Page 1: Management Guide
TigerSwitch 10/100/1000 Gigabit Ethernet Switch ◆ 24 auto-MDI/MDI-X 10/100/1000BASE-T ports ◆ 4 ports shared with 4 SFP transceiver slots ◆ Non-blocking switching architecture ◆ Support for a redundant power unit ◆ Spanning Tree Protocol ◆ Up to six LACP or static 4-port trunks ◆...
Page 3 TigerSwitch 10/100/1000 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 February 2003 Pub. # 150200016900A...
Page 4 Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or oth- erwise under any patent or patent rights of SMC.
Page 5 IMITED ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller.
Page 6 * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase. SMC Networks, Inc. 38 Tesla Irvine, CA 92618...
Page 7: Table Of Contents
Connecting to the Switch ........
Page 8 ONTENTS Displaying Connection Status ......2-32 Configuring Interface Connections ..... . 2-34 Setting Broadcast Storm Thresholds .
Page 9 SNMP IP Filtering ........2-97 Multicast Configuration ........2-99 Configuring IGMP Parameters .
Page 10 ONTENTS delete ..........3-21 dir .
Page 11 show radius-server ........3-55 tacacs-server host ........3-56 tacacs-server port .
Page 12 ONTENTS capabilities ......... . 3-89 flowcontrol .
Page 13 switchport ingress-filtering ......3-127 switchport native vlan ....... . 3-128 switchport allowed vlan .
Page 14 ONTENTS Mirror Port Commands ........3-163 port monitor .
Page 15: Switch Management
(CLI). Note: The IP address for this switch is assigned via DHCP by default. To change this address, see “Setting an IP Address” on page 1-6. The switch’s HTTP Web agent allows you to configure switch parameters, monitor port connections, and display statistics graphically using a standard Web browser such as Netscape Navigator version 6.2 and higher...
Page 16 WITCH ANAGEMENT The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions: • Set user names and passwords for up to 16 users • Set an IP interface for a management VLAN •...
Page 17: Required Connections
Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch.
Page 18: Remote Connections
IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is assigned via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address”...
Page 19: Basic Configuration
Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps: 1.
Page 20: Setting An Ip Address
Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router. Dynamic — The switch sends IP configuration requests to BOOTP or...
Page 21: Manual Configuration
VLAN. Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
Page 22: Dynamic Configuration
If the “bootp” or “dhcp” option is saved to the startup-config file, then the switch will start broadcasting service requests as soon as it is powered To automatically configure the switch by communicating with BOOTP or...
Page 23: Enabling Snmp Management Access
The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
Page 24: Community Strings
Community strings are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level.
Page 25: Saving Configuration Settings
“community-string” is the string associated with that host. Press <Enter>. 2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down.
Page 26: Managing System Files
See“Upgrading Firmware via the Serial Port” on page B-1. Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows.
Page 27: System Defaults
System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file. See “Saving or Restoring Configuration Settings”...
Page 28 WITCH ANAGEMENT Function Security Console Port Connection Port Status Link Aggregation Spanning Tree Protocol Address Table 1-14 Parameter Privileged Exec Level Normal Exec Level Enable Privileged Exec from Normal Exec Level Authentication Baud Rate Data bits Stop bits Parity Local Console Timeout Admin Status Auto-negotiation Flow Control...
Page 29 Function Parameter Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering GVRP (global) GVRP (port interface) Class of Service Ingress Port Priority Weighted Round Robin IP Precedence Priority IP DSCP Priority Multicast Filtering IGMP Snooping Act as Querier Broadcast Storm Status Protection Broadcast Limit Rate...
Page 30 WITCH ANAGEMENT 1-16...
Page 31: Configuring The Switch
Telnet. For more information on using the CLI, refer to Chapter 3 “Command Line Interface.” Prior to accessing the switch from a Web browser, be sure you have first performed the following tasks: 1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection, BOOTP or DHCP protocol.
Page 32 “admin.” Home Page When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side.
Page 33: Navigating The Web Browser Interface
The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics. Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply”...
Page 34: Panel Display
Panel Display The Web agent displays an image of the switch’s ports, indicating whether each link is up or down. Clicking on the image of a port opens the Port Configuration page as described on page 2-34.
Page 35: Main Menu
Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu System System Information...
Page 36 Configures individual trunk settings for STP Configures individual port settings for STP Configures individual trunk settings for STP Displays basic information on the VLAN type supported by this switch and whether or not the port supports VLAN tagging Used to create or remove VLAN groups...
Page 37 Static Multicast Assigns ports that are attached to a neighboring Router Port multicast router/switch Configuration IP Multicast Displays all multicast groups active on this Registration Table switch, including multicast IP addresses and VLAN ID Page 2-77 2-77 2-78 2-81 2-82...
Page 38: Basic Configuration
Command Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system.
Page 39 • Web secure server port HTTPS server. • POST result – Shows results of the power-on self-test * CLI Only Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply.
Page 40: Setting The Ip Address
Console# Setting the IP Address An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and...
Page 41 • Management VLAN – This is the only VLAN through which you can gain management access to the switch. By default, all ports on the switch are members of VLAN 1, so a management station can be connected to any port on the switch. However, if other VLANs are configured and you change the Management VLAN, you may lose management access to the switch.
Page 42 Web – Click System/IP. Specify the Management VLAN, set the IP Address Mode to DHCP or BOOTP. Then click “Apply” to save your changes. The switch will broadcast a request for IP configuration settings on the next power reset. Otherwise, you can click “Restart DHCP” to immediately request a new address.
Page 43: Security
Console# Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service.
Page 44: Troubleshooting Chart
ONFIGURING THE WITCH as soon as possible, and store it in a safe place. (If for some reason your password is lost, you can reload the factory deafults file to restore the default passwords as described in “Troubleshooting Chart” on page A-1.) The default guest name is “guest”...
Page 45: Configuring Radius/Tacacs Logon Authentication
Console(config)#username bob password 0 smith Console(config)# Configuring RADIUS/TACACS Logon Authentication You can configure this switch to authenticate users logging into the system for management access using local, RADIUS, or TACACS+ authentication methods. RADIUS and TACACS+ are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS+-aware devices on the network.
Page 46 - TACACS – User authentication is performed using a TACACS+ server only. - Local – User authentication is performed only locally by the switch. - [authentication sequence] – User authentication is performed by up to three authentication methods in the indicated sequence.
Page 47 The local switch user database has to be set up by manually entering user names and passwords using the CLI. RADIUS Settings • Server IP Address – Address of the RADIUS server. (Default: 10.1.0.1) • Server Port Number – Network (UDP) port of the RADIUS server used for authentication messages.
Page 48 ONFIGURING THE WITCH Web – Click System, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. 2-18...
Page 49: Https
Server port number: 200 Console(config)# HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface. Both the HTTP and HTTPS service can be enabled independently on the switch.
Page 50 • HTTPS Port — Specifies the UDP port number used for HTTPS/ SSL connection to the switch’s Web interface. The default is port 443. Web – Click System/HTTPS Settings. Select “Enabled” for the HTTPS Status and specify the port number, then click “Apply.”...
Page 51: Ssh
SSH-enabled management station clients. Note: There are two versions of the SSH protocol currently available, SSH v1.x and SSH v2.x. The switch supports only SSH v1.5. Command Attributes • SSH Server Status — Allows you to enable/disable the SSH server feature on the switch.
Page 52 You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.
Page 53: Managing Firmware
Web – Click System, Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click “Transfer from Server.”...
