Planet WGSW-24000 User Manual
  1. Manuals
  2. Brands
  3. Planet Manuals
  4. Switch
  5. WGSW-24000
  6. User manual

Planet WGSW-24000 User Manual

24-port 10/100/1000mbps ethernet security switch
Hide thumbs Also See for WGSW-24000:
Table of Contents

Advertisement

Quick Links

Download this manual
24-Port 10/100/1000Mbps
Ethernet Security Switch
WGSW-24000
User's Manual

Advertisement

Table of Contents
loading

Related Manuals for Planet WGSW-24000

Summary of Contents for Planet WGSW-24000

  • Page 1 24-Port 10/100/1000Mbps Ethernet Security Switch WGSW-24000 User's Manual...

  • Page 2: Fcc Warning

    Trademarks Copyright © PLANET Technology Corp. 2005. Contents subject to which revision without prior notice. PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners. Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose.

  • Page 3: Table Of Contents

    Table of Contents 1. INTRODUCTION ..............................13 1.1 Packet Contents............................13 1.2 How to Use This Manual ..........................13 1.3 Product Feature ............................13 1.4 Product Specification ........................... 14 2. INSTALLATION ................................. 16 2.1 Product Description............................16 2.1.1 Product Overview............................16 2.1.2 Switch Front Panel ............................
  • Page 4 4.2.11 Trap Management..........................63 4.3 Switching..............................65 4.3.1 VLAN ..............................65 4.3.2 Protocol-based VLAN .......................... 70 4.3.3 Filters ..............................72 4.3.4 GARP..............................74 4.3.5 IGMP Snooping ........................... 77 4.3.6 Port Channel............................79 4.3.7 Multicast Forwarding Database ......................81 4.3.8 Spanning Tree............................85 4.3.9 Class of Service...........................
  • Page 5 8.1 System Information and Statistics Commands ..................143 8.1.1 show arp switch ..........................143 8.1.2 show eventlog ..........................143 8.1.3 show hardware ..........................144 8.1.4 show interface..........................144 8.1.5 show interface ethernet ........................145 8.1.6 show logging ............................ 151 8.1.7 show mac-addr-table ........................152 8.1.8 show msglog ............................
  • Page 6 8.5.17 show snmpcommunity ........................161 8.5.18 show snmptrap ..........................161 8.5.19 show trapflags..........................162 8.5.20 snmp-server community ........................ 162 8.5.21 snmp-server community ipaddr...................... 163 8.5.22 snmp-server community ipmask ....................163 8.5.23 snmp-server community mode ...................... 164 8.5.24 snmp-server community ro ......................164 8.5.25 snmp-server community rw......................
  • Page 7 8.6.22 set garp timer join .......................... 174 8.6.23 set garp timer join all........................175 8.6.24 set garp timer leave ........................175 8.6.25 set garp timer leave all........................175 8.6.26 set garp timer leaveall........................176 8.6.27 set garp timer leaveall all ....................... 176 8.6.28 set gmrp adminmode ........................
  • Page 8 8.6.61 speed all............................190 8.6.62 storm-control broadcast ......................... 190 8.6.63 storm-control flowcontrol........................ 191 8.6.64 vlan ..............................191 8.6.65 vlan acceptframe..........................192 8.6.66 vlan ingressfilter..........................192 8.6.67 vlan makestatic ..........................193 8.6.68 vlan name ............................193 8.6.69 vlan participation ..........................193 8.6.70 vlan participation all ........................
  • Page 9 8.8.11 reload ............................. 202 9. CLI COMMANDS: QUALITY OF SERVICE......................203 9.1 CLI Commands: Access Control List ......................203 9.1.1 show ip access-lists ......................... 203 9.2 Configuration Commands .......................... 203 9.2.1 access-list ............................203 9.2.2 ip access-group ..........................204 9.2.3 ip access-group all ........................... 204 9.3 CLI Commands: Differentiated Services ....................
  • Page 10 9.5.13 randomdrop............................ 219 9.5.14 shape bps-average ........................220 9.5.15 shape bps-peak ..........................220 9.6 Service Commands............................ 221 9.6.1 service-policy ........................... 221 9.7 Show Commands............................222 9.7.1 show class-map ..........................222 9.7.2 show diffserv ............................ 223 9.7.3 show policy-map ..........................223 9.7.4 show diffserv service........................
  • Page 11 10.1.22 show accounting .......................... 237 10.1.23 show authentication ........................238 10.1.24 show authentication users ......................238 10.1.25 show dot1x........................... 238 10.1.26 show dot1x users ......................... 241 10.1.27 show radius..........................241 10.1.28 show radius statistics ........................241 10.1.29 show users authentication ......................242 10.1.30 users defaultlogin.........................
  • Page 12 11.1.15 spanning-tree hello-time....................... 253 11.1.16 spanning-tree max-age ........................ 253 11.1.17 spanning-tree mst ........................254 11.1.18 spanning-tree mst instance ......................255 11.1.19 spanning-tree mst priority......................255 11.1.20 spanning-tree mst vlan......................... 256 11.1.21 spanning-tree port mode ......................256 11.1.22 spanning-tree port mode all ......................256 12.

  • Page 13: Introduction

    The section contains specifications of the Switch. Appendex A The section contains cable information of the Switch. In the following section, terms "SWITCH" with upper case denotes the WGSW-24000 Ethernet security switch. Terms with lower case "switch" means other Ethernet switch devices. 1.3 Product Feature ▫...

  • Page 14: Product Specification

    Supports inclusive and exclusive filtering to enable a switch application to filter and classify packets based on certain protocol fields in the packet. ▫ Supports mirroring to monitor the incoming or outgoing traffic on a particular port. 1.4 Product Specification WGSW-24000 Model Hardware Specification 24-Port 10/100/1000Base-T RJ-45 ports Network Ports...
  • Page 15 0 ~ 50 , Operating Temperature -40 ~70 , Storage Temperature 5% to 90%, relative humidity, non-condensing Operating Humidity 5% to 90%, relative humidity, non-condensing Storage Humidity Standards Conformance FCC Part 15 Class A, CE Regulation Compliance IEEE 802.3 10Base-T Standard Compliance IEEE 802.3u 100Base-TX/100Base-FX IEEE 802.3ab 1000Base-T...

  • Page 16: Installation

    Simple Network Management Protocol (SNMP) and can be managed via any standard-based management software. For text-based management, the WGSW-24000 can also be accessed via Telnet and the console port. For secure remote management, the WGSW-24000 support SSL and SSH connection which encrypt the packet content at each session.

  • Page 17: Switch Front Panel

    Figure 2-2 shows the rear panel of the switch 100 ~ 240V AC 50 / 60 Hz Figure 2-2 WGSW-24000 rear panel. Power Notice: The device is a power-required device, it means, it will not work till it is powered. If your networks should active all the time, please consider using UPS (Uninterrupted Power Supply) for your device.

  • Page 18: Install The Switch

    2.2 Install the Switch This section describes how to install the Ethernet Switch and make connections to it. Please read the following topics and perform the procedures in the order being presented. 2.2.1 Desktop Installation To install the Switch on desktop or shelf, please follows these steps: Step1: Attach the rubber feet to the recessed areas on the bottom of the switch.
  • Page 19 Caution: You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws would invalidate the warranty. Step3: Secure the brackets tightly. Step4: Follow the same steps to attach the second bracket to the opposite side. Step5: After the brackets are attached to the Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-6 Figure 2-6 Mounting the Switch in a Rack...

  • Page 20: Configuration

    3. CONFIGURATION This chapter explains the methods that you can use to configure management access to the switch. It describes the types of management applications and the communication and management protocols that deliver data between your management device (work-station or personal computer) and the system. It also contains information about port connection options.

  • Page 21: Administration Console

    Method Advantages Disadvantages ‧No IP address or subnet needed ‧Must be near switch or use dial-up Console connection ‧Text-based ‧Telnet functionality and HyperTerminal ‧Not convenient for remote users ‧Modem connection may prove to be built into Windows 95/98/NT/2000/ME/XP operating systems unreliable or slow ‧Secure ‧Ideal for configuring the switch remotely...

  • Page 22: Direct Access

    3.1.2 Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal-emulation program (such as HyperTerminal) to the switch console (serial) port. When using this management method, a null-modem cable is required to connect the switch to the PC. After making this connection, configure the terminal-emulation program to use the following parameters: The default parameters are: ▫...

  • Page 23: Protocols

    3.4 Protocols The switch supports the following protocols: ▫ Virtual terminal protocols, such as Telnet ▫ Simple Network Management Protocol (SNMP) 3.4.1 Virtual Terminal Protocols A virtual terminal protocol is a software program, such as Telnet, that allows you to establish a management session from a Macintosh, a PC, or a UNIX workstation.

  • Page 24: Web Configuration

    4. Web Configuration The WGSW-24000 can be configured through an Ethernet connection, make sure the manager PC must be set on same the IP subnet address with the switch. For example, if you have changed the default IP address of the Switch to 192.168.16.234 with subnet mask 255.255.255.0 via console, then the manager PC should be set at 192.168.16.x (where x is a number between 2 and 254) with subnet mask...

  • Page 25: Configure System

    Figure 4-2 main menu screen 4.2 Configure System The System section provides information for configuring system parameters. Under system the following topics are provided to configure and view the system information: ARP Cache Inventory Information System Loading Configuration Forward Database Logs Port SNMP...

  • Page 26: Inventory Information

    As shows in figure 4-3: Figure 4-3 ARP Cache 4.2.2 Inventory Information Use this panel to display the switch's Vital Product Data, stored in non-volatile memory at the factory. The page includes the following fields: System Description - The product name of this switch. Machine Type - The machine type of this switch.

