SMC Networks 6726AL2 Management Manual

SMC Networks 6726AL2 Management Manual

Tigerswitch 10/100 24/48-port 10/100mbps fast ethernet managed switch
Hide thumbs Also See for 6726AL2:
Table of Contents

Advertisement

TigerSwitch 10/100
24/48-Port 10/100Mbps
Fast Ethernet Managed Switch
◆ 24/48 auto-MDI/MDI-X 10BASE-T/100BASE-TX ports
◆ 2 Gigabit RJ-45 ports shared with 2 SFP transceiver slots
◆ 2 Gigabit RJ-45 ports
◆ 8.8/17.6 Gbps of aggregate bandwidth
◆ Non-blocking switching architecture
◆ Spanning Tree Protocol and Rapid STP
◆ Up to four LACP or static 4-port trunks
◆ Layer 2/3/4 CoS support through four priority queues
◆ Full support for VLANs with GVRP
◆ IGMP multicast filtering and snooping
◆ Support for jumbo frames up to 9 KB
◆ Manageable via console, Web, SNMP, RMON

Management Guide

SMC6726AL2
SMC6752AL2

Advertisement

Table of Contents
loading

Summary of Contents for SMC Networks 6726AL2

  • Page 1: Management Guide

    TigerSwitch 10/100 24/48-Port 10/100Mbps Fast Ethernet Managed Switch ◆ 24/48 auto-MDI/MDI-X 10BASE-T/100BASE-TX ports ◆ 2 Gigabit RJ-45 ports shared with 2 SFP transceiver slots ◆ 2 Gigabit RJ-45 ports ◆ 8.8/17.6 Gbps of aggregate bandwidth ◆ Non-blocking switching architecture ◆ Spanning Tree Protocol and Rapid STP ◆...
  • Page 3 TigerSwitch 10/100 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 January 2005 Phone: (949) 679-8000 Pub. # 149100005200H...
  • Page 4 38 Tesla Irvine, CA 92618 All rights reserved. Trademarks: SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
  • Page 5 Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies.
  • Page 6 WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS. * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.
  • Page 7: Table Of Contents

    ONTENTS Introduction ........1-1 Key Features ..........1-1 Description of Software Features .
  • Page 8 ONTENTS Using DHCP/BOOTP ......3-19 Managing Firmware ........3-21 Downloading System Software from a Server .
  • Page 9 ONTENTS Configuring a Standard IP ACL ..... 3-79 Configuring an Extended IP ACL ....3-81 Configuring a MAC ACL .
  • Page 10 ONTENTS Configuring VLAN Behavior for Interfaces ..3-153 Private VLANs ........3-156 Displaying Current Private VLANs .
  • Page 11 ONTENTS Getting Help on Commands ......4-5 Showing Commands ........4-6 Partial Keyword Lookup .
  • Page 12 ONTENTS User Access Commands ....... 4-34 username ........4-35 enable password .
  • Page 13 ONTENTS logging sendmail level ......4-69 logging sendmail source-email ..... . 4-70 logging sendmail destination-email .
  • Page 14 ONTENTS show radius-server ......4-101 TACACS+ Client ........4-102 tacacs-server host .
  • Page 15 ONTENTS show map access-list mac ......4-134 ACL Information ........4-135 show access-list .
  • Page 16 ONTENTS lacp port-priority ........4-171 show lacp .
  • Page 17 ONTENTS Displaying VLAN Information ......4-207 show vlan ........4-207 Configuring Private VLANs .
  • Page 18 ONTENTS Multicast Filtering Commands ......4-238 IGMP Snooping Commands ......4-238 ip igmp snooping .
  • Page 19 ONTENTS PPENDICES Software Specifications ......A-1 Software Features ......... . . A-1 Management Features .
  • Page 20 ONTENTS...
  • Page 21 ABLES Table 1-1 Key Features ........1-1 Table 1-2 System Defaults .
  • Page 22 ABLES Table 4-21 SMTP Alert Commands ......4-68 Table 4-22 Time Commands ....... 4-72 Table 4-23 System Status Commands .
  • Page 23 ABLES Table 4-58 Priority Commands (Layer 2) ....4-222 Table 4-59 Default CoS Priority Levels ..... . 4-226 Table 4-60 Priority Commands (Layer 3 and 4) .
  • Page 24 ABLES...
  • Page 25 IGURES Figure 3-1 Home Page ........3-3 Figure 3-2 Panel Display .
  • Page 26 IGURES Figure 3-37 ACL Configuration - Extended IP ....3-82 Figure 3-38 ACL Configuration - MAC ..... . . 3-84 Figure 3-39 Binding a Port to an ACL .
  • Page 27 IGURES Figure 3-74 Queue Mode ....... . . 3-169 Figure 3-75 Configuring Queue Scheduling ....3-170 Figure 3-76 IP Precedence/DSCP Priority Status .
  • Page 28 IGURES xxiv...
  • Page 29: Introduction

    HAPTER NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
  • Page 30: Description Of Software Features

    NTRODUCTION Table 1-1 Key Features Feature Description Port Trunking Supports up to 4 trunks using either static or dynamic trunking (LACP) Broadcast Storm Supported Control Static Address Up to 8K MAC addresses in the forwarding table IEEE 802.1D Supports dynamic data switching and addresses learning Bridge Store-and-Forward Supported to ensure wire-speed switching while eliminating...
  • Page 31 ESCRIPTION OF OFTWARE EATURES Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings. Authentication – This switch authenticates management access via the console port, Telnet or web browser.
  • Page 32 NTRODUCTION Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
  • Page 33 ESCRIPTION OF OFTWARE EATURES Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.
  • Page 34 NTRODUCTION switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: • Eliminate broadcast storms which severely degrade performance in a flat network. • Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.
  • Page 35: System Defaults

    YSTEM EFAULTS System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-23). The following table lists some of the basic system defaults. Table 1-2 System Defaults Function Parameter...
  • Page 36 NTRODUCTION Table 1-2 System Defaults Function Parameter Default HTTP Server Enabled Management HTTP Port Number HTTP Secure Server Enabled HTTP Secure Port Number SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled Port Admin Status Enabled Configuration Auto-negotiation...
  • Page 37 YSTEM EFAULTS Table 1-2 System Defaults Function Parameter Default Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Disabled Switchport Mode (Egress Hybrid: tagged/untagged frames Mode) GVRP (global) Disabled GVRP (port interface) Disabled Traffic Ingress Port Priority Prioritization Weighted Round Robin Queue: 0 1 2 3 Weight: 1 2 4 6 IP Precedence Priority...
  • Page 38 NTRODUCTION 1-10...
  • Page 39: Initial Configuration

    Telnet connection over the network. The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software such as SMC EliteView.
  • Page 40: Required Connections

    NITIAL ONFIGURATION The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions: • Set user names and passwords for up to 16 users • Set an IP interface for a management VLAN •...
  • Page 41 ONNECTING TO THE WITCH Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide. To connect a terminal to the console port, complete the following steps: 1.
  • Page 42: Remote Connections

    NITIAL ONFIGURATION For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 4-12. Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default...
  • Page 43: Basic Configuration

    ASIC ONFIGURATION Basic Configuration Console Connection The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities.
  • Page 44: Setting An Ip Address

    NITIAL ONFIGURATION 2. Type “configure” and press <Enter>. 3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>. 4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>. Note: ‘0’...
  • Page 45: Manual Configuration

    ASIC ONFIGURATION Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
  • Page 46: Dynamic Configuration

    NITIAL ONFIGURATION Dynamic Configuration If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart” command to start broadcasting service requests.
  • Page 47: Enabling Snmp Management Access

    The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as SMC EliteView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
  • Page 48: Trap Receivers

    NITIAL ONFIGURATION The default strings are: • public - with read-only access. Authorized management stations are only able to retrieve MIB objects. • private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Note: If you do not intend to utilize SNMP, we recommend that you delete both of the default community strings.
  • Page 49: Saving Configuration Settings

    ASIC ONFIGURATION “community-string” is the string associated with that host. Press <Enter>. 2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down.
  • Page 50: Managing System Files

    NITIAL ONFIGURATION Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
  • Page 51: Configuring The Switch

    HAPTER ONFIGURING THE WITCH Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
  • Page 52 ONFIGURING THE WITCH Notes: 1. You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated. 2. If you log into the web interface as guest (Normal Exec level), you can view the configuration settings or change the guest password.
  • Page 53: Navigating The Web Browser Interface

    AVIGATING THE ROWSER NTERFACE Navigating the Web Browser Interface To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”...
  • Page 54: Configuration Options

    ONFIGURING THE WITCH Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.
  • Page 55: Main Menu

    Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 3-2 Main Menu Menu Description Page...
  • Page 56 ONFIGURING THE WITCH Table 3-2 Main Menu (Continued) Menu Description Page SNTP 3-42 Configuration Configures SNTP client settings, including 3-42 broadcast mode or a specified list of servers Clock Time Zone Sets the local time zone for the system clock 3-44 SNMP 3-45...
  • Page 57 Table 3-2 Main Menu (Continued) Menu Description Page IP Filter Sets IP addresses of clients allowed 3-75 management access via the web, SNMP, and Telnet Port 3-87 Port Information Displays port connection status 3-87 Trunk Information Displays trunk connection status 3-87 Port Configuration Configures port connection settings...
  • Page 58 ONFIGURING THE WITCH Table 3-2 Main Menu (Continued) Menu Description Page Output Sets the output rate limit for each port 3-113 Port Configuration Output Sets the output rate limit for each trunk 3-113 Trunk Configuration Port Statistics Lists Ethernet and RMON port statistics 3-114 Address Table 3-121...
  • Page 59 Table 3-2 Main Menu (Continued) Menu Description Page Static Membership by Configures membership type for interfaces, 3-152 Port including tagged, untagged or forbidden Port Configuration Specifies default PVID and VLAN attributes 3-153 Trunk Configuration Specifies default trunk VID and VLAN 3-153 attributes Private VLAN...
  • Page 60: Table 3-2 Main Menu

    ONFIGURING THE WITCH Table 3-2 Main Menu (Continued) Menu Description Page Queue Scheduling Configures Weighted Round Robin 3-170 queueing IP Precedence/ Globally selects IP Precedence or DSCP 3-172 DSCP Priority Status Priority, or disables both. IP Precedence Priority Sets IP Type of Service priority, mapping the 3-172 precedence tag to a class-of-service value IP DSCP Priority...
  • Page 61: Basic Configuration

    ASIC ONFIGURATION Basic Configuration Displaying System Information You can easily identify the system by displaying the device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem.
  • Page 62: Figure 3-3 System Information

    ONFIGURING THE WITCH Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows access to the Command Line Interface via Telnet.) Figure 3-3 System Information 3-12...
  • Page 63: Displaying Switch Hardware/Software Versions

    Console(config)#snmp-server location WC 9 4-138 Console(config)#snmp-server contact Ted 4-138 Console(config)#exit Console#show system 4-83 System description: TigerSwitch 10/100 6726AL2 System OID string: 1.3.6.1.4.1.202.20.46 System information System Up time: 0 days, 2 hours, 4 minutes, and 7.13 seconds System Name: R&D 5...
  • Page 64: Figure 3-4 Switch Information

    ONFIGURING THE WITCH Management Software • Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master or Slave. Expansion Slot •...
  • Page 65: Displaying Bridge Extension Capabilities

    ASIC ONFIGURATION CLI – Use the following command to display version information. Console#show version 4-84 Unit 1 Serial number: A419048860 Service tag: Hardware version: Module A type: 1000BaseT Module B type: 1000BaseT Number of ports: Main power status: Redundant power status :not present Agent (master) Unit ID:...
  • Page 66: Figure 3-5 Bridge Extension Configuration

    ONFIGURING THE WITCH • Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 3-140.) •...
  • Page 67: Setting The Switch's Ip Address

    ASIC ONFIGURATION CLI – Enter the following command. Console#show bridge-ext 4-218 Max support VLAN numbers: Max support VLAN ID: 4094 Extended multicast filtering services: No Static entry individual port: VLAN learning: Configurable PVID tagging: Local VLAN capable: Traffic classes: Enabled Global GVRP status: Disabled GMRP:...
  • Page 68: Manual Configuration

    ONFIGURING THE WITCH Requests will be broadcast periodically by the switch for an IP address. (DHCP/BOOTP values can include the IP address, subnet mask, and default gateway.) • IP Address – Address of the VLAN interface that is allowed management access. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
  • Page 69: Using Dhcp/Bootp

    ASIC ONFIGURATION CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 4-144 Console(config-if)#ip address 10.1.0.254 255.255.255.0 4-249 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 4-252 Console(config)# Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services.
  • Page 70 ONFIGURING THE WITCH CLI – Specify the management interface, and set the IP address mode to DHCP or BOOTP, and then enter the “ip dhcp restart” command. Console#config Console(config)#interface vlan 1 4-144 Console(config-if)#ip address dhcp 4-249 Console(config-if)#end Console#ip dhcp restart 4-251 Console#show ip interface 4-252...
  • Page 71: Managing Firmware

    ASIC ONFIGURATION Managing Firmware You can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation.
  • Page 72: Downloading System Software From A Server

    ONFIGURING THE WITCH Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file.
  • Page 73: Figure 3-9 Select Start-Up Operation File

    ASIC ONFIGURATION If you download to a new destination file, go to the System/File/Set Start-Up menu, mark the operation code file used at startup, and click Apply. To start the new firmware, reboot the system via the System/Reset menu. Figure 3-9 Select Start-Up Operation File To delete a file select System, File, Delete.
  • Page 74: Saving Or Restoring Configuration Settings

    ONFIGURING THE WITCH CLI – To download new firmware form a TFTP server, enter the IP address of the TFTP server, select “opcode” as the file type, then enter the source and destination file names. When the file has finished downloading, set the new file to start up the system, and then restart the switch.
  • Page 75 ASIC ONFIGURATION - running-config to tftp – Copies the running configuration to a TFTP server. - startup-config to file – Copies the startup configuration to a file on the switch. - startup-config to running-config – Copies the startup config to the running config.
  • Page 76: Downloading Configuration Settings From A Server

    ONFIGURING THE WITCH Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg”...
  • Page 77: Figure 3-12 Setting The Startup Configuration Settings

    ASIC ONFIGURATION If you download to a new file name using “tftp to startup-config” or “tftp to file,” the file is automatically set as the start-up configuration file. To use the new settings, reboot the system via the System/Reset menu. Note that you can also select any configuration file as the start-up configuration by using the System/File/Set Start-Up page.
  • Page 78: Console Port Settings

    ONFIGURING THE WITCH Console Port Settings You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings. These parameters can be configured via the web or CLI interface.
  • Page 79: Figure 3-13 Console Port Settings

    ASIC ONFIGURATION • Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud;...
  • Page 80: Telnet Settings

