Page 5
8.1 System Information and Statistics Commands ..................143 8.1.1 show arp switch ..........................143 8.1.2 show eventlog ..........................143 8.1.3 show hardware ..........................144 8.1.4 show interface..........................144 8.1.5 show interface ethernet ........................145 8.1.6 show logging ............................ 151 8.1.7 show mac-addr-table ........................152 8.1.8 show msglog ............................
Page 6
8.5.17 show snmpcommunity ........................161 8.5.18 show snmptrap ..........................161 8.5.19 show trapflags..........................162 8.5.20 snmp-server community ........................ 162 8.5.21 snmp-server community ipaddr...................... 163 8.5.22 snmp-server community ipmask ....................163 8.5.23 snmp-server community mode ...................... 164 8.5.24 snmp-server community ro ......................164 8.5.25 snmp-server community rw......................
Page 7
8.6.22 set garp timer join .......................... 174 8.6.23 set garp timer join all........................175 8.6.24 set garp timer leave ........................175 8.6.25 set garp timer leave all........................175 8.6.26 set garp timer leaveall........................176 8.6.27 set garp timer leaveall all ....................... 176 8.6.28 set gmrp adminmode ........................
The section contains specifications of the Switch. Appendex A The section contains cable information of the Switch. In the following section, terms "SWITCH" with upper case denotes the WGSW-24000 Ethernet security switch. Terms with lower case "switch" means other Ethernet switch devices. 1.3 Product Feature ▫...
Supports inclusive and exclusive filtering to enable a switch application to filter and classify packets based on certain protocol fields in the packet. ▫ Supports mirroring to monitor the incoming or outgoing traffic on a particular port. 1.4 Product Specification WGSW-24000 Model Hardware Specification 24-Port 10/100/1000Base-T RJ-45 ports Network Ports...
Page 15
0 ~ 50 , Operating Temperature -40 ~70 , Storage Temperature 5% to 90%, relative humidity, non-condensing Operating Humidity 5% to 90%, relative humidity, non-condensing Storage Humidity Standards Conformance FCC Part 15 Class A, CE Regulation Compliance IEEE 802.3 10Base-T Standard Compliance IEEE 802.3u 100Base-TX/100Base-FX IEEE 802.3ab 1000Base-T...
Simple Network Management Protocol (SNMP) and can be managed via any standard-based management software. For text-based management, the WGSW-24000 can also be accessed via Telnet and the console port. For secure remote management, the WGSW-24000 support SSL and SSH connection which encrypt the packet content at each session.
Figure 2-2 shows the rear panel of the switch 100 ~ 240V AC 50 / 60 Hz Figure 2-2 WGSW-24000 rear panel. Power Notice: The device is a power-required device, it means, it will not work till it is powered. If your networks should active all the time, please consider using UPS (Uninterrupted Power Supply) for your device.
2.2 Install the Switch This section describes how to install the Ethernet Switch and make connections to it. Please read the following topics and perform the procedures in the order being presented. 2.2.1 Desktop Installation To install the Switch on desktop or shelf, please follows these steps: Step1: Attach the rubber feet to the recessed areas on the bottom of the switch.
Page 19
Caution: You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws would invalidate the warranty. Step3: Secure the brackets tightly. Step4: Follow the same steps to attach the second bracket to the opposite side. Step5: After the brackets are attached to the Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-6 Figure 2-6 Mounting the Switch in a Rack...
3. CONFIGURATION This chapter explains the methods that you can use to configure management access to the switch. It describes the types of management applications and the communication and management protocols that deliver data between your management device (work-station or personal computer) and the system. It also contains information about port connection options.
Method Advantages Disadvantages ‧No IP address or subnet needed ‧Must be near switch or use dial-up Console connection ‧Text-based ‧Telnet functionality and HyperTerminal ‧Not convenient for remote users ‧Modem connection may prove to be built into Windows 95/98/NT/2000/ME/XP operating systems unreliable or slow ‧Secure ‧Ideal for configuring the switch remotely...
3.1.2 Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal-emulation program (such as HyperTerminal) to the switch console (serial) port. When using this management method, a null-modem cable is required to connect the switch to the PC. After making this connection, configure the terminal-emulation program to use the following parameters: The default parameters are: ▫...
3.4 Protocols The switch supports the following protocols: ▫ Virtual terminal protocols, such as Telnet ▫ Simple Network Management Protocol (SNMP) 3.4.1 Virtual Terminal Protocols A virtual terminal protocol is a software program, such as Telnet, that allows you to establish a management session from a Macintosh, a PC, or a UNIX workstation.
4. Web Configuration The WGSW-24000 can be configured through an Ethernet connection, make sure the manager PC must be set on same the IP subnet address with the switch. For example, if you have changed the default IP address of the Switch to 192.168.16.234 with subnet mask 255.255.255.0 via console, then the manager PC should be set at 192.168.16.x (where x is a number between 2 and 254) with subnet mask...
Figure 4-2 main menu screen 4.2 Configure System The System section provides information for configuring system parameters. Under system the following topics are provided to configure and view the system information: ARP Cache Inventory Information System Loading Configuration Forward Database Logs Port SNMP...
As shows in figure 4-3: Figure 4-3 ARP Cache 4.2.2 Inventory Information Use this panel to display the switch's Vital Product Data, stored in non-volatile memory at the factory. The page includes the following fields: System Description - The product name of this switch. Machine Type - The machine type of this switch.
Figure 4-4 Inventory Information 4.2.3 System Loading This page shows the system loading information, including the following fields: CPU Utilization – The CPU usage percentage Memory Utilization – The total Memory size and the usage information Figure 4-5 System Loading...
4.2.4 Configuration Use this page to configure the parameters for system management, including the following fields: System Description Switch Network Connectivity Remote Session Serial Port User Account Authentication List Configuration Login Session Authentication List Summary User Login Single IP Management Single IP Mgmt Swap Control 4.2.4.1 System Description This page shows the basic system information and is available to define the system name, location and...
Page 29
Figure 4-6 System Description 4.2.4.2 Switch Configuration This page includes the following fields: Broadcast Storm Recovery Mode - Enable or disable this option by selecting the corresponding line on the pull-down entry field. The factory default is disabled. IEEE 802.3x Flow Control Mode - Enable or disable this option by selecting the corresponding line on the pull-down entry field.
Page 30
4.2.4.3 Network Connectivity The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed. To access the switch over a network you must first configure it with IP information (IP address, subnet mask, and default gateway).
Page 31
factory default is enabled. Java Mode - Enable or disable the java applet that displays a picture of the switch at the top right of the screen. If you run the applet you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree at the left side of the screen.
Page 32
Figure 4-9 Remote Session 4.2.4.5 Serial Port Use this page to define the parameters of console connectivity. The configurable data are: Serial Port Login Timeout (minutes) - Specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection. Enter a number between 0 and 160: the factory default is 5.
Page 33
Figure 4-10 Serial Port Configuration 4.2.4.6 User Accounts By default, two user accounts exist: admin, with 'Read/Write' privileges guest, with 'Read Only' privileges By default, both of these accounts have blank passwords. The names are not case sensitive. If you logon with a user account with 'Read/Write' privileges (i.e. as admin) you can use the User Accounts screen to assign passwords and set security parameters for the default accounts, and to add and delete accounts (other than admin) up to the maximum of six.
Page 34
Confirm Password - Enter the password again, to confirm that you entered it correctly. This field will not display, but will show asterisks (*) Authentication Protocol - Specify the SNMPv3 Authentication Protocol setting for the selected user account. The valid Authentication Protocols are None, MD5 or SHA. If you select None, the user will be unable to access the SNMP data from an SNMP browser.
Page 35
4.2.4.7 Authentication List Configuration Use this screen to configure login lists. A login list specifies the authentication method(s) you want used to validate switch or port access for the users associated with the list. The pre-configured users, admin and guest, are assigned to a pre-configured list named defaultList, which you may not delete. All newly created users are also assigned to the defaultList until you specifically assign them to a different list Selection Criteria Authentication List - Select the authentication login list you want to configure.
Page 36
Figure 4-12 Authentication List Configuration – Create User Figure 4-13 Authentication List Configuration – DefaultList 4.2.4.8 Login Session This page shows the information of login session, including: ID - Identifies the ID of this row. User Name - Shows the user name of user made the session. Connection From - Shows the user is connected from which machine.