  • Page 27: System Loading

    Figure 4-4 Inventory Information 4.2.3 System Loading This page shows the system loading information, including the following fields: CPU Utilization – The CPU usage percentage Memory Utilization – The total Memory size and the usage information Figure 4-5 System Loading...

  • Page 28: Configuration

    4.2.4 Configuration Use this page to configure the parameters for system management, including the following fields: System Description Switch Network Connectivity Remote Session Serial Port User Account Authentication List Configuration Login Session Authentication List Summary User Login Single IP Management Single IP Mgmt Swap Control 4.2.4.1 System Description This page shows the basic system information and is available to define the system name, location and...
  • Page 29 Figure 4-6 System Description 4.2.4.2 Switch Configuration This page includes the following fields: Broadcast Storm Recovery Mode - Enable or disable this option by selecting the corresponding line on the pull-down entry field. The factory default is disabled. IEEE 802.3x Flow Control Mode - Enable or disable this option by selecting the corresponding line on the pull-down entry field.
  • Page 30 4.2.4.3 Network Connectivity The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed. To access the switch over a network you must first configure it with IP information (IP address, subnet mask, and default gateway).
  • Page 31 factory default is enabled. Java Mode - Enable or disable the java applet that displays a picture of the switch at the top right of the screen. If you run the applet you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree at the left side of the screen.
  • Page 32 Figure 4-9 Remote Session 4.2.4.5 Serial Port Use this page to define the parameters of console connectivity. The configurable data are: Serial Port Login Timeout (minutes) - Specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection. Enter a number between 0 and 160: the factory default is 5.
  • Page 33 Figure 4-10 Serial Port Configuration 4.2.4.6 User Accounts By default, two user accounts exist: admin, with 'Read/Write' privileges guest, with 'Read Only' privileges By default, both of these accounts have blank passwords. The names are not case sensitive. If you logon with a user account with 'Read/Write' privileges (i.e. as admin) you can use the User Accounts screen to assign passwords and set security parameters for the default accounts, and to add and delete accounts (other than admin) up to the maximum of six.
  • Page 34 Confirm Password - Enter the password again, to confirm that you entered it correctly. This field will not display, but will show asterisks (*) Authentication Protocol - Specify the SNMPv3 Authentication Protocol setting for the selected user account. The valid Authentication Protocols are None, MD5 or SHA. If you select None, the user will be unable to access the SNMP data from an SNMP browser.
  • Page 35 4.2.4.7 Authentication List Configuration Use this screen to configure login lists. A login list specifies the authentication method(s) you want used to validate switch or port access for the users associated with the list. The pre-configured users, admin and guest, are assigned to a pre-configured list named defaultList, which you may not delete. All newly created users are also assigned to the defaultList until you specifically assign them to a different list Selection Criteria Authentication List - Select the authentication login list you want to configure.
  • Page 36 Figure 4-12 Authentication List Configuration – Create User Figure 4-13 Authentication List Configuration – DefaultList 4.2.4.8 Login Session This page shows the information of login session, including: ID - Identifies the ID of this row. User Name - Shows the user name of user made the session. Connection From - Shows the user is connected from which machine.
  • Page 37 Figure 4-14 Login Sessions 4.2.4.9 Authentication List Summary This page lists the authenticate user, the information fields include: Authentication List - Identifies the authentication login list summarized in this row. Method List - The ordered list of methods configured for this login list. Login Users - The users you assigned to this login list on the User Login Configuration screen.
  • Page 38 Figure 4-15 Authentication List Summary 4.2.4.10 User Login Each configured user is assigned to a login list that specifies how the user should be authenticated when attempting to access the switch or a port on the switch. After creating a new user account on the User Account screen, you should assign that user to a login list for the switch using this screen and, if necessary, to a login list for the ports using the Port Access Control User Login Configuration screen.
  • Page 39 Figure 4-10 User Login Configuration 4.2.4.11 Simple IP Management Use this page to configure the stacking WGSW-24000/WGSW-2620 in a single IP Address. Single Ip Management - Enable or disable this option by selecting the corresponding line on the pull-down entry field. The factory default is disabled.
  • Page 40 Figure 4-11 Single ip Management 4.2.4.12 Single Ip Mgmt Swap Control Use this page to swap the Master switch to control to. Swap Master Switch To - The switch Id which you are going to swap to control it. Figure 4-12 Single Ip Management Swap Control...

  • Page 41: Forwarding Database

    4.2.5 Forwarding Database 4.2.5.1 Configuration Use this panel to set the Address Ageing Timeout for the forwarding database. Address Ageing Timeout (seconds) - The forwarding database contains static entries, which are never aged out, and dynamically learned entries, which are removed if they are not updated within a given time.

  • Page 42: Logs

    Figure 4-14 Forwarding Database Search 4.2.6 Logs 4.2.6.1 Message Log Use this panel to display the message log maintained by the switch. The message log contains system trace information that records non-critical problems. Message log information is not retained across a switch reset and wraps after 512 entries.

  • Page 43: Port

    Figure 4-15 Message Log 4.2.7 Port 4.2.7.1 Configuration Use this page to configure the parameters of the distinct port. Selection Criteria Slot.Port - Selects the interface for which data is to be displayed or configured. Configurable Data STP Mode - The Select the Spanning Tree Protocol Administrative Mode for the port or LAG. The possible values are: Enable - select this to enable the Spanning Tree Protocol for this port.
  • Page 44 applied to all applicable interfaces only. Link Trap - This object determines whether or not to send a trap when link status changes. The factory default is enabled. Maximum Frame Size - The maximum Ethernet frame size the interface supports or is configured, including Ethernet header, CRC, and payload.
  • Page 45 Slot.Port - Identifies the port Port Type - For normal ports this field will be blank. Otherwise the possible values are: Mon - this port is a monitoring port. Look at the Port Monitoring screens for more information. LAG - the port is a member of a Link Aggregation trunk. Look at the LAG screens for more information.
  • Page 46 Figure 4-17 Port Summary 4.2.7.3 Port Mirroring Use this page to configure the port mirror function. Port Mirroring Mode - Selects the Port Mirroring Mode. May be enabled or disabled by selecting the corresponding line on the pull-down entry field. The factory default is disabled. Probe Port - The interface selected as the Probe.

  • Page 47: Snmp

    Figure 4-18 Port Mirroring 4.2.8 SNMP 4.2.8.1 Community Configuration By default, two SNMP Communities exist: private, with 'Read/Write' privileges and status set to enable public, with 'Read Only' privileges and status set to enable These are well-known communities; you can use this menu to change the defaults or to add other communities.
  • Page 48 whose IP address is 192.168.1.0 through 192.168.1.255 (inclusive) will be allowed access. To allow access from only one station, use a Client IP Mask value of 255.255.255.255, and use that machine's IP address for Client IP Address. Client IP Mask - Taken together, the Client IP Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device.
  • Page 49 between 0 and 255 separated by periods. Status - Select the receiver's status from the pulldown menu: Enable - send traps to the receiver Disable - do not send traps to the receiver. Figure 4-20 SNMP Trap Receiver 4.2.8.3 Supported MIBS This is a list of all the MIBs supported by the switch.

  • Page 50: Statistics

    Figure 4-21 SNMP Supported MIBs 4.2.9 Statistics 4.2.9.1 Switch Detail This page shows the detail information of the switch, including the following data: ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this switch. Octets Received - The total number of octets of data received by the processor (excluding framing bits but including FCS octets).
  • Page 51 Table entries that have been learned by this switch since the most recent reboot. Address Entries in Use - The number of Learned and static entries in the Forwarding Database Address Table for this switch. Maximum VLAN Entries - The maximum number of Virtual LANs (VLANs) allowed on this switch.
  • Page 52 interface. Broadcast Packets Transmitted - The total number of packets that higher-level protocols requested to be transmitted to the Broadcast address, including those that were discarded or not sent. Transmit Packet Errors - The number of outbound packets that could not be transmitted because of errors.
  • Page 53 framing bits but including FCS octets). Packets RX and TX 128-255 Octets - The total number of packets (including bad packets) received or transmitted that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 256-511 Octets - The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
  • Page 54 directed to a multicast address. Note that this number does not include packets directed to the broadcast address. Broadcast Packets Received - The total number of good packets received that were directed to the broadcast address. Note that this does not include multicast packets. Total Packets Received with MAC Errors - The total number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
  • Page 55 CFI Discards - The number of frames discarded that have CFI bit set and the addresses in RIF are in non-canonical format. Upstream Threshold - The number of frames discarded due to lack of cell descriptors available for that packet's priority level. Total Packets Transmitted (Octets) - The total number of octets of data (including those in bad packets) transmitted on the network (excluding framing bits but including FCS octets).
  • Page 56 Underrun Errors - The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission. Total Transmit Packets Discarded - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. Single Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
  • Page 57 Figure 4-24 Port Detailed Statistic 4.2.9.4 Port Summary Selection Criteria Slot.Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter.

  • Page 58: System Utilities

    Figure 4-25 Port Summary Statistics 4.2.10 System Utilities 4.2.10.1 Save All Applied Changes Saving all applied changes will cause all changes to configuration panels that were applied, but not saved, to be saved, thus retaining their new values across a system reboot. Figure 4-26 Save All Applied Changes...
  • Page 59 4.2.10.2 System Reset Reboot the switch. Any configuration changes you have made since the last time you issued a save will be lost. You will be shown a confirmation screen after you select the button. Figure 4-27 System Reset 4.2.10.3 Reset Configuration to Default Have all configuration parameters reset to their factory default values.
  • Page 60 4.2.10.4 Reset Password to Default Reset all of the system login passwords to their default values. If you want the switch to retain the new values across a power cycle, you must perform a save. Figure 4-29 Reset Password to Default 4.2.10.5 Download File To Switch Use this menu to download a file to the switch.
  • Page 61 The factory default is code. Note that to download SSH key files SSH must be administratively disabled and there can be no active SSH sessions. TFTP Server IP Address - Enter the IP address of the TFTP server. The factory default is 0.0.0.0.
  • Page 62 Start File Transfer - To initiate the upload you need to check this box and then select the submit button. Figure 4-31 Upload File from Switch 4.2.10.7 Ping Use this screen to tell the switch to send a Ping request to a specified IP address. You can use this to check whether the switch can communicate with a particular IP station.