    ONFIGURING THE WITCH CLI – Enter Line Configuration mode for the console, then specify the connection parameters as required. To display the current console port settings, use the show line command from the Normal Exec level. Console(config)#line console 4-15 Console(config-line)#login local 4-16 Console(config-line)#password 0 secret 4-17...
  • Page 81 ASIC ONFIGURATION • Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0-300 seconds; Default: 300 seconds) •...
  • Page 82: Figure 3-14 Enabling Telnet

    ONFIGURING THE WITCH Web – Click System, Line, Telnet. Specify the connection parameters for Telnet access, then click Apply. Figure 3-14 Enabling Telnet CLI – Enter Line Configuration mode for a virtual terminal, then specify the connection parameters as required. To display the current virtual terminal settings, use the show line command from the Normal Exec level.
  • Page 83: Configuring Event Logging

    ASIC ONFIGURATION Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages. System Log Configuration The system allows you to enable or disable event logging, and specify which levels are logged to RAM or flash memory.
  • Page 84: Table 3-3 Logging Levels

    ONFIGURING THE WITCH Table 3-3 Logging Levels Level Severity Name Description Debug Debugging messages Informational Informational messages only Notice Normal but significant condition, such as cold start Warning Warning conditions (e.g., return false, unexpected return) Error Error conditions (e.g., invalid input, default used) Critical Critical conditions (e.g., memory allocation, or...
  • Page 85: Figure 3-15 System Logs

    ASIC ONFIGURATION Web – Click System, Log, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash memory, then click Apply. Figure 3-15 System Logs CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory.
  • Page 86: Remote Log Configuration

    ONFIGURING THE WITCH Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the error messages sent to only those messages below a specified level.
  • Page 87: Figure 3-16 Remote Logs

    ASIC ONFIGURATION Web – Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove.
  • Page 88: Displaying Log Messages

    ONFIGURING THE WITCH Displaying Log Messages The Logs page allows you to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.
  • Page 89: Sending Simple Mail Transfer Protocol Alerts

    ASIC ONFIGURATION Sending Simple Mail Transfer Protocol Alerts To alert system administrators of problems, the switch can use SMTP (Simple Mail Transfer Protocol) to send email messages when triggered by logging events of a specified level. The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients.
  • Page 90: Figure 3-18 Enabling And Configuring Smtp Alerts

    ONFIGURING THE WITCH Web – Click System, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. To add an IP address to the SMTP Server List, type the new IP address in the SMTP Server field and click Add.
  • Page 91: Resetting The System

    ASIC ONFIGURATION CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the logging sendmail command to complete the configuration.
  • Page 92: Setting The System Clock

    ONFIGURING THE WITCH CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch. Console#reload 4-30 System will be restarted, continue <y/n>? y Note: When restarting the system, it will always run the Power-On Self-Test.
  • Page 93: Figure 3-20 Sntp Configuration

    ASIC ONFIGURATION • SNTP Server – Sets the IP address for up to three time servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence. Web –...
  • Page 94: Setting The Time Zone

    ONFIGURING THE WITCH Setting the Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
  • Page 95: Simple Network Management Protocol

    A network management station can access this information using software such as SMC EliteView. Access rights to the onboard agent are controlled by community strings. To communicate with the switch, the management station must first submit a valid community string for authentication.
  • Page 96: Specifying Trap Managers And Trap Types

    You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as SMC EliteView). You can specify up to five management stations that will receive authentication failure messages and other trap messages from the switch.
  • Page 97: Figure 3-23 Configuring Ip Trap Managers

    IMPLE ETWORK ANAGEMENT ROTOCOL Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP address of the host (the targeted recipient).
  • Page 98: User Authentication

    ONFIGURING THE WITCH CLI – This example adds a trap manager and enables both authentication and link-up, link-down traps. Console(config)#snmp-server host 192.168.1.19 private version 2c 4-139 Console(config)#snmp-server enable traps authentication 4-141 User Authentication You can restrict management access to this switch using the following options: •...
  • Page 99: Figure 3-24 Access Levels

    UTHENTICATION Command Attributes • Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin, and guest) • New Account – Displays configuration settings for a new account. - User Name – The name of the user. (Maximum length: 8 characters;...
  • Page 100: Configuring Local/Remote Logon Authentication

    ONFIGURING THE WITCH CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password. Console(config)#username bob access-level 15 4-35 Console(config)#username bob password 0 smith Console(config)# Configuring Local/Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords.
  • Page 101 UTHENTICATION Command Usage • By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.
  • Page 102 ONFIGURING THE WITCH • RADIUS Settings - Global – Provides globally applicable RADIUS settings. - ServerIndex – Specifies one of five RADIUS servers that may be configured. The switch attempts authentication using the listed sequence of servers. The process ends when a server either approves or denies access to a user.
  • Page 103: Figure 3-25 Authentication Settings

    UTHENTICATION Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. Figure 3-25 Authentication Settings 3-53...
  • Page 104: Configuring Https

    ONFIGURING THE WITCH CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius 4-95 Console(config)#radius-server port 181 4-99 Console(config)#radius-server key green 4-99 Console(config)#radius-server retransmit 5 4-100 Console(config)#radius-server timeout 10 4-100 Console(config)#radius-server 1 host 192.168.1.25 4-98 Console(config)#end Console#show radius-server 4-101 Remote RADIUS server configuration:...
  • Page 105: Table 3-4 Https System Support

    UTHENTICATION • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] • When you start HTTPS, the connection is established in this way: - The client authenticates the server using the server’s digital certificate.
  • Page 106: Replacing The Default Secure-Site Certificate

    ONFIGURING THE WITCH Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply. Figure 3-26 HTTPS Settings CLI – This example enables the HTTP secure server and modifies the port number. Console(config)#ip http secure-server 4-42 Console(config)#ip http secure-port 441 4-43...
  • Page 107: Configuring The Secure Shell

    UTHENTICATION When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one: Console#copy tftp https-certificate 4-87 TFTP server ip address: <server ip-address> Source certificate file name: <certificate file name>...
  • Page 108 ONFIGURING THE WITCH Command Usage The SSH server on this switch supports both password and public key authentication. If password authentication is specified by the SSH client, then the password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified on the Authentication Settings page (page 3-50).
  • Page 109 UTHENTICATION public key files based on standard UNIX format as shown in the following example for an RSA Version 1 key: 1024 35 1341081685609893921040944920155425347631641921872958921143173880 055536161631051775940838686311092912322268285192543746031009371877211996963178 136627741416898513204911720483033925432410163799759237144901193800609025394840 848271781943722884025331159521348610229029789827213532671316294325328189150453 06393916643 steve@192.168.1.19 4. Set the Optional Parameters – On the SSH Settings page, configure the optional parameters, including the authentication timeout, the number of retries, and the server key size.
  • Page 110: Generating The Host Key Pair

    ONFIGURING THE WITCH 2. The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions. Generating the Host Key Pair A host public/private key pair is used to provide secure communications between an SSH client and the switch.
  • Page 111: Figure 3-27 Ssh Host-Key Settings

    UTHENTICATION • Generate – This button is used to generate the host key pair. Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page. • Clear – This button clears the host key from both volatile memory (RAM) and non-volatile memory (Flash).
  • Page 112: Configuring The Ssh Server

    ONFIGURING THE WITCH CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys. Console#ip ssh crypto host-key generate 4-49 Console#ip ssh save host-key 4-49 Console#show public-key host 4-49...
  • Page 113: Figure 3-28 Ssh Server Settings

    UTHENTICATION • SSH Authentication Retries – Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process. (Range: 1-5 times; Default: 3) • SSH Server-Key Size – Specifies the SSH server key size. (Range: 512-896 bits;...
  • Page 114: Configuring Port Security

    ONFIGURING THE WITCH CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection via SHH, and then disables this connection. Console(config)#ip ssh server 4-49 Console(config)#ip ssh timeout 100 4-50 Console(config)#ip ssh authentication-retries 5 4-51...
  • Page 115 UTHENTICATION already in the address table will be retained and will not age out. Any other device that attempts to use the port will be prevented from accessing the switch. Command Usage • A secure port has the following restrictions: - It cannot use port monitoring.
  • Page 116: Configuring 802.1X Port Authentication

    ONFIGURING THE WITCH Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in the Status column to enable security for a port, set the maximum number of MAC addresses allowed on a port, and click Apply.
  • Page 117: Authentication Radius Server

    UTHENTICATION This switch uses the Extensible Authentication 802.1x client Protocol over LANs (EAPOL) to 1. Client attempts to access a switch port. exchange 2. Switch sends client an identity request. RADIUS 3. Client sends back identity information. authentication 4. Switch forwards this to authentication server. server 5.
  • Page 118: Displaying 802.1X Global Settings

    ONFIGURING THE WITCH • The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) • The RADIUS server and client also have to support the same EAP authentication type –...
  • Page 119: Configuring 802.1X Global Settings

    UTHENTICATION Configuring 802.1X Global Settings The 802.1X protocol includes port authentication. The 802.1X protocol must be enabled globally for the switch system before port settings are active. Command Attributes • 802.1X System Authentication Control – Sets the global setting for 802.1X.
  • Page 120: Configuring Port Settings For 802.1X

    ONFIGURING THE WITCH Configuring Port Settings for 802.1X When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
  • Page 121: Figure 3-32 802.1X Port Configuration

    UTHENTICATION • Quiet Period – Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) • Re-authen Period – Sets the time period after which a connected client must be re-authenticated.
  • Page 122 ONFIGURING THE WITCH CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example, see “show dot1x” on page 4-114. Console(config)#interface ethernet 1/2 4-144 Console(config-if)#dot1x port-control auto 4-109 Console(config-if)#dot1x re-authentication 4-111 Console(config-if)#dot1x max-req 5 4-109...
  • Page 123: Displaying 802.1X Statistics

    UTHENTICATION Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 3-5 802.1X Statistics Parameter Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator. Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator.
  • Page 124: Figure 3-33 Displaying 802.1X Port Statistics

    ONFIGURING THE WITCH Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. Figure 3-33 Displaying 802.1X Port Statistics CLI – This example displays the 802.1X statistics for port 4. 4-114 Console#show dot1x statistics interface ethernet 1/4 Eth 1/4...
  • Page 125: Filtering Addresses For Management Access

    UTHENTICATION Filtering Addresses for Management Access You create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet. Command Usage • The management interfaces are open to all IP addresses by default. Once you add an entry to a filter list, access to that interface is restricted to the specified addresses.
  • Page 126: Figure 3-34 Creating A Web Ip Filter List

    ONFIGURING THE WITCH • End IP Address – The end address of a range. • Add/Remove Filtering Entry – Adds/removes an IP address from the list. Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add IP Filtering Entry to update the filter list.
  • Page 127: Access Control Lists

    CCESS ONTROL ISTS CLI – This example allows SNMP access for a specific client. Console(config)#management snmp-client 10.1.2.3 4-38 Console(config)#end Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address ----------------------------------------------- 1. 10.1.2.1 10.1.2.254 SNMP-Client: Start IP address End IP address ----------------------------------------------- 1.
  • Page 128: Setting The Acl Name And Type

    ONFIGURING THE WITCH Command Usage The following restrictions apply to ACLs: • Each ACL can have up to 32 rules. • The maximum number of ACLs is 88. • However, due to resource restrictions, the average number of rules bound to the ports should not exceed 20. •...
  • Page 129: Configuring A Standard Ip Acl

    CCESS ONTROL ISTS MAC: MAC ACL mode that filters packets based on the source or destination MAC address and the Ethernet frame type (RFC 1060). Web – Click Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MAC), and click Add to open the configuration page for the new list.
  • Page 130: Figure 3-36 Acl Configuration - Standard Ip

    ONFIGURING THE WITCH • Subnet Mask – A subnet mask containing four integers from 0 to 255, each separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to indicate “ignore.” The mask is bitwise ANDed with the specified source IP address, and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned.
  • Page 131: Configuring An Extended Ip Acl

    CCESS ONTROL ISTS Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destination Address Type – Specifies the source or destination IP address. Use “Any” to include all possible addresses, “Host”...
  • Page 132: Figure 3-37 Acl Configuration - Extended Ip

    ONFIGURING THE WITCH - 4 (rst) – Reset - 8 (psh) – Push - 16 (ack) – Acknowledgement - 32 (urg) – Urgent pointer For example, use the code value and mask below to catch packets with the following flags set: - SYN flag valid, use control-code 2, control bitmask 2 - Both SYN and ACK valid, use control-code 18, control bitmask 18 - SYN valid and ACK invalid, use control-code 2, control bitmask 18...
  • Page 133: Configuring A Mac Acl

    CCESS ONTROL ISTS CLI – This example adds two rules: 1. Accept any incoming packets if the source address is in subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.
  • Page 134: Figure 3-38 Acl Configuration - Mac

    ONFIGURING THE WITCH • Ethernet Type – This option can only be used to filter Ethernet II formatted packets. (Range: 0-65535) A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX).
  • Page 135: Binding A Port To An Access Control List

    CCESS ONTROL ISTS Binding a Port to an Access Control List After configuring Access Control Lists (ACL), you should bind them to the ports that need to filter traffic. You can assign one IP access list to any port, but you can only assign one MAC access list to all the ports on the switch.
  • Page 136: Figure 3-39 Binding A Port To An Acl

    ONFIGURING THE WITCH Web – Click Security, ACL, Port Binding. Mark the Enabled field for the port you want to bind to an ACL, select the required ACL from the drop-down list, then click Apply. Figure 3-39 Binding a Port to an ACL CLI –...
  • Page 137: Port Configuration

    ONFIGURATION Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Field Attributes (Web) • Name – Interface label. • Type –...
  • Page 138: Figure 3-40 Displaying Port/Trunk Information

    ONFIGURING THE WITCH Web – Click Port, Port Information or Trunk Information. Figure 3-40 Displaying Port/Trunk Information Field Attributes (CLI) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physical layer address for this port. (To access this item on the web, see “Setting the Switch’s IP Address”...
  • Page 139 ONFIGURATION • Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiation. (To access this item on the web, see “Configuring Interface Connections” on page 3-48.) The following capabilities are supported. - 10half - Supports 10 Mbps half-duplex operation - 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-duplex operation...
  • Page 140: Configuring Interface Connections

    ONFIGURING THE WITCH CLI – This example shows the connection status for Port 5. Console#show interfaces status ethernet 1/5 4-152 Information of Eth 1/5 Basic information: Port type: 100TX Mac address: 00-30-f1-47-58-46 Configuration: Name: Port admin: Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full Broadcast storm: Enabled Broadcast storm limit:...
  • Page 141 ONFIGURATION • Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotiation is enabled, you need to specify the capabilities to be advertised. When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.The following capabilities are supported. - 10half - Supports 10 Mbps half-duplex operation - 10full - Supports 10 Mbps full-duplex operation - 100half - Supports 100 Mbps half-duplex operation...
  • Page 142: Creating Trunk Groups

