Page 1 Matrix V-Series V2H124-24, V2H124-24FX, and V2H124-24P Fast Ethernet Switch Configuration Guide P/N 9033925-06...
Page 3 ENTERASYS NETWORKS reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult ENTERASYS NETWORKS to determine whether any such changes have been made.
Page 4 This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program/firmware installed on the Enterasys product (including any accompanying documentation, hardware or media) (“Program”) in the package and prevails over any additional, conflicting or inconsistent...
Page 5 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the...
Page 6 (i) license fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized representatives, upon reasonable notice, the right to audit and examine during Your normal...
Page 7 Agreement shall be void and a breach of this Agreement. 12. WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition.
Page 8 Notice...
Page 9: Table Of Contents
Contents Chapter 1: Introduction Key Features Description of Software Features System Defaults Chapter 2: Initial Configuration Connecting to the Switch Configuration Options Required Connections Remote Connections Stack Operations Selecting the Stack Master Broken Link for Wrap-around Topologies Resilient IP Interface for Management Access Automatic Code Update Basic Configuration Console Connection...
Page 10 Contents Displaying Switch Hardware/Software Versions 3-10 Displaying Bridge Extension Capabilities 3-12 Setting the IP Address 3-14 Manual Configuration 3-15 Using DHCP/BOOTP 3-16 Managing Firmware 3-17 Downloading System Software from a Server 3-18 Saving or Restoring Configuration Settings 3-20 Downloading Configuration Settings from a Server 3-21 Console Port Settings 3-23...
Page 11 Contents Configuring 802.1X Port Authentication 3-65 Displaying and Configuring the 802.1x Global Setting 3-66 Configuring Port Settings for 802.1x 3-67 Displaying 802.1x Statistics 3-70 Filtering IP Addresses for Management Access 3-72 Access Control Lists 3-74 Configuring Access Control Lists 3-74 Setting the ACL Name and Type 3-75 Configuring a Standard IP ACL...
Page 12 Contents Spanning Tree Algorithm Configuration 3-123 Displaying Global Settings 3-124 Configuring Global Settings 3-127 Displaying Interface Settings 3-131 Configuring Interface Settings 3-135 Configuring Multiple Spanning Trees 3-137 Displaying Interface Settings for MSTP 3-140 Configuring Interface Settings for MSTP 3-142 VLAN Configuration 3-144 IEEE 802.1Q VLANs 3-144...
Page 13 Contents Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands...
Page 14 Contents System Management Commands 4-24 Device Designation Commands 4-24 prompt 4-24 hostname 4-25 User Access Commands 4-25 username 4-26 enable password 4-27 IP Filter Commands 4-28 management 4-28 show management 4-29 Web Server Commands 4-30 ip http port 4-30 ip http server 4-30 ip http secure-server 4-31...
Page 15 Contents logging sendmail 4-53 show logging sendmail 4-53 Time Commands 4-54 sntp client 4-54 sntp server 4-55 sntp poll 4-56 show sntp 4-56 clock timezone 4-57 calendar set 4-58 show calendar 4-58 System Status Commands 4-59 light unit 4-59 show startup-config 4-59 show running-config 4-61...
Page 16 Contents authentication enable 4-85 RADIUS Client 4-86 radius-server host 4-87 radius-server port 4-88 radius-server key 4-88 radius-server retransmit 4-89 radius-server timeout 4-89 radius-server service-type 4-90 show radius-server 4-92 AAA Accounting 4-92 aaa group server 4-93 server 4-93 aaa accounting 4-94 accounting 4-94 show accounting...
Page 17 Contents show ip access-list 4-117 access-list ip mask-precedence 4-117 mask (IP ACL) 4-118 show access-list ip mask-precedence 4-121 ip access-group 4-122 show ip access-group 4-122 map access-list ip 4-123 show map access-list ip 4-124 match access-list ip 4-124 show marking 4-125 MAC ACLs 4-126...
Page 18 Contents description 4-151 speed-duplex 4-152 negotiation 4-153 capabilities 4-154 flowcontrol 4-155 shutdown 4-156 switchport broadcast packet-rate 4-156 clear counters 4-157 show interfaces status 4-158 show interfaces counters 4-159 show interfaces switchport 4-160 Mirror Port Commands 4-161 port monitor 4-161 show port monitor 4-162 Rate Limit Commands 4-163...
Page 19 Contents max-hops 4-188 spanning-tree spanning-disabled 4-189 spanning-tree cost 4-189 spanning-tree port-priority 4-190 spanning-tree edge-port 4-191 spanning-tree portfast 4-191 spanning-tree link-type 4-192 spanning-tree backup-root 4-193 spanning-tree mst cost 4-194 spanning-tree mst port-priority 4-195 spanning-tree protocol-migration 4-195 show spanning-tree 4-196 show spanning-tree mst configuration 4-198 VLAN Commands 4-198...
Page 20 Contents map ip port (Interface Configuration) 4-218 map ip precedence (Global Configuration) 4-218 map ip precedence (Interface Configuration) 4-219 map ip dscp (Global Configuration) 4-220 map ip dscp (Interface Configuration) 4-220 show map ip port 4-221 show map ip precedence 4-222 show map ip dscp 4-223...
Page 21 Contents Appendix A: Troubleshooting Problems Accessing the Management Interface Using System Logs Appendix B: Software Specifications Software Features Management Features Standards Management Information Bases Glossary Index...
Page 22 Contents...
Page 23 Tables Table 1-1. Key Features Table 1-2. System Defaults Table 3-1. Configuration Options Table 3-2. Switch Main Menu Table 3-3. Logging Levels 3-27 Table 3-4. SNMPv3 Security Models and Levels 3-36 Table 3-5. HTTPS Support 3-57 Table 3-6. 802.1x Statistics 3-70 Table 3-7.
Page 24 Tables Table 4-24. CDP Commands 4-72 Table 4-25. Show CDP Neighbors Output - Capability Codes 4-77 Table 4-26. Show CDP Neighbors Output - Neighbor Types 4-77 Table 4-27. Show CDP Traffic Output 4-78 Table 4-28. PoE Commands 4-79 Table 4-29. Authentication Commands 4-84 Table 4-30.
Page 25 Tables Table 4-69. Multicast Filtering Commands 4-224 Table 4-70. IGMP Snooping Commands 4-225 Table 4-71. IGMP Query Commands (Layer 2) 4-228 Table 4-72. Static Multicast Routing Commands 4-232 Table 4-73. IP Interface Command Syntax 4-233 Table 4-74. DNS Commands 4-238 Table 4-75.
Page 26 Tables xxiv...
Page 27 Figures Figure 3-1. Home Page Figure 3-2. Ports Panel Indicators Figure 3-3. System Information Figure 3-4. V2H124-24P General Switch Information 3-11 Figure 3-5. Bridge Extension Capabilities 3-13 Figure 3-6. VLAN IP Configuration 3-15 Figure 3-7. IP Configuration 3-16 Figure 3-8. Operation Code Image File Transfer 3-18 Figure 3-9.
Page 28 Figures Figure 3-43. 802.1x Port Configuration 3-68 Figure 3-44. Displaying 802.1x Statistics 3-71 Figure 3-45. Entering IP Addresses to be Filtered 3-73 Figure 3-46. Naming and Choosing ACLs 3-75 Figure 3-47. Configuring Standard IP ACLs 3-76 Figure 3-48. Configuring Extended IP ACLs 3-78 Figure 3-49.
Page 29 Figures Figure 3-88. Displaying Basic VLAN information 3-147 Figure 3-89. Displaying VLAN Information by Port Membership 3-148 Figure 3-90. VLAN Static List - Creating Virtual LANs 3-150 Figure 3-91. VLAN Static Table - Adding Static Members 3-152 Figure 3-92. VLAN Static Membership 3-153 Figure 3-93.
Page 30 Figures xxviii...
Page 31: Chapter 1: Introduction
Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
Page 32: Description Of Software Features
Introduction (Continued) Table 1-1. Key Features Feature Description Multicast Filtering Supports IGMP snooping and query AMAP Configures Alcatel Mapping Adjacency Protocol (AMAP) parameters and displays information on attached AMAP-aware devices Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation.
Page 33 Description of Software Features Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections.
Page 34 Introduction Spanning Tree Protocol – The switch supports these spanning tree protocols: Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol adds a level of fault tolerance by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network.
Page 35: System Defaults
System Defaults This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet or the number of the TCP/UDP port. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.
Page 36 Introduction Table 1-2. System Defaults (Continued) Function Parameter Default Web Management HTTP Server Enabled HTTP Port Number HTTP Secure Server Enabled HTTP Secure Port Number SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: defaultview Group: DefaultROGroup (read only);...
Page 37 System Defaults Table 1-2. System Defaults (Continued) Function Parameter Default Traffic Prioritization Ingress Port Priority Weighted Round Robin Queue: 0, 1, 2, 3 Weight: 1, 4, 16, 64 IP Precedence Priority Disabled IP DSCP Priority Disabled IP Settings Management VLAN IP Address 0.0.0.0 Subnet Mask...
Page 38 Introduction...
Page 39: Chapter 2: Initial Configuration
Chapter 2: Initial Configuration Connecting to the Switch Configuration Options This Matrix V-Series V2H124-24, V2H124-24FX and V2H124-24P switches include a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Page 40: Required Connections
Initial Configuration • Configure Spanning Tree parameters • Configure Class of Service (CoS) priority queuing • Configure up to six static or LACP trunks • Filter packets using Access Control Lists (ACLs) • Enable port mirroring • Set broadcast storm control on any port •...
Page 41: Remote Connections
Stack Operations 2. Refer to “Line Commands” on page 4-9 for a complete description of console configuration options. 3. Once you have set up the terminal correctly, the console login screen will be displayed. For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1.
Page 42: Selecting The Stack Master
Initial Configuration Selecting the Stack Master Note the following points about unit numbering: • When the stack is initially powered on, the Master unit is designated as unit 1 for a ring topology. • If more than one stack Master is selected using the Master/Slave push button on the switch’s front panel, the system will select the unit with the lowest MAC address as the Master.
Page 43: Setting Passwords
Basic Configuration Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps: To initiate your console connection, press <Enter>.
Page 44: Setting An Ip Address
Initial Configuration Setting an IP Address You must establish IP address information for the switch to obtain management access through the network. This can be done in either of the following ways: Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.
Page 45: Dynamic Configuration
Basic Configuration Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)# Dynamic Configuration If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart”...
Page 46: Enabling Snmp Management Access
Initial Configuration Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup Console# Enabling SNMP Management Access The switch can be configured to accept management commands from Simple...
Page 47: Trap Receivers
Basic Configuration To configure a community string, complete the following steps: From the Privileged Exec level global configuration mode prompt, type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.) To remove an existing string, simply type “no snmp-server community string,”...
Page 48: Saving Configuration Settings
Initial Configuration In the last step, it assigns a v3 user to this group, indicating that MD5 will be used for authentication, provides the password “greenpeace” for authentication, and the password “einstien” for encryption. Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included Console(config)#snmp-server group r&d v3 auth mib-2 802.1d Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv des56 einstien...
Page 49: Managing System Files
Managing System Files Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file. The three types of files are: •...
Page 50 Initial Configuration 2-12...
Page 51: Chapter 3: Configuring The Switch
Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
Page 52: Navigating The Web Browser Interface
Configuring the Switch Navigating the Web Browser Interface To access the Web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.” Home Page When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below.
Page 53: Panel Display
Navigating the Web Browser Interface Notes: 1. To ensure proper screen refresh, be sure that Internet Explorer 5.x is configured as follows: Under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings,” the setting for item “Check for newer versions of stored pages”...
Page 54 Configuring the Switch Table 3-2. Switch Main Menu (Continued) Menu Description Page 3-26 Logs Stores and displays error messages 3-26 System Logs Sends error messages to a logging process 3-28 Remote Logs Configures the logging of messages to a remote logging process 3-28 SMTP Sends an SMTP client message to a participating server 3-30...
Page 55 Navigating the Web Browser Interface Table 3-2. Switch Main Menu (Continued) Menu Description Page Port Security Configures per port security, including status, response for 3-63 security breach, and maximum allowed MAC addresses 802.1x Port authentication 3-65 Information Displays the global configuration setting 3-66 Configuration Configures the global configuration setting...
Page 56 Configuring the Switch Table 3-2. Switch Main Menu (Continued) Menu Description Page Enterasys 3-110 Cabletron Discovery Protocol home page 3-110 Global Settings Configures global CDP settings 3-110 Port Settings Configures CDP settings on a per port basis 3-112 Neighbors Information...
Page 57 Navigating the Web Browser Interface Table 3-2. Switch Main Menu (Continued) Menu Description Page Basic Information Displays basic information on the VLAN type supported by this 3-147 switch Current Table Shows the current port members of each VLAN and whether or 3-148 not the port supports VLAN tagging Static List...
Page 58: Basic Configuration
Configuring the Switch Table 3-2. Switch Main Menu (Continued) Menu Description Page Static Multicast Router Port Assigns ports that are attached to a neighboring multicast router/ 3-175 Configuration switch IP Multicast Registration Displays all multicast groups active on this switch, including 3-176 Table multicast IP addresses and VLAN ID...
Page 59: Figure 3-3. System Information
Basic Configuration Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that access the Command Line Interface via Telnet.) Figure 3-3. System Information...
Page 60: Displaying Switch Hardware/Software Versions
Console(config)#snmp-server location TPS - 2nd Floor 4-140 Console(config)#snmp-server contact David 4-140 Console#show system System description: Enterasys Networks, Inc. V2H124-24; SW version: V2.5.2.1 System OID string: 1.3.6.1.4.1.5624.2.1.62 System information System Up time: 0 days, 5 hours, 3 minutes, and 38.47 seconds...
Page 61: Figure 3-4. V2H124-24P General Switch Information
Basic Configuration Management Software • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master or Slave. Expansion Slot •...
Page 62: Displaying Bridge Extension Capabilities
Configuring the Switch CLI – Use the following command to display version information. Console#show version 4-64 Unit1 Serial number: 033840352141 Service tag: 0000000 Hardware version: Module A type: Stacking Module Module B type: Combo 1000BaseT SFP Number of ports: Main power status: Redundant power status: not present Agent (master)
Page 63: Figure 3-5. Bridge Extension Capabilities
Basic Configuration • Local VLAN Capable – This switch does not support multiple local bridges (i.e., multiple Spanning Trees). • GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering.
Page 64: Setting The Ip Address
Configuring the Switch Setting the IP Address An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network.