  • Page 63: Trap Management

    Figure 4-32 Ping 4.2.11 Trap Management 4.2.11.1 Trap Flags Use this menu to specify which traps you want to enable. When the condition identified by an active trap is encountered by the switch a trap message will be sent to any enabled SNMP Trap Receivers, and a message will be written to the trap log.
  • Page 64 Figure 4-33 Trap Flags 4.2.11.2 Trap Log This screen lists the entries in the trap log. The information can be retrieved as a file by using System Utilities, Upload File from Switch. Non-Configurable Data Number of Traps since last reset - The number of traps that have occurred since the last time the switch was reset.

  • Page 65: Switching

    Figure 4-34 Trap Log 4.3 Switching This page provides all system operation for configuring VLAN, Port-based VLAN, Spanning Tree, Port Aggregation, and Multicast Support. The Switch page contains links to the following topics: VLAN Protocol-based VLAN Filters GARP IGMP Snooping Port Channel Multicast Forwarding Database Spanning Tree...
  • Page 66 field when you are creating a new VLAN.) The range of the VLAN ID is (1 to 4093). VLAN Name - Use this optional field to specify a name for the VLAN. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of 'Default'.
  • Page 67 4.3.1.2 VLAN Status This page displays the status of all currently configured VLANs. VLAN ID - The VLAN Identifier (VID) of the VLAN. The range of the VLAN ID is (1 to 4093) . VLAN Name - The name of the VLAN. VLAN ID 1 is always named `Default`. VLAN Type - The VLAN type: Default ( VLAN ID = 1) -- always present Static -- a VLAN you have configured...
  • Page 68 Ingress Filtering on the pulldown menu, a tagged frame will be discarded if this port is not a member of the VLAN identified by the VLAN ID in the tag. If you select disable from the pulldown menu, all tagged frames will be accepted. The factory default is disable. Port Priority - Specify the default 802.1p priority assigned to untagged packets arriving at the port.
  • Page 69 Figure 4-38 VLAN Port Summary 4.3.1.5 VLAN Reset Configuration If you select this button and confirm your selection on the next screen, all VLAN configuration parameters will be reset to their factory default values. Also, all VLANs, except for the default VLAN, will be deleted. The factory default values are: All ports are assigned to the default VLAN of 1.

  • Page 70: Protocol-Based Vlan

    Figure 4-39 Reset VLAN Configuration 4.3.2 Protocol-based VLAN 4.3.2.1 Configuration You can use a protocol-based VLAN to define filtering criteria for untagged packets. By default, if you do not configure any port- (IEEE 802.1Q) or protocol-based VLANs, untagged packets will be assigned to VLAN 1.
  • Page 71 Protocol(s) - Select the protocols you want to be associated with the group. There are three configurable protocols: IP, IPX, ARP. Hold down the control key to select more than one protocol. IP - IP is a network layer protocol that provides a connectionless service for the delivery of data.

  • Page 72: Filters

    IP - IP is a network layer protocol that provides a connectionless service for the delivery of data. ARP - Address Resolution Protocol (ARP) is a low-level protocol that dynamically maps network layer addresses to physical medium access control (MAC) addresses IPX - The Internetwork Packet Exchange (IPX) is a connectionless datagram Network-layer protocol that forwards data over a network.
  • Page 73 FF:FF:FF:FF:FF:FF VLAN ID - The VLAN ID used with the MAC address to fully identify packets you want filtered. You can only change this field when you have selected the "Create Filter" option. Source Port Members - List the ports you want included in the inbound filter. If a packet with the MAC address and VLAN ID you selected is received on a port that is not in the list, it will be dropped.

  • Page 74: Garp

    Figure 4-43 MAC Filter Summary 4.3.4 GARP 4.3.4.1 GARP Status This screen shows the GARP Status for the switch and for the individual ports. Note that the timers are only relevant when the status for a port shows as enabled. Switch GVRP - Indicates whether the GARP VLAN Registration Protocol administrative mode for this switch is enabled or disabled.
  • Page 75 each port. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds). Leave All Time (centiseconds) -This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered.
  • Page 76 Figure 4-45 GARP Switch Configuration 4.3.4.3 GARP Port Configuration Use this page to configure the GVRP/GMRP mode and GARP Timers on the ports. Note that it can take up to 10 seconds for GARP configuration changes to take effect. Slot.Port - Select the physical interface for which data is to be displayed or configured. It is possible to set the parameters for all ports by selecting 'All'.

  • Page 77: Igmp Snooping

    each GARP participant for each port. Leave All Time (centiseconds) - The Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime.
  • Page 78 in seconds. The default is 10 seconds. The configured value must be less than the Group Membership Interval. Multicast Router Present Expiration Time - Specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached.

  • Page 79: Port Channel

    Figure 4-48 IGMP Snooping Interface Configuration 4.3.6 Port Channel 4.3.6.1 LAG Configuration Use this page to configure the link aggregation for gathering bandwidth. Selection Criteria Port Channel Name – You can use this screen to reconfigure an existing Port Channel, or to create a new one.
  • Page 80 Port Channel. Non-Configurable Data Slot.Port - Slot.Port identification of the Port Channel being configured. This field will not appear when a new Port Channel is being created. Link Status - Indicates whether the Link is up or down. Port Channel Members - List of members of the Port Channel in slot.port form. Membership Conflicts - Shows ports that are already members of other Port Channels.

  • Page 81: Multicast Forwarding Database

    Active Ports - A listing of the ports that are actively participating members of this Port Channel, in slot.port notation. There can be a maximum of 8 ports assigned to a Port Channel. Figure 4-50 LAG Status 4.3.7 Multicast Forwarding Database 4.3.7.1 MFDB Table The Multicast Forwarding Database holds the port membership information for all active multicast address entries.
  • Page 82 end user. Dynamic entries are added to the table as a result of a learning process or protocol. Component - This is the component that is responsible for this entry in the Multicast Forwarding Database. Possible values are IGMP Snooping, GMRP, and Static Filtering. Description - The text description of this multicast table entry.
  • Page 83 Figure 4-52 MFDB GMRP Table 4.3.7.3 IGPM Snooping Table MAC Address - A VLAN ID - multicast MAC address pair for which the switch has forwarding and or filtering information. The format is 8 two-digit hexadecimal numbers that are separated by colons, for example 00:01:23:45:67:89:AB:CD. Type - This displays the type of the entry.
  • Page 84 Figure 4-53 MFDB IGMP Snooping Table 4.3.7.4 Multicast Forwarding Database Statistics MAC Address - A VLAN ID - multicast MAC address pair for which the switch has forwarding and or filtering information. The format is 8 two-digit hexadecimal numbers that are separated by colons, for example 00:01:23:45:67:89:AB:CD.

  • Page 85: Spanning Tree

    Figure 4-54 Multicast Forwarding Database Statistics 4.3.8 Spanning Tree 4.3.8.1 Spanning Tree Switch Configuration/Status This page is to enable/disable the Spanning Tree protocol. The switch support IEEE 802.1d Spanning Tree (STP), IEEE 802.1w Rapid Spanning Tree (RSTP) and IEEE 802.1S Multiple Spanning Tree (MSTP).
  • Page 86 each of them. Figure 4-55 Spanning Tree Switch Configuration/Status 4.3.8.2 Spanning Tree CST Configuration/Status Configurable Data Bridge Priority - Specifies the bridge priority for the Common and Internal Spanning tree (CST). The value lies between 0 and 61440. It is set in multiples of 4096. For example if the priority is attempted to be set to any value between 0 and 4095, it will be set to 0.
  • Page 87 Topology change count - Number of times topology has changed for the CST. Time since topology change - The time in seconds since the topology of the Topology change - The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance.
  • Page 88 and 4095, it will be set to 0. If it is tried to be set to any value between 4096 and (2*4096-1) it will be set to 4096 and so on. VLAN ID - This gives a list box of all VLANs on the switch. The VLANs associated with the MST instance which is selected are highlighted on the list.
  • Page 89 Configurable Data Port Priority - The priority for a particular port within the CST. The port priority is set in multiples of 16. For example if the priority is attempted to be set to any value between 0 and 15, it will be set to 0. If it is tried to be set to any value between 16 and (2*16-1) it will be set to 16 and so on.
  • Page 90 bridge priority and the base MAC address of the bridge. CST Path Cost - Path Cost to the CST Regional Root. Figure 4-58 Spanning Tree CST Port Configuration/Status 4.3.8.5 Spanning Tree MST Port Configuration/Status Selection Criteria MST ID - Selects one MST instance from existing MST instances. Slot.Port - Selects one of the physical or lag interfaces associated with VLANs associated with the selected MST instance.
  • Page 91 The possible values are Enable or Disable. Port Forwarding State - The Forwarding State of this port. Port Role - Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree. The port role will be one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port or Disabled Port.

  • Page 92: Class Of Service

    Figure 4-60 Spanning Tree Statistics 4.3.9 Class of Service 4.3.9.1 802.1p Priority Mapping This page is to configure the IEEE 802.1p priority mapping on the port. Slot.Port - Select the physical interface for which you want to display or configure data. Select 'All' to set the parameters for all ports to the same values.