Page 37
Figure 4-14 Login Sessions 4.2.4.9 Authentication List Summary This page lists the authenticate user, the information fields include: Authentication List - Identifies the authentication login list summarized in this row. Method List - The ordered list of methods configured for this login list. Login Users - The users you assigned to this login list on the User Login Configuration screen.
Page 38
Figure 4-15 Authentication List Summary 4.2.4.10 User Login Each configured user is assigned to a login list that specifies how the user should be authenticated when attempting to access the switch or a port on the switch. After creating a new user account on the User Account screen, you should assign that user to a login list for the switch using this screen and, if necessary, to a login list for the ports using the Port Access Control User Login Configuration screen.
Page 39
Figure 4-10 User Login Configuration 4.2.4.11 Simple IP Management Use this page to configure the stacking WGSW-24000/WGSW-2620 in a single IP Address. Single Ip Management - Enable or disable this option by selecting the corresponding line on the pull-down entry field. The factory default is disabled.
Page 40
Figure 4-11 Single ip Management 4.2.4.12 Single Ip Mgmt Swap Control Use this page to swap the Master switch to control to. Swap Master Switch To - The switch Id which you are going to swap to control it. Figure 4-12 Single Ip Management Swap Control...
4.2.5 Forwarding Database 4.2.5.1 Configuration Use this panel to set the Address Ageing Timeout for the forwarding database. Address Ageing Timeout (seconds) - The forwarding database contains static entries, which are never aged out, and dynamically learned entries, which are removed if they are not updated within a given time.
Figure 4-14 Forwarding Database Search 4.2.6 Logs 4.2.6.1 Message Log Use this panel to display the message log maintained by the switch. The message log contains system trace information that records non-critical problems. Message log information is not retained across a switch reset and wraps after 512 entries.
Figure 4-15 Message Log 4.2.7 Port 4.2.7.1 Configuration Use this page to configure the parameters of the distinct port. Selection Criteria Slot.Port - Selects the interface for which data is to be displayed or configured. Configurable Data STP Mode - The Select the Spanning Tree Protocol Administrative Mode for the port or LAG. The possible values are: Enable - select this to enable the Spanning Tree Protocol for this port.
Page 44
applied to all applicable interfaces only. Link Trap - This object determines whether or not to send a trap when link status changes. The factory default is enabled. Maximum Frame Size - The maximum Ethernet frame size the interface supports or is configured, including Ethernet header, CRC, and payload.
Page 45
Slot.Port - Identifies the port Port Type - For normal ports this field will be blank. Otherwise the possible values are: Mon - this port is a monitoring port. Look at the Port Monitoring screens for more information. LAG - the port is a member of a Link Aggregation trunk. Look at the LAG screens for more information.
Page 46
Figure 4-17 Port Summary 4.2.7.3 Port Mirroring Use this page to configure the port mirror function. Port Mirroring Mode - Selects the Port Mirroring Mode. May be enabled or disabled by selecting the corresponding line on the pull-down entry field. The factory default is disabled. Probe Port - The interface selected as the Probe.
Figure 4-18 Port Mirroring 4.2.8 SNMP 4.2.8.1 Community Configuration By default, two SNMP Communities exist: private, with 'Read/Write' privileges and status set to enable public, with 'Read Only' privileges and status set to enable These are well-known communities; you can use this menu to change the defaults or to add other communities.
Page 48
whose IP address is 192.168.1.0 through 192.168.1.255 (inclusive) will be allowed access. To allow access from only one station, use a Client IP Mask value of 255.255.255.255, and use that machine's IP address for Client IP Address. Client IP Mask - Taken together, the Client IP Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device.
Page 49
between 0 and 255 separated by periods. Status - Select the receiver's status from the pulldown menu: Enable - send traps to the receiver Disable - do not send traps to the receiver. Figure 4-20 SNMP Trap Receiver 4.2.8.3 Supported MIBS This is a list of all the MIBs supported by the switch.
Figure 4-21 SNMP Supported MIBs 4.2.9 Statistics 4.2.9.1 Switch Detail This page shows the detail information of the switch, including the following data: ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this switch. Octets Received - The total number of octets of data received by the processor (excluding framing bits but including FCS octets).
Page 51
Table entries that have been learned by this switch since the most recent reboot. Address Entries in Use - The number of Learned and static entries in the Forwarding Database Address Table for this switch. Maximum VLAN Entries - The maximum number of Virtual LANs (VLANs) allowed on this switch.
Page 52
interface. Broadcast Packets Transmitted - The total number of packets that higher-level protocols requested to be transmitted to the Broadcast address, including those that were discarded or not sent. Transmit Packet Errors - The number of outbound packets that could not be transmitted because of errors.
Page 53
framing bits but including FCS octets). Packets RX and TX 128-255 Octets - The total number of packets (including bad packets) received or transmitted that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 256-511 Octets - The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
Page 54
directed to a multicast address. Note that this number does not include packets directed to the broadcast address. Broadcast Packets Received - The total number of good packets received that were directed to the broadcast address. Note that this does not include multicast packets. Total Packets Received with MAC Errors - The total number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
Page 55
CFI Discards - The number of frames discarded that have CFI bit set and the addresses in RIF are in non-canonical format. Upstream Threshold - The number of frames discarded due to lack of cell descriptors available for that packet's priority level. Total Packets Transmitted (Octets) - The total number of octets of data (including those in bad packets) transmitted on the network (excluding framing bits but including FCS octets).
Page 56
Underrun Errors - The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission. Total Transmit Packets Discarded - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. Single Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
Page 57
Figure 4-24 Port Detailed Statistic 4.2.9.4 Port Summary Selection Criteria Slot.Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter.
Figure 4-25 Port Summary Statistics 4.2.10 System Utilities 4.2.10.1 Save All Applied Changes Saving all applied changes will cause all changes to configuration panels that were applied, but not saved, to be saved, thus retaining their new values across a system reboot. Figure 4-26 Save All Applied Changes...
Page 59
4.2.10.2 System Reset Reboot the switch. Any configuration changes you have made since the last time you issued a save will be lost. You will be shown a confirmation screen after you select the button. Figure 4-27 System Reset 4.2.10.3 Reset Configuration to Default Have all configuration parameters reset to their factory default values.
Page 60
4.2.10.4 Reset Password to Default Reset all of the system login passwords to their default values. If you want the switch to retain the new values across a power cycle, you must perform a save. Figure 4-29 Reset Password to Default 4.2.10.5 Download File To Switch Use this menu to download a file to the switch.
Page 61
The factory default is code. Note that to download SSH key files SSH must be administratively disabled and there can be no active SSH sessions. TFTP Server IP Address - Enter the IP address of the TFTP server. The factory default is 0.0.0.0.
Page 62
Start File Transfer - To initiate the upload you need to check this box and then select the submit button. Figure 4-31 Upload File from Switch 4.2.10.7 Ping Use this screen to tell the switch to send a Ping request to a specified IP address. You can use this to check whether the switch can communicate with a particular IP station.
Figure 4-32 Ping 4.2.11 Trap Management 4.2.11.1 Trap Flags Use this menu to specify which traps you want to enable. When the condition identified by an active trap is encountered by the switch a trap message will be sent to any enabled SNMP Trap Receivers, and a message will be written to the trap log.
Page 64
Figure 4-33 Trap Flags 4.2.11.2 Trap Log This screen lists the entries in the trap log. The information can be retrieved as a file by using System Utilities, Upload File from Switch. Non-Configurable Data Number of Traps since last reset - The number of traps that have occurred since the last time the switch was reset.
Figure 4-34 Trap Log 4.3 Switching This page provides all system operation for configuring VLAN, Port-based VLAN, Spanning Tree, Port Aggregation, and Multicast Support. The Switch page contains links to the following topics: VLAN Protocol-based VLAN Filters GARP IGMP Snooping Port Channel Multicast Forwarding Database Spanning Tree...
Page 66
field when you are creating a new VLAN.) The range of the VLAN ID is (1 to 4093). VLAN Name - Use this optional field to specify a name for the VLAN. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of 'Default'.