Page 65: Manual Configuration
Basic Configuration Manual Configuration Web – Click System, IP. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” enter the IP address, subnet mask and gateway, then click Apply Figure 3-6. VLAN IP Configuration CLI –...
Page 66: Using Dhcp/Bootp
Configuring the Switch Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web – Click System, IP Configuration. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes.
Page 67: Managing Firmware
Basic Configuration Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service via the CLI.
Page 68: Downloading System Software From A Server
Configuring the Switch Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file. Web –Click System, File Management, Copy Operation.
Page 69: Figure 3-10. Deleting Files
Basic Configuration To delete a file, select System, File, Delete. Select the file name from the given list by checking the tick box and then click Apply. Note that t he file currently designated as the startup code cannot be deleted. Figure 3-10.
Page 70: Saving Or Restoring Configuration Settings
Configuring the Switch Saving or Restoring Configuration Settings You can upload/download configuration settings to/from a TFTP server or copy files to and from switch units in a stack. The configuration files can be later downloaded to restore the switch’s settings. Command Attributes •...
Page 71: Downloading Configuration Settings From A Server
Basic Configuration Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as the destination on the switch.
Page 72 Configuring the Switch CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config 4-66 TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.
Page 73: Console Port Settings
Basic Configuration Console Port Settings You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings. These parameters can be configured via the Web or CLI interface.
Page 74: Figure 3-13. Console Port Settings
Configuring the Switch Web – Click System, Line, Console. Specify the console port connection parameters as required, then click Apply. Figure 3-13. Console Port Settings CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level.
Page 75: Telnet Settings
Basic Configuration Telnet Settings You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other various parameters set, including the TCP port number, timeouts, and a password.
Page 76: Configuring Event Logging
Configuring the Switch CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the current virtual terminal settings, use the show line command from the Normal Exec level. Console(config)#line vty 4-10 Console(config-line)#login local 4-11 Console(config-line)#password 0 secret...
Page 77: Table 3-3. Logging Levels
Basic Configuration Table 3-3. Logging Levels Level Severity Name Description Debug Debugging messages Informational Informational messages only Notice Normal but significant condition, such as cold start Warning Warning conditions (e.g., return false, unexpected return) Error Error conditions (e.g., invalid input, default used) Critical Critical conditions (e.g., memory allocation, or free memory error - resource exhausted)
Page 78: Remote Log Configuration
Configuring the Switch Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the event messages sent to only those messages at or above a specified level. Command Attributes •...
Page 79: Displaying Log Messages
Basic Configuration CLI – Enter the syslog server host IP address, choose the facility type and set the minimum level of messages to be logged. Console(config)#logging host 192.168.1.7 4-46 Console(config)#logging facility 23 4-46 Console(config)#logging trap 4 4-47 Console(config)#end Console#show logging trap 4-49 Syslog logging: Enabled...
Page 80: Sending Simple Mail Transfer Protocol Alerts
Configuring the Switch CLI – This example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “debugging” (i.e., default level 7 - 0), and lists one sample error. Console#show logging flash 4-49 Syslog logging: Enable...
Page 81: Figure 3-18. Enabling And Configuring Smtp Alerts
Basic Configuration Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP address to the SMTP Server List, type the new IP address in the SMTP Server text box and then click Add. To delete an IP address, click the entry in the SMTP Server List and then click Remove.
Page 82: Resetting The System
4-53 SMTP servers ----------------------------------------------- 1. 192.168.1.4 SMTP minimum severity level: 4 SMTP destination email addresses ----------------------------------------------- 1. someone@Enterasys.com SMTP source email address: Matrix-V-Series@Enterasys.com SMTP status: Enabled Console# Resetting the System Web – Select System, Reset to reboot the switch. When prompted, confirm that you want reset the switch.
Page 83: Setting The System Clock
Basic Configuration Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.
Page 84: Setting The Time Zone
Configuring the Switch CLI – This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings. Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2 4-55 Console(config)#sntp poll 60 4-56 Console(config)#sntp client 4-54 Console(config)#exit Console#show sntp 4-56 Current time: June 6 14:56:05 2004...
Page 85: Configuring Snmp
Configuring SNMP CLI - This example shows how to set the time zone for the system clock. Console(config)#clock timezone Pacific hours 8 minute 0 before-UTC 4-54 Console# Configuring SNMP Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
Page 86: Enabling Snmp
Configuring the Switch Table 3-4. SNMPv3 Security Models and Levels Model Level Group Read View Write View Security noAuthNoPriv DefaultROGroup defaultview none Community string only noAuthNoPriv DefaultRWGroup defaultview defaultview Community string only noAuthNoPriv user defined user defined user defined Community string only noAuthNoPriv DefaultROGroup defaultview none...
Page 87: Setting Community Access Strings
Configuring SNMP Setting Community Access Strings You may configure up to five community strings authorized for management access by clients using SNMP v1 and v2c. All community strings used for IP Trap Managers should be listed in this table. For security reasons, you should consider removing the default strings.
Page 88: Specifying Trap Managers
Configuring the Switch Specifying Trap Managers Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as HP OpenView).
Page 89: Configuring Snmpv3 Management Access
Configuring SNMP CLI – This example adds a trap manager and enables authentication traps. Console(config)#snmp-server host 10.1.19.23 batman private version 2c udp-port 162 4-141 Console(config)#snmp-server enable traps authentication 4-142 Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch, follow these steps: If you want to change the default engine ID, it must be changed first before configuring other parameters.
Page 90: Configuring Snmpv3 Users
Configuring the Switch CLI – This example sets an SNMPv3 engine ID. Console(config)#snmp-server engine-id local 12345abcdef 4-143 Console(config)#exit Console#show snmp engine-id 4-144 Local SNMP engineID: 12345abcdef000000000000000 Local SNMP engineBoots: 1 Console# Configuring SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group.
Page 91: Figure 3-26. Configuring Snmpv3 Users
Configuring SNMP Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
Page 92: Configuring Snmpv3 Groups
Configuring the Switch CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user chris group r&d v3 auth md5 greenpeace priv des56 einstien 4-148 Console(config)#exit Console#show snmp user 4-149 EngineId: 80000034030001f488f5200000 User Name: chris Authentication Protocol: md5...
Page 93: Figure 3-27. Configuring Snmpv3 Groups
Configuring SNMP Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a security model and level, and then select read and write views. Click Add to save the new group and return to the Groups list. To delete a group, check the box next to the group name, then click Delete.
Page 94: Setting Snmpv3 Views
Configuring the Switch CLI – Use the snmp-server group command to configure a new group, specifying the security model and level, and restricting MIB access to defined read and write views. Console(config)#snmp-server group v3secure v3 priv read defaultview write defaultview 4-146 Console(config)#exit Console#show snmp group...
Page 95: Figure 3-28. Configuring Snmpv3 Views
Configuring SNMP Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view. Click Back to save the new view and return to the SNMPv3 Views list.
Page 96: User Authentication
Configuring the Switch CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the wildcard mask selects all index entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2.1.2.2.1.1.* included 4-144 Console(config)#exit Console#show snmp view 4-145 View Name: ifEntry.a Subtree OID: 1.3.6.1.2.1.2.2.1.1.*...
Page 97: Figure 3-29. Configuring User Accounts
User Authentication Command Attributes • Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin, and guest) • New Account – Allows configuration of a new account with Normal or Privileged access. • Add/Remove – Adds or removes an account from the list. •...
Page 98: Configuring Local/Remote Logon Authentication
Configuring the Switch Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.
Page 99 User Authentication Command Attributes • Authentication – Select the authentication, or authentication sequence required: - Local – User authentication is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server only. - TACACS – User authentication is performed using a TACACS+ server only. - [authentication sequence] –...
Page 100: Figure 3-30. Setting Local, Radius And Tacacs Authentication
Configuring the Switch Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. Figure 3-30. Setting Local, RADIUS and TACACS Authentication 3-50...
Page 101: Radius Aaa Accounting
User Authentication CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius 4-84 Console(config)#radius-server port 181 4-88 Console(config)#radius-server key green 4-88 Console(config)#radius-server retransmit 5 4-89 Console(config)#radius-server timeout 10 4-89 Console(config)#radius-server 1 host 192.168.1.25 4-87 Console(config)#exit Console#show radius-server 4-92 Remote RADIUS server configuration: Global settings:...
Page 102: Configuring Aaa Radius Group Settings
Configuring the Switch Web – Click Security, AAA, Accounting Settings. To configure a new accounting method, specify a method name and a group name, then click Add. Figure 3-31. AAA Accounting Settings CLI – Specify the accounting method required, followed by the chosen parameters. Console(config)#aaa accounting dot1x default start-stop group radius Console(config)# 4-94...
Page 103: Aaa Accounting Update
User Authentication CLI – Specify the accounting method required, followed the start-stop method, then specify the RADIUS server index. Console(config)#aaa accounting dot1x default start-stop group Server_1 Console(config)# 4-94 AAA Accounting Update This feature sets the time period when accounting updates are sent to the AAA RADIUS server.
Page 104: Aaa Accounting 802.1X Port Settings
Configuring the Switch AAA Accounting 802.1X Port Settings This feature applies specified accounting methods to selected ports. Command Attributes • Port/Trunk - Specifies a port or trunk number. • Method Name - Specifies a user defined method name to apply to the port/trunk. This method must be defined in the “AAA Accounting Settings”...
Page 105: Aaa Accounting Exec Settings
User Authentication AAA Accounting Exec Settings This feature specifies a method name to apply to Console and Telenet interfaces. Command Attributes • Method Name - Specifies a user defined method name to apply to the Console and Telenet interfaces. Web – Click Security, AAA, Exec Settings. Enter the predefined method name and click Apply.
Page 106: Configuring Https
Configuring the Switch Web – Click Security, AAA, Summary. Figure 3-36. AAA Summary CLI – Specify the required port and apply the accounting list to it. Console(config-if)#show accounting 4-95 Console(config)# Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface.
Page 107: Table 3-5. Https Support
User Authentication • When you start HTTPS, the connection is established in this way: - The client authenticates the server using the server’s digital certificate. - The client and server negotiate a set of security protocols to use for the connection.
Page 108: Replacing The Default Secure-Site Certificate
Configuring the Switch Replacing the Default Secure-site Certificate When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch. By default, the certificate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site.
Page 109 User Authentication Command Usage The SSH server on this switch supports both password and public key authentication. If password authentication is specified by the SSH client, then the password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified on the Authentication Settings page (page 3-46).
Page 110: Generating The Host Key Pair
Configuring the Switch Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access.
Page 111: Figure 3-38. Ssh Host-Key Settings
User Authentication Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key, and then click Generate. Figure 3-38.
Page 112: Configuring The Ssh Server
Configuring the Switch Configuring the SSH Server The SSH server includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/disable the SSH server feature on the switch. (Default: Disabled) • Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
Page 113: Configuring Port Security
User Authentication CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection via SSH, and then disables this connection. Console(config)#ip ssh server 4-36 Console(config)#ip ssh timeout 100 4-37 Console(config)#ip ssh authentication-retries 5 4-37...
Page 114: Figure 3-40. Enabling Port Security
Configuring the Switch • If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configuration page, see “Configuring Interface Connections” on page 3-89. Command Attributes • Port – Port number. •...
Page 115: Configuring 802.1X Port Authentication
User Authentication Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 116: Displaying And Configuring The 802.1X Global Setting
Configuring the Switch • The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support in Windows, otherwise the dot1x client must support it.) Displaying and Configuring the 802.1x Global Setting The 802.1x protocol must be enabled globally for the switch system before port settings are active.
Page 117: Configuring Port Settings For 802.1X
User Authentication CLI – This example enables 802.1x globally for the switch and shows the current setting. Console(config)#dot1x system-auth-control 4-100 Console(config)# Console#show dot1x 4-105 Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized disabled Single-Host ForceAuthorized disabled...
Page 118: Figure 3-43. 802.1X Port Configuration
Configuring the Switch • Quiet Period – Sets the time that a switch port waits after the Max Request count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) • Re-authentication Period – Sets the time period after which a connected client must be re-authenticated.
Page 119 User Authentication CLI – This example sets the 802.1x parameters on port 2. For a description of the additional fields displayed in this example, see “show dot1x” on page 4-105. Console(config)#interface ethernet 1/2 4-151 Console(config-if)#dot1x port-control auto 4-102 Console(config-if)#dot1x re-authentication 4-103 Console(config-if)#dot1x max-req 5 4-101...
Page 120: Displaying 802.1X Statistics
Configuring the Switch Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values Table 3-6. 802.1x Statistics Parameter Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator.
Page 121: Figure 3-44. Displaying 802.1X Statistics
User Authentication Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. Figure 3-44. Displaying 802.1x Statistics CLI – This example displays the 802.1x statistics for port 4. Console#show dot1x statistics interface ethernet 1/4 4-105 Eth 1/4 Rx: EXPOL...
Page 122: Filtering Ip Addresses For Management Access
Configuring the Switch Filtering IP Addresses for Management Access You can specify the client IP addresses that are allowed management access to the switch through the web interface, SNMP, or Telnet. Command Usage • The management interfaces are open to all IP addresses by default. Once you add an entry to a filter list, access to that interface is restricted to the specified addresses.
Page 123: Figure 3-45. Entering Ip Addresses To Be Filtered
User Authentication Web – Click Security, IP Filter. Enter the addresses that are allowed management access to an interface, and click Add IP Filtering Entry. Figure 3-45. Entering IP Addresses to be Filtered CLI – This example restricts management access for Telnet and SNMP clients. Console(config)#management telnet-client 192.168.1.19 4-28 Console(config)#management telnet-client 192.168.1.25 192.168.1.30...
Page 124: Access Control Lists
Configuring the Switch Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, specify a mask to modify the precedence in which the rules are checked, and then bind the list to a specific port.
Page 125: Setting The Acl Name And Type
Access Control Lists Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 characters) • Type – There are three filtering modes: - Standard: IP ACL mode that filters packets based on the source IP address.
Page 126: Figure 3-47. Configuring Standard Ip Acls
Configuring the Switch • Subnet Mask – A subnet mask containing four integers from 0 to 255, each separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The mask is bitwise ANDed with the specified source IP address, and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.
Page 127: Configuring An Extended Ip Acl
Access Control Lists Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain permit rules, deny rules or a combination of both. (Default: Permit rules) • Source/Destination Address Type – Specifies the source or destination IP address. Use “Any”...
Page 128: Figure 3-48. Configuring Extended Ip Acls
Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 129: Configuring A Mac Acl
Access Control Lists Configuring a MAC ACL Command Attributes • Action – An ACL can contain permit rules, deny rules, or a combination of both. (Default: Permit rules) • Source/Destination Address Type – Use “Any” to include all possible addresses, “Host”...
