Page 1 MUSTANG 4000 SWITCH SERIES DG-FS4526 = M ANAGEMENT GUIDE V1.1 2010-09-28 As our product undergoes continuous development the specifications are subject to change without prior notice...
Page 2 DG-FS4526 User Manual COPYRIGHT Copyright © 2010 by SNSL. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of SNSL.
Page 3 User Manual DG-FS4526 L2 Fast Ethernet Switch Layer 2 Standalone Switch with 24 10/100BASE-TX (RJ-45) Ports, and 2 Combination Gigabit (RJ-45/SFP) Ports...
Page 4 DG-FS4526 E092010-CS-R01 F1.1.0.5 149xxxxxxxxxx...
Page 5: Table Of Contents
Displaying System Information 3-11 Displaying Switch Hardware/Software Versions 3-12 Displaying Bridge Extension Capabilities 3-14 Setting the Switch’s IP Address 3-15 Manual Configuration 3-16 Using DHCP/BOOTP 3-17 Enabling Jumbo Frames 3-18 Managing Firmware 3-18 Downloading System Software from a Server 3-19 www.digisol.com...
Page 6 AAA Accounting Summary 3-61 Authorization Settings 3-63 Authorization EXEC Settings 3-64 Authorization Summary 3-64 Configuring HTTPS 3-65 Replacing the Default Secure-site Certificate 3-66 Configuring the Secure Shell 3-67 Configuring the SSH Server 3-69 Generating the Host Key Pair 3-70 www.digisol.com...
Page 7 DG-FS4526 User Manual Configuring Port Security 3-72 Configuring 802.1X Port Authentication 3-73 Displaying 802.1X Global Settings 3-75 Configuring 802.1X Global Settings 3-75 Configuring Port Settings for 802.1X 3-76 Displaying 802.1X Statistics 3-79 Web Authentication 3-80 Configuring Web Authentication 3-81 Configuring Web Authentication for Ports...
Page 8 Selecting the Queue Mode 3-184 Setting the Service Weight for Traffic Classes 3-184 Layer 3/4 Priority Settings 3-186 Mapping Layer 3/4 Priorities to CoS Values 3-186 Enabling IP DSCP Priority 3-186 Mapping DSCP Priority 3-187 Mapping IP Port Priority 3-188 www.digisol.com...
Page 9 DG-FS4526 User Manual Mapping IP Precedence Priority 3-190 Mapping IP TOS Priority 3-192 Mapping CoS Values to ACLs 3-194 Quality of Service 3-195 Configuring Quality of Service Parameters 3-195 Configuring a Class Map 3-196 Creating QoS Policies 3-198 Attaching a Policy Map to Ingress Queues...
Page 10 4-13 exec-timeout 4-13 password-thresh 4-14 silent-time 4-15 databits 4-15 parity 4-16 speed 4-17 stopbits 4-17 disconnect 4-18 show line 4-18 General Commands 4-19 enable 4-19 disable 4-20 configure 4-21 show history 4-21 reload 4-22 4-22 exit 4-23 quit 4-23 www.digisol.com...
Page 11 DG-FS4526 User Manual System Management Commands 4-24 Device Designation Commands 4-24 prompt 4-24 hostname 4-25 Banner 4-25 banner configure 4-26 banner configure company 4-27 banner configure dc-power-info 4-28 banner configure department 4-28 banner configure equipment-info 4-29 banner configure equipment-location 4-30...
Page 12 4-73 copy 4-73 delete 4-75 4-76 whichboot 4-77 boot system 4-77 Authentication Commands 4-78 Authentication Sequence 4-79 authentication login 4-79 authentication enable 4-80 RADIUS Client 4-81 radius-server host 4-81 radius-server auth-port 4-82 radius-server acct-port 4-82 radius-server key 4-83 www.digisol.com viii...
Page 13 DG-FS4526 User Manual radius-server retransmit 4-83 radius-server timeout 4-84 show radius-server 4-84 TACACS+ Client 4-85 tacacs-server host 4-85 tacacs-server port 4-86 tacacs-server key 4-86 tacacs-server retransmit 4-87 tacacs-server timeout 4-87 show tacacs-server 4-87 AAA Commands 4-88 aaa group server 4-89...
Page 14 4-133 snmp-server 4-134 show snmp 4-134 snmp-server community 4-135 snmp-server contact 4-136 snmp-server location 4-136 snmp-server host 4-137 snmp-server enable traps 4-139 snmp-server engine-id 4-140 show snmp engine-id 4-141 snmp-server view 4-142 show snmp view 4-143 snmp-server group 4-144 www.digisol.com...
Page 15 DG-FS4526 User Manual show snmp group 4-145 snmp-server user 4-146 show snmp user 4-148 Interface Commands 4-150 interface 4-150 description 4-151 speed-duplex 4-151 negotiation 4-152 capabilities 4-153 flowcontrol 4-154 shutdown 4-155 broadcast byte-rate 4-156 switchport broadcast 4-156 clear counters 4-157...
Page 16 4-206 spanning-tree transmission-limit 4-207 spanning-tree mst-configuration 4-207 mst vlan 4-208 mst priority 4-208 name 4-209 revision 4-210 max-hops 4-210 spanning-tree spanning-disabled 4-211 spanning-tree cost 4-211 spanning-tree port-priority 4-212 spanning-tree edge-port 4-213 spanning-tree portfast 4-213 spanning-tree link-type 4-214 www.digisol.com...
Page 17 DG-FS4526 User Manual spanning-tree mst cost 4-215 spanning-tree mst port-priority 4-216 spanning-tree protocol-migration 4-217 show spanning-tree 4-217 show spanning-tree mst configuration 4-219 VLAN Commands 4-220 GVRP and Bridge Extension Commands 4-220 bridge-ext gvrp 4-221 show bridge-ext 4-221 switchport gvrp 4-222...
Page 18 4-273 switchport voice vlan security 4-273 switchport voice vlan priority 4-274 show voice vlan 4-275 Multicast Filtering Commands 4-276 IGMP Snooping Commands 4-276 ip igmp snooping 4-276 ip igmp snooping vlan static 4-277 ip igmp snooping version 4-277 www.digisol.com...
Page 19 DG-FS4526 User Manual ip igmp snooping leave-proxy 4-278 ip igmp snooping immediate-leave 4-279 show ip igmp snooping 4-279 show mac-address-table multicast 4-280 IGMP Query Commands (Layer 2) 4-281 ip igmp snooping querier 4-281 ip igmp snooping query-count 4-282 ip igmp snooping query-interval...
Page 20 4-319 upnp device ttl 4-319 upnp device advertise duration 4-320 show upnp 4-320 Appendix A: Software Specifications Software Features Management Features Standards Management Information Bases Appendix B: Troubleshooting Problems Accessing the Management Interface Using System Logs Glossary Index www.digisol.com...
Page 21 - display description 4-56 Table 4-21 show logging trap - display description 4-57 Table 4-22 SMTP Alert Commands 4-58 Table 4-23 Time Commands 4-62 Table 4-24 System Status Commands 4-66 Table 4-25 Frame Size Commands 4-72 www.digisol.com xvii...
Page 22 Priority Commands (Layer 2) 4-247 Table 4-68 Default CoS Values to Egress Queues 4-250 Table 4-69 Priority Commands (Layer 3 and 4) 4-253 Table 4-70 IP DSCP to CoS Queue 4-253 Table 4-71 Mapping IP Precedence to CoS Queues 4-255 www.digisol.com xviii...
Page 23 DG-FS4526 User Manual Table 4-72 IP TOS to CoS Queue 4-256 Table 4-73 Quality of Service Commands 4-261 Table 4-74 Voice VLAN Commands 4-269 Table 4-75 Multicast Filtering Commands 4-276 Table 4-76 IGMP Snooping Commands 4-276 Table 4-77 IGMP Query Commands (Layer 2)
Page 24 Tables www.digisol.com...
Page 25 AAA Accounting Settings 3-57 Figure 3-38 AAA Accounting Update 3-58 Figure 3-39 AAA Accounting 802.1X Port Settings 3-59 Figure 3-40 AAA Accounting Exec Command Privileges 3-60 Figure 3-41 AAA Accounting Exec Settings 3-61 Figure 3-42 AAA Accounting Summary 3-62 www.digisol.com...
Page 26 Displaying Spanning Tree Information 3-128 Figure 3-83 Configuring Spanning Tree 3-131 Figure 3-84 Displaying Spanning Tree Port Information 3-134 Figure 3-85 Configuring Spanning Tree per Port 3-137 Figure 3-86 Configuring Multiple Spanning Trees 3-138 Figure 3-87 Displaying MSTP Interface Settings 3-140 www.digisol.com xxii...
Page 27 DG-FS4526 User Manual Figure 3-88 Displaying MSTP Interface Settings 3-143 Figure 3-89 Globally Enabling GVRP 3-146 Figure 3-90 Displaying Basic VLAN Information 3-147 Figure 3-91 Displaying Current VLANs 3-148 Figure 3-92 Configuring a VLAN Static List 3-150 Figure 3-93 Configuring a VLAN Static Table...
Page 28 Figure 3-151 Dynamic IP Source Guard Binding Information 3-234 Figure 3-152 Cluster Member Choice 3-235 Figure 3-153 Cluster Configuration 3-236 Figure 3-154 Cluster Member Configuration 3-237 Figure 3-155 Cluster Member Information 3-237 Figure 3-156 Cluster Candidate Information 3-238 Figure 3-157. UPnP Configuration 3-239 www.digisol.com xxiv...
Page 29: Chapter 1: Introduction
Up to 255 using IEEE 802.1Q, port-based, private VLANs, protocol VLANs, QinQ tunneling, Voice VLAN Traffic Prioritization Default port priority, traffic class map, queue scheduling, or Differentiated Services Code Point (DSCP), IP Precedence, IP TOS, and TCP/UDP Port Quality of Service Supports Differentiated Services (DiffServ) www.digisol.com...
Page 30: Description Of Software Features
Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard. www.digisol.com...
Page 31 DG-FS4526 User Manual Rate Limiting – This feature controls the maximum rate for traffic received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into the network. Packets that exceed the acceptable amount of traffic are dropped.
Page 32 Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3, www.digisol.com...
Page 33 DG-FS4526 User Manual or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN.
Page 34: System Defaults
Enabled Disabled Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Number HTTP Secure Server Enabled HTTP Secure Port Number SNMP Community Strings “public” (read only) “private” (read/write) Traps Authentication traps: enabled Link-up-down events: enabled www.digisol.com...
Page 35 DG-FS4526 User Manual Table 1-2 System Defaults (Continued) Function Parameter Default Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Rate Limiting Input limits Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Broadcast Storm Status Enabled (all ports)
Page 36 Levels 0-6 (all) Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler Enabled (but no server defined) SNTP Clock Synchronization Disabled DHCP Snooping Status Disabled IP Source Guard Status Disabled (all ports) Switch Clustering Status Enabled Commander Disabled www.digisol.com...
Page 37: Chapter 2: Initial Configuration
• Upload and download system firmware via TFTP • Upload and download switch configuration files via TFTP • Configure Spanning Tree parameters • Configure Class of Service (CoS) priority queuing • Configure up to 12 static or LACP trunks www.digisol.com...
Page 38: Required Connections
For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 4-9. www.digisol.com...
Page 39: Remote Connections
DG-FS4526 User Manual Remote Connections Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address”...
Page 40: Setting Passwords
Note: ‘0’ specifies the password in plain text, ‘7’ specifies the password in encrypted form. Username: admin Password: CLI session with the DG-FS4526 is opened. To end the CLI session, enter [Exit]. Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password]...
Page 41: Dynamic Configuration
DG-FS4526 User Manual Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this network...
Page 42: Enabling Snmp Management Access
Community strings are used to control management access to SNMP version 1 and 2c stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users, and set the access level. www.digisol.com...
Page 43: Trap Receivers
DG-FS4526 User Manual The default strings are: • public - with read-only access. Authorized management stations are only able to retrieve MIB objects. • private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects.
Page 44: Configuring Access For Snmp Version 3 Clients
From the Privileged Exec mode prompt, type “copy running-config startup-config” and press <Enter>. Enter the name of the start-up file. Press <Enter>. Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming. \Write to FLASH finish. Success. Console# www.digisol.com...
Page 45: Managing System Files
DG-FS4526 User Manual Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
Page 46 Initial Configuration 2-10 www.digisol.com...
Page 47: Chapter 3: Configuring The Switch
Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin Edge Port) to improve the switch’s response time to management commands issued through the web interface. See “Configuring Interface Settings” on page 3-135. www.digisol.com...
Page 48: Navigating The Web Browser Interface
The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics. Figure 3-1 Home Page www.digisol.com...
Page 49: Configuration Options
DG-FS4526 User Manual Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.
Page 50: Main Menu
Configures SNTP client settings, including broadcast mode or a 3-33 specified list of servers Clock Time Zone Sets the local time zone for the system clock 3-34 SNMP 3-35 Configuration Configures community strings and related trap functions 3-36 Agent Status Enables or disables SNMP Agent Status 3-38 www.digisol.com...
Page 51 DG-FS4526 User Manual Table 3-2 Main Menu (Continued) Menu Description Page SNMPv3 3-39 Engine ID Sets the SNMP v3 engine ID on this switch 3-39 Remote Engine ID Sets the SNMP v3 engine ID for a remote device 3-41 Users...
Page 52 Port Neighbors Information Displays settings and operational state for the remote side 3-112 Port Broadcast Control Sets the broadcast storm threshold for each port 3-113 Trunk Broadcast Control Sets the broadcast storm threshold for each trunk 3-113 Mirror Port Configuration Sets the source and target ports for mirroring 3-115 www.digisol.com...
Page 53 DG-FS4526 User Manual Table 3-2 Main Menu (Continued) Menu Description Page Rate Limit 3-116 Input Port Configuration Sets the input rate limit for each port 3-116 Output Port Configuration Sets the output rate limit for ports 3-116 Port Statistics Lists Ethernet and RMON port statistics...
Page 54 Sets the default priority for each port 3-181 Default Trunk Priority Sets the default priority for each trunk 3-181 Traffic Classes Maps IEEE 802.1p priority tags to output queues 3-182 Queue Mode Sets queue mode to strict, Weighted Round-Robin, or hybrid 3-184 www.digisol.com...
Page 55 DG-FS4526 User Manual Table 3-2 Main Menu (Continued) Menu Description Page Queue Scheduling Configures Weighted Round Robin queueing 3-184 IP DSCP Priority Status Globally enables DSCP priority 3-186 IP DSCP Priority Sets IP Differentiated Services Code Point priority, mapping a...
Page 56 Globally enables clustering for the switch 3-235 Member Configuration Adds switch Members to the cluster 3-236 Member Information Displays cluster Member switch information 3-237 Candidate Information Displays network Candidate switch information 3-238 UPNP 3-239 Configuration Enables UPNP and defines timeout values 3-239 3-10 www.digisol.com...
Page 57: Basic Configuration
DG-FS4526 User Manual Basic Configuration Displaying System Information You can easily identify the system by displaying the device name, location and contact information. Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem.
Page 58: Displaying Switch Hardware/Software Versions
• Loader Version – Version number of loader code. • Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master or Slave. 3-12 www.digisol.com...
Page 59: Figure 3-4 Switch Information
DG-FS4526 User Manual Web – Click System, Switch Information. Figure 3-4 Switch Information CLI – Use the following command to display version information. Console#show version 4-71 Serial Number: A830023620 Service Tag: Hardware Version: EPLD Version: 0.00 Number of Ports: Main Power Status: Loader Version: 1.0.0.2...
Page 60: Displaying Bridge Extension Capabilities
• GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering. Web – Click System, Bridge Extension Configuration. Figure 3-5 Bridge Extension Configuration 3-14 www.digisol.com...
Page 61: Setting The Switch's Ip Address
DG-FS4526 User Manual CLI – Enter the following command. Console#show bridge-ext 4-221 Max Support VLAN Numbers: Max Support VLAN ID: 4094 Extended Multicast Filtering Services: No Static Entry Individual Port: VLAN Learning: Configurable PVID Tagging: Local VLAN Capable: Traffic Classes:...
Page 62: Manual Configuration
Apply. Figure 3-6 Manual IP Configuration CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 4-150 Console(config-if)#ip address 192.168.1.1 255.255.255.0 4-298 Console(config-if)#exit Console(config)#ip default-gateway 0.0.0.0 4-299 Console(config)# 3-16 www.digisol.com...
Page 63: Using Dhcp/Bootp
DG-FS4526 User Manual Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web – Click System, IP Configuration. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes.
Page 64: Enabling Jumbo Frames
(.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) 3-18 www.digisol.com...
Page 65: Downloading System Software From A Server
DG-FS4526 User Manual Note: Up to two copies of the system software (i.e., the runtime firmware) can be stored in the file directory on the switch. The currently designated startup version of this file cannot be deleted. Downloading System Software from a Server...
Page 66: Saving Or Restoring Configuration Settings
- running-config to startup-config – Copies the running config to the startup config. - running-config to tftp – Copies the running configuration to a TFTP server. - startup-config to file – Copies the startup configuration to a file on the switch. 3-20 www.digisol.com...
Page 67: Downloading Configuration Settings From A Server
DG-FS4526 User Manual - startup-config to running-config – Copies the startup config to the running config. - startup-config to tftp – Copies the startup configuration to a TFTP server. - tftp to file – Copies a file from a TFTP server to the switch.
Page 68: Console Port Settings
• Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 0-300 seconds; Default: 0 seconds) 3-22 www.digisol.com...
Page 69 DG-FS4526 User Manual • Exec Timeout – Sets the interval that the system waits until user input is detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 0-65535 seconds; Default: 600 seconds) •...
Page 70: Figure 3-14 Console Port Settings
Console#show line 4-18 Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Baudrate: 19200 Databits: Parity: none Stopbits: VTY configuration: Password threshold: 3 times Interactive timeout: 600 sec Login timeout: 300 sec Console# 3-24 www.digisol.com...
Page 71: Telnet Settings
DG-FS4526 User Manual Telnet Settings You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other various parameters set, including the TCP port number, timeouts, and a password.
Page 72: Figure 3-15 Enabling Telnet
Console#show line 4-18 Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: Parity: none Stopbits: VTY configuration: Password threshold: 3 times Interactive timeout: 600 sec Login timeout: 300 sec Console# 3-26 www.digisol.com...
Page 73: Configuring Event Logging
DG-FS4526 User Manual Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.