Page 67
4.3.1.2 VLAN Status This page displays the status of all currently configured VLANs. VLAN ID - The VLAN Identifier (VID) of the VLAN. The range of the VLAN ID is (1 to 4093) . VLAN Name - The name of the VLAN. VLAN ID 1 is always named `Default`. VLAN Type - The VLAN type: Default ( VLAN ID = 1) -- always present Static -- a VLAN you have configured...
Page 68
Ingress Filtering on the pulldown menu, a tagged frame will be discarded if this port is not a member of the VLAN identified by the VLAN ID in the tag. If you select disable from the pulldown menu, all tagged frames will be accepted. The factory default is disable. Port Priority - Specify the default 802.1p priority assigned to untagged packets arriving at the port.
Page 69
Figure 4-38 VLAN Port Summary 4.3.1.5 VLAN Reset Configuration If you select this button and confirm your selection on the next screen, all VLAN configuration parameters will be reset to their factory default values. Also, all VLANs, except for the default VLAN, will be deleted. The factory default values are: All ports are assigned to the default VLAN of 1.
Figure 4-39 Reset VLAN Configuration 4.3.2 Protocol-based VLAN 4.3.2.1 Configuration You can use a protocol-based VLAN to define filtering criteria for untagged packets. By default, if you do not configure any port- (IEEE 802.1Q) or protocol-based VLANs, untagged packets will be assigned to VLAN 1.
Page 71
Protocol(s) - Select the protocols you want to be associated with the group. There are three configurable protocols: IP, IPX, ARP. Hold down the control key to select more than one protocol. IP - IP is a network layer protocol that provides a connectionless service for the delivery of data.
IP - IP is a network layer protocol that provides a connectionless service for the delivery of data. ARP - Address Resolution Protocol (ARP) is a low-level protocol that dynamically maps network layer addresses to physical medium access control (MAC) addresses IPX - The Internetwork Packet Exchange (IPX) is a connectionless datagram Network-layer protocol that forwards data over a network.
Page 73
FF:FF:FF:FF:FF:FF VLAN ID - The VLAN ID used with the MAC address to fully identify packets you want filtered. You can only change this field when you have selected the "Create Filter" option. Source Port Members - List the ports you want included in the inbound filter. If a packet with the MAC address and VLAN ID you selected is received on a port that is not in the list, it will be dropped.
Figure 4-43 MAC Filter Summary 4.3.4 GARP 4.3.4.1 GARP Status This screen shows the GARP Status for the switch and for the individual ports. Note that the timers are only relevant when the status for a port shows as enabled. Switch GVRP - Indicates whether the GARP VLAN Registration Protocol administrative mode for this switch is enabled or disabled.
Page 75
each port. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds). Leave All Time (centiseconds) -This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered.
Page 76
Figure 4-45 GARP Switch Configuration 4.3.4.3 GARP Port Configuration Use this page to configure the GVRP/GMRP mode and GARP Timers on the ports. Note that it can take up to 10 seconds for GARP configuration changes to take effect. Slot.Port - Select the physical interface for which data is to be displayed or configured. It is possible to set the parameters for all ports by selecting 'All'.
each GARP participant for each port. Leave All Time (centiseconds) - The Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime.
Page 78
in seconds. The default is 10 seconds. The configured value must be less than the Group Membership Interval. Multicast Router Present Expiration Time - Specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached.
Figure 4-48 IGMP Snooping Interface Configuration 4.3.6 Port Channel 4.3.6.1 LAG Configuration Use this page to configure the link aggregation for gathering bandwidth. Selection Criteria Port Channel Name – You can use this screen to reconfigure an existing Port Channel, or to create a new one.
Page 80
Port Channel. Non-Configurable Data Slot.Port - Slot.Port identification of the Port Channel being configured. This field will not appear when a new Port Channel is being created. Link Status - Indicates whether the Link is up or down. Port Channel Members - List of members of the Port Channel in slot.port form. Membership Conflicts - Shows ports that are already members of other Port Channels.
Active Ports - A listing of the ports that are actively participating members of this Port Channel, in slot.port notation. There can be a maximum of 8 ports assigned to a Port Channel. Figure 4-50 LAG Status 4.3.7 Multicast Forwarding Database 4.3.7.1 MFDB Table The Multicast Forwarding Database holds the port membership information for all active multicast address entries.
Page 82
end user. Dynamic entries are added to the table as a result of a learning process or protocol. Component - This is the component that is responsible for this entry in the Multicast Forwarding Database. Possible values are IGMP Snooping, GMRP, and Static Filtering. Description - The text description of this multicast table entry.
Page 83
Figure 4-52 MFDB GMRP Table 4.3.7.3 IGPM Snooping Table MAC Address - A VLAN ID - multicast MAC address pair for which the switch has forwarding and or filtering information. The format is 8 two-digit hexadecimal numbers that are separated by colons, for example 00:01:23:45:67:89:AB:CD. Type - This displays the type of the entry.
Page 84
Figure 4-53 MFDB IGMP Snooping Table 4.3.7.4 Multicast Forwarding Database Statistics MAC Address - A VLAN ID - multicast MAC address pair for which the switch has forwarding and or filtering information. The format is 8 two-digit hexadecimal numbers that are separated by colons, for example 00:01:23:45:67:89:AB:CD.
Figure 4-54 Multicast Forwarding Database Statistics 4.3.8 Spanning Tree 4.3.8.1 Spanning Tree Switch Configuration/Status This page is to enable/disable the Spanning Tree protocol. The switch support IEEE 802.1d Spanning Tree (STP), IEEE 802.1w Rapid Spanning Tree (RSTP) and IEEE 802.1S Multiple Spanning Tree (MSTP).
Page 86
each of them. Figure 4-55 Spanning Tree Switch Configuration/Status 4.3.8.2 Spanning Tree CST Configuration/Status Configurable Data Bridge Priority - Specifies the bridge priority for the Common and Internal Spanning tree (CST). The value lies between 0 and 61440. It is set in multiples of 4096. For example if the priority is attempted to be set to any value between 0 and 4095, it will be set to 0.
Page 87
Topology change count - Number of times topology has changed for the CST. Time since topology change - The time in seconds since the topology of the Topology change - The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance.
Page 88
and 4095, it will be set to 0. If it is tried to be set to any value between 4096 and (2*4096-1) it will be set to 4096 and so on. VLAN ID - This gives a list box of all VLANs on the switch. The VLANs associated with the MST instance which is selected are highlighted on the list.
Page 89
Configurable Data Port Priority - The priority for a particular port within the CST. The port priority is set in multiples of 16. For example if the priority is attempted to be set to any value between 0 and 15, it will be set to 0. If it is tried to be set to any value between 16 and (2*16-1) it will be set to 16 and so on.
Page 90
bridge priority and the base MAC address of the bridge. CST Path Cost - Path Cost to the CST Regional Root. Figure 4-58 Spanning Tree CST Port Configuration/Status 4.3.8.5 Spanning Tree MST Port Configuration/Status Selection Criteria MST ID - Selects one MST instance from existing MST instances. Slot.Port - Selects one of the physical or lag interfaces associated with VLANs associated with the selected MST instance.
Page 91
The possible values are Enable or Disable. Port Forwarding State - The Forwarding State of this port. Port Role - Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree. The port role will be one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port or Disabled Port.
Figure 4-60 Spanning Tree Statistics 4.3.9 Class of Service 4.3.9.1 802.1p Priority Mapping This page is to configure the IEEE 802.1p priority mapping on the port. Slot.Port - Select the physical interface for which you want to display or configure data. Select 'All' to set the parameters for all ports to the same values.
4.4 Security This section is to control the access of the switch, includes the user access and management control. The Security page contains links to the following topics: Port Access Control RADIUS MAC LOCK Secure HTTP Secure Shell 4.4.1 Port Access Control 4.4.1.1 Port Access Control Configuration This page is to Enable/Disable the port access control administrative mode.
Page 94
force authorized: The authenticator PAE unconditionally sets the controlled port to authorized. auto: The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator, and the authentication server. Quiet Period - This input field allows the user to configure the quiet period for the selected port.
Page 95
reauthentication of the supplicant takes place. The reauthentication period must be a value in the range of 1 and 65535. The default value is 3600. Changing the value will not change the configuration until the Submit button is pressed. Reauthentication Enabled - This select field allows the user to enable or disable reauthentication of the supplicant for the specified port.