Page 54: Saving Or Restoring Configuration Settings
Console(config)#exit Console#reload Saving or Restoring Configuration Settings You can upload/download configuration settings to/from a TFTP server. The configuration file can be later downloaded to restore the switch’s settings. Command Attributes • TFTP Server IP Address – The IP address of a TFTP server.
Page 55 Web – Click System, Configuration. Enter the IP address of the TFTP server, enter the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click “Transfer from Server.”...
Page 56: Copying The Running Configuration To A File
CLI – Enter the IP address of the TFTP server, specify the source file on the server, and set the startup file name on the switch. If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch.
Page 57: Displaying Bridge Extension Capabilities
CLI – If you copy the running configuration to a file, you can set this file as the startup file at a later time, and then restart the switch. Console#copy running-config file destination file name : 051902.cfg Console# Console#config Console(config)#boot system config: 051902.cfg...
Page 58 ONFIGURING THE WITCH • Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses. (Refer to “Setting Static Addresses” on page 2-41.) • VLAN Learning – This switch uses Independent VLAN Learning (IVL), where each port maintains its own filtering database.
Page 59 Web – Click System, Bridge Extension. CLI – Enter the following command. Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Enabled...
Page 60: Displaying Switch Hardware/Software Versions
Loader Version – Version number of loader code. • Boot-ROM Version – Version number of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master (i.e., operating stand-alone). 2-30...
Page 61 ISPLAYING Web – Click System, Switch Information. CLI – Use the following command to display version information. Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status :not present Agent(master) Unit id...
Page 62: Port Configuration
ONFIGURING THE WITCH Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Command Attributes • Name – Interface label. •...
Page 63 Web – Click Port, Port Information or Trunk Information. Modify the required interface settings, and click Apply. CLI – This example shows the connection status for Port 13. Console#show interfaces status ethernet 1/13 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-00-11-11-22-2F Configuration: Name:...
Page 64: Configuring Interface Connections
- FC - Supports flow control. Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is 2-34...
Page 65 used for half-duplex operation and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.) - (Default: Autonegotiation enabled;...
Page 66: Setting Broadcast Storm Thresholds
• The default threshold is 500 packets per second. • Broadcast control does not effect IP multicast traffic. • The specified threshold applies to all ports on the switch. Command Attributes • Threshold – Threshold as percentage of port bandwidth. (Options:...
Page 67 500-262143 packets per second; Default: 500 packets per second) • Broadcast Control Status – Shows whether or not broadcast storm control has been enabled. (Default: Enabled) Web – Click Port, Port Broadcast Control. Set the threshold for all ports, and then click Apply. CLI –...
Page 68: Configuring Port Mirroring
The mirror port and monitor port speeds must match, otherwise traffic may be dropped from the monitor port. • The switch supports only one port mirror session. • The source and target port have to be either both in the port group of 1 to 12 or both in the port group of 13 to 24.
Page 69: Configuring Port Security
Console(config-if)#port monitor ethernet 1/11 Console(config-if)# Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port.
Page 70: Port Security Configuration
ONFIGURING THE WITCH Port Security Action The switch allows you to set the security action to be taken when a port intrusion is detected. This setting applies to all ports on the switch. • Shutdown and Trap — Indicates the action to be taken when a port security violation is detected: - None: Indicates that no action should be taken.
Page 71: Address Table Settings
Setting Static Addresses A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 72: Displaying The Address Table
Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address is forwarded directly to the associated port.
Page 73 Command Usage • You can display entries in the dynamic address table by selecting an interface (either port or trunk), MAC address, or VLAN. • You can sort the information displayed based on interface (port or trunk), MAC address, or VLAN. Web –...
Page 74: Changing The Aging Time
The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (i.e., an STP-compliant switch, bridge or router) in your network to ensure that...
Page 75 RSTP – Rapid Spanning Tree Protocol (IEEE 802.1w). STP uses a distributed algorithm to select a bridging device (STP-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device.
Page 76: Stp Information
Bridge ID — Identifies a unique identifier for the switch in the Spanning Tree. The ID is calculated using the defined Spanning Tree priority of the switch and its MAC address. The lower the Bridge ID, the more likely the switch will act as the root.
Page 77 - Root Port — Specifies the port number on the switch that is closest to the root. The switch communicates with the root device through this port. If there is no root port, the switch has been accepted as the root device of the Spanning Tree network.
Page 78 ONFIGURING THE WITCH * CLI only. Web – Click Spanning Tree, STP Information to display current Spanning Tree information. 2-48...
Page 79 CLI – This example shows the current Spanning Tree settings. Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.) Root Forward Delay (sec.) Designated Root Current root port...
Page 80: Stp Configuration
RSTP node transmits, as described below: • STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 81 - Range: 0-61440, in steps of 4096 - Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 • Hello Time — Interval (in seconds) at which the switch transmits a configuration message. - Default: 2 - Minimum: 1 - Maximum: The lower of 10 or [(Max.
Page 82 ONFIGURING THE WITCH - Default: 15 - Minimum: The higher of 4 or [(Max. Message Age / 2) + 1] - Maximum: 30 • Path Cost Method — The path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface.
Page 83 Web – Click Spanning Tree, STP Configuration. Modify the required attributes, then click Apply. CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes. Console(config)#spanning-tree mode rstp Console(config)#spanning-tree Console(config)#spanning-tree forward-time 15 Console(config)#spanning-tree hello-time 2 Console(config)#spanning-tree max-age 20 Console(config)#spanning-tree priority 40000 Console(config)#spanning-tree pathcost method long Console(config)#spanning-tree transmission-limit 5...
Page 84: Stp Port And Trunk Information
- A port on a network segment with no other STA compliant bridging device is always forwarding. - If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
Page 85 Spanning Tree. • Designated Port — The priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.
Page 86 Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 87 during reconfiguration events, does not cause the spanning tree to reconfigure when the interface changes state, and also overcomes other STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device. Web – Click Spanning Tree, STP Port Information or Spanning Tree, STP Trunk Information.
Page 88: Stp Port And Trunk Configuration
ONFIGURING THE WITCH CLI – This example displys the current Spanning Tree status of a port. Console#show spanning-tree ethernet 1/5 1/ 5 information -------------------------------------------------------------- Admin status Role State Path cost Priority Designated cost Designated port Designated root Designated bridge Fast forwarding Forward transitions Admin edge port Oper edge port...
Page 89 Priority — Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 90 ONFIGURING THE WITCH - Auto — The switch automatically determines if the interface is attached to a point-to-point link or to shared media. • Admin Edge Port — You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node.
Page 91: Vlan Configuration
Web – Click Spanning Tree, STP Port Configuration or STP Trunk Configuration. Modify the required attributes, then click Apply. CLI – This example sets STP attributes for port 5. Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 128 Console(config-if)#spanning-tree cost 19 Console(config-if)#spanning-tree link-type auto Console(config-if)#no spanning-tree edge-port Console#spanning-tree protocol-migration ethernet 1/5 Console#...
Page 92: Assigning Ports To Vlans
Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you...
Page 93 VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the PVID of the receiving port.
Page 94: Forwarding Tagged/Untagged Frames
WITCH configured to broadcast a message to your network indicating the VLAN groups it wants to join. When this switch receives these messages, it will automatically place the receiving port in the specified VLANs, and then forward the message to all other ports. When the message arrives at another switch that supports GVRP, it will also place the receiving port in the specified VLANs, and pass the message on to all other ports.
