Page 1: Management Guide
MANAGEMENT GUIDE TigerStack II 10/100/1000 SMC8926EM 24/48-Port Stackable Layer 3 Gigabit SMC8950EM Switch...
Page 2 TigerStack II 10/100/1000 Management Guide From SMC's Tiger line of feature-rich workgroup LAN solutions 20 Mason August 2009 Pub. # 149100000035A Irvine, CA 92618 E082009-MW-R01 Phone: (949) 679-8000...
Page 3 No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.
Page 4 Warranty and Product Registration To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.com.
Page 5: About This Guide
About This Guide Purpose This guide gives specific information on how to operate and use the management functions of the switch. Audience The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Page 7: Table Of Contents
Contents Section I: Getting Started Chapter 1: Introduction Key Features Description of Software Features System Defaults Chapter 2: Initial Configuration Connecting to the Switch Configuration Options Required Connections Remote Connections Stack Operations Selecting the Stack Master Selecting the Backup Unit Recovering from Stack Failure or Topology Change Broken Link for Line and Wrap-around Topologies Resilient IP Interface for Management Access...
Page 8 Contents Main Menu Chapter 4: Basic Management Tasks Displaying System Information Displaying Switch Hardware/Software Versions Displaying Bridge Extension Capabilities Setting the Switch’s IP Address (IP Version 4) Manual Configuration Using DHCP/BOOTP Setting the Switch’s IP Address (IP Version 6) Configuring an IPv6 Address Configuring an IPv6 General Network Prefix 4-15 Configuring Neighbor Detection Protocol and Static Entries...
Page 9 Contents Chapter 6: User Authentication Configuring User Accounts Configuring Local/Remote Logon Authentication Configuring HTTPS Replacing the Default Secure-site Certificate Configuring the Secure Shell Generating the Host Key Pair 6-10 Importing User Public Keys 6-12 Configuring the SSH Server 6-14 Configuring Port Security 6-16 Configuring 802.1X Port Authentication 6-18...
Page 10 Contents Chapter 10: Spanning Tree Algorithm 10-1 Displaying Global Settings 10-3 Configuring Global Settings 10-6 Displaying Interface Settings 10-10 Configuring Interface Settings 10-13 Configuring Multiple Spanning Trees 10-16 Displaying Interface Settings for MSTP 10-19 Configuring Interface Settings for MSTP 10-20 Chapter 11: VLAN Configuration 11-1 IEEE 802.1Q VLANs...
Page 11 Contents Mapping IP Precedence 13-8 Mapping DSCP Priority 13-10 Mapping IP Port Priority 13-11 Chapter 14: Quality of Service 14-1 Configuring Quality of Service Parameters 14-1 Configuring a Class Map 14-2 Creating QoS Policies 14-4 Attaching a Policy Map to Ingress Queues 14-7 Chapter 15: Multicast Filtering 15-1...
Page 12 Contents Displaying Dynamically Learned ARP Entries 19-12 Displaying Local ARP Entries 19-13 Displaying ARP Statistics 19-14 Displaying Statistics for IP Protocols 19-16 IP Statistics 19-16 ICMP Statistics 19-17 UDP Statistics 19-19 TCP Statistics 19-20 Configuring Static Routes 19-21 Displaying the Routing Table 19-22 Chapter 20: Unicast Routing 20-1...
Page 13 Contents Partial Keyword Lookup 21-5 Negating the Effect of Commands 21-5 Using Command History 21-5 Understanding Command Modes 21-6 Exec Commands 21-6 Configuration Commands 21-7 Command Line Processing 21-9 Command Groups 21-10 Chapter 22: General Commands 22-1 enable 22-1 disable 22-2 configure 22-2...
Page 14 Contents databits 23-22 parity 23-23 speed 23-23 stopbits 23-24 disconnect 23-24 show line 23-25 Event Logging Commands 23-26 logging on 23-26 logging history 23-27 logging host 23-28 logging facility 23-28 logging trap 23-29 clear log 23-29 show logging 23-30 show log 23-31 SMTP Alert Commands 23-32...
Page 15 Contents snmp-server engine-id 24-8 show snmp engine-id 24-9 snmp-server view 24-10 show snmp view 24-11 snmp-server group 24-11 show snmp group 24-12 snmp-server user 24-14 show snmp user 24-15 Chapter 25: User Authentication Commands 25-1 User Account Commands 25-1 username 25-2 enable password 25-3...
Page 16 Contents show ssh 25-22 show public-key 25-23 Port Security Commands 25-24 port security 25-25 802.1X Port Authentication 25-26 dot1x system-auth-control 25-27 dot1x default 25-27 dot1x max-req 25-27 dot1x port-control 25-28 dot1x operation-mode 25-29 dot1x re-authenticate 25-30 dot1x re-authentication 25-30 dot1x timeout quiet-period 25-31 dot1x timeout re-authperiod 25-31...
Page 17 Contents Chapter 27: Interface Commands 27-1 interface 27-1 description 27-2 speed-duplex 27-3 negotiation 27-4 capabilities 27-4 flowcontrol 27-5 media-type 27-6 shutdown 27-7 switchport broadcast packet-rate 27-7 clear counters 27-8 show interfaces status 27-9 show interfaces counters 27-10 show interfaces switchport 27-11 Chapter 28: Link Aggregation Commands 28-1...
Page 18 Contents lldp basic-tlv management-ip-address 32-7 lldp basic-tlv port-description 32-8 lldp basic-tlv system-capabilities 32-8 lldp basic-tlv system-description 32-9 lldp basic-tlv system-name 32-9 lldp dot1-tlv proto-ident 32-10 lldp dot1-tlv proto-vid 32-10 lldp dot1-tlv pvid 32-11 lldp dot1-tlv vlan-name 32-11 lldp dot3-tlv link-agg 32-12 lldp dot3-tlv mac-phy 32-12...
Page 19 Contents Chapter 34: VLAN Commands 34-1 GVRP and Bridge Extension Commands 34-1 bridge-ext gvrp 34-2 show bridge-ext 34-2 switchport gvrp 34-3 show gvrp configuration 34-3 garp timer 34-4 show garp timer 34-5 Editing VLAN Groups 34-5 vlan database 34-5 vlan 34-6 Configuring VLAN Interfaces 34-7...
Page 20 Contents Priority Commands (Layer 3 and 4) 35-7 map ip port (Global Configuration) 35-7 map ip port (Interface Configuration) 35-8 map ip precedence (Global Configuration) 35-8 map ip precedence (Interface Configuration) 35-9 map ip dscp (Global Configuration) 35-10 map ip dscp (Interface Configuration) 35-10 show map ip port 35-11...
Page 21 Contents ip domain-name 38-3 ip domain-list 38-3 ip name-server 38-4 ip domain-lookup 38-5 show hosts 38-6 show dns 38-7 show dns cache 38-7 clear dns cache 38-8 Chapter 39: DHCP Commands 39-1 DHCP Client 39-1 ip dhcp client-identifier 39-1 ip dhcp restart client 39-2 DHCP Relay 39-3...
Page 22 Contents clear vrrp router counters 40-10 clear vrrp interface counters 40-10 Chapter 41: IP Interface Commands 41-1 Basic IP Configuration 41-1 ip address 41-3 ip default-gateway 41-4 show ip interface 41-5 show ip redirects 41-5 ping 41-6 ipv6 enable 41-7 ipv6 general-prefix 41-8 show ipv6 general-prefix...
Page 23 Contents Routing Information Protocol (RIP) 42-5 router rip 42-6 default-metric 42-7 timers basic 42-8 network 42-9 neighbor 42-9 version 42-10 redistribute 42-11 ip rip receive version 42-12 ip rip send version 42-13 ip split-horizon 42-14 ip rip authentication key 42-14 ip rip authentication mode 42-15 show rip globals...
Page 24 Contents Section IV: Appendices Appendix A: Software Specifications Software Features Management Features Standards Management Information Bases Appendix B: Troubleshooting Problems Accessing the Management Interface Using System Logs Glossary Index...
Page 25 Tables Table 1-1 Key Features Table 1-2 System Defaults Table 3-1 Web Page Configuration Buttons Table 3-2 Switch Main Menu Table 4-1 Logging Levels 4-30 Table 5-1 SNMPv3 Security Models and Levels Table 5-2 Supported Notification Messages 5-14 Table 6-1 HTTPS System Support Table 6-2 802.1X Statistics...
Page 26 Tables Table 23-10 show logging flash/ram - display description 23-30 Table 23-11 show logging trap - display description 23-31 Table 23-12 SMTP Alert Commands 23-32 Table 23-13 Time Commands 23-35 Table 24-1 SNMP Commands 24-1 Table 24-2 show snmp engine-id - display description 24-9 Table 24-3 show snmp view - display description...
Page 27 Tables Table 34-5 Commands for Displaying VLAN Information 34-12 Table 34-7 Private VLAN Commands 34-18 Table 34-8 Protocol-based VLAN Commands 34-20 Table 35-1 Priority Commands 35-1 Table 35-2 Priority Commands (Layer 2) 35-1 Table 35-3 Default CoS Priority Levels 35-5 Table 35-4 Priority Commands (Layer 3 and 4) 35-7...
Page 28 Tables Table 42-15 show ip ospf network - display description 42-46 Table 42-16 show ip ospf router - display description 42-47 Table 42-17 show ip ospf summary - display description 42-48 Table 42-18 show ip ospf interface - display description 42-49 Table 42-19 show ip ospf neighbor - display description 42-50...
Page 29 Figures Figure 3-1 Home Page Figure 3-2 Front Panel Indicators Figure 4-1 System Information Figure 4-2 Switch Information Figure 4-3 Displaying Bridge Extension Configuration Figure 4-4 IPv4 Interface Configuration - Manual Figure 4-5 Default Gateway Figure 4-6 IPv4 Interface Configuration - DHCP Figure 4-7 IPv6 Interface Configuration 4-14...
Page 30 Figures Figure 6-5 SSH Host-Key Settings 6-11 Figure 6-6 SSH User Public-Key Settings 6-13 Figure 6-7 SSH Server Settings 6-15 Figure 6-8 Port Security 6-17 Figure 6-9 802.1X Global Information 6-19 Figure 6-10 802.1X Global Configuration 6-20 Figure 6-11 802.1X Port Configuration 6-22 Figure 6-12 802.1X Port Statistics...
Page 31 Figures Figure 11-1 802.1Q Tunnel Status and Ethernet Type 11-16 Figure 11-2 Tunnel Port Configuration 11-18 Figure 11-8 Private VLAN Status 11-19 Figure 11-9 Private VLAN Link Status 11-19 Figure 11-10 Protocol VLAN Configuration 11-21 Figure 11-11 Protocol VLAN Port Configuration 11-22 Figure 12-4 LLDP Configuration...
Page 32 Figures Figure 19-2 IP Routing Interface 19-7 Figure 19-3 ARP General 19-10 Figure 19-4 ARP Static Addresses 19-11 Figure 19-5 ARP Dynamic Addresses 19-13 Figure 19-6 ARP Other Addresses 19-14 Figure 19-7 ARP Statistics 19-15 Figure 19-8 IP Statistics 19-17 Figure 19-9 ICMP Statistics 19-18...
Page 33: Section I: Getting Started
Section I: Getting Started This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. Introduction ..........1-1 Initial Configuration .
Page 34 Getting Started...
Page 35: Chapter 1: Introduction
Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
Page 36: Description Of Software Features
Introduction Table 1-1 Key Features (Continued) Feature Description Spanning Tree Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Algorithm Spanning Trees (MSTP) Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based, or private VLANs Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or Differentiated Services Code Point (DSCP), and TCP/UDP Port Qualify of Service Supports Differentiated Services (DiffServ)
Page 37 Description of Software Features Access Control Lists – ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.
Page 38 Introduction IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses. Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port.
Page 39 Description of Software Features • Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured. •...
Page 40 Introduction remote network, the switch checks to see if it has the best route. If it does, it sends its own MAC address to the host. The host then sends traffic for the remote destination via the switch, which uses its own routing table to reach the destination on the other network.
Page 41: System Defaults
System Defaults System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 4-24). The following table lists some of the basic system defaults. Table 1-2 System Defaults Function Parameter...
Page 42 Introduction Table 1-2 System Defaults (Continued) Function Parameter Default SNMP SNMP Agent Enabled Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: defaultview Group: public (read only); private (read/write) Port Configuration Admin Status Enabled Auto-negotiation Enabled...
Page 43 System Defaults Table 1-2 System Defaults (Continued) Function Parameter Default Traffic Prioritization Ingress Port Priority Queue Mode Weighted Round Robin Queue: 0 1 2 3 4 5 6 7 Weight: 1 2 4 6 8 10 12 14 IP Precedence Priority Disabled IP DSCP Priority Disabled...
Page 44 Introduction 1-10...
Page 45: Chapter 2: Initial Configuration
The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software such as SMC’s EliteView. The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions: •...
Page 46: Required Connections
Initial Configuration • Configure Spanning Tree parameters • Configure Class of Service (CoS) priority queuing • Configure up to 6 static or LACP trunks per switch, up to 32 per stack • Enable port mirroring • Set broadcast storm control on any port •...
Page 47: Remote Connections
Stack Operations Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. An IPv4 address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see "Setting an IP Address"...
Page 48: Selecting The Backup Unit
Initial Configuration - If Master/Slave push button is depressed on more than one unit, the system will select the unit with the lowest MAC address from those with the push button depressed as the stack Master. - If Master/Slave push button is not depressed on any unit, the system will select the unit with the lowest MAC address as the stack Master.
Page 49: Resilient Ip Interface For Management Access
Stack Operations two. The Stack Link LED on the unit that is no longer receiving traffic from the next unit up or down in the stack will begin flashing to indicate that the stack link is broken. When the stack fails, a Master unit is selected from the two stack segments, either the unit with the Master button depressed, or the unit with the lowest MAC address if the Master button is not depressed on any unit.
Page 50: Basic Configuration
Initial Configuration will operate in Special Stacking Mode in which all backup units are disabled as described below: • The master unit starts normal operation mode in standalone mode. • The master unit can see all units in the stack and maintain stack topology. •...
Page 51: Setting Passwords
Press <Enter>. Note: ‘0’ specifies a password in plain text, ‘7’ specifies a password in encrypted form. Username: admin Password: CLI session with the SMC TigerStack II 10/100/1000 SMC8926EM/ SMC8950EM is opened. To end the CLI session, enter [Exit]. 22-2...
Page 52: Manual Configuration
Initial Configuration Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment (if routing is not enabled on this switch). Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
Page 53 Basic Configuration the undefined fields. For detailed information on the other ways to assign IPv6 addresses, see "Setting the Switch’s IP Address (IP Version 6)" on page 4-9. Link Local Address — All link-local addresses must be configured with a prefix of FE80.
Page 54 Initial Configuration To generate an IPv6 global unicast address for the switch using a general network prefix, complete the following steps: From the Global Configuration mode prompt, type “ipv6 general prefix prefix-name ipv6-prefix/prefix-length,” where the “prefix-name” is a label identifying the network segment, “ipv6-prefix” specifies the high-order bits of the network address, and “prefix length”...
Page 55: Dynamic Configuration
Basic Configuration Dynamic Configuration Obtaining an IPv4 Address If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. Requests will be sent periodically in an effort to obtain IP configuration information.
Page 56 Initial Configuration Obtaining an IPv6 Address Link Local Address — There are several ways to dynamically configure IPv6 addresses. The simplest method is to automatically generate a “link local” address (identified by an address prefix of FE80). This address type makes the switch accessible over IPv6 for all devices attached to the same local subnet.
Page 57: Enabling Snmp Management Access
Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as SMC’s EliteView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.
Page 58: Trap Receivers
Initial Configuration The default strings are: • public - with read-only access. Authorized management stations are only able to retrieve MIB objects. • private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects. To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings.
Page 59: Configuring Access For Snmp Version 3 Clients
Managing System Files Configuring Access for SNMP Version 3 Clients To configure management access for SNMPv3 clients, you need to first create a view that defines the portions of MIB that the client can read or write, assign the view to a group, and then assign the user to a group.
Page 60: Saving Configuration Settings
Initial Configuration • Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test). Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows.
Page 61 Managing System Files To save the current configuration settings, enter the following command: From the Privileged Exec mode prompt, type “copy running-config startup-config” and press <Enter>. Enter the name of the start-up file. Press <Enter>. 23-11 Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.
Page 62 Initial Configuration 2-18...
Page 63: Section Ii: Switch Management
Section II: Switch Management This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser, and a brief example for the Command Line Interface. Configuring the Switch ......... 3-1 Basic Management Tasks .
Page 64 Switch Management...
Page 65: Chapter 3: Configuring The Switch
Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0.0.0, or more recent versions).
Page 66: Navigating The Web Browser Interface
Configuring the Switch Navigating the Web Browser Interface To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password “admin” is used for the administrator.
Page 67: Configuration Options
Navigating the Web Browser Interface Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.
Page 68: Main Menu
Configuring the Switch Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 3-2 Switch Main Menu Menu Description Page...
Page 69 Navigating the Web Browser Interface Table 3-2 Switch Main Menu (Continued) Menu Description Page SNTP Simple Network Time Protocol 4-36 Current Time Sets the time for the system clock 4-36 Configuration Configures SNTP client settings, including a list of servers 4-37 Time Zone Sets the local time zone for the system clock...
Page 70 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu Description Page IP Filter Configures IP addresses that are allowed management access 6-26 Port Port Information Displays port connection status Trunk Information Displays trunk connection status Port Configuration Configures port connection settings Trunk Configuration Configures trunk connection settings Trunk Membership...
Page 71 Navigating the Web Browser Interface Table 3-2 Switch Main Menu (Continued) Menu Description Page Port Configuration Configures individual port settings for STA 10-13 Trunk Configuration Configures individual trunk settings for STA 10-13 MSTP Multiple Spanning Tree Algorithm VLAN Configuration Configures priority and VLANs for a spanning tree instance 10-16 Port Information Displays port settings for a specified MST instance...
Page 72 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu Description Page LLDP Link Layer Discovery Protocol 12-1 Configuration Configures global LLDP timing parameters 12-1 Port Configuration Configures parameters for individual ports 12-3 Trunk Configuration Configures parameters for trunks 12-3 Local Information Displays LLDP information about the local device 12-5...
Page 73 Navigating the Web Browser Interface Table 3-2 Switch Main Menu (Continued) Menu Description Page IGMP Snooping Internet Group Management Protocol – Snooping 15-2 IGMP Configuration Enables multicast filtering; configures parameters for multicast 15-3 query IGMP Immediate Leave Configures immediate leave for multicast services no longer 15-5 required Multicast Router...
Page 74 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu Description Page Address Resolution Protocol 19-8 General Sets the protocol timeout, and enables or disables proxy ARP for 19-9 the specified VLAN Static Addresses Statically maps a physical address to an IP address 19-11 Dynamic Addresses Shows dynamically learned entries in the IP routing table...
Page 75 Navigating the Web Browser Interface Table 3-2 Switch Main Menu (Continued) Menu Description Page OSPF Open Shortest Path First 20-14 General Configuration Enables or disables OSPF; also configures the Router ID and 20-15 various other global settings Area Configuration Specifies rules for importing routes into each area 20-19 Area Range Configuration Configures route summaries to advertise at an area boundary...
Page 76 Configuring the Switch 3-12...
Page 77: Chapter 4: Basic Management Tasks
Chapter 4: Basic Management Tasks This chapter describes the basic functions required to set up management access to the switch, display or upgrade operating software, or reset the system. Displaying System Information You can easily identify the system by displaying the device name, location and contact information.
Page 78: Figure 4-1 System Information
Console(config)#snmp-server location WC 9 24-4 Console(config)#snmp-server contact Ted Console(config)#exit 23-7 Console#show system System Description: SMC TigerStack II 10/100/1000 SMC8926EM/SMC8950EM System OID String: 1.3.6.1.4.1.202.20.76 System Information System Up Time: 0 days, 1 hours, 28 minutes, and 0.51 seconds System Name: R&D 5...
Page 79: Displaying Switch Hardware/Software Versions
Displaying Switch Hardware/Software Versions Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. Field Attributes Main Board • Serial Number – The serial number of the switch. •...
Page 80: Displaying Bridge Extension Capabilities
Basic Management Tasks CLI – Use the following command to display version information. 23-8 Console#show version Unit 1 Serial Number: Hardware Version: EPLD Version: 1.06 Number of Ports: Main Power Status: Redundant Power Status: Not present Agent (Master) Unit ID: Loader Version: 1.1.0.2 Boot ROM Version:...
Page 81: Setting The Switch's Ip Address (Ip Version 4)
Setting the Switch’s IP Address (IP Version 4) Web – Click System, Bridge Extension. Figure 4-3 Displaying Bridge Extension Configuration CLI – Enter the following command. 34-2 Console#show bridge-ext Max support VLAN numbers: 4096 Max support VLAN ID: 4093 Extended multicast filtering services: No Static entry individual port: VLAN learning: Configurable PVID tagging:...
Page 82 Basic Management Tasks numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program. Command Usage • This section describes how to configure a single local interface for initial access to the stack. To configure multiple IP interfaces on this stack, you must set up an IP interface for each VLAN (page 19-4).
Page 83: Manual Configuration
Setting the Switch’s IP Address (IP Version 4) Manual Configuration Web – Click IP, General, Routing Interface. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” and specify a “Primary” interface. Enter the IP address, and subnet mask, then click Apply. Figure 4-4 IPv4 Interface Configuration - Manual Click IP, Global Setting.
Page 84: Using Dhcp/Bootp
Basic Management Tasks Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the stack to be dynamically configured by these services. Web – Click IP, General, Routing Interface. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes.
Page 85: Setting The Switch's Ip Address (Ip Version 6)
Setting the Switch’s IP Address (IP Version 6) Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the stack is moved to another network segment, you will lose management access to the stack. In this case, you can reboot the stack or submit a client request to restart DHCP service via the CLI.
Page 86 Basic Management Tasks • The switch must always be configured with a link-local address. Therefore any configuration process that enables IPv6 functionality, or assigns a global unicast address to the switch, will also automatically generate a link-local unicast address. The prefix length for a link-local address is fixed at 64 bits, and the host portion of the default address is based on the modified EUI-64 (Extended Universal Identifier) form of the interface identifier (i.e., the physical MAC address).
Page 87 Setting the Switch’s IP Address (IP Version 6) about the target address. If IP routing is disabled, you must define a gateway if the target device is located in a different subnet. - If routing is enabled, you can still define a static route using the IP / Routing / Static Routes screen (see page 19-21) to ensure that traffic to the designated address or subnet passes through a preferred gateway.
Page 88 Basic Management Tasks - A global unicast address can also be set by selecting a preconfigured general prefix for the network portion of the address from the Based on General Prefix scroll-down list and marking the check box next to this field to enable your choice (see "Configuring an IPv6 General Network Prefix"...
Page 89 Setting the Switch’s IP Address (IP Version 6) specification is designed for devices that use an extended 8-byte MAC address. For devices that still use a 6-byte MAC address (also known as EUI-48 format), it must be converted into EUI-64 format by inverting the universal/local bit in the address and inserting the hexadecimal number FFFE between the upper and lower three bytes of the MAC address.
Page 90: Figure 4-7 Ipv6 Interface Configuration
Basic Management Tasks Web – Click System, IPv6 Configuration, IPv6 Configuration. Set the IPv6 default gateway, specify the VLAN to configure, enable IPv6, and set the MTU. Then enter a global unicast or link-local address and click Add IPv6 Address. Figure 4-7 IPv6 Interface Configuration 4-14...
Page 91: Configuring An Ipv6 General Network Prefix
Setting the Switch’s IP Address (IP Version 6) CLI – This example configures an IPv6 gateway, specifies the management interface, configures a global unicast address, and then sets the MTU. Console#config 41-17 Console(config)#ipv6 default-gateway 2009:DB9:2229::240 41-8 Console(config)#ipv6 general-prefix rd 2009:DB9:2229::/48 27-1 Console(config)#interface vlan 1 41-9...
Page 92: Figure 4-8 Ipv6 General Prefix Configuration
