RFA CE 4-187 Link Aggregation Comman ds P o rts c an be statically g rouped into an ag gre gate link (i.e., tr unk) to incre ase the ba ndwidt h of a network c onnect ion or to en sure fau lt recover y . Or you can use the Link A g g reg ation Con trol Prot ocol (LACP) to automatic ally neg otiate a tr unk link betwee n this s[...]

  • Página 433

    L INK A GG RE G A T I O N C OMMANDS 4-188 Guidelines for Creating Trunks General Guidelines • Finish co nfiguri ng port tr unks before you con nect th e corresp ondin g network c able s betwee n switch es to a void c reating a loop. • A trunk can have up to eight ports. • T he port s at bo th ends of a conn ection mu st be co nfigu red as tr [...]

  • Página 434

    C OMMAND L IN E I NTE RFA CE 4-189 channel-group This command adds a po r t to a tr unk. Use the no form to remov e a port from a trun k. Syntax channel-group channel-i d no channel-group channel- id - T runk in dex (Range: 1-6) Default Setting Th e cur rent p ort will be add ed to this t r unk. Command Mode Interf ace Conf igurati on (Eth ernet) C[...]

  • Página 435

    L INK A GG RE G A T I O N C OMMANDS 4-190 lacp This command enables 802.3ad Link Ag g regation Control Protocol (LA CP) for th e cur rent int erface. Use the no for m to disable it. Syntax [ no ] lacp Default Setting Disabled Command Mode Inter face Confi guration (Ether net) Command Usage • T he ports on bo th ends of an LACP t runk mus t be co [...]

  • Página 436

    C OMMAND L IN E I NTE RFA CE 4-191 Example Th e following shows LACP enabled on por ts 1 1-13. Be cause L A C P has also bee n enabl ed on the p orts at the o ther end of the l inks , the show interfaces status por t-channel 1 comman d shows that T r unk1 has b een established. Console(config)#interface ethernet 1/11 Console(config-if)#lacp Console[...]

  • Página 437

    L INK A GG RE G A T I O N C OMMANDS 4-192 lacp system-priority This comman d configure s a port's LA CP system priori ty . Use the no for m to rest ore t he defa ult sett ing . Syntax lacp { actor | par tner } system-priority priority no lacp { actor | par tner } system-priori ty • actor - The local side an a ggregate link. • partner - The[...]

  • Página 438

    C OMMAND L IN E I NTE RFA CE 4-193 lacp admin-key (Ethernet Inte rface) Th is comman d configur es a por t's LACP administ ration k ey . Use th e no for m to res tore the d efault setting. Syntax lacp { actor | par tner } admin-key ke y [ no ] lacp { actor | par tner } admin-k ey • actor - The local side an a ggregate link. • partner - The[...]

  • Página 439

    L INK A GG RE G A T I O N C OMMANDS 4-194 Example lacp admin-key (Port Channel) This command configures a port chan nel's LA CP adminis tration k ey stri ng . Use the no for m t o restore th e default s etting . Syntax lacp admin-k ey ke y [ no ] lacp admin-k ey key - The por t channel admin k e y is used to id entify a specific link ag g reg [...]

  • Página 440

    C OMMAND L IN E I NTE RFA CE 4-195 Example lacp port-priority This command c onfigu res LA CP port priority . Use the no for m to res to re the de fault settin g . Syntax lacp { actor | par tner } por t-priority priority no lacp { actor | par tner } por t-priority • actor - The local side an a ggregate link. • partner - The remote s ide of an a[...]

  • Página 441

    L INK A GG RE G A T I O N C OMMANDS 4-196 Example show l acp This c ommand displays LA CP infor mation. Syntax show lacp [ por t-ch annel ] { counter s | inter nal | neighbors | sys-id } • port-channe l - Local identifier for a link aggregation group . (Range: 1-6) • counters - S tatistics for L ACP prot ocol messag es. • inter nal - Configu [...]

  • Página 442

    C OMMAND L IN E I NTE RFA CE 4-197 Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACP DUs received on this channe l group. Marker S ent Number of valid Ma rker PDUs tra nsmitted fro m this channel grou p. Marker Received N umber of valid Marker PDUs received by this chan[...]

  • Página 443

    L INK A GG RE G A T I O N C OMMANDS 4-198 LACPDUs Inter nal Number of seconds before inva lidating received LACPDU information. LACP System Priority LACP system pr iority assigned to this port channel. LACP Port Priority LACP port priority ass igned to this interface within the channel grou p. Adm in Sta te, Oper S tate Administrative or opera tion[...]

  • Página 444

    C OMMAND L IN E I NTE RFA CE 4-199 Console#show lacp 1 neighbors Channel group 1 neighbors ----------------------------------------- -------------------------- Eth 1/1 ----------------------------------------- -------------------------- Partner Admin System ID : 32768, 00-00- 00-00-00-00 Partner Oper System ID : 32768, 00-00-0 0-00-00-01 Partner Ad[...]

  • Página 445

    A DDRESS T ABL E C OMMANDS 4-200 Addre ss Ta ble Com mands These comma nds are use d to con figure th e addre ss table for filte ring speci fied add resses , displa ying current entri es , clearing the ta ble, o r sett ing the agin g time. Console#show lacp 1 sysid Channel group System Priority Syste m MAC Address ----------------------------------[...]

  • Página 446

    C OMMAND L IN E I NTE RFA CE 4-201 mac-add ress-ta ble static This c ommand maps a static address to a destination por t in a VLAN . Use the no for m to remo ve an addr ess . Syntax mac-address-tabl e static mac-address interface interface vlan vlan-i d [ action ] no mac-address-table sta tic mac-address vlan vlan-id • mac-address - MAC a ddress.[...]

  • Página 447

    A DDRESS T ABL E C OMMANDS 4-202 Example clear mac-address-table dynamic This c ommand removes any learned en tries from the forwarding database and cl ears the tra nsmit and re ceive coun ts for a ny st atic or syste m configured entries. Default Setting None Command Mode Pri vileged Ex ec Example show mac-address -table This c ommand shows classe[...]