    ONFIGURING THE WITCH Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. Figure 3-41 Port/Trunk Configuration CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 4-144 Console(config-if)#description RD SW#13 4-144 Console(config-if)#shutdown 4-149...
  • Page 143 ONFIGURATION automatically negotiate a trunked link with LACP-configured ports on another device. You can configure any number of ports on the switch as LACP, as long as they are not already configured as part of a static trunk. If ports on another device are also configured as LACP, the switch and the other device will negotiate a trunk link between them.
  • Page 144: Statically Configuring A Trunk

    ONFIGURING THE WITCH Statically Configuring a Trunk Command Usage • When configuring static trunks, you statically may not be able to link switches of configured different types, depending on the manufacturer’s implementation. However, note that the static trunks active on this switch are Cisco links EtherChannel compatible.
  • Page 145: Figure 3-42 Static Trunk Configuration

    ONFIGURATION Web – Click Port, Trunk Membership. Enter a trunk ID of 1-4 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply.
  • Page 146: Enabling Lacp On Selected Ports

    ONFIGURING THE WITCH CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 2 4-144 Console(config-if)#exit Console(config)#interface ethernet 1/1 4-144 Console(config-if)#channel-group 2 4-165 Console(config-if)#exit...
  • Page 147: Figure 3-43 Lacp Trunk Configuration

    ONFIGURATION • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than eight ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
  • Page 148: Configuring Lacp Parameters

    ONFIGURING THE WITCH CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/1 4-144 Console(config-if)#lacp 4-165 Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 1...
  • Page 149 ONFIGURATION Note: If the port channel admin key (lacp admin key, page 4-170) is not set (through the CLI) when a channel group is formed (i.e., it has a null value of 0), this key is set to the same value as the port admin key used by the interfaces that joined the group (lacp admin key, as described in this section and on page 4-169).
  • Page 150: Figure 3-44 Lacp - Aggregation Port

    ONFIGURING THE WITCH Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply.
  • Page 151 ONFIGURATION CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG. Console(config)#interface ethernet 1/1 4-144 Console(config-if)#lacp actor system-priority 3 4-168 Console(config-if)#lacp actor admin-key 120 4-169 Console(config-if)#lacp actor port-priority 128 4-171 Console(config-if)#exit Console(config)#interface ethernet 1/4...
  • Page 152: Displaying Lacp Port Counters

    ONFIGURING THE WITCH Displaying LACP Port Counters You can display statistics for LACP protocol messages. Table 3-6 LACP Port Counters Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received on this channel group.
  • Page 153: Table 3-7 Lacp Internal Configuration Information

    ONFIGURATION CLI – The following example displays LACP counters. Console#show lacp counters 4-172 Port channel : 1 ------------------------------------------------------------------- Eth 1/ 1 ------------------------------------------------------------------- LACPDUs Sent: LACPDUs Receive: Marker Sent: Marker Receive: LACPDUs Unknown Pkts: 0 LACPDUs Illegal Pkts: 0 Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation.
  • Page 154 ONFIGURING THE WITCH Table 3-7 LACP Internal Configuration Information (Continued) Field Description LACP Port LACP port priority assigned to this interface within the channel Priority group. Admin State, Administrative or operational values of the actor’s state Oper State parameters: • Expired – The actor’s receive machine is in the expired state; •...
  • Page 155: Figure 3-46 Lacp - Port Internal Information

    ONFIGURATION Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information. Figure 3-46 LACP - Port Internal Information CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1. Console#show lacp 1 internal 4-172 Port channel : 1...
  • Page 156: Displaying Lacp Settings And Status For The Remote Side

    ONFIGURING THE WITCH Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Table 3-8 LACP Neighbor Configuration Information Field Description Partner Admin LAG partner’s system ID assigned by the user. System ID Partner Oper System LAG partner’s system ID assigned by the LACP protocol.
  • Page 157: Figure 3-47 Lacp - Port Neighbors Information

    ONFIGURATION Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information. Figure 3-47 LACP - Port Neighbors Information CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Console#show lacp 1 neighbors 4-172 Port channel 1 neighbors...
  • Page 158: Setting Broadcast Storm Thresholds

    ONFIGURING THE WITCH Setting Broadcast Storm Thresholds Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.
  • Page 159: Figure 3-48 Port Broadcast Control

    ONFIGURATION Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and click Apply. Figure 3-48 Port Broadcast Control 3-109...
  • Page 160: Configuring Port Mirroring

    ONFIGURING THE WITCH CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 octets per second for port 2 (which applies to all ports). Console(config)#interface ethernet 1/1 4-144 Console(config-if)#no switchport broadcast...
  • Page 161: Figure 3-49 Mirror Port Configuration

    ONFIGURATION Command Attributes • Mirror Sessions – Displays a list of current mirror sessions. • Source Unit – The unit whose port traffic will be monitored. • Source Port – The port whose traffic will be monitored. • Type – Allows you to select which traffic to mirror to the target port, Rx (receive), or Tx (transmit).
  • Page 162: Configuring Rate Limits

    ONFIGURING THE WITCH Configuring Rate Limits This function allows the network manager to control the maximum rate for traffic transmitted or received on a port. Rate limiting is configured on ports at the edge of a network to limit traffic coming into or out of the network.
  • Page 163: Rate Limit Configuration

    ONFIGURATION CLI - This example sets and displays Fast Ethernet and Gigabit Ethernet granularity. Console(config)#rate-limit fastethernet granularity 512 4-161 Console(config)#rate-limit gigabitethernet granularity 33300 4-161 console#show rate-limit 4-162 Fast ethernet granularity: Gigabit ethernet granularity: 33300 Console# Rate Limit Configuration Use the rate limit configuration pages to apply rate limiting. Command Usage •...
  • Page 164: Showing Port Statistics

    ONFIGURING THE WITCH Web – Click Port, Rate Limit, Input/Output Port/Trunk Configuration. Enable the Rate Limit Status for the required interfaces, set the Rate Limit Level, and click Apply. Figure 3-51 Output Rate Limit Port Configuration CLI - This example sets the rate limit level for input and output traffic passing through port 3.
  • Page 165: Table 3-9 Port Statistics

    ONFIGURATION Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC EliteView. Table 3-9 Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface, including framing characters.
  • Page 166 ONFIGURING THE WITCH Table 3-9 Port Statistics (Continued) Parameter Description Transmit Multicast The total number of packets that higher-level protocols Packets requested be transmitted, and which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent. Transmit Broadcast The total number of packets that higher-level protocols Packets...
  • Page 167 ONFIGURATION Table 3-9 Port Statistics (Continued) Parameter Description Multiple Collision A count of successfully transmitted frames for which Frames transmission is inhibited by more than one collision. Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame.
  • Page 168 ONFIGURING THE WITCH Table 3-9 Port Statistics (Continued) Parameter Description Multicast Frames The total number of good frames received that were directed to this multicast address. CRC/Alignment Errors The number of CRC/alignment errors (FCS or alignment errors). Undersize Frames The total number of frames received that were less than 64 octets long (excluding framing bits, but including FCS octets) and were otherwise well formed.
  • Page 169: Figure 3-52 Port Statistics

    ONFIGURATION Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 3-52 Port Statistics 3-119...
  • Page 170 ONFIGURING THE WITCH CLI – This example shows statistics for port 13. 4-153 Console#show interfaces counters ethernet 1/13 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats:...
  • Page 171: Address Table Settings

    DDRESS ABLE ETTINGS Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table.
  • Page 172: Displaying The Address Table

    ONFIGURING THE WITCH Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. Figure 3-53 Configuring a Static Address Table CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
  • Page 173: Figure 3-54 Configuring A Dynamic Address Table

    DDRESS ABLE ETTINGS • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort the information displayed based on MAC address, VLAN or interface (port or trunk). • Dynamic Address Counts – The number of addresses dynamically learned.
  • Page 174: Changing The Aging Time

    ONFIGURING THE WITCH Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the function. • Aging Time – The time after which a learned entry is discarded. (Range: 10-30000 seconds;...
  • Page 175 PANNING LGORITHM ONFIGURATION The spanning tree algorithms supported by this switch include these versions: • STP – Spanning Tree Protocol (IEEE 802.1D) • RSTP – Rapid Spanning Tree Protocol (IEEE 802.1w) STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that serves as the root of the spanning tree network.
  • Page 176: Displaying Global Settings

    ONFIGURING THE WITCH that can be used when a node or port fails, and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs. Displaying Global Settings You can display a summary of the current bridge STA information that applies to the entire switch using the STA Information screen.
  • Page 177 PANNING LGORITHM ONFIGURATION • Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root.
  • Page 178: Figure 3-56 Sta Information

    ONFIGURING THE WITCH • Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state;...
  • Page 179: Configuring Global Settings

    PANNING LGORITHM ONFIGURATION CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree 4-195 Spanning-tree information --------------------------------------------------------------- Spanning tree mode :RSTP Spanning tree enable/disable :enabled Priority :32768 Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.)
  • Page 180 ONFIGURING THE WITCH - STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs. - RSTP Mode –...
  • Page 181 PANNING LGORITHM ONFIGURATION Root Device Configuration • Hello Time – Interval (in seconds) at which the root device transmits a configuration message. - Default: 2 - Minimum: 1 - Maximum: The lower of 10 or [(Max. Message Age / 2) -1] •...
  • Page 182: Figure 3-57 Sta Configuration

    ONFIGURING THE WITCH Configuration Settings for RSTP • Path Cost Method – The path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface. - Long: Specifies 32-bit based values that range from 1-200,000,000.
  • Page 183: Displaying Interface Settings

    PANNING LGORITHM ONFIGURATION CLI – This example enables Spanning Tree Protocol, sets the mode to RSTP, and then configures the STA and RSTP parameters. Console(config)#spanning-tree 4-183 Console(config)#spanning-tree mode rstp 4-184 Console(config)#spanning-tree priority 45056 4-187 Console(config)#spanning-tree hello-time 5 4-185 Console(config)#spanning-tree max-age 38 4-186 Console(config)#spanning-tree forward-time 20 4-185...
  • Page 184 ONFIGURING THE WITCH - All ports are discarding when the switch is booted, then some of them change state to learning, and then to forwarding. • Forward Transitions – The number of times this port has transitioned from the Learning state to the Forwarding state. •...
  • Page 185 PANNING LGORITHM ONFIGURATION R: Root Port Alternate port receives more A: Alternate Port useful BPDUs from another D: Designated Port bridge and is therefore not B: Backup Port selected as the designated port. Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the designated port.
  • Page 186: Figure 3-58 Sta Port Information

    ONFIGURING THE WITCH • Designated root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. • Fast forwarding – This field provides the same information as Admin Edge port, and is only included for backward compatibility with earlier products.
  • Page 187: Configuring Interface Settings

    PANNING LGORITHM ONFIGURATION CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 4-195 1/ 5 information -------------------------------------------------------------- Admin status: enabled Role: disable State: discarding Path cost: 100000 Priority: Designated cost: Designated port : 128.5 Designated root: 32768.0030F1D32600 Designated bridge:...
  • Page 188 ONFIGURING THE WITCH - Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses. - Forwarding - Port forwards packets, and continues learning addresses.
  • Page 189 PANNING LGORITHM ONFIGURATION -Default: - Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 - Fast Ethernet – Half duplex: 200,000; full duplex: 100,000; trunk: 50,000 - Gigabit Ethernet – Full duplex: 10,000; trunk: 5,000 • Admin Link Type – The link type attached to this interface. - Point-to-Point –...
  • Page 190: Vlan Configuration

    ONFIGURING THE WITCH Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply. Figure 3-59 STA Port Configuration CLI – This example sets STA attributes for port 7. Console(config)#interface ethernet 1/7 4-144 Console(config-if)#spanning-tree port-priority 0 4-191 Console(config-if)#spanning-tree cost 50...
  • Page 191: Assigning Ports To Vlans

    VLAN C ONFIGURATION VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections. VLANs can be easily organized to reflect departmental groups (such as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for multimedia applications such as videoconferencing).
  • Page 192 ONFIGURING THE WITCH Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-unaware network interconnection devices, but the VLAN tags should be stripped off before passing it on to any end-node host that does not support VLAN tagging. tagged frames VA: VLAN Aware VU: VLAN Unaware tagged untagged...
  • Page 193 VLAN C ONFIGURATION Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned. If an end station (or its network adapter) supports the IEEE 802.1Q VLAN protocol, it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join.
  • Page 194 ONFIGURING THE WITCH Port-based VLAN 10 11 15 16 Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you should create a VLAN for that group and enable tagging on all ports.
  • Page 195: Enabling Or Disabling Gvrp (Global Setting)

    VLAN C ONFIGURATION Enabling or Disabling GVRP (Global Setting) GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network.
  • Page 196: Displaying Current Vlans

    ONFIGURING THE WITCH Web – Click VLAN, 802.1Q VLAN, Basic Information. Figure 3-61 VLAN Basic Information CLI – Enter the following command. Console#show bridge-ext 4-218 Max support vlan numbers: Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: VLAN learning: Configurable PVID tagging: Local VLAN capable:...
  • Page 197: Figure 3-62 Displaying Current Vlans

    VLAN C ONFIGURATION • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list. Figure 3-62 Displaying Current VLANs Command Attributes (CLI) •...
  • Page 198: Creating Vlans

    ONFIGURING THE WITCH CLI – Current VLAN information can be displayed with the following command. Console#show vlan id 1 4-207 Vlan ID: Type: Static Name: DefaultVlan Status: Active Ports/Port Channel: Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S) Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S) Eth1/11(S) Eth1/12(S) Eth1/13(S) Eth1/14(S) Eth1/15(S) Eth1/16(S) Eth1/17(S) Eth1/18(S) Eth1/19(S) Eth1/20(S)
  • Page 199: Figure 3-63 Configuring A Vlan Static List

    VLAN C ONFIGURATION • Remove – Removes a VLAN group from the current list. If any port is assigned to this group as untagged, it will be reassigned to VLAN group 1 as untagged. Web – Click VLAN, 802.1Q VLAN, Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add.
  • Page 200: Adding Static Members To Vlans (Vlan Index)

    ONFIGURING THE WITCH Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices.
  • Page 201: Figure 3-64 Configuring A Vlan Static Table

    VLAN C ONFIGURATION - Forbidden: Interface is forbidden from automatically joining the VLAN via GVRP. For more information, see “Automatic VLAN Registration” on page 3-143. - None: Interface is not a member of the VLAN. Packets associated with this VLAN will not be transmitted by the interface. •...
  • Page 202: Adding Static Members To Vlans (Port Index)

    ONFIGURING THE WITCH Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member. Command Attributes • Interface – Port or trunk identifier. • Member –...
  • Page 203: Configuring Vlan Behavior For Interfaces

    VLAN C ONFIGURATION Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.
  • Page 204 ONFIGURING THE WITCH - If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port).
  • Page 205: Figure 3-66 Vlan Port Configuration

    VLAN C ONFIGURATION • Mode – Indicates VLAN membership mode for an interface. (Default: Hybrid) - 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN.
  • Page 206: Private Vlans