Page 130: Figure 3-49. Configuring Mac Acls
Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexidecimal bitmask for an address range.
Page 131: Configuring Acl Masks
Access Control Lists Configuring ACL Masks You must specify optional masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL.
Page 132: Configuring An Ip Acl Mask
Configuring the Switch CLI – This example creates an IP ingress mask, and then adds two rules. Each rule is checked in order of precedence to look for a match in the ACL entries. The first entry matching a mask is applied to the inbound packet. Console(config)#access-list ip mask-precedence in 4-117 Console(config-ip-mask-acl)#mask host any...
Page 133: Figure 3-51. Configuring An Ip Based Acl
Access Control Lists Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address, a specific host address, or an address range. Include other criteria to search for in the rules, such as a protocol type or one of the service types.
Page 134: Configuring A Mac Acl Mask
Configuring the Switch Configuring a MAC ACL Mask This mask defines the fields to check in the packet header. Command Usage You must configure a mask for an ACL rule before you can bind it to a port. Command Attributes •...
Page 135: Binding A Port To An Access Control List
Access Control Lists CLI – This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. Console(config)#access-list mac M4 4-126 Console(config-mac-acl)#permit any any 4-127...
Page 136: Port Configuration
Configuring the Switch Web – Click ACL, ACL Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic, select the required ACL from the drop-down list, then click Apply. Figure 3-53.
Page 137: Figure 3-54. Port Status Information
Port Configuration • Flow Control Status – Indicates the type of flow control currently in use. (IEEE 802.3x, Back-Pressure or None) • Autonegotiation – Shows if auto-negotiation is enabled or disabled. • Trunk Member – Shows if port is a trunk member. (Port Information only.) •...
Page 138 Configuring the Switch - Sym - Transmits and receives pause frames for flow control - FC - Supports flow control • Broadcast storm – Shows if broadcast storm control is enabled or disabled. • Broadcast storm limit – Shows the broadcast storm threshold. (500 - 262143 packets per second) •...
Page 139: Configuring Interface Connections
Port Configuration Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. Command Attributes • Name – Allows you to label an interface. (Range: 1-64 characters) •...
Page 140: Creating Trunk Groups
Configuring the Switch Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. Figure 3-55. Configuring Port Attributes CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 4-151 Console(config-if)#shutdown 4-156...
Page 141: Statically Configuring A Trunk
Port Configuration trunk. If ports on another device are also configured as LACP, the switch and the other device will negotiate a trunk link between them. If an LACP trunk consists of more than four ports, all other ports will be placed in a standby mode. Should one link in the trunk fail, one of the standby ports will automatically be activated to replace it.
Page 142: Figure 3-56. Statically Configuring A Trunk
Configuring the Switch Web – Click Port, Trunk Membership. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply. Figure 3-56.
Page 143: Enabling Lacp On Selected Ports
Port Configuration Enabling LACP on Selected Ports Command Usage • To avoid creating a loop in the network, be sure you dynamically enable LACP before connecting the ports, and also enabled disconnect the ports before disabling LACP. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated active backup...
Page 144: Configuring Lacp Parameters
Configuring the Switch CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-151 Console(config-if)#lacp 4-166 Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 1...
Page 145 Port Configuration Command Attributes Set Port Actor – This menu sets the local side of an aggregate link; i.e., the ports on this switch. • Port – Port number. (Range: 1-24) • System Priority – LACP system priority is used to determine link aggregation group (LAG) membership, and to identify this device to other switches during LAG negotiations.
Page 146: Figure 3-58. Lacp Aggregation Port Configuration
Configuring the Switch Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply.
Page 147: Displaying Lacp Port Counters
Port Configuration CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports 5 and 6 are set to backup mode. Console(config)#interface ethernet 1/1 4-151 Console(config-if)#lacp actor system-priority 3 4-167 Console(config-if)#lacp actor admin-key 120 4-167...
Page 148: Displaying Lacp Settings And Status For The Local Side
Configuring the Switch Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information. Figure 3-59. Displaying LACP Port Counters Information CLI – The following example displays LACP counters for port channel 1. Console#show 1 lacp counters 4-170 Channel group : 1 -----------------------------------------------------------------------...
Page 149: Figure 3-60. Displaying Lacp Port Information
Port Configuration Table 3-8. LACP Settings (Continued) Field Description LACP Port Priority LACP port priority assigned to this interface within the channel group. Admin State, Administrative or operational values of the actor’s state parameters: Oper State • Expired – The actor’s receive machine is in the expired state; •...
Page 150: Displaying Lacp Settings And Status For The Remote Side
Configuring the Switch CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1. Console#show 1 lacp internal 4-170 Channel group : 1 ------------------------------------------------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------------------------------------------------------------------- LACPDUs Internal : 30 sec...
Page 151: Figure 3-61. Displaying Remote Lacp Port Information
Port Configuration Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information. Figure 3-61. Displaying Remote LACP Port Information CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Console#show 1 lacp neighbors 4-170 Channel group 1 neighbors...
Page 152: Setting Broadcast Storm Thresholds
Configuring the Switch Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
Page 153: Configuring Port Mirroring
Port Configuration CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2. Console(config)#interface ethernet 1/1 4-151 Console(config-if)#no switchport broadcast 4-156 Console(config-if)#exit 4-23...
Page 154: Configuring Rate Limits
Configuring the Switch Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add. Figure 3-63. Configuring a Mirror Port CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port.
Page 155: Showing Port Statistics
Port Configuration Command Attribute • Rate Limit – Sets the output rate limit for an interface. Default Status – Disabled Default Rate – 100 Mbps Range – 1 - 1000 Mbps Web - Click Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit Status, then set the rate limit for the individual interfaces, and click Apply.
Page 156: Table 3-10. Port Statistics
Configuring the Switch Statistical Values Table 3-10. Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface, including framing characters. Received Unicast Packets The number of subnetwork-unicast packets delivered to a higher-layer protocol. Received Multicast Packets The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to a multicast address at this sub-layer.
Page 157 Port Configuration Table 3-10. Port Statistics (Continued) Parameter Description Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions. This counter does not increment when the interface is operating in full-duplex mode. Single Collision Frames The number of successfully transmitted frames for which transmission is inhibited by exactly one collision.
Page 158: Figure 3-65. Displaying Port Statistics
Configuring the Switch Table 3-10. Port Statistics (Continued) Parameter Description Fragments The total number of frames received that were less than 64 octets in length (excluding framing bits, but including FCS octets) and had either an FCS or alignment error. 64 Bytes Frames The total number of frames (including bad packets) received and transmitted that were 64 octets in length (excluding framing bits but...
Page 159: Figure 3-66. Displaying Etherlike And Rmon Statistics
Port Configuration Figure 3-66. Displaying Etherlike and RMON Statistics 3-109...
Page 160: Cabletron Discovery Protocol
Configuring the Switch CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 4-159 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats:...
Page 161: Figure 3-67. Globally Configuring Cdp
Note: A device that sits between two or more CDP domains should set its Authentication Key to the default null value. Web – Select Enterasys, CDP, Global Settings. To enable CDP, set the global status to "Enabled" or "Auto Enabled," then set the Hold Time for retaining neighbor device information and the transmit time for sending CDP packets.
Page 162: Cdp Port Settings
• Trunk – Specifies if a port is a member of a trunk. Web – Select Enterasys, CDP, Port Settings. For any selected port, set the desired CDP action. Click Apply.
Page 163: Displaying Cdp Neighbors Information
• Neighbor Type – References one or more of the Neighbor Types. • Neighbor IP – The IP address of the network device. • Port ID – The port number. Web – Select Enterasys, CDP, Neighbors Information. Figure 3-69. CDP Neighbors Information 3-113...
Page 164: Table 3-11. Show Cdp Neighbors Ouput - Capability Codes
Configuring the Switch CLI – This example displays CDP port neighbors information. For a description of the output see the tables below. Console#show cdp neighbors 4-76 Capability Codes: igmp(1),rip(2),bgp(3),ospf(4),dvmrp(5),ieee8021q(6), gvrp(7),gmrp(8),igmpSnoop(9) Neighbor types : secureFastSwitch(1), dot1qSwitch(2), router(3), dot1dBridge(4) vlanManager(5), dnsServer(6), dhcpServer(7), dnsDhcpServer(8) Device ID Local Intrface Holdtime Capability Nbr type Nbr IP...
Page 165: Displaying Cdp Traffic Information
CDP packet, or adding to the neighbor entry, or while trying to send a CDP packet. Web – Select Enterasys, CDP, Traffic Information. Figure 3-70. CDP Traffic Information CLI – This example displays CDP traffic information.
Page 166: Power Over Ethernet Settings
Configuring the Switch Power Over Ethernet Settings The V2H124-24P switch can provide DC power to a wide range of connected devices, eliminating the need for an additional power source and cutting down on the amount of cables attached to each device. Once configured to supply power, an automatic detection process is initialized by the switch that is authenticated by a PoE signature from the connected device.
Page 167: Setting A Switch Power Budget
Power Over Ethernet Settings Web – Click PoE, then Power Status. Figure 3-71. Displaying the Global PoE Status CLI – This example displays the current power status for the V2H124-24P. Console#show power mainpower 4-83 Unit 1 Mainpower Status Maximum Available Power : 375 watts System Operation Status : on Mainpower Consumption : 0 watts...
Page 168: Displaying Port Power Status
Configuring the Switch CLI – Use the power mainpower maximum allocation command to set the PoE power budget for the switch. Console(config)#power mainpower maximum allocation 200 Displaying Port Power status Use the Power Port Status page to display the current PoE power status for all ports. Command Attributes •...
Page 169: Configuring Port Poe Power
Power Over Ethernet Settings CLI – This example displays the PoE status and the priority of port 1. Console#show power inline status 4-82 Interface Admin Oper Power(mWatt) Power(used) Priority ---------- ------- ---- ------------ ------------ -------- 1/ 1 enable 15400 1/ 2 enable 15400 1/ 3...
Page 170: Address Table Settings
Configuring the Switch Web – Click PoE, Power Port Configuration. Enable PoE power on selected ports, set the priority and the power budget, and then click Apply. Figure 3-74. Configuring Port PoE Power CLI – This example sets the PoE power budget for port 1 to 8 watts, the priority to high (2), and then enables the power.
Page 171: Displaying The Address Table
Address Table Settings Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. Figure 3-75. Mapping Ports to Static Addresses CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
Page 172: Changing The Aging Time
Configuring the Switch Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., Interface, MAC Address, or VLAN), the method of sorting the displayed addresses, then click Query Figure 3-76. Displaying the MAC Dynamic Address Table CLI – This example also displays the address table entries for port 11. Console#show mac-address-table ethernet 1/11 4-176 Interface...
Page 173: Spanning Tree Algorithm Configuration
Spanning Tree Algorithm Configuration Web – Click Address Table, Address Aging. Specify the new aging time, click Apply Figure 3-77. Setting the Aging Time CLI – This example sets the aging time to 300 seconds. Console(config)#mac-address-table aging-time 300 4-177 Console(config)#end Console#show mac-address-table aging-time 4-177 Aging time: 300 sec.
Page 174: Displaying Global Settings
Configuring the Switch Designated Root Root Designated Port Port Designated Bridge Figure 3-78. Spanning Tree BPDUs Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
Page 175 Spanning Tree Algorithm Configuration • Max Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN.
Page 176: Figure 3-79. Displaying The Spanning Tree Algorithm
Configuring the Switch • Root Maximum Age – The maximum time (in seconds) this device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. If the root port ages out STA information (provided in the last configuration message), a new root port is selected from among the device ports attached to the network.
Page 177: Configuring Global Settings
Spanning Tree Algorithm Configuration CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree 4-196 Spanning-tree information --------------------------------------------------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance Vlans configuration :1-4094 Priority :32768 Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.)
Page 178 Configuring the Switch • Multiple Spanning Tree Protocol - To allow multiple spanning trees to operate over the network, you must configure a related set of bridges with the same MSTP configuration, allowing them to participate in a specific set of spanning tree instances. - A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments.
Page 179 Spanning Tree Algorithm Configuration • Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.
Page 180: Figure 3-80. Configuring The Spanning Tree Algorithm
Configuring the Switch Web – Click Spanning Tree, STA Configuration. Modify the required attributes, and click Apply. Figure 3-80. Configuring the Spanning Tree Algorithm 3-130...
Page 181: Displaying Interface Settings
Spanning Tree Algorithm Configuration CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters. Console(config)#spanning-tree 4-179 Console(config)#spanning-tree mode mst 4-179 Console(config)#spanning-tree priority 40000 4-183 Console(config)#spanning-tree hello-time 5 4-181 Console(config)#spanning-tree max-age 38 4-182 Console(config)#spanning-tree forward-time 20 4-181...
Page 182: Figure 3-81. Sta Port Roles
Configuring the Switch • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is determined by manual configuration or by auto-detection, as described for Admin Link Type in STA Port Configuration on page 4-178.
Page 183 Spanning Tree Algorithm Configuration These additional parameters are only displayed for the CLI: • Admin status – Shows if this interface is enabled. • External path cost – The path cost for the IST. This parameter is used by the STA to determine the best path between devices.
Page 184: Figure 3-82. Displaying Sta - Port Status Information
Configuring the Switch Web – Click Spanning Tree, STA Port Information or STA Trunk Information. Figure 3-82. Displaying STA - Port Status Information CLI – This example shows general STA configuration and attributes for all ports. Console#show spanning-tree ethernet 1/5 4-196 1/ 5 information --------------------------------------------------------------...
Page 185: Configuring Interface Settings
Spanning Tree Algorithm Configuration Configuring Interface Settings You can configure RSTP and MSTP attributes for specific interfaces, including port priority, path cost, link type, and edge port. You may use a different priority or path cost for ports of the same media type to indicate the preferred path, link type to indicate a point-to-point connection or shared-media connection, and edge port to indicate if the attached device can support fast forwarding.
Page 186: Figure 3-83. Configuring Spanning Tree Algorithm Per Port
Configuring the Switch • Admin Link Type – The link type attached to this interface. • Point-to-Point – A connection to exactly one other bridge. • Shared – A connection to two or more bridges. • Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media.
Page 187: Configuring Multiple Spanning Trees
Spanning Tree Algorithm Configuration Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 188: Figure 3-84. Mstp Vlan Configuration
Configuring the Switch Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priority, and click Apply. To add the VLAN members to an MSTI instance, enter the instance identifier, the VLAN identifier, and click Add.