  • Page 93: Security

    4.4 Security This section is to control the access of the switch, includes the user access and management control. The Security page contains links to the following topics: Port Access Control RADIUS MAC LOCK Secure HTTP Secure Shell 4.4.1 Port Access Control 4.4.1.1 Port Access Control Configuration This page is to Enable/Disable the port access control administrative mode.
  • Page 94 force authorized: The authenticator PAE unconditionally sets the controlled port to authorized. auto: The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator, and the authentication server. Quiet Period - This input field allows the user to configure the quiet period for the selected port.
  • Page 95 reauthentication of the supplicant takes place. The reauthentication period must be a value in the range of 1 and 65535. The default value is 3600. Changing the value will not change the configuration until the Submit button is pressed. Reauthentication Enabled - This select field allows the user to enable or disable reauthentication of the supplicant for the specified port.
  • Page 96 Figure 4-63 Port Access Control Port Configuration 4.4.1.4 Port Access Control Port Summary This page shows the summary of the port access control configuration parameters. Port - Specifies the port whose settings are displayed in the current table row. Control Mode - This field indicates the configured control mode for the port. Possible values are: Force Unauthorized: The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized...
  • Page 97 Figure 4-64 Port Access Control Port Summary 4.4.1.5 Port Access Control Statistics This page shows the statistics of access control on each port. Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port.
  • Page 98 EAP Request Frames Transmitted - This displays the number of EAP request frames (other than request/identity frames) that have been transmitted by this authenticator. Invalid EAPOL Frames Transmitted - This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. EAP Length Error Frames Received - This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized.
  • Page 99 Figure 4-66 Port Access Control User Login Configuration 4.4.1.7 Port Access Privileges Use this page to define the user access privilege on the port. Port - Selects the port to configure. Users - Selects the users that have access to the specified port or ports. Submit - Send the updated screen to the switch and cause the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.

  • Page 100: Radius

    4.4.1.8 Port Access Summary This page is to show the configured access control on each port. Port - Displays the port in slot.port format. Users - Displays the users that have access to the port. Figure 4-68 Port Access Summary 4.4.2 RADIUS 4.4.2.1 RADIUS Configuration This page is to configure the RADIUS server connection session parameters.
  • Page 101 configured, the max retransmit value on each will be exhausted before the next server is attempted. A retransmit will not occur until the configured timeout value on that server has passed without a response from the RADIUS server. Therefore, the maximum delay in receiving a response from the RADIUS application equals the sum of (retransmit times timeout) for all configured servers.
  • Page 102 Message Authenticator - Enable or disable the message authenticator attribute for the selected server. Current - Indicates if this server is currently in use as the authentication server. Secret Configured - Indicates if the shared secret for this server has been configured. Command Buttons Submit - Send the updated screen to the switch and cause the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is...
  • Page 103 Access Accepts - The number of RADIUS Access-Accept packets, including both valid and invalid packets that were received from this server. Access Rejects - The number of RADIUS Access-Reject packets, including both valid and invalid packets that were received from this server. Access Challenges - The number of RADIUS Access-Challenge packets, including both valid and invalid packets that were received from this server.
  • Page 104 configured. IP Address - The IP address of the accounting server to add. This field is only configurable if the add item is selected. Port - Specifies the UDP Port to be used by the accounting server. The valid range is 0 - 65535.
  • Page 105 Round Trip Time (secs) - Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server. Accounting Requests - Displays the number of RADIUS Accounting-Request packets sent not including retransmissions.

  • Page 106: Mac Lock

    4.4.2.6 RADIUS Clear Statistics This will clear the accounting server, authentication server and RADIUS statistics. Figure 4-74 RADIUS Clear Statistics 4.4.3 MAC Lock 4.4.3.1 MAC Lock Configuration This page is to lock the access on the port by MAC address. Slot.Port - Selects the interface for which data is to be displayed or configured.
  • Page 107 Figure 4-75 MAC Lock Configuration 4.4.3.2 MAC Lock Summary This page shows the configuration summary of MAC address access lock. Slot.Port - Selects the interface for which data is to be displayed or configured. VLAN ID - Enter the ID of the VLAN to which the Traffic Class will be applied. Enter a number between 1 and 4094.

  • Page 108: Secure Http

    4.4.4 Secure HTTP 4.4.4.1 Secure HTTP Configuration This page is to configuration the secure HTTP connection parameters. Admin Mode - This select field is used to Enable or Disable the Administrative Mode of Secure HTTP. The currently configured value is shown when the web page is displayed. The default value is Disable.

  • Page 109: Secure Shell

    4.4.5 Secure Shell 4.4.5.1 Secure Shell Configuration Admin Mode - This select field is used to Enable or Disable the Aministrative Mode of SSH. The currently configured value is shown when the web page is displayed. The default value is Disable. SSH Version 1 - This select field is used to Enable or Disable Protocol Level 1 for SSH.

  • Page 110: Qos

    4.5 QoS 4.5.1 IP Access Control List An ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.
  • Page 111 Figure 4-79 ACL Configuration 4.5.1.2 ACL Summary This page shows the configuration summary of access control list. ACL ID - The ACL identifier. Rules - The number of rules currently configured for the ACL. Slot.Port(s) - The interfaces to which the ACL applies. Direction - The direction of packet traffic affected by the ACL.
  • Page 112 4.5.1.3 ACL Rule Configuration Use these screens to configure the rules for the Access Control Lists created using the Access Control List Configuration screen. What is shown on this screen varies depending on the current step in the rule configuration process. An ACL must first be selected to configure rules for. The rule identification, and the 'Action' and 'Match Every' parameters must be specified next.
  • Page 113 Source IP Address value. Source L4 Port Keyword - Specify a packet's source layer 4 port as a match condition for the selected ACL rule. This is an optional configuration. The possible values are DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range.

  • Page 114: Differentiated Services

    IP header. The TOS Bits value is a hexadecimal number from 00 to FF. The TOS Mask value is a hexadecimal number from 00 to FF. The TOS Mask denotes the bit positions in the TOS Bits value that are used for comparison against the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use a TOS Bits value of 0xA0 and a TOS Mask of 0xFF.
  • Page 115 activated. Non-Configurable Data Class table - Displays the number of configured DiffServ classes out of the total allowed on the switch. Class Rule table - Displays the number of configured class rules out of the total allowed on the switch. Policy table - Displays the number of configured policies out of the total allowed on the switch.
  • Page 116 be selected. Possible options are 'all', 'any', or 'acl'. If 'acl' is (supported and) selected, then an access list (ACL) number is required which is an integer specifying an existing ACL. Only when a new class is created, this field is a selector field. After class creation this becomes a non-configurable field displaying the configured class type.
  • Page 117 Figure 4-83 Diffserv Class Configuration 4.5.2.3 Diffserv Class Summary This page shows the configuration summary of the Diffserv. Class Name - Displays names of the configured DiffServ classes. Class Type - Displays types of the configured classes as 'all', 'any', or 'acl'. Class types are platform dependent.
  • Page 118 4.5.2.4 Diff Policy Configuration This page is to configure the member class of the Diffserv policy. Selection Criteria Policy Selector - Along with an option to create a new policy, this lists all the existing DiffServ policy names, from which one can be selected. The content of this screen varies based on the selection of this field.
  • Page 119 Figure 4-85 DiffServ Policy Configuration 4.5.2.5 DiffServ Policy Summary This page shows the summary configuration of the DiffServ Policy. Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as 'In' or 'Out'. Member Classes - Displays name of each class instance within the policy.
  • Page 120 4.5.2.6 Policy Class Definition Policy Selector - This lists all the existing DiffServ policy names, from which one can be selected. Member Class List - This lists all existing DiffServ classes currently defined as members of the specified Policy, from which one can be selected. This list is automatically updated as a new class is added to or removed from the policy.
  • Page 121 Figure 4-88 DiffServ Policy Attribute Summary 4.5.2.8 DiffServ Service Configuration Use this page to define the DiffServ policy on each port. Slot.Port - Select the Slot.Port that uniquely specifies an interface. This is a list of all valid slot number and port number combinations in the system. For Read/Write users where 'All' appears in the list, select it to specify all interfaces.
  • Page 122 Figure 4-89 DiffServ Service Configuration 4.5.2.9 DiffServ Service Summary This page shows the configuration summary of DiffServ service. Slot.Port - Shows the Slot.Port that uniquely specifies an interface. Direction - Shows the traffic direction of this service interface, either In or Out. Operational Status - Shows the operational status of this service interface, either Up or Down.
  • Page 123 4.5.2.10 DiffServ Service Statistics This screen displays service-level statistical information in tabular form for all interfaces in the system to which a DiffServ policy has been attached in the inbound and/or outbound traffic directions. Use the 'Counter Mode Selector' to specify the counter display mode as either octets or packets (the default). Selection Criteria Counter Mode Selector - Specifies the format of the displayed counter values, which must be either Octets or Packets.
  • Page 124 4.5.2.11 DiffServ Service Detailed Statistics This screen displays class-oriented statistical information for the policy, which is specified by the interface and direction. The 'Member Classes' drop down list is populated on the basis of the specified interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy-class instance for the specified interface and direction.