    ONFIGURING THE WITCH CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid. Console(config)#interface ethernet 1/3 4-144 Console(config-if)#switchport acceptable-frame-types tagged 4-202...
  • Page 207: Displaying Current Private Vlans

    VLAN C ONFIGURATION 2. Use the Private VLAN Association menu (page 3-160) to map the secondary (i.e., community) VLAN(s) to the primary VLAN. 3. Use the Private VLAN Port Configuration menu (page 3-162) to set the port type to promiscuous (i.e., having access to all ports in the primary VLAN), or host (i.e., having access restricted to community VLAN members, and channeling all other traffic through promiscuous ports).
  • Page 208: Figure 3-67 Private Vlan Information

    ONFIGURING THE WITCH Web – Click VLAN, Private VLAN, Information. Select the desired port from the VLAN ID drop-down menu. Figure 3-67 Private VLAN Information CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as a host ports and are associated with VLAN 6.
  • Page 209: Configuring Private Vlans

    VLAN C ONFIGURATION Configuring Private VLANs The Private VLAN Configuration page is used to create/remove primary, community, or isolated VLANs. Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Type – There are three types of private VLANs: - Primary VLANs –...
  • Page 210: Associating Vlans

    ONFIGURING THE WITCH CLI – This example configures VLAN 5 as a primary VLAN, and VLAN 6 as a community VLAN and VLAN 7 as an isolated VLAN. Console(config)#vlan database 4-197 Console(config-vlan)#private-vlan 5 primary 4-210 Console(config-vlan)#private-vlan 6 community Console(config-vlan)#private-vlan 7 isolated Console(config-vlan)# Associating VLANs Each community VLAN must be associated with a primary VLAN.
  • Page 211: Displaying Private Vlan Interface Information

    VLAN C ONFIGURATION CLI – This example associates community VLANs 6 and 7 with primary VLAN 5. Console(config)#vlan database 4-197 Console(config-vlan)#private-vlan 5 association 6 4-212 Console(config-vlan)#private-vlan 5 association 7 4-212 Console(config-vlan)# Displaying Private VLAN Interface Information Use the Private VLAN Port Information and Private VLAN Trunk Information menus to display the interfaces associated with private VLANs.
  • Page 212: Configuring Private Vlan Interfaces

    ONFIGURING THE WITCH Web – Click VLAN, Private VLAN, Port Information or Trunk Information. Figure 3-70 Private VLAN Port Information CLI – This example shows the switch configured with primary VLAN 5 and community VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as host ports and associated with VLAN 6.
  • Page 213 VLAN C ONFIGURATION - Host – The port is a community port or an isolated port. A community port can communicate with other ports in its own community VLAN and with designated promiscuous port(s). An isolated port can only communicate with the single designated promiscuous port in the isolated VLAN;...
  • Page 214: Figure 3-71 Private Vlan Port Configuration

    ONFIGURING THE WITCH Web – Click VLAN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Type for each port that will join a private VLAN. Assign promiscuous ports to a primary or isolated VLAN. Assign host ports to a community or isolated VLAN. After all the ports have been configured, click Apply.
  • Page 215: Class Of Service Configuration

    LASS OF ERVICE ONFIGURATION Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port.
  • Page 216: Figure 3-72 Port Priority Configuration

    ONFIGURING THE WITCH Command Attributes • Default Priority – The priority that is assigned to untagged frames received on the specified interface. (Range: 0-7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffers provided for each port. Web –...
  • Page 217: Mapping Cos Values To Egress Queues

    LASS OF ERVICE ONFIGURATION Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four priority queues for each port, with service schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p.
  • Page 218: Figure 3-73 Traffic Classes

    ONFIGURING THE WITCH Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class – Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) Web – Click Priority, Traffic Classes. The current mapping of CoS values to output queues is displayed.
  • Page 219: Selecting The Queue Mode

    LASS OF ERVICE ONFIGURATION Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
  • Page 220: Setting The Service Weight For Traffic Classes

    ONFIGURING THE WITCH Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 3-167, the traffic classes are mapped to one of the four egress queues provided for each port.
  • Page 221: Layer 3/4 Priority Settings

    LASS OF ERVICE ONFIGURATION CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 6 9 12 4-225 Console(config)#exit Console#show queue bandwidth 4-227 Queue ID Weight -------- ------ Console Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements.
  • Page 222: Selecting Ip Precedence/Dscp Priority

    ONFIGURING THE WITCH Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes • Disabled – Disables both priority services. (This is the default setting.) •...
  • Page 223: Table 3-12 Mapping Ip Precedence

    LASS OF ERVICE ONFIGURATION Table 3-12 Mapping IP Precedence Priority Level Traffic Type Priority Level Traffic Type Network Control Flash Internetwork Control Immediate Critical Priority Flash Override Routine Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map.
  • Page 224: Mapping Dscp Priority

    ONFIGURING THE WITCH CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings. Console(config)#map ip precedence 4-230 Console(config)#interface ethernet 1/1 4-144 Console(config-if)#map ip precedence 1 cos 0 4-232...
  • Page 225: Figure 3-78 Mapping Ip Dscp Priority Values

    LASS OF ERVICE ONFIGURATION Table 3-13 Mapping DSCP Priority Values (Continued) IP DSCP Value CoS Value 18, 20, 22, 24 26, 28, 30, 32, 34, 36 38, 40, 42 46, 56 Command Attributes • DSCP Priority Table – Shows the DSCP Priority to CoS map. •...
  • Page 226: Mapping Ip Port Priority

    ONFIGURING THE WITCH CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings. Console(config)#map ip dscp 4-233 Console(config)#interface ethernet 1/1 4-144 Console(config-if)#map ip dscp 1 cos 0 4-233...
  • Page 227: Figure 3-79 Ip Port Priority Status

    LASS OF ERVICE ONFIGURATION Web – Click Priority, IP Port Priority Status. Set IP Port Priority Status to Enabled. Figure 3-79 IP Port Priority Status Click Priority, IP Port Priority. Enter the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box, and then click Apply.
  • Page 228: Mapping Cos Values To Acls

    ONFIGURING THE WITCH CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS value 0, and then displays all the IP Port Priority settings for that port. Console(config)#map ip port 4-230 Console(config)#interface ethernet 1/5 Console(config-if)#map ip port 80 cos 0...
  • Page 229: Figure 3-81 Acl Cos Priority

    LASS OF ERVICE ONFIGURATION • CoS Priority – CoS value used for packets matching an IP ACL rule. (Range: 0-7) • ACL CoS Priority Mapping – Displays the configured information. Web – Click Priority, ACL CoS Priority. Enable mapping for any port, select an ACL from the scroll-down list, then click Add.
  • Page 230: Multicast Filtering

    ONFIGURING THE WITCH Multicast Filtering Multicasting is used to support real-time Unicast Flow applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local Multicast...
  • Page 231: Layer 2 Igmp (Snooping And Query)

    ULTICAST ILTERING Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If multicast routing is not supported on other switches in your network, you can use IGMP Snooping and Query (page 3-181) to monitor IGMP service requests passing between multicast clients and servers, and dynamically configure the switch ports which need to forward multicast traffic.
  • Page 232 ONFIGURING THE WITCH • IGMP Querier – A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these devices is elected “querier” and assumes the role of querying the LAN for group members.
  • Page 233: Figure 3-82 Igmp Configuration

    ULTICAST ILTERING • IGMP Version — Sets the protocol version for compatibility with other devices on the network. (Range: 1-2; Default: 2) Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout.
  • Page 234: Displaying Interfaces Attached To A Multicast Router

    ONFIGURING THE WITCH CLI – This example modifies the settings for multicast filtering, and then displays the current status. Console(config)#ip igmp snooping 4-239 Console(config)#ip igmp snooping querier 4-243 Console(config)#ip igmp snooping query-count 10 4-243 Console(config)#ip igmp snooping query-interval 100 4-244 Console(config)#ip igmp snooping query-max-response-time 20 4-245 Console(config)#ip igmp snooping router-port-expire-time 300 4-246...
  • Page 235: Specifying Static Interfaces For A Multicast Router

    ULTICAST ILTERING Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display the associated multicast routers. Figure 3-83 Multicast Router Port Information CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router.
  • Page 236: Displaying Port Members Of Multicast Services

    ONFIGURING THE WITCH • VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router. • Port or Trunk – Specifies the interface attached to a multicast router. Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add.
  • Page 237: Figure 3-85 Ip Multicast Registration Table

    ULTICAST ILTERING • Multicast Group Port List – Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service. Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists.
  • Page 238: Assigning Ports To Multicast Services

    ONFIGURING THE WITCH Assigning Ports to Multicast Services Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in “Configuring IGMP snooping and Query Parameters” on page 3-133. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch.
  • Page 239: Figure 3-86 Igmp Member Port Table

    ULTICAST ILTERING Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast service, specify the multicast IP address, and click Add. After you have completed adding ports to the member list, click Apply.
  • Page 240 ONFIGURING THE WITCH 3-190...
  • Page 241: Command Line Interface

    HAPTER OMMAND NTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
  • Page 242: Telnet Connection

    OMMAND NTERFACE After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the SMC6726AL2 is opened. To end the CLI session, enter [Exit]. Console# Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address.
  • Page 243 SING THE OMMAND NTERFACE 2. At the prompt, enter the user name and system password. The CLI will display the “Vty-n#” prompt for the administrator to show that you are using privileged access mode (i.e., Privileged Exec), or “Vty-n>” for the guest to show that you are using normal access mode (i.e., Normal Exec), where n indicates the number of the current Telnet session.
  • Page 244: Entering Commands

    OMMAND NTERFACE Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
  • Page 245: Command Completion

    NTERING OMMANDS Command Completion If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “logging history” example, typing log followed by a tab will result in printing the command up to “logging.”...
  • Page 246: Showing Commands

    OMMAND NTERFACE Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, Interface, Line or VLAN Database).
  • Page 247: Partial Keyword Lookup

    NTERING OMMANDS The command “show interfaces ?” will display the following information: Console#show interfaces ? counters Interface counters information status Interface status information switchport Interface switchport information Console# Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided.
  • Page 248: Understanding Command Modes

    OMMAND NTERFACE Understanding Command Modes The command set is divided into Exec and Configuration classes. Exec commands generally display information on system status or clear statistical counters. Configuration commands, on the other hand, modify interface parameters or enable certain switching functions. These classes are further divided into different modes.
  • Page 249: Configuration Commands

    NTERING OMMANDS To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the SMC6726AL2 is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [guest login password] CLI session with the SMC6726AL2 is opened.
  • Page 250: Table 4-2 Configuration Modes

    OMMAND NTERFACE • VLAN Configuration - Includes the command to create VLAN groups. To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands.
  • Page 251: Command Line Processing

    NTERING OMMANDS Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?”...
  • Page 252: Command Groups

    OMMAND NTERFACE Command Groups The system commands can be broken down into the functional groups shown below Table 4-4 Command Groups Command Group Description Page Line Sets communication parameters for the serial port 4-14 and Telnet, including baud rate and console time-out General Basic commands for entering privileged access 4-26...
  • Page 253 OMMAND ROUPS Table 4-4 Command Groups (Continued) Command Group Description Page Address Table Configures the address table for filtering specified 4-177 addresses, displays current entries, clears the table, or sets the aging time Spanning Tree Configures Spanning Tree settings for the switch 4-182 VLANs Configures VLAN settings, and defines port...
  • Page 254: Line Commands

    OMMAND NTERFACE Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal). Table 4-5 Line Commands Command Function...
  • Page 255: Line

    OMMANDS line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line.
  • Page 256: Login

    OMMAND NTERFACE login This command enables password checking at login. Use the no form to disable password checking and allow connections without a password. Syntax login [local] no login local - Selects local password checking. Authentication is based on the user name specified with the username command. Default Setting login local Command Mode...
  • Page 257: Password

    OMMANDS Example Console(config-line)#login local Console(config-line)# Related Commands username (4-35) password (4-17) password This command specifies the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password • {0 | 7} - 0 means plain password, 7 means encrypted password •...
  • Page 258: Timeout Login Response

    OMMAND NTERFACE configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config-line)#password 0 secret Console(config-line)# Related Commands login (4-16) password-thresh (4-20) timeout login response This command sets the interval that the system waits for a user to log into the CLI.
  • Page 259: Exec-Timeout

    OMMANDS Example To set the timeout to two minutes, enter this command: Console(config-line)#timeout login response 120 Console(config-line)# Related Commands silent-time (4-21) exec-timeout (4-14) exec-timeout This command sets the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout [seconds] no exec-timeout...
  • Page 260: Password-Thresh

    OMMAND NTERFACE Example To set the timeout to two minutes, enter this command: Console(config-line)#exec-timeout 120 Console(config-line)# Related Commands silent-time (4-21) timeout login response (4-13) password-thresh This command sets the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value.
  • Page 261: Silent-Time

    OMMANDS Example To set the password threshold to five attempts, enter this command: Console(config-line)#password-thresh 5 Console(config-line)# Related Commands silent-time (4-21) timeout login response (4-13) silent-time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command.
  • Page 262: Databits

    OMMAND NTERFACE databits This command sets the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character. •...
  • Page 263: Parity

    OMMANDS parity This command defines the generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode...
  • Page 264: Stopbits

    OMMAND NTERFACE Default Setting 9600 Command Mode Line Configuration Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported.
  • Page 265: Disconnect

    OMMANDS disconnect This command terminates an SSH, Telnet, or console connection. Syntax disconnect session-id session-id – The session identifier for an SSH, Telnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection.
  • Page 266: General Commands

    OMMAND NTERFACE Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: Parity: none Stopbits: VTY configuration: Password threshold: 3 times Interactive timeout: 600 sec Login timeout: 300 sec console# General Commands...
  • Page 267: Enable

    ENERAL OMMANDS enable This command activates Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 4-8. Syntax enable [level] level - Privilege level to log into the device. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec.
  • Page 268: Disable

    OMMAND NTERFACE disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes”...
  • Page 269: Show History

    ENERAL OMMANDS Example Console#configure Console(config)# Related Commands end (4-30) show history This command shows the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands.
  • Page 270: Reload

    OMMAND NTERFACE The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration modes. In this example, the !2 command repeats the second command in the Execution history buffer (config).
  • Page 271: Exit

    ENERAL OMMANDS Command Mode Global Configuration, Interface Configuration, Line Configuration, and VLAN Database Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# exit This command returns to the previous configuration mode or exit the configuration program.
  • Page 272: System Management Commands

    OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: System Management Commands These commands are used to control system logs, passwords, user names,...
  • Page 273: Device Designation Commands

    YSTEM ANAGEMENT OMMANDS Table 4-7 System Management Commands (Continued) Command Group Function Page System Status Displays system configuration, active managers, and 4-78 version information Frame Size Enables support for jumbo frames 4-85 Device Designation Commands Table 4-8 Device Designation Commands Command Function Mode Page...
  • Page 274: Hostname