  • Página 448

    C OMMAND L IN E I NTE RFA CE 4-203 Default Setting None Command Mode Pri vileged Ex ec Command Usage • The MAC Addr ess Table contains the MAC ad dresses associate d with each inter face. Note that the Type fiel d may inc lude the fo llowing types : - Learned - Dynami c address entri es - Permanent - Static en try - Delete-on-r eset - Sta tic ent[...]

  • Página 449

    A DDRESS T ABL E C OMMANDS 4-204 Default Setting 300 seconds Command Mode Global Configura tion Command Usage The aging t ime is used to ag e out dynamica lly learne d forward ing infor mation. Example show mac-address -table aging-time This c ommand shows the aging time for entries in the address table. Default Setting None Command Mode Pri vilege[...]

  • Página 450

    C OMMAND L IN E I NTE RFA CE 4-205 Spanni ng Tree Com mands This secti on incl udes comma nds that config ure the Sp anning T ree Algorithm (S TA ) glo bally for the swit ch, and comma nds that config ure ST A for the s elected interfa ce . Table 4-37. Spanning Tree Commands Command Function Mode Page spanning-tre e Enables the spa nning tree proto[...]

  • Página 451

    S PANNING T REE C OMMANDS 4-206 spanning- tree This comman d enables the Spann ing T ree Algorithm gl obally fo r the switc h. Use the no for m to dis able it. Syntax [no] sp anning-t ree Default Setting Spanning tree is enabled. spanning-tre e spanning-d isabled Disables spa nning tree for an interf ace IC 4-219 spanning-tre e c ost C onfigures th[...]

  • Página 452

    C OMMAND L IN E I NTE RFA CE 4-207 Command Mode Global Configura tion Command Usage The Spann ing T ree Al gorithm (ST A) can be us ed to d etect an d disab le network loops , and to provide backup links betwe en switches, bridges o r ro u t e r s . T h i s a ll o ws t h e s w it c h t o i n t e r a c t w i t h o t h e r br i d g i n g devices (tha[...]

  • Página 453

    S PANNING T REE C OMMANDS 4-208 Command Usage • Spanning Tree Proto col Uses RSTP for the internal state machine, but sends only 802.1D BPDU s . T his cr eates on e spanning tree in stance for the entire network. If m ultiple VLANs are implemented on a network, the path b etw een sp ecifi c VLA N memb ers ma y be inadv ertently disabled to preven[...]

  • Página 454

    C OMMAND L IN E I NTE RFA CE 4-209 Example The follo wing ex ample con figures t he switc h to us e Rapid Spann ing T ree . spanning-tree for ward-time This comm and configures the spanning tree bridge forward time glo bally for this switch. Use the no for m to res tore the d efault. Syntax spanning-tree for w ard- time sec onds no spanning-tree fo[...]

  • Página 455

    S PANNING T REE C OMMANDS 4-210 spanning-tree hello-t ime This comm and configures the spanning tree bridge hello time globally for this sw itch. Use the no for m to res tore the d efault. Syntax spanning-tree hello-ti me tim e no spanning-tree hello-time time - Time in seconds . (Rang e: 1-10 seconds). The maximum v alue is the lowe r of 10 or [(m[...]

  • Página 456

    C OMMAND L IN E I NTE RFA CE 4-211 Command Mode Global Configura tion Command Usage This command s ets the m aximu m time (in s econds) a device can w ait without receiving a configur ation mess age before attemptin g to reconfi gure. All device p orts (ex cept for desi gnated po r ts) sho uld recei v e configur ation mes sages at re gular interval[...]

  • Página 457

    S PANNING T REE C OMMANDS 4-212 Command Usage Bridge prio rity is used in selec ting the root devic e, root port, and designa ted po rt . The d evice with the highe st prio rity beco mes the STA root devi ce. Howe ver , if all device s hav e the same priori ty , the device with the lo west MA C address will then beco me the r oot device . Example s[...]

  • Página 458

    C OMMAND L IN E I NTE RFA CE 4-213 Example spanning-tree transm ission-limit This comman d configur es the mini mum i nter v al betw een the t ransmis sion of cons ecuti ve RST P/MSTP BPDUs . Use t he no for m to rest ore the defau lt. Syntax spanning-tree transmi ssion-limit count no spanning-tree transmission-limit count - T he transmission limit[...]

  • Página 459

    S PANNING T REE C OMMANDS 4-214 Command Mode Global Configura tion Example Related Commands mst vlan (4 -214) mst priority ( 4 -215) name (4 -216) revision (4 -217) max-hops (4 -218) mst vlan This command a dds VLA Ns to a spann ing tree insta nce. Us e the no for m to remove the sp ecified VL ANs . Using the no for m with out any VLA N paramete rs[...]

  • Página 460

    C OMMAND L IN E I NTE RFA CE 4-215 Command Usage • Us e this co mmand to gro up VLANs in to spann ing tree instance s. MSTP gen erates a unique s panning tree for each inst ance. Thi s provide s multiple pathways across the networ k, thereby balanc ing the traffic l oad, preven ting wid e-scale dis ruption wh en a bridge node in a single inst anc[...]

  • Página 461

    S PANNING T REE C OMMANDS 4-216 Default Setting 32768 Command Mode MST Configuration Command Usage • MST priorit y is used in selecting the ro ot bri dge and a lternate bri dge of the s pecified in stance. Th e device w ith the highest p riority (i.e., l owest numer ical value ) becomes t he MSTI roo t device. Howev er, if all device s have the s[...]

  • Página 462

    C OMMAND L IN E I NTE RFA CE 4-217 Command Usage The MST region name and revision n umber (page 4-217) are used to desig nate a un ique MST re gion. A bridge ( i.e. , span ning-tree compliant device s uch as this swit ch) can only belong to one MS T region. And all b r i d ge s i n t h e s a m e r e g i o n m u s t b e c o n f i g ur e d w i t h t [...]

  • Página 463

    S PANNING T REE C OMMANDS 4-218 Example Related Commands name (4 -216) max-hops This command configures the maxim um n umber of h ops in the region befor e a B PDU is disc ard ed. Us e the no for m to rest ore the defau lt. Syntax max-hops hop-n umber hop- number - Maximum hop number for multiple spa nning tree . (Range: 1-40) Default Setting 20 Co[...]