Page 96
Figure 4-63 Port Access Control Port Configuration 4.4.1.4 Port Access Control Port Summary This page shows the summary of the port access control configuration parameters. Port - Specifies the port whose settings are displayed in the current table row. Control Mode - This field indicates the configured control mode for the port. Possible values are: Force Unauthorized: The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized...
Page 97
Figure 4-64 Port Access Control Port Summary 4.4.1.5 Port Access Control Statistics This page shows the statistics of access control on each port. Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port.
Page 98
EAP Request Frames Transmitted - This displays the number of EAP request frames (other than request/identity frames) that have been transmitted by this authenticator. Invalid EAPOL Frames Transmitted - This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. EAP Length Error Frames Received - This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized.
Page 99
Figure 4-66 Port Access Control User Login Configuration 4.4.1.7 Port Access Privileges Use this page to define the user access privilege on the port. Port - Selects the port to configure. Users - Selects the users that have access to the specified port or ports. Submit - Send the updated screen to the switch and cause the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
4.4.1.8 Port Access Summary This page is to show the configured access control on each port. Port - Displays the port in slot.port format. Users - Displays the users that have access to the port. Figure 4-68 Port Access Summary 4.4.2 RADIUS 4.4.2.1 RADIUS Configuration This page is to configure the RADIUS server connection session parameters.
Page 101
configured, the max retransmit value on each will be exhausted before the next server is attempted. A retransmit will not occur until the configured timeout value on that server has passed without a response from the RADIUS server. Therefore, the maximum delay in receiving a response from the RADIUS application equals the sum of (retransmit times timeout) for all configured servers.
Page 102
Message Authenticator - Enable or disable the message authenticator attribute for the selected server. Current - Indicates if this server is currently in use as the authentication server. Secret Configured - Indicates if the shared secret for this server has been configured. Command Buttons Submit - Send the updated screen to the switch and cause the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is...
Page 103
Access Accepts - The number of RADIUS Access-Accept packets, including both valid and invalid packets that were received from this server. Access Rejects - The number of RADIUS Access-Reject packets, including both valid and invalid packets that were received from this server. Access Challenges - The number of RADIUS Access-Challenge packets, including both valid and invalid packets that were received from this server.
Page 104
configured. IP Address - The IP address of the accounting server to add. This field is only configurable if the add item is selected. Port - Specifies the UDP Port to be used by the accounting server. The valid range is 0 - 65535.
Page 105
Round Trip Time (secs) - Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server. Accounting Requests - Displays the number of RADIUS Accounting-Request packets sent not including retransmissions.
4.4.2.6 RADIUS Clear Statistics This will clear the accounting server, authentication server and RADIUS statistics. Figure 4-74 RADIUS Clear Statistics 4.4.3 MAC Lock 4.4.3.1 MAC Lock Configuration This page is to lock the access on the port by MAC address. Slot.Port - Selects the interface for which data is to be displayed or configured.
Page 107
Figure 4-75 MAC Lock Configuration 4.4.3.2 MAC Lock Summary This page shows the configuration summary of MAC address access lock. Slot.Port - Selects the interface for which data is to be displayed or configured. VLAN ID - Enter the ID of the VLAN to which the Traffic Class will be applied. Enter a number between 1 and 4094.
4.4.4 Secure HTTP 4.4.4.1 Secure HTTP Configuration This page is to configuration the secure HTTP connection parameters. Admin Mode - This select field is used to Enable or Disable the Administrative Mode of Secure HTTP. The currently configured value is shown when the web page is displayed. The default value is Disable.
4.4.5 Secure Shell 4.4.5.1 Secure Shell Configuration Admin Mode - This select field is used to Enable or Disable the Aministrative Mode of SSH. The currently configured value is shown when the web page is displayed. The default value is Disable. SSH Version 1 - This select field is used to Enable or Disable Protocol Level 1 for SSH.
4.5 QoS 4.5.1 IP Access Control List An ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match.
Page 111
Figure 4-79 ACL Configuration 4.5.1.2 ACL Summary This page shows the configuration summary of access control list. ACL ID - The ACL identifier. Rules - The number of rules currently configured for the ACL. Slot.Port(s) - The interfaces to which the ACL applies. Direction - The direction of packet traffic affected by the ACL.
Page 112
4.5.1.3 ACL Rule Configuration Use these screens to configure the rules for the Access Control Lists created using the Access Control List Configuration screen. What is shown on this screen varies depending on the current step in the rule configuration process. An ACL must first be selected to configure rules for. The rule identification, and the 'Action' and 'Match Every' parameters must be specified next.
Page 113
Source IP Address value. Source L4 Port Keyword - Specify a packet's source layer 4 port as a match condition for the selected ACL rule. This is an optional configuration. The possible values are DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range.
IP header. The TOS Bits value is a hexadecimal number from 00 to FF. The TOS Mask value is a hexadecimal number from 00 to FF. The TOS Mask denotes the bit positions in the TOS Bits value that are used for comparison against the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use a TOS Bits value of 0xA0 and a TOS Mask of 0xFF.
Page 115
activated. Non-Configurable Data Class table - Displays the number of configured DiffServ classes out of the total allowed on the switch. Class Rule table - Displays the number of configured class rules out of the total allowed on the switch. Policy table - Displays the number of configured policies out of the total allowed on the switch.
Page 116
be selected. Possible options are 'all', 'any', or 'acl'. If 'acl' is (supported and) selected, then an access list (ACL) number is required which is an integer specifying an existing ACL. Only when a new class is created, this field is a selector field. After class creation this becomes a non-configurable field displaying the configured class type.
Page 117
Figure 4-83 Diffserv Class Configuration 4.5.2.3 Diffserv Class Summary This page shows the configuration summary of the Diffserv. Class Name - Displays names of the configured DiffServ classes. Class Type - Displays types of the configured classes as 'all', 'any', or 'acl'. Class types are platform dependent.
Page 118
4.5.2.4 Diff Policy Configuration This page is to configure the member class of the Diffserv policy. Selection Criteria Policy Selector - Along with an option to create a new policy, this lists all the existing DiffServ policy names, from which one can be selected. The content of this screen varies based on the selection of this field.
Page 119
Figure 4-85 DiffServ Policy Configuration 4.5.2.5 DiffServ Policy Summary This page shows the summary configuration of the DiffServ Policy. Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as 'In' or 'Out'. Member Classes - Displays name of each class instance within the policy.
Page 120
4.5.2.6 Policy Class Definition Policy Selector - This lists all the existing DiffServ policy names, from which one can be selected. Member Class List - This lists all existing DiffServ classes currently defined as members of the specified Policy, from which one can be selected. This list is automatically updated as a new class is added to or removed from the policy.
Page 121
Figure 4-88 DiffServ Policy Attribute Summary 4.5.2.8 DiffServ Service Configuration Use this page to define the DiffServ policy on each port. Slot.Port - Select the Slot.Port that uniquely specifies an interface. This is a list of all valid slot number and port number combinations in the system. For Read/Write users where 'All' appears in the list, select it to specify all interfaces.
Page 122
Figure 4-89 DiffServ Service Configuration 4.5.2.9 DiffServ Service Summary This page shows the configuration summary of DiffServ service. Slot.Port - Shows the Slot.Port that uniquely specifies an interface. Direction - Shows the traffic direction of this service interface, either In or Out. Operational Status - Shows the operational status of this service interface, either Up or Down.
Page 123
4.5.2.10 DiffServ Service Statistics This screen displays service-level statistical information in tabular form for all interfaces in the system to which a DiffServ policy has been attached in the inbound and/or outbound traffic directions. Use the 'Counter Mode Selector' to specify the counter display mode as either octets or packets (the default). Selection Criteria Counter Mode Selector - Specifies the format of the displayed counter values, which must be either Octets or Packets.
Page 124
4.5.2.11 DiffServ Service Detailed Statistics This screen displays class-oriented statistical information for the policy, which is specified by the interface and direction. The 'Member Classes' drop down list is populated on the basis of the specified interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy-class instance for the specified interface and direction.