Page 74: Table 3-3 Logging Levels
The Flash Level must be equal to or less than the RAM Level. Web – Click System, Log, System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash memory, then click Apply. Figure 3-17 System Logs 3-28 www.digisol.com...
Page 75: Remote Log Configuration
DG-FS4526 User Manual CLI – Enable system logging and then specify the level of messages to be logged to RAM and flash memory. Use the show logging command to display the current settings. Console(config)#logging on 4-52 Console(config)#logging history ram 0...
Page 76: Simple Mail Transfer Protocol
The messages can be retrieved using POP or IMAP clients. Command Attributes • Admin Status – Enables/disables the SMTP function. (Default: Enabled) • Email Source Address – This command specifies SMTP servers email addresses that can send alert messages. 3-30 www.digisol.com...
Page 77: Figure 3-19 Enabling And Configuring Smtp
DG-FS4526 User Manual • Severity – Specifies the degree of urgency that the message carries. • Debugging – Sends a debugging notification. (Level 7) • Information – Sends informatative notification only. (Level 6) • Notice – Sends notification of a normal but significant condition, such as a cold start.
Page 78: Resetting The System
CLI – Use the reload command to restart the switch. When prompted, confirm that you want to reset the switch. Console#reload 4-22 System will be restarted, continue <y/n>? y Note: When restarting the system, it will always run the Power-On Self-Test. 3-32 www.digisol.com...
Page 79: Setting The System Clock
DG-FS4526 User Manual Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.
Page 80: Setting The Time Zone
Setting the Time Manually You can set the system time on the switch manually without using SNTP. Web – Select System, Calendar. Set the current date and time using the fields provided. Click the Apply to start using the configured time. 3-34 www.digisol.com...
Page 81: Simple Network Management Protocol
DG-FS4526 User Manual Figure 3-23 Setting the Current Date and Time CLI – This example sets the system clock time and then displays the current time and date. Console#calendar set 17 46 00 october 18 2007 4-65 Console#show calendar 4-66...
Page 82: Setting Community Access Strings
All community strings used for IP Trap Managers should be listed in this table. For security reasons, you should consider removing the default strings. Command Attributes • SNMP Community Capability – Indicates that the switch supports up to five community strings. 3-36 www.digisol.com...
Page 83: Specifying Trap Managers And Trap Types
DG-FS4526 User Manual • Community String – A community string that acts like a password and permits access to the SNMP protocol. Default strings: “public” (read-only), “private” (read/write) Range: 1-32 characters, case sensitive • Access Mode - Read-Only – Specifies read-only access. Authorized management stations are only able to retrieve MIB objects.
Page 84: Enabling Snmp Agent Status
4-137 Console(config)#snmp-server enable traps 4-139 Enabling SNMP Agent Status Enables SNMPv3 service for all management clients (i.e., versions 1, 2c, 3). Command Attributes • SNMP Agent Status – Check the box to enable or disable the SNMP Agent. 3-38 www.digisol.com...
Page 85: Configuring Snmpv3 Management Access
DG-FS4526 User Manual Web – Click SNMP, Agent Status. Figure 3-26 Enabling SNMP Agent Status Configuring SNMPv3 Management Access To configure SNMPv3 management access to the switch, follow these steps: If you want to change the default engine ID, it must be changed first before configuring other parameters.
Page 86: Figure 3-27 Setting An Engine Id
Configuring the Switch Web – Click SNMP, SNMPv3, Engine ID. Figure 3-27 Setting an Engine ID 3-40 www.digisol.com...
Page 87: Specifying A Remote Engine Id
DG-FS4526 User Manual Specifying a Remote Engine ID To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.
Page 88: Figure 3-29 Configuring Snmpv3 Users
User Name list. To delete a user, check the box next to the user name, then click Delete. To change the assigned group of a user, click Change Group in the Actions column of the users table and select the new group. Figure 3-29 Configuring SNMPv3 Users 3-42 www.digisol.com...
Page 89: Configuring Remote Snmpv3 Users
DG-FS4526 User Manual Configuring Remote SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group. The SNMPv3 group restricts users to a specific read, write, and notify view.
Page 90: Configuring Snmpv3 Groups
1.3.6.1.6.3.1.1.5.2 A warmStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself such that its configuration is unaltered. 3-44 www.digisol.com...
Page 91 DG-FS4526 User Manual Table 3-5 Supported Notification Messages (Continued) Object Label Object ID Description 1.3.6.1.6.3.1.1.5.3 A linkDown trap signifies that the SNMP entity, linkDown acting in an agent role, has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state (but not from the notPresent state).
Page 92: Setting Snmpv3 Views
MIB tree that define the SNMP view. • Edit OID Subtrees – Allows you to configure the object identifiers of branches within the MIB tree. Wild cards can be used to mask a specific portion of the OID string. 3-46 www.digisol.com...
Page 93: Figure 3-32 Configuring Snmpv3 Views
DG-FS4526 User Manual • Type – Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view. Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view.
Page 94: User Authentication
- Password – Specifies the user password. (Range: 0-8 characters plain text, case sensitive) • Change Password – Sets a new password for the specified user name. • Add/Remove – Adds or removes an account from the list. 3-48 www.digisol.com...
Page 95: Figure 3-33 Access Levels
DG-FS4526 User Manual Web – Click Security, User Accounts. To configure a new user account, specify a user name, select the user’s access level, then enter a password and confirm it. Click Add to save the new user account and add it to the Account List. To change the password for a specific user, enter the user name and new password, confirm the password by entering it again, then click Apply.
Page 96: Configuring Local/Remote Logon Authentication
(3) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted using the TACACS+ server, and finally the local user name and password is checked. 3-50 www.digisol.com...
Page 97 DG-FS4526 User Manual Command Attributes • Authentication – Select the authentication, or authentication sequence required: - Local – User authentication is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server only. - TACACS – User authentication is performed using a TACACS+ server only.
Page 98: Figure 3-34 Authentication Settings
Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. Figure 3-34 Authentication Settings 3-52 www.digisol.com...
Page 99 DG-FS4526 User Manual CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius 4-79 Console(config)#radius-server auth-port 181 4-82 Console(config)#radius-server key green 4-83 Console(config)#radius-server retransmit 5 4-83 Console(config)#radius-server timeout 10 4-84 Console(config)#radius-server 1 host 192.168.1.25 4-81 Console(config)#end...
Page 100: Aaa Authorization And Accounting
This guide assumes that RADIUS and TACACS+ servers have already been configured to support AAA. The configuration of RADIUS and TACACS+ server software is beyond the scope of this guide, refer to the documentation provided with the RADIUS or TACACS+ server software. 3-54 www.digisol.com...
Page 101: Configuring Aaa Radius Group Settings
DG-FS4526 User Manual Configuring AAA RADIUS Group Settings The AAA RADIUS Group Settings screen defines the configured RADIUS servers to use for accounting and authorization. Command Attributes • Group Name - Defines a name for the RADIUS server group. (1-255 characters) •...
Page 102: Configuring Aaa Accounting
The group names “radius” and “tacacs+” specifies all configured RADIUS and TACACS+ hosts (see “Configuring Local/Remote Logon Authentication” on page 3-50). Any other group name refers to a server group configured on the RADIUS or TACACS+ Group Settings pages. 3-56 www.digisol.com...
Page 103: Figure 3-37 Aaa Accounting Settings
DG-FS4526 User Manual Web – Click Security, AAA, Accounting, Settings. To configure a new accounting method, specify a method name and a group name, then click Add. Figure 3-37 AAA Accounting Settings CLI – Specify the accounting method required, followed by the chosen parameters.
Page 104: Aaa Accounting Update
• Port/Trunk - Specifies a port or trunk number. • Method Name - Specifies a user defined method name to apply to the interface. This method must be defined in the AAA Accounting Settings menu (page 3-55). (Range: 1-255 characters) 3-58 www.digisol.com...
Page 105: Aaa Accounting Exec Command Privileges
DG-FS4526 User Manual Web – Click Security, AAA, Accounting, 802.1X Port Settings. Enter the required accounting method and click Apply. Figure 3-39 AAA Accounting 802.1X Port Settings CLI – Specify the accounting method to apply to the selected interface. Console(config)#interface ethernet 1/2...
Page 106: Figure 3-40 Aaa Accounting Exec Command Privileges
Telnet privilege levels. Click Apply. Figure 3-40 AAA Accounting Exec Command Privileges CLI – Specify the accounting method to use for console and Telnet privilege levels. Console(config)#line console 4-11 Console(config-line)#accounting commands 15 tps-method 4-94 Console(config-line)#exit Console(config)#line vty Console(config-line)#accounting commands 15 tps-method Console(config-line)# 3-60 www.digisol.com...
Page 107: Aaa Accounting Exec Settings
DG-FS4526 User Manual AAA Accounting Exec Settings This feature specifies a method name to apply to console and Telnet connections. Command Attributes Method Name - Specifies a user defined method name to apply to console and Telnet connections. Web – Click Security, AAA, Accounting, Exec Settings. Enter a defined method name for console and Telnet connections, and click Apply.
Page 108: Figure 3-42 Aaa Accounting Summary
: radius Interface Method List : tps-method Group List : tps-radius Interface Accounting Type : Exec Method List : default Group List : tacacs+ Interface Accounting Type : Commands 0 Method List : default Group List : tacacs+ Interface 3-62 www.digisol.com...
Page 109: Authorization Settings
DG-FS4526 User Manual Console#show accounting statistics Total entries: 3 Acconting type : dot1x Username : testpc Interface : eth 1/1 Time elapsed since connected: 00:24:44 Acconting type : exec Username : admin Interface : vty 0 Time elapsed since connected: 00:25:09...
Page 110: Authorization Exec Settings
• Group List - Displays the authorization server group. • Interface - Displays the console or Telnet interface to which the authorization method applies. (This field is null if the authorization method and associated server group has not been assigned.) 3-64 www.digisol.com...
Page 111: Configuring Https
DG-FS4526 User Manual Web – Click Security, AAA, Authorization, Summary. Figure 3-45 AAA Authorization Summary Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface.
Page 112: Replacing The Default Secure-Site Certificate
Source certificate file name: <certificate file name> Source private file name: <private key file name> Private password: <password for private key> Note: The switch must be reset for the new certificate to be activated. To reset the switch, type: Console#reload 3-66 www.digisol.com...
Page 113: Configuring The Secure Shell
DG-FS4526 User Manual Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 114 However, you do not need to configure the client’s keys. The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions. 3-68 www.digisol.com...
Page 115: Configuring The Ssh Server
DG-FS4526 User Manual Configuring the SSH Server The SSH server includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled) • Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
Page 116: Generating The Host Key Pair
• Generate – This button is used to generate the host key pair. Note that you must first generate the host key pair before you can enable the SSH server on the SSH Server Settings page. • Clear – This button clears the host key from both volatile memory (RAM) and non-volatile memory (Flash). 3-70 www.digisol.com...
Page 117: Figure 3-48 Ssh Host-Key Settings
DG-FS4526 User Manual Web – Click Security, SSH, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key, and then click Generate.
Page 118: Configuring Port Security
• Max MAC Count – The maximum number of MAC addresses that can be learned on a port. (Range: 0 - 1024, where 0 means disabled) • Trunk – Trunk number if port is a member (page 3-104 and 3-105). 3-72 www.digisol.com...
Page 119: Configuring 802.1X Port Authentication
DG-FS4526 User Manual Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in the Status column to enable security for a port, set the maximum number of MAC addresses allowed on a port, and click Apply.
Page 120 • The RADIUS server and client also have to support the same EAP authentication type – MD5, PEAP, TLS, or TTLS. (Some clients have native support in the operating system, otherwise the dot1x client must support the required authentication method.) 3-74 www.digisol.com...
Page 121: Displaying 802.1X Global Settings
DG-FS4526 User Manual Displaying 802.1X Global Settings The 802.1X protocol provides client authentication. Command Attributes • 802.1X System Authentication Control – The global setting for 802.1X. Web – Click Security, 802.1X, Information. Figure 3-50 802.1X Global Information CLI – This example shows the default global setting for 802.1X.
Page 122: Configuring Port Settings For 802.1X
EAP request packet to the client before it times out the authentication session. (Range: 1-10; Default 2) • Quiet Period – Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) 3-76 www.digisol.com...
Page 123: Figure 3-52 802.1X Port Configuration
DG-FS4526 User Manual • Re-authentication Period – Sets the time period after which a connected client must be re-authenticated. (Range: 1-65535 seconds; Default: 3600 seconds) • Tx Period – Sets the time period during an authentication session that the switch waits before re-transmitting an EAP packet.
Page 124 Port-control Auto Supplicant 00-24-8C-0f-fa-dc Current Identifier Intrusion action Guest VLAN Authenticator State Machine State Authenticated Reauth Count Backend State Machine State Idle Request Count Identifier(Server) Reauthentication State Machine State Initialize . 802.1X is disabled on port 1/10 Console# 3-78 www.digisol.com...
Page 125: Displaying 802.1X Statistics
DG-FS4526 User Manual Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Table 3-7 802.1X Statistics Parameter Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator.
Page 126: Web Authentication
RADIUS. Once authentication is successful, the web browser is forwarded on to the originally requested web page. Successful authentication is valid for all hosts connected to the port. 3-80 www.digisol.com...
Page 127: Configuring Web Authentication
DG-FS4526 User Manual Notes: 1. MAC authentication, web authentication, 802.1X, and port security cannot be configured together on the same port. Only one security mechanism can be applied. RADIUS authentication must be activated and configured properly for the web authentication feature to work properly. (See “Configuring Local/Remote Logon Authentication”...
Page 128: Configuring Web Authentication For Ports
• Status – Configures the web authentication status for the port. • Authenticated Host Counts – Indicates how many authenticated hosts are connected to the port. Web – Click Security, Web Authentication, Port Configuration. Figure 3-55 Web Authentication Port Configuration 3-82 www.digisol.com...
Page 129: Displaying Web Authentication Port Information
DG-FS4526 User Manual CLI – This example enables web authentication for ethernet port 1/5 and displays a summary of web authentication parameters. Console(config)#interface ethernet 1/5 4-150 4-118 Console(config-if)#web-auth Console(config-if)#end 4-120 Console#show web-auth summary Global Web-Auth Parameters System Auth Control : Enabled...
Page 130: Re-Authenticating Web Authenticated Ports
MAC addresses with a central RADIUS server. Note: MAC authentication, web authentication, 802.1X, and port security cannot be configured together on the same port. Only one security mechanism can be applied. 3-84 www.digisol.com...
Page 131: Configuring The Mac Authentication Reauthentication Time
DG-FS4526 User Manual The Network Access feature controls host access to the network by authenticating its MAC address on the connected switch port. Traffic received from a specific MAC address is forwarded by the switch only if the source MAC address is successfully authenticated by a central RADIUS server.
Page 132: Configuring Mac Authentication For Ports
VLANs.) The VLAN settings specified by the first authenticated MAC address are implemented for a port. Other authenticated MAC addresses on the port must have the same VLAN configuration, or they are treated as authentication failures. (Default: Enabled) 3-86 www.digisol.com...
Page 133: Figure 3-59 Network Access Port Configuration
DG-FS4526 User Manual Note: MAC authentication cannot be configured on trunk ports. Ports configured as trunk members are indicated on the Network Access Port Configuration page in the “Trunk” column. Web – Click Security, Network Access, Port Configuration. Figure 3-59 Network Access Port Configuration CLI –...
Page 134: Displaying Secure Mac Address Information
MAC address table. Web – Click Security, Network Access, MAC Address Information. Restrict the displayed addresses by port, MAC Address, or attribute, then select the method of sorting the displayed addresses. Click Query. Figure 3-60 Network Access MAC Address Information 3-88 www.digisol.com...
Page 135: Access Control Lists
DG-FS4526 User Manual CLI – This example displays all entries currently in the secure MAC address table. 4-114 Console#show network-access mac-address-table ---- ----------------- --------------- --------- ------------------------- Port MAC-Address RADIUS-Server Attribute Time ---- ----------------- --------------- --------- ------------------------- 00-00-01-02-03-04 172.155.120.17 Static 00d06h32m50s 00-00-01-02-03-05 172.155.120.17...
Page 136: Setting The Acl Name And Type
• IP Address – Source IP address. • Subnet Mask – A subnet mask containing four integers from 0 to 255, each separated by a period. The mask uses 1 bits to indicate “match” and 0 bits to 3-90 www.digisol.com...
Page 137: Configuring An Extended Ip Acl
DG-FS4526 User Manual indicate “ignore.” The mask is bitwise ANDed with the specified source IP address, and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP).
Page 138 For example, use the code value and mask below to catch packets with the following flags set: - SYN flag valid, use control-code 2, control bitmask 2 - Both SYN and ACK valid, use control-code 18, control bitmask 18 - SYN valid and ACK invalid, use control-code 2, control bitmask 18 3-92 www.digisol.com...
Page 139: Figure 3-63 Configuring Extended Ip Acls
DG-FS4526 User Manual Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 140: Configuring A Mac Acl
- Untagged-802.3 – Untagged Ethernet 802.3 packets. - Tagged-802.3 – Tagged Ethernet 802.3 packets. - Tagged-802.3 – Tagged Ethernet 802.3 packets. Command Usage Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets. 3-94 www.digisol.com...
Page 141: Binding A Port To An Access Control List
DG-FS4526 User Manual Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexadecimal bitmask for an address range.
Page 142: Filtering Ip Addresses For Management Access
• IP address can be configured for SNMP, web and Telnet access respectively. Each of these groups can include up to five different sets of addresses, either individual 3-96 www.digisol.com...
Page 143: Figure 3-66 Creating An Ip Filter List
DG-FS4526 User Manual addresses or address ranges. • When entering addresses for the same group (i.e., SNMP, web or Telnet), the switch will not accept overlapping address ranges. When entering addresses for different groups, the switch will accept overlapping address ranges.
Page 144: Port Configuration
• Trunk Member – Shows if port is a trunk member. • Creation – Shows if a trunk is manually configured or dynamically set via LACP. 3. Port information only. 4. Port information only. 5. Trunk information only. 3-98 www.digisol.com...
Page 145: Figure 3-67 Displaying Port/Trunk Information
DG-FS4526 User Manual Web – Click Port, Port Information or Trunk Information. Figure 3-67 Displaying Port/Trunk Information Field Attributes (CLI) Basic Information: • Port type – Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP) • MAC address – The physical layer address for this port. (To access this item on the web, see “Setting the Switch’s IP Address”...