  • Página 464

    C OMMAND L IN E I NTE RFA CE 4-219 spanning-tree s panning-disabled This comma nd disa bles the spanni ng tre e algorithm for the spe cified interface. Use the no for m to reena ble the spa nning tre e alg orithm for the specified in terface. Syntax [ no ] spanning-tree spann ing-disabled Default Setting Enabl ed Command Mode Interf ace Conf igurat[...]

  • Página 465

    S PANNING T REE C OMMANDS 4-220 Default Setting • Ethernet – half duplex: 2,000, 000; full duplex: 1,000,000; trunk: 500,000 • Fast Ethernet – half duplex: 20 0,000; full duplex: 100,000; trunk: 50,000 • Gigabit Ethernet – full du plex: 10,000; trunk: 5,000 Command Mode Interfac e Confi guration (E ther net, Port Chan nel) Command Usage[...]

  • Página 466

    C OMMAND L IN E I NTE RFA CE 4-221 Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Command Usage • This comm and defi nes th e priorit y for th e use of a port i n the Spannin g Tree Al gorith m. If th e path c ost for al l ports on a sw itch are the s ame, the port with the highe st prior ity (that is, lowe st value) will be[...]

  • Página 467

    S PANNING T REE C OMMANDS 4-222 Command Usage • You can enable this option if an interfa ce is att ached to a LA N segment t hat is at the end of a bridge d LAN or to an end node. Since end node s cann ot cause forwar ding lo ops, th ey can p ass direc tly through to the spannin g tree fo rwarding state. Sp ecifying E dge Port s provides qu icker[...]

  • Página 468

    C OMMAND L IN E I NTE RFA CE 4-223 Command Usage • This command is used to enable/dis able the fast spann ing-tree mode for the sele cted port. In th is mode, ports skip th e Discarding and Learnin g states, a nd procee d straig ht to Forw arding. • Since end- nodes c annot c ause forwar ding loops, t hey can b e passe d through the spanning tr[...]

  • Página 469

    S PANNING T REE C OMMANDS 4-224 Default Setting auto Command Mode Interfac e Confi guration (E ther net, Port Chan nel) Command Usage • Specify a po int-to- point li nk if th e interface can onl y be conn ected to exactly on e other bri dge, o r a shared link if it can be conne cted to tw o or more brid ges. • When auto matic dete ction is sele[...]

  • Página 470

    C OMMAND L IN E I NTE RFA CE 4-225 Default Setting • Ethernet – half duplex: 2,000, 000; full duplex: 1,000,000; trunk: 500,000 • Fast Ethernet – half duplex: 20 0,000; full duplex: 100,000; trunk: 50,000 • Gigabit Ethernet – full du plex: 10,000; trunk: 5,000 Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Command [...]

  • Página 471

    S PANNING T REE C OMMANDS 4-226 spanning- tree mst port-p riority This comma nd config ures the interface p riority on a sp anning in stance in the Multiple Spannin g T ree. Use the no for m to res tore the d efault. Syntax spanning-tree mst instance_id por t-priority priority no spanning-tree mst instance_id por t-priority • instance_id - Instan[...]

  • Página 472

    C OMMAND L IN E I NTE RFA CE 4-227 spanning-tree protocol-m igration This com mand re-c hec ks the ap propri ate BPDU f or mat to send on the sele cted i nterfa ce. Syntax spanning-tree protocol -mig ration interface • interface - ethernet unit / port - unit - This is device 1. - port - Port number. - port-channel chann el-id (Range: 1-6) Command[...]

  • Página 473

    S PANNING T REE C OMMANDS 4-228 show spa nning-t ree This com mand sh ows the conf iguratio n for the comm on spanni ng tr ee (CST) or for an instance with in the multiple spanning t ree (MST). Syntax show spanning-tree [ interfac e | mst instance_id ] • interface - ethernet unit / port - unit - This is device 1. - port - Port number. - port-chan[...]

  • Página 474

    C OMMAND L IN E I NTE RFA CE 4-229 Example Console#show spanning-tree Spanning-tree information ----------------------------------------- ---------------------- Spanning-tree information ----------------------------------------- ---------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :0 Vlans configuration :1-4[...]

  • Página 475

    S PANNING T REE C OMMANDS 4-230 show spanning-t ree mst configuration This comm and shows the multiple spanning tree c onfiguration. Syntax show spanning-tree mst confi guration Command Mode Pri vileged Ex ec Example Console#show spanning-tree mst configurat ion Mstp Configuration Information ----------------------------------------- --------------[...]

  • Página 476

    C OMMAND L IN E I NTE RFA CE 4-231 VLAN Commands A VLAN is a g roup of por ts that c an be locate d anywh ere in the ne twork, but co mmunicat e as th ough they belong t o the s ame ph ysical s egment. This secti on descr ibes comm ands used to creat e VLAN groups , add port members , specify h ow VLA N tag ging i s used, an d enable aut omatic VLA[...]

  • Página 477

    VLAN C OMMANDS 4-232 vlan databa se This c ommand enters VLAN d atabase mode. All commands in this mode will take effect immediately . Default Setting None Command Mode Global Configura tion Command Usage • Use the V LAN databa se command mode to ad d, chang e, and del ete VLANs. Afte r finishing configuration c hanges, you can display th e VLAN [...]

  • Página 478

    C OMMAND L IN E I NTE RFA CE 4-233 vlan This command configures a VLAN . Use the no for m to restore the default settings or de lete a VLAN . Syntax vlan vlan-id [ name vlan -name ] m edia ether net [ state { ac tive | susp end }] no vlan vla n-id [ name | state ] • vlan -id - ID of configured VLAN. (Range: 1-4094, no leading zeroe s) • name - [...]

  • Página 479

    VLAN C OMMANDS 4-234 Example The following example adds a VLAN , using VLAN ID 105 and name RD5. T he VLAN is activated by de fault. Related Commands show vlan (4 -242) Configuring V LAN Interfaces Console(config)#vlan database Console(config-vlan)#vlan 105 name RD5 me dia ethernet Console(config-vlan)# Table 4-40. Configur ing VLAN Interfaces Comm[...]