Page 95: Displaying Basic Vlan Information
VLAN-aware devices (including the destination host), the switch must first strip off the VLAN tag before forwarding the frame. When the switch receives a tagged frame, it will pass this frame onto the VLAN(s) indicated by the frame tag.
Page 96: Displaying Current Vlans
Up Time at Creation – Time this VLAN was created; i.e., System Up Time. • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP. - Permanent: Added as a static entry.
Page 97 Command Attributes for CLI Interface • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. •...
Page 98: Creating Vlans
Console# Creating VLANs Use The VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes •...
Page 99 • State – Shows if this VLAN is enabled or disabled (CLI). - Active: VLAN is operational. - Suspend: VLAN is suspended; i.e., does not pass packets. • Add – Adds a new VLAN group to the current list. • Remove –...
Page 100: Adding Interfaces Based On Membership Type
VLAN via the GVRP protocol. (Note that VLAN 1 is the default untagged VLAN containing all ports on the switch, and cannot be modified via this page.) You can use the VLAN Static Table to assign ports to the specified VLAN group as an IEEE 802.1Q tagged port.
Page 101 therefore not carry VLAN or CoS information. Note that an interface must be assigned to at least one group as an untagged port. - Forbidden: Interface is forbidden from automatically joining the VLAN via GVRP. For more information, see “GVRP” on page 81. - None: Interface is not a member of the VLAN.
Page 102: Adding Interfaces Based On Static Membership
ONFIGURING THE WITCH CLI – The following example shows how to add tagged and untagged ports to VLAN 2. Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 2 tagged Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#switchport allowed vlan add 2 untagged Console(config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#switchport allowed vlan add 2 tagged Adding Interfaces Based on Static Membership Use the VLAN Static Membership by Port menu to assign VLAN groups...
Page 103: Configuring Vlan Behavior For Interfaces
Web – Open VLAN, VLAN Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to display VLAN membership information for the interface. Select a VLAN ID, and then click Add to add the interface as a tagged member, or click Remove to remove the interface.
Page 104 ONFIGURING THE WITCH Command Usage • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. • GARP – Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN.
Page 105 • GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect. (See “Displaying Bridge Extension Capabilities” on page 2-27.) When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.
Page 106 ONFIGURING THE WITCH - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. However, note that frames belonging to the port’s default VLAN (i.e., associated with the PVID) are sent untagged.
Page 107: Class Of Service Configuration
Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port.
Page 108: Mapping Cos Values To Egress Queues
CLI – This example assigns a default priority or 5 to port 3. Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four priority queues for each port, with service schedules based on 2-78 3-85...
Page 109 The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network.
Page 110 ONFIGURING THE WITCH • Traffic Class – Output queue buffer. (Range: 0 - 3, where 3 is the highest CoS priority queue) Web – Click Priority, Traffic Classes. Assign priorities to the output queues, then click Apply. CLI – The following example shows how to map CoS values 0, 1 and 2 to CoS priority queue 0, value 3 to CoS priority queue 1, values 4 and 5 to CoS priority queue 2, and values 6 and 7 to CoS priority queue 3.
Page 111: Setting The Service Weight For Traffic Classes
Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 2-78, the traffic classes are mapped to one of the four egress queues provided for each port.
Page 112: Mapping Layer 3/4 Priorities To Cos Values
Console# Mapping Layer 3/4 Priorities to CoS Values This switch supports a common method of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet.
Page 113: Mapping Ip Precedence
Web – Click Priority, IP Precedence Priority. Select IP Precedence or IP DSCP from the IP Precedence, DSCP Priority Status menu. CLI – The following example globally enables IP Precedence service on the switch. Console(config)#map ip precedence Console# Mapping IP Precedence...
Page 114 ONFIGURING THE WITCH Priority Level Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. • Class of Service Value – Maps a CoS value to the selected IP Precendence value. Note that “0” represents low priority and “7” represent high priority.
Page 115 LASS OF ERVICE ONFIGURATION Web – Click Priority, IP Precedence Priority. Select an IP Precedence value from the IP Precedence Priority Table by clicking on it with your cursor, enter a value in the Class of Service Value field, and then click Apply. Be sure to also select IP Precedence from the IP Precedence, DSCP Priority Status menu.
Page 116: Mapping Dscp Priority
CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 on port 5, and then displays all the IP Precedence settings for that port. (Note that the setting is global and applies to all ports on the switch.)
Page 117 IP DSCP Value 38, 40, 42 46, 56 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. • Class of Service Value – Maps a CoS value to the selected DSCP Priority value. Note that “0” represents low priority and “7” represent high priority.
Page 118 CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 1 to CoS value 0 on port 5, and then displays all the DSCP Priority settings for that port. (Note that the setting is global and applies to all ports on the switch.)
Page 119: Port Trunk Configuration
Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop. • You can create up to six trunks on the switch, with up to four ports per trunk. • The ports at both ends of a connection must be configured as trunk ports.
Page 120: Dynamically Configuring A Trunk With Lacp
LACP. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID.
Page 121 RUNK ONFIGURATION Web – Click Trunk, LACP Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply. 2-91...
Page 122: Statically Configuring A Trunk
ONFIGURING THE WITCH CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/17 Console(config-if)#lacp Console(config-if)#exit Console(config)#interface ethernet 1/18 Console(config-if)#lacp...
Page 123 Web – Click Trunk, Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply.
Page 124: Configuring Snmp
ONFIGURING THE WITCH CLI – This example creates trunk 1 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 1 Console(config-if)#exit Console(config)#interface ethernet 1/11 Console(config-if)#channel-group 1...
Page 125: Setting Community Access Strings
Setting Community Access Strings You may configure up to five community strings authorized for management access. For security reasons, you should consider removing the default strings. Command Attributes Community String – A community string that acts like a password and permits access to the SNMP protocol.
Page 126: Specifying Trap Managers
IP address. • The switch can send SNMP version 1 or version 2c traps to a host IP address, depending on the SNMP version that the management station supports. The default is to send SNMP version 1 traps.
Page 127: Snmp Ip Filtering
Console(config)#snmp-server host 10.1.19.23 batman Console(config)#snmp-server enable traps authentication SNMP IP Filtering The switch allows you to create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software.
Page 128 Note: The default setting is null, which allows all IP groups SNMP access to the switch. If one IP address is configured, the IP filtering is enabled and only addresses in the IP group will have SNMP access.
Page 129: Multicast Configuration
A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router. Although this approach ULTICAST ONFIGURATION...
Page 130: Configuring Igmp Parameters
Configuring IGMP Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
Page 131 This is also referred to as IGMP Snooping. (Default: Disabled) • Act as IGMP Querier — When enabled, the switch can serve as the Querier, which is responsible for asking hosts if they want to receive multicast traffic. (Default: Disabled) •...
Page 132 ONFIGURING THE WITCH which had been receiving query packets) to have expired. (Default: 300 seconds, Range: 300 - 500) • IGMP Version — Sets the protocol version for compatibility with other devices on the network. (Default: 2, Range: 1 - 2) Notes: 1.
Page 133: Interfaces Attached To A Multicast Router
DVMRP, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch. You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router/switch for each VLAN ID.
Page 134: Specifying Interfaces Attached To A Multicast Router
IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups. This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch.
Page 135: Displaying Port Members Of Multicast Services
• VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router/switch. • Port or Trunk – Specifies the interface attached to a multicast router. Web – Click IGMP, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add.