Page 146: Configuring Interface Connections
• Admin – Allows you to manually disable an interface. You can disable an interface due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also disable an interface for security reasons. 3-100 www.digisol.com...
Page 147: Figure 3-68 Port/Trunk Configuration
DG-FS4526 User Manual • Speed/Duplex – Allows you to manually set the port speed and duplex mode. (i.e., with auto-negotiation disabled) • Flow Control – Allows automatic or manual selection of flow control. • Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/ disabled.
Page 148 CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/3 4-150 Console(config-if)#description RD SW#13 4-151 Console(config-if)#shutdown 4-155 Console(config-if)#no shutdown Console(config-if)#no negotiation 4-152 Console(config-if)#speed-duplex 100half 4-151 Console(config-if)#flowcontrol 4-154 Console(config-if)#negotiation Console(config-if)#capabilities 100half 4-153 Console(config-if)#capabilities 100full Console(config-if)#capabilities flowcontrol 3-102 www.digisol.com...
Page 149: Creating Trunk Groups
DG-FS4526 User Manual Creating Trunk Groups You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices.
Page 150: Statically Configuring A Trunk
Web – Click Port, Trunk Membership. Enter a trunk ID of 1-12 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply. Figure 3-69 Configuring Static Trunks 3-104 www.digisol.com...
Page 151: Enabling Lacp On Selected Ports
DG-FS4526 User Manual CLI – This example creates trunk 2 with ports 1 and 2. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 2 4-150 Console(config-if)#exit Console(config)#interface ethernet 1/1 4-150...
Page 152: Figure 3-70 Lacp Trunk Configuration
10half, 10full, 100half, 100full Flow control status: Disabled Port security: Disabled Max MAC count: Current status: Created by: Lacp Link status: Port operation status: Operation speed-duplex: 100full Flow control type: None Member Ports: Eth1/1, Eth1/2, Eth1/3, Eth1/4, Eth1/5, Eth1/6, Console# 3-106 www.digisol.com...
Page 153: Configuring Lacp Parameters
DG-FS4526 User Manual Configuring LACP Parameters Dynamically Creating a Port Channel – Ports assigned to a common port channel must meet the following criteria: • Ports must have the same LACP System Priority. • Ports must have the same LACP port Admin Key.
Page 154: Figure 3-71 Lacp Port Configuration
Configuring the Switch partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply. Figure 3-71 LACP Port Configuration 3-108 www.digisol.com...
Page 155: Displaying Lacp Port Counters
DG-FS4526 User Manual CLI – The following example configures LACP parameters for ports 1-4. Ports 1-4 are used as active members of the LAG. Console(config)#interface ethernet 1/1 4-150 Console(config-if)#lacp actor system-priority 3 4-168 Console(config-if)#lacp actor admin-key 120 4-169 Console(config-if)#lacp actor port-priority 128...
Page 156: Displaying Lacp Settings And Status For The Local Side
You can display configuration settings and the operational state for the local side of an link aggregation. Table 3-9 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Current administrative value of the key for the aggregation port. 3-110 www.digisol.com...
Page 157: Figure 3-73 Lacp - Port Internal Information
DG-FS4526 User Manual Table 3-9 LACP Internal Configuration Information (Continued) Field Description LACPDUs Interval Number of seconds before invalidating received LACPDU information. LACP System Priority LACP system priority assigned to this port channel. LACP Port Priority LACP port priority assigned to this interface within the channel group.
Page 158: Displaying Lacp Settings And Status For The Remote Side
Current administrative value of the Key for the protocol partner. Oper Key Current operational value of the Key for the protocol partner. Admin State Administrative values of the partner’s state parameters. (See preceding table.) Oper State Operational values of the partner’s state parameters. (See preceding table.) 3-112 www.digisol.com...
Page 159: Setting Broadcast Storm Thresholds
DG-FS4526 User Manual Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information. Figure 3-74 LACP - Port Neighbors Information CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1.
Page 160: Figure 3-75 Port Broadcast Control
Level Range: 1-127; Default: 5) • Trunk – Shows if a port is a trunk member. Web – Click Port, Port/Trunk Broadcast Control. Set the threshold, mark the Enabled field for the desired interface and click Apply. Figure 3-75 Port Broadcast Control 3-114 www.digisol.com...
Page 161: Configuring Port Mirroring
DG-FS4526 User Manual CLI – Set the threshold, then enable broadcast control on any interface. The following sets broadcast control threshold at 500 kbytes per second, and then enables broadcast storm control for port 1. Console(config)#broadcast byte-rate 100 level 5...
Page 162: Configuring Rate Limits
• Input/Output Rate Limit Scale/Level – Multiplied by one another, the scale and level set the rate limit. For example, if you choose 100 Kilobytes per second under Rate Limit Scale and 5 under Rate limit Level, you will limit the port traffic to 500 Kilobytes per second. 3-116 www.digisol.com...
Page 163: Showing Port Statistics
DG-FS4526 User Manual Web – Click Port, Rate Limit, Input/Output Port Configuration. Enable the Rate Limit Status for the required interfaces, set the Rate Limit Scale and Rate Limit Level, and click Apply. Figure 3-77 Input Rate Limit Port Configuration CLI - This example sets the rate limit level for input traffic passing through port 3.
Page 164 A count of frames for which transmission on a particular interface fails due to excessive collisions. This counter does not increment when the interface is operating in full-duplex mode. Single Collision Frames The number of successfully transmitted frames for which transmission is inhibited by exactly one collision. 3-118 www.digisol.com...
Page 165 DG-FS4526 User Manual Table 3-11 Port Statistics (Continued) Parameter Description Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error. Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision.
Page 166 The total number of frames (including bad packets) received and transmitted where the number of octets fall within the specified range 128-255 Byte Frames (excluding framing bits but including FCS octets). 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames 3-120 www.digisol.com...
Page 167: Figure 3-78 Port Statistics
DG-FS4526 User Manual Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 3-78 Port Statistics 3-121 www.digisol.com...
Page 168: Address Table Settings
• Interface – Port or trunk associated with the device assigned a static address. • MAC Address – Physical address of a device mapped to this interface. • VLAN – ID of configured VLAN (1-4094). 6. Web only. 3-122 www.digisol.com...
Page 169: Displaying The Address Table
DG-FS4526 User Manual Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. Figure 3-79 Configuring a Static Address Table CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset.
Page 170: Figure 3-80 Configuring A Dynamic Address Table
CLI – This example also displays the address table entries for port 1. Console#show mac-address-table interface ethernet 1/1 4-176 Interface Mac Address Vlan Type --------- ----------------- ---- ----------------- Eth 1/ 1 00-11-22-33-44-55 1 Permanent Eth 1/ 1 00-30-F1-2F-BE-30 2 Learned Console# 3-124 www.digisol.com...
Page 171: Changing The Aging Time
DG-FS4526 User Manual Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes • Aging Status – Enables/disables the function. • Aging Time – The time after which a learned entry is discarded.
Page 172: Displaying Global Settings
• Max Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration 3-126 www.digisol.com...
Page 173 DG-FS4526 User Manual message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network. (References to “ports” in this section mean “interfaces,” which includes both ports and trunks.)
Page 174: Figure 3-82 Displaying Spanning Tree Information
Current root cost: Number of topology changes: Last topology changes time (sec.):2262 Transmission limit: Path Cost Method: long Note: The current root port and current root cost display as zero when this device is not connected to the network. 3-128 www.digisol.com...
Page 175: Configuring Global Settings
DG-FS4526 User Manual Configuring Global Settings Global settings apply to the entire switch. Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path between specific VLAN members may be inadvertently disabled to prevent network loops, thus isolating group members.
Page 176 - Short: Specifies 16-bit based values that range from 1-65535. • Transmission Limit – The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages. (Range: 1-10; Default: 3) 3-130 www.digisol.com...
Page 177: Figure 3-83 Configuring Spanning Tree
DG-FS4526 User Manual Configuration Settings for MSTP • Max Instance Numbers – The maximum number of MSTP instances to which this switch can be assigned. • Region Revision – The revision for this MSTI. (Range: 0-65535; Default: 0) • Region Name – The name for this MSTI. (Maximum length: 32 characters) •...
Page 178: Displaying Interface Settings
Spanning Tree. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is determined by manual configuration or 3-132 www.digisol.com...
Page 179 DG-FS4526 User Manual by auto-detection, as described for Admin Link Type in STA Port Configuration on page 3-135. • Oper Edge Port – This parameter is initialized to the setting for Admin Edge Port in STA Port Configuration on page 3-135 (i.e., true or false), but will be set to false if a BPDU is received, indicating that another bridge is attached to this port.
Page 180: Figure 3-84 Displaying Spanning Tree Port Information
- Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media. Web – Click Spanning Tree, STA, Port Information or STA Trunk Information. Figure 3-84 Displaying Spanning Tree Port Information 3-134 www.digisol.com...
Page 181: Configuring Interface Settings
DG-FS4526 User Manual CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 4-217 1/ 5 information -------------------------------------------------------------- Admin status: enabled Role: disable State: discarding Path cost: 10000 Priority: Designated cost: Designated port : 128.5 Designated root: 32768.00177C0AC9F1...
Page 182 Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the Protocol Migration button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the selected interfaces. (Default: Disabled) 3-136 www.digisol.com...
Page 183: Configuring Multiple Spanning Trees
DG-FS4526 User Manual Web – Click Spanning Tree, STA, Port Configuration or Trunk Configuration. Modify the required attributes, then click Apply. Figure 3-85 Configuring Spanning Tree per Port CLI – This example sets STA attributes for port 7. Console(config)#interface ethernet 1/7...
Page 184: Figure 3-86 Configuring Multiple Spanning Trees
Figure 3-86 Configuring Multiple Spanning Trees CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Console(config)#spanning-tree mst configuration 4-207 Console(config-mst)#mst 1 priority 4096 4-208 Console(config-mstp)#mst 1 vlan 1-5 4-208 Console(config-mst)# 3-138 www.digisol.com...
Page 185: Displaying Interface Settings For Mstp
DG-FS4526 User Manual CLI – This example sets STA attributes for port 1, followed by settings for each port. Console#show spanning-tree mst 2 Spanning-tree information --------------------------------------------------------------- Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :2 Vlans configuration :2 Priority :4096 Bridge Hello Time (sec.) :2...
Page 186: Figure 3-87 Displaying Mstp Interface Settings
Configuring the Switch Web – Click Spanning Tree, MSTP, Port or Trunk Information. Select the required MST instance to display the current spanning tree values. Figure 3-87 Displaying MSTP Interface Settings 3-140 www.digisol.com...
Page 187: Configuring Interface Settings For Mstp
DG-FS4526 User Manual CLI – This displays STA settings for instance 0, followed by settings for each port. The settings for instance 0 are global settings that apply to the IST, the settings for other instances only apply to the local spanning tree.
Page 188 Ethernet: 200,000-20,000,000 Fast Ethernet: 20,000-2,000,000 Gigabit Ethernet: 2,000-200,000 - Default: Ethernet – Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 Fast Ethernet – Half duplex: 200,000; full duplex: 100,000; trunk: 50,000 Gigabit Ethernet – Full duplex: 10,000; trunk: 5,000 3-142 www.digisol.com...
Page 189: Vlan Configuration
DG-FS4526 User Manual Web – Click Spanning Tree, MSTP, Port Configuration or Trunk Configuration. Enter the priority and path cost for an interface, and click Apply. Figure 3-88 Displaying MSTP Interface Settings CLI – This example sets the MSTP attributes for port 4.
Page 190: Assigning Ports To Vlans
VLAN groups, such as file servers or printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you can connect them by enabled routing on this switch. 3-144 www.digisol.com...
Page 191 DG-FS4526 User Manual Untagged VLANs – Untagged (or static) VLANs are typically used to reduce broadcast traffic and to increase security. A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch.
Page 192: Enabling Or Disabling Gvrp (Global Setting)
VLAN registration, and to support VLANs which extend beyond the local switch. (Default: Disabled) Web – Click VLAN, 802.1Q VLAN, GVRP Status. Enable or disable GVRP, click Apply Figure 3-89 Globally Enabling GVRP CLI – This example enables GVRP for the switch. Console(config)#bridge-ext gvrp 4-221 Console(config)# 3-146 www.digisol.com...
Page 193: Displaying Basic Vlan Information
DG-FS4526 User Manual Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch. Field Attributes • VLAN Version Number – The VLAN version used by this switch as specified in the IEEE 802.1Q standard.
Page 194: Figure 3-91 Displaying Current Vlans
• Name – Name of the VLAN (1 to 32 characters). • Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational. - Suspend: VLAN is suspended; i.e., does not pass packets. • Ports / Channel groups – Shows the VLAN interface members. 3-148 www.digisol.com...
Page 195: Creating Vlans
DG-FS4526 User Manual CLI – Current VLAN information can be displayed with the following command. Console#show vlan id 1 4-232 Vlan ID: Type: Static Name: DefaultVlan Status: Active Ports/Port Channels: Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S)
Page 196: Adding Static Members To Vlans (Vlan Index)
VLAN 1 is the default untagged VLAN containing all ports on the switch, and can only be modified by first reassigning the default port VLAN ID as described under “Configuring VLAN Behavior for Interfaces” on page 3-153. Command Attributes • VLAN – ID of configured VLAN (1-4094). 3-150 www.digisol.com...
Page 197: Figure 3-93 Configuring A Vlan Static Table
DG-FS4526 User Manual • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e., does not pass packets. • Port – Port identifier.
Page 198: Adding Static Members To Vlans (Port Index)
Figure 3-94 VLAN Static Membership by Port CLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Port 3 from VLAN 2. Console(config)#interface ethernet 1/3 4-150 Console(config-if)#switchport allowed vlan add 1 tagged 4-230 Console(config-if)#switchport allowed vlan remove 2 3-152 www.digisol.com...
Page 199: Configuring Vlan Behavior For Interfaces
DG-FS4526 User Manual Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers. Command Usage • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.
Page 200: Figure 3-95 Configuring Vlans Per Port
VLAN, use the last table on the VLAN Static Table page. Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in the required settings for each interface, click Apply. Figure 3-95 Configuring VLANs per Port 3-154 www.digisol.com...
Page 201: Configuring Ieee 802.1Q Tunneling
DG-FS4526 User Manual CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid. Console(config)#interface ethernet 1/3...
Page 202 3. After packet classification through the switching process, the packet is written to memory with one tag (an outer tag) or with two tags (both an outer tag and inner tag). 4. The switch sends the packet to the proper egress port. 3-156 www.digisol.com...
Page 203 DG-FS4526 User Manual 5. If the egress port is an untagged member of the SPVLAN, the outer tag will be stripped. If it is a tagged member, the outgoing packets will have two tags. Layer 2 Flow for Packets Coming into a Tunnel Uplink Port An uplink port receives one of the following packets: •...
Page 204: Enabling Qinq Tunneling On The Switch
The switch can be configured to operate in normal VLAN mode or IEEE 802.1Q (QinQ) tunneling mode which is used for passing Layer 2 traffic across a service provider’s metropolitan area network. You can also globally set the Tag Protocol 3-158 www.digisol.com...
Page 205: Figure 3-96 802.1Q Tunnel Status And Ethernet Type
DG-FS4526 User Manual Identifier (TPID) value of the tunnel port if the attached client is using a nonstandard 2-byte ethertype to identify 802.1Q tagged frames. Command Usage • Use the TPID field to set a custom 802.1Q ethertype value on the selected interface.
Page 206: Adding An Interface To A Qinq Tunnel
• 802.1Q Tunnel – Configures IEEE 802.1Q tunneling (QinQ) for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network. • 802.1Q Tunnel Uplink – Configures IEEE 802.1Q tunneling (QinQ) for an uplink port to another device within the service provider network. 3-160 www.digisol.com...
Page 207: Figure 3-97 Tunnel Port Configuration
DG-FS4526 User Manual Web – Click VLAN, 802.1Q VLAN, 802.1Q Tunnel Configuration or Tunnel Trunk Configuration. Set the mode for a tunnel access port to 802.1Q Tunnel and a tunnel uplink port to 802.1Q Tunnel Uplink. Click Apply. Figure 3-97 Tunnel Port Configuration CLI –...
Page 208: Private Vlans
The Private VLAN Information page displays information on the private VLANs configured on the switch, including primary, community, and isolated VLANs, and their assigned interfaces. Command Attributes • VLAN ID – ID of configured VLAN (1-4094), and VLAN type. 3-162 www.digisol.com...
Page 209: Configuring Private Vlans
DG-FS4526 User Manual • Primary VLAN – The VLAN with which the selected VLAN ID is associated. A primary VLAN displays its own ID, a community VLAN displays the associated primary VLAN, and an isolated VLAN displays the stand-alone VLAN.
Page 210: Associating Vlans
Each community VLAN must be associated with a primary VLAN. Command Attributes • Primary VLAN ID – ID of primary VLAN (2-4094). • Association – Community VLANs associated with the selected primary VLAN. • Non-Association – Community VLANs not associated with the selected VLAN. 3-164 www.digisol.com...
Page 211: Displaying Private Vlan Interface Information
DG-FS4526 User Manual Web – Click VLAN, Private VLAN, Association. Select the required primary VLAN from the scroll-down box, highlight one or more community VLANs in the Non-Association list box, and click Add to associate these entries with the selected primary VLAN.
Page 212: Configuring Private Vlan Interfaces
An isolated port can only communicate with the single designated promiscuous port in the isolated VLAN; it cannot communicate with any other host ports. - Promiscuous – A promiscuous port can communicate with all interfaces within a private VLAN. 3-166 www.digisol.com...
Page 213: Figure 3-102 Private Vlan Port Configuration
DG-FS4526 User Manual • Primary VLAN – Conveys traffic between promiscuous ports, and between promiscuous ports and community ports within the associated secondary VLANs. If PVLAN type is “Promiscuous,” then specify the associated primary VLAN. • Community VLAN – A community VLAN conveys traffic between community ports, and from community ports to their designated promiscuous ports.
Page 214: Protocol Vlans
- IPX (0x8137) - Apple-talk (0x809B) • Programmable protocol - The following options are available: - Frame Type – The following Frame types are available: • Ethernet • LLC_other • RFC_1042 • SNAP_8021H - Protocol Type – User defined. 3-168 www.digisol.com...