  • Page 125: Rate Limiting

    Figure 4-92 DiffServ Service Detailed Statistics 4.5.3 Rate Limiting 4.5.3.1 Rate Limiting Configuration This page is to control the transmit rate on each port. Slot.Port - Selects the interface for which data is to be displayed or configured. Ingress Bandwidth - The value of inbound traffic limitation in megabit-per-second (Mbps). The Granularity of bandwidth for the 10/100 interface is 1 Mbps and for the gigabit interface is 8 Mbps.
  • Page 126 Figure 4-93 Rate Limiting Configuration 4.5.3.2 Rate Limiting Summary This page shows the configuration summary of rate control on each port. Slot.Port - The Slot.Port designation for an interface for which you have configured the bandwidth limitation. Ingress Bandwidth - The value of inbound traffic limitation in megabit-per-second (Mbps). The Granularity of bandwidth for the 10/100 interface is 1 Mbps and for the gigabit interface is 8 Mbps.
  • Page 127 Figure 4-94 Rate Limiting Summary...

  • Page 128: Command Structure

    5. COMMAND STRUCTURE The Command Line Interface (CLI) syntax, conventions and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. 5.1 Format Commands are followed by values, parameters, or both. Example 1 network parms <ipaddr> <netmask> [<gateway>] ▫...

  • Page 129: Conventions

    default for all IP parameters consists of zeros (that is, 0.0.0.1). The interface IP address of 0.0.0.0 is invalid. In some cases, the IP address can also be entered as a 32-bit number. macaddr The MAC address format is six hexadecimal numbers separated by colons, for example 00:06:29:32:81:40.
  • Page 130 as a comment line and ignored by the parser. Some examples are provided below: ! Script file for displaying the ip interface ! Display information about interfaces show ip interface 0/1 !Displays the information about the first interface ! Display information about the next interface show ip interface 0/2 ! End of the script file...

  • Page 131: Quick Start Up

    6. QUICK START UP The CLI Quick Start up details procedures to quickly become acquainted with the software. 6.1 Quick Starting the Switch Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access to the software locally or from a remote workstation. The device must be configured with IP information (IP address, subnet mask, and default gateway).
  • Page 132 (in Privileged EXEC) slot/port Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port speed and duplex mode Link Status - Indicates whether the link is up or down Link Trap - Determines whether or not to send a trap when link status changes...
  • Page 133 Privileged EXEC) Table 5-3 Quick Start up Account Management Quick Start up IP Address To view the network parameters the operator can access the device by the following three methods. ▫ Simple Network Management Protocol - SNMP ▫ Telnet ▫ Web Browser Helpful Hint: The user should do a “copy system:running-config nvram:startup-config”...
  • Page 134 IP Address range from 0.0.0.0 to 255.255.255.255 Subnet Mask range from 0.0.0.0 to 255.255.255.255 Gateway Address range from 0.0.0.0 to 255.255.255.255 Table 5-4 Quick Start up IP Address Quick Start up Uploading from Switch to Out-of-Band PC (Only XMODEM) Command Details The types are: copy {...
  • Page 135 or a configuration file (nvram:startup-config). {nvram:startup-config | The URL must be specified as: system: image} tftp://ipAddr/filepath/fileName. The nvram:startup-config option downloads the configuration file using tftp and system:image option downloads the code file. Table 5-6 Quick Start up Downloading from TFTP Server Quick Start up Factory Defaults Command Details...

  • Page 136: Mode-Based Cli

    7. MODE-BASED CLI The CLI groups all the commands in appropriate modes according to the nature of the command. A sample of the CLI command modes are described below. Each of the command modes supports specific software commands. ▫ User Exec Mode ▫...

  • Page 137: Mode-Based Topology

    user exec mode. Interface Config From the Global (Switching) (Interface-"if To exit to the Global Mode Configuration mode, number")# Config mode enter enter the interface exit. To return to user <slot/port> command EXEC mode enter ctrl-Z. Line Config Mode From the Global (Switching) (line) # To exit to the Global Configuration mode,...

  • Page 138: Mode-Based Command Hierarchy

    Root The User Exec commands are also accessible in the Privileged Exec mode User Exec Enable Password Return to Exec Correct? Prompt Privileged Exec VLAN Global Config Interface Class Map Policy Map Line Config Config Policy Class Figure 7-1 Mode-Based CLI Accessing to all commands in the Privileged Exec mode and below is restricted through a password.
  • Page 139 contains a limited set of commands. The command prompt shown at this level is: Command Prompt: (Switching) > Privileged Exec Mode To have access to the full suite of commands, the operator must enter the Privileged Exec mode. The Privileged Exec mode requires password authentication. From Privileged Exec mode, the operator can issue any Exec command, enter the VLAN mode or enter the Global Configuration mode.

  • Page 140: Flow Of Operation

    prompt at this level is: Command Prompt: (Switching) (Line) # Policy Map Mode Use the policy-map <policy-name>command to access the QoS policy map configuration mode to configure the QoS policy map. (Switching) (Config)# policy-map <policy-name> Command Prompt: (Switching) (Config policy-map) # Policy Class Mode Use the class <class-name>...

  • Page 141: No" Form Of A Command

    After all the mandatory parameters are entered, any additional parameters entered are treated as optional parameters. If any of the parameters are not recognized a syntax error message will be displayed. After the command is successfully parsed and validated, the control of execution goes to the corresponding CLI callback function.
  • Page 142 case when the "no" token is not specified as in (interface) and (inte?).

  • Page 143: Cli Commands: Base

    8. CLI Commands: Base This chapter provides detailed explanation of the Switching commands. The commands are divided into four functional groups: ▫ Show commands display switch settings, statistics, and other information. ▫ Configuration Commands configure features and options of the switch. For every configuration command there is a show command that displays the configuration setting.

  • Page 144: Show Hardware

    ▫ The task ID of the event. Task Id ▫ The event code. Code ▫ The time this event occurred. Time Event log information is retained across a switch reset. Note 8.1.3 show hardware This command displays inventory information for the switch. ▫...

  • Page 145: Show Interface Ethernet

    interface. ▫ The number of outbound packets that could not be transmitted Transmit Packets Errors because of errors. ▫ The best estimate of the total number of collisions on this Ethernet Collisions Frames segment. ▫ The elapsed time, in days, hours, minutes, and seconds Time Since Counters Last Cleared since the statistics for this port were last cleared.
  • Page 146 etherStatsOctets objects should be sampled before and after a common interval. ----- The result of this equation is the value Utilization which is the percent utilization of the ethernet segment on a scale of 0 to 100 percent. ▫ Packets Received < 64 Octets - The total number of packets (including bad packets) received that were <...
  • Page 147 deliverable to a higher-layer protocol. ▫ Jabbers Received - The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
  • Page 148 FF:FF:FF:FF:FF:FF when Broadcast Storm Recovery is enabled. ▫ CFI Discards - The number of frames discarded that have CFI bit set and the addresses in RIF are in non-canonical format. ▫ Upstream Threshold - The number of frames discarded due to lack of cell descriptors available for that packet's priority level.
  • Page 149 requested be transmitted to the Broadcast address, including those that were discarded or not sent. Transmit Errors ▫ Total Errors - The sum of Single, Multiple, and Excessive Collisions. ▫ Tx FCS Errors - The total number of packets transmitted that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with an integral number of octets ▫...
  • Page 150 ▫ GMRP PDU's Transmitted - The count of GMRP PDU's transmitted from the GARP layer. ▫ GMRP Failed Registrations - The number of times attempted GMRP registrations could not be completed. ▫ STP BPDUs Transmitted - Spanning Tree Protocol Bridge Protocol Data Units sent ▫...

  • Page 151: Show Logging

    requested be transmitted to a Multicast address, including those that were discarded or not sent. ▫ Broadcast Packets Transmitted - The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent.

  • Page 152: Show Mac-Addr-Table

    8.1.7 show mac-addr-table This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. Alternatively, the administrator can enter a MAC Address to display the table entry for the requested MAC address and all entries following the requested MAC address.

  • Page 153: Show Sysinfo

    is displayed in the script format, which can be used to configure another switch with same configuration. ▫ Format show running-config ▫ Mode Privileged EXEC 8.1.10 show sysinfo This command displays switch information. ▫ Format show sysinfo ▫ Mode Privileged EXEC ▫...

  • Page 154: Show Classofservice Dot1Pmapping

    class mapping on a 'per-port' basis, and the number of available traffic classes may vary with the platform. ▫ Format classofservice dot1pmapping <userpriority> <trafficclass> ▫ Mode Global Config or Interface Config 8.3.2 show classofservice dot1pmapping This command displays the current 802.1p priority mapping to internal traffic classes for a specific interface.

  • Page 155: Show Port-Channel Brief

    This command disables the support of static port-channels (link aggregations - LAGs) on the device. ▫ Disabled Default ▫ Format no port-channel staticcapability ▫ Mode Global Config 8.4.2 show port-channel brief This command displays the static capability of all port-channels (LAGs) on the device as well as a summary of individual port-channels.

  • Page 156: Mtu

    8.5.2 mtu This command sets the maximum transmission unit (MTU) size (in bytes) for physical and port-channel (LAG) interfaces. For the standard implementation, the range of <mtusize> is a valid integer between 1522-9216. ▫ 1522 Default ▫ Format mtu <1522-9216> ▫...

  • Page 157: Network Mac-Type

    8.5.5 network mac-type This command specifies whether the burned in MAC address or the locally-administered MAC address is used. ▫ Default burnedin ▫ Format network mac-type {local | burnedin} ▫ Mode Privileged EXEC 8.5.5.1 no network mac-type This command resets the value of MAC address to its default. Format no network mac-type Mode...

  • Page 158: Remotecon Timeout

    ▫ Format no remotecon maxsessions ▫ Mode Privileged EXEC 8.5.9 remotecon timeout This command sets the remote connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. A value of 0 indicates that a session remains active indefinitely.

  • Page 159: Set Prompt

    ▫ Default ▫ Format serial timeout <0 - 160> ▫ Mode Line Config 8.5.11.1 no serial timeout This command sets the maximum connect time (in minutes) without console activity to 5. ▫ Format no serial timeout ▫ Mode Line Config 8.5.12 set prompt This command changes the name of the prompt.