Page 136 VLAN group. Web – Click IGMP, IP Multicast Registration Table. Select the VLAN ID and multicast IP address. The switch will display all the ports that are propagating this multicast service. CLI – This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresponding services.
Page 137: Adding Multicast Addresses To Vlans
Parameters” on page 2-100. For certain application that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
Page 138: Showing Device Statistics
Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMOM MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or 2-108 Eth1/12...
Page 139: Statistical Values
unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of different frame types and sizes passing through each port. All values displayed have been accumulated since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default.
Page 140 ONFIGURING THE WITCH Parameter Transmit Octets Transmit Unicast Packets The total number of packets that higher-level Transmit Multicast Packets Transmit Broadcast Packets Transmit Discarded Packets Transmit Errors Etherlike Statistics Alignment Errors Late Collisions FCS Errors Excessive Collisions 2-110 Description The total number of octets transmitted out of the interface, including framing characters.
Page 141 Parameter Single Collision Frames Internal MAC Transmit Errors Multiple Collision Frames A count of successfully transmitted frames for which Carrier Sense Errors SQE Test Errors Frames Too Long Deferred Transmissions Internal MAC Receive Errors RMON Statistics Drop Events Jabbers Received Bytes Collisions HOWING Description...
Page 142 ONFIGURING THE WITCH Parameter Received Frames Broadcast Frames Multicast Frames CRC/Alignment Errors Undersize Frames Oversize Frames Fragments 64 Bytes Frames 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames 2-112 Description The total number of frames (bad, broadcast and multicast) received.
Page 143 HOWING EVICE TATISTICS Web – Click Statistics, Port Statistics. Select the required interface, and then click Query. You can also use the Refresh button at the bottom of the page to update the screen. 2-113...
Page 144 ONFIGURING THE WITCH CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 17027...
Page 145: Command Line Interface
Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
Page 146: Telnet Connection
10.1.0.1, consists of a network portion (10.1.0) and a host portion (1). To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet.
Page 147: Entering Commands
After you configure the switch with an IP address, you can open a Telnet session by performing these steps. 1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2. At the prompt, enter the user name and system password. The CLI will display the “Vty-0#”...
Page 148: Minimum Abbreviation
OMMAND NTERFACE interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port. You can enter commands as follows: • To enter a simple command, enter the command keyword. • To enter multiple commands, enter each command in the required order.
Page 149: Showing Commands
The system configuration of running SNMP statistics Specify spanning-tree Secure shell The system configuration of starting up Information of system Login by tacacs server Display information about terminal lines System hardware and software status Switch VLAN Virtual Interface NTERING OMMANDS...
Page 150: Partial Keyword Lookup
OMMAND NTERFACE Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.”...
Page 151: Exec Commands
* You must be in Privileged Exec mode to access any of the configuration modes. Exec Commands When you open a new console session on switch with the user name “guest,” the system enters Normal Exec command mode (or guest mode).
Page 152: Configuration Commands
Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in nonvolatile storage, use the copy running-config startup-config command.
Page 153: Command Line Processing
To enter Interface, Line Configuration, or VLAN mode, you must enter the “interface ...,” “line...” or “vlan database” command while in Global Configuration mode. The system prompt will change to “Console(config-if)#,” “Console(config-line)#” or Console(config-vlan)” indicating that you have access privileges to the associated commands. You can use the end command to return to the Privileged Exec mode.
Page 154: Command Groups
Description Basic commands for entering privileged access mode, restarting the system, or quitting the CLI Manages code image or switch configuration files Controls system logs, system passwords, user name, jumbo frame support, browser management options, HTTPS, SSH, and a variety of other system...
Page 155 Command Description Group IGMP Snooping Configures IGMP multicast filtering, querier eligibility, query parameters, and specifies ports attached to a multicast router Priority Sets port priority for untagged frames, relative weight for each priority queue, also sets priority for IP precedence and DSCP Mirror Port Mirrors data to another port for analysis without affecting the data passing through or the performance...
Page 156: General Commands
OMMAND NTERFACE General Commands Command enable disable configure reload exit quit help enable Use this command to activate Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 3-6.
Page 157: Disable
Use this command to return to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes”...
Page 158: Configure
Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, and VLAN Database Configuration.
Page 159: Show History
show history Use this command to show the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 20 commands. Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history:...
Page 160: Reload
Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue <y/n>? y Use this command to return to Privileged Exec mode. Default Setting...
Page 161: Exit
Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# exit Use this command to return to the previous configuration mode or exit the configuration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session:...
Page 162: Flash/File Commands
Flash memory and a TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore 3-18 Function...
Page 163 (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) •...
Page 164 OMMAND NTERFACE • To replace the startup configuration, you must use startup-config as the destination. • The Boot ROM image cannot be uploaded or downloaded from the TFTP server. You must use a direct console connection and access the download menu during a boot up to download the Boot ROM (or diagnostic) image.
Page 165: Delete
delete Use this command to delete a file or image. Syntax delete filename filename - Name of the configuration file or image name. Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted.
Page 166: Dir
The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file • config - Switch configuration file • opcode - Run-time operation code image file. • filename - Name of the file or image. If this file exists but contains errors, information on this file cannot be shown.
Page 167: Whichboot
Example The following example shows how to display all file information: Console#dir -------------------------------- -------------- ------- ----------- Factory_Default_Config.cfg ------------------------------------------------------------------- Console# whichboot Use this command to display which files booted. Default Setting None Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command.
Page 168: Boot System
OMMAND NTERFACE boot system Use this command to specify the file or image used to start up the system. Syntax boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom - Boot ROM •...
Page 169: System Management Commands
Allows jumbo frames to pass through the switch Specifies the port to be used by the Web browser interface Allows the switch to be monitored or configured from a browser Enables the HTTPS server on the switch HTTPS connection to the switch’s Web...
Page 170 OMMAND NTERFACE Command show ip ssh show ssh Event Logging Commands logging on logging history logging host logging facility logging trap clear logging show logging System Status Commands show startup-config show running-config show system show users show version 3-26 Function Displays the status of the SSH server and the configured values for authentication timeout and retries...
Page 171: Hostname
hostname Use this command to specify or modify the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode...
Page 172: Default Setting
OMMAND NTERFACE • {0 | 7} - 0 means plain password, 7 means encrypted password. • password password - The authentication password for the user. (Maximum length: 8 characters plain text, 32 encrypted, case sensitive) Default Setting • The default access level is Normal Exec. •...
Page 173: Enable Password
enable password After initially logging onto the system, you should set the administrator (Privileged Exec) and guest (Normal Exec) passwords. Remember to record them in a safe place. Use the enable password command to set the password for access to the Privileged Exec level from the Normal Exec level.
Page 174: Jumbo Frame
OMMAND NTERFACE Related Commands enable (3-12) jumbo frame Use this command to enable jumbo frames through the switch. Use the no form to disable jumbo frames. Syntax jumbo frame no jumbo frame Default Setting Disabled Command Mode Global Configuration Command Usage •...
Page 175: Ip Http Port
ip http port Use this command to specify the TCP port number used by the Web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting Command Mode...
Page 176: Ip Http Secure-Server
Use this command to enable the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface. Use the no form to disable this function. Syntax...
Page 177: Ip Http Secure-Port
Related Commands ip http secure-port (3-33) ip http secure-port Use this command to specify the UDP port number used for HTTPS/SSL connection to the switch’s Web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port port_number –...