Page 215: Configuring Protocol Vlan Interfaces
DG-FS4526 User Manual Web – Click VLAN, Protocol VLAN, Configuration. Figure 3-103 Protocol VLAN Configuration CLI - This example shows the switch configured with Protocol VLANs 1 and 2. Protocol VLAN 1 has been configured with the fixed and preconfigured IP parameters.
Page 216: Link Layer Discovery Protocol
Use the LLDP Configuration screen to set attributes for general functions such as globally enabling LLDP on the switch, setting the message ageout time, and setting the frequency for broadcasting general advertisements or reports about changes in the LLDP MIB. 3-170 www.digisol.com...
Page 217 DG-FS4526 User Manual Command Attributes • LLDP – Enables LLDP globally on the switch. (Default: Enabled) • Transmission Interval – Configures the periodic transmit interval for LLDP advertisements. (Range: 5-32768 seconds; Default: 30 seconds) This attribute must comply with the following rule: (transmission-interval * holdtime-multiplier) ≤...
Page 218: Configuring Lldp Interface Attributes
Configuring LLDP Interface Attributes Use the LLDP Port/Trunk Configuration to specify the message attributes for individual interfaces, including whether messages are transmitted, received, or both transmitted and received, whether SNMP notifications are sent, and the type of information advertised. 3-172 www.digisol.com...
Page 219 DG-FS4526 User Manual Command Attributes • Admin Status – Enables LLDP message transmit and receive modes for LLDP Protocol Data Units. (Options: Tx only, Rx only, TxRx, Disabled; Default: TxRx) • SNMP Notification – Enables the transmission of SNMP trap notifications about LLDP and LLDP-MED changes.
Page 220: Figure 3-106 Lldp Port Configuration
SNMP trap messages, select the information to advertise in LLDP messages, select the information to advertise in MED-TLV messages and specify whether or not to send MED notifications. Then click Apply. Figure 3-106 LLDP Port Configuration 3-174 www.digisol.com...
Page 221: Displaying Lldp Local Device Information
DG-FS4526 User Manual CLI – This example sets the interface to both transmit and receive LLDP messages, enables SNMP trap messages, enables MED notification, and specifies the TLV, MED-TLV, dot1-TLV and dot3-TLV parameters to advertise. Console(config)#interface ethernet 1/1 4-150 Console(config-if)#lldp admin-status tx-rx...
Page 222: Displaying Lldp Remote Port Information
Displaying LLDP Remote Port Information Use the LLDP Remote Port/Trunk Information screen to display information about devices connected directly to the switch’s ports which are advertising information through LLDP. Web – Click LLDP, Remote Port/Trunk Information. Figure 3-108 LLDP Remote Port Information 3-176 www.digisol.com...
Page 223: Displaying Lldp Remote Information Details
DG-FS4526 User Manual CLI – This example displays LLDP information for remote devices attached to this switch which are advertising information through LLDP. Console#show lldp info remote-device 4-198 LLDP Remote Devices Information Interface | ChassisId PortId SysName --------- + ----------------- ----------------- ---------------------...
Page 224: Displaying Device Statistics
Remote link aggragation enable : No Remote link aggragation port id : 0 Remote Max Frame Size : 1522 Console# Displaying Device Statistics Use the LLDP Device Statistics screen to display aggregate statistics about all LLDP-enabled device connected to this switch. 3-178 www.digisol.com...
Page 225: Figure 3-110 Lldp Device Statistics
DG-FS4526 User Manual Web – Click LLDP, Device Statistics. Figure 3-110 LLDP Device Statistics CLI – This example displays LLDP statistics received from all LLDP-enabled remote devices connected directly to this switch. switch#show lldp info statistics 4-199 LLDP Device Statistics...
Page 226: Displaying Detailed Device Statistics
This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues. You 3-180 www.digisol.com...
Page 227: Layer 2 Queue Settings
DG-FS4526 User Manual can set the default priority for each interface, and configure the mapping of frame priority tags to the switch’s priority queues. Layer 2 Queue Settings Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port.
Page 228: Mapping Cos Values To Egress Queues
Table 3-13 CoS Priority Levels Priority Level Traffic Type Background (Spare) 0 (default) Best Effort Excellent Effort Controlled Load Video, less than 100 milliseconds latency and jitter 3-182 www.digisol.com...
Page 229: Figure 3-113 Traffic Classes
DG-FS4526 User Manual Table 3-13 CoS Priority Levels (Continued) Priority Level Traffic Type Voice, less than 10 milliseconds latency and jitter Network Control Command Attributes • Interface – Selects the port or trunk interface settings to display and modify. • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) •...
Page 230: Selecting The Queue Mode
As described in “Mapping CoS Values to Egress Queues” on page 3-182, the traffic classes are mapped to one of the eight egress queues provided for each port. You can assign a weight to each of 3-184 www.digisol.com...
Page 231: Figure 3-115 Configuring Queue Scheduling
DG-FS4526 User Manual these queues (and thereby to the corresponding traffic priorities). This weight sets the limit for the amount of packets the switch will transmit each time the queue is serviced, and subsequently affects the response time for software applications assigned a specific priority value.
Page 232: Layer 3/4 Priority Settings
- IP DSCP – Maps layer 3/4 priorities using Differentiated Services Code Point Mapping. Web – Click Priority, IP DSCP Priority Status. Select IP DSCP from the drop down menu, then click Apply. Figure 3-116 IP DSCP Priority Status 3-186 www.digisol.com...
Page 233: Mapping Dscp Priority
DG-FS4526 User Manual Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP retains backward compatibility with the three precedence bits so that non-DSCP compliant will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.
Page 234: Mapping Ip Port Priority
“0” represents low priority and “3” represent high priority. Note: IP Port Priority settings apply to all interfaces. Web – Click Priority, IP Port Priority Status. Set IP Port Priority Status to Enabled. Figure 3-118 Globally Enabling the IP Port Priority Status 3-188 www.digisol.com...
Page 235: Figure 3-119 Ip Port Priority
DG-FS4526 User Manual Web* – Click Priority, IP Port Priority. Enter the port number for a network application in the IP Port Number box and the new CoS queue in the Class of Queue Service box, and then click Apply.
Page 236: Mapping Ip Precedence Priority
Note that queue “0” represents low priority and “3” represent high priority. Note: IP Precedence priority settings apply to all interfaces. Web – Click Priority, IP Precedence Priority Status. Set the IP Precedence Priority Status to Enabled. Figure 3-120 Globally Enabling the IP Precedence Priority Status 3-190 www.digisol.com...
Page 237: Figure 3-121 Mapping Ip Precedence To Class Of Service Queues
DG-FS4526 User Manual Web* – Click Priority, IP Precedence Priority. Select an IP Precedence value in the IP Precedence Priority Table, enter a queue number in the Class of Queue Service Value field, and then click Apply. Figure 3-121 Mapping IP Precedence to Class of Service Queues CLI* –...
Page 238: Mapping Ip Tos Priority
“0” represents low priority and “3” represent high priority. Note: IP TOS settings apply to all interfaces. Web – Click Priority, IP TOS Priority Status. Set the IP TOS Priority Status to Enabled. Figure 3-122 Globally Enabling the IP TOS Priority Status 3-192 www.digisol.com...
Page 239: Figure 3-123 Mapping Ip Tos To Class Of Service Queues
DG-FS4526 User Manual Web* – Click Priority, IP TOS Priority. Select an IP TOS value in the IP TOS Priority Table, enter a queue number in the Class of Queue Service Value field, and then click Apply. Figure 3-123 Mapping IP TOS to Class of Service Queues CLI* –...
Page 240: Mapping Cos Values To Acls
Figure 3-124 Mapping CoS Values to ACLs CLI – This example assigns the CoS queue 3 to packets matching rules within the specified ACL on port 1. Console(config)#interface ethernet 1/1 4-150 Console(config-if)#map access-list ip bill cos 3 4-257 Console(config-if)# 3-194 www.digisol.com...
Page 241: Quality Of Service
DG-FS4526 User Manual Quality of Service The commands described in this section are used to configure Quality of Service (QoS) classification criteria and service policies. Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis.
Page 242: Configuring A Class Map
• ACL List – Name of an access control list. Any type of ACL can be specified, including standard or extended IP ACLs and MAC ACLs. (Range: 1-16 characters) • IP DSCP – A DSCP value. (Range: 0-63) • IP Precedence – An IP Precedence value. (Range: 0-7) 3-196 www.digisol.com...
Page 243: Figure 3-125 Configuring Class Maps
DG-FS4526 User Manual • VLAN – A VLAN. (Range:1-4094) • Add – Adds specified criteria to the class. Up to 16 items are permitted per class. • Remove – Deletes the selected criteria from the class. Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class.
Page 244: Creating Qos Policies
• Add Policy – Opens the “Policy Configuration” page. Enter a policy name and description on this page, and click Add to open the “Policy Rule Settings” page. Enter the criteria used to service ingress traffic on this page. 3-198 www.digisol.com...
Page 245 DG-FS4526 User Manual • Remove Policy – Deletes a specified policy. Policy Configuration • Policy Name — Name of policy map. (Range: 1-16 characters) • Description – A brief description of a policy map. (Range: 1-64 characters) • Add – Adds the specified policy.
Page 246: Figure 3-126 Configuring Policy Maps
Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. To configure the policy rule settings click Edit Classes. Figure 3-126 Configuring Policy Maps 3-200 www.digisol.com...
Page 247: Attaching A Policy Map To Ingress Queues
DG-FS4526 User Manual CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps, and the response to reduce the DSCP value for violating packets to 0. Console(config)#policy-map rd_policy#3...
Page 248: Voip Traffic Configuration
• Vioce VLAN Aging Time – The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port. (Range: 5-43200 minutes; Default: 1440 minutes). Note: The Voice VLAN ID cannot be modified when the global Auto Detection Status is enabled. 3-202 www.digisol.com...
Page 249: Configuring Voip Traffic Port
DG-FS4526 User Manual Web – Click QoS, VoIP Traffic Setting, Configuration. Enable Auto Detection, specify the Voice VLAN ID, the set the Voice VLAN Aging Time. Click Apply. Figure 3-128 Configuring VoIP Traffic CLI – This example enables VoIP traffic detection and specifies the Voice VLAN ID as 1234, then sets the VLAN aging time to 3000 seconds.
Page 250: Figure 3-129 Voip Traffic Port Configuration
VLAN feature is active for the port. Web – Click QoS, VoIP Traffic Setting, Port Configuration. Set the mode for a VoIP traffic port, select the detection mechanism to use, and specify the VoIP traffic priority. Click Apply. Figure 3-129 VoIP Traffic Port Configuration 3-204 www.digisol.com...
Page 251: Configuring Telephony Oui
DG-FS4526 User Manual CLI – This example configures VoIP traffic settings for port 2 and displays the current Voice VLAN status. Console(config)#interface ethernet 1/2 Console(config-if)#switchport voice vlan auto 4-272 Console(config-if)#switchport voice vlan security 4-273 Console(config-if)#switchport voice vlan rule oui 4-273...
Page 252: Figure 3-130 Telephony Oui List
CLI – This example adds an identifier to the list, then displays the current list Console(config)#voice vlan mac-address 00-e0-bb-00-00-00 mask ff-ff-ff-00-00-00 description old phones 4-271 Console(config)#exit Console#show voice vlan oui 4-275 OUIAddress Mask Description 00-e0-bb-00-00-00 FF-FF-FF-00-00-00 old phones 00-11-22-33-44-55 FF-FF-FF-00-00-00 new phones 00-98-76-54-32-10 FF-FF-FF-FF-FF-FF Chris' phone Console# 3-206 www.digisol.com...
Page 253: Multicast Filtering
DG-FS4526 User Manual Multicast Filtering Multicasting is used to support real-time Unicast applications such as videoconferencing or Flow streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the...
Page 254: Configuring Igmp Snooping And Query Parameters
Unknown multicast traffic is flooded to all ports in the VLAN for several seconds when first received. If a multicast router port exists on the VLAN, the traffic will be filtered by subjecting it to IGMP snooping. If no router port exists on the VLAN or 3-208 www.digisol.com...
Page 255 DG-FS4526 User Manual the multicast filtering table is already full, the switch will continue flooding the traffic into the VLAN. • IGMP Querier – A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these devices is elected “querier”...
Page 256: Current Status
• If immediate leave is not used, a multicast router (or querier) will send a group-specific query message when an IGMPv2/v3 group leave message is received. The router/querier stops forwarding traffic for that group only if no host replies to the query within the specified timeout perid. Note that the timeout period 3-210 www.digisol.com...
Page 257: Displaying Interfaces Attached To A Multicast Router
DG-FS4526 User Manual is determined by the IGMP Query Report Delay (see “Configuring IGMP Snooping and Query Parameters” on page 3-208). • If immediate leave is enabled, the switch assumes that only one host is connected to the interface. Therefore, immediate leave should only be enabled on an interface if it is connected to only one IGMP-enabled device, either a service host or a neighbor running IGMP snooping.
Page 258: Specifying Static Interfaces For A Multicast Router
Command Attributes • Interface – Activates the Port or Trunk scroll down list. • VLAN ID – Selects the VLAN to propagate all multicast traffic coming from the attached multicast router. 3-212 www.digisol.com...
Page 259: Displaying Port Members Of Multicast Services
DG-FS4526 User Manual • Port or Trunk – Specifies the interface attached to a multicast router. Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add.
Page 260: Assigning Ports To Multicast Services
• Port or Trunk – Specifies the interface attached to a multicast router/switch. Web – Click IGMP Snooping, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast service, specify the multicast IP 3-214 www.digisol.com...
Page 261: Igmp Filtering And Throttling
DG-FS4526 User Manual address, and click Add. After you have completed adding ports to the member list, click Apply. Figure 3-136 IGMP Member Port Table CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLAN 1.
Page 262: Enabling Igmp Filtering And Throttling
Console#show ip igmp profile 4-291 IGMP Profile 19 IGMP Profile 25 Console# Configuring IGMP Filter Profiles When you have created an IGMP profile number, you can then configure the multicast groups to filter and set the access mode. 3-216 www.digisol.com...
Page 263 DG-FS4526 User Manual Command Usage • Each profile has only one access mode; either permit or deny. • When the access mode is set to permit, IGMP join reports are processed when a multicust group falls within the controlled range. When the access mode is set to deny, IGMP join reports are only processed when the multicast group is not in the controlled range.
Page 264: Configuring Igmp Filtering And Throttling For Interfaces
Once you have configured IGMP profiles, you can assign them to interfaces on the switch. Also you can set the IGMP throttling number to limit the number of multicast groups an interface can join at the same time. Command Usage • Only one profile can be assigned to an interface. 3-218 www.digisol.com...
Page 265: Figure 3-139 Igmp Filter And Throttling Port Configuration
DG-FS4526 User Manual • An IGMP profile or throttling setting can also be applied to a trunk interface. When ports are configured as trunk members, the trunk uses the settings applied to the first port member in the trunk. • IGMP throttling sets a maximum number of multicast groups that a port can join at the same time.
Page 266: Multicast Vlan Registration
VLANs to which the subscribers belong. Even though common multicast streams are passed onto different VLAN groups from the MVR VLAN, users in different IEEE 802.1Q or private VLANs cannot exchange any information (except through upper-level routing services). 3-220 www.digisol.com...
Page 267: Configuring Global Mvr Settings
DG-FS4526 User Manual Multicast Router Satellite Services Service Network Multicast Server Source Layer 2 Switch Port Receiver Ports Set-top Box Set-top Box General Configuration Guidelines for MVR Enable MVR globally on the switch, select the MVR VLAN, and add the multicast groups that will stream traffic to attached hosts (see “Configuring...
Page 268: Displaying Mvr Interface Status
Console(config)#mvr group 228.1.23.1 10 4-293 Console(config)# Displaying MVR Interface Status You can display information about the interfaces attached to the MVR VLAN. Field Attributes • Type – Shows the MVR port type. • Oper Status – Shows the link status. 3-222 www.digisol.com...
Page 269: Displaying Port Members Of Multicast Groups
DG-FS4526 User Manual • MVR Status – Shows the MVR status. MVR status for source ports is “ACTIVE” if MVR is globally enabled on the switch. MVR status for receiver ports is “ACTIVE” only if there are subscribers receiving multicast traffic from one of the MVR groups, or a multicast group has been statically assigned to an interface.
Page 270: Configuring Mvr Interface Status
MVR VLAN using the standard rules for multicast filtering. Multicast groups can also be statically assigned to a source port or receiver port (see “Assigning Static Multicast Groups to Interfaces” on page 3-226). 3-224 www.digisol.com...
Page 271: Figure 3-143 Mvr Port Configuration
DG-FS4526 User Manual • Immediate leave applies only to receiver ports. When enabled, the receiver port is immediately removed from the multicast group identified in the leave message. When immediate leave is disabled, the switch follows the standard rules by...
Page 272: Assigning Static Multicast Groups To Interfaces
Web – Click MVR, Group Member Configuration. Select a port or trunk from the “Interface” field, and click Query to display the assigned multicast groups. Select a multicast address from the displayed lists, and click the Add or Remove button to modify the Member list. Figure 3-144 MVR Group Member Configuration 3-226 www.digisol.com...
Page 273: Dhcp Snooping
DG-FS4526 User Manual CLI – This example statically assigns a multicast group to a receiver port. Console(config)#interface ethernet 1/2 Console(config-if)#mvr group 228.1.23.1 4-294 Console(config-if)# DHCP Snooping DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port-related information to a DHCP server.
Page 274: Dhcp Snooping Configuration
• DHCP Snooping Status – Enables or disables DHCP snooping for the selected VLAN. When DHCP snooping is enabled globally on the switch, and enabled on the specified VLAN, DHCP packet filtering will be performed on any untrusted ports within the VLAN. 3-228 www.digisol.com...
Page 275: Dhcp Snooping Information Option Configuration
DG-FS4526 User Manual Web – Click DHCP Snooping, VLAN Configuration. Figure 3-146 DHCP Snooping VLAN Configuration CLI – This example first enables DHCP Snooping for VLAN 1. Console(config)#ip dhcp snooping vlan 1 4-305 Console(config)# DHCP Snooping Information Option Configuration DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to the DHCP server.
Page 276: Dhcp Snooping Port Configuration
A trusted interface is an interface that is configured to receive only messages from within the network. Command Attributes • Trust Status – Enables or disables port as trusted. Web – Click DHCP Snooping, Information Option Configuration. Figure 3-148 DHCP Snooping Port Configuration 3-230 www.digisol.com...