  • Page 160: Show Remotecon

    configured for in-band connectivity. To take effect, 'MAC Address Type' must be set to 'Locally Administered'. Enter the address as twelve hexadecimal digits (6 bytes) with a colon between each byte. Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0, i.e. byte 0 should have the following mask 'xxxx xx10'.

  • Page 161: Show Snmpcommunity

    Flow Control - Whether Hardware Flow-Control is enabled or disabled. Hardware Flow Control is always disabled. Stop Bits - The number of Stop bits per character. The number of Stop bits is always 1. Parity Type - The Parity Method used on the Serial Port. The Parity Method is always None. 8.5.17 show snmpcommunity This command displays SNMP community information.

  • Page 162: Show Trapflags

    and 255 separated by periods. ▫ Status - A pull down menu that indicates the receiver's status (enabled or disabled) and allows the administrator/user to perform actions on this user entry: Enable - send traps to the receiver Disable - do not send traps to the receiver. Delete - remove the table entry.

  • Page 163: Snmp-Server Community Ipaddr

    entries using the same community name, the first entry is kept and processed and all duplicate entries are ignored. ▫ Two default community names: Public and Private. You can replace these default Default community names with unique identifiers for each community. The default values for the remaining four community names are blank.

  • Page 164: Snmp-Server Community Mode

    ▫ Format snmp-server community ipmask <ipmask> <name> ▫ Mode Global Config 8.5.22.1 no snmp-server community ipmask This command sets a client IP mask for an SNMP community to 0.0.0.0. The name is the applicable community name. The community name may be up to 16 alphanumeric characters. ▫...

  • Page 165: Snmp-Server Enable Traps Linkmode

    ▫ Default Enabled ▫ Format snmp-server enable traps ▫ Mode Global Config 8.5.26.1 no snmp-server enable traps This command disables the Authentication Flag. ▫ Format no snmp-server enable traps ▫ Mode Global Config 8.5.27 snmp-server enable traps bcaststorm This command enables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled.

  • Page 166: Snmp-Server Enable Traps Stpmode

    ▫ Format snmp-server enable traps multiusers ▫ Mode Global Config 8.5.29.1 no snmp-server enable traps multiusers This command disables Multiple User traps. ▫ Format no snmp-server enable traps multiusers ▫ Mode Global Config 8.5.30 snmp-server enable traps stpmode This command enables the sending of new root traps and topology change notification traps. ▫...

  • Page 167: Snmptrap Mode

    ▫ Mode Global Config 8.5.33 snmptrap mode This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps). ▫ Format snmptrap mode <name> <ipaddr> ▫...

  • Page 168: Auto-Negotiate

    8.6.2 auto-negotiate This command enables automatic negotiation on a port. The default value is enable. ▫ Format auto-negotiate ▫ Mode Interface Config 8.6.2.1 no auto-negotiate This command disables automatic negotiation on a port. ▫ Format no auto-negotiate ▫ Mode Interface Config 8.6.3 auto-negotiate all This command enables automatic negotiation on all ports.

  • Page 169: Macfilter Adddest

    The <vlanid> parameter must identify a valid VLAN. Up to 100 static MAC filters may be created. ▫ Format macfilter <macaddr> <vlanid> ▫ Mode Global Config 8.6.6.1 no macfilter This command removes all filtering restrictions and the static MAC filter entry for the MAC address <macaddr>...

  • Page 170: Macfilter Addsrc

    This command removes all ports from the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN. ▫...

  • Page 171: Monitor Session

    8.6.11 monitor session This command configures a probe port and a monitored port for monitor session (port monitoring). The first slot/port is the source monitored port and the second slot/port is the destination probe port. If this command is executed while port monitoring is enabled, it will have the effect of changing the probe and monitored port values.

  • Page 172: Port Lacpmode All

    ▫ Mode Interface Config 8.6.14 port lacpmode all This command enables Link Aggregation Control Protocol (LACP) on all ports. ▫ Format port lacpmode all ▫ Mode Global Config 8.6.14.1 no port lacpmode all This command disables Link Aggregation Control Protocol (LACP) on all ports. ▫...

  • Page 173: Port-Channel Name

    ▫ Default Enabled ▫ Format port-channel linktrap {<logical slot/port> | all} ▫ Mode Global Config 8.6.17.1 no port-channel linktrap This command disables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.

  • Page 174: Protocol Vlan Group All

    ▫ Format protocol vlan group <groupid> ▫ Mode Interface Config 8.6.20.1 no protocol vlan group This command removes the <interface> from this protocol-based VLAN group that is identified by this <groupid>. If <all> is selected, all ports will be removed from this protocol group. ▫...

  • Page 175: Set Garp Timer Join All

    ▫ Mode Interface Config 8.6.23 set garp timer join all This command sets the GVRP join time for all ports and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group.

  • Page 176: Set Garp Timer Leaveall

    considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service time is 20 to 600 (centiseconds). This command has an effect only when GVRP is enabled. Note ▫ 60 centiseconds (0.6 seconds) Default ▫...

  • Page 177: Set Gmrp Adminmode

    6000 (centiseconds). This command has an effect only when GVRP is enabled. Note ▫ 1000 centiseconds (10 seconds) Default ▫ Format set garp timer leaveall all <200-6000> ▫ Mode Global Config 8.6.27.1 no set garp timer leaveall all This command sets how frequently Leave All PDUs are generated for all ports to 1000 centiseconds (10 seconds).

  • Page 178: Set Gmrp Interfacemode All

    which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that interface. GARP functionality will subsequently be re-enabled if routing is disabled and portchannel (LAG) membership is removed from an interface that has GARP enabled.

  • Page 179: Set Gvrp Interfacemode All

    8.6.32.1 no set gvrp interfacemode This command disables GVRP (GARP VLAN Registration Protocol) for a specific port. If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect. ▫ Format no set gvrp interfacemode ▫ Mode Interface Config 8.6.33 set gvrp interfacemode all This command enables GVRP (GARP VLAN Registration Protocol) for all ports.

  • Page 180: Show Gvrp Configuration

    ▫ Join Timer - Specifies the interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds).

  • Page 181: Show Igmpsnooping

    attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis.

  • Page 182: Show Mac-Address-Table Gmrp

    processed by the CPU. 8.6.39 show mac-address-table gmrp This command displays the GARP Multicast Registration Protocol (GMRP) entries in the Multicast Forwarding Database (MFDB) table. ▫ Format show mac-address-table gmrp ▫ Mode Privileged EXEC ▫ Mac Address - A unicast MAC address for which the switch has forwarding and or filtering information.

  • Page 183: Show Mac-Address-Table Static

    user. Dynamic entries are added to the table as a result of a learning process or protocol. ▫ Component - The component that is responsible for this entry in the Multicast Forwarding Database. Possible values are IGMP Snooping, GMRP, and Static Filtering. ▫...

  • Page 184: Show Monitor

    ▫ Most MFDB Entries Ever Used - This displays the largest number of entries that have been present in the Multicast Forwarding Database table. This value is also known as the MFDB high-water mark. ▫ Current Entries - This displays the current number of entries in the Multicast Forwarding Database table.

  • Page 185: Show Port Protocol

    factory default is enabled. ▫ LACP Mode - Displays whether LACP is enabled or disabled on this port. 8.6.47 show port protocol This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated Group. ▫ Format show port protocol {<groupid>...

  • Page 186: Show Storm-Control

    8.6.49 show storm-control This command displays switch configuration information. ▫ Format show storm-control ▫ Mode Privileged EXEC ▫ Broadcast Storm Recovery Mode - May be enabled or disabled. The factory default is disabled. ▫ 802.3x Flow Control Mode - May be enabled or disabled. The factory default is disabled. 8.6.50 show vlan This command displays detailed information, including interface information, for a specific VLAN.

  • Page 187: Show Vlan Brief

    ▫ Tagging - Select the tagging behavior for this port in this VLAN. Tagged - specifies to transmit traffic for this VLAN as tagged frames. Untagged - specifies to transmit traffic for this VLAN as untagged frames. 8.6.51 show vlan brief This command displays a list of all configured VLANs.

  • Page 188: Shutdown

    8.6.53 shutdown This command disables a port. ▫ Default Enabled ▫ Format shutdown ▫ Mode Interface Config 8.6.53.1 no shutdown This command enables a port. ▫ Format no shutdown ▫ Mode Interface Config 8.6.54 shutdown all This command disables all ports. ▫...

  • Page 189: Spanning-Tree

    Note: This command is valid only when the Link Up/Down Flag is enabled (see "snmpserver enable traps linkmode"). ▫ Format snmp trap link-status all ▫ Mode Global Config 8.6.56.1 no snmp trap link-status all This command disables link status traps for all interfaces. Note: This command is valid only when the Link Up/Down Flag is enabled (see "snmpserver enable traps linkmode").

  • Page 190: Speed

    string of up to 64 characters. To use spaces as part of a description, enclose it in double quotes like: "Port 1 connect to Ln 1" ▫ Format description <description> ▫ Mode Interface Config 8.6.60 speed This command sets the speed and duplex setting for the interface. ▫...

  • Page 191: Storm-Control Flowcontrol

    1000M Table 7-1 Broadcast Storm Recovery Thresholds 8.6.62.1 no storm-control broadcast This command disables broadcast storm recovery mode. The threshold implementation follows a percentage pattern. If the broadcast traffic on any Ethernet port exceeds the high threshold percentage (as represented in "Broadcast Storm Recovery Thresholds" table) of the link speed, the switch discards the broadcasts traffic until the broadcast traffic returns to the low threshold percentage or less.