Page 178: Ip Ssh
(3-32) ip ssh Use this command to configure authentication control parameters for the Secure Shell (SSH) server on this switch. Use the no form to restore the default settings. Syntax ip ssh {[timeout seconds] | [authentication-retries count]} no ip ssh {[timeout] | [authentication-retries]} •...
Page 179: Ip Ssh Server
Console(config)#ip ssh authentication-retires 2 Console(config)# Related Commands show ip ssh (3-37) ip ssh server Use this command to enable the Secure Shell (SSH) server on this switch. Use the no form to disable this service. Syntax ip ssh server no ip ssh server...
Page 180: Disconnect Ssh
Telnet sessions and SSH sessions. • The SSH server uses RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.
Page 181: Show Ssh
show ssh Use this command to display the current Secure Shell (SSH) server connections. Command Mode Privileged Exec Command Usage This command shows the following information: • Session – The session number. (Range: 0-3) • Username – The user name of the client. •...
Page 182: Logging On
Command Mode Global Configuration Command Usage The logging process controls error messages saved to switch memory or sent to remote syslog servers. You can use the logging history command to control the type of error messages that are stored in memory.
Page 183: Logging History
(3-39) logging trap (3-42) clear logging (3-43) logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
Page 184: Logging Host
OMMAND NTERFACE Level Argument notifications informational debugging * There are only Level 2, 5 and 6 error messages for the current firmware release. Default Setting Flash: errors (level 3 - 0) RAM: warnings (level 7 - 0) Command Mode Global Configuration Command Usage The message level specified for Flash memory must be a higher priority (i.e., numerically lower) than that specified for RAM.
Page 185: Logging Facility
Default Setting None Command Mode Global Configuration Command Usage • By using this command more than once you can build up a list of host IP addresses. • The maximum number of host IP addresses allowed is five. Example Console(config)#logging host 10.1.0.3 Console(config)# logging facility Use this command to set the facility type for remote logging of syslog...
Page 186: Logging Trap
OMMAND NTERFACE logging trap Use this command to limit syslog messages saved to a remote server based on severity. Use the no form to return the remote logging of syslog messages to the default level. Syntax logging trap level no logging trap level level - One of the level arguments listed below.
Page 187: Clear Logging
clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] • flash - Event history stored in Flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
Page 188: Show Startup-Config
OMMAND NTERFACE Default Setting None Command Mode Privileged Exec Example Console#show logging flash Syslog logging: Disable History logging in FLASH: level errors Console#show logging trap Syslog logging: Enable REMOTELOG status: enable REMOTELOG facility type: local use 3 REMOTELOG level type: Warning conditions REMOTELOG server ip address: 10.1.0.3 REMOTELOG server ip address: 10.1.0.4 REMOTELOG server ip address: 0.0.0.0...
Page 189: Privileged Exec
Command Mode Privileged Exec Example Console#show startup-config building startup-config, please wait... snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1/1...
Page 190: Show Running-Config
OMMAND NTERFACE Related Commands show running-config (3-46) show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory.
Page 191: Show System
Example Console#show running-config building running-config, please wait... snmp-server community private rw snmp-server community public ro ip http port interface vlan 1 ip address 10.1.0.1 255.255.255.0 no bridge 1 spanning-tree line console line vty Console# Related Commands show startup-config (3-44) show system Use this command to display system information.
Page 192: Show Users
DRAM Test ...PASS I2C Initialization...PASS Runtime Image Check ...PASS PCI Device Check ...PASS Switch Driver Initialization...PASS Switch Internal Loopback Test...PASS ------------------- DONE -------------------- Console# show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.
Page 193: Show Version
Example Console#show users Username accounts: Username Privilege -------- --------- guest admin Online users: Line ----------- -------- ----------------- --------------- console vty 0 Console# show version Use this command to display hardware and software version information for the system. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage...
Page 194: Authentication Commands
Operation code version :1.0.1.4 Console# Authentication Commands You can configure the switch to authenticate users logging into the system for management access using local or authentication-server methods. Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are logon...
Page 195: Authentication Login
Command radius-server timeout show radius-server TACACS+ Client tacacs-server host tacacs-server port tacacs-server key show tacacs-server authentication login Use this command to define the login authentication method and precedence. Use the no form to restore the default. Syntax authentication login {[local] [radius] [tacacs]} no authentication login •...
Page 196: Radius-Server Host
OMMAND NTERFACE management access via the console port, a Web browser, or Telnet. These access options must be configured on the authentication server. • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server.
Page 197: Radius-Server Port
Example Console(config)#radius-server host 192.168.1.25 Console(config)# radius-server port Use this command to set the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages.
Page 198: Radius-Server Retransmit
Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode Global Configuration...
Page 199: Radius-Server Timeout
RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) Default Setting Command Mode...
Page 200: Tacacs-Server Host
OMMAND NTERFACE tacacs-server host Use this command to specify the TACACS+ server. Use the no form to restore the default. Syntax tacacs-server host host_ip_address no tacacs-server host host_ip_address - IP address of a TACACS+ server. Default Setting 10.11.12.13 Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25...
Page 201: Tacacs-Server Key
Example Console(config)#tacacs-server port 181 Console(config)# tacacs-server key Use this command to set the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client.
Page 202: Snmp Commands
Server IP address: 10.11.12.13 Communication key with radius server: Server port number: 49 Console# SNMP Commands Controls access to this switch from SNMP management stations, as well as the error types sent to trap managers. Command snmp-server community snmp-server contact Sets the system contact string...
Page 203 Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 32 characters, case sensitive; Maximum number of strings: 5) • ro - Specifies Read-only access. Authorized management stations are only able to retrieve MIB objects.
Page 204: Snmp-Server Contact
OMMAND NTERFACE snmp-server contact Use this command to set the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters) Default Setting None Command Mode...
Page 205: Snmp-Server Host
Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (3-60) snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host.
Page 206 • The switch can send SNMP version 1 or version 2c traps to a host IP address, depending on the SNMP version that the management station supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 traps.
Page 207: Snmp-Server Enable Traps
snmp-server enable traps Use this command to enable this device to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications. Syntax snmp-server enable traps [authentication | link-up-down] no snmp-server enable traps [authentication | link-up-down] •...
Page 208: Snmp Ip Filter
(3-61) snmp ip filter Sets the IP addresses of clients that are allowed management access to the switch via SNMP. Use the no form of this command to remove an IP address. Syntax snmp ip filter ip_address subnet_mask no snmp ip filter ip_address subnet_mask •...
Page 209: Show Snmp
• The default setting is null, which allows all IP groups SNMP access to the switch. If one IP address is configured, the IP filtering is enabled and only addresses in the IP group will have SNMP access.
Page 210: L Ine I Nterface
OMMAND NTERFACE Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs...
Page 211: Ip Commands
IP Commands An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and...
Page 212 VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN.
Page 213: Ip Dhcp Restart
Related Commands ip dhcp restart (3-69) ip dhcp restart Use this command to submit a BOOTP or DCHP client request. Default Setting None Command Mode Privileged Exec Command Usage • DHCP requires the server to reassign the client’s last address if available.
Page 214: Ip Default-Gateway
OMMAND NTERFACE ip default-gateway Use this command to a establish a static route between this device and management stations that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established.
Page 215: Show Ip Redirects
Command Mode Privileged Exec Command Usage This switch can only be assigned one IP address. This address is used for managing the switch. Example Console#show ip interface IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified.
Page 216: Ping
• size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the switch adds header information. Default Setting This command has no default for the host.