Page 277: Ip Source Guard
DG-FS4526 User Manual CLI – This example shows how to enable the DHCP Snooping Trust Status for ports Console(config)#interface ethernet 1/5 Console(config-if)#ip dhcp snooping trust 4-306 Console(config-if)# IP Source Guard IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or static and dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping”...
Page 278: Static Ip Source Guard Binding Configuration
• Port – Switch port number. (Range: 1-26) • VLAN ID – ID of a configured VLAN (Range: 1-4094) • MAC Address – A valid unicast MAC address. • IP Address – A valid unicast IP address, including classful types A, B or C. 3-232 www.digisol.com...
Page 279: Dynamic Ip Source Guard Binding Information
DG-FS4526 User Manual Web – Click IP Source Guard, Static Configuration. Figure 3-150 Static IP Source Guard Binding Configuration CLI – This example shows how to configure a static source-guard binding on port 5 Console(config)#ip source-guard binding 11-22-33-44-55-66 vlan 1 192.168.0.99 interface ethernet 1/5...
Page 280: Switch Clustering
There can be up to 36 Member switches in one cluster, and Cluster switches must be in the same IP subnet. Once a switch has been configured to be a cluster Commander, it automatically discovers other cluster-enabled switches in the network. These “Candidate” 3-234 www.digisol.com...
Page 281: Cluster Configuration
DG-FS4526 User Manual switches only become cluster Members when manually selected by the administrator through the management station. After the Commander and Members have been configured, any switch in the cluster can be managed from the web agent by choosing the desired Member ID from the Cluster drop down menu.
Page 282: Cluster Member Configuration
• Member ID – Specify a Member ID number for the selected Candidate switch. (Range: 1-36) • MAC Address – Select a discoverd switch MAC address from the Candidate Table, or enter a specific MAC address of a known switch. 3-236 www.digisol.com...
Page 283: Cluster Member Information
DG-FS4526 User Manual Web – Click Cluster, Member Configuration. Figure 3-154 Cluster Member Configuration CLI – This example creates a new cluster Member by specifying the Candidate switch MAC address and setting a Member ID. Console(config)#cluster member mac-address 00-17-7c-0a-e2-f1 id 5...
Page 284: Cluster Candidate Information
Web – Click Cluster, Candidate Information. Figure 3-156 Cluster Candidate Information CLI – This example shows information about cluster Candidate switches. 4-318 Vty-0#show cluster candidates Cluster Candidates: Role Description --------------- ----------------- ----------------------------------------- ACTIVE MEMBER 00-17-7c-0a-e5-51 DG-FS4552 CANDIDATE 00-17-7c-0a-e2-f1 DG-FS4552 Vty-0# 3-238 www.digisol.com...
Page 285: Upnp
DG-FS4526 User Manual UPnP Universal Plug and Play (UPnP) is a set of protocols that allows devices to connect seamlessly and simplifies the deployment of home and office networks. UPnP achieves this by issuing UPnP device control protocols designed upon open, Internet-based communication standards.
Page 286 TTL to 6, and displays information about basic UPnP configuration. Console(config)#upnp device 4-319 Console(config)#upnp device advertise duration 200 4-320 Console(config)#upnp device ttl 6 4-319 Console(config)#end Console#show upnp 4-320 UPnP global settings: Status: Enabled Advertise duration: TTL: Console# 3-240 www.digisol.com...
Page 287: Chapter 4: Command Line Interface
When finished, exit the session with the “quit” or “exit” command. After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the DG-FS4526 is opened. To end the CLI session, enter [Exit]. Console# www.digisol.com...
Page 288: Telnet Connection
When finished, exit the session with the “quit” or “exit” command. After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the DG-FS4526 is opened. To end the CLI session, enter [Exit]. Vty-0# Note: You can open up to four sessions to the device via Telnet.
Page 289: Entering Commands
DG-FS4526 User Manual Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Page 290: Showing Commands
Secure shell server connections startup-config Startup system configuration system System information tacacs-server TACACS server settings upnp UPnP settings users Information about terminal lines version System hardware and software versions vlan Virtual LAN settings voice Shows the voice VLAN information Console#show www.digisol.com...
Page 291: Partial Keyword Lookup
DG-FS4526 User Manual The command “show interfaces ?” will display the following information: Console#show interfaces ? counters Interface counters information protocol-group Protocol group status Interface status information switchport Interface switchport information Console#show interfaces Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided.
Page 292: Exec Commands
“super” (page 4-36). To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the DG-FS4526 is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [guest login password] CLI session with the DG-FS4526 is opened.
Page 293: Configuration Commands
DG-FS4526 User Manual Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the copy running-config startup-config command.
Page 294: Command Line Processing
Deletes the last word typed. Esc-B Moves the cursor back one word. Esc-D Deletes from the cursor to the end of the word. Esc-F Moves the cursor forward one word. Delete key or backspace key Erases a mistake when entering a command. www.digisol.com...
Page 295: Command Groups
DG-FS4526 User Manual Command Groups The system commands can be broken down into the functional groups shown below Table 4-4 Command Groups Command Group Description Page Line Sets communication parameters for the serial port and Telnet, 4-10 including baud rate and console time-out...
Page 296: Line Commands
4-17 stopbits* Sets the number of the stop bits transmitted per byte 4-17 disconnect Terminates a line connection 4-18 show line Displays a terminal line's parameters NE, PE 4-18 * These commands only apply to the serial port. 4-10 www.digisol.com...
Page 297: Line
DG-FS4526 User Manual line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet).
Page 298: Password
• The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file 4-12 www.digisol.com...
Page 299: Timeout Login Response
DG-FS4526 User Manual during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config-line)#password 0 secret Console(config-line)# Related Commands login (4-11) password-thresh (4-14) timeout login response This command sets the interval that the system waits for a user to log into the CLI.
Page 300: Password-Thresh
Use the no form to remove the threshold value. Syntax password-thresh [threshold] no password-thresh threshold - The number of allowed password attempts. (Range: 1-120; 0: no threshold) Default Setting The default value is three attempts. Command Mode Line Configuration 4-14 www.digisol.com...
Page 301: Silent-Time
DG-FS4526 User Manual Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down.
Page 302: Parity
• none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. 4-16 www.digisol.com...
Page 303: Speed
DG-FS4526 User Manual Example To specify no parity, enter this command: Console(config-line)#parity none Console(config-line)# speed This command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting.
Page 304: Disconnect
This command displays the terminal line’s parameters. Syntax show line [console | vty] • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting Shows all lines Command Mode Normal Exec, Privileged Exec 4-18 www.digisol.com...
Page 305: General Commands
DG-FS4526 User Manual Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: Parity: none Stopbits: VTY configuration: Password threshold: 3 times...
Page 306: Disable
See “Understanding Command Modes” on page 4-5. Default Setting None Command Mode Privileged Exec Command Usage The “>” character is appended to the end of the prompt to indicate that the system is in normal access mode. Example Console#disable Console> Related Commands enable (4-19) 4-20 www.digisol.com...
Page 307: Configure
DG-FS4526 User Manual configure This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, and VLAN Database Configuration.
Page 308: Reload
This command returns to Privileged Exec mode. Default Setting None Command Mode Global Configuration, Interface Configuration, Line Configuration, and VLAN Database Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# 4-22 www.digisol.com...
Page 309: Exit
DG-FS4526 User Manual exit This command returns to the previous configuration mode or exit the configuration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session:...
Page 310: System Management Commands
This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console 4-24 www.digisol.com...
Page 311: Hostname
DG-FS4526 User Manual Command Mode Global Configuration Example Console(config)#prompt RD2 RD2(config)# hostname This command specifies or modifies the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters)
Page 312: Banner Configure
The delete and left-arrow keys terminate the script. The use of the backspace key during script mode is not supported. If, for example, a mistake is made in the company name, it can be corrected with the banner configure company command. 4-26 www.digisol.com...
Page 313: Banner Configure Company
DG-FS4526 User Manual Example Console(config)#banner configure Company: DIGISOL Responsible department: R&D Dept Name and telephone to Contact the management people Manager1 name: Sr. Network Admin phone number: 123-555-1212 Manager2 name: Jr. Network Admin phone number: 123-555-1213 Manager3 name: Night-shift Net Admin / Janitor phone number: 123-555-1214 The physical location of the equipment.
Page 314: Banner Configure Dc-Power-Info
The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity. Example Console(config)#banner configure company DIGISOL Console(config)# banner configure dc-power-info This command allows the administrator to configure the DC power information displayed in the banner.
Page 315: Banner Configure Equipment-Info
DG-FS4526 User Manual Syntax banner configure department dept-name no banner configure company dept-name - The name of the department. (Maximum length: 32 characters) Default Setting None Command Mode Global Configuration Command Usage The user-entered data cannot contain spaces. The banner configure department command interprets spaces as data input boundaries.
Page 316: Banner Configure Equipment-Location
( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity. Example Console(config)#banner configure equipment-info manufacturer-id switch35 floor 3 row 10 rack 15 shelf-rack 12 manufacturer DIGISOL Console(config)# banner configure equipment-location This command allows the administrator to configure the equipment location information displayed in the banner.
Page 317: Banner Configure Lp-Number
DG-FS4526 User Manual ip-mask - The IP address and subnet mask of the device. (Maximum length: 32 characters) Default Setting None Command Mode Global Configuration Command Usage The user-entered data cannot contain spaces. The banner configure ip-lan command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity.
Page 318: Banner Configure Manager-Info
123-555-1212 name2 Lamar phone-number 123-555-1219 Console(config)# banner configure mux This command allows the administrator to configure the mux information displayed in the banner. Use the no form to remove the mux information from the banner display. Syntax banner configure mux muxinfo 4-32 www.digisol.com...
Page 319: Banner Configure Note
DG-FS4526 User Manual no banner configure mux muxinfo - The circuit and PVC to which the switch is connected. (Maximum length: 32 characters) Default Setting None Command Mode Global Configuration Command Usage The user-entered data cannot contain spaces. The banner configure mux command interprets spaces as data input boundaries.
Page 320: Show Banner
Steve - 123-555-9876 Lamar - 123-555-3322 Station's information: 710_Network_Path,Indianapolis DIGISOL - switch35 Floor / Row / Rack / Sub-Rack 7 / 10 / 15 / 6 DC power supply: Power Source A: Floor / Row / Rack / Electrical circuit 3 / 15 / 24 / 48V-id_3.15.24.2...
Page 321: User Access Commands
DG-FS4526 User Manual User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-10), user authentication via a remote authentication server (page 4-78), and host access authentication for specific ports (page 4-99).
Page 322: Enable Password
(i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config)#enable password level 15 0 admin Console(config)# 4-36 www.digisol.com...
Page 323: Ip Filter Commands
DG-FS4526 User Manual Related Commands enable (4-19) authentication enable (4-80) IP Filter Commands Table 4-12 IP Filter Commands Command Function Mode Page management Configures IP addresses that are allowed management access GC 4-37 show management Displays the switch to be monitored or configured from a...
Page 324: Show Management
End IP address ----------------------------------------------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address ----------------------------------------------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 TELNET-Client: Start IP address End IP address ----------------------------------------------- 1. 192.168.1.19 192.168.1.19 2. 192.168.1.25 192.168.1.30 Console# 4-38 www.digisol.com...
Page 325: Web Server Commands
DG-FS4526 User Manual Web Server Commands Table 4-13 Web Server Commands Command Function Mode Page ip http port Specifies the port to be used by the web browser interface 4-39 ip http server Allows the switch to be monitored or configured from a browser GC...
Page 326: Ip Http Secure-Server
Netscape Navigator 6.2 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP, Solaris 2.6 • To specify a secure-site certificate, see “Replacing the Default Secure-site Certificate” on page 3-66. Also refer to the copy command on page 4-73. 4-40 www.digisol.com...
Page 327: Ip Http Secure-Port
DG-FS4526 User Manual Example Console(config)#ip http secure-server Console(config)# Related Commands ip http secure-port (4-41) copy tftp https-certificate (4-73) ip http secure-port This command specifies the UDP port number used for HTTPS connection to the switch’s web interface. Use the no form to restore the default port.
Page 328: Telnet Server Commands
This command allows this device to be monitored or configured from Telnet. Use the no form to disable this function. Syntax [no] ip telnet server Default Setting Enabled Command Mode Global Configuration Example Console(config)#ip telnet server Console(config)# 4-42 www.digisol.com...
Page 329: Secure Shell Commands
DG-FS4526 User Manual Related Commands ip telnet port (4-42) Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 330 Configure Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key 4-44 www.digisol.com...
Page 331: Ip Ssh Server
DG-FS4526 User Manual corresponding to the public keys stored on the switch can gain access. The following exchanges take place during this process: The client sends its public key to the switch. The switch compares the client's public key to those stored in memory.
Page 332: Ip Ssh Timeout
Use the no form to restore the default setting. Syntax ip ssh authentication-retries count no ip ssh authentication-retries count – The number of authentication attempts permitted after which the interface is reset. (Range: 1-5) Default Setting Command Mode Global Configuration 4-46 www.digisol.com...
Page 333: Ip Ssh Server-Key Size
DG-FS4526 User Manual Example Console(config)#ip ssh authentication-retires 2 Console(config)# Related Commands show ip ssh (4-49) ip ssh server-key size This command sets the SSH server key size. Use the no form to restore the default setting. Syntax ip ssh server-key size key-size no ip ssh server-key size key-size –...
Page 334: Ip Ssh Crypto Host-Key Generate
This command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa] • dsa – DSA key type. • rsa – RSA key type. Default Setting Clears both the DSA and RSA key. 4-48 www.digisol.com...
Page 335: Ip Ssh Save Host-Key
DG-FS4526 User Manual Command Mode Privileged Exec Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. • The SSH server must be disabled before you can execute this command.
Page 336: Show Ssh
3DES – Triple-DES (Uses three iterations of DES, 112-bit key) aes – Advanced Encryption Standard (160 or 224-bit key) blowfish – Blowfish (32-448 bit key) cbc – cypher-block chaining sha1 – Secure Hash Algorithm 1 (160-bit hashes) md5 – Message Digest algorithm number 5 (128-bit hashes) 4-50 www.digisol.com...
Page 337: Show Public-Key
DG-FS4526 User Manual show public-key This command shows the public key for the specified user or for the host. Syntax show public-key [user [username]| host] username – Name of an SSH user. (Range: 1-8 characters) Default Setting Shows all public keys.
Page 338: Event Logging Commands
The logging process controls error messages saved to switch memory. You can use the logging history command to control the type of error messages that are stored. Example Console(config)#logging on Console(config)# Related Commands logging history (4-53) clear logging (4-55) 4-52 www.digisol.com...
Page 339: Logging History
DG-FS4526 User Manual logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
Page 340: Logging Host
RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database. Example Console(config)#logging facility 19 Console(config)# 4-54 www.digisol.com...
Page 341: Logging Trap
DG-FS4526 User Manual logging trap This command enables the logging of system messages to a remote server, or limits the syslog messages saved to a remote server based on severity. Use this command without a specified level to enable remote logging. Use the no form to disable remote logging.
Page 342: Show Logging
Shows if system logging has been enabled via the logging on command. History logging in FLASH The message level(s) reported based on the logging history command. History logging in RAM The message level(s) reported based on the logging history command. 4-56 www.digisol.com...
Page 343: Show Log
DG-FS4526 User Manual The following example displays settings for the trap function. Console#show logging trap Syslog logging: Enable REMOTELOG status: disable REMOTELOG facility type: local use 7 REMOTELOG level type: Debugging messages REMOTELOG server IP address: 1.2.3.4 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0...
Page 344: Smtp Alert Commands
This command specifies SMTP servers that will be sent alert messages. Use the no form to remove an SMTP server. Syntax [no] logging sendmail host ip_address ip_address - IP address of an SMTP server that will be sent alert messages for event handling. Default Setting None 4-58 www.digisol.com...
Page 345: Logging Sendmail Level
DG-FS4526 User Manual Command Mode Global Configuration Command Usage • You can specify up to three SMTP servers for event handing. However, you must enter a separate command to specify each server. • To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection.
Page 346: Logging Sendmail Source-Email
(Range: 1-41 characters) Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# 4-60 www.digisol.com...
Page 347: Logging Sendmail
DG-FS4526 User Manual logging sendmail This command enables SMTP event handling. Use the no form to disable this function. Syntax [no] logging sendmail Default Setting Enabled Command Mode Global Configuration Example Console(config)#logging sendmail Console(config)# show logging sendmail This command displays the settings for the SMTP event handler.
Page 348: Time Commands
(i.e., 00:00:00, Jan. 1, 2001). • This command enables client time requests to time servers specified via the sntp servers command. It issues time synchronization requests based on the interval set via the sntp poll command. 4-62 www.digisol.com...
Page 349: Sntp Server
DG-FS4526 User Manual Example Console(config)#sntp server 10.1.0.19 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#end Console#show sntp Current time: Dec 23 02:52:44 2002 Poll interval: 60 Current mode: unicast SNTP status: Enabled SNTP server: 10.1.0.19 0.0.0.0 0.0.0.0 Current server: 10.1.0.19 Console# Related Commands...
Page 350: Sntp Poll
SNTP mode (i.e., unicast). Example Console#show sntp Current time: Dec 23 05:13:28 2002 Poll interval: 16 Current mode: unicast SNTP status : Enabled SNTP server 137.92.140.80 0.0.0.0 0.0.0.0 Current server: 137.92.140.80 Console# 4-64 www.digisol.com...
Page 351: Clock Timezone
DG-FS4526 User Manual clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} • name - Name of timezone, usually an acronym. (Range: 1-29 characters) • hours - Number of hours before/after UTC. (Range: 0-12 hours) •...
Page 352: Show Calendar
Displays version information for the system NE, PE 4-71 show startup-config This command displays the configuration file stored in non-volatile memory that is used to start up the system. Default Setting None Command Mode Privileged Exec 4-66 www.digisol.com...
Page 353: Snmp Community Strings
DG-FS4526 User Manual Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...
Page 354: Show Running-Config
- Event log settings - VLAN database (VLAN ID, name and state) - VLAN configuration settings for each interface - IP address configured for the switch - Layer 4 precedence settings - Any configured settings for the console port and Telnet 4-68 www.digisol.com...