Page 189 Spanning Tree Algorithm Configuration CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 2 4-198 Spanning-tree information --------------------------------------------------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance Vlans configuration Priority :4096 Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.)
Page 190: Displaying Interface Settings For Mstp
Configuring the Switch Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance. Field Attributes • MST Instance ID – Instance identifier to configure. (Range: 0-57; Default: 0) The other attributes are described under “Displaying Interface Settings,”...
Page 191 Spanning Tree Algorithm Configuration CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are global settings that apply to the IST (page 3-140), the settings for other instances only apply to the local spanning tree. Console#show spanning-tree mst 0 4-196 Spanning-tree information...
Page 192: Configuring Interface Settings For Mstp
Configuring the Switch Configuring Interface Settings for MSTP You can configure the STA interface settings for an MST Instance using the MSTP Port Configuration and MSTP Trunk Configuration pages. Field Attributes The following attributes are read-only and cannot be changed: •...
Page 193: Figure 3-86. Mstp Port Configuration
Spanning Tree Algorithm Configuration Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path cost for an interface, and click Apply. Figure 3-86. MSTP Port Configuration CLI – This example sets the MSTP attributes for port 4. Console(config)#interface ethernet 1/4 4-151 Console(config-if)#spanning-tree mst port-priority 0...
Page 194: Vlan Configuration
Configuring the Switch VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks.
Page 195 VLAN Configuration Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. tagged frames VA: VLAN Aware VU: VLAN Unaware tagged untagged...
Page 196 Configuring the Switch message arrives at another switch that supports GVRP, it will also place the receiving port in the specified VLANs, and pass the message on to all other ports. VLAN requirements are propagated in this way throughout the network. This allows GVRP-compliant devices to be automatically configured for VLAN groups based solely on endstation requests.
Page 197: Enabling Or Disabling Gvrp (Global Setting)
VLAN Configuration Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network.
Page 198: Displaying Current Vlans
Configuring the Switch CLI – Enter the following command. Console#show bridge-ext 4-208 Max support VLAN numbers: Max support VLAN ID: 4093 Extended multicast filtering services: No Static entry individual port: VLAN learning: Configurable PVID tagging: Local VLAN capable: Traffic classes: Enabled Global GVRP status: Enabled...
Page 199: Creating Vlans
VLAN Configuration Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. •...
Page 200: Adding Static Members To Vlans (Vlan Index)
Configuring the Switch Web – Click VLAN, 802.1Q VLAN, VLAN Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add. Figure 3-90. VLAN Static List - Creating Virtual LANs CLI –...
Page 201 VLAN Configuration Command Attributes • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended;...
Page 202: Adding Static Members To Vlans (Port Index)
Configuring the Switch Web – Click VLAN, 802.1Q VLAN, VLAN Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks.
Page 203: Configuring Vlan Behavior For Interfaces
VLAN Configuration Figure 3-92. VLAN Static Membership CLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Port 3 from VLAN 2. Console(config)#interface ethernet 1/3 Console(config-if)#switchport allowed vlan add 1 tagged 4-204 Console(config-if)#switchport allowed vlan remove 2 Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP...
Page 204 Configuring the Switch • Ingress Filtering – If ingress filtering is enabled, incoming frames for VLANs which do not include this ingress port in their member set will be discarded at the ingress port. (Default: Disabled) - Ingress filtering only affects tagged frames. - If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port).
Page 205: Figure 3-93. Configuring Vlan Ports
VLAN Configuration Web – Click VLAN, 802.1Q VLAN, VLAN Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply. Figure 3-93. Configuring VLAN Ports CLI – This example sets port 1 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
Page 206: Class Of Service Configuration
Configuring the Switch Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 207: Mapping Cos Values To Egress Queues
Class of Service Configuration CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 4-212 Console(config-if)#end Console#show interfaces switchport ethernet 1/12 4-160 Information of Eth 1/12 Broadcast threshold: Enabled, 500 packets/second LACP status: Disabled Ingress rate limit:...
Page 208: Figure 3-95. Traffic Classes
Configuring the Switch Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class* – Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) CLI shows Queue ID. Web* – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to output queues.
Page 209: Selecting The Queue Mode
Class of Service Configuration Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Page 210: Figure 3-97. Configuring Class Of Service For Each Ingress Queue
Configuring the Switch Web – Click Priority, Queue Scheduling. Select a traffic class (i.e., output queue), enter a weight, then click Apply. Figure 3-97. Configuring Class of Service for Each Ingress Queue CLI – The following example shows how to assign WRR weights of 1, 4, 16 and 64 to the CoS priority queues 0, 1, 2 and 3.
Page 211: Layer 3/4 Priority Settings
Class of Service Configuration Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet or the number of the TCP port.
Page 212: Mapping Ip Precedence
Configuring the Switch Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
Page 213: Mapping Dscp Priority
Class of Service Configuration CLI* – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 on port 5, and then displays all the IP Precedence settings. Console(config)#map ip precedence 4-218 Console(config)#interface ethernet 1/5 Console(config-if)#map ip precedence 1 cos 0...
Page 214: Figure 3-100. Ip Dscp Priority
Configuring the Switch Command Attributes • DSCP Priority Table Shows the DSCP Priority to CoS map. – • Class of Service Value Maps a CoS value to the selected DSCP Priority value. – Note that “0” represents low priority and “7” represent high priority. Note: IP DSCP settings apply to all interfaces.
Page 215: Mapping Ip Port Priority
Class of Service Configuration Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110. Command Attributes •...
Page 216: Copy Settings
Configuring the Switch CLI* – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS value 0, and then displays all the IP Port Priority settings for that port. Console(config)#map ip port 4-217 Console(config)#interface ethernet 1/5 Console(config-if)#map ip port 80 cos 0...
Page 217: Figure 3-103. Mapping Priority Settings To Ports/Trunks
Class of Service Configuration Web – Click Priority, Copy Settings. Select the source priority settings to be copied, enter the source port or trunk number and choose the destination interface/s to copy to, then select Copy Settings. Figure 3-103. Mapping Priority Settings to Ports/Trunks CLI –...
Page 218: Mapping Cos Values To Acls
Configuring the Switch Mapping CoS Values to ACLs Use the ACL CoS Mapping page to set the output queue for packets matching an ACL rule as shown in the following table. Note that the specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself.
Page 219: Changing Priorities Based On Acl Rules
Class of Service Configuration Changing Priorities Based on ACL Rules You can change traffic priorities for frames matching the defined ACL rule. (This feature is commonly referred to as ACL packet marking.) This switch can change the IEEE 802.1p priority, IP Precedence, or DSCP Priority of IP frames; or change the IEEE 802.1p priority of Layer 2 frames.
Page 220: Figure 3-105. Changing Priorities Based On Acl Rules
Configuring the Switch Web – Click Priority, ACL Marker. Select a port and an ACL rule. To specify a ToS priority, mark the Precedence/DSCP check box, select Precedence or DSCP from the scroll-down box, and enter a priority. To specify an 802.1p priority, mark the 802.1p Priority check box, and enter a priority.
Page 221: Multicast Filtering
Multicast Filtering Multicast Filtering Multicasting is used to support real-time Unicast applications such as video conferencing or Flow streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/ router.
Page 222: Configuring Igmp Snooping And Query Parameters
Configuring the Switch IGMP Query (Layer 2 or 3) – IGMP Query can only be enabled globally at Layer 2, but can be enabled for individual VLAN interfaces at Layer 3 (page 3-149). However, note that Layer 2 query is disabled if Layer 3 query is enabled. Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently.
Page 223: Figure 3-106. Configuring Internet Group Management Protocol
Multicast Filtering Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. Web – Click IGMP, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply.
Page 224: Displaying Interfaces Attached To A Multicast Router
Configuring the Switch Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.
Page 225: Specifying Interfaces Attached To A Multicast Router
Multicast Filtering Specifying Interfaces Attached to a Multicast Router Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/ switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups.
Page 226: Displaying Port Members Of Multicast Services
Configuring the Switch Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast IP address. Command Attribute • VLAN ID – Selects the VLAN in which to display port members. • Multicast IP Address – The IP address for a specific multicast service •...
Page 227: Assigning Ports To Multicast Services
Multicast Filtering Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in “Layer 2 IGMP (Snooping and Query)” on page 3-171. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch.
Page 228: Configuring Domain Name Service
Configuring the Switch CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/12 4-225 Console(config)#exit Console#show mac-address-table multicast vlan 1 4-227 VLAN M'cast IP addr.
Page 229: Figure 3-111. Configuring Dns
Configuring Domain Name Service • Domain Name List* – Defines define a list of domain names that can be appended to incomplete host names. (Range: 1-64 alphanumeric characters. 1-5 names) • Name Server List – Specifies the address of one or more domain name servers to use for name-to-address resolution.
Page 230: Configuring Static Dns Host To Address Entries
Configuring the Switch CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specified, the default domain name is not used. Console(config)#ip domain-name sample.com 4-240 Console(config)#ip domain-list sample.com.uk 4-241 Console(config)#ip domain-list sample.com.jp Console(config)#ip name-server 192.168.1.55 10.1.0.55 4-242...
Page 231: Figure 3-112. Mapping Ip Addresses To A Host Name
Configuring Domain Name Service Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. Figure 3-112. Mapping IP Addresses to a Host Name CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses.
Page 232: Displaying The Dns Cache
Configuring the Switch Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore unreliable. •...
Page 233 Configuring Domain Name Service CLI - This example displays all the resource records learned from the designated name servers. Console#show dns cache 4-245 FLAG TYPE DOMAIN CNAME 207.46.134.222 www.microsoft.akadns.net CNAME 207.46.134.190 www.microsoft.akadns.net CNAME 207.46.134.155 www.microsoft.akadns.net CNAME 207.46.249.222 www.microsoft.akadns.net CNAME 207.46.249.27 www.microsoft.akadns.net ALIAS POINTER TO:4...
Page 234 Configuring the Switch 3-184...
Page 235: Chapter 4: Command Line Interface
Chapter 4: Command Line Interface This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
Page 236 Command Line Interface To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.1 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254...
Page 237: Entering Commands
Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Page 238 Command Line Interface display a list of valid keywords for a specific command. For example, the command “show ?” displays a list of possible show commands: Console#show ? access-group Access groups access-list Access lists accounting Accounting information bridge-ext Bridge extension information calendar Date and time information Ctron Discovery Protocol (CDP)
Page 239: Partial Keyword Lookup
Entering Commands Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.” Console#show s? snmp sntp...
Page 240: Exec Commands
Command Line Interface Exec Commands When you open a new console session on the switch with the user name and password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>” command prompt. Only a limited number of the commands are available in this mode.
Page 241: Command Line Processing
Entering Commands To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter the other modes, at the configuration prompt type one of the following commands.
Page 242: Command Groups
Command Line Interface Table 4-3. Keystroke Commands (Continued) Keystroke Function Ctrl-F Shifts cursor to the right one character. Ctrl-K Deletes all characters from the cursor to the end of the line. Ctrl-L Repeats current command line on a new line. Ctrl-N Enters the next command line in the history buffer.
Page 243: Line Commands
Line Commands Table 4-4. Command Group Index (Continued) Command Group Description Page Rate Limiting Controls the maximum rate for traffic transmitted or received on a port 4-163 Link Aggregation Statically groups multiple ports into a single logical trunk; configures 4-164 Link Aggregation Control Protocol for port trunks Address Table Configures the address table for filtering specified addresses,...
Page 244: Line
Command Line Interface Table 4-5. Line Command Syntax (Continued) Command Function Mode Page silent-time* Sets the amount of time the management console is inaccessible 4-15 after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command databits* Sets the number of data bits per character that are interpreted and 4-15...
Page 245: Login
Line Commands login Use this command to enable password checking at login. Use the no form to disable password checking and allow connections without a password. Syntax login [local] no login local - Selects local password checking. Authentication is based on the user name specified with the username command.
Page 246: Password
Command Line Interface password Use this command to specify the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password • {0 | 7} - 0 means plain password, 7 means encrypted password - password - Character string that specifies the line password.
Page 247: Timeout Login Response
Line Commands timeout login response Use this command to set the interval that the system waits for a user to log into the CLI. Use the no form to restore the default setting. Syntax timeout login response [seconds] no timeout login response seconds - Integer that specifies the number of seconds.
Page 248: Password-Thresh
Command Line Interface Command Usage • If user input is detected within the timeout interval, the session is kept open; otherwise the session is terminated. • This command applies to both the local console and Telnet connections. • The timeout for Telnet cannot be disabled. •...
Page 249: Silent-Time
Line Commands silent-time Use this command to set the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value.
Page 250: Parity
Command Line Interface Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character.
Page 251: Speed
Line Commands speed Use this command to set the terminal line's baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting. Syntax speed bps no speed bps - Baud rate in bits per second.
Page 252: Disconnect
Command Line Interface Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# disconnect This command terminates an SSH, Telnet, or console connection. Syntax disconnect session-id session-id – The session identifier for an SSH, Telnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage...
Page 253: General Commands
General Commands Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 5 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Baudrate: auto Databits: Parity: none Stopbits: VTY configuration: Password threshold: 3 times Interactive timeout: 600 sec Login timeout: 300 sec Console# General Commands...
Page 254: Disable
Command Line Interface Default Setting Level 15 Command Mode Normal Exec Command Usage • “super” is the default password required to change the command mode from Normal Exec to Privileged Exec. (To set this password, see the enable password command on page 4-27.) •...
Page 255: Configure
General Commands configure Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration and Multiple Spanning Tree Configuration.
Page 256: Reload
Command Line Interface The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration modes.
Page 257: Exit
General Commands exit Use this command to return to the previous configuration mode or exit the configuration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session...
Page 258: System Management Commands
Command Line Interface System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information. Table 4-7. System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 4-24 User Access...
Page 259: Hostname
None Command Mode Global Configuration Example Console(config)#hostname Enterasys Matrix-V Series Console(config)# User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-9), user authentication via a remote authentication server (page 4-137), and host access authentication for specific ports (page 4-99).
Page 260: Username
Command Line Interface username Use this command to add named users, require authentication at login, specify or change a user's password (or specify that no password is required), or specify or change a user's access level. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password}...
Page 261: Enable Password
System Management Commands enable password After initially logging onto the system, you should set the Privileged Exec password. Remember to record it in a safe place. Use this command to control access to the Privileged Exec level from the Normal Exec level. Use the no form to reset the default password.