    OMMAND NTERFACE hostname This command specifies or modifies the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode...
  • Page 275: Username

    YSTEM ANAGEMENT OMMANDS username This command adds named users, requires authentication at login, specifies or changes a user's password (or specify that no password is required), or specifies or changes a user's access level. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password}...
  • Page 276: Enable Password

    OMMAND NTERFACE Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.
  • Page 277: Ip Filter Commands

    YSTEM ANAGEMENT OMMANDS Command Usage • You cannot set a null password. You will have to enter a password to change the command mode from Normal Exec to Privileged Exec with the enable command (page 4-27). • The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server.
  • Page 278: Management

    OMMAND NTERFACE management This command specifies the client IP addresses that are allowed management access to the switch through various protocols. Use the no form to restore the default setting. Syntax [no] management {all-client | http-client | snmp-client | telnet-client} start-address [end-address] •...
  • Page 279: Show Management

    YSTEM ANAGEMENT OMMANDS • You can delete an address range just by specifying the start address, or by specifying both the start address and end address. Example This example restricts management access to the indicated addresses. Console(config)#management all-client 192.168.1.19 Console(config)#management all-client 192.168.1.25 192.168.1.30 Console(config)# show management This command displays the client IP addresses that are allowed...
  • Page 280: Web Server Commands

    OMMAND NTERFACE Example Console#show management all-client Management IP Filter HTTP-Client: Start IP address End IP address ----------------------------------------------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address ----------------------------------------------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 TELNET-Client: Start IP address End IP address ----------------------------------------------- 1.
  • Page 281: Ip Http Port

    YSTEM ANAGEMENT OMMANDS ip http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting Command Mode...
  • Page 282: Ip Http Secure-Server

    OMMAND NTERFACE Example Console(config)#ip http server Console(config)# Related Commands ip http port (4-41) ip http secure-server This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the no form to disable this function.
  • Page 283: Ip Http Secure-Port

    YSTEM ANAGEMENT OMMANDS • A padlock icon should appear in the status bar for Internet Explorer 5.x and Netscape Navigator 6.2 or later versions. • The following web browsers and operating systems currently support HTTPS: Table 4-13 HTTPS System Support Web Browser Operating System Internet Explorer 5.0 or later...
  • Page 284: Telnet Server Commands

    OMMAND NTERFACE Command Mode Global Configuration Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https://device:port_number Example...
  • Page 285: Ip Telnet Server

    YSTEM ANAGEMENT OMMANDS Default Setting Command Mode Global Configuration Example Console(config)#ip telnet port 123 Console(config)# Related Commands ip telnet server (4-45) ip telnet server This command allows this device to be monitored or configured from Telnet. Use the no form to disable this function. Syntax [no] ip telnet server Default Setting...
  • Page 286: Secure Shell Commands

    OMMAND NTERFACE Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
  • Page 287 YSTEM ANAGEMENT OMMANDS Table 4-15 SSH Commands (Continued) Command Function Mode Page ip ssh crypto Generates the host key 4-53 host-key generate ip ssh crypto zeroize Clear the host key from RAM 4-54 ip ssh save host-key Saves the host key from RAM to flash 4-54 memory disconnect...
  • Page 288 OMMAND NTERFACE 2. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management station and place the host public key in it. An entry for a public key in the known hosts file would appear similar to the following example: 10.1.0.54 1024 35 15684995401867669259333946775054617325313674890836547254...
  • Page 289: Ip Ssh Server

    YSTEM ANAGEMENT OMMANDS The client sends its public key to the switch. b. The switch compares the client's public key to those stored in memory. If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client.
  • Page 290: Ip Ssh Timeout

    OMMAND NTERFACE • You must generate the host key before enabling the SSH server. Example Console#ip ssh crypto host-key generate dsa Console#configure Console(config)#ip ssh server Console(config)# Related Commands ip ssh crypto host-key generate (4-53) show ssh (4-55) ip ssh timeout This command configures the timeout for the SSH server.
  • Page 291: Ip Ssh Authentication-Retries

    YSTEM ANAGEMENT OMMANDS Related Commands exec-timeout (4-19) show ip ssh (4-55) ip ssh authentication-retries This command configures the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting. Syntax ip ssh authentication-retries count no ip ssh authentication-retries count –...
  • Page 292: Delete Public-Key

    OMMAND NTERFACE Default Setting 768 bits Command Mode Global Configuration Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with the SSH client, and is fixed at 1024 bits. Example Console(config)#ip ssh server-key size 512 Console(config)#...
  • Page 293: Ip Ssh Crypto Host-Key Generate

    YSTEM ANAGEMENT OMMANDS ip ssh crypto host-key generate This command generates the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [dsa | rsa] • dsa – DSA (Version 2) key type. • rsa – RSA (Version 1) key type. Default Setting Generates both the DSA and RSA key pairs.
  • Page 294: Ip Ssh Crypto Zeroize

    OMMAND NTERFACE ip ssh crypto zeroize This command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa] • dsa – DSA key type. • rsa – RSA key type. Default Setting Clears both the DSA and RSA key. Command Mode Privileged Exec Command Usage...
  • Page 295: Show Ip Ssh

    YSTEM ANAGEMENT OMMANDS Default Setting Saves both the DSA and RSA key. Command Mode Privileged Exec Example Console#ip ssh save host-key dsa Console# Related Commands ip ssh crypto host-key generate (4-53) show ip ssh This command displays the connection settings used when authenticating client access to the SSH server.
  • Page 296: Table 4-16 Show Ssh - Display Description

    OMMAND NTERFACE Table 4-16 show ssh - display description Field Description Session The session number. (Range: 0-3) Version The Secure Shell version number. State The authentication negotiation state. (Values: Negotiation-Started, Authentication-Started, Session-Started) Username The user name of the client. Encryption The encryption method is automatically negotiated between the client and server.
  • Page 297: Show Public-Key

    YSTEM ANAGEMENT OMMANDS show public-key This command shows the public key for the specified user or for the host. Syntax show public-key [user [username]| host] username – Name of an SSH user. (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage...
  • Page 298 OMMAND NTERFACE Example Console#show public-key host Host: RSA: 1024 35 1568499540186766925933394677505461732531367489083654725415020245593 1998685443583616519999233297817660658309586108259132128902337654680 1726272571413428762941301196195566782595664104869574278881462065194 1746772984865468615717739390164779355942303577413098022737087794545 24083971752646358058176716709574804776117 DSA: ssh-dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV/yrDbKStIlnzD/ Dg0h2HxcYV44sXZ2JXhamLK6P8bvuiyacWbUWa4PAtp1KMSdqsKeh3hKoA3vRRSy1N2 XFfAKxl5fwFfvJlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRA AAAFQChb4vsdfQGNIjwbvwrNLaQ77isiwAAAIEAsy5YWDC99ebYHNRj5kh47wY4i8cZ vH+p9cnrfwFTMU01VFDly3IR2G395NLy5Qd7ZDxfA9mCOfTyyEfbobMJZi8oGCstSNO xrZZVnMqWrTYfdrKX7YKBw/Kjw6Bm iFq7O+jAhf1Dg45loAc27s6TLdtny1wRq/ ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOyDbsloBfPuSAb4oAsyjKXKVYNLQkT LZfcFRu41bS2KV5LAwecsigF+DjKGWtPNIQqabKgYCw2odVzX4Gg+yqdTlYmGA7fHGm 8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 w0W Console# 4-58...
  • Page 299: Event Logging Commands

    YSTEM ANAGEMENT OMMANDS Event Logging Commands Table 4-17 Event Logging Commands Command Function Mode Page logging on Controls logging of error messages 4-59 logging history Limits syslog messages saved to switch memory 4-60 based on severity logging host Adds a syslog server host IP address that will 4-61 receive logging messages logging facility...
  • Page 300: Logging History

    OMMAND NTERFACE Example Console(config)#logging on Console(config)# Related Commands logging history (4-60) clear logging (4-64) logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level.
  • Page 301: Logging Host

    YSTEM ANAGEMENT OMMANDS Table 4-18 Logging Levels (Continued) Level Severity Name Description alerts Immediate action needed emergencies System unusable * There are only Level 2, 5 and 6 error messages for the current firmware release. Default Setting Flash: errors (level 3 - 0) RAM: warnings (level 6 - 0) Command Mode Global Configuration...
  • Page 302: Logging Facility

    OMMAND NTERFACE Command Usage • By using this command more than once you can build up a list of host IP addresses. • The maximum number of host IP addresses allowed is five. Example Console(config)#logging host 10.1.0.3 Console(config)# logging facility This command sets the facility type for remote logging of syslog messages.
  • Page 303: Logging Trap

    YSTEM ANAGEMENT OMMANDS logging trap This command enables the logging of system messages to a remote server, or limits the syslog messages saved to a remote server based on severity. Use this command without a specified level to enable remote logging. Use the no form to disable remote logging.
  • Page 304: Clear Logging

    OMMAND NTERFACE clear logging This command clears messages from the log buffer. Syntax clear logging [flash | ram] • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
  • Page 305: Table 4-19 Show Logging Flash/Ram - Display Description

    YSTEM ANAGEMENT OMMANDS Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “informational” (i.e., default level 6 - 0). Console#show logging flash Syslog logging: Enabled...
  • Page 306: Table 4-20 Show Logging Trap - Display Description

    OMMAND NTERFACE The following example displays settings for the trap function. Console#show logging trap Syslog logging: Enabled REMOTELOG status: Enabled REMOTELOG facility type: local use 7 REMOTELOG level type: Informational messages only REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0...
  • Page 307: Show Log

    YSTEM ANAGEMENT OMMANDS show log This command displays the system and event messages stored in memory. Syntax show log {flash | ram} [login] [tail] • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
  • Page 308: Smtp Alert Commands

    OMMAND NTERFACE SMTP Alert Commands These commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP servers and email recipients. Table 4-21 SMTP Alert Commands Command Function Mode Page logging sendmail SMTP servers to receive alert messages 4-68 host logging sendmail...
  • Page 309: Logging Sendmail Level

    YSTEM ANAGEMENT OMMANDS • To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection. • To open a connection, the switch first selects the server that successfully sent mail during the last connection, or the first server configured by this command.
  • Page 310: Logging Sendmail Source-Email

    OMMAND NTERFACE logging sendmail source-email This command sets the email address used for the “From” field in alert messages. Use the no form to delete the source email address. Syntax [no] logging sendmail source-email email-address email-address - The source email address used in alert messages. (Range: 0-41 characters) Default Setting None...
  • Page 311: Logging Sendmail

    YSTEM ANAGEMENT OMMANDS Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# logging sendmail This command enables SMTP event handling. Use the no form to disable this function.
  • Page 312: Time Commands

    OMMAND NTERFACE Example Console#show logging sendmail SMTP servers ----------------------------------------------- 1. 192.168.1.200 SMTP minimum severity level: 4 SMTP destination email addresses ----------------------------------------------- 1. ted@this-company.com SMTP source email address: john@acme.com SMTP status: Enabled Console# Time Commands The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP).
  • Page 313: Sntp Client

    YSTEM ANAGEMENT OMMANDS sntp client This command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp servers command. Use the no form to disable SNTP client requests. Syntax [no] sntp client Default Setting Disabled Command Mode Global Configuration...
  • Page 314: Sntp Server

    OMMAND NTERFACE sntp server This command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with no arguments to clear all time servers from the current list. Syntax sntp server [ip1 [ip2 [ip3]]] ip - IP address of a time server (NTP or SNTP).
  • Page 315: Sntp Poll

    YSTEM ANAGEMENT OMMANDS sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode...
  • Page 316: Clock Timezone

    OMMAND NTERFACE Example Console#show sntp Current time: Dec 23 05:13:28 2002 Poll interval: 16 Current mode: unicast SNTP status : Enabled SNTP server 137.92.140.80 0.0.0.0 0.0.0.0 Current server: 137.92.140.80 Console# clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc}...
  • Page 317: Calendar Set

    YSTEM ANAGEMENT OMMANDS Example Console(config)#clock timezone Japan hours 8 minute 0 after-UTC Console(config)# Related Commands show sntp (4-75) calendar set This command sets the system clock. It may be used if there is no time server on your network, or if you have not configured the switch to receive signals from a time server.
  • Page 318: Show Calendar

    OMMAND NTERFACE show calendar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileged Exec Example Console#show calendar 15:12:45 April 1 2004 Console# System Status Commands Table 4-23 System Status Commands Command Function Mode Page show Displays the contents of the configuration file 4-79 startup-config...
  • Page 319: Show Startup-Config

    YSTEM ANAGEMENT OMMANDS show startup-config This command displays the configuration file stored in non-volatile memory that is used to start up the system. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory.
  • Page 320 OMMAND NTERFACE Example Console#show startup-config building startup-config, please wait..username admin access-level 15 username admin password 0 admin username guest access-level 0 username guest password 0 guest enable password level 15 0 super snmp-server community public ro snmp-server community private rw logging history ram 6 logging history flash 3 vlan database...
  • Page 321: Show Running-Config

    YSTEM ANAGEMENT OMMANDS show running-config This command displays the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory.
  • Page 322 OMMAND NTERFACE Example Console#show running-config building running-config, please wait..phymap 00-30-f1-d3-26-00 SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 clock timezone hours 0 minute 0 after-UTC SNMP-server community private rw SNMP-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca...
  • Page 323: Show System

    • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: TigerSwitch 10/100 6726AL2 System OID string: 1.3.6.1.4.1.202.20.46 System information System Up time: 3 hours, 0 minutes, and 7.18 seconds...
  • Page 324: Show Users

    OMMAND NTERFACE show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number.
  • Page 325: Jumbo Frame

    YSTEM ANAGEMENT OMMANDS Command Mode Normal Exec, Privileged Exec Command Usage See “Displaying Switch Hardware/Software Versions” on page 3-13 for detailed information on the items displayed by this command. Example Console#show version Unit 1 Serial number: A419048860 Service tag: Hardware version: Module A type: 1000BaseT Module B type:...
  • Page 326: Flash/File Commands

    OMMAND NTERFACE Command Mode Global Configuration Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
  • Page 327: Copy

    LASH OMMANDS Table 4-25 Flash/File Commands (Continued) Command Function Mode Page whichboot Displays the files booted 4-92 boot system Specifies the file or image used to start up the 4-93 system copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP server.
  • Page 328 OMMAND NTERFACE Command Mode Privileged Exec Command Usage • The system prompts for data required to complete the copy command. • The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch.
  • Page 329 LASH OMMANDS Example The following example shows how to upload the configuration settings to a file on the TFTP server: Console#copy file tftp Choose file type: 1. config: 2. opcode: <1-2>: 1 Source file name: startup TFTP server ip address: 10.1.0.99 Destination file name: startup.01 TFTP completed.
  • Page 330: Delete

    OMMAND NTERFACE This example shows how to copy a public-key used by SSH from an TFTP server. Note that public key authentication via SSH is only supported for users configured locally on the switch: Console#copy tftp public-key TFTP server IP address: 192.168.1.19 Choose public key type: 1.
  • Page 331: Dir