Page 355 DG-FS4526 User Manual Example Console#show running-config building running-config, please wait... !<stackingDB>00</stackingDB> !<stackingMac>01_00-17-7c-0a-c9-f1_00</stackingMac> phymap 00-17-7c-0a-c9-f1 SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 broadcast byte-rate 1000 level 5 no dot1q-tunnel system-tunnel-control SNMP-server community private rw SNMP-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3...
Page 356: Show System
Switch Int Loopback Test ..PASS Done All Pass. Console# show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client. Default Setting None Command Mode Normal Exec, Privileged Exec 4-70 www.digisol.com...
Page 357: Show Version
DG-FS4526 User Manual Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users Username accounts: Username Privilege Public-Key -------- --------- ---------- admin None guest...
Page 358: Frame Size Commands
• Enabling jumbo frames will limit the maximum threshold for broadcast storm control to 64 packets per second. (See the switchport broadcast command on page 4-156.) • The current setting for jumbo frames can be displayed with the show system command (page 4-70). Example Console(config)#jumbo frame Console(config)# 4-72 www.digisol.com...
Page 359: Flash/File Commands
DG-FS4526 User Manual Flash/File Commands These commands are used to manage the system code or configuration files. Table 4-26 Flash/File Commands Command Function Mode Page copy Copies a code image or a switch configuration to or from flash 4-73 memory or a TFTP server...
Page 360 Destination file name: startup.01 TFTP completed. Success. Console# The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name: startup Write to FLASH Programming. \Write to FLASH finish. Success. Console# 4-74 www.digisol.com...
Page 361: Delete
DG-FS4526 User Manual The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01 Startup configuration file name [startup]: Write to FLASH Programming. \Write to FLASH finish. Success.
Page 362: Dir
• unit - Stack unit. (Range: 1) Default Setting None Command Mode Privileged Exec Command Usage • If you enter the command dir without any parameters, the system displays all files. • A colon (:) is required after the specified unit number. 4-76 www.digisol.com...
Page 363: Whichboot
DG-FS4526 User Manual • File information is shown below: Table 4-27 File Directory Information Column Heading Description file name The name of the file. file type File types: Boot-Rom, Operation Code, and Config file. startup Shows if this file is used when the system is started.
Page 364: Authentication Commands
Configures settings for authentication via a TACACS+ server 4-85 Configures authentication, authorization, and accounting for 4-88 network access Port Security Configures secure addresses for a port 4-97 Port Authentication Configures host authentication on specific ports using 802.1X 4-99 4-78 www.digisol.com...
Page 365: Authentication Sequence
DG-FS4526 User Manual Table 4-28 Authentication Commands Command Group Function Page Network Access Configures MAC authentication and dynamic VLAN assignment 4-108 Web Authentication Configures Web authentication 4-115 Authentication Sequence Table 4-29 Authentication Sequence Command Function Mode Page authentication login Defines logon authentication method and precedence...
Page 366: Authentication Enable
TACACS+ server. If the TACACS+ server is not available, the local user name and password is checked. Example Console(config)#authentication enable radius Console(config)# Related Commands enable password - sets the password for changing command modes (4-36) 4-80 www.digisol.com...
Page 367: Radius Client
DG-FS4526 User Manual RADIUS Client Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.
Page 368: Radius-Server Auth-Port
This command sets the RADIUS server port used for accounting messages. Use the no form to restore the default. Syntax radius-server acct-port port_number no radius-server acct-port port_number - RADIUS server UDP port used for accounting messages. (Range: 1-65535) Default Setting 1813 Command Mode Global Configuration Example Console(config)#radius-server acct-port 8181 Console(config)# 4-82 www.digisol.com...
Page 369: Radius-Server Key
DG-FS4526 User Manual radius-server key This command sets the RADIUS encryption key. Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 48 characters)
Page 370: Radius-Server Timeout
1812 Acct-port: 1813 Retransmit Times: Request Timeout: Server 1: Server IP Address: 10.1.2.3 Communication Key with RADIUS Server: ****** Auth-Port: 1812 Acct-port: 1813 Retransmit Times: Request Timeout: Radius server group: Group Name Member Index --------------------- ------------- radius Console# 4-84 www.digisol.com...
Page 371: Tacacs+ Client
DG-FS4526 User Manual TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.
Page 372: Tacacs-Server Port
- Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 48 characters) Default Setting None Command Mode Global Configuration Example Console(config)#tacacs-server key green Console(config)# 4-86 www.digisol.com...
Page 373: Tacacs-Server Retransmit
DG-FS4526 User Manual tacacs-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax tacacs-server retransmit number_of_retries no tacacs-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the TACACS+ server. (Range: 1-30)
Page 374: Aaa Commands
Applies an accounting method to CLI commands entered Line 4-94 by a user aaa authorization exec Enables authorization of Exec sessions 4-95 authorization exec Applies an authorization method to local console, Telnet or Line 4-96 SSH connections show accounting Displays all accounting information 4-96 4-88 www.digisol.com...
Page 375: Aaa Group Server
DG-FS4526 User Manual aaa group server Use this command to name a group of security server hosts. To remove a server group from the configuration list, enter the no form of this command. Syntax [no] aaa group server {radius | tacacs+} group-name •...
Page 376: Aaa Accounting Dot1X
Note that the default and method-name fields are only used to describe the accounting method(s) configured on the specified RADIUS or TACACS+ servers, and do not actually send any information to the servers about the methods to use. Example Console(config)#aaa accounting dot1x default start-stop group radius Console(config)# 4-90 www.digisol.com...
Page 377: Aaa Accounting Exec
DG-FS4526 User Manual aaa accounting exec This command enables the accounting of requested Exec services for network access. Use the no form to disable the accounting service. Syntax aaa accounting exec {default | method-name} start-stop group {radius | tacacs+ |server-group} no aaa accounting exec {default | method-name} •...
Page 378: Aaa Accounting Commands
• Note that the default and method-name fields are only used to describe the accounting method(s) configured on the specified TACACS+ server, and do not actually send any information to the server about the methods to use. Example Console(config)#aaa accounting commands 15 default start-stop group tacacs+ Console(config)# 4-92 www.digisol.com...
Page 379: Aaa Accounting Update
DG-FS4526 User Manual aaa accounting update This command enables the sending of periodic updates to the accounting server. Use the no form to disable accounting updates. Syntax aaa accounting update [periodic interval] no aaa accounting update interval - Sends an interim accounting record to the server at this interval.
Page 380: Accounting Exec
• level - The privilege level for executing commands. (Range: 0-15) • default - Specifies the default method list created with the aaa accounting commands command (page 4-92). • list-name - Specifies a method list created with the aaa accounting commands command. Default Setting None 4-94 www.digisol.com...
Page 381: Aaa Authorization Exec
DG-FS4526 User Manual Command Mode Line Configuration Example Console(config)#line console Console(config-line)#accounting commands 15 default Console(config-line)# aaa authorization exec This command enables the authorization for Exec access. Use the no form to disable the authorization service. Syntax aaa authorization exec {default | method-name} group {tacacs+...
Page 382: Authorization Exec
• exec - Displays Exec accounting records. • statistics - Displays accounting records. • user-name - Displays accounting records for a specifiable username. • interface ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number. (Range: 1-26) Default Setting None 4-96 www.digisol.com...
Page 383: Port Security Commands
DG-FS4526 User Manual Command Mode Privileged Exec Example Console#show accounting Accounting type: dot1x Method list: default Group list: radius Interface: Method list: tps Group list: radius Interface: eth 1/2 Accounting type: Exec Method list: default Group list: radius Interface: vty...
Page 384: Port Security
- Cannot be a multi-VLAN port. - Cannot be connected to a network interconnection device. - Cannot be a trunk port. • If a port is disabled due to a security violation, it must be manually re-enabled using the no shutdown command. 4-98 www.digisol.com...
Page 385: 802.1X Port Authentication
DG-FS4526 User Manual Example The following example enables port security for port 5, and sets the response to a security violation to issue a trap message: Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap Related Commands shutdown (4-155) mac-address-table static (4-175) show mac-address-table (4-176) 802.1X Port Authentication...
Page 386: Dot1X Default
Use the no form to restore the default. Syntax dot1x max-req count no dot1x max-req count – The maximum number of requests (Range: 1-10) Default Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x max-req 2 Console(config-if)# 4-100 www.digisol.com...
Page 387: Dot1X Port-Control
DG-FS4526 User Manual dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control • auto – Requires a dot1x-aware connected client to be authorized by the RADIUS server.
Page 388: Dot1X Re-Authenticate
Privileged Exec Example Console#dot1x re-authenticate Console# dot1x re-authentication This command enables periodic re-authentication globally for all ports. Use the no form to disable re-authentication. Syntax [no] dot1x re-authentication Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x re-authentication Console(config-if)# 4-102 www.digisol.com...
Page 389: Dot1X Timeout Quiet-Period
DG-FS4526 User Manual dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default. Syntax...
Page 390: Dot1X Timeout Re-Authperiod
Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number of seconds. (Range: 1-65535) Default 30 seconds Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout tx-period 300 Console(config-if)# 4-104 www.digisol.com...
Page 391: Dot1X Intrusion-Action
DG-FS4526 User Manual dot1x intrusion-action This command sets the port’s response to a failed authentication, either to block all traffic, or to assign all traffic for the port to a guest VLAN. Use the no form to reset the default.
Page 392 – Number of times connecting state is re-entered. • Backend State Machine - State – Current state (including request, response, success, fail, timeout, idle, initialize). - Request Count – Number of EAP Request packets sent to the Supplicant without receiving a response. 4-106 www.digisol.com...
Page 393: Authentication Server
DG-FS4526 User Manual - Identifier(Server) – Identifier carried in the most recent EAP Success, Failure or Request packet received from the Authentication Server. • Reauthentication State Machine - State – Current state (including initialize, reauthenticate). Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary...
Page 394: Network Access - Mac Address Authentication
Use this command to enable network access authentication on a port interface. Use the no form of this command to disable network access authentication. Syntax [no] network-access mode mac-authentication Default Setting Disabled Command Mode Interface Configuration 4-108 www.digisol.com...
Page 395: Network-Access Max-Mac-Count
DG-FS4526 User Manual Command Usage • When enabled on a port interface, the authentication process sends a Password Authentication Protocol (PAP) request to a configured RADIUS server. The username and password are both equal to the MAC address being authenticated.
Page 396: Mac-Authentication Intrusion-Action
802.1X authentication or MAC authentication. Use the no form of this command to restore the default. Syntax mac-authentication max-mac-count count no mac-authentication max-mac-count count - The maximum number of 802.1X and MAC-authenticated MAC addresses allowed. (Range: 1-1024) Default Setting 1024 Command Mode Interface Config 4-110 www.digisol.com...
Page 397: Network-Access Dynamic-Vlan
DG-FS4526 User Manual Example Console(config-if)#mac-authentication max-mac-count 32 Console(config-if)# network-access dynamic-vlan Use this command to enable dynamic VLAN assignment for an authenticated port. Use the no form to disable dynamic VLAN assignment. Syntax [no] network-access dynamic-vlan Default Setting Enabled Command Mode...
Page 398: Mac-Authentication Reauth-Time
• The reauthentication time is a global setting and applies to all ports. • When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server. During the reauthentication process traffic through the port remains unaffected. Example Console(config)#mac-authentication reauth-time 300 Console(config)# 4-112 www.digisol.com...
Page 399: Clear Network-Access
DG-FS4526 User Manual clear network-access Use this command to clear entries from the secure MAC addresses table. Syntax clear network-access mac-address-table [static | dynamic] [address mac-address] [interface interface] • static - Specifies static address entries. • dynamic - Specifies dynamic address entries.
Page 400: Show Network-Access Mac-Address-Table
When using a bit mask to filter displayed MAC addresses, a 1 means "care" and a 0 means "don't care". For example, a MAC of 00-00-01-02-03-04 and mask FF-FF-FF-00-00-00 would result in all MACs in the range 00-00-01-00-00-00 to 00-00-01-FF-FF-FF to be displayed. All other MACs would be filtered out. 4-114 www.digisol.com...
Page 401: Web Authentication
DG-FS4526 User Manual Example Console#show network-access mac-address-table ---- ----------------- --------------- --------- ------------------------- Port MAC-Address RADIUS-Server Attribute Time ---- ----------------- --------------- --------- ------------------------- 00-00-01-02-03-04 172.155.120.17 Static 00d06h32m50s 00-00-01-02-03-05 172.155.120.17 Dynamic 00d06h33m20s 00-00-01-02-03-06 172.155.120.17 Static 00d06h35m10s 00-00-01-02-03-07 172.155.120.17 Dynamic 00d06h34m20s Console# Web Authentication Web authentication allows stations to authenticate and access the network in situations where 802.1X or Network Access authentication are infeasible or...
Page 402: Web-Auth Login-Attempts
Syntax web-auth quiet-period time no web-auth quiet period time - The amount of time the host must wait before attempting authentication again. (Range: 1-180 seconds) Default Setting 60 seconds Command Mode Global Configuration 4-116 www.digisol.com...
Page 403: Web-Auth Session-Timeout
DG-FS4526 User Manual Example Console(config)#web-auth quiet-period 120 Console(config)# web-auth session-timeout This command defines the amount of time a web-authentication session remains valid. When the session-timeout time has been reached, the host is logged off and must re-authenticate itself the next time data transmission takes place. Use the no form to restore the default.
Page 404: Web-Auth
Command Mode Privileged Exec Example Console#sh web-auth Global Web-Auth Parameters System Auth Control : Enabled Login Page URL Login Fail Page URL Login Success Page URL Session Timeout : 3600 Quiet Period : 60 Max Login Attempts Console# 4-118 www.digisol.com...
Page 405: Show Web-Auth Interface
DG-FS4526 User Manual show web-auth interface This command displays interface-specific web authentication parameters and statistics. Syntax show web-auth interface interface • interface - Specifies a port interface. • ethernet unit/port - unit - This is unit 1. - port - Port number. (Range: 1-20)
Page 406: Web-Auth Re-Authenticate (Ip)
Example Console#web-auth re-authenticate interface ethernet 1/2 192.168.1.5 Failed to reauth port. Console# show web-auth summary This command displays a summary of web authentication port parameters and statistics. Syntax show web-auth summary Default Setting None Command Mode Privileged Exec 4-120 www.digisol.com...
Page 407 DG-FS4526 User Manual Example Console#show web-auth summary Global Web-Auth Parameters System Auth Control : Enabled Port Status Authenticated Host Count ---- ------ ------------------------ 1/ 1 Disabled 1/ 2 Enabled 1/ 3 Disabled 1/ 4 Disabled 1/ 5 Disabled 1/ 6...
Page 408: Access Control List Commands
Configures ACLs based on IP addresses, TCP/UDP port number, and 4-123 protocol type MAC ACLs Configures ACLs based on hardware addresses, packet format, and 4-128 Ethernet type ACL Information Displays ACLs and associated rules; shows ACLs assigned to each port 4-132 4-122 www.digisol.com...
Page 409: Ip Acls
DG-FS4526 User Manual IP ACLs Table 4-38 IP ACLs Command Function Mode Page access-list ip Creates an IP ACL and enters configuration mode 4-123 permit, deny Filters packets matching a specified source IP address STD-ACL 4-124 permit, deny Filters packets meeting the specified criteria, including...
Page 410: Permit, Deny (Standard Acl)
ACL has been assigned. Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Console(config-std-acl)#permit host 10.1.1.21 Console(config-std-acl)#permit 168.92.16.0 255.255.240.0 Related Commands access-list ip (4-123) 4-124 www.digisol.com...
Page 411: Permit, Deny (Extended Acl)
DG-FS4526 User Manual permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, or source or destination protocol ports. Use the no form to remove a rule.
Page 412: Show Ip Access-List
• acl_name – Name of the ACL. (Maximum length: 16 characters, no spaces) Command Mode Privileged Exec Example Console#show ip access-list standard IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255.255.255.0 Console# Related Commands permit, deny 4-124 ip access-group (4-127) 4-126 www.digisol.com...
Page 413: Ip Access-Group
DG-FS4526 User Manual ip access-group This command binds a port to an IP ACL. Use the no form to remove the port. Syntax [no] ip access-group acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters, no spaces) •...
Page 414: Mac Acls
• To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule. • An ACL can contain up to 32 rules. Example Console(config)#access-list mac jerry Console(config-mac-acl)# Related Commands permit, deny (4-129) mac access-group (4-131) show mac access-list (4-130) 4-128 www.digisol.com...
Page 415: Permit, Deny (Mac Acl)
DG-FS4526 User Manual permit, deny (MAC ACL) This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or destination address (i.e., physical layer address), or Ethernet protocol type. Use the no form to remove a rule.
Page 416: Show Mac Access-List
[acl_name] acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands permit, deny 4-129 mac access-group (4-131) 4-130 www.digisol.com...
Page 417: Mac Access-Group
DG-FS4526 User Manual mac access-group This command binds a port to a MAC ACL. Use the no form to remove the port. Syntax mac access-group acl_name in • acl_name – Name of the ACL. (Maximum length: 16 characters) • in – Indicates that this list applies to ingress packets.
Page 418: Acl Information
IP extended access-list A6: permit any any Console# show access-group This command shows the port assignments of ACLs. Command Mode Privileged Executive Example Console#show access-group Interface ethernet 1/1 IP access-list jerry in Interface ethernet 1/10 IP access-list jerry in Console# 4-132 www.digisol.com...
Page 419: Snmp Commands
DG-FS4526 User Manual SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption;...
Page 420: Snmp-Server
Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command. 4-134 www.digisol.com...
Page 421: Snmp-Server Community
DG-FS4526 User Manual Example Console#show snmp SNMP Agent: enabled SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2. public, and the privilege is read-only 0 SNMP packets input 0 Bad SNMP version errors...
Page 422: Snmp-Server Contact
This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location. (Maximum length: 255 characters) Default Setting None 4-136 www.digisol.com...
Page 423: Snmp-Server Host
DG-FS4526 User Manual Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (4-136) snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host.
Page 424 6. Specify a remote engine ID where the user resides (page 4-140). 7. Then configure a remote user (page 4-146). • The switch can send SNMP Version 1, 2c or 3 notifications to a host IP address, depending on the SNMP version that the management station 4-138 www.digisol.com...