  • Página 480

    C OMMAND L IN E I NTE RFA CE 4-235 interface vlan This comma nd enters i nterfac e config ura tion mod e for VLANs , which is used to configur e VLAN par ameters for a ph ysical interface . Syntax interface vlan vlan- id vlan-id - ID of the configured VLAN . ( Range: 1-4094, no leading zero es) Default Setting None Command Mode Global Configura tio[...]

  • Página 481

    VLAN C OMMANDS 4-236 switc hport m ode This comma nd config ures the VL AN memb ership mode for a port. Use the no for m to restor e the default . Syntax swi tchpor t mode { tr unk | hybri d } no switchpor t mode • trunk - S p e c i f i e s a p o r t a s a n e n d - p o i n t f o r a V L A N t r u n k . A t r u n k is a di rect link be tween tw o[...]

  • Página 482

    C OMMAND L IN E I NTE RFA CE 4-237 switchport accep table-frame-typ es This comma nd config ures the accept able fra me type s for a po r t. Us e the no for m to r estore th e defaul t. Syntax swi tchpor t acceptable-frame-types { all | tagged } no switchpor t accepta ble-frame-types • all - The p ort accepts all fram es, tagg ed or unt agged. ?[...]

  • Página 483

    VLAN C OMMANDS 4-238 switchpor t ingress-filter ing This c ommand enables in gress filt ering for an in terface . Use th e no for m to restore th e default. Syntax [ no ] switchpor t ingr ess-filtering Default Setting Disabled Command Mode Interfac e Confi guration (E ther net, Port Chan nel) Command Usage • Ing ress filtering only affects ta gge[...]

  • Página 484

    C OMMAND L IN E I NTE RFA CE 4-239 switc hport na tive vlan This c ommand co nfigures the P VID (i.e., default V LAN ID) for a por t. Use the no form to restore the defaul t. Syntax swi tchpor t nativ e vlan vlan -id no switchpor t nativ e vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1 Command M[...]

  • Página 485

    VLAN C OMMANDS 4-240 switc hport allow ed vla n This comma nd config ures VLAN groups on the selec ted inter face . Use the no for m to restor e the default . Syntax swi tchpor t allow ed vlan { add vl an-l ist [ tagged | untagged ] | rem o v e vlan-lis t } no switchpor t allo wed vlan • add vlan-lis t - List o f VLAN identifier s to add. • rem[...]

  • Página 486

    C OMMAND L IN E I NTE RFA CE 4-241 • If a VLAN on the forbidd en list for an interface is manually added to that inte rface, the VL AN is autom atically remove d from the forbidden list for that int erface. Example The following example shows ho w to add VLANs 1, 2, 5 and 6 to the allowed list as tagg ed VLA Ns for port 1. switc hport f orbid den[...]

  • Página 487

    VLAN C OMMANDS 4-242 Example Th e following exampl e shows how to prevent por t 1 fro m being added to VLAN 3. Displaying VLAN Information show vlan This command s hows VL AN infor matio n. Syntax show v lan [ id vlan -id | name vlan- name ] • id - Keyw ord to be f ollowed by the VLAN ID. • vlan -id - ID of the configured VLAN. (Range: 1-4094, [...]

  • Página 488

    C OMMAND L IN E I NTE RFA CE 4-243 Example Th e following exampl e shows how to display inf or mati on for V LAN 1. Configuring Protocol-based VLANs The ne tw ork devi ces r equired t o supp ort mult iple pr otoc ols canno t be easily g rouped into a common VLAN . T his may require non-standard devices to pass traffic bet ween different VLANs in or[...]

  • Página 489

    VLAN C OMMANDS 4-244 T o configure prot ocol-b ased VL ANs , follo w these steps: 1. First configure VLAN groups for the prot ocols y ou w ant to use (page -233). A lthough not mandator y , we sug g est configuring a sepa rate VL AN for ea ch major protoc ol r unn ing on your n etwork. Do not add por t members at this t ime. 2. Create a proto col g[...]

  • Página 490

    C OMMAND L IN E I NTE RFA CE 4-245 Example Th e following creates pr otocol gro up 1, and specifie s Ether net fr ames with IP and A RP prot ocol typ es . protoco l-vlan prot ocol-g roup (Configurin g Interfaces) Th is comman d maps a pr otoco l g roup to a VLAN for th e cur ren t interface. Use the no for m to re mov e the pr otocol map ping for t[...]

  • Página 491

    VLAN C OMMANDS 4-246 • W hen a fr ame en ters a port tha t has be en assig ned to a protoc ol VLAN, it is processed in the follo wing manner: - If the frame is tagg ed, it will be processed according to the standard rules applied to tagg ed frames. - If the fr ame is untagge d and the proto col type ma tches, the frame is forwar ded to the ap pro[...]

  • Página 492

    C OMMAND L IN E I NTE RFA CE 4-247 Example This sho ws protoc ol group 1 conf igured f or IP o ver Ethe r net. show inte rface s prot ocol- vlan proto col- group Th is comman d shows the mapping fro m prot ocol g roups to VLANs f or the se lected i nterfaces . Syntax show interfaces protocol-vlan protocol-gr oup [ interface ] • interface - ethern[...]

  • Página 493

    VLAN C OMMANDS 4-248 Configuring P rivate VLANs Pri vate V LANs pro vide port-based se curity and isolat ion betw een ports with in the as signed V LAN . This sect ion descr ibes co mmands u sed to config ure private V lANs. pvlan This comman d enables or co nfigur es a priv ate VLAN . Use the no for m to disab le the pr iv ate VLAN . Syntax pvlan [...]

  • Página 494

    C OMMAND L IN E I NTE RFA CE 4-249 • Entering t he pvlan command with out any para meters en ables the private VLA N. Enteri ng no pvlan disa bles the pr iva te VLAN . Example This examp le enable s the p riv ate VL AN , and then sets p ort 24 as the uplink and ports 1-8 as the downlinks. show pvlan This comma nd disp lays t he confi gured pr iv [...]