Figure 4-92 DiffServ Service Detailed Statistics 4.5.3 Rate Limiting 4.5.3.1 Rate Limiting Configuration This page is to control the transmit rate on each port. Slot.Port - Selects the interface for which data is to be displayed or configured. Ingress Bandwidth - The value of inbound traffic limitation in megabit-per-second (Mbps). The Granularity of bandwidth for the 10/100 interface is 1 Mbps and for the gigabit interface is 8 Mbps.
Page 126
Figure 4-93 Rate Limiting Configuration 4.5.3.2 Rate Limiting Summary This page shows the configuration summary of rate control on each port. Slot.Port - The Slot.Port designation for an interface for which you have configured the bandwidth limitation. Ingress Bandwidth - The value of inbound traffic limitation in megabit-per-second (Mbps). The Granularity of bandwidth for the 10/100 interface is 1 Mbps and for the gigabit interface is 8 Mbps.
5. COMMAND STRUCTURE The Command Line Interface (CLI) syntax, conventions and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. 5.1 Format Commands are followed by values, parameters, or both. Example 1 network parms <ipaddr> <netmask> [<gateway>] ▫...
default for all IP parameters consists of zeros (that is, 0.0.0.1). The interface IP address of 0.0.0.0 is invalid. In some cases, the IP address can also be entered as a 32-bit number. macaddr The MAC address format is six hexadecimal numbers separated by colons, for example 00:06:29:32:81:40.
Page 130
as a comment line and ignored by the parser. Some examples are provided below: ! Script file for displaying the ip interface ! Display information about interfaces show ip interface 0/1 !Displays the information about the first interface ! Display information about the next interface show ip interface 0/2 ! End of the script file...
6. QUICK START UP The CLI Quick Start up details procedures to quickly become acquainted with the software. 6.1 Quick Starting the Switch Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access to the software locally or from a remote workstation. The device must be configured with IP information (IP address, subnet mask, and default gateway).
Page 132
(in Privileged EXEC) slot/port Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port speed and duplex mode Link Status - Indicates whether the link is up or down Link Trap - Determines whether or not to send a trap when link status changes...
Page 133
Privileged EXEC) Table 5-3 Quick Start up Account Management Quick Start up IP Address To view the network parameters the operator can access the device by the following three methods. ▫ Simple Network Management Protocol - SNMP ▫ Telnet ▫ Web Browser Helpful Hint: The user should do a “copy system:running-config nvram:startup-config”...
Page 134
IP Address range from 0.0.0.0 to 255.255.255.255 Subnet Mask range from 0.0.0.0 to 255.255.255.255 Gateway Address range from 0.0.0.0 to 255.255.255.255 Table 5-4 Quick Start up IP Address Quick Start up Uploading from Switch to Out-of-Band PC (Only XMODEM) Command Details The types are: copy {...
Page 135
or a configuration file (nvram:startup-config). {nvram:startup-config | The URL must be specified as: system: image} tftp://ipAddr/filepath/fileName. The nvram:startup-config option downloads the configuration file using tftp and system:image option downloads the code file. Table 5-6 Quick Start up Downloading from TFTP Server Quick Start up Factory Defaults Command Details...
7. MODE-BASED CLI The CLI groups all the commands in appropriate modes according to the nature of the command. A sample of the CLI command modes are described below. Each of the command modes supports specific software commands. ▫ User Exec Mode ▫...
user exec mode. Interface Config From the Global (Switching) (Interface-"if To exit to the Global Mode Configuration mode, number")# Config mode enter enter the interface exit. To return to user <slot/port> command EXEC mode enter ctrl-Z. Line Config Mode From the Global (Switching) (line) # To exit to the Global Configuration mode,...
Root The User Exec commands are also accessible in the Privileged Exec mode User Exec Enable Password Return to Exec Correct? Prompt Privileged Exec VLAN Global Config Interface Class Map Policy Map Line Config Config Policy Class Figure 7-1 Mode-Based CLI Accessing to all commands in the Privileged Exec mode and below is restricted through a password.
Page 139
contains a limited set of commands. The command prompt shown at this level is: Command Prompt: (Switching) > Privileged Exec Mode To have access to the full suite of commands, the operator must enter the Privileged Exec mode. The Privileged Exec mode requires password authentication. From Privileged Exec mode, the operator can issue any Exec command, enter the VLAN mode or enter the Global Configuration mode.
prompt at this level is: Command Prompt: (Switching) (Line) # Policy Map Mode Use the policy-map <policy-name>command to access the QoS policy map configuration mode to configure the QoS policy map. (Switching) (Config)# policy-map <policy-name> Command Prompt: (Switching) (Config policy-map) # Policy Class Mode Use the class <class-name>...
After all the mandatory parameters are entered, any additional parameters entered are treated as optional parameters. If any of the parameters are not recognized a syntax error message will be displayed. After the command is successfully parsed and validated, the control of execution goes to the corresponding CLI callback function.
Page 142
case when the "no" token is not specified as in (interface) and (inte?).
8. CLI Commands: Base This chapter provides detailed explanation of the Switching commands. The commands are divided into four functional groups: ▫ Show commands display switch settings, statistics, and other information. ▫ Configuration Commands configure features and options of the switch. For every configuration command there is a show command that displays the configuration setting.
▫ The task ID of the event. Task Id ▫ The event code. Code ▫ The time this event occurred. Time Event log information is retained across a switch reset. Note 8.1.3 show hardware This command displays inventory information for the switch. ▫...
interface. ▫ The number of outbound packets that could not be transmitted Transmit Packets Errors because of errors. ▫ The best estimate of the total number of collisions on this Ethernet Collisions Frames segment. ▫ The elapsed time, in days, hours, minutes, and seconds Time Since Counters Last Cleared since the statistics for this port were last cleared.
Page 146
etherStatsOctets objects should be sampled before and after a common interval. ----- The result of this equation is the value Utilization which is the percent utilization of the ethernet segment on a scale of 0 to 100 percent. ▫ Packets Received < 64 Octets - The total number of packets (including bad packets) received that were <...
Page 147
deliverable to a higher-layer protocol. ▫ Jabbers Received - The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Page 148
FF:FF:FF:FF:FF:FF when Broadcast Storm Recovery is enabled. ▫ CFI Discards - The number of frames discarded that have CFI bit set and the addresses in RIF are in non-canonical format. ▫ Upstream Threshold - The number of frames discarded due to lack of cell descriptors available for that packet's priority level.
Page 149
requested be transmitted to the Broadcast address, including those that were discarded or not sent. Transmit Errors ▫ Total Errors - The sum of Single, Multiple, and Excessive Collisions. ▫ Tx FCS Errors - The total number of packets transmitted that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with an integral number of octets ▫...
Page 150
▫ GMRP PDU's Transmitted - The count of GMRP PDU's transmitted from the GARP layer. ▫ GMRP Failed Registrations - The number of times attempted GMRP registrations could not be completed. ▫ STP BPDUs Transmitted - Spanning Tree Protocol Bridge Protocol Data Units sent ▫...
requested be transmitted to a Multicast address, including those that were discarded or not sent. ▫ Broadcast Packets Transmitted - The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent.
8.1.7 show mac-addr-table This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. Alternatively, the administrator can enter a MAC Address to display the table entry for the requested MAC address and all entries following the requested MAC address.
is displayed in the script format, which can be used to configure another switch with same configuration. ▫ Format show running-config ▫ Mode Privileged EXEC 8.1.10 show sysinfo This command displays switch information. ▫ Format show sysinfo ▫ Mode Privileged EXEC ▫...
class mapping on a 'per-port' basis, and the number of available traffic classes may vary with the platform. ▫ Format classofservice dot1pmapping <userpriority> <trafficclass> ▫ Mode Global Config or Interface Config 8.3.2 show classofservice dot1pmapping This command displays the current 802.1p priority mapping to internal traffic classes for a specific interface.
This command disables the support of static port-channels (link aggregations - LAGs) on the device. ▫ Disabled Default ▫ Format no port-channel staticcapability ▫ Mode Global Config 8.4.2 show port-channel brief This command displays the static capability of all port-channels (LAGs) on the device as well as a summary of individual port-channels.
8.5.2 mtu This command sets the maximum transmission unit (MTU) size (in bytes) for physical and port-channel (LAG) interfaces. For the standard implementation, the range of <mtusize> is a valid integer between 1522-9216. ▫ 1522 Default ▫ Format mtu <1522-9216> ▫...