    LASH OMMANDS Example This example shows how to delete the test2.cfg configuration file from flash memory for unit 1. Console#delete 1:test2.cfg Console# Related Commands dir (4-91) delete public-key (4-52) This command displays a list of files in flash memory. Syntax dir [unit:] {{boot-rom: | config: | opcode:} [:filename]} The type of file or image to display includes: •...
  • Page 332: Whichboot

    OMMAND NTERFACE • File information is shown below: Table 4-26 File Directory Information Column Heading Description file name The name of the file. file type File types: Boot-Rom, Operation Code, and Config file. startup Shows if this file is used when the system is started. size The length of the file in bytes.
  • Page 333: Boot System

    LASH OMMANDS Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command. Console#whichboot file name file type startup size (byte) ---------------------------- -------------- ------- ----------- Unit1: Diag_V2.2.1.3.bix...
  • Page 334: Authentication Commands

    OMMAND NTERFACE Example Console(config)#boot system config: startup Console(config)# Related Commands dir (4-91) whichboot (4-92) Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1X.
  • Page 335: Authentication Login

    UTHENTICATION OMMANDS authentication login This command defines the login authentication method and precedence. Use the no form to restore the default. Syntax authentication login {[local] [radius] [tacacs]} no authentication login • local - Use local password. • radius - Use RADIUS server password. •...
  • Page 336: Authentication Enable

    OMMAND NTERFACE Example Console(config)#authentication login radius Console(config)# Related Commands username - for setting the local user names and passwords (4-35) authentication enable This command defines the authentication method and precedence to use when changing from Exec command mode to Privileged Exec command mode with the enable command (see page 4-27).
  • Page 337: Radius Client

    UTHENTICATION OMMANDS • You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if you enter “authentication enable radius tacacs local,” the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted on the TACACS+ server.
  • Page 338: Radius-Server Host

    OMMAND NTERFACE radius-server host This command specifies primary and backup RADIUS servers and authentication parameters that apply to each server. Use the no form to restore the default values. Syntax [no] radius-server index host {host_ip_address | host_alias} [auth-port auth_port] [timeout timeout] [retransmit retransmit] [key key] •...
  • Page 339: Radius-Server Port

    UTHENTICATION OMMANDS radius-server port This command sets the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812 Command Mode Global Configuration...
  • Page 340: Radius-Server Retransmit

    OMMAND NTERFACE Example Console(config)#radius-server key green Console(config)# radius-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server.
  • Page 341: Show Radius-Server

    UTHENTICATION OMMANDS Command Mode Global Configuration Example Console(config)#radius-server timeout 10 Console(config)# show radius-server This command displays the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console#show radius-server Remote RADIUS server configuration: Global settings Communication key with RADIUS server: Server port number: 1812 Retransmit times:...
  • Page 342: Tacacs-Server Host

    OMMAND NTERFACE TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.
  • Page 343: Tacacs-Server Port

    UTHENTICATION OMMANDS tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages. (Range: 1-65535) Default Setting Command Mode Global Configuration Example...
  • Page 344: Port Security Commands

    OMMAND NTERFACE Example Console(config)#tacacs-server key green Console(config)# show tacacs-server This command displays the current settings for the TACACS+ server. Default Setting None Command Mode Privileged Exec Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with TACACS server: ***** Server port number: Console# Port Security Commands...
  • Page 345: Port Security

    UTHENTICATION OMMANDS Table 4-31 Port Security Commands Command Function Mode Page port security Configures a secure port 4-105 mac-address-table Maps a static address to a port in a VLAN GC 4-178 static show Displays entries in the bridge-forwarding 4-179 mac-address-table database port security This command enables or configures port security.
  • Page 346 OMMAND NTERFACE Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted. •...
  • Page 347: 802.1X Port Authentication

    UTHENTICATION OMMANDS 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).
  • Page 348 OMMAND NTERFACE dot1x system-auth-control This command enables 802.1X port authentication globally on the switch. Use the no form to restore the default. Syntax [no] system-auth-control Default Setting Disabled Command Mode Global Configuration Example Console(config)#dot1x system-auth-control Console(config)# dot1x default This command sets all configurable dot1x global and port settings to their default values.
  • Page 349: Dot1X Max-Req

    UTHENTICATION OMMANDS dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session. Use the no form to restore the default. Syntax dot1x max-req count no dot1x max-req count –...
  • Page 350: Dot1X Operation-Mode

    OMMAND NTERFACE Default force-authorized Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# dot1x operation-mode This command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to restore the default to single host.
  • Page 351: Dot1X Re-Authenticate

    UTHENTICATION OMMANDS • In “multi-host” mode, only one host connected to a port needs to pass authentication for all other hosts to be granted network access. Similarly, a port can become unauthorized for all hosts if one attached host fails re-authentication or sends an EAPOL logoff message. Example Console(config)#interface eth 1/2 Console(config-if)#dot1x operation-mode multi-host max-count 10...
  • Page 352: Dot1X Timeout Quiet-Period

    OMMAND NTERFACE Example Console(config)#interface eth 1/2 Console(config-if)#dot1x re-authentication Console(config-if)# dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period...
  • Page 353: Dot1X Timeout Tx-Period

    UTHENTICATION OMMANDS Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout re-authperiod 300 Console(config-if)# dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value.
  • Page 354: Show Dot1X

    OMMAND NTERFACE show dot1x This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] • statistics - Displays dot1x status for each port. • interface • ethernet unit/port -unit - Stack unit. (This is unit 1) -port - Port number.
  • Page 355 UTHENTICATION OMMANDS - tx-period – Time a port waits during authentication session before re-transmitting EAP packet (page 4-113). - supplicant-timeout – Supplicant timeout. - server-timeout – Server timeout. - reauth-max – Maximum number of reauthentication attempts. - max-req – Maximum number of times a port will retransmit an EAP request/identity packet to the client before it times out the authentication session (page 4-109).
  • Page 356 OMMAND NTERFACE • Reauthentication State Machine - State – Current state (including initialize, reauthenticate). Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name Status Operation Mode Mode Authorized disabled Single-Host ForceAuthorized enabled Single-Host auto 1/26 disabled Single-Host ForceAuthorized 802.1X Port Details...
  • Page 357: Access Control List Commands

    CCESS ONTROL OMMANDS Access Control List Commands Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter packets, first create an access list, add the required rules and then bind the list to a specific port.
  • Page 358: Ip Acls

    OMMAND NTERFACE • This switch supports ACLs for ingress filtering only. You can only bind one IP ACL to any port and one MAC ACL globally for ingress filtering. In other words, only two ACLs can be bound to an interface - Ingress IP ACL and Ingress MAC ACL.
  • Page 359: Access-List Ip

    CCESS ONTROL OMMANDS Table 4-34 IP ACLs (Continued) Command Function Mode Page show ip Displays the rules for configured IP ACLs 4-124 access-list Adds a port to an IP ACL 4-125 access-group show ip Shows port assignments for IP ACLs 4-125 access-group map access-list...
  • Page 360: Permit, Deny (Standard Acl)

    OMMAND NTERFACE Command Usage • When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To create an ACL, you must add at least one rule to the list.
  • Page 361 CCESS ONTROL OMMANDS Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match”...
  • Page 362: Permit, Deny (Extended Acl)

    OMMAND NTERFACE permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule.
  • Page 363 CCESS ONTROL OMMANDS Default Setting None Command Mode Extended ACL Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match”...
  • Page 364: Show Ip Access-List

    OMMAND NTERFACE Example This example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through. Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any Console(config-ext-acl)# This allows TCP packets from class C addresses 192.168.1.0 to any...
  • Page 365: Ip Access-Group

    CCESS ONTROL OMMANDS Example Console#show ip access-list standard IP standard access-list david: permit host 10.1.1.21 permit 168.92.16.0 255.255.240.0 Console# Related Commands permit, deny 4-120 ip access-group (4-125) ip access-group This command binds a port to an IP ACL. Use the no form to remove the port.
  • Page 366: Show Ip Access-Group

    OMMAND NTERFACE Example Console(config)#int eth 1/25 Console(config-if)#ip access-group david in Console(config-if)# Related Commands show ip access-list (4-124) show ip access-group This command shows the ports assigned to IP ACLs. Command Mode Privileged Exec Example Console#show ip access-group Interface ethernet 1/25 IP access-list david in Console# Related Commands...
  • Page 367: Show Map Access-List Ip

    CCESS ONTROL OMMANDS Command Mode Interface Configuration (Ethernet) Command Usage A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table. For information on mapping the CoS values to output queues, see queue cos-map on page 4-226.
  • Page 368: Mac Acls

    OMMAND NTERFACE Example Console#show map access-list ip Eth 1/25 access-list ip david cos 0 Console# Related Commands map access-list ip (4-126) MAC ACLs Table 4-36 MAC ACLs Command Function Mode Page access-list mac Creates a MAC ACL and enters 4-128 configuration mode permit, deny Filters packets matching a specified...
  • Page 369: Permit, Deny (Mac Acl)

    CCESS ONTROL OMMANDS Default Setting None Command Mode Global Configuration Command Usage • When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To create an ACL, you must add at least one rule to the list.
  • Page 370 OMMAND NTERFACE permit, deny (MAC ACL) This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or destination address (i.e., physical layer address), or Ethernet protocol type. Use the no form to remove a rule. Syntax [no] {permit | deny} {any | host source | source address-bitmask}...
  • Page 371: Show Mac Access-List

    CCESS ONTROL OMMANDS • A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include the following: - 0800 - IP - 0806 - ARP - 8137 - IPX Example This rule permits packets from any source MAC address to the destination address 00-e0-29-94-34-de where the Ethernet type is 0800.
  • Page 372: Mac Access-Group

    OMMAND NTERFACE mac access-group This command binds a port to a MAC ACL. Use the no form to remove the port. Syntax mac access-group acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this list applies to ingress packets. Default Setting None Command Mode...
  • Page 373: Map Access-List Mac

    CCESS ONTROL OMMANDS Related Commands mac access-group (4-132) map access-list mac This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to remove the CoS mapping.
  • Page 374: Show Map Access-List Mac

    OMMAND NTERFACE Related Commands queue cos-map (4-226) show map access-list mac (4-134) show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax show map access-list mac [interface]...
  • Page 375: Show Access-List

    CCESS ONTROL OMMANDS ACL Information Table 4-38 ACL Information Command Function Mode Page show access-list Show all ACLs and associated rules 4-135 show access-group Shows the ACLs assigned to each port 4-136 show access-list This command shows all ACLs and associated rules, as well as all the user-defined masks.
  • Page 376: Show Access-Group

    OMMAND NTERFACE show access-group This command shows the port assignments of ACLs. Command Mode Privileged Executive Example Console#show access-group Interface ethernet 1/25 IP standard access-list david MAC access-list jerry Console# SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers.
  • Page 377: Snmp-Server Community

    SNMP C OMMANDS snmp-server community This command defines the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol.
  • Page 378: Snmp-Server Contact

    OMMAND NTERFACE snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters) Default Setting None Command Mode...
  • Page 379: Snmp-Server Host

    SNMP C OMMANDS Command Mode Global Configuration Example Console(config)#snmp-server location Room 23 Console(config)# Related Commands snmp-server contact (4-138) snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host.
  • Page 380 OMMAND NTERFACE Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. In order to enable multiple hosts, you must issue a separate snmp-server host command for each host.
  • Page 381: Snmp-Server Enable Traps

    SNMP C OMMANDS snmp-server enable traps This command enables this device to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications. Syntax [no] snmp-server enable traps [authentication | link-up-down] • authentication - Keyword to issue authentication failure traps. •...
  • Page 382: Show Snmp

    OMMAND NTERFACE show snmp This command checks the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
  • Page 383: Interface Commands

    NTERFACE OMMANDS Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Table 4-40 Interface Commands Command Function Mode Page interface Configures an interface type and enters interface 4-144 configuration mode description Adds a description to an interface configuration IC 4-144...
  • Page 384: Interface

    OMMAND NTERFACE interface This command configures an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit/port - unit - Stack unit. (This is unit 1) - port - Port number.
  • Page 385: Speed-Duplex

    NTERFACE OMMANDS Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 24. Console(config)#interface ethernet 1/24 Console(config-if)#description RD-SW#3 Console(config-if)# speed-duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled.
  • Page 386: Negotiation

    OMMAND NTERFACE • When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities command. To set the speed/duplex mode under auto-negotiation, the required mode must be specified in the capabilities list for an interface. Example The following example configures port 5 to 100 Mbps, half-duplex operation.
  • Page 387: Capabilities

    NTERFACE OMMANDS Example The following example configures port 11 to use autonegotiation. Console(config)#interface ethernet 1/11 Console(config-if)#negotiation Console(config-if)# Related Commands capabilities (4-147) speed-duplex (4-145) capabilities This command advertises the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capability, or the no form without parameters to restore the default values.
  • Page 388: Flowcontrol

    OMMAND NTERFACE Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
  • Page 389: Shutdown

    NTERFACE OMMANDS • To force flow control on or off (with the flowcontrol or no flowcontrol command), use the no negotiation command to disable auto-negotiation on the selected interface. • When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities command. To enable flow control under auto-negotiation, “flowcontrol”...
  • Page 390: Switchport Broadcast Packet-Rate

    OMMAND NTERFACE Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also want to disable a port for security reasons. Example The following example disables port 5.
  • Page 391: Clear Counters

    NTERFACE OMMANDS Example The following shows how to configure broadcast storm control at 600 packets per second: Console(config)#interface ethernet 1/5 Console(config-if)#switchport broadcast octet-rate 600 Console(config-if)# clear counters This command clears statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - Stack unit.
  • Page 392: Show Interfaces Status

    OMMAND NTERFACE show interfaces status This command displays the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-26/52) • port-channel channel-id (Range: 1-4) •...
  • Page 393: Show Interfaces Counters

    NTERFACE OMMANDS Example Console#show interfaces status ethernet 1/5 Information of Eth 1/5 Basic information: Port type: 100TX Mac address: 00-30-F1-D3-26-05 Configuration: Name: Port admin: Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, Broadcast storm: Enabled Broadcast storm limit: 32000 octets/second Flow control: Disabled Lacp: Disabled...
  • Page 394 OMMAND NTERFACE Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Showing Port Statistics” on page 3-114. Example Console#show interfaces counters ethernet 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5...
  • Page 395: Show Interfaces Switchport

    NTERFACE OMMANDS show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-26/52) •...
  • Page 396: Table 4-41 Interfaces Switchport Statistics

    OMMAND NTERFACE Table 4-41 Interfaces Switchport Statistics Field Description Broadcast threshold Shows if broadcast storm suppression is enabled or disabled; if enabled it also shows the threshold level (page 4-150). Lacp status Shows if Link Aggregation Control Protocol has been enabled or disabled (page 4-165).
  • Page 397: Mirror Port Commands