Basic Management Tasks Follow the prefix by a forward slash and a decimal value indicating how many of the contiguous bits (from the left) of the address comprise the prefix (i.e., the network portion of the address). Web – Click System, IPv6 Configuration, IPv6 General Prefix. Click Add to open the editing fields for a prefix entry.
Page 93: Configuring Neighbor Detection Protocol And Static Entries
Setting the Switch’s IP Address (IP Version 6) Configuring Neighbor Detection Protocol and Static Entries IPv6 Neighbor Discovery Protocol supersedes IPv4 Address Resolution Protocol in IPv6 networks. IPv6 nodes on the same network segment use Neighbor Discovery to discover each other's presence, to determine each other's link-layer addresses, to find routers and to maintain reachability information about the paths to active neighbors.
Page 94 Basic Management Tasks - When a non-default value is configured, the specified interval is used both for router advertisements and by the router itself. Current Neighbor Cache Table • IPv6 Address – IPv6 address of neighbor device. • Age – The time since the address was verified as reachable (in minutes). A static entry is indicated by the value “Permanent.”...
Page 95: Figure 4-9 Ipv6 Neighbor Detection And Neighbor Cache
Setting the Switch’s IP Address (IP Version 6) Web – Click System, IPv6 Configuration, IPv6 ND Neighbor. To configure the Neighbor Detection protocol settings, select a VLAN interface, set the number of attempts allowed for duplicate address detection, set the interval for neighbor solicitation messages, and click Apply.
Page 96 Basic Management Tasks CLI – This example maps a static entry for a global unicast address to a MAC address. 27-1 Console(config)#interface vlan 1 41-27 Console(config-if)#ipv6 nd dad attempts 5 41-29 Console(config-if)#ipv6 nd ns-interval 30000 Console(config-if)#end Console#show ipv6 interface Vlan 1 is up IPv6 is enable.
Page 97: Configuring Support For Jumbo Frames
Configuring Support for Jumbo Frames Configuring Support for Jumbo Frames The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
Page 98: Downloading System Software From A Server
Basic Management Tasks • TFTP Server IP Address – The IP address of a TFTP server. • File Type – Specify opcode (operational code) to copy firmware. • File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch.
Page 99: Figure 4-12 Setting The Startup Code
Managing Firmware If you download to a new destination file, go to the File Management, Set Start-Up menu, mark the operation code file used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu. Figure 4-12 Setting the Startup Code To delete a file select System, File Management, Delete.
Page 100: Saving Or Restoring Configuration Settings
Basic Management Tasks To start the new firmware, enter the “reload” command or reboot the system. 23-11 Console#copy tftp file TFTP server ip address: 10.1.0.19 Choose file type: 1. config: 2. opcode: <1-2>: 2 Source file name: SMC8926_50EM_opcode_V1.1.4.0.BIX Destination file name: V1140 \Write to FLASH Programming.
Page 101: Downloading Configuration Settings From A Server
Saving or Restoring Configuration Settings Note: The maximum number of user-defined configuration files is limited only by available flash memory space. Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it.
Page 102: Console Port Settings
Basic Management Tasks CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. 23-11 Console#copy tftp startup-config TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.
Page 103: Figure 4-16 Configuring The Console Port
Console Port Settings • Parity – Defines the generation of a parity bit. Communication protocols provided by some terminals can require a specific parity bit setting. Specify Even, Odd, or None. (Default: None) • Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal).
Page 104: Telnet Settings
Basic Management Tasks CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level. 23-17 Console(config)#line console 23-18 Console(config-line)#login local 23-19 Console(config-line)#password 0 secret...
Page 105: Figure 4-17 Configuring The Telnet Interface
Telnet Settings • Password – Specifies a password for the line connection. When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. (Default: No password) •...
Page 106: Configuring Event Logging
Basic Management Tasks Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages. System Log Configuration The system allows you to enable or disable event logging, and specify which levels are logged to RAM or flash memory.
Page 107: Remote Log Configuration
Configuring Event Logging Web – Click System, Logs, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash memory, then click Apply. Figure 4-18 System Logs CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory.
Page 108: Figure 4-19 Remote Logs
Basic Management Tasks Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove. Figure 4-19 Remote Logs CLI –...
Page 109: Displaying Log Messages
Configuring Event Logging Displaying Log Messages Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.
Page 110: Figure 4-21 Enabling And Configuring Smtp Alerts
Basic Management Tasks configured email recipients. For example, using Level 7 will report all events from level 7 to level 0. (Default: Level 7) • SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other listed servers if the first fails.
Page 111: Renumbering The Stack
Renumbering the Stack CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the logging sendmail command to complete the configuration.
Page 112: Resetting The System
Basic Management Tasks Web – Click System, Renumbering. Figure 4-22 Renumbering the Stack CLI – This example renumbers all units in the stack. 23-2 Console#switch all renumber Console# Resetting the System Web – Click System, Reset. Click the Reset button to restart the switch. When prompted, confirm that you want reset the switch.
Page 113: Setting The Current Time
Setting the System Clock Setting the Current Time You can manually set the system clock if there is no time server on your network, or if you have not configured the switch to receive signals from a time server. Command Attributes •...
Page 114: Figure 4-25 Sntp Configuration
Basic Management Tasks Web – Select SNTP, Configuration. Modify any of the required SNTP parameters, and click Apply. To send an immediate request to the configured servers, click Update Time. Figure 4-25 SNTP Configuration CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings.
Page 115: Setting The Time Zone
Setting the System Clock Setting the Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
Page 116: Configuring Summer Time
Basic Management Tasks Configuring Summer Time Use the Summer Time page to set the system clock forward during the summer months (also known as daylight savings time). Command Usage In some countries or regions, clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less.
Page 117: Figure 4-27 Summer Time
Setting the System Clock Recurring Mode – Sets the start, end, and offset times of summer-time for the switch on a recurring basis. This mode sets the summer-time time zone relative to the currently configured time zone. To specify a time corresponding to your local time when summer-time is in effect, you must indicate the number of minutes your summer-time time zone deviates from your regular time zone.
Page 118 Basic Management Tasks 4-42...
Page 119: Chapter 5: Simple Network Management Protocol
This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using software such as SMC’s EliteView. Access to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings. To communicate with the switch, the management station must first submit a valid community string for authentication.
Page 120: Enabling The Snmp Agent
Simple Network Management Protocol Table 5-1 SNMPv3 Security Models and Levels Model Level Group Read View Write View Notify View Security noAuthNoPriv public defaultview none none Community string only (read only) noAuthNoPriv private defaultview defaultview none Community string only (read/write) noAuthNoPriv user defined user defined user defined user defined Community string only noAuthNoPriv public defaultview...
Page 121: Setting Community Access Strings
Setting Community Access Strings Setting Community Access Strings You may configure up to five community strings authorized for management access by clients using SNMP v1 and v2c. All community strings used for IP Trap Managers should be listed in this table. For security reasons, you should consider removing the default strings.
Page 122: Specifying Trap Managers And Trap Types
Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as SMC’s EliteView). You can specify up to five management stations that will receive authentication failure messages and other trap messages from the switch.
Page 123 Specifying Trap Managers and Trap Types Version 1 or 2c clients), or define a corresponding “User Name” in the SNMPv3 Users page (for Version 3 clients). (Range: 1-32 characters, case sensitive) • Trap UDP Port – Specifies the UDP port number used by the trap manager. •...
Page 124: Figure 5-3 Configuring Snmp Trap Managers
Simple Network Management Protocol Web – Click SNMP, Configuration. Enter the IP address and community string for each management station that will receive trap messages, specify the UDP port, SNMP trap version, trap security level (for v3 clients), trap inform settings (for v2c/v3 clients), and then click Add.
Page 125: Configuring Snmpv3 Management Access
Configuring SNMPv3 Management Access Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch, follow these steps: 1. If you want to change the default engine ID, do so before configuring other SNMP parameters. 2. Specify read and write access views for the switch MIB tree. 3.
Page 126: Specifying A Remote Engine Id
Simple Network Management Protocol Specifying a Remote Engine ID To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.
Page 127: Configuring Snmpv3 Users
Configuring SNMPv3 Management Access Configuring SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group. The SNMPv3 group restricts users to a specific read, write, or notify view. Command Attributes •...
Page 128: Figure 5-6 Configuring Snmpv3 Users
Simple Network Management Protocol Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
Page 129: Configuring Remote Snmpv3 Users
Configuring SNMPv3 Management Access Configuring Remote SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group. The SNMPv3 group restricts users to a specific read and a write view. To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides.
Page 130: Figure 5-7 Configuring Remote Snmpv3 Users
Simple Network Management Protocol Web – Click SNMP, SNMPv3, Remote Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.
Page 131: Configuring Snmpv3 Groups
Configuring SNMPv3 Management Access Configuring SNMPv3 Groups An SNMPv3 group sets the access policy for its assigned users, restricting them to specific read, write, and notify views. You can use the pre-defined default groups or create new groups to map a set of SNMP users to SNMP views. Command Attributes •...
Page 132: Table 5-2 Supported Notification Messages
Simple Network Management Protocol Table 5-2 Supported Notification Messages Object Label Object ID Description RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its election.
Page 133 Configuring SNMPv3 Management Access Table 5-2 Supported Notification Messages (Continued) Object Label Object ID Description Private Traps - swPowerStatus 1.3.6.1.4.1.202.20.76.2.1.0.1 This trap is sent when the power state changes. ChangeTrap swFanFailureTrap 1.3.6.1.4.1.202.20.76.2.1.0.17 This trap is sent when the fan fails. swFanRecoverTrap 1.3.6.1.4.1.202.20.76.2.1.0.18 This trap is sent when the fan failure has...
Page 134: Figure 5-8 Configuring Snmpv3 Groups
Simple Network Management Protocol Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a security model and level, and then select read, write, and notify views. Click Add to save the new group and return to the Groups list.
Page 135: Setting Snmpv3 Views
Configuring SNMPv3 Management Access Setting SNMPv3 Views SNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined view “defaultview” includes access to the entire MIB tree. Command Attributes • View Name – The name of the SNMP view. (Range: 1-32 characters) •...
Page 136 Simple Network Management Protocol CLI – Use the snmp-server view command to configure a new view. This example view includes the MIB-2 interfaces table, and the wildcard mask selects all index entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2.1.2.2.1.1.* 24-10 included Console(config)#exit 24-11 Console#show snmp view View Name: ifEntry.a Subtree OID: 1.3.6.1.2.1.2.2.1.1.*...
Page 137: Chapter 6: User Authentication
Chapter 6: User Authentication You can restrict management access to this switch and provide secure network access using the following options: • User Accounts – Manually configure management access rights for users. • Authentication Settings – Use remote authentication to configure access rights. •...
Page 138: Configuring Local/Remote Logon Authentication
User Authentication Web – Click Security, User Accounts. To configure a new user account, enter the user name, access level, and password, then click Add. To change the password for a specific user, enter the user name and new password, confirm the password by entering it again, then click Apply.
Page 139 Configuring Local/Remote Logon Authentication the network. An authentication server contains a database of multiple user name/ password pairs with associated privilege levels for each user that requires management access to the switch. RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport.
Page 140: Figure 6-2 Authentication Server Settings
User Authentication • TACACS Settings - Server IP Address – Address of the TACACS+ server. (Default: 10.11.12.13) - Server Port Number – Network (TCP) port of TACACS+ server used for authentication messages. (Range: 1-65535; Default: 49) - Secret Text String – Encryption key used to authenticate logon access for client.
Page 141: Configuring Https
Configuring HTTPS 25-8 Console#show radius-server Remote RADIUS server configuration: Global settings: Communication key with RADIUS server: ***** Server port number: Retransmit times: Request timeout: Server 1: Server IP address: 192.168.1.25 Communication key with RADIUS server: ***** Server port number: 181 Retransmit times: 5 Request timeout: 10 Console#config...
Page 142: Table 6-1 Https System Support
User Authentication • The following web browsers and operating systems currently support HTTPS: Table 6-1 HTTPS System Support Web Browser Operating System Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP Netscape 6.2 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP, Solaris 2.6 Mozilla Firefox 2.0.0.0 or later...
Page 143: Replacing The Default Secure-Site Certificate
Configuring HTTPS Replacing the Default Secure-site Certificate When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch. By default, the certificate that Netscape and Internet Explorer display will be associated with a warning that the site is not recognized as a secure site.
Page 144: Configuring The Secure Shell
User Authentication CLI – This example copies the certificate file from the designated TFTP server. 23-11 Console#copy tftp https-certificate TFTP server ip address: <server ip-address> Source certificate file name: <certificate file name> Source private file name: <private key file name> Private password: <password for private key>...
Page 145: Figure
Configuring the Secure Shell station and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the following example: 10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 76546801726272571413428762941301196195566782 59566410486957427888146206 519417467729848654686157177393901647793559423035774130980227370877945452 4083971752646358058176716709574804776117 3.
Page 146: Generating The Host Key Pair
User Authentication d. The client uses its private key to decrypt the challenge string, computes the MD5 checksum, and sends the checksum back to the switch. e. The switch compares the checksum sent from the client against that computed for the original string it sent. If the two checksums match, this means that the client's private key corresponds to an authorized public key, and the client is authenticated.
Page 147: Figure 6-5 Ssh Host-Key Settings
Configuring the Secure Shell Note: The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients. • Save Host-Key from Memory to Flash – Saves the host key from RAM (i.e., volatile memory to flash memory). Otherwise, the host key pair is stored to RAM by default.
Page 148: Importing User Public Keys
User Authentication CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys. 25-20 Console#ip ssh crypto host-key generate 25-21 Console#ip ssh save host-key 25-23 Console#show public-key host Host:...
Page 149: Figure 6-6 Ssh User Public-Key Settings
Configuring the Secure Shell • TFTP Server IP Address – The IP address of the TFTP server that contains the public key file you wish to import. (Default: 0.0.0.0) • Source File Name – The public key file to upload. •...
Page 150: Configuring The Ssh Server
User Authentication CLI – This example imports an SSHv2 DSA public key for the user admin and then displays admin’s imported public keys. Note that public key authentication through SSH is only supported for users configured locally on the switch. 23-11 Console#copy tftp public-key TFTP server IP address: 192.168.1.254...
Page 151: Figure 6-7 Ssh Server Settings
Configuring the Secure Shell • SSH Server-Key Size – Specifies the SSH server key size. (Range: 512-896 bits; Default: 768) - The server key is a private key that is never shared outside the switch. - The host key is shared with the SSH client, and is fixed at 1024 bits. Web –...
Page 152: Configuring Port Security
User Authentication Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
Page 153: Figure 6-8 Port Security
Configuring Port Security Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in the Status column to enable security for a port, set the maximum number of MAC addresses allowed on a port, and click Apply. Figure 6-8 Port Security CLI –...
Page 154: Configuring 802.1X Port Authentication
User Authentication Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 155: Displaying 802.1X Global Settings
Configuring 802.1X Port Authentication • The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support in Windows, otherwise the dot1x client must support it.) Displaying 802.1X Global Settings The 802.1X protocol provides port authentication. Command Attributes 802.1X System Authentication Control –...
Page 156: Configuring 802.1X Global Settings
User Authentication Configuring 802.1X Global Settings The 802.1X protocol provides port authentication. The 802.1X protocol must be enabled globally for the switch system before port settings are active. Command Attributes 802.1X System Authentication Control – Sets the global setting for 802.1X. (Default: Disabled) Web –...
Page 157 Configuring 802.1X Port Authentication • Max Count – The maximum number of hosts that can connect to a port when the operation mode is set to Multi-Host. (Range: 1-1024; Default: 5) • Mode – Sets the authentication mode to one of the following options: - Auto –...
Page 158: Figure 6-11 802.1X Port Configuration
User Authentication Web – Click Security, 802.1X, Port Configuration. Modify the parameters required, and click Apply. Figure 6-11 802.1X Port Configuration 6-22...
Page 159 Configuring 802.1X Port Authentication CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example, see "show dot1x" on page 25-32. 27-1 Console(config)#interface ethernet 1/2 25-28 Console(config-if)#dot1x port-control auto 25-30 Console(config-if)#dot1x re-authentication 25-27...
Page 160: Displaying 802.1X Statistics
User Authentication Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 6-2 802.1X Statistics Parameter Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator. Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator.
Page 161: Figure 6-12 802.1X Port Statistics
Configuring 802.1X Port Authentication Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. Figure 6-12 802.1X Port Statistics CLI – This example displays the dot1x statistics for port 4. 25-32 Console#show dot1x statistics interface ethernet 1/4 Eth 1/4...
Page 162: Filtering Ip Addresses For Management Access
User Authentication Filtering IP Addresses for Management Access You can create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet. Command Usage •...
Page 163: Figure 6-13 Ip Filter
Filtering IP Addresses for Management Access Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add IP Filtering Entry. Figure 6-13 IP Filter CLI – This example restricts management access for Telnet clients. 25-35 Console(config)#management telnet-client 192.168.1.19 Console(config)#management telnet-client 192.168.1.25 192.168.1.30...
Page 164 User Authentication 6-28...
Page 165: Chapter 7: Access Control Lists
Chapter 7: Access Control Lists Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames (based on address, next header type, or flow label), or any frames (based on MAC address or Ethernet type).
Page 166: Configuring A Standard Ipv4 Acl
Access Control Lists - IP Extended: IPv4 ACL mode that filters packets based on source or destination IPv4 address, as well as protocol type and protocol port number. If the “TCP” protocol is specified, then you can also filter packets based on the TCP control code.
Page 167: Configuring An Extended Ipv4 Acl
Configuring Access Control Lists Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Then click Add. Figure 7-2 ACL Configuration - Standard IPv4 CLI –...
Page 168 Access Control Lists • Source/Destination Port – Source/destination port number for the specified protocol type. (Range: 0-65535) • Source/Destination Port Bit Mask – Decimal number representing the port bits to match. (Range: 0-65535) • Control Code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header.
Page 169: Figure 7-3 Acl Configuration - Extended Ipv4
Configuring Access Control Lists Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 170: Configuring A Mac Acl
Access Control Lists Configuring a MAC ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destination Address Type – Use “Any” to include all possible addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an address range with the Address and Bitmask fields.
Page 171: Configuring A Standard Ipv6 Acl
Configuring Access Control Lists Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexidecimal bitmask for an address range.
Page 172: Configuring An Extended Ipv6 Acl
Access Control Lists • Source Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the prefix (i.e., the network portion of the address). Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IPv6-prefix).
Page 173 Configuring Access Control Lists • Destination Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the prefix (i.e., the network portion of the address). • Next Header – Identifies the type of header immediately following the IPv6 header. (Range: 0-255) Optional internet-layer information is encoded in separate headers that may be placed between the IPv6 header and the upper-layer header in a packet.
Page 174: Figure 7-6 Acl Configuration - Extended Ipv6
Access Control Lists Web – Specify the action (i.e., Permit or Deny). Select the address type (Any or IPv6-prefix). If you select “IPv6-prefix,” enter a subnet address and prefix length. Set any other required criteria, such as next header, DSCP, or flow label. Then click Add. Figure 7-6 ACL Configuration - Extended IPv6 CLI –...
Page 175: Binding A Port To An Access Control List
Binding a Port to an Access Control List Binding a Port to an Access Control List After configuring the Access Control Lists (ACL), you should bind them to the ports that need to filter traffic. You can only bind a port to one ACL for each basic type – IPv4 ingress, MAC ingress, and IPv6 ingress.
Page 176 Access Control Lists 7-12...
Page 177: Chapter 8: Port Configuration
Chapter 8: Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Field Attributes (Web) • Name – Interface label. •...
Page 178 Port Configuration Field Attributes (CLI) Basic information: • Port type – Indicates the port type. (1000BASE-T, SFP, or 10G) • MAC address – The physical layer address for this port. (To access this item on the web, see "Setting the Switch’s IP Address (IP Version 4)" on page 4-5.) Configuration: •...
Page 179: Configuring Interface Connections
Configuring Interface Connections CLI – This example shows the connection status for Port 5. 27-9 Console#show interfaces status ethernet 1/5 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-00-E3-11-10-15 Configuration: Name: Port admin: Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, 1000full Broadcast storm: Enabled Broadcast storm limit:...
Page 180: Figure
Port Configuration - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-duplex operation - 1000full - Supports 1 Gbps full-duplex operation - 10Gfull - Supports 10 Gbps full-duplex operation - Sym (Gigabit only) - Check this item to transmit and receive pause frames, or clear it to auto-negotiate the sender and receiver for asymmetric pause frames.
Page 181: Figure 8-2 Port - Port Configuration
Configuring Interface Connections Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. Figure 8-2 Port - Port Configuration CLI – Select the interface, and then enter the required settings. 27-1 Console(config)#interface ethernet 1/13 27-2 Console(config-if)#description RD SW#13 27-7...
Page 182: Creating Trunk Groups
Port Configuration Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices (i.e., single switch or a stack).