Page 425: Snmp-Server Enable Traps
DG-FS4526 User Manual supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notifications. • If you specify an SNMP Version 3 host, then the community string is interpreted as an SNMP user name. If you use the V3 “auth” or “priv” options, the user name must first be defined with the snmp-server user command.
Page 426: Snmp-Server Engine-Id
• Trailing zeroes need not be entered to uniquely specify a engine ID. In other words, the value “123456789” is equivalent to “1234567890” because a trailing zero will be added to fill in the missing octet if an odd number of hexadecimal characters is specified. 4-140 www.digisol.com...
Page 427: Show Snmp Engine-Id
DG-FS4526 User Manual • A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users (page 4-146).
Page 428: Snmp-Server View
This view includes the MIB-2 interfaces table, ifDescr. The wild card is used to select all the index values in this table. Console(config)#snmp-server view ifEntry.2 1.3.6.1.2.1.2.2.1.*.2 included Console(config)# This view includes the MIB-2 interfaces table, and the mask selects all index entries. Console(config)#snmp-server view ifEntry.a 1.3.6.1.2.1.2.2.1.1.* included Console(config)# 4-142 www.digisol.com...
Page 429: Show Snmp View
DG-FS4526 User Manual show snmp view This command shows information on the SNMP views. Command Mode Privileged Exec Example Console#show snmp view View Name: mib-2 Subtree OID: 1.2.2.3.6.2.1 View Type: included Storage Type: permanent Row Status: active View Name: defaultview...
Page 430: Snmp-Server Group
(page 4-139). Example Console(config)#snmp-server group r&d v3 auth write daily Console(config)# 17. No view is defined. 18. Maps to the defaultview. 4-144 www.digisol.com...
Page 431: Show Snmp Group
DG-FS4526 User Manual show snmp group Four default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and read/write access. Command Mode Privileged Exec Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview...
Page 432: Snmp-Server User
(A minimum of eight characters is required.) • priv des56 - Uses SNMPv3 with privacy with DES56 encryption. • priv-password - Privacy password. Enter as plain text if the encrypted option is not used. Otherwise, enter an encrypted password. 4-146 www.digisol.com...
Page 433 DG-FS4526 User Manual Default Setting None Command Mode Global Configuration Command Usage • The SNMP engine ID is used to compute the authentication/privacy digests from the password. You should therefore configure the engine ID with the snmp-server engine-id command before using this configuration command.
Page 434: Show Snmp User
Privacy Protocol The privacy protocol used with SNMPv3. Storage Type The storage type for this entry. Row Status The row status of this entry. SNMP remote user A user associated with an SNMP engine on a remote device. 4-148 www.digisol.com...
Page 435 DG-FS4526 User Manual 4-149 www.digisol.com...
Page 436: Interface Commands
Syntax interface interface no interface port-channel channel-id interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number. (Range: 1-26) • port-channel channel-id (Range: 1-12) • vlan vlan-id (Range: 1-4094) Default Setting None 4-150 www.digisol.com...
Page 437: Description
DG-FS4526 User Manual Command Mode Global Configuration Example To specify port 24, enter the following command: Console(config)#interface ethernet 1/24 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description. Syntax description string...
Page 438: Negotiation
Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands. 4-152 www.digisol.com...
Page 439: Capabilities
DG-FS4526 User Manual • If autonegotiation is disabled, auto-MDI/MDI-X pin signal configuration will also be disabled for the RJ-45 ports. Example The following example configures port 11 to use autonegotiation. Console(config)#interface ethernet 1/11 Console(config-if)#negotiation Console(config-if)# Related Commands capabilities (4-153) speed-duplex (4-151)
Page 440: Flowcontrol
• Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub. 4-154 www.digisol.com...
Page 441: Shutdown
DG-FS4526 User Manual Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-152) capabilities (flowcontrol, symmetric) (4-153) shutdown This command disables an interface. To restart a disabled interface, use the no form.
Page 442: Broadcast Byte-Rate
Enabled for all ports Command Mode Interface Configuration (Ethernet) Command Usage This command enables or disables broadcast storm control for the selected interface. However, the threshold value, specified using the broadcast byte-rate command, applies to all ports on the switch. 4-156 www.digisol.com...
Page 443: Clear Counters
DG-FS4526 User Manual Example The following shows how to enable broadcast storm control for port 5. Console(config)#interface ethernet 1/5 Console(config-if)#switchport broadcast Console(config-if)# clear counters This command clears statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number.
Page 444: Show Interfaces Counters
Information of VLAN 1 MAC address: 00-17-7C-0A-C9-F1 Console# show interfaces counters This command displays interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number. (Range: 1-26) 4-158 www.digisol.com...
Page 445: Show Interfaces Switchport
DG-FS4526 User Manual • port-channel channel-id (Range: 1-12) Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Showing Port Statistics”...
Page 446 VLAN membership mode Indicates membership mode as Trunk or Hybrid (page 4-227). Ingress rule Shows if ingress filtering is enabled or disabled (page 4-228). Note: Ingress filtering is always enabled. Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only (page 4-228). 4-160 www.digisol.com...
Page 447: Table 4-47 Interfaces Switchport Statistics
DG-FS4526 User Manual Table 4-47 Interfaces Switchport Statistics Field Description Native VLAN Indicates the default Port VLAN ID (page 4-229). Priority for untagged traffic Indicates the default priority for untagged frames (page 4-247). Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled (page 4-222).
Page 448: Mirror Port Commands
• The mirror port and monitor port speeds should match, otherwise traffic may be dropped from the monitor port. • All mirror sessions must share the same destination port. • When mirroring port traffic, the target port must be included in the same VLAN as the source port 4-162 www.digisol.com...
Page 449: Show Port Monitor
DG-FS4526 User Manual Example The following example configures the switch to mirror received packets from port 6 to 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 rx Console(config-if)# show port monitor This command displays mirror information. Syntax show port monitor [interface] interface - ethernet unit/port (source port) •...
Page 450: Rate Limit Commands
The scale and level are multiplied by one another to set the rate limit. For example, to limit port traffic to 500 Kilobytes per second, select the scale as 100K and set the level to 5. Example Console(config)#interface ethernet 1/1 Console(config-if)#rate-limit input scale 100k level 5 Console(config-if)# 4-164 www.digisol.com...
Page 451: Link Aggregation Commands
DG-FS4526 User Manual Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Page 452: Channel-Group
• When configuring static trunks, the switches must comply with the Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk. • Use no interfaces port-channel to remove a trunk from the switch. 4-166 www.digisol.com...
Page 453: Lacp
DG-FS4526 User Manual Example The following example creates trunk 1 and then adds port 11: Console(config)#interface port-channel 1 Console(config-if)#exit Console(config)#interface ethernet 1/11 Console(config-if)#channel-group 1 Console(config-if)# lacp This command enables 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it.
Page 454: Lacp System-Priority
• partner - The remote side of an aggregate link. • priority - This priority is used to determine link aggregation group (LAG) membership, and to identify this device to other switches during LAG negotiations. (Range: 0-65535) Default Setting 32768 4-168 www.digisol.com...
Page 455: Lacp Admin-Key (Ethernet Interface)
DG-FS4526 User Manual Command Mode Interface Configuration (Ethernet) Command Usage • Port must be configured with the same system priority to join the same LAG. • System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.
Page 456: Lacp Admin-Key (Port Channel)
(lacp admin key - Ethernet Interface) used by the interfaces that joined the group. Note that when the LAG is no longer used, the port channel admin key is reset to 0. Example Console(config)#interface port-channel 1 Console(config-if)#lacp actor admin-key 3 Console(config-if)# 4-170 www.digisol.com...
Page 457: Lacp Port-Priority
DG-FS4526 User Manual lacp port-priority This command configures LACP port priority. Use the no form to restore the default setting. Syntax lacp {actor | partner} port-priority priority no lacp {actor | partner} port-priority • actor - The local side an aggregate link.
Page 458: Table 4-51 Show Lacp Counters - Display Description
LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin Key : 4 Oper Key : 4 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State : distributing, collecting, synchronization, aggregation, long timeout, LACP-activity 4-172 www.digisol.com...
Page 459: Show Lacp Internal - Display Description
DG-FS4526 User Manual Table 4-52 show lacp internal - display description Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Current administrative value of the key for the aggregation port. LACPDUs Internal Number of seconds before invalidating received LACPDU information.
Page 460: Table 4-53 Show Lacp Neighbors - Display Description
A link aggregation group configured on this switch. LACP system priority for this channel group. System Priority System MAC address. System MAC Address * The LACP system priority and system MAC address are concatenated to form the LAG system ID. 4-174 www.digisol.com...
Page 461: Address Table Commands
DG-FS4526 User Manual Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Table 4-55 Address Table Commands Command Function Mode Page mac-address-table static...
Page 462: Clear Mac-Address-Table Dynamic
• mask - Bits to match in the address. • interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number. (Range: 1-26) • port-channel channel-id (Range: 1-12) • vlan-id - VLAN ID (Range: 1-4094) 4-176 www.digisol.com...
Page 463: Mac-Address-Table Aging-Time
DG-FS4526 User Manual • sort - Sort by address, vlan or interface. Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types:...
Page 464: Show Mac-Address-Table Aging-Time
Configures the time-to-live (TTL) value sent in LLDP 4-180 advertisements medFastStartCount Configures how many medFastStart packets are transmitted GC 4-181 lldp notification-interval Configures the allowed interval for sending SNMP 4-181 notifications about LLDP changes lldp refresh-interval Configures the periodic transmit interval for LLDP 4-182 advertisements 4-178 www.digisol.com...
Page 465: Table 4-56 Lldp Commands
DG-FS4526 User Manual Table 4-56 LLDP Commands (Continued) Command Function Mode Page lldp reinit-delay Configures the delay before attempting to re-initialize after 4-183 LLDP ports are disabled or the link goes down lldp tx-delay Configures a delay between the successive transmission of...
Page 466: Lldp
Use the no form to restore the default setting. Syntax lldp holdtime-multiplier value no lldp holdtime-multiplier value - Calculates the TTL in seconds based on (holdtime-multiplier * refresh-interval) ≤ 65536 (Range: 2 - 10) Default Setting Holdtime multiplier: 4 TTL: 4*30 = 120 seconds 4-180 www.digisol.com...
Page 467: Lldp Medfaststartcount
DG-FS4526 User Manual Command Mode Global Configuration Command Usage The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner. Example Console(config)#lldp holdtime-multiplier 10...
Page 468: Lldp Refresh-Interval
- Specifies the periodic interval at which LLDP advertisements are sent. (Range: 5 - 32768 seconds) Default Setting 30 seconds Command Mode Global Configuration Command Usage This attribute must comply with the following rule: (refresh-interval * holdtime-multiplier) ≤ 65536 Example Console(config)#lldp refresh-interval 60 Console(config)# 4-182 www.digisol.com...
Page 469: Lldp Reinit-Delay
DG-FS4526 User Manual lldp reinit-delay This command configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes down. Use the no form to restore the default setting. Syntax lldp reinit-delay seconds no lldp reinit-delay seconds - Specifies the delay before attempting to re-initialize LLDP.
Page 470: Lldp Admin-Status
Interface Configuration (Ethernet, Port Channel) Command Usage • This option sends out SNMP trap notifications to designated target stations at the interval specified by the lldp notification-interval command (page 4-181). Trap notifications include information about state changes in 4-184 www.digisol.com...
Page 471: Lldp Mednotification
DG-FS4526 User Manual the LLDP MIB (IEEE 802.1AB), or organization-specific LLDP-EXT-DOT1 and LLDP-EXT-DOT3 MIBs. • SNMP trap destinations are defined using the snmp-server host command (page 4-137). • Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only state changes that exist at the time of a trap notification are included in the transmission.
Page 472: Lldp Basic-Tlv Management-Ip-Address
TLV. Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp basic-tlv management-ip-address Console(config-if)# lldp basic-tlv port-description This command configures an LLDP-enabled port to advertise its port description. Use the no form to disable this feature. 4-186 www.digisol.com...
Page 473: Lldp Basic-Tlv System-Capabilities
DG-FS4526 User Manual Syntax [no] lldp basic-tlv port-description Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage The port description is taken from the ifDescr object in RFC 2863, which includes information about the manufacturer, the product name, and the version of the interface hardware/software.
Page 474: Lldp Basic-Tlv System-Name
(page 4-25). Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp basic-tlv system-name Console(config-if)# lldp dot1-tlv proto-ident This command configures an LLDP-enabled port to advertise the supported protocols. Use the no form to disable this feature. 4-188 www.digisol.com...
Page 475: Lldp Dot1-Tlv Proto-Vid
DG-FS4526 User Manual Syntax dot1-tlv proto-ident [no] lldp Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises the protocols that are accessible through this interface. Example Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot1-tlv proto-ident Console(config-if)#...
Page 476: Lldp Dot1-Tlv Vlan-Name
(Configuring Interfaces)” on page 4-244. Example Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot1-tlv vlan-name Console(config-if)# lldp dot3-tlv link-agg This command configures an LLDP-enabled port to advertise link aggregation capabilities. Use the no form to disable this feature. Syntax [no] lldp dot3-tlv link-agg 4-190 www.digisol.com...
Page 477: Lldp Dot3-Tlv Mac-Phy
DG-FS4526 User Manual Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises link aggregation capabilities, aggregation status of the link, and the 802.3 aggregated port identifier if this interface is currently a link aggregation member.
Page 478: Lldp Dot3-Tlv Poe
Console(config)#interface ethernet 1/1 Console(config-if)#lldp dot3-tlv poe Console(config-if)# lldp medtlv extpoe This command configures an LLDP-MED-enabled port to advertise and accept Extended Power-over-Ethernet configuration and usage information. Use the no form to disable this feature. Syntax [no] lldp medtlv extpoe 4-192 www.digisol.com...
Page 479: Lldp Medtlv Inventory
DG-FS4526 User Manual Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises extended Power-over-Ethernet capability details, such as power availability from the switch, and power state of the switch, including whether the switch is operating from primary or backup power (the Endpoint Device could use this information to decide to enter power conservation mode).
Page 480: Lldp Medtlv Med-Cap
Console(config)#interface ethernet 1/1 Console(config-if)#lldp medtlv med-cap Console(config-if)# lldp medtlv network-policy This command configures an LLDP-MED-enabled port to advertise its network policy configuration. Use the no form to disable this feature. Syntax [no] lldp medtlv network-policy Default Setting Enabled 4-194 www.digisol.com...
Page 481: Show Lldp Config
DG-FS4526 User Manual Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises network policy configuration information, aiding in the discovery and diagnosis of VLAN configuration mismatches on a port. Improper network policy configurations frequently result in voice quality degradation or complete service disruption.
Page 482: Command Line Interface
802.1 specific TLVs Advertised: *port-vid *vlan-name *proto-vlan *proto-ident 802.3 specific TLVs Advertised: *mac-phy *poe *link-agg *max-frame MED Configuration: MED Notification Enabled : True MED Enabled TLVs Advertised: *med-cap *network-policy *location *extPoe *inventory Console# 4-196 www.digisol.com...
Page 483: Show Lldp Info Local-Device
DG-FS4526 User Manual show lldp info local-device This command shows LLDP global and interface-specific configuration settings for this device. Syntax show lldp info local-device [detail interface] • detail - Shows detailed information. • interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number.
Page 484: Show Lldp Info Remote-Device
VLAN-4093 : Remote Protocol Identity (Hex) : 88-CC Remote MAC/PHY configuration status : Remote port auto-neg supported : Yes Remote port auto-neg enabled : Yes Remote port auto-neg advertised cap (Hex) : 6C00 Remote port MAU type : 16 4-198 www.digisol.com...
Page 485: Show Lldp Info Statistics
DG-FS4526 User Manual Remote Link Aggregation : Remote link aggregation capable : Yes Remote link aggragation enable : No Remote link aggragation port id : 0 Remote Max Frame Size : 1522 Console# show lldp info statistics This command shows statistics based on traffic received through all attached LLDP-enabled interfaces.
Page 486 Eth 1/5 switch#show lldp info statistics detail ethernet 1/1 LLDP Port Statistics Detail PortName : Eth 1/1 Frames Discarded Frames Invalid Frames Received : 12 Frames Sent : 13 TLVs Unrecognized : 0 TLVs Discarded Neighbor Ageouts switch# 4-200 www.digisol.com...
Page 487: Spanning Tree Commands
DG-FS4526 User Manual Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 4-57 Spanning Tree Commands Command Function Mode Page spanning-tree...
Page 488: Spanning-Tree
• rstp - Rapid Spanning Tree Protocol (IEEE 802.1w) • mstp - Multiple Spanning Tree (IEEE 802.1s) Default Setting rstp Command Mode Global Configuration Command Usage • Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. 4-202 www.digisol.com...
Page 489: Spanning-Tree Forward-Time
DG-FS4526 User Manual - This creates one spanning tree instance for the entire network. If multiple VLANs are implemented on a network, the path between specific VLAN members may be inadvertently disabled to prevent network loops, thus isolating group members. When operating multiple VLANs, we recommend selecting the MSTP option.
Page 490: Spanning-Tree Hello-Time
2 seconds Command Mode Global Configuration Command Usage This command sets the time interval (in seconds) at which the root device transmits a configuration message. Example Console(config)#spanning-tree hello-time 5 Console(config)# Related Commands spanning-tree forward-time (4-203) spanning-tree max-age (4-204) 4-204 www.digisol.com...
Page 491: Spanning-Tree Max-Age
DG-FS4526 User Manual spanning-tree max-age This command configures the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds. (Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello-time + 1)].
Page 492: Spanning-Tree Pathcost Method
Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. Note that path cost (page 4-211) takes precedence over port priority (page 4-212). Example Console(config)#spanning-tree pathcost method long Console(config)# 4-206 www.digisol.com...
Page 493: Spanning-Tree Transmission-Limit
DG-FS4526 User Manual spanning-tree transmission-limit This command configures the minimum interval between the transmission of consecutive RSTP/MSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds. (Range: 1-10)
Page 494: Mst Vlan
• instance_id - Instance identifier of the spanning tree. (Range: 0-4094) • priority - Priority of the a spanning tree instance. (Range: 0-61440 in steps of 4096; Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440) 4-208 www.digisol.com...
Page 495: Name
DG-FS4526 User Manual Default Setting 32768 Command Mode MST Configuration Command Usage • MST priority is used in selecting the root bridge and alternate bridge of the specified instance. The device with the highest priority (i.e., lowest numerical value) becomes the MSTI root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Page 496: Revision
An MSTI region is treated as a single node by the STP and RSTP protocols. Therefore, the message age for BPDUs inside an MSTI region is never changed. However, each spanning tree instance within a region, and the internal spanning tree (IST) that connects these instances use a hop count to 4-210 www.digisol.com...