  • Página 495

    GVRP AND B RIDGE E XTENSION C OMMANDS 4-250 GVRP and Bridge E xtens ion Com mands GARP VLA N Registratio n Protoc ol define s a way for switches to exc h ange VLA N infor mation in orde r to au toma tical ly re gist er VLA N members on inte rfaces a cross t he netw ork. This sect ion descr ibes h ow to enable GVRP for individual interfaces and glob[...]

  • Página 496

    C OMMAND L IN E I NTE RFA CE 4-251 Command Mode Global Configura tion Command Usage GVRP defines a way for switches to exchange VLAN infor mation in order to register VLAN membe rs on por ts a cross the network. Th is function sh ould be ena bled to pe r mit auto matic VLAN registratio n, and to suppor t VLAN s which exte nd beyond the loca l switc[...]

  • Página 497

    GVRP AND B RIDGE E XTENSION C OMMANDS 4-252 switchp ort gv rp This command enables GVRP for a port. Use th e no for m to disable it. Syntax [ no ] s w it c h po rt gv rp Default Setting Disabled Command Mode Interfac e Confi guration (E ther net, Port Chan nel) Example show gv rp configu ration This comm and shows if GVRP is enabled. Syntax show gv[...]

  • Página 498

    C OMMAND L IN E I NTE RFA CE 4-253 Example garp t imer This comm and sets the values for the join, leave and leav eall timers . Use the no for m to resto re the time rs’ default values . Syntax gar p timer { jo in | leave | le aveal l } timer_value no gar p timer { join | leav e | leav eall } •{ join | leave | lea veal l } - Wh ich ti mer to se[...]

  • Página 499

    GVRP AND B RIDGE E XTENSION C OMMANDS 4-254 • Time r values are applied to GVRP for all the ports on all VLANs. • Timer values must meet the foll owing re striction s: - leave >= (2 x jo in) - leaveall > leave Note: Set GVRP timers on all La yer 2 device s connect ed in the same network to the same va lues. Otherw ise, GVRP may no t opera[...]

  • Página 500

    C OMMAND L IN E I NTE RFA CE 4-255 Example Related Commands garp timer (4 -253) Priority Commands The com mands described in this section allow you to specify which data pack ets h ave g reat er precedence when tr affic is buffer ed in the switc h due to co nges tion. T his s witch supp or ts CoS with eight p riority queues for each port. Data pack[...]

  • Página 501

    P RIORITY C OMMANDS 4-256 Priority Commands (Layer 2) switc hport prior ity de fault This comma nd sets a p riority for inc oming un tag ged frames . Use the no for m to res tore the defau lt value . Syntax swi tchpor t priority default de faul t-pr iori ty-i d no switchport priority default def ault- prio rity -id - The pr iority num ber fo r unta[...]

  • Página 502

    C OMMAND L IN E I NTE RFA CE 4-257 Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Command Usage • The preceden ce for priorit y mapping i s IP Port, IP Precedence o r IP DSCP , and def ault s witchpo rt prior ity. • T he default p riority a pplies for an untagged frame re ceived on a port set to ac cept all frame ty pes (i[...]

  • Página 503

    P RIORITY C OMMANDS 4-258 queue mode This c ommand sets th e queue mod e to strict p riority or W eighted R ound-R obin (WRR) for the cl ass of service (CoS) prio rity queues . Use the no for m to r estore th e defaul t value. Syntax queue mode { strict | wr r } no queue mode • strict - Services the egress queues in sequential order, transmitting[...]

  • Página 504

    C OMMAND L IN E I NTE RFA CE 4-259 queue ban dwidth This c ommand assigns weig hted round-rob in (WRR) weights to the eight class o f service (CoS) priority que ues . Use the no form to restore the defau lt weights. Syntax queue bandwidth weigh t1. ..wei ght4 no queue bandwidth weight1...weight4 - T he ra tio of w eights for queu es 0 - 3 determine[...]

  • Página 505

    P RIORITY C OMMANDS 4-260 queue cos-map This c ommand as signs class of ser vice (C oS) values to the pr iority que ues (i.e., hardware output q ueues 0 - 7). Use the no form set th e CoS m ap to the de fault values . Syntax queue cos-map queue_ id [ c os1 ... cosn ] no queue cos-map • queue_ id - The I D of th e priority queu e. Ranges are 0 to [...]

  • Página 506

    C OMMAND L IN E I NTE RFA CE 4-261 Example Th e following exampl e shows how to change the Co S assignme nts to a one- to-one mapp ing . Related Commands show queue cos-map (4 -262) show queue mode This comma nd sho ws th e current queue m ode. Default Setting None Command Mode Pri vileged Ex ec Example Console(config)#interface ethernet 1/1 Consol[...]

  • Página 507

    P RIORITY C OMMANDS 4-262 show queue ban dwidth This comma nd displa ys the weigh ted round- robin (WRR) bandwidt h allocatio n for the eigh t priority queues. Default Setting None Command Mode Pri vileged Ex ec Example show queue cos-map This com mand sh ows the cla ss of se r vice p riority map . Syntax show queue cos-map [ interface ] interface [...]

  • Página 508

    C OMMAND L IN E I NTE RFA CE 4-263 Default Setting None Command Mode Pri vileged Ex ec Example Priority Comm ands (Layer 3 and 4) Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 CoS Value : 0 1 2 3 4 5 6 7 Priority Queue: 2 0 1 3 4 5 6 7 Console# Table 4-47. Priority Commands (Layer 3 and 4) Comm and Functi on Mode Pa ge map ip port [...]

  • Página 509

    P RIORITY C OMMANDS 4-264 map ip port (Glob al Configuration) Use this command to enab le IP port map ping (i .e ., class o f service mapping for TCP/ UDP so ck et s). Use the no form to disable IP port mapping . Syntax map ip por t no map ip por t Default Setting Disabled Command Mode Global Configura tion Command Usage Th e prec eden ce fo r pri [...]

  • Página 510

    C OMMAND L IN E I NTE RFA CE 4-265 Default Setting None Command Mode Interf ace Conf iguratio n (Eth ernet, P or t Chann el) Command Usage • The preceden ce for priorit y mapping i s IP Port, IP Precedence o r IP DSCP , and def ault s witchpo rt prior ity. • T his command sets the IP port pr iority fo r all interf aces. Example The follo wing e[...]