Page 183: Statically Configuring A Trunk
Creating Trunk Groups Statically Configuring a Trunk Command Usage • When configuring static trunks, you may not be statically able to link switches of different types, configured depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
Page 184: Enabling Lacp On Selected Ports
Port Configuration CLI – This example creates trunk 1 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to form a trunk. 27-1 Console(config)#interface port-channel 1 Console(config-if)#exit 27-1 Console(config)#interface ethernet 1/9 28-2 Console(config-if)#channel-group 1 Console(config-if)#exit Console(config)#interface ethernet 1/10...
Page 185: Figure 8-4 Lacp Trunk Configuration
Creating Trunk Groups • Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu (see page 8-7). Command Attributes • Member List (Current) – Shows configured trunks (Unit, Port). • New – Includes entry fields for creating new trunks. - Unit –...
Page 186: Configuring Lacp Parameters
Port Configuration CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk. 27-1 Console(config)#interface ethernet 1/1 28-3 Console(config-if)#lacp Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#lacp Console(config-if)#end 27-9 Console#show interfaces status port-channel 1...
Page 187: Figure 8-5 Lacp - Aggregation Port
Creating Trunk Groups - Ports must be configured with the same system priority to join the same LAG. - System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.
Page 188: Figure
Port Configuration CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the LAG, ports 9 and 10 are set to backup mode. 27-1 Console(config)#interface ethernet 1/1 28-4 Console(config-if)#lacp actor system-priority 3 28-5 Console(config-if)#lacp actor admin-key 120 28-6...
Page 189: Displaying Lacp Port Counters
Creating Trunk Groups Displaying LACP Port Counters You can display statistics for LACP protocol messages. Table 8-1 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received by this channel group. Marker Sent Number of valid Marker PDUs transmitted from this channel group.
Page 190: Displaying Lacp Settings And Status For The Local Side
Port Configuration Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation. Table 8-2 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Current administrative value of the key for the aggregation port.
Page 191: Figure 8-7 Lacp - Port Internal Information
Creating Trunk Groups Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information. Figure 8-7 LACP - Port Internal Information CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1. 28-7 Console#show lacp 1 internal Port channel: 1...
Page 192: Displaying Lacp Settings And Status For The Remote Side
Port Configuration Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Table 8-3 LACP Neighbor Configuration Information Field Description Partner Admin System ID LAG partner’s system ID assigned by the user.
Page 193: Setting Broadcast Storm Thresholds
Setting Broadcast Storm Thresholds CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. 28-7 Console#show lacp 1 neighbors Port channel 1 neighbors ------------------------------------------------------------------------- Eth 1/2 ------------------------------------------------------------------------- Partner Admin System ID: 32768, 00-00-00-00-00-00 Partner Oper System ID: 32768, 00-01-F4-78-AE-C0...
Page 194: Figure 8-9 Port Broadcast Control
Port Configuration Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the threshold, and click Apply. Figure 8-9 Port Broadcast Control CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2.
Page 195: Configuring Port Mirroring
Configuring Port Mirroring Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the Source Single source port in a completely unobtrusive manner.
Page 196: Configuring Rate Limits
Port Configuration CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port. Note that default mirroring under the CLI is for both received and transmitted packets. 27-1 Console(config)#interface ethernet 1/10 29-1 Console(config-if)#port monitor ethernet 1/13 Console(config-if)#...
Page 197: Figure 8-11 Rate Limit Configuration
Configuring Rate Limits Web - Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Set the Input Rate Limit Status or Output Rate Limit Status, then set the rate limit for the individual interfaces, and click Apply. Figure 8-11 Rate Limit Configuration CLI - This example sets the rate limit for input and output traffic passing through port 1 to 600 Mbps.
Page 198: Showing Port Statistics
Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC’s EliteView. Table 8-4 Port Statistics Parameter Description...
Page 199 Showing Port Statistics Table 8-4 Port Statistics (Continued) Parameter Description Transmit Discarded Packets The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space.
Page 200 Port Configuration Table 8-4 Port Statistics (Continued) Parameter Description Received Frames The total number of frames (bad, broadcast and multicast) received. Broadcast Frames The total number of good frames received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Frames The total number of good frames received that were directed to this multicast address.
Page 201: Figure 8-12 Port Statistics
Showing Port Statistics Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 8-12 Port Statistics 8-25...
Page 202 Port Configuration CLI – This example shows statistics for port 12. 27-10 Console#show interfaces counters ethernet 1/12 Ethernet 1/12 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 17027...
Page 203: Chapter 9: Address Table Settings
Chapter 9: Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 204: Displaying The Address Table
Address Table Settings Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. Figure 9-1 Static Addresses CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
Page 205: Figure 9-2 Dynamic Addresses
Displaying the Address Table Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query. Figure 9-2 Dynamic Addresses CLI –...
Page 206: Changing The Aging Time
Address Table Settings Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the aging function. • Aging Time – The time after which a learned entry is discarded. (Range: 10-1000000 seconds;...
Page 207: Chapter 10: Spanning Tree Algorithm
Chapter 10: Spanning Tree Algorithm The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
Page 208: Figure
Spanning Tree Algorithm MSTP – When using STP or RSTP, it may be difficult to maintain a stable path between all VLAN members. Frequent changes in the tree structure can easily isolate some of the group members. MSTP (which is based on RSTP for fast convergence) is designed to support independent spanning trees based on VLAN groups.
Page 209: Displaying Global Settings
Displaying Global Settings Displaying Global Settings You can display a summary of the current bridge STA information that applies to the entire switch using the STA Information screen. Field Attributes • Spanning Tree State – Shows if the switch is enabled to participate in an STA-compliant network.
Page 210: Figure 10-1 Sta Information
Spanning Tree Algorithm • Instance – Instance identifier of this spanning tree. (This is always 0 for the CIST.) • VLANs configuration – VLANs assigned to the CIST. • Priority – Bridge priority is used in selecting the root device, root port, and designated port.
Page 211 Displaying Global Settings CLI – This command displays global STA settings, followed by settings for each port. 33-18 Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning Tree Mode: RSTP Spanning Tree Enabled/Disabled: Enabled Instance: VLANs Configuration: 1-4093 Priority: 32768 Bridge Hello Time (sec.): Bridge Max Age (sec.): Bridge Forward Delay (sec.): Root Hello Time (sec.):...
Page 212: Configuring Global Settings
Spanning Tree Algorithm Configuring Global Settings Global settings apply to the entire switch. Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path between specific VLAN members may be inadvertently disabled to prevent network loops, thus isolating group members.
Page 213: Figure
Configuring Global Settings address will then become the root device. (Note that lower numeric values indicate higher priority.) • Default: 32768 • Range: 0-61440, in steps of 4096 • Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 Root Device Configuration •...
Page 214 Spanning Tree Algorithm Configuration Settings for MSTP • Max Instance Numbers – The maximum number of MSTP instances to which this switch can be assigned. (Default: 33) • Configuration Digest – An MD5 signature key that contains the VLAN ID to MST ID mapping table.
Page 215: Figure 10-2 Sta Global Configuration
Configuring Global Settings Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. Figure 10-2 STA Global Configuration 10-9...
Page 216: Displaying Interface Settings
Spanning Tree Algorithm CLI – This example enables Spanning Tree Protocol, sets the mode to MST, and then configures the STA and MSTP parameters. 33-2 Console(config)#spanning-tree 33-2 Console(config)#spanning-tree mode mstp 33-6 Console(config)#spanning-tree priority 40000 33-4 Console(config)#spanning-tree hello-time 5 33-5 Console(config)#spanning-tree max-age 38 33-4 Console(config)#spanning-tree forward-time 20 33-6...
Page 217 Displaying Interface Settings • Designated Port – The port priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree. • Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root which include this port.
Page 218: Figure 10-3 Sta Port Information
Spanning Tree Algorithm These additional parameters are only displayed for the CLI: • Admin status – Shows if this interface is enabled. • External path cost – The path cost for the IST. This parameter is used by the STA to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
Page 219: Configuring Interface Settings
Configuring Interface Settings CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 1/ 5 Information -------------------------------------------------------------- Admin Status: Enabled Role: disable State: discarding Admin Path Cost: Oper Path Cost: 10000 Priority: Designated Cost: Designated Port: 128.5 Designated Root: 32768.0000E3111010...
Page 220: Table 10-4 Recommended Sta Path Cost Range
Spanning Tree Algorithm The following interface attributes can be configured: • Spanning Tree – Enables/disables STA on this interface. (Default: Enabled) • Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 221: Figure 10-6 Sta Port Configuration
Configuring Interface Settings forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to initiate reconfiguration when the interface changes state, and also overcomes other STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device.
Page 222: Configuring Multiple Spanning Trees
Spanning Tree Algorithm Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 223: Figure 10-7 Mstp Vlan Configuration
Configuring Multiple Spanning Trees Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priority, and click Apply. To add the VLAN members to an MSTI instance, enter the instance identifier, the VLAN identifier, and click Add.
Page 224 Spanning Tree Algorithm --------------------------------------------------------------- 1/ 7 information --------------------------------------------------------------- Admin Status: Enabled Role: designate State: forwarding External Admin Path Cost: 0 Internal Admin Path Cost: 0 External Oper Path Cost: 10000 Internal Oper Path Cost: 10000 Priority: Designated Cost: Designated Port: 128.23 Designated Root: 32768.0000E3111010...
Page 225: Displaying Interface Settings For Mstp
Displaying Interface Settings for MSTP Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance. Field Attributes MST Instance ID – Instance identifier to configure. (Range: 0-4094; Default: 0) The other attributes are described under “Displaying Interface Settings,”...
Page 226: Configuring Interface Settings For Mstp
Spanning Tree Algorithm --------------------------------------------------------------- 1/ 1 information --------------------------------------------------------------- Admin Status: Enabled Role: designate State: forwarding External Admin Path Cost: 0 Internal Admin Path Cost: 0 External Oper Path Cost: 10000 Internal Oper Path Cost: 10000 Priority: Designated Cost: Designated Port: 128.2 Designated Root: 32768.0000E3111010...
Page 227: Table 10-9 Recommended Sta Path Cost Range
Configuring Interface Settings for MSTP Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled. • Default: 128 • Range: 0-240, in steps of 16 • Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices.
Page 228 Spanning Tree Algorithm CLI – This example sets the MSTP attributes for port 4. 27-1 Console(config)#interface ethernet 1/4 33-17 Console(config-if)#spanning-tree mst port-priority 0 33-16 Console(config-if)#spanning-tree mst cost 50 Console(config-if) 10-22...
Page 229: Chapter 11: Vlan Configuration
Chapter 11: VLAN Configuration IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks.
Page 230: Figure
VLAN Configuration Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. tagged frames VA: VLAN Aware VU: VLAN Unaware tagged untagged...
Page 231: Figure
IEEE 802.1Q VLANs these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine security boundaries in the network and disable GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from joining restricted VLANs.
Page 232: Enabling Or Disabling Gvrp (Global Setting)
VLAN Configuration Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network.
Page 233: Displaying Current Vlans
IEEE 802.1Q VLANs CLI – Enter the following command. 34-2 Console#show bridge-ext Max support VLAN numbers: 4096 Max support VLAN ID: 4093 Extended multicast filtering services: No Static entry individual port: VLAN learning: Configurable PVID tagging: Local VLAN capable: Traffic classes: Enabled Global GVRP status: Disabled...
Page 234: Creating Vlans
VLAN Configuration Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4093, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. •...
Page 235: Figure 11-4 Vlan Static List - Creating Vlans
IEEE 802.1Q VLANs • State (CLI) – Enables or disables the specified VLAN. - Active: VLAN is operational. - Suspend: VLAN is suspended; i.e., does not pass packets. • Add – Adds a new VLAN group to the current list. •...
Page 236: Adding Static Members To Vlans (Vlan Index)
VLAN Configuration Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol.
Page 237: Adding Static Members To Vlans (Port Index)
IEEE 802.1Q VLANs Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks.
Page 238: Configuring Vlan Behavior For Interfaces
VLAN Configuration interface as a tagged member, or click Remove to remove the interface. After configuring VLAN membership for each interface, click Apply. Figure 11-6 VLAN Static Membership by Port CLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Port 3 from VLAN 2.
Page 239 IEEE 802.1Q VLANs types, any received frames that are untagged are assigned to the default VLAN. (Option: All, Tagged; Default: All) • Ingress Filtering – Determines how to process frames tagged for VLANs for which the ingress port is not a member. (Default: Disabled) - Ingress filtering only affects tagged frames.
Page 240: Figure 11-7 Vlan Port Configuration
VLAN Configuration Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in the required settings for each interface, click Apply. Figure 11-7 VLAN Port Configuration CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
Page 241: Configuring Ieee 802.1Q Tunneling
Configuring IEEE 802.1Q Tunneling VLAN IDs to each customer would restrict customer configurations, require intensive processing of VLAN mapping tables, and could easily exceed the maximum VLAN limit of 4096. QinQ tunneling uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs.
Page 242 VLAN Configuration A QinQ tunnel port may receive either tagged or untagged packets. No matter how many tags the incoming packet has, it is treated as tagged packet. The ingress process does source and destination lookups. If both lookups are successful, the ingress process writes the packet to memory.
Page 243 Configuring IEEE 802.1Q Tunneling member of the outer VLAN of the incoming packets, the packet will be dropped when ingress filtering is enabled. If ingress filtering is not enabled, the packet will still be forwarded. If the VLAN is not listed in the VLAN table, the packet will be dropped.
Page 244: Enabling Qinq Tunneling On The Switch
VLAN Configuration Interface to a QinQ Tunnel" on page 11-17.) 3. Create a Service Provider VLAN, also referred to as an SPVLAN (see "Creating VLANs" on page 11-6). 4. Configure the QinQ tunnel access port to 802.1Q Tunnel mode (see "Adding an Interface to a QinQ Tunnel"...
Page 245: Adding An Interface To A Qinq Tunnel
Configuring IEEE 802.1Q Tunneling Web – Click VLAN, 802.1Q VLAN, 802.1Q Tunnel Configuration. Check the Enabled box, set the TPID of the ports if the client is using a non-standard ethertype to identify 802.1Q tagged frames, and click Apply. Figure 11-1 802.1Q Tunnel Status and Ethernet Type CLI –...
Page 246: Configuring Private Vlans
VLAN Configuration Web – Click VLAN, 802.1Q VLAN, 802.1Q Tunnel Configuration or Tunnel Trunk Configuration. Set the mode for a tunnel access port to 802.1Q Tunnel and a tunnel uplink port to 802.1Q Tunnel Uplink. Click Apply. Figure 11-2 Tunnel Port Configuration CLI –...
Page 247: Enabling Private Vlans
Configuring Private VLANs Enabling Private VLANs Use the Private VLAN Status page to enable/disable the Private VLAN function. Web – Click VLAN, Private VLAN, Status. Select Enable or Disable from the scroll-down box, and click Apply. Figure 11-8 Private VLAN Status CLI –...
Page 248: Configuring Protocol-Based Vlans
VLAN Configuration CLI – This configures port 3 as an uplink and port 5 and 6 as downlinks. 34-18 Console(config)#pvlan up-link ethernet 1/3 down-link ethernet 1/5 Console(config)#pvlan up-link ethernet 1/3 down-link ethernet 1/6 Console(config)#end Console#show pvlan Private VLAN status: Enabled Up-link port: Ethernet 1/3 Down-link port:...
Page 249: Mapping Protocols To Vlans
Configuring Protocol-Based VLANs • Protocol Type – The only option for the LLC_other frame type is IPX_raw. The options for all other frames types include: IP, IPv6, ARP, RARP, and user-defined (0801-FFFF hexadecimal). Web – Click VLAN, Protocol VLAN, Configuration. Enter a protocol group ID, frame type and protocol type, then click Apply.
Page 250: Figure 11-11 Protocol Vlan Port Configuration
VLAN Configuration Command Attributes • Interface – Port or trunk identifier. • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • VLAN ID – VLAN to which matching protocol traffic is forwarded. (Range: 1-4093) Web – Click VLAN, Protocol VLAN, Port Configuration. Select a a port or trunk, enter a protocol group ID, the corresponding VLAN ID, and click Apply.
Page 251: Chapter 12: Link Layer Discovery Protocol
Chapter 12: Link Layer Discovery Protocol Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
Page 252: Figure 12-4 Lldp Configuration
Link Layer Discovery Protocol • Reinitialization Delay – Configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes down. (Range: 1-10 seconds; Default: 2 seconds) When LLDP is re-initialized on a port, all information in the remote systems LLDP MIB associated with this port is deleted.
Page 253: Configuring Lldp Interface Attributes
Configuring LLDP Interface Attributes CLI – This example several attributes which control basic LLDP message timing. Console(config)#lldp 32-2 Console(config)#lldp refresh-interval 60 32-4 Console(config)#lldp holdtime-multiplier 10 32-3 Console(config)#lldp tx-delay 10 32-5 Console(config)#lldp reinit-delay 10 32-5 Console(config)#lldp notification-interval 30 32-3 Console(config)#exit Console#show lldp config LLDP Global Configuation LLDP Enable : Yes...
Page 254: Figure 12-5 Lldp Port Configuration
Link Layer Discovery Protocol - System Description – The system description is taken from the sysDescr object in RFC 3418, which includes the full name and version identification of the system's hardware type, software operating system, and networking software. - Management Address – The management address protocol packet includes the IPv4 address of the switch.
Page 255: Displaying Lldp Local Device Information
Displaying LLDP Local Device Information CLI – This example sets the interface to both transmit and receive LLDP messages, enables SNMP trap messages, and specifies the TLV parameters to advertise. Console(config)#interface ethernet 1/1 27-1 Console(config-if)#lldp tx-rx 32-6 Console(config-if)#lldp notification 32-6 Console(config-if)#lldp basic-tlv port-description 32-8 Console(config-if)#lldp basic-tlv system-description...
Page 256 Link Layer Discovery Protocol • System Capabilities Supported – The capabilities that define the primary function(s) of the system. Table 12-2 System Capabilities ID Basis Reference Other — Repeater IETF RFC 2108 Bridge IETF RFC 2674 WLAN Access Point IEEE 802.11 MIB Router IETF RFC 1812 Telephone...
Page 257: Figure 12-6 Lldp Local Device Information
LLDP Local System Information Chassis Type : MAC Address Chassis ID : 00-00-E3-11-10-10 System Name System Description : SMC TigerStack II 10/100/1000 SMC8926EM/SMC8950EM System Capabilities Support : Bridge System Capabilities Enable : Bridge Management Address : 192.168.0.101 (IPv4) LLDP Port Information...
Page 258: Displaying Lldp Remote Port Information
Link Layer Discovery Protocol This example displays detailed information for a specific port on the local switch. Console#show lldp info local-device ethernet 1/1 32-15 LLDP Port Information Detail Port : Eth 1/1 Port Type : MAC Address Port ID : 00-00-E3-11-10-10 Port Desc : Ethernet Port on unit 1, port 1 Console# Displaying LLDP Remote Port Information...
Page 259: Displaying Lldp Remote Information Details
Displaying LLDP Remote Information Details CLI – This example displays LLDP information for remote devices attached to this switch which are advertising information through LLDP. Console#show lldp info remote-device 32-16 LLDP Remote Devices Information Interface | ChassisId PortId SysName --------- + ----------------- ----------------- --------------------- Eth 1/1 | 00-01-02-03-04-05 00-01-02-03-04-06 Console#...
Page 260: Figure 12-8 Lldp Remote Information Details
Link Layer Discovery Protocol • System Description – A textual description of the network entity. • System Capabilities Supported – The capabilities that define the primary function(s) of the system. (See Table 12-2, "System Capabilities," on page 12-6.) • System Capabilities Enabled – The primary function(s) of the system which are currently enabled.
Page 261: Displaying Device Statistics
Displaying Device Statistics CLI – This example displays LLDP information for an LLDP-enabled remote device attached to a specific port this switch. Console#show lldp info remote-device detail ethernet 1/1 32-16 LLDP Remote Devices Information Detail --------------------------------------------------------------- Local PortName : Eth 1/1 Chassis Type : MAC Address Chassis Id...
Page 262: Figure 12-9 Lldp Device Statistics
Link Layer Discovery Protocol Web – Click LLDP, Device Statistics. Figure 12-9 LLDP Device Statistics CLI – This example displays LLDP statistics received from all LLDP-enabled remote devices connected directly to this switch. switch#show lldp info statistics 32-18 LLDP Device Statistics Neighbor Entries List Last Updated : 2450279 seconds New Neighbor Entries Count Neighbor Entries Deleted Count...
Page 263: Displaying Detailed Device Statistics
Displaying Detailed Device Statistics Displaying Detailed Device Statistics Use the LLDP Device Statistics Details screen to display detailed statistics for LLDP-capable devices attached to specific interfaces on the switch. Field Attributes • Frames Discarded – Number of frames discarded because they did not conform to the general validation rules as well as any specific usage rules defined for the particular TLV.
Page 264 Link Layer Discovery Protocol CLI – This example displays detailed LLDP statistics for an LLDP-enabled remote device attached to a specific port this switch. switch#show lldp info statistics detail ethernet 1/1 32-18 LLDP Port Statistics Detail PortName : Eth 1/1 Frames Discarded Frames Invalid Frames Received...
Page 265: Chapter 13: Class Of Service
Chapter 13: Class of Service Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 266: Figure 13-1 Default Port Priority
Class of Service Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. Figure 13-1 Default Port Priority CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface ethernet 1/3 27-1 Console(config-if)#switchport priority default 5...
Page 267: Mapping Cos Values To Egress Queues
Layer 2 Queue Settings Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p.
Page 268: Figure 13-2 Traffic Classes
Class of Service Web – Click Priority, Traffic Classes. Assign priorities to the traffic classes (i.e., output queues), then click Apply. Figure 13-2 Traffic Classes CLI – The following example shows how to change the CoS assignments to a one-to-one mapping. Console(config)#interface ethernet 1/1 27-1 Console(config)#queue cos-map 0 0...
Page 269: Selecting The Queue Mode
Layer 2 Queue Settings Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Page 270: Setting The Service Weight For Traffic Classes
Class of Service Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in "Mapping CoS Values to Egress Queues" on page 3, the traffic classes are mapped to one of the eight egress queues provided for each port.
Page 271: Layer 3/4 Priority Settings
Layer 3/4 Priority Settings CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 1 3 5 7 9 11 13 15 35-4 Console(config)#exit Console#show queue bandwidth 35-6 Information of Eth 1/1 Queue ID Weight --------...
Page 272: Mapping Ip Precedence