Page 217: Line Commands
Example Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 packets received (100%), 0 packets lost (0%) Approximate round trip times:...
Page 218: Line
OMMAND NTERFACE Command silent-time databits parity speed stopbits show line line Use this command to identify a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access. Default Setting There is no default line.
Page 219: Login
Command Mode Line Configuration Command Usage • There are three authentication modes provided by the switch itself at login: - login selects authentication by a single global password as specified by the password line configuration command. When...
Page 220: Password
- no login selects no authentication. When using this method, the management interface starts in Normal Exec (NE) mode. • This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication servers, you must use the RADIUS software installed on those servers.
Page 221: Exec-Timeout
Command Mode Line Configuration Command Usage • When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. You can use the password-thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state.
Page 222: Password-Thresh
OMMAND NTERFACE Default Setting CLI: No timeout Telnet: 10 minutes Command Mode Line Configuration Command Usage • If input is detected, the system resumes the current connection; or if no connections exist, it returns the terminal to the idle state and disconnects the incoming session.
Page 223: Silent-Time
Command Mode Line Configuration Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down.
Page 224: Databits
OMMAND NTERFACE Default Setting The default value is no silent-time. Command Mode Line Configuration Command Usage If the password threshold was not set with the password-thresh command, silent-time begins after the default value of three failed logon attempts. Example To set the silent time to 60 seconds, enter this command: Console(config-line)#silent-time 60 Console(config-line)# Related Commands...
Page 225: Parity
Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character.
Page 226: Speed
OMMAND NTERFACE Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example To specify no parity, enter this command: Console(config-line)#parity none Console(config-line)# speed Use this command to set the terminal line's baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds.
Page 227: Stopbits
Console(config-line)#speed 57600 Console(config-line)# stopbits Use this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} • 1 - One stop bit • 2 - Two stop bits Default Setting 1 stop bit Command Mode...
Page 228: Interface Commands
OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535 Console#...
Page 229: Interface
Command port security clear counters show interfaces status show interfaces counters show interfaces switchport interface Use this command to configure an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-channel channel-id interface •...
Page 230: Description
OMMAND NTERFACE Console(config)#interface ethernet 1/25 Console(config-if)# description Use this command to add a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface.
Page 231: Related Commands
• 1000full - Forces 1000 Mbps full-duplex operation • 100full - Forces 100 Mbps full-duplex operation • 100half - Forces 100 Mbps half-duplex operation • 10full - Forces 10 Mbps full-duplex operation • 10half - Forces 10 Mbps half-duplex operation Default Setting •...
Page 232: Negotiation
Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When auto-negotiation is enabled the switch will negotiate the best settingsn for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 233: Capabilities
• symmetric (Gigabit only) - When specified, the port transmits and receives pause frames; when not specified, the port will auto-negotiate to determine the sender and receiver for asymmetric pause frames. (The current switch ASIC only supports symmetric pause frames.)- Transmits and receives pause frames for flow control Default Setting The default values for Gigabit Ethernet include all settings.
Page 234: Flowcontrol
Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 235: Shutdown
optimal settings will be determined by the capabilities command. To enable flow control under auto-negotiation, “flowcontrol” must be included in the capabilities list for any port. • To force operation to the mode specified in a flowcontrol command, use the no negotiation command to disable auto-negotiation on the selected interface.
Page 236: Switchport Broadcast
OMMAND NTERFACE Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved.
Page 237: Port Security
• This command can enable or disable broadcast storm control for the selected interface. However, the specified threshold value applies to all ports on the switch. • Enabling jumbo frames for the switch will limit the maximum threshold for broadcast storm control to 64 packets per second. Example...
Page 238: Clear Counters
• To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames received on a port for an initial training period, and then enable port security to stop address learning.
Page 239: Show Interfaces Status
Syntax clear counters interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session.
Page 240 OMMAND NTERFACE • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Default Setting None (For a description of the items displayed by this command, see “Displaying Connection Status”...
Page 241: Show Interfaces Counters
show interfaces counters Use this command to display statistics for an interface. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces.
Page 242: Show Interfaces Switchport
OMMAND NTERFACE Example Console#show interfaces counters ethernet 1/7 Ethernet 1/ 7 Iftable stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 3064 Broadcast input: 262, Broadcast output: 1...
Page 243 Default Setting Shows all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. The items displayed by this command include: • Broadcast threshold – Shows if broadcast storm suppression is enabled or disabled;...
Page 244: Address Table Commands
OMMAND NTERFACE Console#show interfaces switchport ethernet 1/15 Information of Eth 1/15 broadcast threshold: Enabled, 256 packets/second Lacp status: Disabled VLAN membership mode: Hybrid Ingress rule: Disabled Acceptable frame type: All frames Native VLAN: 1 Priority for untagged traffic: 0 Gvrp status: Enabled Allowed Vlan: Forbidden Vlan: Console#...
Page 245: Mac-Address-Table Static
• port-channel channel-id (Range: 1-4) • vlan-id - VLAN ID (Range: 1-4094) • action - • delete-on-reset - Assignment lasts until switch is reset. • permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent.
Page 246: Show Mac-Address-Table
OMMAND NTERFACE Example Console(config)#mac-address-table static 00-e0-29-94-34-de ethernet 1/1 vlan 1 delete-on-reset Console(config)# show mac-address-table Use this command to view classes of entries in the bridge-forwarding database. Syntax show mac-address-table [address mac-address [mask]] [interface interface] [vlan vlan-id] [sort {address | vlan | interface}] •...
Page 247: Clear Mac-Address-Table Dynamic
- Delete-on-reset - static entry to be deleted when system is reset • The mask should be hexadecimal numbers (representing an equivalent bit mask) in the form xx-xx-xx-xx-xx-xx that is applied to the specified MAC address. Enter hexadecimal numbers, where an equivalent binary bit “0”...
Page 248: Show Mac-Address-Table Aging-Time
OMMAND NTERFACE Syntax mac-address-table aging-time seconds no mac-address-table aging-time seconds - Time is number of seconds (17-2184). Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time...
Page 249: Spanning Tree Commands
Spanning Tree Commands This section includes commands that configure the Spanning Tree Protocol (STP) for the overall switch, and commands that configure STP for the selected interface. Command spanning-tree spanning-tree mode spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree priority spanning-tree...
Page 250: Spanning-Tree
This allows the switch to interact with other bridging devices (that is, an STP-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
Page 251: Spanning-Tree Mode
RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 252: Spanning-Tree Forward-Time
Console(config)#spanning-tree mode rstp Console(config)# spanning-tree forward-time Use this command to configure the SpanningTree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4-30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
Page 253: Spanning-Tree Hello-Time
Use this command to configure the Spanning Tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds) The maximum value is the lower of 10 or [(max-age / 2) -1].
Page 254: Spanning-Tree Priority
Console(config)#spanning-tree max-age 40 Console(config)# spanning-tree priority Use this command to configure the Spanning Tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge.
Page 255: Spanning-Tree Pathcost Method
Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Page 256: Spanning-Tree Transmission-Limit
OMMAND NTERFACE Example Console(config)#spanning-tree pathcost method long Console(config)# spanning-tree transmission-limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds.
Page 257: Spanning-Tree Cost
spanning-tree cost Use this command to configure the Spanning Tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the interface. (Range – 1-200,000,000) The recommended range is - - Ethernet: 200,000-20,000,000 - Fast Ethernet: 20,000-2,000,000...