8.5.5 network mac-type This command specifies whether the burned in MAC address or the locally-administered MAC address is used. ▫ Default burnedin ▫ Format network mac-type {local | burnedin} ▫ Mode Privileged EXEC 8.5.5.1 no network mac-type This command resets the value of MAC address to its default. Format no network mac-type Mode...
▫ Format no remotecon maxsessions ▫ Mode Privileged EXEC 8.5.9 remotecon timeout This command sets the remote connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. A value of 0 indicates that a session remains active indefinitely.
▫ Default ▫ Format serial timeout <0 - 160> ▫ Mode Line Config 8.5.11.1 no serial timeout This command sets the maximum connect time (in minutes) without console activity to 5. ▫ Format no serial timeout ▫ Mode Line Config 8.5.12 set prompt This command changes the name of the prompt.
configured for in-band connectivity. To take effect, 'MAC Address Type' must be set to 'Locally Administered'. Enter the address as twelve hexadecimal digits (6 bytes) with a colon between each byte. Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0, i.e. byte 0 should have the following mask 'xxxx xx10'.
Flow Control - Whether Hardware Flow-Control is enabled or disabled. Hardware Flow Control is always disabled. Stop Bits - The number of Stop bits per character. The number of Stop bits is always 1. Parity Type - The Parity Method used on the Serial Port. The Parity Method is always None. 8.5.17 show snmpcommunity This command displays SNMP community information.
and 255 separated by periods. ▫ Status - A pull down menu that indicates the receiver's status (enabled or disabled) and allows the administrator/user to perform actions on this user entry: Enable - send traps to the receiver Disable - do not send traps to the receiver. Delete - remove the table entry.
entries using the same community name, the first entry is kept and processed and all duplicate entries are ignored. ▫ Two default community names: Public and Private. You can replace these default Default community names with unique identifiers for each community. The default values for the remaining four community names are blank.
▫ Format snmp-server community ipmask <ipmask> <name> ▫ Mode Global Config 8.5.22.1 no snmp-server community ipmask This command sets a client IP mask for an SNMP community to 0.0.0.0. The name is the applicable community name. The community name may be up to 16 alphanumeric characters. ▫...
▫ Default Enabled ▫ Format snmp-server enable traps ▫ Mode Global Config 8.5.26.1 no snmp-server enable traps This command disables the Authentication Flag. ▫ Format no snmp-server enable traps ▫ Mode Global Config 8.5.27 snmp-server enable traps bcaststorm This command enables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled.
▫ Format snmp-server enable traps multiusers ▫ Mode Global Config 8.5.29.1 no snmp-server enable traps multiusers This command disables Multiple User traps. ▫ Format no snmp-server enable traps multiusers ▫ Mode Global Config 8.5.30 snmp-server enable traps stpmode This command enables the sending of new root traps and topology change notification traps. ▫...
▫ Mode Global Config 8.5.33 snmptrap mode This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps). ▫ Format snmptrap mode <name> <ipaddr> ▫...
8.6.2 auto-negotiate This command enables automatic negotiation on a port. The default value is enable. ▫ Format auto-negotiate ▫ Mode Interface Config 8.6.2.1 no auto-negotiate This command disables automatic negotiation on a port. ▫ Format no auto-negotiate ▫ Mode Interface Config 8.6.3 auto-negotiate all This command enables automatic negotiation on all ports.
The <vlanid> parameter must identify a valid VLAN. Up to 100 static MAC filters may be created. ▫ Format macfilter <macaddr> <vlanid> ▫ Mode Global Config 8.6.6.1 no macfilter This command removes all filtering restrictions and the static MAC filter entry for the MAC address <macaddr>...
This command removes all ports from the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN. ▫...
8.6.11 monitor session This command configures a probe port and a monitored port for monitor session (port monitoring). The first slot/port is the source monitored port and the second slot/port is the destination probe port. If this command is executed while port monitoring is enabled, it will have the effect of changing the probe and monitored port values.
▫ Mode Interface Config 8.6.14 port lacpmode all This command enables Link Aggregation Control Protocol (LACP) on all ports. ▫ Format port lacpmode all ▫ Mode Global Config 8.6.14.1 no port lacpmode all This command disables Link Aggregation Control Protocol (LACP) on all ports. ▫...
▫ Default Enabled ▫ Format port-channel linktrap {<logical slot/port> | all} ▫ Mode Global Config 8.6.17.1 no port-channel linktrap This command disables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
▫ Format protocol vlan group <groupid> ▫ Mode Interface Config 8.6.20.1 no protocol vlan group This command removes the <interface> from this protocol-based VLAN group that is identified by this <groupid>. If <all> is selected, all ports will be removed from this protocol group. ▫...
▫ Mode Interface Config 8.6.23 set garp timer join all This command sets the GVRP join time for all ports and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group.
considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service time is 20 to 600 (centiseconds). This command has an effect only when GVRP is enabled. Note ▫ 60 centiseconds (0.6 seconds) Default ▫...
6000 (centiseconds). This command has an effect only when GVRP is enabled. Note ▫ 1000 centiseconds (10 seconds) Default ▫ Format set garp timer leaveall all <200-6000> ▫ Mode Global Config 8.6.27.1 no set garp timer leaveall all This command sets how frequently Leave All PDUs are generated for all ports to 1000 centiseconds (10 seconds).
which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that interface. GARP functionality will subsequently be re-enabled if routing is disabled and portchannel (LAG) membership is removed from an interface that has GARP enabled.
8.6.32.1 no set gvrp interfacemode This command disables GVRP (GARP VLAN Registration Protocol) for a specific port. If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect. ▫ Format no set gvrp interfacemode ▫ Mode Interface Config 8.6.33 set gvrp interfacemode all This command enables GVRP (GARP VLAN Registration Protocol) for all ports.
▫ Join Timer - Specifies the interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds).
attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis.
processed by the CPU. 8.6.39 show mac-address-table gmrp This command displays the GARP Multicast Registration Protocol (GMRP) entries in the Multicast Forwarding Database (MFDB) table. ▫ Format show mac-address-table gmrp ▫ Mode Privileged EXEC ▫ Mac Address - A unicast MAC address for which the switch has forwarding and or filtering information.
user. Dynamic entries are added to the table as a result of a learning process or protocol. ▫ Component - The component that is responsible for this entry in the Multicast Forwarding Database. Possible values are IGMP Snooping, GMRP, and Static Filtering. ▫...
▫ Most MFDB Entries Ever Used - This displays the largest number of entries that have been present in the Multicast Forwarding Database table. This value is also known as the MFDB high-water mark. ▫ Current Entries - This displays the current number of entries in the Multicast Forwarding Database table.
factory default is enabled. ▫ LACP Mode - Displays whether LACP is enabled or disabled on this port. 8.6.47 show port protocol This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated Group. ▫ Format show port protocol {<groupid>...
8.6.49 show storm-control This command displays switch configuration information. ▫ Format show storm-control ▫ Mode Privileged EXEC ▫ Broadcast Storm Recovery Mode - May be enabled or disabled. The factory default is disabled. ▫ 802.3x Flow Control Mode - May be enabled or disabled. The factory default is disabled. 8.6.50 show vlan This command displays detailed information, including interface information, for a specific VLAN.
▫ Tagging - Select the tagging behavior for this port in this VLAN. Tagged - specifies to transmit traffic for this VLAN as tagged frames. Untagged - specifies to transmit traffic for this VLAN as untagged frames. 8.6.51 show vlan brief This command displays a list of all configured VLANs.
8.6.53 shutdown This command disables a port. ▫ Default Enabled ▫ Format shutdown ▫ Mode Interface Config 8.6.53.1 no shutdown This command enables a port. ▫ Format no shutdown ▫ Mode Interface Config 8.6.54 shutdown all This command disables all ports. ▫...
Note: This command is valid only when the Link Up/Down Flag is enabled (see "snmpserver enable traps linkmode"). ▫ Format snmp trap link-status all ▫ Mode Global Config 8.6.56.1 no snmp trap link-status all This command disables link status traps for all interfaces. Note: This command is valid only when the Link Up/Down Flag is enabled (see "snmpserver enable traps linkmode").
string of up to 64 characters. To use spaces as part of a description, enclose it in double quotes like: "Port 1 connect to Ln 1" ▫ Format description <description> ▫ Mode Interface Config 8.6.60 speed This command sets the speed and duplex setting for the interface. ▫...