Class of Service Web – Click Priority, IP Precedence/DSCP Priority Status. Select Disabled, IP Precedence or IP DSCP from the scroll-down menu, then click Apply. Figure 13-5 IP Precedence/DSCP Priority Status CLI – The following example enables IP Precedence service on the switch. Console(config)#map ip precedence 35-8 Console(config)#...
Page 273: Figure 13-6 Ip Precedence Priority
Layer 3/4 Priority Settings Web – Click Priority, IP Precedence Priority. Select an entry from the IP Precedence Priority Table, enter a value in the Class of Service Value field, and then click Apply. Figure 13-6 IP Precedence Priority CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings.
Page 274: Mapping Dscp Priority
Class of Service Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping.
Page 275: Mapping Ip Port Priority
Layer 3/4 Priority Settings CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings. Console(config)#map ip dscp 35-10 27-1 Console(config)#interface ethernet 1/1 Console(config-if)#map ip dscp 1 cos 0 35-10...
Page 276: Figure 13-9 Ip Port Priority
Class of Service Click Priority, IP Port Priority. Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box, and then click Apply. Figure 13-9 IP Port Priority CLI –...
Page 277: Chapter 14: Quality Of Service
Chapter 14: Quality of Service The commands described in this section are used to configure Quality of Service (QoS) classification criteria and service policies. Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence, DSCP values, or VLAN lists.
Page 278: Configuring A Class Map
Quality of Service Configuring a Class Map A class map is used for matching packets to a specified class. Command Usage • To configure a Class Map, follow these steps: - Open the Class Map page, and click Add Class. - When the Class Configuration page opens, fill in the “Class Name”...
Page 279: Figure 14-1 Configuring Class Maps
Configuring Quality of Service Parameters • IP Precedence – An IP Precedence value. (Range: 0-7) • VLAN – A VLAN. (Range:1-4093) • IPv6 DSCP – A DSCP value contained in an IPv6 packet. (Range: 0-63) • Add – Adds specified criteria to the class. Up to 16 items are permitted per class. •...
Page 280: Creating Qos Policies
Quality of Service CLI - This example creates a class map call “rd-class,” and sets it to match packets marked for DSCP service value 3. 36-2 Console(config)#class-map rd_class match-any 36-3 Console(config-cmap)#match ip dscp 3 Console(config-cmap)# Creating QoS Policies This function creates a policy map that can be attached to multiple interfaces. Command Usage •...
Page 281 Configuring Quality of Service Parameters • Add Policy – Opens the “Policy Configuration” page. Enter a policy name and description on this page, and click Add to open the “Policy Rule Settings” page. Enter the criteria used to service ingress traffic on this page. •...
Page 282: Figure 14-2 Configuring Policy Maps
Quality of Service Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. To configure the policy rule settings click Edit Classes. Figure 14-2 Configuring Policy Maps 14-6...
Page 283: Attaching A Policy Map To Ingress Queues
Configuring Quality of Service Parameters CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps, and the response to reduce the DSCP value for violating packets to 0. 36-5 Console(config)#policy-map rd_policy#3 36-5...
Page 284 Quality of Service 14-8...
Page 285: Chapter 15: Multicast Filtering
Chapter 15: Multicast Filtering Multicasting is used to support real-time Unicast applications such as videoconferencing or Flow streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/ router.
Page 286: Layer 2 Igmp (Snooping And Query)
Multicast Filtering Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If multicast routing is not supported on other switches in your network, you can use IGMP Snooping and IGMP Query (page 15-3) to monitor IGMP service requests passing between multicast clients and servers, and dynamically configure the switch ports which need to forward multicast traffic.
Page 287: Configuring Igmp Snooping And Query Parameters
Layer 2 IGMP (Snooping and Query) Static IGMP Host Interface – For multicast applications that you need to control more carefully, you can manually assign a multicast service to specific interfaces on the switch (page 15-9). Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently.
Page 288: Figure 15-1 Igmp Configuration
Multicast Filtering • IGMP Query Timeout — The time the switch waits after the previous querier stops before it considers the router port (i.e., the interface which had been receiving query packets) to have expired. (Range: 300-500 seconds, Default: 300) •...
Page 289: Enabling Igmp Immediate Leave
Layer 2 IGMP (Snooping and Query) Enabling IGMP Immediate Leave The switch can be configured to immediately delete a member port of a multicast service if a leave packet is received at that port and the immediate-leave function is enabled for the parent VLAN. This allows the switch to remove a port from the multicast forwarding table without first having to send an IGMP group-specific query to that interface.
Page 290: Displaying Interfaces Attached To A Multicast Router
Multicast Filtering CLI – This example enables IGMP immediate leave for VLAN 1 and then displays the current IGMP snooping status. Console(config)#interface vlan 1 Console(config-if)#ip igmp snooping immediate-leave 37-3 Console(config-if)#end Console#show ip igmp snooping 37-4 Service Status: Enabled Querier Status: Disabled Leave proxy status: Enabled...
Page 291: Specifying Static Interfaces For A Multicast Router
Layer 2 IGMP (Snooping and Query) CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router. 37-10 Console#show ip igmp snooping mrouter vlan 1 VLAN M'cast Router Port Type ---- ------------------ ------- Eth 1/11 Static Console# Specifying Static Interfaces for a Multicast Router...
Page 292: Displaying Port Members Of Multicast Services
Multicast Filtering Displaying Port Members of Multicast Services You can display the port members associated with a specified VLAN and multicast service. Command Attribute • VLAN ID – Selects the VLAN for which to display port members. (Range: 1-4093) • Multicast IP Address – The IP address for a specific multicast service. •...
Page 293: Assigning Ports To Multicast Services
Layer 2 IGMP (Snooping and Query) Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in "Configuring IGMP Snooping and Query Parameters" on page 15-3. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch.
Page 294 Multicast Filtering 15-10...
Page 295: Chapter 16: Domain Name Service
Chapter 16: Domain Name Service The Domain Naming System (DNS) service on this switch allows host names to be mapped to IP addresses using static table entries or by redirection to other name servers on the network. When a client device designates this switch as a DNS server, the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the switch, and waiting for a response.
Page 296: Figure 16-1 Dns General Configuration
Domain Name Service Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name servers to use to use for address resolution, enable domain lookup status, and click Apply. Figure 16-1 DNS General Configuration CLI - This example sets a default domain name and a domain list.
Page 297: Configuring Static Dns Host To Address Entries
Configuring Static DNS Host to Address Entries Configuring Static DNS Host to Address Entries You can manually configure static entries in the DNS table that are used to map domain names to IP addresses. Command Usage • Static entries may be used for local devices connected directly to the attached network, or for commonly used resources located elsewhere on the network.
Page 298: Figure 16-2 Dns Static Host Table
Domain Name Service Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. Figure 16-2 DNS Static Host Table CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses.
Page 299: Displaying The Dns Cache
Displaying the DNS Cache Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore unreliable. •...
Page 300 Domain Name Service 16-6...
Page 301: Chapter 17: Dynamic Host Configuration Protocol
Chapter 17: Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients when they boot up. If a subnet does not already include a BOOTP or DHCP server, you can relay DHCP client requests to a DHCP server on another subnet, or configure the DHCP server on this switch to support that subnet.
Page 302: Configuring The Dhcp Server
Dynamic Host Configuration Protocol Web – Click DHCP, Relay Configuration. Enter up to five IP addresses for any VLAN, then click Restart DHCP Relay to start the relay service. Figure 17-1 DHCP Relay Configuration CLI – This example specifies one DHCP relay server for VLAN 1, and enables the relay service.
Page 303: Enabling The Server, Setting Excluded Addresses
Configuring the DHCP Server Command Usage • First configure any excluded addresses, including the address for this switch. • Then configure address pools for the network interfaces. You can configure up to 8 network address pools. You can also manually bind an address to a specific client if required.
Page 304: Configuring Address Pools
Dynamic Host Configuration Protocol CLI – This example enables the DHCP and sets an excluded address range. Console(config)#service dhcp 39-5 Console(config)#ip dhcp excluded-address 10.1.0.250 10.1.0.254 39-6 Console# Configuring Address Pools You must configure IP address pools for each IP interface that will provide addresses to attached clients via the DHCP server.
Page 305 Configuring the DHCP Server • Configure – Click this button to configure the corresponding address pool. Setting the Network Parameters • IP – The IP address of the DHCP address pool. • Subnet Mask – The bit combination that identifies the network (or subnet) and the host portion of the DHCP address pool.
Page 306: Figure 17-3 Dhcp Server Pool Configuration
Dynamic Host Configuration Protocol Examples Creating a New Address Pool Web – Click DHCP, Server, Pool Configuration. Specify a pool name, then click Add. Figure 17-3 DHCP Server Pool Configuration CLI – This example adds an address pool and enters DHCP pool configuration mode.
Page 307: Figure 17-4 Dhcp Server Pool - Network Configuration
Configuring the DHCP Server Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as gateway server and DNS server.
Page 308: Figure 17-5 Dhcp Server Pool - Host Configuration
Dynamic Host Configuration Protocol Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server.
Page 309: Displaying Address Bindings
Configuring the DHCP Server Displaying Address Bindings You can display the host devices which have acquired an IP address from this switch’s DHCP server. Command Attributes • IP Address – IP address assigned to host. • Mac Address – MAC address of host. •...
Page 310 Dynamic Host Configuration Protocol 17-10...
Page 311: Chapter 18: Configuring Router Redundancy
Chapter 18: Configuring Router Redundancy Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load. The primary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down.
Page 312: Virtual Router Redundancy Protocol
Configuring Router Redundancy • Several virtual master routers configured for mutual backup and load sharing. Load sharing can be accomplished by assigning a subset of addresses to different host address pools using the DHCP server. (See 'Configuring Address Pools" on page 17-4.) Router 1 Router 2...
Page 313 Virtual Router Redundancy Protocol where the configured priority is the same on several group members, then the master router with the highest IP address is selected from this group. • If you have multiple secondary addresses configured on the current VLAN interface, you can add any of these addresses to the virtual router group.
Page 314 Configuring Router Redundancy Command Attributes (VRRP Group Configuration Detail) • Associated IP Table – IP interfaces associated with this virtual router group. • Associated IP – IP address of the virtual router, or secondary IP addresses assigned to the current VLAN interface that are supported by this VRRP group. If this address matches a real interface on this switch, then this interface will become the virtual master router for this VRRP group.
Page 315: Figure 18-1 Vrrp Group Configuration
Virtual Router Redundancy Protocol Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add. Figure 18-1 VRRP Group Configuration 18-5...
Page 316: Figure 18-2 Vrrp Group Configuration Detail
Configuring Router Redundancy Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real interface on this router to make it the master virtual router for the group. Otherwise, enter the virtual address for an existing group to make it a backup router, or to compete as the master based on configured priority if no other members are set as the owner of the group address.
Page 317: Displaying Vrrp Global Statistics
Virtual Router Redundancy Protocol CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface address for the selected VLAN to the virtual IP address. It then adds a secondary IP address to the VRRP group, sets all of the other VRRP parameters, and then displays the configured settings.
Page 318: Displaying Vrrp Group Statistics
Configuring Router Redundancy CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch. Console#show vrrp router counters 40-9 VRRP Packets with Invalid Checksum : 0 VRRP Packets with Unknown Error VRRP Packets with Invalid VRID Console# Displaying VRRP Group Statistics The VRRP Group Statistics page displays counters for VRRP protocol events and...
Page 319: Figure 18-4 Vrrp Group Statistics
Virtual Router Redundancy Protocol Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group. Figure 18-4 VRRP Group Statistics CLI – This example displays VRRP protocol statistics for group 1, VLAN 1. Console#show vrrp 1 interface vlan 1 counters 40-9 Total Number of Times Transitioned to MASTER Total Number of Received Advertisements Packets...
Page 320 Configuring Router Redundancy 18-10...
Page 321: Chapter 19: Ip Routing
Chapter 19: IP Routing Overview This switch supports IP routing and routing path management via static routing definitions (page 19-21) and dynamic routing protocols such as RIP or OSPF (page 20-2 or 20-14, respectively). When IP routing is enabled (page 19-4), this switch acts as a wire-speed router, passing traffic between VLANs with different IP interfaces, and routing traffic to external IP networks.
Page 322: Ip Switching
IP Routing Each VLAN represents a virtual interface to Layer 3. You just need to provide the network address for each virtual interface, and the traffic between different subnetworks will be routed by Layer 3 switching. Inter-subnet traffic (Layer 3 switching) Routing Untagged Untagged...
Page 323: Routing Path Management
IP Switching not included on this switch, then the packet should be sent to the next hop router (with the MAC address of the router itself used as the destination MAC address, and the destination IP address of the destination node). The router will then forward the packet to the destination node through the correct path.
Page 324: Routing Protocols
IP Routing Routing Protocols The switch supports both static and dynamic routing. • Static routing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch. • Dynamic routing uses a routing protocol to exchange routing information, calculate routing tables, and respond to changes in the status or loading of the network.
Page 325: Configuring Ip Routing Interfaces
Configuring IP Routing Interfaces Web - Click IP, General, Global Settings. Set IP Routing Status to Disabled to restrict operation to Layer 2, or Enabled to allow multilayer switching, specify the default gateway which will be forwarded packets for all unknown subnets, and click Apply. Figure 19-1 IP Global Settings CLI - This example enables IP routing, and sets the default gateway.
Page 326 IP Routing • Before you configure any network interfaces on this router, you should first create a VLAN for each unique user group, or for each network application and its associated users. Then assign the ports associated with each of these VLANs. •...
Page 327: Figure 19-2 Ip Routing Interface
Configuring IP Routing Interfaces Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First specify a primary address, and click Set IP Configuration. If you need to assign secondary addresses, enter these addresses one at a time, and click Set IP Configuration after entering each address.
Page 328: Address Resolution Protocol
IP Routing Address Resolution Protocol If IP routing is enabled (page 19-4), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next. ARP is used to map an IP address to a physical layer (i.e., MAC) address.
Page 329: Basic Arp Configuration
Address Resolution Protocol Basic ARP Configuration You can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to enable Proxy ARP for specific VLAN interfaces. Command Usage Proxy ARP When a node in the attached subnetwork does not have routing or a default gateway configured, Proxy ARP can be used to forward ARP requests to a remote subnetwork.
Page 330: Figure 19-3 Arp General
IP Routing Web - Click IP, ARP, General. Set the timeout to a suitable value for the ARP cache, enable Proxy ARP for subnetworks that do not have routing or a default gateway, and click Apply. Figure 19-3 ARP General CLI - This example sets the ARP cache timeout for 15 minutes (i.e., 900 seconds), and enables Proxy ARP for VLAN 3.
Page 331: Configuring Static Arp Addresses
Address Resolution Protocol Configuring Static ARP Addresses For devices that do not respond to ARP requests or do not respond in a timely manner, traffic will be dropped because the IP address cannot be mapped to a physical address. If this occurs, you can manually map an IP address to the corresponding physical address in the ARP cache.
Page 332: Displaying Dynamically Learned Arp Entries
IP Routing CLI - This example sets a static entry for the ARP cache. Console(config)#arp 10.1.0.11 00-11-22-33-44-55 41-32 Console(config)#exit Console#show arp Arp cache timeout: 1200 (seconds) IP Address MAC Address Type Interface --------------- ----------------- --------- ----------- 192.168.0.4 00-E0-29-94-34-1C dynamic 10.1.0.11 00-11-22-33-44-55 static Total entry : 2 Console(config)#...
Page 333: Displaying Local Arp Entries
Address Resolution Protocol Web - Click IP, ARP, Dynamic Addresses. You can use the buttons provided to change a dynamic entry to a static entry, or to clear all dynamic entries in the cache. Figure 19-5 ARP Dynamic Addresses CLI - This example shows all entries in the ARP cache. Console#show arp 41-34 Arp cache timeout: 1200 (seconds)
Page 334: Displaying Arp Statistics
IP Routing Web - Click IP, ARP, Other Addresses. Figure 19-6 ARP Other Addresses CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache. Console#show arp 41-34 Arp cache timeout: 1200 (seconds) IP Address MAC Address Type...
Page 335: Figure 19-7 Arp Statistics
Address Resolution Protocol Web - Click IP, ARP, Statistics. Figure 19-7 ARP Statistics CLI - This example provides detailed statistics on common IP-related protocols. Console#show ip traffic 42-5 IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent:...
Page 336: Displaying Statistics For Ip Protocols
IP Routing Displaying Statistics for IP Protocols IP Statistics The Internet Protocol (IP) provides a mechanism for transmitting blocks of data (often called packets or frames) from a source to a destination, where these network devices (i.e., hosts) are identified by fixed length addresses. The Internet Protocol also provides for fragmentation and reassembly of long packets, if necessary, for transmission through “small packet”...
Page 337: Icmp Statistics
Displaying Statistics for IP Protocols Table 19-3 IP Statistics (Continued) Parameter Description Routing Discards The number of routing entries which were chosen to be discarded even though they are valid. One possible reason for discarding such an entry could be to free-up buffer space for other routing entries. Reassembly Successful The number of datagrams successfully re-assembled.
Page 338: Figure 19-9 Icmp Statistics
IP Routing Table 19-4 ICMP Statistics (Continued) Parameter Description Destination Unreachable The number of ICMP Destination Unreachable messages received/sent. Time Exceeded The number of ICMP Time Exceeded messages received/sent. Parameter Problems The number of ICMP Parameter Problem messages received/sent. Source Quenches The number of ICMP Source Quench messages received/sent.
Page 339: Udp Statistics
Displaying Statistics for IP Protocols UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets.
Page 340: Tcp Statistics
IP Routing TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols. Table 19-6 TCP Statistics Parameter Description Segments Received The total number of segments received, including those received in error.
Page 341: Configuring Static Routes
Configuring Static Routes Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF). However, you can also manually enter static routes in the routing table. Static routes may be required to access network segments where dynamic routing is not supported, or can be set to force the use of a specific route to a subnet, rather than using dynamic routing.
Page 342: Displaying The Routing Table
IP Routing Web - Click IP, Routing, Static Routes. Figure 19-12 IP Static Routes CLI - This example forwards all traffic for subnet 192.168.1.0 to the router 192.168.5.254, using the default metric of 1. Console(config)#ip route 192.168.1.0 255.255.255.0 192.168.5.254 42-2 Console(config)# Displaying the Routing Table You can display all the routes that can be accessed via the local network interfaces,...
Page 343: Figure 19-13 Ip Routing Table
Displaying the Routing Table Web - Click IP, Routing, Routing Table. Figure 19-13 IP Routing Table CLI - This example shows routes obtained from various methods. Console#show ip route 42-3 Ip Address Netmask Next Hop Protocol Metric Interface --------------- --------------- --------------- -------- ------ --------- 0.0.0.0 0.0.0.0 10.1.0.254...
Page 344 IP Routing 19-24...
Page 345: Chapter 20: Unicast Routing
Chapter 20: Unicast Routing This switch can route unicast traffic to different subnetworks using the Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) protocol. It supports RIP, RIP-2 or OSPFv2 dynamic routing. These protocols exchange routing information, calculate routing tables, and can respond to changes in the status or loading of the network.
Page 346: Configuring The Routing Information Protocol
Unicast Routing Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost.
Page 347: Configuring General Protocol Settings
Configuring the Routing Information Protocol Configuring General Protocol Settings RIP is used to specify how routers exchange routing information. When RIP is enabled on this router, it sends RIP messages to all devices in the network every 30 seconds (by default), and updates its own routing table when RIP messages are received from other routers.
Page 348: Figure 20-1 Rip General Settings
Unicast Routing Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset interfaces to RIPv1 or RIPv2, set the basic update timer, and then click Apply. Figure 20-1 RIP General Settings CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds.
Page 349: Specifying Network Interfaces For Rip
Configuring the Routing Information Protocol Specifying Network Interfaces for RIP You must specify network interfaces that will be included in the RIP routing process. Command Usage • RIP only sends updates to interfaces specified by this command. Command Attributes • Subnet Address – IP address of a network directly connected to this router. Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address.
Page 350: Configuring Network Interfaces For Rip
Unicast Routing Configuring Network Interfaces for RIP For each interface that participates in the RIP routing process, you must specify the protocol message type accepted (i.e., RIP version) and the message type sent (i.e., RIP version or compatibility mode), the method for preventing loopback of protocol messages, and whether or not authentication is used (i.e., authentication only applies if RIPv2 messages are being sent or received).
Page 351 Configuring the Routing Information Protocol Protocol Message Authentication RIPv1 is not a secure protocol. Any device sending protocol messages from UDP port 520 will be considered a router by its neighbors. Malicious or unwanted protocol messages can be easily propagated throughout the network if no authentication is required.
Page 352: Figure 20-3 Rip Interface Settings
Unicast Routing • Authentication Type – Specifies whether or not authentication is required for exchanging protocol messages. (Default: No Authentication) - No Authentication: No authentication is required. - Simple Password: Requires the interface to exchange routing information with other routers based on an authorized password. (Note that authentication only applies to RIPv2.) - MD5: Message Digest 5 (MD5) authentication.
Page 353: Redistributing Routing Information From Other Domains
Configuring the Routing Information Protocol Redistributing Routing Information from Other Domains RIP can be configured to import external routing information from other routing domains (that is, protocols or static routes) into the autonomous system. Command Attributes • Redistribute Protocol – Only static routes can be imported into this routing domain.
Page 354: Figure 20-4 Rip Redistribution Configuration
Unicast Routing Web - Click Routing Protocol, RIP, Redistribute Configuration. Enter the redistribution metric for static routes, and click Set. Figure 20-4 RIP Redistribution Configuration CLI - This example redistributes static routes and sets the metric for all of these routes to a value of 3.
Page 355: Displaying Rip Information And Statistics