Page 258: Spanning-Tree Port-Priority
Command Usage • This command defines the priority for the use of an interface in the Spanning Tree Protocol. If the path cost for all interfaces on a switch are the same, the interface with the highest priority (that is, lowest value) will be configured as an active link in the Spanning Tree.
Page 259: Spanning-Tree Portfast
Related Commands spanning-tree cost (3-113) spanning-tree portfast Use this command to set an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax spanning-tree portfast no spanning-tree portfast Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 260: Spanning-Tree Edge-Port
OMMAND NTERFACE Related Commands spanning-tree edge-port (3-116) spanning-tree edge-port Use this command to specify an interface as an edge port. Use the no form to restore the default. Syntax spanning-tree edge-port no spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 261: Spanning-Tree Protocol-Migration
Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible).
Page 262: Spanning-Tree Link-Type
• When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link.
Page 263: Show Spanning-Tree
show spanning-tree Use this command to show the configuration for the Spanning Tree. Syntax show spanning-tree [interface] • interface • ethernet unit/port-number - unit - This is device 1. - port-number • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage •...
Page 264 OMMAND NTERFACE Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.) Root Forward Delay (sec.) Designated Root Current root port Current root cost Number of topology changes...
Page 265: Vlan Commands
VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 266: Vlan Database
OMMAND NTERFACE Command Display VLAN Information show vlan show interfaces status vlan show interfaces switchport vlan database Use this command to enter VLAN database mode. All commands in this mode will take effect immediately. Default Setting None Command Mode Global Configuration Command Usage •...
Page 267: Vlan
• When no vlan vlan-id state is used, the VLAN returns to the default state (i.e., active). • VLAN 1 cannot be suspended, but any other VLAN can be suspended. • You can configure up to 255 VLANs on the switch. VLAN C OMMANDS...
Page 268: Interface Vlan
OMMAND NTERFACE Example The following example adds a VLAN, using vlan-id 105 and name RD5. The VLAN is activated by default. Console(config)#vlan database Console(config-vlan)#vlan 105 name RD5 media ethernet Console(config-vlan)# Related Commands show vlan (3-131) interface vlan Use this command to enter interface configuration mode for VLANs, and configure a physical interface.
Page 269: Switchport Mode
Related Commands show vlan (3-131) switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN.
Page 270: Switchport Acceptable-Frame-Types
OMMAND NTERFACE switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port passes all frames, tagged or untagged. •...
Page 271: Switchport Ingress-Filtering
switchport ingress-filtering Use this command to enable ingress filtering for an interface. Use the no form to restore the default. Syntax switchport ingress-filtering no switchport ingress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Ingress filtering only affects tagged frames. •...
Page 272: Switchport Native Vlan
OMMAND NTERFACE switchport native vlan Use this command to configure the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1...
Page 273: Switchport Allowed Vlan
VLAN groups as a tagged member. • Frames are always tagged within the switch. The tagged/untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress.
Page 274: Switchport Forbidden Vlan
OMMAND NTERFACE Example The following example shows how to add VLANs 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 2,5,6 tagged Console(config-if)# switchport forbidden vlan Use this command to configure forbidden VLANs. Use the no form to remove the list of forbidden VLANs.
Page 275: Show Vlan
Example The following example shows how to prevent port 1 from being added to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport forbidden vlan add 3 Console(config-if)# show vlan Use this command to show VLAN information. Syntax show vlan [id vlan-id | name vlan-name] •...
Page 276: Gvrp And Bridge Extension Commands
VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB.
Page 277: Show Gvrp Configuration
Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Page 278: Garp Timer
OMMAND NTERFACE garp timer Use this command to set the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} •...
Page 279: Show Garp Timer
Note: Set GVRP timers on all Layer 2 devices connected in the same network to the same values. Otherwise, GVRP will not operate successfully. Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer (3-135) show garp timer Use this command to show the GARP timers for the selected interface.
Page 280: Bridge-Ext Gvrp
GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. Example Console(config)#bridge-ext gvrp...
Page 281: Show Bridge-Ext
show bridge-ext Use this command to show the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 2-65 and “Displaying Bridge Extension Capabilities” on page 2-27 for a description of the displayed items.
Page 282: Igmp Snooping Commands
OMMAND NTERFACE IGMP Snooping Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 283: Ip Igmp Snooping
Use this command to enable IGMP snooping on this switch. Use the no form to disable it. Syntax ip igmp snooping no ip igmp snooping Default Setting...
Page 284: Ip Igmp Snooping Vlan Static
OMMAND NTERFACE ip igmp snooping vlan static Use this command to add a port to a multicast group. Use the no form to remove the port. Syntax ip igmp snooping vlan vlan-id static ip-address interface no ip igmp snooping vlan vlan-id static ip-address interface •...
Page 285: Ip Igmp Snooping Version
• All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1. • Some commands are only enabled for IGMPv2, including ip igmp query-max-response-time and ip igmp query-timeout.
Page 286: Show Mac-Address-Table Multicast
OMMAND NTERFACE Command Mode Privileged Exec Command Usage See ““Configuring IGMP Parameters” on page 2-100 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Query count: 2 Query interval: 125 sec Query max response time: 10 sec...
Page 287: Ip Igmp Snooping Querier
VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------- 224.1.2.3 Console# ip igmp snooping querier Use this command to enable the switch as an IGMP snooping querier. Use the no form to disable it. Syntax ip igmp snooping querier no ip igmp snooping querier...
Page 288: Ip Igmp Snooping Query-Count
Syntax ip igmp snooping query-count count no ip igmp snooping query-count count - The maximum number of queries issued for which there has been no response before the switch takes action to solicit reports. (Range: 2-10) Default Setting 2 times...
Page 289: Ip Igmp Snooping Query-Interval
Use this command to configure the snooping query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds Command Mode...
Page 290 Global Configuration Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of...
Page 291: Ip Igmp Snooping Router-Port-Expire-Time
- The time the switch waits after the previous querier stops before it considers the router port (i.e., the interface which had been receiving query packets) to have expired.
Page 292: Ip Igmp Snooping Vlan Mrouter
IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups.
Page 293: Show Ip Igmp Snooping Mrouter
show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage...
Page 294: Priority Commands
Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 295: Switchport Priority Default
Command Layer 3 and 4 Priority Commands map ip precedence map ip precedence map ip dscp map ip dscp show map ip precedence show map ip dscp switchport priority default Use this command to set a priority for incoming untagged frames, or the priority of frames received by the device connected to the specified interface.
Page 296: Queue Bandwidth
If the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. • This switch provides four priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the queue bandwidth command.
Page 297: Queue Cos-Map
Command Mode Global Configuration Command Usage WRR allows bandwidth sharing at the egress port by defining scheduling weights. Example The following example shows how to assign WRR weights of 1, 3, 5 and 7 to the CoS priority queues 0, 1, 2 and 3: Console(config)#queue bandwidth 1 3 5 7 Console(config)# Related Commands...
Page 298 OMMAND NTERFACE Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.
Page 299: Show Queue Bandwidth
Related Commands show queue cos-map (3-155) show queue bandwidth Use this command to display the Weighted Round-Robin (WRR) bandwidth allocation for the four class of service (CoS) priority queues. Default Setting None Command Mode Privileged Exec Example Console#show queue bandwidth Queue ID Weight -------- ------ Console#...