Page 262: Ip Filter Commands
Command Line Interface IP Filter Commands Table 4-10. IP Filter Commands Command Function Mode Page management Configures IP addresses that are allowed management access GC 4-28 show management Displays the switch to be monitored or configured from a 4-29 browser management This command specifies the client IP addresses that are allowed management access to the switch through various protocols.
Page 263: Show Management
System Management Commands Example This example restricts management access to the indicated addresses. Console(config)#management all-client 192.168.1.19 Console(config)#management all-client 192.168.1.25 192.168.1.30 Console# show management This command displays the client IP addresses that are allowed management access to the switch through various protocols. Syntax show management {all-client | http-client | snmp-client | telnet-client} •...
Page 264: Web Server Commands
Command Line Interface Web Server Commands Table 4-11. Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface 4-30 ip http server Allows the switch to be monitored or configured from a browser GC 4-30 ip http secure-server Enables HTTPS/SSL for encrypted communications...
Page 265: Ip Http Secure-Server
System Management Commands Example Console(config)#ip http server Console(config)# Related Commands ip http port (4-30) ip http secure-server This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the no form to disable this function. Syntax [no] ip http secure-server Default Setting...
Page 266: Ip Http Secure-Port
Command Line Interface • To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” on page 3-58. Also refer to the copy command on page 4-66. Example Console(config)#ip http secure-server Console(config)# Related Commands ip http secure-port (4-32) copy tftp https-certificate (4-66) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’s web interface.
Page 267: Telnet Server Commands
System Management Commands Telnet Server Commands Table 4-12. Telnet Server Commands Command Function Mode Page ip telnet port Specifies the port to be used by the Telnet interface 4-33 ip telnet server Allows the switch to be monitored or configured from Telnet 4-33 ip telnet port This command specifies the TCP port number used by the Telnet interface.
Page 268: Secure Shell Commands
Command Line Interface Example Console(config)#ip telnet server Console(config)# Related Commands ip telnet port (4-33) Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 269 System Management Commands Table 4-13. Secure Shell Commands (Continued) Command Function Mode Page show public-key Shows the public key for the specified user or for the host 4-42 show users Shows SSH users, including privilege level and public key type PE 4-43 The SSH server on this switch supports both password and public key authentication.
Page 270: Ip Ssh Server
Command Line Interface Enable SSH Service – Use the ip ssh server command to enable the SSH server on the switch. Configure Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method.
Page 271: Ip Ssh Timeout
System Management Commands Example Console(config)#ip ssh server Console(config)# Related Commands show ssh (4-41) ip ssh timeout Use this command to configure the timeout for the SSH server. Use the no form to restore the default setting. Syntax ip ssh timeout seconds no ip ssh timeout seconds –...
Page 272: Ip Ssh Server-Key Size
Command Line Interface Default Setting Command Mode Global Configuration Example Console(config)#ip ssh authentication-retires 2 Console(config)# Related Commands show ip ssh (4-40) ip ssh server-key size Use this command to set the SSH server key size. Use the no form to restore the default setting.
Page 273: Ip Ssh Crypto Host-Key Generate
System Management Commands Default Setting Deletes both the DSA and RSA key. Command Mode Privileged Exec Example Console#delete public-key admin dsa Console# ip ssh crypto host-key generate Use this command to generate the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [dsa | rsa] •...
Page 274: Ip Ssh Save Host-Key
Command Line Interface Default Setting Clears both the DSA and RSA key. Command Mode Privileged Exec Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. •...
Page 275: Show Ssh
System Management Commands Example Console#show ip ssh SSH Enabled - version 2.0 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# show ssh Use this command to display the current Secure Shell (SSH) server connections. Command Mode Privileged Exec Example Console#show ssh...
Page 276: Show Public-Key
Command Line Interface Table 4-14. SSH Information (Continued) Encryption The encryption method is automatically negotiated between the client and server. Options for SSHv1.5 include: DES, 3DES Options for SSHv2.0 can include different algorithms for the client-to-server (ctos) and server-to-client (stoc): aes128-cbc-hmac-sha1 aes192-cbc-hmac-sha1 aes256-cbc-hmac-sha1...
Page 277: Show Users
System Management Commands Example Console#show public-key host Host: RSA: 1024 65537 15168894316079916307282441664563830753246889717995496953568303 6561991702376593528126088648692030912083830884268586191335105603631502289 3420676417361074463395913920603532487496642092968281121267054673939045686 5991045870701842501620430497248248649090881781527169860657481574636762465 2720825995018769351534686677 DSA: ssh-dss AAAAB3NzaC1kc3MAAACBAIZERDhRGM9jKjcjVzgGtlZgHT8QF8NtAA+P0nXMtRGc meEAgL0rD37v44dma5cHesl+4tuJ0Nu8BcwxjwMjeCiLXIfb5c4ymD+0eJH64AVP5lhzy4OWp UlNekLLft3mFP+E+Y5sm/RmW9xFP88lsJbsNlIS91LGTnmDuuuwsPslAAAAFQD2g/G3uer1P/ d993/9RfGtpnhVGQAAAIATfiinuujSoaK5fQ0SG5tMtjyzgkC619ekEZwvib+KPG+eJ0EMqe UQqlEi4SOtvF2b90G8RIVSmOIWmUAoO9gVshrZUJmLyE6RIfZsEOl6HEVL4pbgs3BzZXoqmM3 jwj7F/2+pk8Jl3QNfTH2QjdzSF6RK5r8RkETU67NCMMNwAAAIAT9lLW2TbhPOH3uU2qmsv +Jrlr 40VKRrrlG+wqd5kUdR2UL9V+n1SHSrrv4ZsF6KNqho5y6nixDW2qKXSsVRIAESSJK Udno \t3NnLCflQ/pBottKA96VKQ1/DpYs+AuJUbS5kLtgMi/6n2D61AIcHhFzcxb2LxeDHWI 0zhqQUHnZQ== Console# show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.
Page 278: Event Logging Commands
Command Line Interface Event Logging Commands Table 4-15. Event Logging Commands Command Function Mode Page logging on Controls logging of error messages 4-44 logging history Limits syslog messages saved to switch memory based on 4-45 severity logging host Adds a syslog server host IP address that will receive logging 4-46 messages logging facility...
Page 279: Logging History
System Management Commands logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
Page 280: Logging Host
Command Line Interface logging host This command adds a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax [no] logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Command Mode...
Page 281: Logging Trap
System Management Commands logging trap This command enables the logging of system messages to a remote server, or limits the syslog messages saved to a remote server based on severity. Use this command without a specified level to enable remote logging. Use the no form to disable remote logging.
Page 282: Show Log
Command Line Interface Related Commands show logging (4-49) show log This command displays the system and event messages stored in memory. Syntax show log {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
Page 283: Show Logging
System Management Commands show logging This command displays the logging configuration. Syntax show logging {flash | ram | trap} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
Page 284: Smtp Alert Commands
Command Line Interface Table 4-18. Remote Logging Field Description Syslog logging Shows if system logging has been enabled via the logging on command. REMOTELOG status Shows if remote logging has been enabled via the logging trap command. REMOTELOG The facility type for remote logging of syslog messages as specified in the logging facility type facility command.
Page 285: Logging Sendmail Level
System Management Commands Command Usage • You can specify up to three SMTP servers for event handing. However, you must enter a separate command to specify each server. • To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection.
Page 286: Logging Sendmail Source-Email
Example This example will send email alerts for system errors from level 3 through 0. Console(config)#logging sendmail source-email anyone@enterasys.com Console(config)# logging sendmail destination-email This command specifies the email recipients of alert messages. Use the no form to remove a recipient.
Page 287: Logging Sendmail
Command Mode Normal Exec, Privileged Exec Example Console#show logging sendmail SMTP servers ----------------------------------------------- 1. 192.168.1.4 2. 192.168.1.5 SMTP minimum severity level: 4 SMTP destination email addresses ----------------------------------------------- 1. anyone@Enterasys.com 2. anyone2@Enterasys.com SMTP source email address: this-switch@Enterasys.com SMTP status: Enabled Console# 4-53...
Page 288: Time Commands
Command Line Interface Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
Page 289: Sntp Server
System Management Commands Example Console(config)#sntp server 10.1.0.19 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#end Console#show sntp Current time: June 23 02:52:44 2004 Poll interval: 60 Current mode: unicast Console# Related Commands sntp server (4-55) sntp poll (4-56) show sntp (4-56) sntp server This command sets the IP address of the servers to which SNTP time requests are issued.
Page 290: Sntp Poll
Command Line Interface sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode...
Page 291: Clock Timezone
System Management Commands clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} • name - Name of timezone, usually an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 1-12 hours) •...
Page 292: Calendar Set
Command Line Interface calendar set This command sets the system clock. It may be used if there is no time server on your network, or if you have not configured the switch to receive signals from a time server. Note that a switch does not provide a Real Time Clock and manual settings of the clock do not persist over system restarts.
Page 293: System Status Commands
System Management Commands System Status Commands Table 4-21. System Status Commands Command Function Mode Page light unit Displays the unit ID of a switch using its front-panel LED NE, PE 4-59 indicators show startup-config Displays the contents of the configuration file (stored in flash 4-59 memory) that is used to start up the system show running-config...
Page 294 Command Line Interface Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...
Page 295: Show Running-Config
System Management Commands Related Commands show running-config (4-61) show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory.
Page 296: Show System
Command Line Interface Example Console#show running-config building running-config, please wait..snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1/1...
Page 297: Show Users
• The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example This example displays system information for the V2H124-24P. Console#show system System description: Enterasys Networks, Inc. V2H124-24; SW version: V2.5.2.1 System OID string: 1.3.6.1.4.1.5624.2.1.62 System information System Up time: 0 days, 1 hours, 34 minutes, and 7.77 seconds...
Page 298: Show Version
Command Line Interface Example Console#show users Username accounts: Username Privilege Public-Key -------- --------- ---------- admin None guest None Online users: Line Username Idle time (h:m:s) Remote IP addr. ----------- -------- ----------------- --------------- console admin 0:00:00 VTY 0 admin 0:00:20 192.168.1.10 Web online users: Line Remote IP addr...
Page 299: Frame Size Commands
System Management Commands Frame Size Commands Table 4-1 Frame Size Commands Command Function Mode Page system mtu Sets the maximum transfer unit 4-65 system mtu This command sets the maximum transfer unit for traffic crossing the switch. Use the no form to restore the default setting. Syntax system mtu size no system mtu...
Page 300: Flash/File Commands
Command Line Interface Flash/File Commands These commands are used to manage the system code or configuration files. Table 4-22. Flash/File Commands Command Function Mode Page copy Copies a code image or a switch configuration to or from 4-66 flash memory or a TFTP server delete Deletes a file or code image 4-69...
Page 301 Flash/File Commands Default Setting None Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch.
Page 302 Command Line Interface The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name : startup Write to FLASH Programming. \Write to FLASH finish. Success. Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01...
Page 303: Delete
Flash/File Commands This example shows how to download a PoE controller file from a TFTP server. Console#copy tftp file TFTP server IP address: 10.3.4.50 Choose file type: 1. config: 2. opcode 3. PD_Controller: <1-3>: 3 Source file name: 7012_007.s19 Destination file name: P-test Write to FLASH Programming.
Page 304: Dir
Command Line Interface Related Commands dir (4-70) delete public-key (4-38) Use this command to display a list of files in flash memory. Syntax dir [boot-rom | config | opcode [:filename]] The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file •...
Page 305: Whichboot
Flash/File Commands whichboot Use this command to display which files were booted when the system powered up. Default Setting None Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command.
Page 306: Cabletron Discovery Protocol (Cdp)
Command Line Interface Example Console(config)#boot system config: startup Console(config)# Related Commands dir (4-70) whichboot (4-71) Cabletron Discovery Protocol (CDP) The Cabletron Discovery Protocol (CDP) protocol enables a switch to discover the topology of other CDP-aware devices in the network. The protocol allows each switch to determine if other CDP-aware switches are adjacent to it.
Page 307: Cdp Holdtime
Cabletron Discovery Protocol (CDP) Command Mode Global Configuration Command Usage • A CDP domain is a logical grouping of devices that exchange CDP packets. If the switch receives a CDP packet with a different Authentication Key, the CDP packet is discarded. If the Authentication Key is left at the default value (null), the switch processes all CDP packets received.
Page 308: Cdp Timer
Command Line Interface cdp timer Use this command to set the frequency with which the switch transmits a CDP packet on all enabled ports. Use the no form to restore the default setting. Syntax cdp timer seconds no cdp timer seconds - The time between CDP packet transmissions.
Page 309: Cdp (Interface Configuration)
Cabletron Discovery Protocol (CDP) • When the global CDP setting is disabled, the switch does not send CDP packets from any port, regardless of the port CDP setting. Any CDP packets received are flooded to all other ports. Example This example sets the switch to CDP Auto-enable mode. Console(config)#cdp auto-run Console(config)# cdp (Interface Configuration)
Page 310: Show Cdp
Command Line Interface show cdp Use this command to display global CDP settings. Command Mode Privileged Executive Example Console#sh cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPvX advertisements is auto enabled Console# show cdp interface Use this command to display CDP interface settings.
Page 311: Table 4-25. Show Cdp Neighbors Output - Capability Codes
Cabletron Discovery Protocol (CDP) Example This example shows how to display information on CDP aware devices connected to the network. The ‘Capability Codes’ referenced in the Capability column describe the specific capabilities of the connected devices (see Table 3-20 on page 4-77.) Similarly the ‘Neighbor types’...
Page 312: Show Cdp Traffic
Command Line Interface Table 4-26. Show CDP Neighbors Output - Neighbor Types (Continued) Field Number Description Type dnsServer The connected device runs a Domain Name System server. dhcpServer The connected device runs Dynamic Host Configuration Protocol server. dnsDhcpServer The connected device runs a DNS server and a DHCP server. show cdp traffic Use this command to display CDP traffic statistics.
Page 313: Power Over Ethernet Commands
Power over Ethernet Commands Power over Ethernet Commands The commands in this group control the power that can be delivered to attached PoE devices through the V2H124-24P switch ports. The switch’s power management enables total switch power and individual port power to be controlled within a configured power budget.
Page 314: Power Inline
Command Line Interface • If the power demand from devices connected to the switch exceeds the power budget setting, the switch uses port power priority settings to limit the supplied power. Example Console(config)#power mainpower maximum allocation 300 Console(config)# Related Commands power inline priority (4-81) power inline Use this command to turn power on for a specific port or force a port into test mode.