Configuring the Routing Information Protocol Displaying RIP Information and Statistics You can display basic information about the current global configuration settings for RIP, statistics about route changes and queries, information about the interfaces on this router that are using RIP, and information about known RIP peer devices. Table 20-1 RIP Information and Statistics Parameter Description...
Page 356: Figure 20-5 Rip Statistics
Unicast Routing Web - Click Routing Protocol, RIP, Statistics. Figure 20-5 RIP Statistics 20-12...
Page 357 Configuring the Routing Information Protocol CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the following commands. Console#show rip globals 42-16 RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration...
Page 358: Configuring The Open Shortest Path First Protocol
Unicast Routing Configuring the Open Shortest Path First Protocol Open Shortest Path First (OSPF) is more suited for large area networks which experience frequent changes in the links. It also handles subnets much better than RIP. OSPF protocol actively tests the status of each link to its neighbors to generate a shortest path tree, and builds a routing table based on this information.
Page 359: Configuring General Protocol Settings
Configuring the Open Shortest Path First Protocol • OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of a point-to-multipoint interface which allows OSPF to run over non-broadcast networks, as well as support for overlapping area ranges.
Page 360 Unicast Routing • Area Border Router – Indicates if this router connects directly to networks in two or more areas. An area border router runs a separate copy of the Shortest Path First area, backbone stub, algorithm, maintaining a separate routing NSSA database for each area.
Page 361 Configuring the Open Shortest Path First Protocol • Advertise Default Route – The router can advertise a default external route into the autonomous system (AS). (Options: NotAlways, Always; Default: NotAlways) • Always – The router will advertise itself as a default external route for the local AS, even if a default external route does not actually exist.
Page 362: Figure 20-6 Ospf General Configuration
Unicast Routing Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. Figure 20-6 OSPF General Configuration CLI - This example configures the router with the same settings as shown in the screen capture for the web interface.
Page 363: Configuring Ospf Areas
Configuring the Open Shortest Path First Protocol Configuring OSPF Areas OSPF protocol broadcast messages (that is, Link State Advertisements or LSAs) are restricted by area to limit their impact on network performance. A large network should be split up into separate OSPF areas to increase network stability, and to reduce protocol traffic by summarizing routing information into more compact messages.
Page 364 Unicast Routing NSSA – A not-so-stubby area (NSSA) can be configured to control the use of default routes for Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs), or external routes learned from other routing domains and imported through an ABR. An NSSA is similar to a stub.
Page 365 Configuring the Open Shortest Path First Protocol Command Usage • Before you create the backbone, a stub or NSSA, first specify the address range for the area using the Network Area Address Configuration screen (page 20-31). • Stubs and NSSAs cannot be used as a transit area, and should therefore be placed at the edge of the routing domain.
Page 366: Figure 20-7 Ospf Area Configuration
Unicast Routing Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. Figure 20-7 OSPF Area Configuration CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub, and area 0.0.0.3 as an NSSA.
Page 367: Configuring Area Ranges (Route Summarization For Abrs)
Configuring the Open Shortest Path First Protocol Console#show ip ospf 42-39 Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB) Number of interfaces in this area is 1...
Page 368: Figure 20-8 Ospf Range Configuration
Unicast Routing Note: This router supports up 64 summary routes for area ranges. Web - Click Routing Protocol, OSPF, Area Range Configuration. Specify the area identifier, the base address and network mask, select whether or not to advertise the summary route to other areas, and then click Apply. Figure 20-8 OSPF Range Configuration CLI - This example summarizes all the routes for area 1.
Page 369: Configuring Ospf Interfaces
Configuring the Open Shortest Path First Protocol Configuring OSPF Interfaces You should specify a routing interface for any local subnet that needs to communicate with other network segments located on this router or elsewhere in the network. First configure a VLAN for each subnet that will be directly connected to this router, assign IP interfaces to each VLAN (i.e., one primary interface and one or more secondary interfaces), and then use the OSPF / Network Area Address Configuration page to assign an interface address range to an OSPF area.
Page 370 Unicast Routing estimating this delay. Set the transmit delay according to link speed, using larger values for lower-speed links. If this delay is not added, the time required to transmit an LSA over the link is not taken into consideration by the routing process. On slow links, the router may send packets more quickly than devices can receive them.
Page 371 Configuring the Open Shortest Path First Protocol When using simple password authentication, a password is included in the packet. If it does not match the password configured on the receiving router, the packet is discarded. This method provides very little security as it is possible to learn the authentication key by snooping on routing protocol packets.
Page 372: Figure 20-9 Ospf Interface Configuration
Unicast Routing Web - Click Routing Protocol, OSPF, Interface Configuration. Select the required interface from the scroll-down box, and click Detailed Settings. Figure 20-9 OSPF Interface Configuration Change any of the interface-specific protocol parameters, and then click Apply. Figure 20-10 OSPF Interface Configuration - Detailed 20-28...
Page 373: Configuring Virtual Links
Configuring the Open Shortest Path First Protocol CLI - This example configures the interface parameters for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 5 42-37 Console(config-if)#ip ospf transmit-delay 6 42-38 Console(config-if)#ip ospf retransmit-interval 7 42-38 Console(config-if)#ip ospf hello-interval 5 42-36 Console(config-if)#ip ospf dead-interval 50 42-36...
Page 374: Figure 20-11 Ospf Virtual Link Configuration
Unicast Routing Note: This router supports up 64 virtual links. Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set.
Page 375: Configuring Network Area Addresses
Configuring the Open Shortest Path First Protocol Configuring Network Area Addresses OSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricted by area to limit their impact on network performance. A large network should be split up into separate OSPF areas to increase network stability, and to reduce protocol traffic by summarizing routing information into more compact messages.
Page 376: Figure 20-12 Ospf Network Area Address Configuration
Unicast Routing Web - Click Routing Protocol, OSPF, Network Area Address Configuration. Configure a backbone area that is contiguous with all the other areas in your network, configure an area for all of the other OSPF interfaces, then click Apply. Figure 20-12 OSPF Network Area Address Configuration 20-32...
Page 377: Configuring Summary Addresses (For External As Routes)
Configuring the Open Shortest Path First Protocol CLI - This example configures the backbone area and one transit area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 42-26 Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf 42-39 Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE)
Page 378: Figure 20-13 Ospf Summary Address Configuration
Unicast Routing Web - Click Routing Protocol, OSPF, Summary Address Configuration. Specify the base address and network mask, then click Add. Figure 20-13 OSPF Summary Address Configuration CLI - This example This example creates a summary address for all routes contained in 192.168.x.x.
Page 379: Redistributing External Routes
Configuring the Open Shortest Path First Protocol Redistributing External Routes You can configure this router to import external routing information from other routing protocols or static routes into the autonomous system, and to generate AS-external-LSAs. OSPF Router ASBR RIP, or static routes Command Usage •...
Page 380: Configuring Nssa Settings
Unicast Routing Web - Click Routing Protocol, OSPF, Redistribute. Specify the protocol type to import, the metric type and path cost, then click Add. Figure 20-14 OSPF Redistribute Configuration CLI - This example redistributes routes learned from RIP as Type 1 external routes. Console(config-router)#redistribute rip metric-type 1 42-25 Console(config-router)#...
Page 381: Figure 20-15 Ospf Nssa Settings
Configuring the Open Shortest Path First Protocol Information option. However, an NSSA is different from a stub, because when the router is an ASBR, it can import a default external AS route (for routing protocol domains adjacent to the NSSA but not within the OSPF AS) into the NSSA using this option.
Page 382: Displaying Link State Database Information
Unicast Routing Displaying Link State Database Information OSPF routers advertise routes using Link State Advertisements (LSAs). The full collection of LSAs collected by a router interface from the attached area is known as a link state database. Routers that are connected to multiple interfaces will have a separate database for each area.
Page 383: Figure 20-16 Ospf Link State Database Information
Configuring the Open Shortest Path First Protocol Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, then click Query. Figure 20-16 OSPF Link State Database Information CLI - The CLI provides a wider selection of display options for viewing the Link State Database.
Page 384: Displaying Information On Border Routers
Unicast Routing Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR) known by this device. Field Attributes • Destination – Identifier for the destination router. •...
Page 385: Displaying Information On Neighbor Routers
Configuring the Open Shortest Path First Protocol Displaying Information on Neighbor Routers You can display about neighboring routers on each interface within an OSPF area. Field Attributes • ID – Neighbor’s router ID. • Priority – Neighbor’s router priority. • State – OSPF state and identification flag. States include: - Down –...
Page 386 Unicast Routing 20-42...
Page 387: Section Iii:command Line Interface
Section III:Command Line Interface This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. Overview of the Command Line Interface ......21-1 General Commands .
Page 388 Command Line Interface...
Page 389: Chapter 21: Overview Of The Command Line Interface
After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the SMC TigerStack II 10/100/1000 SMC8926EM/SMC8950EM is opened. To end the CLI session, enter [Exit]. Console# Telnet Connection Telnet operates over the IP transport protocol.
Page 390 When finished, exit the session with the “quit” or “exit” command. After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the SMC TigerStack II 10/100/1000 SMC8926EM/SMC8950EM is opened. To end the CLI session, enter [Exit]. Vty-0# Note: You can open up to four sessions to the device via Telnet.
Page 391: Entering Commands
Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Page 392: Showing Commands
Overview of the Command Line Interface Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, DHCP, Interface, Line, Router, VLAN Database, or MSTP).
Page 393: Partial Keyword Lookup
Entering Commands The command “show interfaces ?” will display the following information: Console#show interfaces ? counters Information of interfaces counters protocol-vlan Protocol-vlan information status Information of interfaces status switchport Information of interfaces switchport Console# Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided.
Page 394: Understanding Command Modes
“super” (page 22-1). To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the SMC TigerStack II 10/100/1000 SMC8926EM/SMC8950EM is opened. To end the CLI session, enter [Exit]. Console#...
Page 395: Configuration Commands
Entering Commands Username: guest Password: [guest login password] CLI session with the SMC TigerStack II 10/100/1000 SMC8926EM/SMC8950EM is opened. To end the CLI session, enter [Exit]. Console>enable Password: [privileged level password] Console# Configuration Commands Configuration commands are privileged level commands used to modify switch settings.
Page 396: Table 21-2 Configuration Command Modes
Overview of the Command Line Interface To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. Table 21-2 Configuration Command Modes Mode Command Prompt Page...
Page 397: Command Line Processing
Entering Commands Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?”...
Page 398: Command Groups
Overview of the Command Line Interface Command Groups The system commands can be broken down into the functional groups shown below Table 21-4 Command Group Index Command Group Description Page General Basic commands for entering privileged access mode, restarting the 22-1 system, or quitting the CLI System Management...
Page 399 Command Groups The access mode shown in the following tables is indicated by these abbreviations: ACL (Access Control List Configuration) MST (Multiple Spanning Tree) CM (Class Map Configuration) NE (Normal Exec) DC (DHCP Server Configuration) PE (Privileged Exec) GC (Global Configuration) PM (Policy Map Configuration) IC (Interface Configuration) RC (Router Configuration)
Page 400 Overview of the Command Line Interface 21-12...
Page 401: Chapter 22: General Commands
Chapter 22: General Commands These commands are used to control the command access mode, configuration mode, and other basic functions. Table 22-1 General Commands Command Function Mode Page enable Activates privileged mode 22-1 disable Returns to normal mode from privileged mode 22-2 configure Activates global configuration mode...
Page 402: Disable
General Commands • The “#” character is appended to the end of the prompt to indicate that the system is in privileged access mode. Example Console>enable Password: [privileged level password] Console# Related Commands disable (22-2) enable password (25-3) disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics.
Page 403: Show History
show history Example Console#configure Console(config)# Related Commands end (22-4) show history This command shows the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands.
Page 404: Reload
General Commands reload This command restarts the system. Note: When the system is restarted, it will always run the Power-On Self-Test. It will also retain all configuration information stored in non-volatile memory by the copy running-config startup-config command. Default Setting None Command Mode Privileged Exec...
Page 405: Exit
exit Command Mode Global Configuration, Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# exit This command returns to the previous configuration mode or exits the configuration program.
Page 406 General Commands Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: 22-6...
Page 407: Chapter 23: System Management Commands
Chapter 23: System Management Commands These commands are used to control system logs, passwords, user names, management options, and display or configure a variety of other system information. Table 23-1 System Management Commands Command Group Function Page Device Designation Configures information that uniquely identifies this switch 23-1 System Status Displays system configuration, active managers, and version information...
Page 408: Switch Renumber
System Management Commands Command Mode Global Configuration Example Console(config)#hostname RD#1 Console(config)# switch renumber This command resets the switch unit identification numbers in the stack. All stack members are numbered sequentially starting from the top unit for a non-loop stack, or starting from the Master unit for a looped stack. Syntax switch all renumber Default Setting...
Page 409: System Status Commands
System Status Commands System Status Commands This section describes commands used to display system information. Table 23-3 System Status Commands Command Function Mode Page show startup-config Displays the contents of the configuration file (stored in flash 23-3 memory) that is used to start up the system show running-config Displays the configuration data currently in use 23-5...
Page 410 System Management Commands Example Console#show startup-config building startup-config, please wait..!<stackingDB>0000000000000000</stackingDB> !<stackingMac>01_00-20-1a-df-9c-a0_00</stackingMac> !<stackingMac>02_00-20-1a-df-9e-c0_01</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> phymap 00-20-1a-df-9c-a0 00-20-1a-df-9e-c0 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 snmp-server community public ro snmp-server community private rw! username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0...
Page 411: Show Running-Config
System Status Commands show running-config This command displays the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory.
Page 412 System Management Commands Example Console#show running-config building running-config, please wait..!<stackingDB>0000000000000000</stackingDB> !<stackingMac>01_00-30-f1-d4-73-a0_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> phymap 00-30-f1-d4-73-a0 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 00-00-00-00-00-00 SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0...
Page 413: Show System
• The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System Description: SMC TigerStack II 10/100/1000 SMC8926EM/SMC8950EM System OID String: 1.3.6.1.4.1.202.20.76 System information System Up time: 0 days, 1 hours, 23 minutes, and 44.61 seconds...
Page 414: Show Version
System Management Commands Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users Username accounts: Username Privilege Public-Key -------- --------- ---------- admin None guest None steve Online users:...
Page 415: Frame Size Commands
Frame Size Commands Example Console#show version Unit 1 Serial Number: Hardware Version: EPLD Version: 1.06 Number of Ports: Main Power Status: Redundant Power Status: Not present Agent (Master) Unit ID: Loader Version: 1.1.0.2 Boot ROM Version: 1.1.0.3 Operation Code Version: 1.1.4.0 Console# Frame Size Commands...
Page 416: File Management Commands
System Management Commands connections, all devices in the collision domain would need to support jumbo frames. • The current setting for jumbo frames can be displayed with the show system command (page 23-7). Example Console(config)#jumbo frame Console(config)# Related Commands show ipv6 mtu (41-19) File Management Commands Managing Firmware Firmware can be uploaded and downloaded to or from a TFTP server.
Page 417: Copy
File Management Commands copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation.
Page 418 System Management Commands • Use the copy file unit command to copy a local file to another switch in the stack. Use the copy unit file command to copy a file from another switch in the stack. • The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server.
Page 419: Delete
File Management Commands The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01 Startup configuration file name [startup]: Write to FLASH Programming. \Write to FLASH finish. Success. Console# This example shows how to copy a secure-site certificate from an TFTP server.
Page 420: Dir
System Management Commands Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted. • “Factory_Default_Config.cfg” cannot be deleted. • A colon (:) is required after the specified unit number. Example This example shows how to delete the test2.cfg configuration file from flash memory.
Page 421: Whichboot
File Management Commands • File information is shown below: Table 23-6 File Directory Information Column Heading Description file name The name of the file. file type File types: Boot-Rom, Operation Code, and Config file. startup Shows if this file is used when the system is started. size The length of the file in bytes.
Page 422: Boot System
System Management Commands boot system This command specifies the file or image used to start up the system. Syntax boot system [unit:] {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom* - Boot ROM. •...
Page 423: Line Commands
Line Commands Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal). Table 23-7 Line Commands Command Function...
Page 424: Login
System Management Commands Command Usage Telnet is considered a virtual terminal connection and will be shown as “VTY” in screen displays such as show users. However, the serial communication parameters (e.g., databits) do not affect Telnet connections. Example To enter console line mode, enter the following command: Console(config)#line console Console(config-line)# Related Commands...
Page 425: Password
Line Commands Example Console(config-line)#login local Console(config-line)# Related Commands username (25-2) password (23-19) password This command specifies the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password • {0 | 7} - 0 means plain password, 7 means encrypted password •...
Page 426: Timeout Login Response
System Management Commands timeout login response This command sets the interval that the system waits for a user to log into the CLI. Use the no form to restore the default setting. Syntax timeout login response [seconds] no timeout login response seconds - Integer that specifies the timeout interval.
Page 427: Password-Thresh
Line Commands Command Usage • If user input is detected within the timeout interval, the session is kept open; otherwise the session is terminated. • This command applies to both the local console and Telnet connections. • The timeout for Telnet cannot be disabled. •...
Page 428: Silent-Time
System Management Commands silent-time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value. Syntax silent-time [seconds] no silent-time...
Page 429: Parity
Line Commands Example To specify 7 data bits, enter this command: Console(config-line)#databits 7 Console(config-line)# Related Commands parity (23-23) parity This command defines the generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity •...
Page 430: Stopbits
System Management Commands Default Setting auto Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices connected to the port might not be supported.
Page 431: Show Line
Line Commands Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection. Example Console#disconnect 1 Console# Related Commands show ssh (25-22) show users (23-7) show line This command displays the terminal line’s parameters.
Page 432: Event Logging Commands
System Management Commands Event Logging Commands This section describes commands used to configure event logging on the switch. Table 23-8 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages 23-26 logging history Limits syslog messages saved to switch memory based on 23-27 severity logging host...
Page 433: Logging History
Event Logging Commands logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
Page 434: Logging Host
System Management Commands logging host This command adds a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax [no] logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Command Mode...
Page 435: Logging Trap
Event Logging Commands logging trap This command enables the logging of system messages to a remote server, or limits the syslog messages saved to a remote server based on severity. Use this command without a specified level to enable remote logging. Use the no form to disable remote logging.
Page 436: Show Logging
System Management Commands Related Commands show log (23-31) show logging This command displays the configuration settings for logging messages to local switch memory, to an SMTP event handler, or to a remote syslog server. Syntax show logging {flash | ram | sendmail | trap} •...
Page 437: Show Log
Event Logging Commands The following example displays settings for the trap function. Console#show logging trap Syslog logging: Enable REMOTELOG status: disable REMOTELOG facility type: local use 7 REMOTELOG level type: Debugging messages REMOTELOG server IP address: 1.2.3.4 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0...
Page 438: Smtp Alert Commands
System Management Commands Example The following example shows the event message stored in RAM. Console#show log ram [1] 00:01:30 2001-01-01 "VLAN 1 link-up notification." level: 6, module: 5, function: 1, and event no.: 1 [0] 00:01:30 2001-01-01 "Unit 1, Port 1 link-up notification."...
Page 439: Logging Sendmail Level
SMTP Alert Commands • To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection. • To open a connection, the switch first selects the server that successfully sent mail during the last connection, or the first server configured by this command.
Page 440: Logging Sendmail Destination-Email
System Management Commands Default Setting None Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. Example Console(config)#logging sendmail source-email bill@this-company.com Console(config)# logging sendmail destination-email This command specifies the email recipients of alert messages.
Page 441: Show Logging Sendmail
Time Commands Command Mode Global Configuration Example Console(config)#logging sendmail Console(config)# show logging sendmail This command displays the settings for the SMTP event handler. Command Mode Normal Exec, Privileged Exec Example Console#show logging sendmail SMTP servers ----------------------------------------------- 192.168.1.19 SMTP minimum severity level: 7 SMTP destination email addresses ----------------------------------------------- ted@this-company.com...