Page 300: Map Ip Precedence (Global Configuration)
OMMAND NTERFACE Default Setting None Command Mode Privileged Exec Example Console#show queue cos-map ethernet 1/11 Information of Eth 1/11 Queue ID Traffic class -------- ------------- Console# map ip precedence (Global Configuration) Use this command to enable IP precedence mapping (i.e., IP Type of Service).
Page 301: Map Ip Precedence (Interface Configuration)
Example The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence Console(config)# map ip precedence (Interface Configuration) Use this command to set IP precedence priority (i.e., IP Type of Service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value no map ip precedence...
Page 302: Map Ip Dscp (Global Configuration)
OMMAND NTERFACE Command Usage • The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority. • IP Precedence values are mapped to default Class of Service values on a one-to-one basis according to recommendations in the IEEE 802.1p standard, and then mapped to the queue defaults.
Page 303: Map Ip Dscp (Interface Configuration)
• IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type. Example The following example shows how to enable IP DSCP mapping globally: Console(config)#map ip dscp Console(config)# map ip dscp (Interface Configuration) Use this command to set IP DSCP priority (i.e., Differentiated Services Code Point priority).
Page 304: Show Map Ip Precedence
OMMAND NTERFACE Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard, and then mapped to the queue defaults.
Page 305: Show Map Ip Dscp
Command Mode Privileged Exec Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --- Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Console# Related Commands...
Page 306 OMMAND NTERFACE Command Mode Privileged Exec Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Console# Related Commands map ip dscp (Global Configuration) (3-158)
Page 307: Mirror Port Commands
[rx | tx | both] no port monitor interface • interface - ethernet unit/port (source port) - unit - Switch (unit 1). - port - Port number. • rx - Mirror received packets. • tx - Mirror transmitted packets.
Page 308: Show Port Monitor
• The source and destination ports have to be either both in the port range 1-12 or both in the port range 13-24. Example The following example configures the switch to mirror all packets from port 6 to port 11: Console(config)#interface ethernet 1/11...
Page 309 Default Setting Shows all sessions. Command Mode Privileged Exec Command Usage This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX, RX/TX). Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end...
Page 310: Port Trunking Commands
For static trunks, the switches have to be compatible with the Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP. This switch supports up to six trunks. For example, a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex.
Page 311: Channel-Group
Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk. • Use no interfaces port-channel to remove a trunk from the switch. • The maximum number of ports that can be combined as a static trunk is four 10/100 Mbps ports, and two 1000 Mbps ports.
Page 312: Lacp
• A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 313 Example The following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that Trunk 1 has been established. Console(config)#interface ethernet 1/11 Console(config-if)#lacp Console(config-if)#exit Console(config)#interface ethernet 1/12...
Page 314 OMMAND NTERFACE 3-170...
Page 315: Troubleshooting
VLAN access to the switch (default is VLAN 1). • Check that you have a valid network connection to the switch and that the port you are using has not been disabled. • Check network cabling between the management station and the switch.
Page 316 ROUBLESHOOTING...
Page 317 TFTP. Downloading large runtime code files via TFTP is normally much faster than downloading via the switch’s serial port. You can upgrade switch firmware by connecting a PC directly to the serial Console port on the switch’s front panel and using VT100 terminal emulation software that supports the XModem protocol.
Page 318: Upgrading Firmware Via The Serial Port
[X]modem Download [C]hange Baudrate Select> 5. Press <C> to change the baud rate of the switch’s serial connection. 6. Press <B> to select the option for 115200 baud. There are two baud rate settings available, 9600 and 115200. Using the higher baud rate minimizes the time required to download firmware code files.
Page 319 <D> for diagnostic code, or ,<L> for loader code. Caution: If you select <L> for loader code, be sure the file is a valid loader code file for the switch. If you download an invalid file, the switch will not be able to boot. Unless absolutely necessary, do not attempt to download loader code files.
Page 320 Startup File menu option. 13. When you have finished downloading code files, use the [C]hange Baudrate menu option to change the baud rate of the switch’s serial connection back to 9600 baud. 14. Set your PC’s terminal emulation software baud rate back to 9600 baud.
Page 321: Pin Assignments
Console Port Pin Assignments The DB-9 serial port on the switch’s front panel is used to connect to the switch for out-of-band console configuration. The onboard menu-driven configuration program can be accessed from a terminal, or a PC running a terminal emulation program.
Page 322: Console Port To 9-Pin Dte Port On Pc
SSIGNMENTS Console Port to 9-Pin DTE Port on PC Switch’s 9-Pin Serial Port 2 RXD 3 TXD 5 SGND No other pins are used. Console Port to 25-Pin DTE Port on PC Switch’s 9-Pin Serial Port 2 RXD 3 TXD 5 SGND No other pins are used.
Page 323: Glossary
10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cable. 100BASE-TX IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5 UTP cable. 1000BASE-T IEEE 802.3ab specification for Gigabit Ethernet over two pairs of Category 5, 5e 100-ohm UTP cable.
Page 324: Fast Ethernet
A 100 Mbps network communication system based on Ethernet and the CSMA/ CD access method. Full Duplex Transmission method that allows switch and network card to transmit and receive concurrently, effectively doubling the bandwidth of that link. GARP VLAN Registration Protocol (GVRP)
Page 325: Gigabit Ethernet
Generic Attribute Registration Protocol (GARP) GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations.
Page 326: Igmp Snooping
LOSSARY IEEE 802.3ab Defines CSMA/CD access method and physical layer specifications for 1000BASE-T Gigabit Ethernet. IEEE 802.3ac Defines frame extensions for VLAN tagging. IEEE 802.3u Defines CSMA/CD access method and physical layer specifications for 100BASE-TX Fast Ethernet. IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links.
Page 327: Ip Multicast Filtering
IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses.
Page 328: Port Mirroring
LOSSARY Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target port to be studied unobstructively. Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links.
Page 329 Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN.
Page 330 LOSSARY Glossary-8...
Page 331: Index
address table 2-41 BOOTP 2-12 broadcast storm, threshold 2-36 Class of Service configuring 2-77 queue mapping 2-77 community string 2-95 configuration settings, saving or restoring 2-24 console port pin assignments C-1 default priority, ingress port 2-77 default settings 1-13 DHCP 2-12 downloading software 2-23 dynamic addresses, displaying 3-102 edge port, STP 3-116...
Page 332 2-96 software downloads 2-23 software version, displaying 2-30 Spanning Tree Protocol 2-44 SSL 3-32 startup files displaying 2-23 setting 2-23 statistics, switch 2-108 Index-2 STP 3-105 3-106 3-107 configuring interfaces 3-105 edge port 3-116 interface settings 3-119 link type 3-118...
Page 334 FOR TECHNICAL SUPPORT, CALL: From U.S.A. and Canada (24 hours a day, 7 days a week) (800) SMC-4-YOU; (949) 679-8000; Fax: (949) 679-1481 From Europe (8:00 AM - 5:30 PM UK Time) 44 (0) 118 974 8700; Fax: 44 (0) 118 974 8701 INTERNET E-mail addresses: techsupport@smc.com...

This manual is also suitable for:

Tigerswitch smc8624t

SMC Networks TigerSwitch 100 Management Manual

1 Switch Management

2 Configuring the Switch

3 Command Line Interface

Troubleshooting

Upgrading Firmware Via the Serial Port

Pin Assignments

Quick Links

Management Guide

Troubleshooting

Related Manuals for SMC Networks TigerSwitch 100

Summary of Contents for SMC Networks TigerSwitch 100