  • Page 192: Vlan Acceptframe

    8.6.64.1 no vlan This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-4094. ▫ Format no vlan <2-4094> ▫ Mode VLAN database 8.6.65 vlan acceptframe This command sets the frame acceptance mode per interface.

  • Page 193: Vlan Makestatic

    8.6.67 vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-4094. ▫...

  • Page 194: Vlan Port Acceptframe All

    ▫ Mode Global Config Participation options are: ▫ include - The interface is always a member of this VLAN. This is equivalent to registration fixed. ▫ Exclude - The interface is never a member of this VLAN. This is equivalent to registration forbidden.

  • Page 195: Vlan Port Pvid All

    to ports that are members of that VLAN. ▫ Format no vlan port ingressfilter all ▫ Mode Global Config 8.6.73 vlan port pvid all This command changes the VLAN ID for all interfaces. ▫ Default ▫ Format vlan port pvid all <1-4094> ▫...

  • Page 196: Vlan Protocol Group Remove

    associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail and the protocol will not be added to the group. The possible values for protocol are ip, arp, and ipx. ▫...

  • Page 197: User Account Management Commands

    disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. ▫ Format no vlan tagging <1-4094> ▫ Mode Interface Config 8.7 User Account Management Commands These commands manage user accounts. 8.7.1 disconnect This command closes a telnet session. ▫...

  • Page 198: Users Name

    and up to five Read Only users. ▫ SNMPv3 AccessMode - This field displays the SNMPv3 Access Mode. If the value is set to Read-Write, the SNMPv3 user will be able to set and retrieve parameters on the system. If the value is set to ReadOnly, the SNMPv3 user will only be able to retrieve parameter information.

  • Page 199: Users Snmpv3 Accessmode

    ▫ Format no users passwd <username> ▫ Mode Global Config 8.7.6 users snmpv3 accessmode This command specifies the snmpv3 access privileges for the specified login user. The valid accessmode values are readonly or readwrite. The <username> is the login user name for which the specified access mode will apply.

  • Page 200: System Utilities

    key. When using the des protocol, the user login password is also used as the snmpv3 encryption password and therefore must be at least eight characters in length. If none is specified, a key must not be provided. The <username> is the login user name associated with the specified encryption.

  • Page 201: Clear Port-Channel

    prompted to confirm that the password reset should proceed. ▫ Format clear pass ▫ Mode Privileged EXEC 8.8.5 clear port-channel This command clears all port-channels (LAGs). ▫ Format clear port-channel ▫ Mode Privileged EXEC 8.8.6 clear traplog This command clears the trap log. ▫...

  • Page 202: Logout

    copy system:running-config nvram:startup-config copy <url> nvram:sslpem-root copy <url> nvram:sslpem-server copy <url> nvram:sslpem-dhweak copy <url> nvram:sslpem-dhstrong copy <url> nvram:sshkey-rsa1 copy <url> nvram:sshkey-rsa2 copy <url> nvram:sshkey-dsa ▫ Mode Privileged EXEC 8.8.9 logout This command closes the current telnet connection or resets the current serial connection. Save configuration changes before logging out.

  • Page 203: Cli Commands: Quality Of Service

    9. CLI COMMANDS: QUALITY OF SERVICE This chapter provides a detailed explanation of the Quality of Service (QOS) commands. The following QOS CLI commands are available in the software QOS Package. The commands are divided into these different groups: ▫ Show commands are used to display device settings, statistics and other information.

  • Page 204: Ip Access-Group

    <accesslistnumber>. The ACL number is an integer from 1 to 199. The range 1 to 99 is for normal ACL List and 100 to 199 is for extended ACL List. The ACL rule is created with the option of permit or deny. The protocol to filter for an ACL rule is specified by giving the protocol to be used like cmp, igmp, ip, tcp, udp.

  • Page 205: Cli Commands: Differentiated Services

    ▫ Mode Global Config 9.3 CLI Commands: Differentiated Services This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ) package. The user configures DiffServ in several stages by specifying: 1. Class ▫ creating and deleting classes ▫ defining match criteria for a class.

  • Page 206: Diffserv

    ▫ i.e., ACL rules copied as class match criteria at time of class creation, with class type 'any' ▫ implicit ACL 'deny all' rule also copied ▫ no nesting of class type 'acl' Regarding nested classes, referred to here as class references, a given class definition can contain at most one reference to another class, which can be combined with other match criteria.

  • Page 207: Class-Map

    9.4.1 class-map This command defines a new DiffServ class of type match-all, match-any or match-access-group. The <classname> parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class (Note: the class name 'default' is reserved and must not be used here). When used without any match condition, this command enters the class-map mode.

  • Page 208: Class-Map Rename

    9.4.2 class-map rename This command changes the name of a DiffServ class. The <classname> is the name of an existing DiffServ class. The <newclassname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class (Note: the class name 'default' is reserved and must not be used here).

  • Page 209: Match Destination-Address Mac

    9.4.4.1 no match class-map This command removes from the specified class definition the set of match conditions defined for another class. The <refclassname> is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: there is no [not] option for this match command. ▫...

  • Page 210: Match Ip Dscp

    To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535. To specify the match condition using a numeric range notation, two layer 4 port numbers are required and together they specify a contiguous port range.

  • Page 211: Match Ip Tos

    To specify a match on all Precedence values, use the match [not] ip tos <tosbits> <tosmask> Note command with <tosbits> set to 0 and <tosmask> set to 1F (hex). ▫ Default None ▫ Format match [not] ip precedence <0-7> ▫ Mode Class-Map Config 9.4.10 match ip tos...

  • Page 212: Match Source-Address Mac

    ▫ Format match [not] protocol {<protocol-name> | <0-255>} ▫ Mode Class-Map Config 9.4.12 match source-address mac This command adds to the specified class definition a match condition based on the source MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff).

  • Page 213: Match Vlan

    has the effect of negating this match condition for the class (i.e., match all source layer 4 ports except for those within the range specified here). The optional [not] parameter has the effect of negating this match condition for the class (i.e., match all source layer 4 port numbers except for the one specified here).

  • Page 214: Bandwidth Kbps

    9.5.1 bandwidth kbps This command identifies a minimum amount of bandwidth to be reserved for the specified class instance within the named policy using an absolute rate notation. The committed information rate is specified in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295. Note: The actual bandwidth allocation does not occur until the policy is attached to an interface in a particular direction.

  • Page 215: Class

    9.5.3 class This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. The <classname> is the name of an existing DiffServ class. Note that this command causes the specified policy to create a reference to the class definition.

  • Page 216: Expedite Percent

    9.5.5 expedite percent This command identifies the maximum guaranteed amount of bandwidth to be reserved for the specified class instance within the named policy using a relative rate notation. The committed information rate is specified as a percentage of total link capacity and is an integer from 1 to 100. The optional committed burst size is specified in kilobytes (KB) as an integer from 1 to 128, with a default of 4.

  • Page 217: Police-Simple

    9.5.8 police-simple This command is used to establish the traffic policing style for the specified class. The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and nonconform. The conforming data rate is specified in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295.

  • Page 218: Police-Two-Rate

    set-prec-transmit <0-7> | set-dscp-transmit <0-63> | transmit} [violate-action {drop | set-prec-transmit <0-7> | set-dscp-transmit <0-63> | transmit}]} ▫ Mode Policy-Class-Map Config ▫ Restrictions - Only one style of police command (simple, singlerate, tworate) is allowed for a given class instance in a particular policy. ▫...

  • Page 219: Policy-Map Rename

    alphanumeric string from 1 to 31 characters uniquely identifying the policy. The type of policy is specific to either the inbound or outbound traffic direction as indicated by the {in | out} parameter. The policy type dictates which of the individual policy attribute commands are valid within the Note policy definition.

  • Page 220: Shape Bps-Average

    The last two parameters, namely sampling rate and decay exponent, are hierarchically Note specified in this command. That is, in order to provide a value for the decay exponent <0-16>, the user is required to also specify a sampling rate <0-1000000> for proper command interpretation. ▫...

  • Page 221: Service Commands

    9.6 Service Commands The 'service' command set is used in DiffServ to define: ▫ Traffic Conditioning Assign a DiffServ traffic conditioning policy (as specified by the policy commands) to an interface in the incoming direction ▫ Service Provisioning Assign a DiffServ service provisioning policy (as specified by the policy commands) to an interface in the outgoing direction The service commands attach a defined policy to a directional interface.

  • Page 222: Show Commands

    This command effectively disables DiffServ on an interface (in a particular direction). There is Note no separate interface administrative 'mode' command for DiffServ. ▫ Format no service-policy {in | out} <policymapname> ▫ Modes Global Config (for all system interfaces) Interface Config (for a specific interface) 9.7 Show Commands The 'show' command set is used in DiffServ to display configuration and status information for: Classes...

  • Page 223: Show Diffserv

    following fields are displayed: ▫ Class Name - The name of this class. (Note that the order in which classes are displayed is not necessarily the same order in which they were created.) ▫ Class Type - The class type (all, any, or acl) indicating how the match criteria are evaluated for this class.
  • Page 224 ▫ Format how policy-map [<policyname>] ▫ Mode Privileged EXEC If the Policy Name is specified the following fields are displayed: ▫ Policy Name - The name of this policy. ▫ Type - The policy type, namely whether it is an inbound or outbound policy definition. The following information is repeated for each class associated with this policy (only those policy attributes actually configured are displayed): ▫...

  • Page 225: Show Diffserv Service

    ▫ Non-Conform DSCP Value - This field displays the DSCP mark value if this action is markdscp. ▫ Non-Conform IP Precedence Value - This field displays the IP Precedence mark value if this action is markprec. ▫ Bandwidth - This field displays the minimum amount of bandwidth reserved in either percent or kilobits-per-second.