Page 442: Sntp Client
System Management Commands Table 23-13 Time Commands (Continued) Command Function Mode Page clock summertime (date) Configures summer time (daylight savings time) for the 23-40 switch’s internal clock clock summertime Configures summer time (daylight savings time) for the 23-41 (predefined) switch’s internal clock clock summertime (recurring) Configures summer time (daylight savings time) for the 23-42 switch’s internal clock...
Page 443: Sntp Server
Time Commands Related Commands sntp server (23-37) sntp poll (23-37) show sntp (23-38) sntp server This command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with no arguments to clear all time servers from the current list.
Page 444: Sntp Update-Time
System Management Commands Default Setting 16 seconds Command Mode Global Configuration Example Console(config)#sntp poll 60 Console# Related Commands sntp client (23-36) sntp update-time This command sends a request to the configured SNTP servers to immediately update the time. Command Mode Global Configuration Example Console(config)#sntp update-time...
Page 445: Clock Timezone
Time Commands clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} • name - Name of timezone, usually an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 0-13 hours) •...
Page 446: Clock Summer-Time (Date)
System Management Commands Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
Page 447: Clock Summer-Time (Predefined)
Time Commands • offset - Summer-time offset from the regular time zone, in minutes. (Range: 0-99 minutes) Default Setting Disabled Command Mode Global Configuration Command Usage • In some countries or regions, clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less. This is known as Summer Time, or Daylight Savings Time (DST).
Page 448: Clock Summer-Time (Recurring)
System Management Commands Command Usage • In some countries or regions, clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less. This is known as Summer Time, or Daylight Savings Time (DST). Typically, clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn.
Page 449: Show Clock
Time Commands • b-month - The month when summer-time will begin. (Options: january | february | march | april | may | june | july | august | september | october | november | december) • b-hour - The hour when summer-time will begin. (Range: 0-23 hours) •...
Page 450: Calendar Set
System Management Commands Example Console#show clock Time Zone : GMT-0930-Taiohaer Summer Time : offset 60 minutes Apr 1 2007 23:23 to Apr 23 2007 23:23 Summer Time in Effect : No Console# calendar set This command sets the system clock. It may be used if there is no time server on your network, or if you have not configured the switch to receive signals from a time server.
Page 451: Chapter 24: Snmp Commands
Chapter 24: SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption;...
Page 452: Snmp-Server
SNMP Commands snmp-server This command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form to disable the server. Syntax [no] snmp-server Default Setting Enabled Command Mode Global Configuration Example Console(config)#snmp-server Console(config)# show snmp This command can be used to check the status of SNMP communications.
Page 453: Snmp-Server Community
snmp-server community Example Console#show snmp SNMP Agent: enabled SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2. public, and the privilege is read-only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables...
Page 454: Snmp-Server Contact
SNMP Commands • private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Example Console(config)#snmp-server community alpha rw Console(config)# snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information.
Page 455: Snmp-Server Host
snmp-server host Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (24-4) snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr [inform [retry retries | timeout seconds]] community-string [version {1 | 2c | 3 {auth | noauth | priv} [udp-port port]}...
Page 456 SNMP Commands • SNMP Version: 1 • UDP Port: 162 Command Mode Global Configuration Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command.
Page 457: Snmp-Server Enable Traps
snmp-server enable traps supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notifications. • If you specify an SNMP Version 3 host, then the community string is interpreted as an SNMP user name. If you use the V3 “auth” or “priv” options, the user name must first be defined with the snmp-server user command.
Page 458: Snmp-Server Engine-Id
SNMP Commands conjunction with the corresponding entries in the Notify View assigned by the snmp-server group command (page 24-11). Example Console(config)#snmp-server enable traps link-up-down Console(config)# Related Commands snmp-server host (24-5) snmp-server engine-id This command configures an identification string for the SNMPv3 engine. Use the no form to restore the default.
Page 459: Show Snmp Engine-Id
show snmp engine-id • A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users (page 24-14).
Page 460: Snmp-Server View
SNMP Commands snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view. Syntax snmp-server view view-name oid-tree {included | excluded} no snmp-server view view-name • view-name - Name of an SNMP view. (Range: 1-32 characters) •...
Page 461: Show Snmp View
show snmp view show snmp view This command shows information on the SNMP views. Command Mode Privileged Exec Example Console#show snmp view View Name: mib-2 Subtree OID: 1.2.2.3.6.2.1 View Type: included Storage Type: permanent Row Status: active View Name: defaultview Subtree OID: 1 View Type: included Storage Type: volatile...
Page 462: Show Snmp Group
SNMP Commands Default Setting • Default groups: public (read only), private (read/write) • readview - Every object belonging to the Internet OID space (1.3.6.1). • writeview - Nothing is defined. • notifyview - Nothing is defined. Command Mode Global Configuration Command Usage •...
Page 463: Table 24-4 Show Snmp Group - Display Description
show snmp group Group Name: public Security Model: v2c Read View: defaultview Write View: none Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v1 Read View: defaultview Write View: defaultview Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v2c...
Page 464: Snmp-Server User
SNMP Commands snmp-server user This command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify View. Use the no form to remove a user from an SNMP group. Syntax snmp-server user username groupname [remote ip-address] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv-password]] no snmp-server user username {v1 | v2c | v3 | remote} •...
Page 465: Show Snmp User
show snmp user need to configure the remote agent’s SNMP engine ID before you can send proxy requests or informs to it. Example Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv des56 einstien Console(config)#snmp-server user mark group r&d remote 192.168.1.19 v3 auth md5 greenpeace priv des56 einstien Console(config)# show snmp user...
Page 466 SNMP Commands 24-16...
Page 467: Chapter 25: User Authentication Commands
Chapter 25: User Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1X. Table 25-1 Authentication Commands Command Group Function Page...
Page 468: Username
User Authentication Commands username This command adds named users, requires authentication at login, specifies or changes a user's password (or specify that no password is required), or specifies or changes a user's access level. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password}...
Page 469: Enable Password
User Account Commands enable password After initially logging onto the system, you should set the Privileged Exec password. Remember to record it in a safe place. This command controls access to the Privileged Exec level from the Normal Exec level. Use the no form to reset the default password.
Page 470: Authentication Sequence
User Authentication Commands Authentication Sequence Three authentication methods can be specified to authenticate users logging into the system for management access. The commands in this section can be used to define the authentication method and sequence. Table 25-4 Authentication Sequence Commands Command Function Mode...
Page 471: Authentication Enable
Authentication Sequence Example Console(config)#authentication login radius Console(config)# Related Commands username - for setting the local user names and passwords (25-2) authentication enable This command defines the authentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command (see page 22-1).
Page 472: Radius Client
User Authentication Commands RADIUS Client Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.
Page 473: Radius-Server Port
RADIUS Client Example Console(config)#radius-server 1 host 192.168.1.20 port 181 timeout 10 retransmit 5 key green Console(config)# radius-server port This command sets the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages.
Page 474: Radius-Server Retransmit
User Authentication Commands radius-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode Global Configuration...
Page 475: Tacacs+ Client
TACACS+ Client Example Console#show radius-server Remote RADIUS server configuration: Global settings: Communication key with RADIUS server: ***** Server port number: 1812 Retransmit times: Request timeout: Server 1: Server IP address: 192.168.1.1 Communication key with RADIUS server: ***** Server port number: 1812 Retransmit times: 2 Request timeout: 5 Console#...
Page 476: Tacacs-Server Port
User Authentication Commands Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25 Console(config)# tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages.
Page 477: Show Tacacs-Server
Web Server Commands show tacacs-server This command displays the current settings for the TACACS+ server. Default Setting None Command Mode Privileged Exec Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with TACACS server: ***** Server port number: Console# Web Server Commands This section describes commands used to configure web browser management...
Page 478: Ip Http Server
User Authentication Commands Example Console(config)#ip http port 769 Console(config)# Related Commands ip http server (25-12) ip http server This command allows this device to be monitored or configured from a browser. Use the no form to disable this function. Syntax [no] ip http server Default Setting Enabled...
Page 479: Ip Http Secure-Port
Web Server Commands • When you start HTTPS, the connection is established in this way: - The client authenticates the server using the server’s digital certificate. - The client and server negotiate a set of security protocols to use for the connection.
Page 480: Telnet Server Commands
User Authentication Commands • If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https://device:port_number Example Console(config)#ip http secure-port 1000 Console(config)# Related Commands ip http secure-server (25-12) Telnet Server Commands This section describes commands used to configure Telnet management access to the switch.
Page 481: Secure Shell Commands
Secure Shell Commands Secure Shell Commands This section describes the commands used to configure the SSH server. Note that you also need to install a SSH client on the management station when using this protocol to configure the switch. Note: The switch supports both SSH Version 1.5 and 2.0 clients.
Page 482 User Authentication Commands To use the SSH server, complete these steps: Generate a Host Key Pair – Use the ip ssh crypto host-key generate command to create a host public/private key pair. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch.
Page 483: Ip Ssh Server
Secure Shell Commands stored on the switch can access it. The following exchanges take place during this process: Authenticating SSH v1.5 Clients a. The client sends its RSA public key to the switch. b. The switch compares the client's public key to those stored in memory. c.
Page 484: Ip Ssh Timeout
User Authentication Commands Example Console#ip ssh crypto host-key generate dsa Console#configure Console(config)#ip ssh server Console(config)# Related Commands ip ssh crypto host-key generate (25-20) show ssh (25-22) ip ssh timeout This command configures the timeout for the SSH server. Use the no form to restore the default setting.
Page 485: Ip Ssh Authentication-Retries
Secure Shell Commands ip ssh authentication-retries This command configures the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting. Syntax ip ssh authentication-retries count no ip ssh authentication-retries count – The number of authentication attempts permitted after which the interface is reset.
Page 486: Delete Public-Key
User Authentication Commands delete public-key This command deletes the specified user’s public key. Syntax delete public-key username [dsa | rsa] • username – Name of an SSH user. (Range: 1-8 characters) • dsa – DSA public key type. • rsa – RSA public key type. Default Setting Deletes both the DSA and RSA key.
Page 487: Ip Ssh Crypto Zeroize
Secure Shell Commands Related Commands ip ssh crypto zeroize (25-21) ip ssh save host-key (25-21) ip ssh crypto zeroize This command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa] • dsa – DSA key type. •...
Page 488: Show Ip Ssh
User Authentication Commands Related Commands ip ssh crypto host-key generate (25-20) show ip ssh This command displays the connection settings used when authenticating client access to the SSH server. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 2.0 Negotiation timeout: 120 secs;...
Page 489: Show Public-Key
Secure Shell Commands Table 25-11 show ssh - display description (Continued) Field Description Encryption The encryption method is automatically negotiated between the client and server. Options for SSHv1.5 include: DES, 3DES Options for SSHv2.0 can include different algorithms for the client-to-server (ctos) and server-to-client (stoc): aes128-cbc-hmac-sha1 aes192-cbc-hmac-sha1...
Page 490: Port Security Commands
User Authentication Commands Example Console#show public-key host Host: RSA: 1024 65537 13236940658254764031382795526536375927835525327972629521130241 0719421061655759424590939236096954050362775257556251003866130989393834523 1033280214988866192159556859887989191950588394018138744046890877916030583 7768185490002831341625008348718449522087429212255691665655296328163516964 0408315547660664151657116381 DSA: ssh-dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV/yrDbKStIlnzD/Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW/a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjw bvwrNLaQ77isiwAAAIEAsy5YWDC99ebYHNRj5kh47wY4i8cZvH+/p9cnrfwFTMU01VFDly3IR 2G395NLy5Qd7ZDxfA9mCOfT/yyEfbobMJZi8oGCstSNOxrZZVnMqWrTYfdrKX7YKBw/Kjw6Bm iFq7O+jAhf1Dg45loAc27s6TLdtny1wRq/ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF/+DjKGWtPNIQqabKgYCw2 o/dVzX4Gg+yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 Console# Port Security Commands These commands can be used to enable port security on a port. When using port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
Page 491: Port Security
Port Security Commands port security This command enables or configures port security. Use the no form without any keywords to disable port security. Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for the maximum number of allowed addresses.
Page 492: 802.1X Port Authentication
User Authentication Commands Example The following example enables port security for port 5, and sets the response to a security violation to issue a trap message: Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap Related Commands shutdown (27-7) mac-address-table static (31-1) 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for...
Page 493: Dot1X System-Auth-Control
802.1X Port Authentication dot1x system-auth-control This command enables IEEE 802.1X port authentication globally on the switch. Use the no form to restore the default. Syntax [no] dot1x system-auth-control Default Setting Disabled Command Mode Global Configuration Example Console(config)#dot1x system-auth-control Console(config)# dot1x default This command sets all configurable dot1x global and port settings to their default values.
Page 494: Dot1X Port-Control
User Authentication Commands dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control • auto – Requires a dot1x-aware connected client to be authorized by the RADIUS server.
Page 495: Dot1X Operation-Mode
802.1X Port Authentication dot1x operation-mode This command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to restore the default to single host. Use the no form with the multi-host max-count keywords to restore the default maximum count.
Page 496: Dot1X Re-Authenticate
User Authentication Commands dot1x re-authenticate This command forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26/50) Command Mode Privileged Exec Command Usage The re-authentication process verifies the connected client’s user ID and...
Page 497: Dot1X Timeout Quiet-Period
802.1X Port Authentication Related Commands dot1x timeout re-authperiod (25-31) dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default.
Page 498: Dot1X Timeout Tx-Period
User Authentication Commands dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number of seconds.
Page 499 802.1X Port Authentication • 802.1X Port Details – Displays the port access control parameters for each interface, including the following items: - reauth-enabled – Periodic re-authentication (page 25-30). - reauth-period – Time after which a connected client must be re-authenticated (page 25-31). - quiet-period –...
Page 500 User Authentication Commands Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized disabled Single-Host ForceAuthorized disabled Single-Host ForceAuthorized 1/25 disabled Single-Host ForceAuthorized 1/26 enabled Single-Host Auto 802.1X Port Details 802.1X is enabled on port 1/1 802.1X is enabled on port 26 Reauth-enabled: Enabled...
Page 501: Management Ip Filter Commands
Management IP Filter Commands Management IP Filter Commands This section describes commands used to configure IP management access to the switch. Table 25-14 IP Filter Commands Command Function Mode Page management Configures IP addresses that are allowed management access 25-35 show management Displays the switch to be monitored or configured from a browser 25-36 management...
Page 502: Show Management
User Authentication Commands Example This example restricts management access to the indicated addresses. Console(config)#management all-client 192.168.1.19 Console(config)#management all-client 192.168.1.25 192.168.1.30 Console# show management This command displays the client IP addresses that are allowed management access to the switch through various protocols. Syntax show management {all-client | http-client | snmp-client | telnet-client} •...
Page 503: Chapter 26: Access Control List Commands
Chapter 26: Access Control List Commands Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames (based on address, next header type, or flow label), or any frames (based on MAC address or Ethernet type).
Page 504: Access-List Ip
Access Control List Commands access-list ip This command adds an IP access list and enters configuration mode for standard or extended IPv4 ACLs. Use the no form to remove the specified ACL. Syntax [no] access-list ip {standard | extended} acl_name •...
Page 505: Permit, Deny (Extended Ipv4 Acl)
IPv4 ACLs Default Setting None Command Mode Standard IPv4 ACL Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match”...
Page 506 Access Control List Commands • host – Keyword followed by a specific IP address. • precedence – IP precedence level. (Range: 0-7) • tos – Type of Service level. (Range: 0-15) • dscp – DSCP priority level. (Range: 0-63) • sport – Protocol source port number.
Page 507: Show Ip Access-List
IPv4 ACLs Example This example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through. Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any Console(config-ext-acl)# This allows TCP packets from class C addresses 192.168.1.0 to any destination...
Page 508: Ip Access-Group
Access Control List Commands ip access-group This command binds a port to an IPv4 ACL. Use the no form to remove the port. Syntax [no] ip access-group acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters) •...
Page 509: Ipv6 Acls
IPv6 ACLs IPv6 ACLs The commands in this section configure ACLs based on IPv6 addresses, next header type, and flow label. To configure IPv6 ACLs, first create an access list containing the required permit or deny rules, and then bind the access list to one or more ports Table 26-3 IPv6 ACL Commands Command...
Page 510: Permit, Deny (Standard Ipv6 Acl)
Access Control List Commands Example Console(config)#access-list ipv6 standard david Console(config-std-ipv6-acl)# Related Commands permit, deny (26-8) ipv6 access-group (26-11) show ipv6 access-list (26-11) permit, deny (Standard IPv6 ACL) This command adds a rule to a Standard IPv6 ACL. The rule sets a filter condition for packets emanating from the specified source.
Page 511: Permit, Deny (Extended Ipv6 Acl)
IPv6 ACLs permit, deny (Extended IPv6 ACL) This command adds a rule to an Extended IPv6 ACL. The rule sets a filter condition for packets with specific destination IP addresses, next header type, or flow label. Use the no form to remove a rule. Syntax [no] {permit | deny} {any | destination-ipv6-address[/prefix-length]}...
Page 512 Access Control List Commands e.g., in a hop-by-hop option. A flow is uniquely identified by the combination of a source address and a non-zero flow label. Packets that do not belong to a flow carry a flow label of zero. Hosts or routers that do not support the functions specified by the flow label must set the field to zero when originating a packet, pass the field on unchanged when forwarding a packet, and ignore the field when receiving a...
Page 513: Show Ipv6 Access-List
IPv6 ACLs show ipv6 access-list This command displays the rules for configured IPv6 ACLs. Syntax show ip access-list {standard | extended} [acl_name] • standard – Specifies a standard IPv6 ACL. • extended – Specifies an extended IPv6 ACL. • acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example...
Page 514: Show Ipv6 Access-Group
Access Control List Commands Related Commands show ipv6 access-list (26-11) show ipv6 access-group This command shows the ports assigned to IPv6 ACLs. Command Mode Privileged Exec Example Console#show ip access-group Interface ethernet 1/2 IPv6 standard access-list david in Console# Related Commands ipv6 access-group (26-11) MAC ACLs The commands in this section configure ACLs based on hardware addresses,...
Page 515: Permit, Deny (Mac Acl)
MAC ACLs Command Mode Global Configuration Command Usage • When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To create an ACL, you must add at least one rule to the list. •...
Page 516 Access Control List Commands [no] {permit | deny} untagged-802.3 {any | host source | source address-bitmask} {any | host destination | destination address-bitmask} • tagged-eth2 – Tagged Ethernet II packets. • untagged-eth2 – Untagged Ethernet II packets. • tagged-802.3 – Tagged Ethernet 802.3 packets. •...
Page 517: Show Mac Access-List
MAC ACLs show mac access-list This command displays the rules for configured MAC ACLs. Syntax show mac access-list [acl_name] acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands...
Page 518: Show Mac Access-Group
Access Control List Commands show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Console#show mac access-group Interface ethernet 1/5 MAC access-list M5 in Console# Related Commands mac access-group (26-15) ACL Information This section describes commands used to display ACL information. Table 26-5 ACL Information Commands Command Function...
Page 519: Show Access-Group
ACL Information show access-group This command shows the port assignments of IPv4 ACLs. Command Mode Privileged Executive Example Console#show access-group Interface ethernet 1/2 IP standard access-list david MAC access-list jerry Console# 26-17...
Page 520 Access Control List Commands 26-18...
Page 521: Chapter 27: Interface Commands
Chapter 27: Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Table 27-1 Interface Commands Command Function Mode Page interface Configures an interface type and enters interface configuration 27-1 mode description Adds a description to an interface configuration...
Page 522: Description
Interface Commands Default Setting None Command Mode Global Configuration Example To specify port 4, enter the following command: Console(config)#interface ethernet 1/4 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached...
Page 523: Speed-Duplex
speed-duplex speed-duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default. Syntax speed-duplex {10000full | 1000full | 100full | 100half | 10full | 10half} no speed-duplex •...
Page 524: Negotiation
Interface Commands negotiation This command enables autonegotiation for a given interface. Use the no form to disable autonegotiation. Syntax [no] negotiation Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • 1000BASE-T and 10GBASE-T do not support forced mode. Auto-negotiation should always be used to establish a connection over any 1000BASE-T or 10GBASE-T port or trunk.
Page 525: Flowcontrol
flowcontrol • 10full - Supports 10 Mbps full-duplex operation • 10half - Supports 10 Mbps half-duplex operation • flowcontrol - Supports flow control • symmetric (Gigabit only) - When specified, the port transmits and receives pause frames; when not specified, the port will auto-negotiate to determine the sender and receiver for asymmetric pause frames.
Page 526: Media-Type
Interface Commands Command Usage • 1000BASE-T and 10GBASE-T do not support forced mode. Auto-negotiation should always be used to establish a connection over any 1000BASE-T or 10GBASE-T port or trunk. • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill.