1000M Table 7-1 Broadcast Storm Recovery Thresholds 8.6.62.1 no storm-control broadcast This command disables broadcast storm recovery mode. The threshold implementation follows a percentage pattern. If the broadcast traffic on any Ethernet port exceeds the high threshold percentage (as represented in "Broadcast Storm Recovery Thresholds" table) of the link speed, the switch discards the broadcasts traffic until the broadcast traffic returns to the low threshold percentage or less.
8.6.64.1 no vlan This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-4094. ▫ Format no vlan <2-4094> ▫ Mode VLAN database 8.6.65 vlan acceptframe This command sets the frame acceptance mode per interface.
8.6.67 vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-4094. ▫...
▫ Mode Global Config Participation options are: ▫ include - The interface is always a member of this VLAN. This is equivalent to registration fixed. ▫ Exclude - The interface is never a member of this VLAN. This is equivalent to registration forbidden.
to ports that are members of that VLAN. ▫ Format no vlan port ingressfilter all ▫ Mode Global Config 8.6.73 vlan port pvid all This command changes the VLAN ID for all interfaces. ▫ Default ▫ Format vlan port pvid all <1-4094> ▫...
associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail and the protocol will not be added to the group. The possible values for protocol are ip, arp, and ipx. ▫...
disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. ▫ Format no vlan tagging <1-4094> ▫ Mode Interface Config 8.7 User Account Management Commands These commands manage user accounts. 8.7.1 disconnect This command closes a telnet session. ▫...
and up to five Read Only users. ▫ SNMPv3 AccessMode - This field displays the SNMPv3 Access Mode. If the value is set to Read-Write, the SNMPv3 user will be able to set and retrieve parameters on the system. If the value is set to ReadOnly, the SNMPv3 user will only be able to retrieve parameter information.
▫ Format no users passwd <username> ▫ Mode Global Config 8.7.6 users snmpv3 accessmode This command specifies the snmpv3 access privileges for the specified login user. The valid accessmode values are readonly or readwrite. The <username> is the login user name for which the specified access mode will apply.
key. When using the des protocol, the user login password is also used as the snmpv3 encryption password and therefore must be at least eight characters in length. If none is specified, a key must not be provided. The <username> is the login user name associated with the specified encryption.
prompted to confirm that the password reset should proceed. ▫ Format clear pass ▫ Mode Privileged EXEC 8.8.5 clear port-channel This command clears all port-channels (LAGs). ▫ Format clear port-channel ▫ Mode Privileged EXEC 8.8.6 clear traplog This command clears the trap log. ▫...
9. CLI COMMANDS: QUALITY OF SERVICE This chapter provides a detailed explanation of the Quality of Service (QOS) commands. The following QOS CLI commands are available in the software QOS Package. The commands are divided into these different groups: ▫ Show commands are used to display device settings, statistics and other information.
<accesslistnumber>. The ACL number is an integer from 1 to 199. The range 1 to 99 is for normal ACL List and 100 to 199 is for extended ACL List. The ACL rule is created with the option of permit or deny. The protocol to filter for an ACL rule is specified by giving the protocol to be used like cmp, igmp, ip, tcp, udp.
▫ Mode Global Config 9.3 CLI Commands: Differentiated Services This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ) package. The user configures DiffServ in several stages by specifying: 1. Class ▫ creating and deleting classes ▫ defining match criteria for a class.
▫ i.e., ACL rules copied as class match criteria at time of class creation, with class type 'any' ▫ implicit ACL 'deny all' rule also copied ▫ no nesting of class type 'acl' Regarding nested classes, referred to here as class references, a given class definition can contain at most one reference to another class, which can be combined with other match criteria.
9.4.1 class-map This command defines a new DiffServ class of type match-all, match-any or match-access-group. The <classname> parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class (Note: the class name 'default' is reserved and must not be used here). When used without any match condition, this command enters the class-map mode.
9.4.2 class-map rename This command changes the name of a DiffServ class. The <classname> is the name of an existing DiffServ class. The <newclassname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class (Note: the class name 'default' is reserved and must not be used here).
9.4.4.1 no match class-map This command removes from the specified class definition the set of match conditions defined for another class. The <refclassname> is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: there is no [not] option for this match command. ▫...
To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535. To specify the match condition using a numeric range notation, two layer 4 port numbers are required and together they specify a contiguous port range.
To specify a match on all Precedence values, use the match [not] ip tos <tosbits> <tosmask> Note command with <tosbits> set to 0 and <tosmask> set to 1F (hex). ▫ Default None ▫ Format match [not] ip precedence <0-7> ▫ Mode Class-Map Config 9.4.10 match ip tos...
▫ Format match [not] protocol {<protocol-name> | <0-255>} ▫ Mode Class-Map Config 9.4.12 match source-address mac This command adds to the specified class definition a match condition based on the source MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff).
has the effect of negating this match condition for the class (i.e., match all source layer 4 ports except for those within the range specified here). The optional [not] parameter has the effect of negating this match condition for the class (i.e., match all source layer 4 port numbers except for the one specified here).
9.5.1 bandwidth kbps This command identifies a minimum amount of bandwidth to be reserved for the specified class instance within the named policy using an absolute rate notation. The committed information rate is specified in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295. Note: The actual bandwidth allocation does not occur until the policy is attached to an interface in a particular direction.
9.5.3 class This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. The <classname> is the name of an existing DiffServ class. Note that this command causes the specified policy to create a reference to the class definition.
9.5.5 expedite percent This command identifies the maximum guaranteed amount of bandwidth to be reserved for the specified class instance within the named policy using a relative rate notation. The committed information rate is specified as a percentage of total link capacity and is an integer from 1 to 100. The optional committed burst size is specified in kilobytes (KB) as an integer from 1 to 128, with a default of 4.
9.5.8 police-simple This command is used to establish the traffic policing style for the specified class. The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and nonconform. The conforming data rate is specified in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295.
set-prec-transmit <0-7> | set-dscp-transmit <0-63> | transmit} [violate-action {drop | set-prec-transmit <0-7> | set-dscp-transmit <0-63> | transmit}]} ▫ Mode Policy-Class-Map Config ▫ Restrictions - Only one style of police command (simple, singlerate, tworate) is allowed for a given class instance in a particular policy. ▫...
alphanumeric string from 1 to 31 characters uniquely identifying the policy. The type of policy is specific to either the inbound or outbound traffic direction as indicated by the {in | out} parameter. The policy type dictates which of the individual policy attribute commands are valid within the Note policy definition.
The last two parameters, namely sampling rate and decay exponent, are hierarchically Note specified in this command. That is, in order to provide a value for the decay exponent <0-16>, the user is required to also specify a sampling rate <0-1000000> for proper command interpretation. ▫...
9.6 Service Commands The 'service' command set is used in DiffServ to define: ▫ Traffic Conditioning Assign a DiffServ traffic conditioning policy (as specified by the policy commands) to an interface in the incoming direction ▫ Service Provisioning Assign a DiffServ service provisioning policy (as specified by the policy commands) to an interface in the outgoing direction The service commands attach a defined policy to a directional interface.
This command effectively disables DiffServ on an interface (in a particular direction). There is Note no separate interface administrative 'mode' command for DiffServ. ▫ Format no service-policy {in | out} <policymapname> ▫ Modes Global Config (for all system interfaces) Interface Config (for a specific interface) 9.7 Show Commands The 'show' command set is used in DiffServ to display configuration and status information for: Classes...
following fields are displayed: ▫ Class Name - The name of this class. (Note that the order in which classes are displayed is not necessarily the same order in which they were created.) ▫ Class Type - The class type (all, any, or acl) indicating how the match criteria are evaluated for this class.
Page 224
▫ Format how policy-map [<policyname>] ▫ Mode Privileged EXEC If the Policy Name is specified the following fields are displayed: ▫ Policy Name - The name of this policy. ▫ Type - The policy type, namely whether it is an inbound or outbound policy definition. The following information is repeated for each class associated with this policy (only those policy attributes actually configured are displayed): ▫...