Page 315: Power Inline Maximum Allocation
Power over Ethernet Commands power inline maximum allocation Use this command to limit the power allocated to specific ports. Use the no form to restore the default setting. Syntax power inline maximum allocation [milliwatts] no power inline maximum allocation milliwatts - The maximum power budget for the port. (Range: 3000 - 15400 milliwatts).
Page 316: Show Power Inline Status
Command Line Interface Command Usage • If the power demand from devices connected to the V2H124-24P exceeds the power budget setting, the switch uses port power priority settings to control the supplied power. For example: - A device connected to a low-priority port that causes the switch to exceed its budget is not supplied power.
Page 317: Show Power Mainpower
Power over Ethernet Commands • Priority – The port’s power priority setting (configurable, see power inline priority 4-81.) Example Console#show power inline status Interface Admin Oper Power(mWatt) Power(used) Priority ---------- ------- ---- ------------ ------------ -------- 1/ 1 enable 15400 1/ 2 enable 15400 1/ 3...
Page 318: Authentication Commands
Command Line Interface Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x. Table 4-29. Authentication Commands Command Group Function Page...
Page 319: Authentication Enable
Authentication Commands • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server. • You can specify three authentication methods in a single command to indicate the authentication sequence.
Page 320: Radius Client
Command Line Interface • You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if you enter “authentication enable radius tacacs local,” the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted on the TACACS+ server.
Page 321: Radius-Server Host
Authentication Commands radius-server host This command specifies primary and backup RADIUS servers and authentication parameters that apply to each server. Use the no form to restore the default values. Syntax [no] radius-server index host {host_ip_address | host_alias} [auth-port auth_port | acct-port acct_port] [timeout timeout] [retransmit retransmit] [key key] •...
Page 322: Radius-Server Port
Command Line Interface radius-server port This command sets the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812 Command Mode...
Page 323: Radius-Server Retransmit
Authentication Commands radius-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode Global Configuration...
Page 324: Radius-Server Service-Type
Filter ID sent by the switch during authentication: “Enterasys:version=n:mgmt=xx” according to the following rule: –> “Enterasys” is a required keyword and must be positioned first. –> “version” is a required keyword and specifies the Filter-ID syntax version. (Currently n=1 is the only value supported.) –>...
Page 325: Table 4-32. Radius Filter Id
Authentication Commands Table 4-32. RADIUS Filter ID None Administrative NAS-Prompt Authenticate- Unknown, Only Unsupported None Reject Management Management Management Reject (admin) (admin) (admin) mgmt=su Management Management Management Management Reject (admin) (admin) (admin) (admin) mgmt=rw Management Management Management Management Reject (admin) (admin) (admin) (admin)
Page 326: Show Radius-Server
Command Line Interface show radius-server This command displays the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console#show radius-server Remote RADIUS server configuration: Global settings: Communication key with RADIUS server: Auth-port: 1812 Acct-port: 1813 Retransmit times: Request timeout: Service-type:...
Page 327: Aaa Group Server
Authentication Commands aaa group server Use this command to name a list of RADIUS server hosts. To remove a group server from the configuration list, enter the no form of this command. Syntax [no] aaa group server [radius] group-name group-name - String used to name a group of RADIUS servers. (Range: 1-7 characters) Default Setting None...
Page 328: Aaa Accounting
Command Line Interface aaa accounting This command enables RADIUS accounting of requested services for billing or security purposes. Use the no form to disable the accounting service. Syntax aaa accounting [[dot1x | exec | update] default | server-name | periodic [start-stop group radius | server-name]] no radius-server •...
Page 329: Show Accounting
Authentication Commands Default Setting None Command Mode Interface Configuration Example Console(config)#interface ethernet 1/24 Console(config-if)#accounting dot1x default Console(config-if)# show accounting This command displays the current accounting settings per function and per port. Syntax show accounting [[dot1x | statistics [username | interface]] | exec | statistics] •...
Page 330: Tacacs+ Client
Command Line Interface TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.
Page 331: Tacacs-Server Key
Authentication Commands Command Mode Global Configuration Example Console(config)#tacacs-server port 181 Console(config)# tacacs-server key This command sets the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client.
Page 332: Port Security Commands
Command Line Interface Port Security Commands These commands can be used to enable port security on a port. When using port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table for this port will be authorized to access the network.
Page 333: 802.1X Port Authentication
Authentication Commands Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted.
Page 334: Dot1X System-Auth-Control
Command Line Interface Table 4-36. 802.1x Port Authentication Commands (Continued) Command Function Mode Page dot1x operation-mode Allows single or multiple hosts on an dot1x port 4-102 dot1x re-authenticate Forces re-authentication on specific ports 4-103 dot1x re-authentication Enables re-authentication for all ports 4-103 dot1x timeout quiet-period Sets the time that a switch port waits after the Max...
Page 335: Dot1X Default
Authentication Commands dot1x default This command sets all configurable dot1x global and port settings to their default values. Syntax dot1x default Command Mode Global Configuration Example Console(config)#dot1x default Console(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session.
Page 336: Dot1X Port-Control
Command Line Interface dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control • auto – Requires a dot1x-aware connected client to be authorized by the RADIUS server.
Page 337: Dot1X Re-Authenticate
Authentication Commands Command Mode Interface Configuration Command Usage • The “max-count” parameter specified by this command is only effective dot1x mode is set to “auto” by the dot1x port-control command (page 4-102.) • In “multi-host” mode, only one host connected to a port needs to authentication for all other hosts to be granted network access.
Page 338: Dot1X Timeout Quiet-Period
Command Line Interface Example Console(config)#interface ethernet 1/5 Console(config-if)#dot1x re-authentication Console(config-if)# dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default.
Page 339: Dot1X Timeout Tx-Period
Authentication Commands dot1x timeout tx-period This command sets the time that a port on the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number of seconds.
Page 340 Command Line Interface max-req (page 4-101). It also displays the following global parameters which are set to a fixed value, including the following items: - supp-timeout – Supplicant timeout. - server-timeout – Server timeout. - reauth-max – Maximum number of reauthentication attempts. - 802.1X Port Summary –...
Page 341 Authentication Commands Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: quiet-period: tx-period: supp-timeout: server-timeout: 30 reauth-max: max-req: 802.1X Port Summary Port Name Status Mode Authorized disabled ForceAuthorized disabled ForceAuthorized 1/11 disabled ForceAuthorized 1/12 enabled Auto 802.1X Port Details 802.1X is disabled on port 1/1 802.1X is enabled on port 1/2 reauth-enabled: Enable reauth-period:...
Page 342: System Vlan-Auth
Command Line Interface system vlan-auth This command enables VLAN authorization, enforcing modifications to VLAN attributes for packets forwarded through the switch. Use the no form to prevent modifications to VLAN attributes. Syntax [no] system vlan-auth Default Disabled Command Mode Global Configuration Command Usage This command can be used in conjunction with a RADIUS server to place a port into a particular VLAN based on the authentication result.
Page 343: Vlan-Auth Enable Egress
Authentication Commands Example Console(config)#interface ethernet 1/5 Console(config-if)#vlan-auth enable Console(config-if)# vlan-auth enable egress This command controls the modification of the current VLAN egress list (of the VLAN returned in the VLAN-Tunnel-Type field) upon successful authentication. Syntax vlan-auth enable egress {none | tagged | untagged} •...
Page 344: Show System Vlan-Auth
Command Line Interface show system vlan-auth This command shows VLAN authentication related settings on the switch or a specific interface. Syntax show system vlan-auth [interface interface] • interface • ethernet unit/port - unit - This is device 1. - port - Port number. Command Mode Privileged Exec Example...
Page 345: Masks For Access Control Lists
Access Control List Commands rules match for a list of all permit rules, the packet is dropped; and if no rules match for a list of all deny rules, the packet is accepted. There are three filtering modes: • Standard IP ACL mode (STD-ACL) filters packets based on the source IP address. •...
Page 346: Ip Acls
Command Line Interface Ingress MAC ACL or Egress MAC ACL), but a mask can be bound to up to four ACLs of the same type. Table 4-37. Access Control List Commands Command Groups Function Page IP ACLs Configures ACLs based on IP addresses, TCP/UDP port number, 4-112 protocol type, and TCP control code MAC ACLs...
Page 347: Access-List Ip
Access Control List Commands access-list ip This command adds an IP access list and enters configuration mode for standard or extended IP ACLs. Use the no form to remove the specified ACL. Syntax [no] access-list ip {standard | extended} acl_name •...
Page 348: Permit, Deny (Standard Acl)
Command Line Interface Command Mode Global Configuration Command Usage If this feature is disabled, fragmented packets will not be matched by any ACL rule, and will be handled according to the default permit or deny rule. Example Console(config)#tacacs-list ip extended fragment-auto-mask Console(config)# permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL.
Page 349: Permit, Deny (Extended Acl)
Access Control List Commands permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule. Syntax [no] {permit | deny} [protocol-number | udp] {any | source address-bitmask | host source}...
Page 350 Command Line Interface “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. •...
Page 351: Show Ip Access-List
Access Control List Commands show ip access-list This command displays the rules for configured IP ACLs. Syntax show ip access-list {standard | extended} [acl_name] • standard – Specifies a standard IP ACL. • extended – Specifies an extended IP ACL. - acl_name –...
Page 352: Mask (Ip Acl)
Command Line Interface Example Console(config)#access-list ip mask-precedence in Console(config-ip-mask-acl)# Related Commands mask (IP ACL) (4-118) ip access-group (4-122) mask (IP ACL) This command defines a mask for IP ACLs. This mask defines the fields to check in the IP header. Use the no form to remove a mask. Syntax [no] mask [protocol] {any | host | source-bitmask}...
Page 353 Access Control List Commands • First create the required ACLs and ingress or egress masks before mapping an ACL to an interface. • If you enter dscp, you cannot enter tos or precedence. You can enter both tos and precedence without dscp. •...
Page 354 Command Line Interface This shows how to create an extended ACL with an egress mask to drop packets leaving network 171.69.198.0 when the Layer 4 source port is 23. Console(config)#access-list ip extended A3 Console(config-ext-acl)#deny host 171.69.198.5 any Console(config-ext-acl)#deny 171.69.198.0 255.255.255.0 any source-port Console(config-ext-acl)#end Console#show access-list IP extended access-list A3:...
Page 355: Show Access-List Ip Mask-Precedence
Access Control List Commands This is a more comprehensive example. It denies any TCP packets in which the SYN bit is ON, and permits all other packets. It then sets the ingress mask to check the deny rule first, and finally binds port 1 to this ACL. Note that once the ACL is bound to an interface (i.e., the ACL is active), the order in which the rules are displayed is determined by the associated mask.
Page 356: Ip Access-Group
Command Line Interface Related Commands mask (IP ACL) (4-118) ip access-group This command binds a port to an IP ACL. Use the no form to remove the port. Syntax [no] ip access-group acl_name {in | out} • acl_name – Name of the ACL. (Maximum length: 16 characters) •...
Page 357: Map Access-List Ip
Access Control List Commands Related Commands ip access-group (4-122) map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself.
Page 358: Show Map Access-List Ip
Command Line Interface show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax show map access-list ip [interface] interface - ethernet unit/port - unit - This is device 1.
Page 359: Show Marking
Access Control List Commands Command Usage • You must configure an ACL mask before you can change frame priorities based on an ACL rule. • Traffic priorities may be included in the IEEE 802.1p priority tag. This tag is also incorporated as part of the overall IEEE 802.1Q VLAN tag. To specify this priority, use the set priority keywords.
Page 360: Mac Acls
Command Line Interface MAC ACLs Table 4-40. MAC ACL Commands Command Function Mode Page access-list mac Creates a MAC ACL and enters configuration mode 4-126 permit, deny Filters packets matching a specified source and MAC-ACL 4-127 destination address, packet format, and Ethernet type show mac access-list Displays the rules for configured MAC ACLs 4-128...
Page 361: Permit, Deny (Mac Acl)
Access Control List Commands • To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule. • An ACL can contain up to 32 rules. Example Console(config)#access-list mac jerry Console(config-mac-acl)# Related Commands permit, deny 4-127...
Page 362: Show Mac Access-List
Command Line Interface • any – Any MAC source or destination address. • host – A specific MAC address. • source – Source MAC address. • destination – Destination MAC address range with bitmask. • address-bitmask* – Bitmask for MAC address (in hexadecimal format). •...
Page 363: Access-List Mac Mask-Precedence
Access Control List Commands Command Mode Privileged Exec Example Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands permit, deny 4-127 mac access-group (4-132) access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks.
Page 364: Mask (Mac Acl)
Command Line Interface mask (MAC ACL) This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use the no form to remove a mask. Syntax [no] mask [pktformat] {any | host | source-bitmask} {any | host | destination-bitmask} [vid [vid-bitmask]] [ethertype [ethertype-bitmask]] •...
Page 365 Access Control List Commands Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3...
Page 366: Show Access-List Mac Mask-Precedence
Command Line Interface show access-list mac mask-precedence This command shows the ingress or egress rule masks for MAC ACLs. Syntax show access-list mac mask-precedence [in | out] • in – Ingress mask precedence for ingress ACLs. • out – Egress mask precedence for egress ACLs. Command Mode Privileged Exec Example...
Page 367: Show Mac Access-Group
Access Control List Commands Related Commands show mac access-list (4-128) show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Console#show mac access-group Interface ethernet 1/5 MAC access-list M5 out Console# Related Commands mac access-group (4-132) map access-list mac This command sets the output queue for packets matching an ACL rule.
Page 368: Show Map Access-List Mac
Command Line Interface Example Console(config)#int eth 1/5 Console(config-if)#map access-list mac M5 cos 0 Console(config-if)# Related Commands queue cos-map (4-214) show map access-list mac (4-134) show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface.
Page 369: Acl Information
Access Control List Commands Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage You must configure an ACL mask before you can change frame priorities based on an ACL rule. Example Console(config)#interface ethernet 1/12 Console(config-if)#match access-list mac a set priority 0 Console(config-if)# Related Commands show marking (4-125)
Page 370: Show Access-List
Command Line Interface Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255.255.15.0 IP extended access-list bob: permit 10.7.1.1 0.0.0.255 any permit 192.168.1.0 255.255.255.0 any destination-port 80 80 permit 192.168.1.0 255.255.255.0 any protocol tcp control-code 2 2 MAC access-list jerry: permit any host 00-30-29-94-34-de ethertype 800 800 IP extended access-list A6:...
Page 371: Snmp Commands
SNMP Commands Example Console#show access-group Interface ethernet 1/2 IP standard access-list david MAC access-list jerry Console# SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption;...