Page 527: Shutdown
shutdown Command Mode Interface Configuration (Ethernet - Ports 21-24/45-48) Example This forces the switch to use the built-in RJ-45 port for the combination port 48. Console(config)#interface ethernet 1/48 Console(config-if)#media-type copper-forced Console(config-if)# shutdown This command disables an interface. To restart a disabled interface, use the no form.
Page 528: Clear Counters
Interface Commands Command Mode Interface Configuration (Ethernet) Command Usage • When broadcast traffic exceeds the specified threshold, packets above that threshold are dropped. • Broadcast control does not effect IP multicast traffic. Example The following shows how to configure broadcast storm control at 600 packets per second: Console(config)#interface ethernet 1/5 Console(config-if)#switchport broadcast packet-rate 600...
Page 529: Show Interfaces Status
show interfaces status show interfaces status This command displays the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26/50) • port-channel channel-id (Range: 1-32) •...
Page 530: Show Interfaces Counters
Interface Commands show interfaces counters This command displays interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26/50) • port-channel channel-id (Range: 1-32) Default Setting Shows the counters for all interfaces.
Page 531: Show Interfaces Switchport
show interfaces switchport show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26/50) •...
Page 532 Interface Commands Table 27-2 show interfaces switchport - display description (Continued) Field Description Ingress Rule Shows if ingress filtering is enabled or disabled (page 34-9). Acceptable Fame Type Shows if acceptable VLAN frames include all types or tagged frames only (page 34-9).
Page 533: Chapter 28: Link Aggregation Commands
Chapter 28: Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Page 534: Channel-Group
Link Aggregation Commands • STP, VLAN, and IGMP settings can only be made for the entire trunk via the specified port-channel. Dynamically Creating a Port Channel – Ports assigned to a common port channel must meet the following criteria: • Ports must have the same LACP system priority. •...
Page 535: Lacp
lacp lacp This command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it. Syntax [no] lacp Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation.
Page 536: Lacp System-Priority
Link Aggregation Commands Current status: Created By : LACP Link Status : Up Port Operation Status : Up Operation speed-duplex : 100full Flow control Type : None Member Ports : Eth1/10, Eth1/11, Eth1/12, Console# lacp system-priority This command configures a port's LACP system priority. Use the no form to restore the default setting.
Page 537: Lacp Admin-Key (Ethernet Interface)
lacp admin-key (Ethernet Interface) lacp admin-key (Ethernet Interface) This command configures a port's LACP administration key. Use the no form to restore the default setting. Syntax lacp {actor | partner} admin-key key [no] lacp {actor | partner} admin-key • actor - The local side an aggregate link. •...
Page 538: Lacp Admin-Key (Port Channel)
Link Aggregation Commands lacp admin-key (Port Channel) This command configures a port channel's LACP administration key string. Use the no form to restore the default setting. Syntax lacp admin-key key [no] lacp admin-key key - The port channel admin key is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch.
Page 539: Show Lacp
show lacp Command Mode Interface Configuration (Ethernet) Command Usage • Setting a lower value indicates a higher effective priority. • If an active port link goes down, the backup port with the highest priority is selected to replace the downed link. However, if two or more ports have the same LACP port priority, the port with the lowest physical port number will be selected as the backup port.
Page 540: Table 28-2 Show Lacp Counters - Display Description
Link Aggregation Commands Example Console#show lacp 1 counters Port Channel: 1 ------------------------------------------------------------------------- Eth 1/ 2 ------------------------------------------------------------------------- LACPDUs Sent : 12 LACPDUs Receive Marker Sent Marker Receive LACPDUs Unknown Pkts : 0 LACPDUs Illegal Pkts : 0 Table 28-2 show lacp counters - display description Field Description LACPDUs Sent...
Page 541: Table 28-4 Show Lacp Neighbors - Display Description
show lacp Table 28-3 show lacp internal - display description (Continued) Field Description LACP Port Priority LACP port priority assigned to this interface within the channel group. Admin State, Administrative or operational values of the actor’s state parameters: Oper State •...
Page 542: Table 28-5 Show Lacp Sysid - Display Description
Link Aggregation Commands Table 28-4 show lacp neighbors - display description (Continued) Field Description Port Oper Priority Priority value assigned to this aggregation port by the partner. Admin Key Current administrative value of the Key for the protocol partner. Oper Key Current operational value of the Key for the protocol partner.
Page 543: Chapter 29: Mirror Port Commands
Chapter 29: Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Table 29-1 Mirror Port Commands Command Function Mode Page port monitor Configures a mirror session 29-1 show port monitor Shows the configuration for a mirror port 29-2 port monitor This command configures a mirror session.
Page 544: Show Port Monitor
Mirror Port Commands Example The following example configures the switch to mirror all packets from port 6 to 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 both Console(config-if)# show port monitor This command displays mirror information. Syntax show port monitor [interface] interface - ethernet unit/port (source port) •...
Page 545: Chapter 30: Rate Limit Commands
Chapter 30: Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Packets that exceed the acceptable amount of traffic are dropped.
Page 546 Rate Limit Commands 30-2...
Page 547: Chapter 31: Address Table Commands
Chapter 31: Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Table 31-1 Address Table Commands Command Function Mode Page mac-address-table static Maps a static address to a port in a VLAN 31-1 clear mac-address-table...
Page 548: Clear Mac-Address-Table Dynamic
Address Table Commands Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table. Static addresses have the following characteristics: •...
Page 549: Show Mac-Address-Table
show mac-address-table show mac-address-table This command shows classes of entries in the bridge-forwarding database. Syntax show mac-address-table [address mac-address [mask]] [interface interface] [vlan vlan-id] [sort {address | vlan | interface}] • mac-address - MAC address. • mask - Bits to match in the address. •...
Page 550: Mac-Address-Table Aging-Time
Address Table Commands mac-address-table aging-time This command sets the aging time for entries in the address table. Use the no form to restore the default aging time. Syntax mac-address-table aging-time seconds no mac-address-table aging-time seconds - Aging time. (Range: 10-1000000 seconds; 0 to disable aging) Default Setting 300 seconds Command Mode...
Page 551: Chapter 32: Lldp Commands
Chapter 32: LLDP Commands Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
Page 552: Lldp
LLDP Commands Table 32-1 LLDP Commands (Continued) Command Function Mode Page lldp dot1-tlv Configures an LLDP-enabled port to advertise its VLAN 32-11 vlan-name* name lldp dot3-tlv Configures an LLDP-enabled port to advertise its link 32-12 link-agg aggregation capabilities lldp dot3-tlv Configures an LLDP-enabled port to advertise its MAC and 32-12 mac-phy...
Page 553: Lldp Holdtime-Multiplier
lldp holdtime-multiplier lldp holdtime-multiplier This command configures the time-to-live (TTL) value sent in LLDP advertisements. Use the no form to restore the default setting. Syntax lldp holdtime-multiplier value no lldp holdtime-multiplier value - Calculates the TTL in seconds based on (holdtime-multiplier * refresh-interval) ≤...
Page 554: Lldp Refresh-Interval
LLDP Commands Command Usage • This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management. • Information about changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only state changes that exist at the time of a notification are included in the transmission.
Page 555: Lldp Reinit-Delay
lldp reinit-delay lldp reinit-delay This command configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes down. Use the no form to restore the default setting. Syntax lldp reinit-delay seconds no lldp reinit-delay seconds - Specifies the delay before attempting to re-initialize LLDP. (Range: 1 - 10 seconds) Default Setting 2 seconds...
Page 556: Lldp Admin-Status
LLDP Commands objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission. • This attribute must comply with the following rule: (4 * tx-delay) ≤ refresh-interval Example Console(config)#lldp tx-delay 10 Console(config)# lldp admin-status This command enables LLDP transmit, receive, or transmit and receive mode on the specified port.
Page 557: Lldp Basic-Tlv Management-Ip-Address
lldp basic-tlv management-ip-address Command Usage • This option sends out SNMP trap notifications to designated target stations at the interval specified by the lldp notification-interval command (page 32-3). Trap notifications include information about state changes in the LLDP MIB (IEEE 802.1AB), or organization-specific LLDP-EXT-DOT1 and LLDP-EXT-DOT3 MIBs.
Page 558: Lldp Basic-Tlv Port-Description
LLDP Commands • Every management address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier (VID) associated with the management address reported by this TLV.
Page 559: Lldp Basic-Tlv System-Description
lldp basic-tlv system-description Command Usage The system capabilities identifies the primary function(s) of the system and whether or not these primary functions are enabled. The information advertised by this TLV is described in IEEE 802.1AB. Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp basic-tlv system-capabilities Console(config-if)# lldp basic-tlv system-description This command configures an LLDP-enabled port to advertise the system...
Page 560: Lldp Dot1-Tlv Proto-Ident
LLDP Commands Command Usage The system name is taken from the sysName object in RFC 3418, which contains the system’s administratively assigned name, and is in turn based on the hostname command (page 23-1). Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp basic-tlv system-name Console(config-if)# lldp dot1-tlv proto-ident This command configures an LLDP-enabled port to advertise the supported...
Page 561: Lldp Dot1-Tlv Pvid
lldp dot1-tlv pvid Command Usage This option advertises the port-based and protocol-based VLANs configured on this interface (see "Configuring VLAN Interfaces" on page 34-7 and "Configuring Protocol-based VLANs" on page 34-20). Example Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot1-tlv proto-vid Console(config-if)# lldp dot1-tlv pvid This command configures an LLDP-enabled port to advertise its default VLAN ID.
Page 562: Lldp Dot3-Tlv Mac-Phy
LLDP Commands Command Usage This option advertises the name of all VLANs to which this interface has been assigned. See "switchport allowed vlan" on page 34-11 and "protocol-vlan protocol-group (Configuring Interfaces)" on page 34-21. Example Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot1-tlv vlan-name Console(config-if)# lldp dot3-tlv link-agg This command configures an LLDP-enabled port to advertise link aggregation...
Page 563: Lldp Dot3-Tlv Max-Frame
lldp dot3-tlv max-frame Command Usage This option advertises MAC/PHY configuration/status which includes information about auto-negotiation support/capabilities, and operational Multistation Access Unit (MAU) type. Example Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot3-tlv mac-phy Console(config-if)# lldp dot3-tlv max-frame This command configures an LLDP-enabled port to advertise its maximum frame size.
Page 564: Show Lldp Config
LLDP Commands Command Usage This option advertises Power-over-Ethernet capabilities, including whether or not PoE is supported, currently enabled, if the port pins through which power is delivered can be controlled, the port pins selected to deliver power, and the power class. Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp dot3-tlv poe...
Page 565: Show Lldp Info Local-Device
show lldp info local-device Console#show lldp config detail ethernet 1/1 LLDP Port Configuration Detail Port : Eth 1/1 Admin Status : Tx-Rx Notification Enabled : True Basic TLVs Advertised: port-description system-name system-description system-capabilities management-ip-address 802.1 specific TLVs Advertised: *port-vid *vlan-name *proto-vlan *proto-ident 802.3 specific TLVs Advertised:...
Page 566: Show Lldp Info Remote-Device
LLDP Commands Example Console#show lldp info local-device LLDP Local System Information Chassis Type : MAC Address Chassis ID : 00-01-02-03-04-05 System Name System Description : 24/48 port 10/100/1000 Stackable Managed Switch with 2 X 10G uplinks System Capabilities Support : Bridge, Router System Capabilities Enable : Bridge, Router Management Address : 192.168.0.2 (IPv4)
Page 567 show lldp info remote-device Example Console#show lldp info remote-device LLDP Remote Devices Information Interface | ChassisId PortId SysName --------- + ----------------- ----------------- --------------------- Eth 1/1 | 00-01-02-03-04-05 00-01-02-03-04-06 Console#show lldp info remote-device detail ethernet 1/1 Chassis Type : MAC Address Chassis Id : 00-00-E8-90-00-00 PortID Type...
Page 568: Show Lldp Info Statistics
LLDP Commands show lldp info statistics This command shows statistics based on traffic received through all attached LLDP-enabled interfaces. Syntax show lldp info statistics [detail interface] • detail - Shows detailed information. • interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number.
Page 569: Chapter 33: Spanning Tree Commands
Chapter 33: Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 33-1 Spanning Tree Commands Command Function Mode Page spanning-tree Enables the spanning tree protocol 33-2 spanning-tree mode Configures STP, RSTP or MSTP mode...
Page 570: Spanning-Tree
Spanning Tree Commands Table 33-1 Spanning Tree Commands (Continued) Command Function Mode Page show spanning-tree Shows spanning tree configuration for the common 33-18 spanning tree (i.e., overall bridge), a selected interface, or an instance within the multiple spanning tree show spanning-tree mst Shows the multiple spanning tree configuration 33-20 configuration...
Page 571 spanning-tree mode Default Setting rstp Command Mode Global Configuration Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. - This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path between specific VLAN members may be inadvertently disabled to prevent network loops, thus isolating group members.
Page 572: Spanning-Tree Forward-Time
Spanning Tree Commands spanning-tree forward-time This command configures the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4 - 30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
Page 573: Spanning-Tree Max-Age
spanning-tree max-age Example Console(config)#spanning-tree hello-time 5 Console(config)# Related Commands spanning-tree forward-time (33-4) spanning-tree max-age (33-5) spanning-tree max-age This command configures the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds.
Page 574: Spanning-Tree Priority
Spanning Tree Commands spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range: 0 - 65535) (Range –...
Page 575: Spanning-Tree Transmission-Limit
spanning-tree transmission-limit Command Usage The path cost method is used to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. Note that path cost (page 33-12) takes precedence over port priority (page 33-13).
Page 576: Mst Vlan
Spanning Tree Commands Related Commands mst vlan (33-8) mst priority (33-9) name (33-9) revision (33-10) max-hops (33-11) mst vlan This command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no form without any VLAN parameters to remove all VLANs.
Page 577: Mst Priority
mst priority mst priority This command configures the priority of a spanning tree instance. Use the no form to restore the default. Syntax mst instance_id priority priority no mst instance_id priority • instance_id - Instance identifier of the spanning tree. (Range: 0-4094) •...
Page 578: Revision
Spanning Tree Commands Command Usage The MST region name and revision number (page 33-10) are used to designate a unique MST region. A bridge (i.e., spanning-tree compliant device such as this switch) can only belong to one MST region. And all bridges in the same region must be configured with the same MST instances.
Page 579: Max-Hops
max-hops max-hops This command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to restore the default. Syntax max-hops hop-number hop-number - Maximum hop number for multiple spanning tree. (Range: 1-40) Default Setting Command Mode MST Configuration...
Page 580: Spanning-Tree Cost
Spanning Tree Commands spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default auto-configuration mode. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 0 for auto-configuration, 1-65535 for short path cost method 1-200,000,000 for long path cost method) Table 33-2 Recommended STA Path Cost Range...
Page 581: Spanning-Tree Port-Priority
spanning-tree port-priority Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree cost 50 Console(config-if)# spanning-tree port-priority This command configures the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port. (Range: 0-240, in steps of 16) Default Setting Command Mode Interface Configuration (Ethernet, Port Channel)
Page 582: Spanning-Tree Portfast
Spanning Tree Commands Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
Page 583: Spanning-Tree Link-Type
spanning-tree link-type • This command is the same as spanning-tree edge-port, and is only included for backward compatibility with earlier products. Note that this command may be removed for future software versions. Example Console(config)#interface ethernet 1/5 Console(config-if)#bridge-group 1 portfast Console(config-if)# Related Commands spanning-tree edge-port (33-13) spanning-tree link-type...
Page 584: Spanning-Tree Mst Cost
Spanning Tree Commands spanning-tree mst cost This command configures the path cost on a spanning instance in the Multiple Spanning Tree. Use the no form to restore the default auto-configuration mode. Syntax spanning-tree mst instance_id cost cost no spanning-tree mst instance_id cost •...
Page 585: Spanning-Tree Mst Port-Priority
spanning-tree mst port-priority spanning-tree mst port-priority This command configures the interface priority on a spanning instance in the Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree mst instance_id port-priority priority no spanning-tree mst instance_id port-priority •...
Page 586: Show Spanning-Tree
Spanning Tree Commands Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible).
Page 587 show spanning-tree displayed for specific interfaces, see "Displaying Interface Settings" on page 10-10. Example Console#show spanning-tree Spanning Tree Information --------------------------------------------------------------- Spanning Tree Mode: MSTP Spanning Tree Enabled/Disabled: Enabled Instance: VLANs Configuration: 1-4093 Priority: 32768 Bridge Hello Time (sec.): Bridge Max Age (sec.): Bridge Forward Delay (sec.): Root Hello Time (sec.): Root Max Age (sec.):...
Page 588: Show Spanning-Tree Mst Configuration
Spanning Tree Commands show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Command Mode Privileged Exec Example Console#show spanning-tree mst configuration Mstp Configuration Information -------------------------------------------------------------- Configuration Name: R&D Revision level:0 Instance VLANs -------------------------------------------------------------- 1,3-4093 Console# 33-20...
Page 589: Chapter 34: Vlan Commands
Chapter 34: VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 590: Bridge-Ext Gvrp
VLAN Commands bridge-ext gvrp This command enables GVRP globally for the switch. Use the no form to disable it. Syntax [no] bridge-ext gvrp Default Setting Disabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network.
Page 591: Switchport Gvrp
GVRP and Bridge Extension Commands switchport gvrp This command enables GVRP for a port. Use the no form to disable it. Syntax [no] switchport gvrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration This command shows if GVRP is enabled.
Page 592: Garp Timer
VLAN Commands garp timer This command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} •...
Page 593: Show Garp Timer
Editing VLAN Groups show garp timer This command shows the GARP timers for the selected interface. Syntax show garp timer [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26/50) • port-channel channel-id (Range: 1-32) Default Setting Shows all GARP timers.
Page 594: Vlan
VLAN Commands Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN.
Page 595: Configuring Vlan Interfaces
Configuring VLAN Interfaces Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default. Console(config)#vlan database Console(config-vlan)#vlan 105 name RD5 media ethernet Console(config-vlan)# Related Commands show vlan (34-13) Configuring VLAN Interfaces Table 34-4 Commands for Configuring VLAN Interfaces Command Function...
Page 596: Switchport Mode
VLAN Commands Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown (27-7) switchport mode This command configures the VLAN membership mode for a port.
Page 597: Switchport Acceptable-Frame-Types
Configuring VLAN Interfaces switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port accepts all frames, tagged or untagged. •...
Page 598: Switchport Native Vlan
VLAN Commands • If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port). •...
Page 599: Switchport Allowed Vlan
Configuring VLAN Interfaces switchport allowed vlan This command configures VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list} no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add. •...
Page 600: Switchport Forbidden Vlan
VLAN Commands switchport forbidden vlan This command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add. •...
Page 601: Show Vlan
Displaying VLAN Information show vlan This command shows VLAN information. Syntax show vlan [id vlan-id | name vlan-name] • id - Keyword to be followed by the VLAN ID. vlan-id - ID of the configured VLAN. (Range: 1-4093, no leading zeroes) •...
Page 602: Configuring Ieee 802.1Q Tunneling
VLAN Commands Configuring IEEE 802.1Q Tunneling IEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs. Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider’s network even when they use the same customer-specific VLAN IDs. QinQ tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy, preserving the customer’s original tagged packets, and adding SPVLAN tags to each frame (also called double tagging).
Page 603: Dot1Q-Tunnel System-Tunnel-Control
Configuring IEEE 802.1Q Tunneling Limitations for QinQ • The native VLAN for the tunnel uplink ports and tunnel access ports cannot be the same. However, the same service VLANs can be set on both tunnel port types. • IGMP Snooping should not be enabled on a tunnel access port. •...
Page 604: Switchport Dot1Q-Tunnel Tpid
VLAN Commands Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • QinQ tunneling must be enabled on the switch using the dot1q-tunnel system-tunnel-control command before the switchport dot1q-tunnel mode interface command can take effect. • When a tunnel uplink port receives a packet from a customer, the customer tag (regardless of whether there are one or more tag layers) is retained in the inner tag, and the service provider’s tag added to the outer tag.
Page 605: Show Dot1Q-Tunnel
Configuring IEEE 802.1Q Tunneling custom 802.1Q ethertype on a trunk port, incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype field, as they would be with a standard 802.1Q trunk. Frames arriving on the port containing any other ethertype are looked upon as untagged frames, and assigned to the native VLAN of that port.
Page 606: Configuring Private Vlans
VLAN Commands Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This section describes commands used to configure private VlANs. Table 34-7 Private VLAN Commands Command Function Mode Page pvlan Enables and configured private VLANS 34-18 show pvlan Displays the configured private VLANS...
Page 607: Show Pvlan
Configuring Private VLANs Example This example enables the private VLAN, and then sets port 12 as the uplink and ports 5-8 as the downlinks. Console(config)#pvlan Console(config)#pvlan up-link ethernet 1/12 down-link ethernet 1/5-8 Console(config)# show pvlan This command displays the configured private VLAN. Command Mode Privileged Exec Example...
Page 608: Configuring Protocol-Based Vlans
VLAN Commands Configuring Protocol-based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 609: Protocol-Vlan Protocol-Group (Configuring Interfaces)
Configuring Protocol-based VLANs • protocol - Protocol type. The only option for the llc-other frame type is ipx_raw. The options for all other frames types include: ip, ipv6, arp, rarp, and user-defined (0801-FFFF hexadecimal). Default Setting No protocol groups are configured. Command Mode Global Configuration Example...
Page 610: Show Protocol-Vlan Protocol-Group
VLAN Commands - If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface. Example The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2.
Page 611 Configuring Protocol-based VLANs Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2: Console#show interfaces protocol-vlan protocol-group Port ProtocolGroup ID Vlan ID ---------- ------------------ ----------- Eth 1/1 vlan2 Console#...
Page 612 VLAN Commands 34-24...
Page 613: Chapter 35: Class Of Service Commands