  • Página 511

    P RIORITY C OMMANDS 4-266 Example The follo wing example show s ho w to ena ble IP pr ecedence mapping globally: map ip pre cedence (Inter face Configuratio n) This command sets IP precedenc e priority (i.e ., IP T ype of Ser vice prio rity ). Us e the no for m to resto re the default table. Syntax map ip precedence ip-pr ecedence-value cos cos-val[...]

  • Página 512

    C OMMAND L IN E I NTE RFA CE 4-267 Example Th e following example shows how to m ap IP prec edence value 1 to CoS va lu e 0 : map ip dscp (Globa l Configuration) This comm and enables IP DSCP mapping (i.e., Differentiate d Ser vices Code Point mapping). Us e the no for m to disable IP DSCP mapping . Syntax [ no ] map ip dscp Default Setting Disable[...]

  • Página 513

    P RIORITY C OMMANDS 4-268 map ip dscp (Inter fac e Conf igu ratio n) This comm and sets IP DSCP priority (i.e., Differentiated Ser vices Code P oint priority). Use the no form to rest ore the defa ult tab le . Syntax map ip dscp dscp-v alue cos cos-value no map ip dscp • dscp-va lue - 8-bit DSCP value. (Range: 0-255) • cos-va lue - Class -of-Se[...]

  • Página 514

    C OMMAND L IN E I NTE RFA CE 4-269 Example The f ollowing example shows how to map IP DSCP v alue 1 to CoS value 0. show map ip port Use th is command to sho w the I P port priori ty map . Syntax show map ip port [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • port-channel chann el-id (Range: 1-[...]

  • Página 515

    P RIORITY C OMMANDS 4-270 Related Commands map ip port (Global Configuration) (4 -264) map i p port (Interf ace Conf iguratio n) ( 4 -264) show map ip preceden ce This comma nd sho ws th e IP prece dence pri ority m ap . Syntax show map ip precedence [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. ?[...]

  • Página 516

    C OMMAND L IN E I NTE RFA CE 4-271 Related Commands map ip precedence (Global Configura tion) (4 -265) map ip p recedence (I nterface Co nfigurati on) (4 -266) show map ip dscp This comm and shows the IP DSCP priority map . Syntax show map ip dscp [ interface ] interface • ethernet unit / port - unit - This is device 1. - port - Port number. • [...]

  • Página 517

    M ULTICAST F ILTERING C OMMANDS 4-272 Related Commands map ip dscp (Global Configuration) (4 -267) map ip dscp (Interface Configuration) (4 -268) Mult icast Filte ring Comman ds Th is switch uses IGMP ( Inter net G roup Man ageme nt Prot ocol) to qu er y for any a ttac hed hosts that w ant to rece iv e a spec ific m ulticast ser vice . It ident ifi[...]

  • Página 518

    C OMMAND L IN E I NTE RFA CE 4-273 ip igmp snoopi ng This c ommand enable s IGMP snoopin g on this sw itch. Use the no form to dis able i t. Syntax [no] ip ig mp snoopi ng Default Setting Enabl ed Command Mode Global Configura tion Example The follo wing example enables IGMP sno oping . show ip igmp snooping Shows the IGMP s nooping and query confi[...]

  • Página 519

    M ULTICAST F ILTERING C OMMANDS 4-274 ip igmp sno oping vlan static This comm and adds a port to a multicast g roup . Use the no for m to remov e the port. Syntax [ no ] ip igmp snooping vlan vlan-id static ip-ad dr ess interface • vlan -id - VLAN ID (Range: 1-4094) • ip-address - IP address for multicast group • interface - ethernet unit / p[...]

  • Página 520

    C OMMAND L IN E I NTE RFA CE 4-275 ip igmp snooping versio n This comma nd config ures the IGMP snoop ing v ersion . Use th e no for m to restore th e default. Syntax ip igm p snoo ping v ersion { 1 | 2 } no ip igmp snooping version • 1 - IGMP Version 1 • 2 - IGMP Version 2 Default Setting IGMP V ers ion 2 Command Mode Global Configura tion Com[...]

  • Página 521

    M ULTICAST F ILTERING C OMMANDS 4-276 show ip ig mp snooping Th is comman d shows the IG MP snoop ing conf iguratio n. Default Setting None Command Mode Pri vileged Ex ec Command Usage See “Con figuring IGMP Sn ooping an d Query P aramet ers” on page 3-182 for a description of the displa yed items . Example Th e following shows the cur re nt IG[...]

  • Página 522

    C OMMAND L IN E I NTE RFA CE 4-277 Default Setting None Command Mode Pri vileged Ex ec Command Usage Membe r type s disp layed inclu de IGMP o r USE R, depend ing on select ed o ptions. Example The following shows the multicast entries learned through IGMP snoopin g for VLAN 1 : IGMP Query Co mmands (Layer 2) Console#show mac-address-table multicas[...]

  • Página 523

    M ULTICAST F ILTERING C OMMANDS 4-278 ip igmp snooping querier This command enables the switc h as an IGMP queri er . Use the no fo r m to disa ble it. Syntax [ no ] ip igmp snooping querier Default Setting Enabl ed Command Mode Global Configura tion Command Usa ge If enabled, the switch will ser ve as querier if elected. The querier is respon sibl[...]

  • Página 524

    C OMMAND L IN E I NTE RFA CE 4-279 Command Mode Global Configura tion Command Usage Th e quer y count de fines h ow long the querier wa its for a r esponse from a multicast client bef ore ta king ac tion. If a queri er has sent a nu mber of q uerie s define d b y this com mand, but a c lient h as not respond ed, a coun tdown timer is sta rt ed usin[...]

  • Página 525

    M ULTICAST F ILTERING C OMMANDS 4-280 Command Mode Global Configura tion Example The following show s how to configure the query inter val to 100 seconds . ip igmp s nooping query-ma x-respons e-time This comma nd config ures the query report dela y . Use the no form to restore the default. Syntax ip igmp snooping quer y-max-response-time seco nds [...]