  • Page 226: Show Diffserv Service Brief

    ▫ DiffServ Admin Mode - The current setting of the DiffServ administrative mode. An attached policy is only in effect on an interface while DiffServ is in an enabled mode. ▫ Interface - The slot number and port number of the interface (slot/port). ▫...

  • Page 227: Show Service-Policy

    service interface in the specified direction for any reason due to DiffServ treatment. ▫ Interface Sent Octets/Packets - A cumulative count of the octets/packets forwarded by this service interface in the specified direction after the defined DiffServ treatment was applied. In this case, forwarding means the traffic stream was passed to the next functional element in the data path, such as the switching or routing function or an outbound link transmission element.

  • Page 228: Rate-Limiting Commands

    with an attached policy are shown): ▫ Interface - The slot number and port number of the interface (slot/port). ▫ Dir - The traffic direction of this interface service, either in or out. ▫ Operational Status - The current operational status of this DiffServ service interface. ▫...
  • Page 229 ▫ Mode Privileged EXEC and User EXEC...

  • Page 230: Cli Commands: Security

    10. CLI COMMANDS: SECURITY 10.1 Security Commands This section describes commands used for configuring security settings for login users and port users. 10.1.1 authentication login This command creates an authentication login list. The <listname> is up to 15 alphanumeric characters and is not case sensitive.

  • Page 231: Clear Dot1X Statistics

    10.1.2 clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. ▫ Format clear dot1x statistics {<slot/port> | all} ▫ Mode Privileged EXEC 10.1.3 clear radius statistics This command is used to clear all RADIUS statistics. ▫...

  • Page 232: No Dot1X Max-Req

    10.1.7.1 no dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant to the default value, i.e. ▫ Format no dot1x max-req ▫...

  • Page 233: Dot1X Re-Authenticate

    ▫ Mode Global Config 10.1.10 dot1x re-authenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. ▫...
  • Page 234 be a value in the range 1 - 65535. ▫ quiet-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must be a value in the range 0 - 65535.

  • Page 235: Radius Accounting Mode

    10.1.15 radius accounting mode This command is used to enable the RADIUS accounting function. ▫ Default Disabled ▫ Format radius accounting mode ▫ Mode Global Config 10.1.15.1 no radius accounting mode This command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting function is disabled.

  • Page 236: Radius Server Key

    ▫ Format no radius server host {auth | acct} <ipaddress> ▫ Mode Global Config 10.1.17 radius server key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret will be configured for the RADIUS authentication or RADIUS accounting server.

  • Page 237: Radius Server Timeout

    ▫ Format no radius server retransmit ▫ Mode Global Config 10.1.21 radius server timeout This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30. ▫...

  • Page 238: Show Authentication

    RADIUS accounting server. ▫ Responses - The number of RADIUS packets received on the accounting port from this server. ▫ Malformed Responses - The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses.
  • Page 239 <slot/port>}] ▫ Mode Privileged EXEC If none of the optional parameters are used, the global dot1x configuration summary is displayed. ▫ Administrative mode - Indicates whether authentication control on the switch is enabled or disabled. If the optional parameter 'summary {<slot/port> | all}' is used, the dot1x configuration for the specified port or all ports are displayed.
  • Page 240 will retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will be in the range of 1 and 10. ▫ Reauthentication Period - The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535.

  • Page 241: Show Dot1X Users

    10.1.26 show dot1x users This command displays 802.1x port security user information for locally configured users. ▫ Format show dot1x users <slot/port> ▫ Mode Privileged EXEC ▫ User - Users configured locally to have access to the specified port. 10.1.27 show radius This command is used to display the various RADIUS configuration items for the switch as well as the configured RADIUS servers.

  • Page 242: Show Users Authentication

    authentication server. ▫ Access Requests - The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. ▫ Access Retransmission - The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server. ▫ Access Accepts - The number of RADIUS Access-Accept packets, including both valid and invalid packets, which were received from this server.

  • Page 243: Users Login

    log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only. ▫ Format users defaultlogin <listname>...

  • Page 244: Show Ip Ssh

    10.2.3 show ip ssh This command displays the ssh settings. ▫ Format show ip ssh ▫ Mode Privileged EXEC ▫ Administrative Mode - This field indicates whether the administrative mode of SSH is enabled or disabled. ▫ Protocol Level - The protocol level may have the values of version 1, version 2 or both versions 1 and version 2.

  • Page 245: Ip Http Server

    ▫ Default Disabled ▫ Format ip http secure-server ▫ Mode Privileged EXEC 10.3.3.1 no ip http secure-server This command is used to disable the secure socket layer for secure HTTP. ▫ Format ip http secure-server ▫ Mode Privileged EXEC 10.3.4 ip http server This command enables access to the switch through the Web interface.

  • Page 246: Mac Lock Commands

    10.4 MAC Lock Commands 10.4.1 mac-lock This command adds the specified MAC address with <vlanid> to a specified interface. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN. ▫...

  • Page 247: Cli Commands: Switching

    11. CLI COMMANDS: SWITCHING 11.1 Spanning Tree Commands This section provides detailed explanation of the spanning tree commands. The commands are divided into two functional groups: ▫ Show commands display spanning tree settings, statistics, and other information. ▫ Configuration Commands configure features and options of the switch. For every configuration command there is a show command that displays the configuration setting.

  • Page 248: Show Spanning-Tree Interface

    ▫ Bridge Identifier ▫ Bridge Max Age - Configured value. ▫ Bridge Hello Time - Configured value. ▫ Bridge Forward Delay - Configured value. ▫ Bridge Hold Time - Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) 11.1.2 show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree.

  • Page 249: Show Spanning-Tree Mst Port Detailed

    ▫ Root Port Identifier - Port to access the Designated Root for this multiple spanning tree instance ▫ Associated FIDs - List of forwarding database identifiers associated with this instance. ▫ Associated VLANs - List of VLAN IDs associated with this instance. 11.1.4 show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance.

  • Page 250: Show Spanning-Tree Mst Port Summary

    ▫ Point To Point MAC Status - Derived value indicating if this port is part of a point to point link. ▫ CST Regional Root - The regional root identifier in use for this port. ▫ CST Port Cost - The configured path cost for this port. 11.1.5 show spanning-tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance.

  • Page 251: Show Spanning-Tree Vlan

    ▫ Configuration Name - Configured name. ▫ Configuration Revision Level - Configured value. ▫ Configuration Digest Key - Calculated value. ▫ Configuration Format Selector - Configured value. ▫ MST Instances - List of all multiple spanning tree instances configured on the switch 11.1.8 show spanning-tree vlan This command displays the association between a VLAN and a multiple spanning tree instance.

  • Page 252: Spanning-Tree Configuration Revision

    ▫ Format no spanning-tree configuration name ▫ Mode Global Config 11.1.11 spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535.

  • Page 253: Spanning-Tree Forward-Time

    11.1.13.1 no spanning-tree forceversion This command sets the Force Protocol Version parameter to the default value, i.e. 802.1s. ▫ Format no spanning-tree forceversion ▫ Mode Global Config 11.1.14 spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree.

  • Page 254: Spanning-Tree Mst

    ▫ Format spanning-tree max-age <6-40> ▫ Mode Global Config 11.1.16.1 no spanning-tree max-age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value, i.e. 20. ▫ Format no spanning-tree max-age ▫ Mode Global Config 11.1.17 spanning-tree mst...

  • Page 255: Spanning-Tree Mst Instance

    parameter, to the default value, i.e. 128. ▫ Format no spanning-tree mst <mstid> {cost | port-priority} ▫ Mode Interface Config 11.1.18 spanning-tree mst instance This command adds a multiple spanning tree instance to the switch. The instance <mstid> is a number within a range of 1 to 4094, that corresponds to the new instance ID to be added.

  • Page 256: Spanning-Tree Mst Vlan

    11.1.20 spanning-tree mst vlan This command adds an association between a multiple spanning tree instance and a VLAN. The VLAN will no longer be associated with the common and internal spanning tree. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.

  • Page 257: Switch Operation

    12. SWITCH OPERATION 12.1 Address Table The Switch is implemented with an address table. This address table composed of many entries. Each entry is used to store the address information of some node in network, including MAC address, port no, etc.

  • Page 258: Auto-Negotiation

    subsequently used to filter packets whose destination address is on the same segment as the source address. This confines network traffic to its respective domain and reduce the overall load on the network. The Switch performs "Store and forward" therefore, no error packets occur. More reliably, it reduces the re-transmission rate.

  • Page 259: Trouble Shooting

    13. TROUBLE SHOOTING This chapter contains information to help you solve problems. If the Ethernet Switch is not functioning properly, make sure the Ethernet Switch was set up according to instructions in this manual. The Link LED is not lit Solution: Check the cable connection and remove duplex mode of the Ethernet Switch Some stations cannot talk to other stations located on the other port...

  • Page 260: Appendex A

    APPENDEX A A.1 Switch's RJ-45 Pin Assignments 1000Mbps, 1000Base T Contact MDI-X BI_DA+ BI_DB+ BI_DA- BI_DB- BI_DB+ BI_DA+ BI_DC+ BI_DD+ BI_DC- BI_DD- BI_DB- BI_DA- BI_DD+ BI_DC+ BI_DD- BI_DC- Implicit implementation of the crossover function within a twisted-pair cable, or at a wiring panel, while not expressly forbidden, is beyond the scope of this standard.
  • Page 261 The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded. The following shows the pin allocation and color of straight cable and crossover cable connection: Straight Cable SIDE 1 SIDE2 1 = White / Orange 1 = White / Orange SIDE 1 2 = Orange...

Table of Contents