Page 372: Snmp-Server
Command Line Interface snmp-server This command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form to disable the server. Syntax [no] snmp-server Default Setting Enabled Command Mode Global Configuration Example Console(config)#snmp-server Console(config)# show snmp...
Page 373: Snmp-Server Community
SNMP Commands Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2. public, and the privilege is read-only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables...
Page 374: Snmp-Server Contact
Command Line Interface Command Mode Global Configuration Example Console(config)#snmp-server community alpha rw Console(config)# snmp-server contact Use this command to set the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information.
Page 375: Snmp-Server Host
SNMP Commands Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (4-140) snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr community-string [version {1 | 2c | 3 {auth | noauth | priv}} [udp-port port]] no snmp-server host host-addr •...
Page 376: Snmp-Server Enable Traps
Command Line Interface to receive notifications, at least one snmp-server enable traps command and the snmp-server host command for that host must be enabled. • Some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. •...
Page 377: Snmp-Server Engine-Id
SNMP Commands keyword, only the notification type related to that keyword is enabled. • The snmp-server enable traps command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. In order to send notifications, you must configure at least one snmp-server host command.
Page 378: Show Snmp Engine-Id
Command Line Interface show snmp engine-id Use this command to show the SNMP engine ID. Command Mode Privileged Exec Example This example shows the default engine ID. Console#show snmp engine-id Local SNMP engineID: 8000002a8000000000e8666672 Local SNMP engineBoots: 1 Console# Table 4-44. SNMP Engine ID Field Description Local SNMP engineID...
Page 379: Show Snmp View
SNMP Commands Examples This view includes MIB-2. Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)# This view includes the MIB-2 interfaces table, ifDescr. The wildcard is used to select all the index values in this table. Console(config)#snmp-server view ifEntry.2 1.3.6.1.2.1.2.2.1.*.2 included Console(config)# This view includes the MIB-2 interfaces table, and the mask selects all index entries.
Page 380: Snmp-Server Group
Command Line Interface snmp-server group Use this command to add an SNMP group, mapping SNMP users to SNMP views. Use the no form to remove an SNMP group. Syntax snmp-server group groupname {v1 | v2c | v3 {auth | noauth | priv}} [read readview] [write writeview] no snmp-server group groupname •...
Page 381: Table 4-46. Show Snmp Group - Display Description
SNMP Commands Example Console#sh snmp group Group Name: public Security Model: v1 Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private...
Page 382: Snmp-Server User
Command Line Interface snmp-server user Use this command to add a user to an SNMP group, restricting the user to a specific SNMP Read and a Write View. Use the no form to remove a user from an SNMP group. Syntax snmp-server user username groupname {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv-password]]...
Page 383: Show Snmp User
SNMP Commands show snmp user Use this command to show information on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 01000000000000000000000000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active Console# Table 4-47.
Page 384: Interface Commands
Command Line Interface Command Usage • You can create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software. • Address bitmasks are similar to a subnet mask, containing four decimal integers from 0 to 255, each separated by a period.
Page 385 Interface Commands Table 4-48. Interface Commands (Continued) Command Function Mode Page clear counters Clears the statistics on a given interface 4-157 show interfaces status Displays status for the specified interface NE, PE 4-158 show interfaces Displays statistics for the specified interfaces NE, PE 4-159 counters show interfaces...
Page 386: Speed-Duplex
Command Line Interface Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 25 Console(config)#interface ethernet 1/25 Console(config-if)#description RD-SW#3 Console(config-if)# speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled.
Page 387: Negotiation
Interface Commands Example The following example configures port 5 to 100 Mbps, half-duplex operation. Console(config)#interface ethernet 1/5 Console(config-if)#speed-duplex 100half Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-153) capabilities (4-154) negotiation Use this command to enable autonegotiation for a given interface. Use the no form to disable autonegotiation.
Page 388: Capabilities
Command Line Interface capabilities Use this command to advertise the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capability, or the no form without parameters to restore the default values. Syntax [no] capabilities {1000full | 100full | 100half | 10full | 10half | flowcontrol | symmetric}...
Page 389: Flowcontrol
Interface Commands Related Commands negotiation (4-153) speed-duplex (4-152) flowcontrol (4-155) flowcontrol Use this command to enable flow control. Use the no form to disable flow control. Syntax [no] flowcontrol Default Setting Flow control enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 390: Shutdown
Command Line Interface shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax [no] shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved.
Page 391: Clear Counters
Interface Commands • This command can enable or disable broadcast storm control for the selected interface. However, the specified threshold value applies to all ports on the switch. Example The following shows how to configure broadcast storm control at 600 packets per second on port 5: Console(config)#interface ethernet 1/5 Console(config-if)#switchport broadcast packet-rate 600...
Page 392: Show Interfaces Status
Command Line Interface show interfaces status Use this command to display the status for an interface. Syntax show interfaces status [interface] interface - ethernet unit/port - unit - This is device 1. - port - Port number. - port-channel channel-id (Range: 1-6) - vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all interfaces.
Page 393: Show Interfaces Counters
Interface Commands show interfaces counters Use this command to display interface statistics. Syntax show interfaces counters [interface] interface - ethernet unit/port - unit - This is device 1. - port - Port number. - port-channel channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces.
Page 394: Show Interfaces Switchport
Command Line Interface show interfaces switchport Use this command to display the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface - ethernet unit/port - unit - This is device 1. - port - Port number. - port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces.
Page 395: Mirror Port Commands
Mirror Port Commands Table 4-49. Show Interfaces Switchport Output - Description (Continued) Field Description Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only (See page 4-202.) Native VLAN Indicates the default Port VLAN ID (See page 4-203.) Priority for untagged traffic Indicates the default priority for untagged frames (See page 4-211.) Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled (See page...
Page 396: Show Port Monitor
Command Line Interface Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner.
Page 397: Rate Limit Commands
Rate Limit Commands Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------- Destination port(listen port):Eth1/1 Source port(monitored port) :Eth1/6 Mode :RX/TX Console# Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface.
Page 398: Link Aggregation Commands
Command Line Interface Command Usage • The range is: - Fast Ethernet interface – 1 to 100 Mbps - Gigabit Ethernet interface – 8 to 1000 Mbps • Resolution – The increment of change: - Fast Ethernet interface – 1 Mbps - Gigabit Ethernet interface –...
Page 399: Channel-Group
Link Aggregation Commands Guidelines for Creating Trunks General Guidelines – • Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop. • A trunk can have up to eight ports. • The ports at both ends of a connection must be configured as trunk ports. •...
Page 400: Lacp
Command Line Interface Example The following example creates trunk 1 and then adds port 11: Console(config)#interface port-channel 1 Console(config-if)#exit Console(config)#interface ethernet 1/11 Console(config-if)#channel-group 1 Console(config-if)# lacp This command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it. Syntax [no] lacp Default Setting...
Page 401: Lacp System-Priority
Link Aggregation Commands Example The following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that Trunk1 has been established. Console(config)#interface ethernet 1/11 Console(config-if)#lacp Console(config-if)#exit...
Page 402: Lacp Admin-Key (Ethernet Interface)
Command Line Interface Command Mode Interface Configuration (Ethernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.
Page 403: Lacp Admin-Key (Port Channel)
Link Aggregation Commands • Once the remote side of a link has been established, LACP operational settings are already in use on that side. Configuring LACP settings for the partner only applies to its administrative state, not its operational state, and will only take effect the next time an aggregate link is established with the partner.
Page 404: Lacp Port-Priority
Command Line Interface lacp port-priority This command configures LACP port priority. Use the no form to restore the default setting. Syntax lacp {actor | partner} port-priority priority no lacp {actor | partner} port-priority • actor - The local side an aggregate link. •...
Page 405: Table 4-53. Lacp Data Units
Link Aggregation Commands Default Setting Port Channel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Channel group : 1 ------------------------------------------------------------------------- Eth 1/ 1 ------------------------------------------------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LACPDUs Illegal Pkts : 0 Table 4-53.
Page 406: Table 4-54. Show Lacp Output Contents
Command Line Interface Console#show lacp 1 internal Channel group : 1 ------------------------------------------------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------------------------------------------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin Key : 4 Oper Key : 4 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State : distributing, collecting, synchronization, aggregation,...
Page 407: Table 4-55. Show Lacp Neighbors Output Contents
Link Aggregation Commands Console#show lacp 1 neighbors Channel group 1 neighbors ------------------------------------------------------------------------- Eth 1/1 ------------------------------------------------------------------------- Partner Admin System ID : 32768, 00-00-00-00-00-00 Partner Oper System ID : 32768, 00-00-00-00-00-01 Partner Admin Port Number : 1 Partner Oper Port Number : 1 Port Admin Priority : 32768 Port Oper Priority : 32768 Admin Key : 0...
Page 408: Address Table Commands
Command Line Interface Table 4-56. Show LACP System ID Output Contents Field Description Channel group A link aggregation group configured on this switch. System Priority* LACP system priority for this channel group. System MAC Address* System MAC address. * The LACP system priority and system MAC address are concatenated to form the LAG system ID. Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time.
Page 409: Clear Mac-Address-Table Dynamic
Address Table Commands Default Setting No static addresses are defined. The default mode is permanent. Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table.
Page 410: Show Mac-Address-Table
Command Line Interface show mac-address-table Use this command to view classes of entries in the bridge-forwarding database. Syntax show mac-address-table [address mac-address [mask]] [interface interface] [vlan vlan-id] [sort {address | vlan | interface}] • mac-address - MAC address. • mask - Bits to match in the address. •...
Page 411: Mac-Address-Table Aging-Time
Address Table Commands mac-address-table aging-time Use this command to set the aging time for entries in the address table. Use the no form to restore the default aging time. Syntax mac-address-table aging-time seconds no mac-address-table aging-time seconds - Time in number of seconds (10-1000000, or 0 to disable). Default Setting 300 seconds Command Mode...
Page 412: Spanning Tree Commands
Command Line Interface Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 4-58. Spanning Tree Commands Command Function Mode Page spanning-tree Enables the spanning tree protocol 4-179 spanning-tree mode...
Page 413: Spanning-Tree
Spanning Tree Commands Table 4-58. Spanning Tree Commands (Continued) Command Function Mode Page show spanning-tree Shows spanning tree configuration for the overall bridge or 4-196 a selected interface show spanning-tree mst Shows the multiple spanning tree configuration 4-198 configuration spanning-tree Use this command to enable the Spanning Tree Algorithm globally for the switch.
Page 414 Command Line Interface Default Setting rstp Command Mode Global Configuration Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path between specific VLAN members may be inadvertently disabled to prevent network loops, thus isolating group members.
Page 415: Spanning-Tree Forward-Time
Spanning Tree Commands spanning-tree forward-time Use this command to configure the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4 - 30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
Page 416: Spanning-Tree Max-Age
Command Line Interface Command Usage This command sets the time interval (in seconds) at which the root device transmits a configuration message. Example Console(config)#spanning-tree hello-time 5 Console(config)# spanning-tree max-age Use this command to configure the spanning tree bridge maximum age globally for this switch.
Page 417: Spanning-Tree Priority
Spanning Tree Commands spanning-tree priority Use this command to configure the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range: 0 - 65535) (Range –...
Page 418: Spanning-Tree Pathcost Method
Command Line Interface Example Console(config)#spanning-tree default priority 802.1D-1998 Console(config)# spanning-tree pathcost method Use this command to configure the path cost method used for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method •...
Page 419: Spanning-Tree Mst-Configuration
Spanning Tree Commands Command Usage This command limits the maximum transmission rate for BPDUs. Example Console(config)#spanning-tree transmission-limit 4 Console(config)# spanning-tree mst-configuration Use this command to change to Multiple Spanning Tree (MST) configuration mode. Default Setting • No VLANs are mapped to any MST instance. •...
Page 420: Mst Priority
Command Line Interface Command Usage • Use this command to group VLANs into spanning tree instances. MSTP generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 421: Name
Spanning Tree Commands • You can set this switch to act as the MSTI root device by specifying a priority of 0, or as the MSTI alternate device by specifying a priority of 16384. Example Console(config-mstp)#mst 1 priority 4096 Console(config-mstp)# name This command configures the name for the multiple spanning tree region in which this switch is located.
Page 422: Max-Hops
Command Line Interface Command Mode MST Configuration Command Usage The MST region name (page 4-187) and revision number are used to designate a unique MST region. A bridge (i.e., spanning-tree compliant device such as this switch) can only belong to one MST region. And all bridges in the same region must be configured with the same MST instances.
Page 423: Spanning-Tree Spanning-Disabled
Spanning Tree Commands spanning-tree spanning-disabled This command disables the spanning tree algorithm for the specified interface. Use the no form to reenable the spanning tree algorithm for the specified interface. Syntax [no] spanning-tree spanning-disabled Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Example This example disables the spanning tree algorithm for port 5.
Page 424: Spanning-Tree Port-Priority
Command Line Interface • Path cost takes precedence over port priority. • When the spanning-tree pathcost method (page 4-184) is set to short, the maximum value for path cost is 65,535. Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree cost 50 Console(config-if)# spanning-tree port-priority Use this command to configure the priority for the specified interface.
Page 425: Spanning-Tree Edge-Port
Spanning Tree Commands spanning-tree edge-port Use this command to specify an interface as an edge port. Use the no form to restore the default. Syntax [no] spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 426: Spanning-Tree Link-Type
Command Line Interface Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and proceed straight to Forwarding. •...
Page 427: Spanning-Tree Backup-Root
Spanning Tree Commands Command Usage • Specify a point-to-point link if the interface can only be connected to exactly one other bridge, or a shared link if it can be connected to two or more bridges. • When automatic detection is selected, the switch derives the link type from the duplex mode.
Page 428: Spanning-Tree Mst Cost
Command Line Interface spanning-tree mst cost This command configures the path cost on a spanning instance in the Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree mst instance_id cost cost no spanning-tree mst instance_id cost •...
Page 429: Spanning-Tree Mst Port-Priority
Spanning Tree Commands spanning-tree mst port-priority This command configures the interface priority on a spanning instance in the Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree mst instance_id port-priority priority no spanning-tree mst instance_id port-priority •...
Page 430: Show Spanning-Tree
Command Line Interface Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible).
Page 431 Spanning Tree Commands • For a description of the items displayed under “Spanning-tree information,” see “Configuring Global Settings” on page 3-127. For a description of the items displayed for specific interfaces, see “Displaying Interface Settings” on page 3-131. Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode:...