  • Página 526

    C OMMAND L IN E I NTE RFA CE 4-281 Example Th e following shows how to configu re the maximum r esponse t ime to 20 second s . Related Commands ip igmp sno oping version (4 -275) ip igm p snoo ping query-max -respon se-tim e (4 -280) ip igmp s nooping router-p ort-expir e-time This comma nd confi gures the query timeout. Use the no for m to restore[...]

  • Página 527

    M ULTICAST F ILTERING C OMMANDS 4-282 Related Commands ip igmp sno oping version (4 -275) Static Multicast Routing Commands ip igmp s nooping vlan mrou ter This comm and statically configures a multicast router por t. Use the no for m to remove the c onfigurat ion. Syntax [ no ] ip igmp snooping vlan vlan-id mrouter interface • vlan -id - VLAN ID[...]

  • Página 528

    C OMMAND L IN E I NTE RFA CE 4-283 Command Usage Depe nding on your network conn ection s, IGMP snoopin g may not alw ays b e able to l ocate th e IGMP q uerier . Therefore , if th e IGMP querier is a known mult icast rout er/switc h connected ov er the netw ork to an int erfac e (por t or tr u nk) on you r router, you can m anually configure that [...]

  • Página 529

    IP I NTERFACE C OMMANDS 4-284 Example Th e following shows that p ort 1 1 in VLAN 1 is attached to a multicast router . IP Inte rface Commands Th ere are no IP add resse s assi gned to this sw itch by defa ult. Y ou mus t manually co nfigure a new ad dress to manag e the sw itch ov er you r network or to connect th e switc h to exi sting IP s ubnet[...]

  • Página 530

    C OMMAND L IN E I NTE RFA CE 4-285 ip a ddre ss This comma nd sets t he IP addre ss for the cur ren tly sele cted VLAN interface. Use the no form to rest ore the default I P address . Syntax ip address { ip-address netmask | bootp | dhcp } no ip address • ip-address - IP address • netm ask - Network mas k for the ass ociated IP s ubnet. This m [...]

  • Página 531

    IP I NTERFACE C OMMANDS 4-286 Note: Before you can change th e IP address, you must first clear the current address with th e no form of this command . Example In the fo llow ing examp le, th e device is assign ed an addr ess in V LAN 1. Related Commands ip dhcp restart (4 -286) ip dh cp re star t This comm and submits a BOOTP or DHCP client reques[...]

  • Página 532

    C OMMAND L IN E I NTE RFA CE 4-287 Example In the fo llow ing examp le, th e device i s reassigne d the sa me address . Related Commands ip address (4 -285) ip def ault -gat eway This c ommand establishes a st atic route between this switch and devices that exis t on anothe r network segmen t. Use the no fo r m to re move t he static r oute. Syntax[...]

  • Página 533

    IP I NTERFACE C OMMANDS 4-288 Related Commands show ip redirects (4 -288) show ip inter face This comm and displays the settings of an IP interface. Default Setting All interfaces Command Mode Pri vileged Ex ec Example Related Commands show ip redirects (4 -288) show ip re directs This comma nd sho ws the d efault gatew ay c onfigured for thi s dev[...]

  • Página 534

    C OMMAND L IN E I NTE RFA CE 4-289 Related Commands If the BOOT P or DHCP server has been mo ved t o a differ ent domain, the network por tion of the address provided to the clie nt will be base d on this new domain. (4 -286) ping Th is comman d send s ICMP echo requ est packets to anothe r node on the network. Syntax ping host [ count co unt ][ si[...]

  • Página 535

    IP I NTERFACE C OMMANDS 4-290 Example Related Commands interface (4 -168) Console #ping 10.1.0 .9 Type ESC to ab ort. PING to 10.1 .0.9, b y 5 32- byte pa yload I CMP packets , timeou t is 5 seconds respons e tim e: 10 m s respons e tim e: 10 m s respons e tim e: 10 m s respons e tim e: 10 m s respons e tim e: 0 ms Ping stat istic s for 10.1.0 .9: [...]

  • Página 536

    C OMMAND L IN E I NTE RFA CE 4-291[...]

  • Página 537

    A-1 A PPENDIX A S OFTWARE S PECIFI CATIO NS Software Features Authentication Local, RADIUS , T A CA CS, P ort (802.1x), HTTPS , SSH, P o rt Security Acc ess Con tro l Lists IP , MA C (up to 32 lists) DHCP Client Port Config uration SMC8624T 10/100/100BASE-T P or ts 1-24 1000B A SE-T : 10/100 Mbps , half/full duplex 1000 Mbps, full d uplex SFP P ort[...]

  • Página 538

    S OFTWARE S PECIFICATIONS A-2 P ort Mi rro ri n g Multiple source por ts, one destination po rt Rate Limits Input L imit Output limit Range (c onfi gured per port) P or t T r unking Static tr u nks (Cis co Ethe rChann el compli ant) Dynam ic trunks (Link A g gregation Contr ol Protoc ol) Spanning T r ee Protoco l Spanning T ree Protocol (STP , IEEE[...]

  • Página 539

    S OFTWARE S PECIFICATIONS A-3 Manage ment Fe atures In-Band Management T elnet, W eb-based HTTP or HTTPS , SNMP manager, or Secure Shell Out-of-Band Mana gement RS-232 DB-9 console port Software Loadi ng TFTP in-band or XModem o ut-of-band SNMP Manag ement a ccess v ia MIB data base T rap management to specified hosts RMON Groups 1, 2, 3, 9 (Statis[...]

  • Página 540

    S OFTWARE S PECIFICATIONS A-4 HTTPS ICMP (RFC 792) IGMP (RFC 1112) IGMPv2 (RFC 2236) RADIUS+ (RFC 2618) RMON (RFC 1757 g roups 1,2,3,9)SNTP (RFC 2030) SNMP (RFC 1157) SNMPv2 (RFC 1907) SSH (V ersio n 2.0) Manageme nt In formati on Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ethernet MI B (RFC 2665) Ether-lik e MIB (RFC 1643) Extended Bridge M[...]