    IRROR OMMANDS Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Table 4-42 Mirror Port Commands Command Function Mode Page port monitor Configures a mirror session 4-157 show port Shows the configuration for a mirror port 4-158 monitor port monitor...
  • Page 398: Show Port Monitor

    OMMAND NTERFACE • The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port. • You can only create a single mirror session. Example The following example configures the switch to mirror received packets from port 6 to 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 rx...
  • Page 399: Rate Limit Commands

    IMIT OMMANDS Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 rx Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------- Destination port(listen port):Eth1/11 Source port(monitored port) :Eth1/ 6 Mode Console# Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface.
  • Page 400: Rate-Limit

    OMMAND NTERFACE rate-limit Use this command to define the rate limit level for a specific interface. Use this command without specifying a rate to restore the default rate limit level. Use the no form to restore the default status of disabled. Syntax rate-limit {input | output} level [rate] no rate-limit {input | output}...
  • Page 401: Rate-Limit Granularity

    IMIT OMMANDS rate-limit granularity Use this command to define the rate limit granularity for the Fast Ethernet ports, and the Gigabit Ethernet ports. Use the no form of this command to restore the default setting. Syntax rate-limit {fastethernet | gigabitethernet} granularity [granularity] no rate-limit {fastethernet | gigabitethernet} granularity •...
  • Page 402: Show Rate-Limit

    OMMAND NTERFACE show rate-limit Use this command to display the rate limit granularity. Default Setting Fast Ethernet interface – 3.3 Mbps Gigabit Ethernet interface – 33.3 Mbps Command Mode Privileged Exec Command Usage • For Fast Ethernet interfaces, the rate limit granularity is 512 Kbps, 1 Mbps, or 3.3 Mbps.
  • Page 403: Link Aggregation Commands

    GGREGATION OMMANDS Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
  • Page 404: Guidelines For Creating Trunks

    OMMAND NTERFACE Guidelines for Creating Trunks General Guidelines – • Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop. • A trunk can have up to eight ports. • The ports at both ends of a connection must be configured as trunk ports.
  • Page 405: Channel-Group

    GGREGATION OMMANDS channel-group This command adds a port to a trunk. Use the no form to remove a port from a trunk. Syntax channel-group channel-id no channel-group channel-id - Trunk index (Range: 1-4) Default Setting The current port will be added to this trunk. Command Mode Interface Configuration (Ethernet) Command Usage...
  • Page 406 OMMAND NTERFACE Command Mode Interface Configuration (Ethernet) Command Usage • The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.
  • Page 407 GGREGATION OMMANDS Example The following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that Trunk 1 has been established.
  • Page 408: Lacp System-Priority

    OMMAND NTERFACE lacp system-priority This command configures a port's LACP system priority. Use the no form to restore the default setting. Syntax lacp {actor | partner} system-priority priority no lacp {actor | partner} system-priority • actor - The local side an aggregate link. •...
  • Page 409: Lacp Admin-Key (Ethernet Interface)

    GGREGATION OMMANDS lacp admin-key (Ethernet Interface) This command configures a port's LACP administration key. Use the no form to restore the default setting. Syntax lacp {actor | partner} admin-key key [no] lacp {actor | partner} admin-key • actor - The local side an aggregate link. •...
  • Page 410: Lacp Admin-Key (Port Channel)

    OMMAND NTERFACE lacp admin-key (Port Channel) This command configures a port channel's LACP administration key string. Use the no form to restore the default setting. Syntax lacp {actor | partner} admin-key key [no] lacp {actor | partner} admin-key key - The port channel admin key is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch.
  • Page 411: Lacp Port-Priority

    GGREGATION OMMANDS lacp port-priority This command configures LACP port priority. Use the no form to restore the default setting. Syntax lacp {actor | partner} port-priority priority no lacp {actor | partner} port-priority • actor - The local side an aggregate link. •...
  • Page 412: Show Lacp

    OMMAND NTERFACE show lacp This command displays LACP information. Syntax show lacp [port-channel] {counters | internal | neighbors | sysid} • port-channel - Local identifier for a link aggregation group. (Range: 1-4) • counters - Statistics for LACP protocol messages. •...
  • Page 413: Table 4-44 Link Aggregation Commands

    GGREGATION OMMANDS Example Console#show lacp 1 counters Port channel : 1 ------------------------------------------------------------------- Eth 1/ 1 ------------------------------------------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LACPDUs Illegal Pkts : 0 Table 4-45 show lacp counters - display description Field Description...
  • Page 414: Table 4-46 Show Lacp Internal - Display Description

    OMMAND NTERFACE Console#show lacp 1 internal Port channel : 1 ------------------------------------------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------------------------------------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin Key : 4 Oper Key : 4 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State : distributing, collecting, synchronization,...
  • Page 415 GGREGATION OMMANDS Table 4-46 show lacp internal - display description (Continued) Field Description Admin State, Administrative or operational values of the actor’s state Oper State parameters: • Expired – The actor’s receive machine is in the expired state; • Defaulted – The actor’s receive machine is using defaulted operational partner information, administratively configured for the partner.
  • Page 416: Table 4-47 Show Lacp Neighbors - Display Description

    OMMAND NTERFACE Console#show lacp 1 neighbors Port channel 1 neighbors ------------------------------------------------------------------- Eth 1/1 ------------------------------------------------------------------- Partner Admin System ID : 32768, 00-00-00-00-00-00 Partner Oper System ID : 32768, 00-00-00-00-00-01 Partner Admin Port Number : 1 Partner Oper Port Number : 1 Port Admin Priority : 32768 Port Oper Priority : 32768 Admin Key : 0...
  • Page 417: Address Table Commands

    DDRESS ABLE OMMANDS Console#show lacp sysid Port Channel System Priority System MAC Address ------------------------------------------------------------------- 32768 00-30-F1-D3-26-00 32768 00-30-F1-D3-26-00 32768 00-30-F1-D3-26-00 32768 00-30-F1-D3-26-00 Console# Table 4-48 show lacp sysid - display description Field Description Channel group A link aggregation group configured on this switch. LACP system priority for this channel group.
  • Page 418: Mac-Address-Table Static

    OMMAND NTERFACE mac-address-table static This command maps a static address to a destination port in a VLAN. Use the no form to remove an address. Syntax mac-address-table static mac-address interface interface vlan vlan-id [action] no mac-address-table static mac-address vlan vlan-id •...
  • Page 419: Clear Mac-Address-Table Dynamic

    DDRESS ABLE OMMANDS • A static address cannot be learned on another port until the address is removed with the no form of this command. Example Console(config)#mac-address-table static 00-e0-29-94-34-de interface ethernet 1/1 vlan 1 delete-on-reset Console(config)# clear mac-address-table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries.
  • Page 420: Mac-Address-Table Aging-Time

    OMMAND NTERFACE Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: - Learned - Dynamic address entries - Permanent - Static entry - Delete-on-reset - Static entry to be deleted when system is reset •...
  • Page 421: Show Mac-Address-Table Aging-Time

    DDRESS ABLE OMMANDS Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time This command shows the aging time for entries in the address table. Default Setting None Command Mode...
  • Page 422: Spanning Tree Commands

    OMMAND NTERFACE Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 4-50 Spanning Tree Commands Command Function Mode Page spanning-tree Enables the spanning tree protocol 4-183 spanning-tree mode Configures STP or RSTP 4-184...
  • Page 423: Spanning-Tree

    PANNING OMMANDS Table 4-50 Spanning Tree Commands Command Function Mode Page spanning-tree Re-checks the appropriate BPDU format PE 4-195 protocol-migration show spanning-tree Shows spanning tree configuration for 4-195 the common spanning tree (i.e., overall bridge) or a selected interface spanning-tree This command enables the Spanning Tree Algorithm globally for the switch.
  • Page 424: Spanning-Tree Mode

    OMMAND NTERFACE spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to restore the default. Syntax spanning-tree mode {stp | rstp} no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.1D) • rstp - Rapid Spanning Tree Protocol (IEEE 802.1w) Default Setting rstp Command Mode...
  • Page 425: Spanning-Tree Forward-Time

    PANNING OMMANDS spanning-tree forward-time This command configures the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4 - 30 seconds) The minimum value is the higher of 4 or [(max-age / 2) +1].
  • Page 426: Spanning-Tree Max-Age

    OMMAND NTERFACE Default Setting 2 seconds Command Mode Global Configuration Command Usage This command sets the time interval (in seconds) at which the root device transmits a configuration message. Example Console(config)#spanning-tree hello-time 5 Console(config)# spanning-tree max-age This command configures the spanning tree bridge maximum age globally for this switch.
  • Page 427: Spanning-Tree Priority

    PANNING OMMANDS becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network. Example Console(config)#spanning-tree max-age 40 Console(config)# spanning-tree priority This command configures the spanning tree priority globally for this switch.
  • Page 428: Spanning-Tree Pathcost Method

    OMMAND NTERFACE spanning-tree pathcost method This command configures the path cost method used for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 0-200,000,000. •...
  • Page 429: Spanning-Tree Spanning-Disabled

    PANNING OMMANDS Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs. Example Console(config)#spanning-tree transmission-limit 4 Console(config)# spanning-tree spanning-disabled This command disables the spanning tree algorithm for the specified interface. Use the no form to reenable the spanning tree algorithm for the specified interface.
  • Page 430: Spanning-Tree Cost

    OMMAND NTERFACE spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 1-200,000,000)) The recommended range is: •...
  • Page 431: Spanning-Tree Port-Priority

    PANNING OMMANDS spanning-tree port-priority This command configures the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port. (Range: 0-240, in steps of 16) Default Setting Command Mode Interface Configuration (Ethernet, Port Channel)
  • Page 432: Spanning-Tree Portfast

    OMMAND NTERFACE Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
  • Page 433: Spanning-Tree Link-Type

    PANNING OMMANDS Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and proceed straight to Forwarding. •...
  • Page 434: Spanning-Tree Protocol-Migration

    OMMAND NTERFACE Default Setting auto Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Specify a point-to-point link if the interface can only be connected to exactly one other bridge, or a shared link if it can be connected to two or more bridges.
  • Page 435: Show Spanning-Tree

    PANNING OMMANDS Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible).
  • Page 436 OMMAND NTERFACE • For a description of the items displayed under “Spanning-tree information,” see “Configuring Global Settings” on page 3 -129. For a description of the items displayed for specific interfaces, see “Displaying Interface Settings” on page 3 -133. Example Console#show spanning-tree Spanning-tree information ---------------------------------------------------------------...
  • Page 437: Vlan Commands

    VLAN C OMMANDS VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
  • Page 438: Vlan

    OMMAND NTERFACE Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN.
  • Page 439 VLAN C OMMANDS Default Setting By default only VLAN 1 exists and is active. Command Mode VLAN Database Configuration Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state returns the VLAN to the default state (i.e., active).
  • Page 440: Configuring Vlan Interfaces

    OMMAND NTERFACE Configuring VLAN Interfaces Table 4-53 Configuring VLAN Interfaces Command Function Mode Page interface vlan Enters interface configuration mode 4-200 for a specified VLAN switchport mode Configures VLAN membership mode 4-201 for an interface switchport Configures frame types to be accepted 4-202 acceptable-frame-types by an interface...
  • Page 441: Switchport Mode

    VLAN C OMMANDS Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown (4-149) switchport mode This command configures the VLAN membership mode for a port.
  • Page 442: Switchport Acceptable-Frame-Types

    OMMAND NTERFACE Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid: Console(config)#interface ethernet 1/1 Console(config-if)#switchport mode hybrid Console(config-if)# Related Commands switchport acceptable-frame-types (4-202) switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the default.
  • Page 443: Switchport Ingress-Filtering

    VLAN C OMMANDS Related Commands switchport mode (4-201) switchport ingress-filtering This command enables ingress filtering for an interface. Use the no form to restore the default. Syntax [no] switchport ingress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
  • Page 444: Switchport Native Vlan

    OMMAND NTERFACE switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1...
  • Page 445: Switchport Allowed Vlan

    VLAN C OMMANDS switchport allowed vlan This command configures VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list} no switchport allowed vlan • add vlan-list - List of VLAN identifiers to add. •...
  • Page 446: Switchport Forbidden Vlan

    OMMAND NTERFACE • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged...
  • Page 447: Displaying Vlan Information

    VLAN C OMMANDS Example The following example shows how to prevent port 1 from being added to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport forbidden vlan add 3 Console(config-if)# Displaying VLAN Information Table 4-54 Show VLAN Commands Command Function Mode Page show vlan Shows VLAN information 4-207...
  • Page 448: Configuring Private Vlans

    OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Example The following example shows how to display information for VLAN 1: Console#show vlan id 1 Vlan ID: Type: Static Name: DefaultVlan Status: Active Ports/Port Channel: Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S) Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S) Eth1/11(S) Eth1/12(S) Eth1/13(S) Eth1/14(S) Eth1/15(S) Eth1/16(S) Eth1/17(S) Eth1/18(S) Eth1/19(S) Eth1/20(S)
  • Page 449: Table 4-55 Private Vlan Commands

    VLAN C OMMANDS This section describes commands used to configure private VLANs. Table 4-55 Private VLAN Commands Command Function Mode Page Edit Private VLAN Groups private-vlan Adds or deletes primary, community, or 4-210 isolated VLANs private-vlan association Associates a community VLAN with a 4-212 primary VLAN Configure Private VLAN Interfaces...
  • Page 450: Private-Vlan

    OMMAND NTERFACE Use the switchport private-vlan mapping command to assign a port to a primary VLAN. Use the show vlan private-vlan command to verify your configuration settings. To configure isolated VLANs, follow these steps: Use the private-vlan command to designate an isolated VLAN that will contain a single promiscuous port and one or more isolated ports.
  • Page 451 VLAN C OMMANDS Default Setting None Command Mode VLAN Configuration Command Usage • Private VLANs are used to restrict traffic to ports within the same community or isolated VLAN, and channel traffic passing outside the community through promiscuous ports. When using community VLANs, they must be mapped to an associated “primary”...
  • Page 452: Private Vlan Association

    OMMAND NTERFACE private vlan association Use this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no form to remove all associations for the specified primary VLAN. Syntax private-vlan primary-vlan-id association {secondary-vlan-id | add secondary-vlan-id | remove secondary-vlan-id} no private-vlan primary-vlan-id association •...
  • Page 453: Switchport Mode Private-Vlan

    VLAN C OMMANDS switchport mode private-vlan Use this command to set the private VLAN mode for an interface. Use the no form to restore the default setting. Syntax switchport mode private-vlan {host | promiscuous} no switchport mode private-vlan • host – This port type can subsequently be assigned to a community or isolated VLAN.
  • Page 454: Switchport Private-Vlan Host-Association

    OMMAND NTERFACE switchport private-vlan host-association Use this command to associate an interface with a secondary VLAN. Use the no form to remove this association. Syntax switchport private-vlan host-association secondary-vlan-id no switchport private-vlan host-association secondary-vlan-id - ID of secondary (i.e., community) VLAN. (Range: 1-4094).
  • Page 455: Switchport Private-Vlan Mapping