Page 432: Show Spanning-Tree Mst Configuration
Command Line Interface show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Command Mode Privileged Exec Example Console#show spanning-tree mst configuration Mstp Configuration Information -------------------------------------------------------------- Configuration name:XSTP REGION 0 Revision level:0 Instance Vlans -------------------------------------------------------------- Console# VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment.
Page 433: Vlan Database
VLAN Commands vlan database Use this command to enter VLAN database mode. All commands in this mode will take effect immediately. Default Setting None Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command.
Page 434: Configuring Vlan Interfaces
Command Line Interface Command Mode VLAN Database Configuration Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state returns the VLAN to the default state (i.e., active). •...
Page 435: Switchport Mode
VLAN Commands Default Setting None Command Mode Global Configuration Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown (4-156)
Page 436: Switchport Acceptable-Frame-Types
Command Line Interface Related Commands switchport acceptable-frame-types (4-202) switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port accepts all frames, tagged or untagged. •...
Page 437: Switchport Native Vlan
VLAN Commands Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Ingress filtering only affects tagged frames. • If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port).
Page 438: Switchport Allowed Vlan
Command Line Interface Example The following example shows how to set the PVID for port 1 to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport native vlan 3 Console(config-if)# switchport allowed vlan Use this command to configure VLAN groups on the selected interface. Use the no form to restore the default.
Page 439: Switchport Forbidden Vlan
VLAN Commands Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged Console(config-if)# switchport forbidden vlan Use this command to configure forbidden VLANs. Use the no form to remove the list of forbidden VLANs.
Page 440: Displaying Vlan Information
Command Line Interface Displaying VLAN Information Table 4-62. Displaying VLAN Information Command Function Mode Page show vlan Shows VLAN information NE, PE 4-206 show interfaces status vlan Displays status for the specified VLAN interface NE, PE 4-158 show interfaces switchport Displays the administrative and operational status of an NE, PE 4-160 interface...
Page 441: Gvrp And Bridge Extension Commands
GVRP and Bridge Extension Commands GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB.
Page 442: Show Bridge-Ext
Command Line Interface show bridge-ext Use this command to show the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 3-147 and “Displaying Bridge Extension Capabilities” on page 3-12 for a description of the displayed items.
Page 443: Show Gvrp Configuration
GVRP and Bridge Extension Commands show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface - ethernet unit/port - unit - This is device 1. - port - Port number. - port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration.
Page 444: Show Garp Timer
Command Line Interface Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate.
Page 445: Priority Commands
Priority Commands Example Console#show garp timer ethernet 1/1 Eth 1/ 1 GARP timer status: Join timer: 20 centiseconds Leave timer: 60 centiseconds Leaveall timer: 1000 centiseconds Console# Related Commands garp timer (4-209) Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion.
Page 446: Queue Mode
Command Line Interface queue mode This command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) priority queues. Use the no form to restore the default value. Syntax queue mode {strict | wrr} no queue mode •...
Page 447: Queue Bandwidth
Priority Commands Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.
Page 448: Queue Cos-Map
Command Line Interface Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights. Example The following example shows how to assign WRR weights of 1, 3, 5 and 7 to the CoS priority queues 0, 1, 2 and 3: Console(config)#queue bandwidth 1 3 5 7 Console(config)# Related Commands...
Page 449: Show Queue Mode
Priority Commands Example The following example shows how to map CoS values 0, 1 and 2 to priority queue 0, value 3 to queue 1, values 4 and 5 to queue 2, and values 6 and 7 to queue 3: Console(config)#interface ethernet 1/1 Console(config-if)#queue cos-map 0 1 2 Console(config-if)#queue cos-map 1 0 3...
Page 450: Show Queue Cos-Map
Command Line Interface Example Console#show queue bandwidth Queue ID Weight -------- ------ Console# show queue cos-map Use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface - ethernet unit/port - unit - This is device 1. - port - Port number.
Page 451: Priority Commands (Layer 3 And 4)
Priority Commands Priority Commands (Layer 3 and 4) Table 4-67. Priority Commands (Layer 3 and 4) Command Function Mode Page map ip port Enables TCP class of service mapping 4-217 map ip port Maps TCP socket to a class of service 4-218 map ip precedence Enables IP precedence class of service mapping...
Page 452: Map Ip Port (Interface Configuration)
Command Line Interface map ip port (Interface Configuration) Use this command to set IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number •...
Page 453: Map Ip Precedence (Interface Configuration)
Priority Commands Example The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence Console(config)# map ip precedence (Interface Configuration) Use this command to set IP precedence priority (i.e., IP Type of Service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value no map ip precedence...
Page 454: Map Ip Dscp (Global Configuration)
Command Line Interface map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [no] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage •...
Page 455: Show Map Ip Port
Priority Commands Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Mapping IP DSCP to CoS Values IP DSCP Value CoS Value 10, 12, 14, 16 18, 20, 22, 24 26, 28, 30, 32, 34, 36...
Page 456: Show Map Ip Precedence
Command Line Interface Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no. COS --------- -------- --- Eth 1/ 5 Console# Related Commands...
Page 457: Show Map Ip Dscp
Priority Commands Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --- Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Console# Related Commands...
Page 458: Multicast Filtering Commands
Command Line Interface Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Console# Related Commands map ip dscp (Global Configuration) (4-220)
Page 459: Igmp Snooping Commands
Multicast Filtering Commands IGMP Snooping Commands Table 4-70. IGMP Snooping Commands Command Function Mode Page ip igmp snooping Enables IGMP snooping 4-225 ip igmp snooping vlan static Adds an interface as a member of a multicast group 4-225 ip igmp snooping version Configures the IGMP version for snooping 4-226 show ip igmp snooping...
Page 460: Ip Igmp Snooping Version
Command Line Interface Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port: Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/5 Console(config)# ip igmp snooping version Use this command to configure the IGMP snooping version. Use the no form to restore the default.
Page 461: Show Ip Igmp Snooping
Multicast Filtering Commands show ip igmp snooping Use this command to show the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Layer 2 IGMP (Snooping and Query)” on page 2-74 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping...
Page 462: Igmp Query Commands (Layer 2)
Command Line Interface Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: Console#show mac-address-table multicast vlan 1 igmp-snooping VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------- 224.1.2.3 Eth1/11 IGMP Console# IGMP Query Commands (Layer 2) Table 4-71.
Page 463: Ip Igmp Snooping Query-Count
Multicast Filtering Commands Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic. Example Console(config)#ip igmp snooping querier Console(config)# ip igmp snooping query-count Use this command to configure the query count. Use the no form to restore the default.
Page 464: Ip Igmp Snooping Query-Interval
Command Line Interface ip igmp snooping query-interval Use this command to configure the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages.
Page 465: Ip Igmp Snooping Router-Port-Expire-Time
Multicast Filtering Commands Example The following shows how to configure the maximum response time to 20 seconds: Console(config)#ip igmp snooping query-max-response-time 20 Console(config)# Related Commands ip igmp snooping version (4-226) ip igmp snooping query-max-response-time (4-230) ip igmp snooping router-port-expire-time Use this command to configure the query timeout. Use the no form of this command to restore the default.
Page 466: Static Multicast Routing Commands
Command Line Interface Static Multicast Routing Commands Table 4-72. Static Multicast Routing Commands Command Function Mode Page ip igmp snooping vlan Adds a multicast router port 4-232 mrouter show ip igmp snooping Shows multicast router ports 4-233 mrouter ip igmp snooping vlan mrouter Use this command to statically configure a multicast router port.
Page 467: Show Ip Igmp Snooping Mrouter
IP Interface Commands show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage...
Page 468: Ip Address
Command Line Interface ip address Use this command to set the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} no ip address •...
Page 469: Ip Default-Gateway
IP Interface Commands Related Commands ip dhcp restart (4-235) ip default-gateway Use this command to a establish a static route between this device and management stations that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway...
Page 470: Show Ip Interface
Command Line Interface network portion of the address provided to the client will be based on this new domain. Example In the following example, the device is reassigned the same address Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan IP address and netmask:...
Page 471: Ping
IP Interface Commands Example Console#show ip redirects ip default gateway 10.1.0.254 Console# Related Commands ip default-gateway (4-235) ping Use this command to send ICMP echo request packets to another node on the network. Syntax ping host [count count][size size] • host - IP address or IP alias of the host. •...
Page 472: Dns Commands
Command Line Interface Example Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 packets received (100%), 0 packets lost (0%) Approximate round trip times:...
Page 473: Ip Host
DNS Commands ip host This command creates a static entry in the DNS table that maps a host name to an IP address. Use the no form to remove an entry. Syntax [no] ip host name address1 [address2 … address8] •...
Page 474: Ip Domain-Name
Command Line Interface Example This example clears all static entries from the DNS table. Console(config)#clear host * Console(config)# ip domain-name This command defines the default domain name appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation).
Page 475: Ip Domain-List
DNS Commands ip domain-list This command defines a list of domain names that can be appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation). Use the no form to remove a name from this list. Syntax [no] ip domain-list name name - Name of the host.
Page 476: Ip Name-Server
Command Line Interface ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution. Use the no form to remove a name server from this list. Syntax [no] ip name-server server-address1 [server-address2 … server-address6] •...
Page 477: Ip Domain-Lookup
DNS Commands ip domain-lookup This command enables DNS host name-to-address translation. Use the no form to disable DNS. Syntax [no] ip domain-lookup Default Setting Disabled Command Mode Global Configuration Command Usage • At least one name server must be specified before you can enable DNS. •...
Page 478: Show Hosts
Command Line Interface show hosts This command displays the static host name-to-address mapping table. Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address(es) as a previously configured entry. Console#show hosts Hostname Inet address...
Page 479: Show Dns Cache
DNS Commands show dns cache This command displays entries in the DNS cache. Command Mode Privileged Exec Example Console#show dns cache FLAG TYPE DOMAIN CNAME 10.2.44.96 pttch_pc.accton.com.tw CNAME 10.2.44.3 ahten.accton.com.tw CNAME 66.218.71.84 www.yahoo.akadns.net CNAME 66.218.71.83 www.yahoo.akadns.net CNAME 66.218.71.81 www.yahoo.akadns.net CNAME 66.218.71.80 www.yahoo.akadns.net CNAME...
Page 480 Command Line Interface 4-246...
Page 481: Appendix A: Troubleshooting
Appendix A: Troubleshooting Problems Accessing the Management Interface Table A-1.Troubleshooting Chart Symptom Action Cannot connect using Telnet, • Be sure the switch is powered up. web browser, or SNMP • Check network cabling between the management station and the switch. software •...
Page 482: Using System Logs
Troubleshooting Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 483: Appendix B: Software Specifications
Appendix B: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) Cabletron Discovery Protocol Power Over Ethernet (V2H124-24P only) SNMPv3 Management access via MIB database Trap management to specified hosts DHCP Client Port Configuration...
Page 484: Management Features
Software Specifications Spanning Tree Protocol Spanning Tree Protocol (STP, IEEE 802.1D) Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) Multiple Spanning Tree (MSTP, IEEE 802.1s) VLAN Support Up to 255 groups; port-based, protocol-based, or tagged (802.1Q), GVRP for automatic VLAN learning, private VLANs Class of Service Supports four levels of priority and Weighted Round Robin Queueing (which can be configured by VLAN tag or port),...
Page 485: Management Information Bases
Software Specifications IEEE 802.1Q VLAN IEEE 802.1w Rapid Spanning Tree Protocol IEEE 802.1x Port Authentication IEEE 802.3 Ethernet, IEEE 802.3ab 1000BASE-T IEEE 802.3ac VLAN tagging IEEE 802.3ad Link Aggregation Control Protocol IEEE 802.3u Fast Ethernet IEEE 802.3x full-duplex flow control (ISO/IEC 8802-3) IEEE 802.3z Gigabit Ethernet, DHCP (RFC 1541) ICMP (RFC 792)
Page 486 Software Specifications SNMP Framework MIB (RFC 2571) SNMP-MPD MIB (RFC 2572) SNMP Target MIB, SNMP Notification MIB (RFC 2573) SNMP User-Based SM MIB (RFC 2574) SNMP View Based ACM MIB (RFC 2575) SNMP Community MIB (RFC 2576) Trap (RFC 1215) TACACS+ Authentication Client MIB TCP MIB (RFC 2013) Trap (RFC 1215)
Page 487: Glossary
Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) used to provide bootup information for network devices, including IP BOOTP is address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 488 Glossary GARP VLAN Registration Protocol (GVRP) Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network. Generic Attribute Registration Protocol (GARP) GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so...
Page 489 Glossary IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. IGMP Query On each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong.
Page 490 Glossary MD5 Message-Digest Algorithm An algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
Page 491 Glossary Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services.
Page 492 Glossary Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN.
Page 493: Index
Index DHCP 3-16, 4-234 Numerics client 4-238 802.1x Differentiated Code Point Service See configure 4-99 DSCP port authentication 4-99 Displaying Basic VLAN 802.1x, port authentication 3-65 Information 3-147, 4-208 default domain name 3-178 displaying the cache 3-182 Access Control Lists See ACL domain name list 3-178 enabling lookup 3-178 configuration guidelines 3-74, 4-110...
Page 494 Index IEEE 802.1w 3-123, 4-179 IEEE 802.1x 3-65, 4-99 passwords IGMP administrator setting 3-46, 3-51, configuring 3-171, 4-224 3-52, 3-53, 3-54, 3-55, 4-25 Layer 2 3-171, 4-225 path cost 3-125, 3-133, 4-189 query 3-171 method 3-129, 4-184 query, Layer 2 3-172, 4-228 STA 3-125, 3-133, 4-184 snooping 3-171 port authentication 3-65, 4-99...
Page 495 Index show power mainpower 4-83 STP 3-127, 4-179 SNMP STP Also see STA community string 3-37, 4-139 switchport mode 3-154, 4-201 enabling traps 3-38, 4-142 system clock, setting 3-33, 4-54 filtering IP addresses 3-72, 4-149 system software, downloading from trap manager 3-38, 4-142 server 3-18, 4-66, A-1 SNTP 3-33, 4-54 software...
Page 496 Index Index-4...
Page 498 Part #150200039400A FW #2.5.2.0 E012005-R02 ES3526G E072000-R04...

This manual is also suitable for:

Matrix-v v2h124-24fx Matrix-v v2h124-24p

Enterasys Matrix-V V2H124-24 Configuration Manual

Chapter 1: Introduction

Chapter 2: Initial Configuration

Chapter 3: Configuring the Switch

Quick Links

Related Manuals for Enterasys Matrix-V V2H124-24

Summary of Contents for Enterasys Matrix-V V2H124-24