  • Página 541

    B-1 A PPENDIX B T ROUBLESHOOTING Table B-1. Troubleshootin g Chart Symptom Action Cannot con nect using Telnet, W eb browser, or SNMP software • Ensure that you have configured the ag ent with a valid IP address, subnet mas k and default gateway. • If you are tr ying to connect to the a gent via the IP addre ss for a tagged VLAN group, your man[...]

  • Página 542

    T R OUBLESHOOTING B-2[...]

  • Página 543

    Glossary-1 G LOSSA RY Acc ess Co ntrol L ist (A CL) A CLs can limi t netw ork traffic a n d res trict acce ss to certain us ers or devices b y checkin g eac h pack et for certa in IP or MA C (i.e ., La yer 2) infor mation. Boot Proto col (BOOTP) BOOTP is used to pr ovide boot up info r mat ion for ne twork device s, including IP address infor matio[...]

  • Página 544

    G LOSSAR Y Glossary-2 Extensible Authentication Protocol over LAN (EAPOL ) EAPOL is a client authenticat ion protocol used by this switch to verify the network acces s rights for any d evice that is plug g ed into th e switch. A user name an d passw ord is reques ted b y the swi tch, an d then passed to an auth entica tion s er v er (e .g ., RADI U[...]

  • Página 545

    G LOSSAR Y Glossary-3 IEEE 802.1Q VLAN T agg ing —Defines Et hernet frame tags w hich carry VLAN infor mation. I t allows switc hes to ass ign endstations t o different virtual LANs , and defines a stan dard wa y for VLAN s to commun icate across switc hed netw orks . IEEE 802.1p An IEEE standard for providing quality of ser vice (QoS ) in Ether [...]

  • Página 546

    G LOSSAR Y Glossary-4 IGMP Query On each subnetwork, one IGMP-capable device will act as the que rier — that is, the device tha t asks all ho sts to re por t on the IP multicast g roups they wish to join or to which they already belong . The electe d querier will be the device with the lo west IP addres s in the s ubnetw ork. Internet Group Manag[...]

  • Página 547

    G LOSSAR Y Glossary-5 Link Aggregation See Por t Trunk. Link Ag gr egation Control Protocol (LACP) Allows por ts to automatically neg otiat e a tr unked link with LA CP-configu red ports on anothe r device . Management Inf or mation Base (MI B) An acrony m for Management I nfor mation Base . It is a set of d atabase objects t hat contai ns infor ma[...]

  • Página 548

    G LOSSAR Y Glossary-6 Port Trunk Define s a network link ag g reg ation and tr unki ng method which spec ifies how to create a single high-sp eed logical link that combines sev eral lower -speed p hysical links . Private VLANs Pri vate V LANs pro vide port-based se curity and isol ation be tween p orts withi n the assi gned VLAN . Data traff ic on [...]

  • Página 549

    G LOSSAR Y Glossary-7 Sim ple Netwo rk Mana gemen t Pr otoc ol (S NMP) The appl ication proto col in the In ternet sui te of pro tocol s whi ch of fers network manag emen t ser vice s . Simple Networ k Time Protocol (SNTP) SNTP allow s a devic e to set i ts int ernal cloc k based on peri odic updat es from a Netw ork Time Protocol (NTP) se r ver . [...]

  • Página 550

    G LOSSAR Y Glossary-8 User Datagra m Protocol (UDP) UDP pro vides a d atagram mode for pack et-switc hed comm unications . It uses IP as the un derlying transp ort mechani sm to pr ovi de access to IP-li ke ser v ices. UDP packet s are d elivered just l ike IP packe ts – co nnect ion- less dat ag ram s that may b e disc arde d be fore r each ing [...]

  • Página 551

    Index-1 Numerics 802.1x, port authen tication 4-104 A acceptab le frame type 3-155 , 4-237 Access Control List See ACL ACL Extended IP 3-62 , 4-114 , 4-11 6 , 4-120 MAC 3-62 , 4-114 , 4- 135 , 4-136 – 4-139 Standard IP 3-62 , 4-114 , 4-116 , 4-119 address table 3-112 , 4 -200 aging time 3-115 , 4-204 B BOOTP 3-20 , 4-285 BPDU 3-117 broadcast st o[...]

  • Página 552

    I NDE X Index-2 E edge port, STA 3-129 , 3-132 , 4-22 1 event logging 4-58 F firmware displaying version 3-14 , 4-83 upgra ding 3-2 2 , 4-86 G GARP VLAN Regis tration Protocol See GVRP gateway, default 3-18 , 4- 287 GVRP global setting 3-146 , 4-250 interface configu ration 3-155 , 4-252 H hardware version, displ aying 3-14 , 4-83 HTTPS 3-38 , 4-42[...]

  • Página 553

    I NDEX Index-3 multicast groups 3-1 87 , 4-276 displaying 4-276 static 3-187 , 4-274 , 4 -276 multicast services configuring 3-1 88 , 4-274 displaying 3-187 , 4-276 multicast, static router port 3-186 , 4-282 P password, line 4-17 passwords 2-5 administrator setting 3- 33 , 4-35 path cost 3-118 , 3-128 method 3-124 , 4- 212 STA 3-118 , 3-128 , 4-21[...]

  • Página 554

    I NDE X Index-4 interface settings 3- 126 , 3-137 , 3-1 39 , 4-219 – 4-227 , 4-228 link type 3-129 , 3-132 , 4-223 path cost 3-118 , 3-128 , 4-219 path cost method 3-124 , 4-212 port priority 3-129 , 4-220 protocol mig ration 3-133 , 4-227 transmission l imit 3-124 , 4-213 standard s, IEEE A-3 startup files creating 3-25 , 4-86 displaying 3-22 , [...]

  • Página 555

    [...]

  • Página 556

    38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 FOR TECHNICAL SUPPOR T , CALL: From U.S.A. an d Canada (2 4 hours a day , 7 days a week) (800) SMC-4-YOU; Phn: (949) 679-800 0; Fax: (949) 679-1481 Fro m Euro pe: Contac t de tail s can be fo und o n www .smc-europ e.com or ww w .smc.c om INTERNET E-mail a ddresses: techsupp ort@smc.c om europea n.t[...]