    VLAN C OMMANDS Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage Host ports assigned to a isolated VLAN cannot pass traffic between group members, and must communicate with resources outside of the group via a promiscuous port. Example Console(config)#interface ethernet 1/3 Console(config-if)#switchport private-vlan isolated 3...
  • Page 456: Show Vlan Private-Vlan

    OMMAND NTERFACE Example Console(config)#interface ethernet 1/2 Console(config-if)#switchport private-vlan mapping 2 Console(config-if)# show vlan private-vlan Use this command to show the private VLAN configuration settings on this switch. Syntax show vlan private-vlan [community | isolated | primary] • community – Displays all community VLANs, along with their associated primary VLAN and assigned host interfaces.
  • Page 457: Gvrp And Bridge Extension Commands

    GVRP RIDGE XTENSION OMMANDS GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB.
  • Page 458: Show Bridge-Ext

    OMMAND NTERFACE Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. Example Console(config)#bridge-ext gvrp Console(config)#...
  • Page 459: Switchport Gvrp

    GVRP RIDGE XTENSION OMMANDS switchport gvrp This command enables GVRP for a port. Use the no form to disable it. Syntax [no] switchport gvrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/6 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration This command shows if GVRP is enabled.
  • Page 460: Garp Timer

    OMMAND NTERFACE garp timer This command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} •...
  • Page 461: Show Garp Timer

    GVRP RIDGE XTENSION OMMANDS Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer (4-221) show garp timer This command shows the GARP timers for the selected interface. Syntax show garp timer [interface] interface • ethernet unit/port - unit - Stack unit.
  • Page 462: Priority Commands

    OMMAND NTERFACE Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port.
  • Page 463: Queue Mode

    RIORITY OMMANDS Table 4-58 Priority Commands (Layer 2) (Continued) Command Function Mode Page show queue Shows the class-of-service map 4-228 cos-map show interfaces Displays the administrative and operational 4-155 switchport status of an interface queue mode This command sets the queue mode to strict priority or Weighted Round-Robin (WRR) for the class of service (CoS) priority queues.
  • Page 464: Switchport Priority Default

    OMMAND NTERFACE Example The following example sets the queue mode to strict priority service mode: Console(config)#queue mode strict Console(config)# switchport priority default This command sets a priority for incoming untagged frames. Use the no form to restore the default value. Syntax switchport priority default default-priority-id no switchport priority default...
  • Page 465: Queue Bandwidth

    RIORITY OMMANDS Therefore, any inbound frames that do not have priority tags will be placed in queue 0 of the output port. (Note that if the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission.) Example The following example shows how to set a default priority on port 3 to 5: Console(config)#interface ethernet 1/3...
  • Page 466: Queue Cos-Map

    OMMAND NTERFACE Related Commands show queue bandwidth (4-227) queue cos-map This command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 3). Use the no form set the CoS map to the default values. Syntax queue cos-map queue_id [cos1 ...
  • Page 467: Show Queue Mode

    RIORITY OMMANDS Example The following example shows how to map CoS values 0, 1 and 2 to egress queue 0, value 3 to egress queue 1, values 4 and 5 to egress queue 2, and values 6 and 7 to egress queue 3: Console(config)#interface ethernet 1/1 Console(config-if)#queue cos-map 0 0 1 2 Console(config-if)#queue cos-map 1 3...
  • Page 468: Show Queue Cos-Map

    OMMAND NTERFACE Command Mode Privileged Exec Example Console#show queue bandwidth Queue ID Weight -------- ------ Console# show queue cos-map This command shows the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - Stack unit. (This is unit 1) - port - Port number.
  • Page 469: Priority Commands (Layer 3 And 4)

    RIORITY OMMANDS Priority Commands (Layer 3 and 4) Table 4-60 Priority Commands (Layer 3 and 4) Command Function Mode Page map ip port Enables TCP class of service mapping 4-230 map ip port Maps TCP socket to a class of service 4-230 map ip precedence Enables IP precedence class of service...
  • Page 470: Map Ip Port (Global Configuration)

    OMMAND NTERFACE map ip port (Global Configuration) This command enables IP port mapping (i.e., class of service mapping for TCP/UDP sockets). Use the no form to disable IP port mapping. Syntax [no] map ip port Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port, IP Precedence or IP...
  • Page 471: Map Ip Precedence (Global Configuration)

    RIORITY OMMANDS Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • This command sets the IP port priority for all interfaces. Example The following example shows how to map HTTP traffic to CoS value 0: Console(config)#interface ethernet 1/5...
  • Page 472: Map Ip Precedence (Interface Configuration)

    OMMAND NTERFACE map ip precedence (Interface Configuration) This command sets IP precedence priority (i.e., IP Type of Service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value no map ip precedence • precedence-value - 3-bit precedence value. (Range: 0-7) •...
  • Page 473: Map Ip Dscp (Global Configuration)

    RIORITY OMMANDS map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [no] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage •...
  • Page 474: Table 4-62 Ip Dscp To Cos Values

    OMMAND NTERFACE Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Table 4-62 IP DSCP to CoS Values IP DSCP Value CoS Value 10, 12, 14, 16 18, 20, 22, 24...
  • Page 475: Show Map Ip Port

    RIORITY OMMANDS show map ip port Use this command to show the IP port priority map. Syntax show map ip port [interface] interface • ethernet unit/port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-26/52) •...
  • Page 476: Show Map Ip Precedence

    OMMAND NTERFACE show map ip precedence This command shows the IP precedence priority map. Syntax show map ip precedence [interface] interface • ethernet unit/port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-26/52) •...
  • Page 477: Show Map Ip Dscp

    RIORITY OMMANDS show map ip dscp This command shows the IP DSCP priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port - unit - Stack unit. (This is unit 1) - port - Port number. (Range: 1-26/52) •...
  • Page 478: Multicast Filtering Commands

    OMMAND NTERFACE Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
  • Page 479: Ip Igmp Snooping

    ULTICAST ILTERING OMMANDS ip igmp snooping This command enables IGMP snooping on this switch. Use the no form to disable it. Syntax [no] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static...
  • Page 480: Ip Igmp Snooping Version

    OMMAND NTERFACE Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port: Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/5 Console(config)# ip igmp snooping version This command configures the IGMP snooping version. Use the no form to restore the default.
  • Page 481: Show Ip Igmp Snooping

    ULTICAST ILTERING OMMANDS show ip igmp snooping This command shows the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See Configuring IGMP Snooping and Query Parameters” on page 3-181 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping...
  • Page 482: Igmp Query Commands (Layer 2)

    OMMAND NTERFACE Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER, depending on selected options. Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: Console#show mac-address-table multicast vlan 1 igmp-snooping VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------- 224.1.2.3 Eth1/11...
  • Page 483 ULTICAST ILTERING OMMANDS ip igmp snooping querier This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [no] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic.
  • Page 484: Ip Igmp Snooping Query-Interval

    OMMAND NTERFACE Command Usage The query count defines how long the querier waits for a response from a multicast client before taking action. If a querier has sent a number of queries defined by this command, but a client has not responded, a countdown timer is started using the time defined by ip igmp snooping query-max- response-time.
  • Page 485: Ip Igmp Snooping Query-Max-Response-Time

    ULTICAST ILTERING OMMANDS ip igmp snooping query-max-response-time This command configures the query report delay. Use the no form to restore the default. Syntax ip igmp snooping query-max-response-time seconds no ip igmp snooping query-max-response-time seconds - The report delay advertised in IGMP queries. (Range: 5-25) Default Setting 10 seconds Command Mode...
  • Page 486: Ip Igmp Snooping Router-Port-Expire-Time

    OMMAND NTERFACE ip igmp snooping router-port-expire-time This command configures the query timeout. Use the no form to restore the default. Syntax ip igmp snooping router-port-expire-time seconds no ip igmp snooping router-port-expire-time seconds - The time the switch waits after the previous querier stops before it considers the router port (i.e., the interface which had been receiving query packets) to have expired.
  • Page 487: Static Multicast Routing Commands

    ULTICAST ILTERING OMMANDS Static Multicast Routing Commands Table 4-66 Static Multicast Routing Commands Command Function Mode Page ip igmp snooping vlan Adds a multicast router port 4-247 mrouter show ip igmp snooping Shows multicast router ports 4-248 mrouter ip igmp snooping vlan mrouter This command statically configures a multicast router port.
  • Page 488: Show Ip Igmp Snooping Mrouter

    OMMAND NTERFACE Example The following shows how to configure port 11 as a multicast router port within VLAN 1: Console(config)#ip igmp snooping vlan 1 mrouter ethernet 1/11 Console(config)# show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports.
  • Page 489: Ip Interface Commands

    IP I NTERFACE OMMANDS IP Interface Commands An IP addresses may be used for management access to the switch over your network. The IP address for this switch is obtained via DHCP by default. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on.
  • Page 490 OMMAND NTERFACE Default Setting DHCP Command Mode Interface Configuration (VLAN) Command Usage • You must assign an IP address to this device to gain management access over the network. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.
  • Page 491: Ip Default-Gateway

    IP I NTERFACE OMMANDS ip default-gateway This command establishes a static route between this switch and devices that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established.
  • Page 492: Show Ip Interface

    OMMAND NTERFACE Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires the server to reassign the client’s last address if available.
  • Page 493: Show Ip Redirects

    IP I NTERFACE OMMANDS show ip redirects This command shows the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Console#show ip redirects IP default gateway 10.1.0.254 Console# Related Commands show ip interface (4-252) ping This command sends ICMP echo request packets to another node on the network.
  • Page 494 OMMAND NTERFACE Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of the ping command: - Normal response - The normal response occurs in one to ten seconds, depending on network traffic.
  • Page 495 PPENDIX OFTWARE PECIFICATIONS Software Features Authentication Local, RADIUS, TACACS, Port (802.1X), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 88 lists) DHCP Client Port Configuration 100BASE-TX: 10/100 Mbps, half/full duplex 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex Flow Control Full Duplex: IEEE 802.3-2002 Half Duplex: Back pressure...
  • Page 496: Software Specifications

    OFTWARE PECIFICATIONS Spanning Tree Algorithm Spanning Tree Protocol (STP, IEEE 802.1D) Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) VLAN Support Up to 255 groups; port-based or tagged (802.1Q), GVRP for automatic VLAN learning, private VLANs Class of Service Supports four levels of priority and Weighted Round Robin Queueing (which can be configured by VLAN tag or port), Layer 3/4 priority mapping: IP Port, IP Precedence, IP DSCP Multicast Filtering...
  • Page 497: Standards

    OFTWARE PECIFICATIONS RMON Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event) Standards IEEE 802.1D Spanning Tree Protocol and traffic priorities IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Spanning Tree Protocol IEEE 802.1X Port Authentication IEEE 802.3-2002 Ethernet, Fast Ethernet, Gigabit Ethernet Full-duplex flow control Link Aggregation Control Protocol...
  • Page 498: Management Information Bases

    OFTWARE PECIFICATIONS Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP Multicasting related MIBs MAU MIB (RFC 2668)
  • Page 499: Troubleshooting

    PPENDIX ROUBLESHOOTING Problems Accessing the Management Interface Table B-1 Troubleshooting Chart Symptom Action Cannot connect using • Be sure the switch is powered up. Telnet, web browser, • Check network cabling between the management station or SNMP software and the switch. •...
  • Page 500 VT100 compatible, 8 data bits, 1 stop bit, no parity, and configuration 9600 bps. program via a serial • Check that the null-modem serial cable conforms to the port connection pin-out connections provided in the Installation Guide. Forgot or lost the • Contact SMC Technical Support for help. password...
  • Page 501: Using System Logs

    SING YSTEM Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: 1.
  • Page 502 ROUBLESHOOTING...
  • Page 503: Glossary

    LOSSARY Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) used to provide bootup information for network devices, BOOTP is including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
  • Page 504 LOSSARY Dynamic Host Control Protocol (DHCP) Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses and additional configuration options. Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch.
  • Page 505 LOSSARY IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol. IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks.
  • Page 506: Igmp Query

    LOSSARY IGMP Query On each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
  • Page 507: Multicast Switching

    LOSSARY Link Aggregation See Port Trunk. Link Aggregation Control Protocol (LACP) Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device. Management Information Base (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device.
  • Page 508: Port Mirroring

    LOSSARY Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target port to be studied unobstructively. Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links.
  • Page 509 LOSSARY Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services. Simple Network Time Protocol (SNTP) allows a device to set its internal clock based on periodic updates SNTP from a Network Time Protocol (NTP) server. Updates can be requested from a specific NTP server, or can be received via broadcasts sent by NTP servers.
  • Page 510 LOSSARY User Datagram Protocol (UDP) provides a datagram mode for packet-switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary.
  • Page 511: Index

    NDEX Numerics configuring 3-165 4-222 802.1X, port authentication 3-66 DSCP 3-174 3-178 4-233 IP precedence 3-172 4-230 4-231 layer 3/4 priorities 3-171 4-229 queue mapping 3-167 4-226 queue mode 3-169 4-223 acceptable frame type 3-153 4-202 traffic class weights 3-170 4-225 Access Control List See ACL Extended IP 3-78...
  • Page 512 NDEX GARP VLAN Registration Protocol See LACP GVRP local parameters 4-172 gateway, default 3-18 4-251 partner parameters 4-172 GVRP protocol message statistics 4-172 global setting 4-217 link type, STA 3-136 3-139 4-193 interface configuration 3-154 4-219 logging GVRP, global setting 3-145 syslog traps 4-63 to syslog servers 4-61 log-in, web interface 3-3...
  • Page 513 NDEX path cost 3-127 3-135 method 3-132 4-188 STA 3-127 3-135 4-188 RADIUS, logon authentication 4-97 port authentication 3-66 rate limits, setting 3-112 4-159 port priority remote logging 4-63 configuring 3-165 4-222 restarting the system 3-41 4-30 default ingress 3-165 4-224 RSTP 3-124 4-184...
  • Page 514 NDEX – interface settings 3-133 4-190 4-194 4-195 link type 3-136 3-139 4-193 upgrading software 3-22 4-87 path cost 3-127 3-135 4-190 user password 3-48 4-35 4-36 path cost method 3-132 4-188 port priority 3-135 4-191 protocol migration 3-139 4-194 transmission limit 3-132 4-188 –...
  • Page 516 97 14 299 4466 Fax 97 14 299 4664 Thailand: 66 2 651 8733 Fax 66 2 651 8737 If you are looking for further contact information, please visit www.smc.com, www.smc-europe.com, or www.smc-asia.com. Model Number: SMC6726AL2, SMC6752AL2 Pub. Number: 149100005200H 38 Tesla Revision Number: F2.2.6.3 E012005-R01...

This manual is also suitable for:

Smc6726al2Smc6752al2

Table of Contents