▫ Non-Conform DSCP Value - This field displays the DSCP mark value if this action is markdscp. ▫ Non-Conform IP Precedence Value - This field displays the IP Precedence mark value if this action is markprec. ▫ Bandwidth - This field displays the minimum amount of bandwidth reserved in either percent or kilobits-per-second.
▫ DiffServ Admin Mode - The current setting of the DiffServ administrative mode. An attached policy is only in effect on an interface while DiffServ is in an enabled mode. ▫ Interface - The slot number and port number of the interface (slot/port). ▫...
service interface in the specified direction for any reason due to DiffServ treatment. ▫ Interface Sent Octets/Packets - A cumulative count of the octets/packets forwarded by this service interface in the specified direction after the defined DiffServ treatment was applied. In this case, forwarding means the traffic stream was passed to the next functional element in the data path, such as the switching or routing function or an outbound link transmission element.
with an attached policy are shown): ▫ Interface - The slot number and port number of the interface (slot/port). ▫ Dir - The traffic direction of this interface service, either in or out. ▫ Operational Status - The current operational status of this DiffServ service interface. ▫...
10. CLI COMMANDS: SECURITY 10.1 Security Commands This section describes commands used for configuring security settings for login users and port users. 10.1.1 authentication login This command creates an authentication login list. The <listname> is up to 15 alphanumeric characters and is not case sensitive.
10.1.2 clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. ▫ Format clear dot1x statistics {<slot/port> | all} ▫ Mode Privileged EXEC 10.1.3 clear radius statistics This command is used to clear all RADIUS statistics. ▫...
10.1.7.1 no dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant to the default value, i.e. ▫ Format no dot1x max-req ▫...
▫ Mode Global Config 10.1.10 dot1x re-authenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. ▫...
Page 234
be a value in the range 1 - 65535. ▫ quiet-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must be a value in the range 0 - 65535.
10.1.15 radius accounting mode This command is used to enable the RADIUS accounting function. ▫ Default Disabled ▫ Format radius accounting mode ▫ Mode Global Config 10.1.15.1 no radius accounting mode This command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting function is disabled.
▫ Format no radius server host {auth | acct} <ipaddress> ▫ Mode Global Config 10.1.17 radius server key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret will be configured for the RADIUS authentication or RADIUS accounting server.
▫ Format no radius server retransmit ▫ Mode Global Config 10.1.21 radius server timeout This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30. ▫...
RADIUS accounting server. ▫ Responses - The number of RADIUS packets received on the accounting port from this server. ▫ Malformed Responses - The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses.
Page 239
<slot/port>}] ▫ Mode Privileged EXEC If none of the optional parameters are used, the global dot1x configuration summary is displayed. ▫ Administrative mode - Indicates whether authentication control on the switch is enabled or disabled. If the optional parameter 'summary {<slot/port> | all}' is used, the dot1x configuration for the specified port or all ports are displayed.
Page 240
will retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will be in the range of 1 and 10. ▫ Reauthentication Period - The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535.
10.1.26 show dot1x users This command displays 802.1x port security user information for locally configured users. ▫ Format show dot1x users <slot/port> ▫ Mode Privileged EXEC ▫ User - Users configured locally to have access to the specified port. 10.1.27 show radius This command is used to display the various RADIUS configuration items for the switch as well as the configured RADIUS servers.
authentication server. ▫ Access Requests - The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. ▫ Access Retransmission - The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server. ▫ Access Accepts - The number of RADIUS Access-Accept packets, including both valid and invalid packets, which were received from this server.
log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only. ▫ Format users defaultlogin <listname>...
10.2.3 show ip ssh This command displays the ssh settings. ▫ Format show ip ssh ▫ Mode Privileged EXEC ▫ Administrative Mode - This field indicates whether the administrative mode of SSH is enabled or disabled. ▫ Protocol Level - The protocol level may have the values of version 1, version 2 or both versions 1 and version 2.
▫ Default Disabled ▫ Format ip http secure-server ▫ Mode Privileged EXEC 10.3.3.1 no ip http secure-server This command is used to disable the secure socket layer for secure HTTP. ▫ Format ip http secure-server ▫ Mode Privileged EXEC 10.3.4 ip http server This command enables access to the switch through the Web interface.
10.4 MAC Lock Commands 10.4.1 mac-lock This command adds the specified MAC address with <vlanid> to a specified interface. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN. ▫...
11. CLI COMMANDS: SWITCHING 11.1 Spanning Tree Commands This section provides detailed explanation of the spanning tree commands. The commands are divided into two functional groups: ▫ Show commands display spanning tree settings, statistics, and other information. ▫ Configuration Commands configure features and options of the switch. For every configuration command there is a show command that displays the configuration setting.
▫ Bridge Identifier ▫ Bridge Max Age - Configured value. ▫ Bridge Hello Time - Configured value. ▫ Bridge Forward Delay - Configured value. ▫ Bridge Hold Time - Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) 11.1.2 show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree.
▫ Root Port Identifier - Port to access the Designated Root for this multiple spanning tree instance ▫ Associated FIDs - List of forwarding database identifiers associated with this instance. ▫ Associated VLANs - List of VLAN IDs associated with this instance. 11.1.4 show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance.
▫ Point To Point MAC Status - Derived value indicating if this port is part of a point to point link. ▫ CST Regional Root - The regional root identifier in use for this port. ▫ CST Port Cost - The configured path cost for this port. 11.1.5 show spanning-tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance.
▫ Configuration Name - Configured name. ▫ Configuration Revision Level - Configured value. ▫ Configuration Digest Key - Calculated value. ▫ Configuration Format Selector - Configured value. ▫ MST Instances - List of all multiple spanning tree instances configured on the switch 11.1.8 show spanning-tree vlan This command displays the association between a VLAN and a multiple spanning tree instance.
▫ Format no spanning-tree configuration name ▫ Mode Global Config 11.1.11 spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535.
11.1.13.1 no spanning-tree forceversion This command sets the Force Protocol Version parameter to the default value, i.e. 802.1s. ▫ Format no spanning-tree forceversion ▫ Mode Global Config 11.1.14 spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree.
▫ Format spanning-tree max-age <6-40> ▫ Mode Global Config 11.1.16.1 no spanning-tree max-age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value, i.e. 20. ▫ Format no spanning-tree max-age ▫ Mode Global Config 11.1.17 spanning-tree mst...
parameter, to the default value, i.e. 128. ▫ Format no spanning-tree mst <mstid> {cost | port-priority} ▫ Mode Interface Config 11.1.18 spanning-tree mst instance This command adds a multiple spanning tree instance to the switch. The instance <mstid> is a number within a range of 1 to 4094, that corresponds to the new instance ID to be added.
11.1.20 spanning-tree mst vlan This command adds an association between a multiple spanning tree instance and a VLAN. The VLAN will no longer be associated with the common and internal spanning tree. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.
12. SWITCH OPERATION 12.1 Address Table The Switch is implemented with an address table. This address table composed of many entries. Each entry is used to store the address information of some node in network, including MAC address, port no, etc.
subsequently used to filter packets whose destination address is on the same segment as the source address. This confines network traffic to its respective domain and reduce the overall load on the network. The Switch performs "Store and forward" therefore, no error packets occur. More reliably, it reduces the re-transmission rate.
13. TROUBLE SHOOTING This chapter contains information to help you solve problems. If the Ethernet Switch is not functioning properly, make sure the Ethernet Switch was set up according to instructions in this manual. The Link LED is not lit Solution: Check the cable connection and remove duplex mode of the Ethernet Switch Some stations cannot talk to other stations located on the other port...
APPENDEX A A.1 Switch's RJ-45 Pin Assignments 1000Mbps, 1000Base T Contact MDI-X BI_DA+ BI_DB+ BI_DA- BI_DB- BI_DB+ BI_DA+ BI_DC+ BI_DD+ BI_DC- BI_DD- BI_DB- BI_DA- BI_DD+ BI_DC+ BI_DD- BI_DC- Implicit implementation of the crossover function within a twisted-pair cable, or at a wiring panel, while not expressly forbidden, is beyond the scope of this standard.
Page 261
The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded. The following shows the pin allocation and color of straight cable and crossover cable connection: Straight Cable SIDE 1 SIDE2 1 = White / Orange 1 = White / Orange SIDE 1 2 = Orange...