Chapter 35: Class of Service Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 614: Queue Mode
Class of Service Commands queue mode This command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) priority queues. Use the no form to restore the default value. Syntax queue mode {strict | wrr} no queue mode •...
Page 615: Switchport Priority Default
Priority Commands (Layer 2) switchport priority default This command sets a priority for incoming untagged frames. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default default-priority-id - The priority number for untagged ingress traffic. The priority is a number from 0 to 7.
Page 616: Queue Bandwidth
Class of Service Commands queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues. Use the no form to restore the default weights. Syntax queue bandwidth weight0...weight7 no queue bandwidth weight0...weight7 - The ratio of weights for queues 0 - 7 determines the weights used by the WRR scheduler.
Page 617: Show Queue Mode
Priority Commands (Layer 2) • cos1 ... cosn - The CoS values that are mapped to the queue ID. It is a space-separated list of numbers. The CoS value is a number from 0 to 7, where 7 is the highest priority. Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each port.
Page 618: Show Queue Bandwidth
Class of Service Commands show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues. Syntax show queue bandwidth [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26/50) •...
Page 619: Priority Commands (Layer 3 And 4)
Priority Commands (Layer 3 and 4) Example Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 CoS Value: 0 1 2 3 4 5 6 7 Priority Queue: 2 0 1 3 4 5 6 7 Console# Priority Commands (Layer 3 and 4) This section describes commands used to configure Layer 3 and Layer 4 traffic priority on the switch.
Page 620: Map Ip Port (Interface Configuration)
Class of Service Commands map ip port (Interface Configuration) This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number •...
Page 621: Map Ip Precedence (Interface Configuration)
Priority Commands (Layer 3 and 4) Example The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence Console(config)# map ip precedence (Interface Configuration) This command sets IP precedence priority (i.e., IP Type of Service priority). Use the no form to restore the default table.
Page 622: Map Ip Dscp (Global Configuration)
Class of Service Commands map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [no] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage •...
Page 623: Show Map Ip Port
Priority Commands (Layer 3 and 4) Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Table 35-6 Mapping IP DSCP to CoS Values IP DSCP Value CoS Value 10, 12, 14, 16...
Page 624: Show Map Ip Precedence
Class of Service Commands Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no. COS --------- -------- --- Eth 1/ 5 Console# Related Commands map ip port (Global Configuration) (35-7)
Page 625: Show Map Ip Dscp
Priority Commands (Layer 3 and 4) show map ip dscp This command shows the IP DSCP priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-26/50) •...
Page 626 Class of Service Commands 35-14...
Page 627: Chapter 36: Quality Of Service Commands
Chapter 36: Quality of Service Commands The commands described in this section are used to configure Differentiated Services (DiffServ) classification criteria and service policies. You can classify traffic based on access lists, IP Precedence or DSCP values, or VLANs. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet.
Page 628: Class-Map
Quality of Service Commands any traffic that exceeds the specified rate, or just reduce the DSCP service level for traffic exceeding the specified rate. Use the service-policy command to assign a policy map to a specific interface. Notes: 1. You can configure up to 16 rules per Class Map. You can also include multiple classes in a Policy Map.
Page 629: Match
match match This command defines the criteria used to classify traffic. Use the no form to delete the matching criteria. Syntax [no] match {access-list acl-name | ip dscp dscp | ipv6 dscp dscp | ip precedence ip-precedence | vlan vlan} •...
Page 630: Rename
Quality of Service Commands This example creates a class map call “rd_class#3,” and sets it to match packets marked for VLAN 1. Console(config)#class-map rd_class#3 match-any Console(config-cmap)#match vlan 1 Console(config-cmap)# rename This command redefines the name of a class map or policy map. Syntax rename map-name map-name - Name of the class map or policy map.
Page 631: Policy-Map
policy-map policy-map This command creates a policy map that can be attached to multiple interfaces, and enters Policy Map configuration mode. Use the no form to delete a policy map. Syntax [no] policy-map policy-map-name policy-map-name - Name of the policy map. (Range: 1-16 characters) Default Setting None Command Mode...
Page 632: Set
Quality of Service Commands Command Usage • Use the policy-map command to specify a policy map and enter Policy Map configuration mode. Then use the class command to enter Policy Map Class configuration mode. And finally, use the set and police commands to specify the match criteria, where the: - set command classifies the service that an IP packet will receive.
Page 633: Police
police Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd_class,” uses the set command to classify the service that incoming packets will receive, and then uses the police command to limit the average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violating packets.
Page 634: Service-Policy
Quality of Service Commands Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd_class,” uses the set command to classify the service that incoming packets will receive, and then uses the police command to limit the average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violating packets.
Page 635: Show Class-Map
show class-map show class-map This command displays the QoS class maps which define matching criteria used for classifying traffic. Syntax show class-map [class-map-name] class-map-name - Name of the class map. (Range: 1-16 characters) Default Setting Displays all class maps. Command Mode Privileged Exec Example Console#show class-map...
Page 636: Show Policy-Map Interface
Quality of Service Commands Example Console#show policy-map Policy Map rd_policy class rd_class set ip dscp 3 Console#show policy-map rd_policy class rd_class Policy Map rd_policy class rd_class set ip dscp 3 Console# show policy-map interface This command displays the service policy assigned to the specified interface. Syntax show policy-map interface interface input interface...
Page 637: Chapter 37: Multicast Filtering Commands
Chapter 37: Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 638: Ip Igmp Snooping Vlan Static
Multicast Filtering Commands Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static This command adds a port to a multicast group. Use the no form to remove the port. Syntax [no] ip igmp snooping vlan vlan-id static ip-address interface •...
Page 639: Ip Igmp Snooping Immediate-Leave
IGMP Snooping Commands Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage • This command configures the IGMP report/query version used by IGMP snooping. Versions 1 - 3 are all supported, and versions 2 and 3 are backward compatible, so the switch can operate with other devices, regardless of the snooping version employed.
Page 640: Show Ip Igmp Snooping
Multicast Filtering Commands Example The following shows how to enable immediate leave. Console(config)#ip igmp snooping vlan 1 immediate-leave Console(config)# show ip igmp snooping This command shows the IGMP snooping and query configuration settings. Command Mode Privileged Exec Command Usage See "Configuring IGMP Snooping and Query Parameters" on page 15-3 for a description of the displayed items.
Page 641: Igmp Query Commands
IGMP Query Commands Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER, depending on selected options. Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: Console#show mac-address-table multicast vlan 1 igmp-snooping VLAN M'cast IP addr.
Page 642: Ip Igmp Snooping Query-Count
Multicast Filtering Commands Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic. Example Console(config)#ip igmp snooping querier Console(config)# ip igmp snooping query-count This command configures the query count. Use the no form to restore the default. Syntax ip igmp snooping query-count count no ip igmp snooping query-count...
Page 643: Ip Igmp Snooping Query-Interval
IGMP Query Commands ip igmp snooping query-interval This command configures the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages.
Page 644: Ip Igmp Snooping Router-Port-Expire-Time
Multicast Filtering Commands Example The following shows how to configure the maximum response time to 20 seconds: Console(config)#ip igmp snooping query-max-response-time 20 Console(config)# Related Commands ip igmp snooping version (37-2) ip igmp snooping query-max-response-time (37-7) ip igmp snooping router-port-expire-time This command configures the query timeout. Use the no form to restore the default. Syntax ip igmp snooping router-port-expire-time seconds no ip igmp snooping router-port-expire-time...
Page 645: Static Multicast Routing Commands
Static Multicast Routing Commands Static Multicast Routing Commands This section describes commands used to configure static multicast interfaces on the switch. Table 37-4 Static Multicast Routing Commands Command Function Mode Page ip igmp snooping vlan Adds a multicast router port 37-9 mrouter show ip igmp snooping...
Page 646: Show Ip Igmp Snooping Mrouter
Multicast Filtering Commands show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4093) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage...
Page 647: Chapter 38: Domain Name Service Commands
Chapter 38: Domain Name Service Commands These commands are used to configure Domain Naming System (DNS) services. Entries can be manually configured in the DNS domain name to IP address mapping table, default domain names configured, or one or more name servers specified to use for domain name to address translation.
Page 648: Clear Host
Domain Name Service Commands Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP address is associated with a host name using this command, a DNS client can try each address in succession, until it establishes a connection with the target device.
Page 649: Ip Domain-Name
ip domain-name ip domain-name This command defines the default domain name appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation). Use the no form to remove the current domain name. Syntax ip domain-name name no ip domain-name...
Page 650: Ip Name-Server
Domain Name Service Commands Command Usage • Domain names are added to the end of the list one at a time. • When an incomplete host name is received by the DNS service on this switch, it will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.
Page 651: Ip Domain-Lookup
ip domain-lookup Example This example adds two domain-name servers to the list and then displays the list. Console(config)#ip domain-server 192.168.1.55 10.1.0.55 Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console#...
Page 652: Show Hosts
Domain Name Service Commands Example This example enables DNS and then displays the configuration. Console(config)#ip domain-lookup Console(config)#end Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Related Commands ip domain-name (38-3) ip name-server (38-4) show hosts...
Page 653: Show Dns
show dns show dns This command displays the configuration of the DNS service. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# show dns cache This command displays entries in the DNS cache.
Page 654: Clear Dns Cache
Domain Name Service Commands clear dns cache This command clears all entries in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache FLAG TYPE DOMAIN Console# 38-8...
Page 655: Chapter 39: Dhcp Commands
Chapter 39: DHCP Commands These commands are used to configure Dynamic Host Configuration Protocol (DHCP) client, relay, and server functions. You can configure any VLAN interface to be automatically assigned an IP address via DHCP. This switch can be configured to relay DHCP client configuration requests to a DHCP server on another network, or you can configure this switch to provide DHCP service directly to any client.
Page 656: Ip Dhcp Restart Client
DHCP Commands Command Usage This command is used to include a client identifier in all communications with the DHCP server, which uses it to index its database of address bindings. The information included in the identifier is based on RFC 2132 Option 60, and must be unique for all clients in the same administrative domain.
Page 657: Dhcp Relay
DHCP Relay DHCP Relay Table 39-3 DHCP Relay Commands Command Function Mode Page ip dhcp restart relay Enables DHCP relay agent 39-3 ip dhcp relay server Specifies DHCP server addresses for relay 39-4 ip dhcp restart relay This command enables DHCP relay for the specified VLAN. Use the no form to disable it.
Page 658: Ip Dhcp Relay Server
DHCP Commands ip dhcp relay server This command specifies the addresses of DHCP servers to be used by the switch’s DHCP relay agent. Use the no form to clear all addresses. Syntax ip dhcp relay server address1 [address2 [address3 ...]] no ip dhcp relay server address - IP address of DHCP server.
Page 659: Dhcp Server
DHCP Server DHCP Server Table 39-4 DHCP Server Commands Command Function Mode Page service dhcp Enables the DHCP server feature on this switch 39-5 ip dhcp Specifies IP addresses that a DHCP server should not assign to 39-6 excluded-address DHCP clients ip dhcp pool Configures a DHCP address pool on a DHCP Server 39-6...
Page 660: Ip Dhcp Excluded-Address
DHCP Commands Command Usage If the DHCP server is running, you must restart it to implement any configuration changes. Example Console(config)#service dhcp Console(config)# ip dhcp excluded-address This command specifies IP addresses that the DHCP server should not assign to DHCP clients. Use the no form to remove the excluded IP addresses. Syntax [no] ip dhcp excluded-address low-address [high-address] •...
Page 661: Network
DHCP Server client (with the host command) if required. You can configure up to 8 network address pools, and up to 32 manually bound host address pools (i.e., listing one host address per pool). However, note that any address specified in a host command must fall within the range of a configured network address pool.
Page 662: Default-Router
DHCP Commands default-router This command specifies default routers for a DHCP pool. Use the no form to remove the default routers. Syntax default-router address1 [address2] no default-router • address1 - Specifies the IP address of the primary router. • address2 - Specifies the IP address of an alternate router. Default Setting None Command Mode...
Page 663: Dns-Server
DHCP Server dns-server This command specifies the Domain Name System (DNS) IP servers available to a DHCP client. Use the no form to remove the DNS server list. Syntax dns-server address1 [address2] no dns-server • address1 - Specifies the IP address of the primary DNS server. •...
Page 664: Bootfile
DHCP Commands bootfile This command specifies the name of the default boot image for a DHCP client. This file should placed on the Trivial File Transfer Protocol (TFTP) server specified with the next-server command. Use the no form to delete the boot image name. Syntax bootfile filename no bootfile...
Page 665: Netbios-Node-Type
DHCP Server Related Commands netbios-node-type (39-11) netbios-node-type This command configures the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS node type. Syntax netbios-node-type type no netbios-node-type type - Specifies the NetBIOS node type: •...
Page 666: Host
DHCP Commands Default Setting One day Command Modes DHCP Pool Configuration Example The following example leases an address to clients using this pool for 7 days. Console(config-dhcp)#lease 7 Console(config-dhcp)# host Use this command to specify the IP address and network mask to manually bind to a DHCP client.
Page 667: Client-Identifier
DHCP Server • The no host command only clears the address from the DHCP server database. It does not cancel the IP address currently in use by the host. Example Console(config-dhcp)#host 10.1.0.21 255.255.255.0 Console(config-dhcp)# Related Commands client-identifier (39-13) hardware-address (39-14) client-identifier This command specifies the client identifier of a DHCP client.
Page 668: Hardware-Address
DHCP Commands hardware-address This command specifies the hardware address of a DHCP client. This command is valid for manual bindings only. Use the no form to remove the hardware address. Syntax hardware-address hardware-address type no hardware-address • hardware-address - Specifies the MAC address of the client device. •...
Page 669: Show Ip Dhcp Binding
DHCP Server Usage Guidelines • An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the DHCP server clears all automatic bindings. • Use the no host command to delete a manual binding. •...
Page 670 DHCP Commands 39-16...
Page 671: Chapter 40: Router Redundancy Commands
Chapter 40: Router Redundancy Commands Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load. The primary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down.
Page 672: Vrrp Ip
Router Redundancy Commands vrrp ip This command enables the Virtual Router Redundancy Protocol (VRRP) on an interface and specifies the IP address of the virtual router. Use the no form to disable VRRP on an interface and remove the IP address from the virtual router. Syntax [no] vrrp group ip ip-address •...
Page 673: Vrrp Authentication
Virtual Router Redundancy Protocol Commands vrrp authentication This command specifies the key used to authenticate VRRP packets received from other routers. Use the no form to prevent authentication. Syntax vrrp group authentication key no vrrp group authentication • group - Identifies the virtual router group. (Range: 1-255) •...
Page 674: Vrrp Timers Advertise
Router Redundancy Commands Command Mode Interface (VLAN) Command Usage • A router that has a physical interface with the same IP address as that used for the virtual router (that is, the owner of the VRRP IP address) will become the master virtual router.
Page 675: Vrrp Preempt
Virtual Router Redundancy Protocol Commands Command Mode Interface (VLAN) Command Usage • VRRP advertisements from the current master virtual router include information about its priority and current state as the master. • VRRP advertisements are sent to the multicast address 224.0.0.18. Using a multicast address reduces the amount of traffic that has to processed by network devices that are not part of the designated VRRP group.
Page 676: Show Vrrp
Router Redundancy Commands master has just come on line, this delay also gives it time to gather information for its routing table before actually preempting the currently active router. Example Console(config-if)#vrrp 1 preempt delay 10 Console(config-if)# Related Commands vrrp priority (40-3) show vrrp This command displays status information for VRRP.
Page 677: Table 40-3 Show Vrrp - Display Description
Virtual Router Redundancy Protocol Commands Example This example displays the full listing of status information for all groups. Console#show vrrp Vlan 1 - Group 1, State Master Virtual IP Address 192.168.1.6 Virtual MAC Address 00-00-E3-11-10-10 Advertisement Interval 5 sec Preemption Enabled Min Delay 10 sec...
Page 678: Show Vrrp Interface
Router Redundancy Commands Table 40-4 show vrrp brief - display description Field Description Interface VLAN interface VRRP group State VRRP role of this interface (master or backup) Virtual addr Virtual address that identifies this VRRP group Interval at which the master virtual router advertises its role as the master Shows whether or not a higher priority router can preempt the current acting master Prio Priority of this router...
Page 679: Show Vrrp Router Counters
Virtual Router Redundancy Protocol Commands show vrrp router counters This command displays counters for errors found in VRRP protocol packets. Command Mode Privileged Exec Example Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number. Console#show vrrp router counters Total Number of VRRP Packets with Invalid Checksum : 0 Total Number of VRRP Packets with Unknown Error...
Page 680: Clear Vrrp Router Counters
Router Redundancy Commands clear vrrp router counters This command clears VRRP system statistics. Command Mode Privileged Exec Example Console#clear vrrp router counters Console# clear vrrp interface counters This command clears VRRP system statistics for the specified group and interface. clear vrrp group interface interface counters •...
Page 681: Chapter 41: Ip Interface Commands
Chapter 41: IP Interface Commands An IP address may be used for management access to the router over your network or to connect the switch to existing IP subnets. An IPv4 address is obtained via DHCP by default for VLAN 1. You can also manually configure a new address for other VLANs on the router to enable management access through these VLANs or to connect the router to existing IP subnets.
Page 682 IP Interface Commands Table 41-2 Basic IP Configuration Commands (Continued) Command Function Mode Page IP Version 6 Interface Address Configuration and Utilities ipv6 enable Enables IPv6 on an interface that has not been configured with an 41-7 explicit IPv6 address ipv6 general-prefix Defines an IPv6 general prefix for the network address segment 41-8...
Page 683: Ip Address
Basic IP Configuration ip address This command sets the IPv4 address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} [secondary] no ip address •...
Page 684: Ip Default-Gateway
IP Interface Commands uses a secondary address, all other routers in that segment must also use a secondary address from the same network or subnet address space. • If bootp or dhcp options are selected, the system will immediately start broadcasting service requests.
Page 685: Show Ip Interface
Basic IP Configuration Example The following example defines a default gateway for this device: Console(config)#ip default-gateway 10.1.1.254 Console(config)# Related Commands ip route (42-2) show ip redirects (41-5) ipv6 default-gateway (41-17) show ip interface This command displays the settings of an IPv4 interface. Command Mode Privileged Exec Example...
Page 686: Ping
IP Interface Commands ping This command sends (IPv4) ICMP echo request packets to another node on the network. Syntax ping host [size size] [count count] • host - IP address or IP alias of the host. • size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the router adds header information.
Page 687: Ipv6 Enable
Basic IP Configuration Related Commands interface (27-1) ping ipv6 (41-25) ipv6 enable This command enables IPv6 on an interface that has not been configured with an explicit IPv6 address. Use the no form to disable IPv6 on an interface that has not been configured with an explicit IPv6 address.
Page 688: Ipv6 General-Prefix
IP Interface Commands Related Commands ipv6 address link-local (41-13) show ipv6 interface (41-14) ipv6 general-prefix This command defines an IPv6 general prefix for the network address segment. Use the no form to remove the IPv6 general prefix. Syntax ipv6 general-prefix prefix-name ipv6-prefix/prefix-length no ipv6 general-prefix prefix-name •...
Page 689: Show Ipv6 General-Prefix
Basic IP Configuration show ipv6 general-prefix This command displays all configured IPv6 general prefixes. Command Mode Normal Exec, Privileged Exec Example This example displays a single IPv6 general prefix configured for the router. Console#show ipv6 general-prefix IPv6 general prefix: rd 2009:DB9:2229::/48 Console# ipv6 address...
Page 690: Ipv6 Address Autoconfig
IP Interface Commands apply to one or more specific interfaces, and are therefore specified by this command at the interface configuration level. • If a link-local address has not yet been assigned to this interface, this command will assign the specified static global unicast address and also dynamically generate a link-local unicast address for the interface.
Page 691: Default Setting
Basic IP Configuration Default Setting No IPv6 addresses are defined Command Mode Interface Configuration (VLAN) Command Usage • If a link local address has not yet been assigned to this interface, this command will dynamically generate a global unicast address and a link local address for the interface.
Page 692: Ipv6 Address Eui-64
IP Interface Commands ipv6 address eui-64 This command configures an IPv6 address for an interface using an EUI-64 interface ID in the low order 64 bits and enables IPv6 on the interface. Use the no form without any arguments to remove all manually configured IPv6 addresses from the interface.
Page 693: Ipv6 Address Link-Local
Basic IP Configuration id) and the rest of the address, resulting in a modified EUI-64 interface identifier of 2A-9F-18-FF-FE-1C-82-35. • This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device, as long as those interfaces are attached to different subnets.

This manual is also suitable for:

Tigerstack ii smc8950em 8926em 8950em

SMC Networks TigerStack II SMC8926EM Management Manual

Section I: Getting Started

Chapter 1: Introduction

Chapter 2: Initial Configuration

Section II: Switch Management

Chapter 3: Configuring the Switch

Chapter 4: Basic Management Tasks

Chapter 5: Simple Network Management Protocol

Chapter 6: User Authentication

Chapter 7: Access Control Lists

Chapter 8: Port Configuration

Chapter 9: Address Table Settings

Chapter 10: Spanning Tree Algorithm

Chapter 11: VLAN Configuration

Chapter 12: Link Layer Discovery Protocol

Chapter 13: Class of Service

Quick Links

MANAGEMENT GUIDE

Related Manuals for SMC Networks TigerStack II SMC8926EM

Summary of Contents for SMC Networks TigerStack II SMC8926EM