Page 497: Spanning-Tree Spanning-Disabled
DG-FS4526 User Manual specify the maximum number of bridges that will propagate a BPDU. Each bridge decrements the hop count by one before passing on the BPDU. When the hop count reaches zero, the message is dropped. Example Console(config-mstp)#max-hops 30...
Page 498: Spanning-Tree Port-Priority
(that is, lowest value) will be configured as an active link in the spanning tree. • Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled. Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 0 4-212 www.digisol.com...
Page 499: Spanning-Tree Edge-Port
DG-FS4526 User Manual Related Commands spanning-tree cost (4-211) spanning-tree edge-port This command specifies an interface as an edge port. Use the no form to restore the default. Syntax [no] spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 500: Spanning-Tree Link-Type
• When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link. 4-214 www.digisol.com...
Page 501: Spanning-Tree Mst Cost
DG-FS4526 User Manual • RSTP only works on point-to-point links between two bridges. If you designate a port as a shared link, RSTP is forbidden. Since MSTP is an extension of RSTP, this same restriction applies. Example Console(config)#interface ethernet ethernet 1/5...
Page 502: Spanning-Tree Mst Port-Priority
• Where more than one interface is assigned the highest priority, the interface with lowest numeric identifier will be enabled. Example Console(config)#interface ethernet ethernet 1/5 Console(config-if)#spanning-tree mst 1 port-priority 0 Console(config-if)# Related Commands spanning-tree mst cost (4-215) 4-216 www.digisol.com...
Page 503: Spanning-Tree Protocol-Migration
DG-FS4526 User Manual spanning-tree protocol-migration This command re-checks the appropriate BPDU format to send on the selected interface. Syntax spanning-tree protocol-migration interface interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number. (Range: 1-26) •...
Page 504 Root Max Age (sec.): Root Forward Delay (sec.): Max hops: Remaining hops: Designated Root: 32768.00177C0AC9F1 Current root port: Current root cost: 10000 Number of topology changes: Last topology changes time (sec.): 22 Transmission limit: Path Cost Method: long 4-218 www.digisol.com...
Page 505: Show Spanning-Tree Mst Configuration
DG-FS4526 User Manual --------------------------------------------------------------- 1/ 1 information --------------------------------------------------------------- Admin status: enable Role: root State: forwarding External admin path cost: 10000 Internal admin cost: 10000 External oper path cost: 10000 Internal oper path cost: 10000 Priority: Designated cost: 200000 Designated port: 128.24...
Page 506: Vlan Commands
Displays GVRP configuration for the selected interface NE, PE 4-222 garp timer Sets the GARP timer for the selected function 4-223 show garp timer Shows the GARP timer for the selected function NE, PE 4-224 4-220 www.digisol.com...
Page 507: Bridge-Ext Gvrp
DG-FS4526 User Manual bridge-ext gvrp This command enables GVRP globally for the switch. Use the no form to disable it. Syntax [no] bridge-ext gvrp Default Setting Disabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network.
Page 508: Switchport Gvrp
- port - Port number. (Range: 1-26) • port-channel channel-id (Range: 1-12) Default Setting Shows both global and interface-specific configuration. Command Mode Normal Exec, Privileged Exec Example Console#show gvrp configuration ethernet 1/6 Eth 1/ 6: GVRP configuration: Enabled Console# 4-222 www.digisol.com...
Page 509: Garp Timer
DG-FS4526 User Manual garp timer This command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} •...
Page 510: Show Garp Timer
Enters VLAN database mode to add, change, and delete 4-224 VLANs vlan Configures a VLAN, including VID, name and state 4-225 vlan database This command enters VLAN database mode. All commands in this mode will take effect immediately. Default Setting None Command Mode Global Configuration 4-224 www.digisol.com...
Page 511: Vlan
DG-FS4526 User Manual Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN.
Page 512: Configuring Vlan Interfaces
This command enters interface configuration mode for VLANs, which is used to configure VLAN parameters for a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) Default Setting None Command Mode Global Configuration 4-226 www.digisol.com...
Page 513: Switchport Mode
DG-FS4526 User Manual Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown (4-155) switchport mode This command configures the VLAN membership mode for a port.
Page 514: Switchport Acceptable-Frame-Types
Therefore, trying to disable the filtering with the no switchport ingress-filtering command will produce this error message: “Note: Failed to ingress-filtering on ethernet interface !” Syntax switchport ingress-filtering no switchport ingress-filtering Default Setting Enabled 4-228 www.digisol.com...
Page 515: Switchport Native Vlan
DG-FS4526 User Manual Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Ingress filtering only affects tagged frames. • With ingress filtering enabled, a port will discard received frames tagged for VLANs for it which it is not a member.
Page 516: Switchport Allowed Vlan
VLAN of the port to this VLAN. • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. 4-230 www.digisol.com...
Page 517: Switchport Forbidden Vlan
DG-FS4526 User Manual Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged Console(config-if)# switchport forbidden vlan This command configures forbidden VLANs.
Page 518: Displaying Vlan Information
Status: Active Ports/Port Channels: Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S) Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S) Eth1/11(S) Eth1/12(S) Eth1/13(S) Eth1/14(S) Eth1/19(S) Eth1/20(S) Eth1/21(S) Eth1/22(S) Eth1/23(S) Eth1/24(S) Eth1/25(S) Eth1/26(S) Trunk 1(S) Console# 4-232 www.digisol.com...
Page 519: Configuring Ieee 802.1Q Tunneling
DG-FS4526 User Manual Configuring IEEE 802.1Q Tunneling IEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs. Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider’s network even when they use the same customer-specific VLAN IDs.
Page 520: Switchport Dot1Q-Tunnel Mode
Interface Configuration (Ethernet, Port Channel) Command Usage Use the dot1q-tunnel system-tunnel-control command to set the switch to QinQ mode before entering this command. Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport dot1q-tunnel mode access Console(config-if)# Related Commands show dot1q-tunnel (4-235) show interfaces switchport (4-159) 4-234 www.digisol.com...
Page 521: Switchport Dot1Q-Tunnel Tpid
DG-FS4526 User Manual switchport dot1q-tunnel tpid This command sets the Tag Protocol Identifier (TPID) value of a tunnel port. Use the no form to restore the default setting. Syntax switchport dot1q-tunnel tpid tpid no switchport dot1q-tunnel tpid tpid – Sets the ethertype value for 802.1Q encapsulation. This identifier is used to select a nonstandard 2-byte ethertype to identify 802.1Q tagged...
Page 522: Configuring Private Vlans
(Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) This section describes commands used to configure private VLANs. Table 4-64 Private VLAN Commands Command Function Mode Page Edit Private VLAN Groups private-vlan Adds or deletes primary, community, or isolated VLANs 4-238 4-236 www.digisol.com...
Page 523 DG-FS4526 User Manual Table 4-64 Private VLAN Commands Command Function Mode Page private-vlan association Associates a community VLAN with a primary VLAN 4-238 Configure Private VLAN Interfaces switchport mode Sets an interface to host mode or promiscuous mode 4-239 private-vlan...
Page 524: Private-Vlan
Use this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no form to remove all associations for the specified primary VLAN. Syntax private-vlan primary-vlan-id association {secondary-vlan-id | add secondary-vlan-id | remove secondary-vlan-id} 4-238 www.digisol.com...
Page 525: Switchport Mode Private-Vlan
DG-FS4526 User Manual no private-vlan primary-vlan-id association • primary-vlan-id - ID of primary VLAN. (Range: 1-4094, no leading zeroes). • secondary-vlan-id - ID of secondary (i.e, community) VLAN. (Range: 1-4094, no leading zeroes). Default Setting None Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members.
Page 526: Switchport Private-Vlan Host-Association
Use this command to assign an interface to an isolated VLAN. Use the no form to remove this assignment. Syntax switchport private-vlan isolated isolated-vlan-id no switchport private-vlan isolated isolated-vlan-id - ID of isolated VLAN. (Range: 1-4094). 4-240 www.digisol.com...
Page 527: Switchport Private-Vlan Mapping
DG-FS4526 User Manual Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage Host ports assigned to a isolated VLAN cannot pass traffic between group members, and must communicate with resources outside of the group via a promiscuous port.
Page 528: Show Vlan Private-Vlan
• primary – Displays all primary VLANs, along with any assigned promiscuous interfaces. Default Setting None Command Mode Privileged Executive Example Console#show vlan private-vlan Primary Secondary Type Interfaces -------- ----------- ---------- ------------------------------ primary Eth1/ 3 community Eth1/ 4 Eth1/ 5 isolated Console# 4-242 www.digisol.com...
Page 529: Configuring Protocol-Based Vlans
DG-FS4526 User Manual Configuring Protocol-based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 530: Protocol-Vlan Protocol-Group (Configuring Interfaces)
• When a frame enters a port that has been assigned to a protocol VLAN, it is processed in the following manner: - If the frame is tagged, it will be processed according to the standard rules applied to tagged frames. 4-244 www.digisol.com...
Page 531: Show Protocol-Vlan Protocol-Group
DG-FS4526 User Manual - If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN. - If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface.
Page 532: Show Interfaces Protocol-Vlan Protocol-Group
Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2: Console#show interfaces protocol-vlan protocol-group Port ProtocolGroup ID Vlan ID ---------- ------------------ ----------- Eth 1/1 vlan2 Console# 4-246 www.digisol.com...
Page 533: Priority Commands
DG-FS4526 User Manual Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority...
Page 534: Switchport Priority Default
- The priority number for untagged ingress traffic. The priority is a number from 0 to 7. Seven is the highest priority. Default Setting The priority is not set, and the default value for untagged frames received on the interface is zero. 4-248 www.digisol.com...
Page 535: Queue Bandwidth
DG-FS4526 User Manual Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP DSCP, and default switchport priority. • The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and tagged frames).
Page 536: Queue Cos-Map
IEEE 802.1p standard as shown below. Table 4-68 Default CoS Values to Egress Queues Queue Priority Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage CoS values assigned at the ingress port are also used at the egress port. 4-250 www.digisol.com...
Page 537: Show Queue Mode
DG-FS4526 User Manual Example The following example shows how to change the CoS assignments: Console(config)#interface ethernet 1/1 Console(config-if)#queue cos-map 0 0 Console(config-if)#queue cos-map 1 1 Console(config-if)#queue cos-map 2 2 Console(config-if)#exit Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 Traffic Class : 0 1 2 3 4 5 6 7...
Page 538: Show Queue Cos-Map
Default Setting None Command Mode Privileged Exec Example Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 Traffic Class : 0 1 2 3 4 5 6 7 Priority Queue: 1 0 0 1 2 2 3 3 Console# 4-252 www.digisol.com...
Page 539: Priority Commands (Layer 3 And 4)
DG-FS4526 User Manual Priority Commands (Layer 3 and 4) Table 4-69 Priority Commands (Layer 3 and 4) Command Function Mode Page map ip dscp Configures IP DSCP to CoS queue mapping 4-253 map ip port Configures TCP port to CoS queue mapping...
Page 540: Map Ip Port
IP ports to port CoS queues. • The precedence for priority mapping is IP Port, IP Precedence/DSCP/TOS, and default switchport priority. • This command sets the IP port priority for all interfaces. 4-254 www.digisol.com...
Page 541: Map Ip Precedence
DG-FS4526 User Manual Example The following example shows how to map HTTP traffic to CoS queue 0, then enable the feature globally on the switch. Console(config)#map ip port 80 cos 0 Console(config)#map ip port Console(config)# map ip precedence Use this command to enable and set IP precedence priority mapping. Use the no form to disable the feature or restore a default setting.
Page 542: Map Ip Tos
• This command sets the IP TOS priority for all interfaces. • IP Precedence, IP DSCP, and IP TOS Priority cannot all be enabled at the same time. Enabling one of these priority types automatically disables the others. 4-256 www.digisol.com...
Page 543: Map Access-List Ip
DG-FS4526 User Manual Example The following example shows how to map IP TOS value 0 to CoS value 1 and enable the feature on the switch. Console(config)#map ip tos 0 cos 1 Console(config)#map ip tos map access-list ip This command sets the output queue for packets matching an IP ACL rule. Use the no form to remove the CoS queue mapping.
Page 544: Show Map Ip Dscp
Mapping Status: Disabled DSCP COS ---- --- Console# Related Commands map ip dscp (4-253) show map ip port Use this command to show the IP port priority map. Syntax show map ip port Command Mode Privileged Exec 4-258 www.digisol.com...
Page 545: Show Map Ip Precedence
DG-FS4526 User Manual Example The following shows that FTP traffic has been mapped to CoS value 2: Console#show map ip port TCP Port Mapping Status: Disabled Port no. COS -------- --- Console# Related Commands map ip port (4-254) show map ip precedence Use this command to show the IP precedence priority map.
Page 546: Show Map Access-List
• mac - Specifies MAC ACLs. • interface - ethernet unit/port - unit - This is device 1. - port - Port number. Command Mode Privileged Exec Example Console#show map access-list ip Eth 1/1 access-list ip aclname cos 3 Console# 4-260 www.digisol.com...
Page 547: Quality Of Service Commands
DG-FS4526 User Manual Quality of Service Commands The commands described in this section are used to configure Differentiated Services (DiffServ) classification criteria and service policies. You can classify traffic based on access lists, IP Precedence or DSCP values, or VLANs. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet.
Page 548 Example This example creates a class map call “rd_class,” and sets it to match packets marked for DSCP service value 3: Console(config)#class-map rd_class match-any Console(config-cmap)#match ip dscp 3 Console(config-cmap)# Related Commands show class map (4-268) 4-262 www.digisol.com...
Page 549: Match
DG-FS4526 User Manual match This command defines the criteria used to classify traffic. Use the no form to delete the matching criteria. Syntax [no] match {access-list acl-name | ip dscp dscp | ip precedence ip-precedence | vlan vlan} • acl-name - Name of the access control list. Any type of ACL can be specified, including standard or extended IP ACLs and MAC ACLs.
Page 550: Policy-Map
Policy Map Class configuration mode. Use the no form to delete a class map and return to Policy Map configuration mode. Syntax [no] class class-map-name class-map-name - Name of the class map. (Range: 1-16 characters) Default Setting None 4-264 www.digisol.com...
Page 551: Set
DG-FS4526 User Manual Command Mode Policy Map Configuration Command Usage • Use the policy-map command to specify a policy map and enter Policy Map configuration mode. Then use the class command to enter Policy Map Class configuration mode. And finally, use the set and police commands to specify the match criteria, where the: - set command classifies the service that an IP packet will receive.
Page 552: Police
• Policing is based on a token bucket, where bucket depth (i.e., the maximum burst before the bucket overflows) is by specified the burst-byte field, and the average rate at which tokens are removed from the bucket is specified by the rate-bps option. 4-266 www.digisol.com...
Page 553: Service-Policy
DG-FS4526 User Manual Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd_class,” uses the set command to classify the service that incoming packets will receive, and then uses the police command to limit the average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violating packets.
Page 554: Show Class-Map
[policy-map-name [class class-map-name]] • policy-map-name - Name of the policy map. (Range: 1-16 characters) • class-map-name - Name of the class map. (Range: 1-16 characters) Default Setting Displays all policy maps and all classes. Command Mode Privileged Exec 4-268 www.digisol.com...
Page 555: Show Policy-Map Interface
DG-FS4526 User Manual Example Console#show policy-map Policy Map rd_policy class rd_class set ip dscp 3 Console#show policy-map rd_policy class rd_class Policy Map rd_policy class rd_class set ip dscp 3 Console# show policy-map interface This command displays the service policy assigned to the specified interface.
Page 556: Voice Vlan
Voice VLAN. • The Voice VLAN ID cannot be modified when the global auto-detection status is enabled. Example The following example enables VoIP traffic detection and specifies the Voice VLAN ID as 1234. Console(config)#voice vlan 1234 Console(config)# 4-270 www.digisol.com...
Page 557: Voice Vlan Aging
DG-FS4526 User Manual voice vlan aging This command sets the Voice VLAN ID time out. Use the no form to restore the default. Syntax voice vlan aging minutes no voice vlan minutes - Specifies the port Voice VLAN membership time out.
Page 558: Switchport Voice Vlan
OUI or 802.1ab (LLDP). When OUI is selected, be sure to configure the MAC address ranges in the Telephony OUI list. Example The following example sets port 1 to Voice VLAN auto mode. Console(config)#interface ethernet 1/1 Console(config-if)#switchport voice vlan auto Console(config-if)# 4-272 www.digisol.com...
Page 559: Switchport Voice Vlan Rule
DG-FS4526 User Manual switchport voice vlan rule This command selects a method for detecting VoIP traffic on a port. Use the no form to disable the detection method on the port. Syntax [no] switchport voice vlan rule {oui | lldp} •...
Page 560: Switchport Voice Vlan Priority
The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is active for the port. Example The following example sets the CoS priority to 5 on port 1. Console(config)#interface ethernet 1/1 Console(config-if)#switchport voice vlan priority 5 Console(config-if)# 4-274 www.digisol.com...
Page 561: Show Voice Vlan
DG-FS4526 User Manual show voice vlan This command displays the Voice VLAN settings on the switch and the OUI Telephony list. Syntax show voice vlan {oui | status} • oui - Displays the OUI Telephony list. • status - Displays the global and port Voice VLAN settings.
Page 562: Multicast Filtering Commands
Shows the IGMP snooping and query configuration 4-278 show mac-address-table Shows the IGMP snooping MAC multicast list 4-28 multicast ip igmp snooping This command enables IGMP snooping on this switch. Use the no form to disable it. Syntax [no] ip igmp snooping 4-276 www.digisol.com...
Page 563: Ip Igmp Snooping Vlan Static
DG-FS4526 User Manual Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static This command adds a port to a multicast group. Use the no form to remove the port.
Page 564: Ip Igmp Snooping Leave-Proxy
IGMP leave packet only when the last dynamic member port leaves a multicast group. • The leave-proxy feature does not function when a switch is set as the querier. 4-278 www.digisol.com...
Page 565: Ip Igmp Snooping Immediate-Leave
DG-FS4526 User Manual Example Console(config)#ip igmp snooping leave-proxy Console(config)# ip igmp snooping immediate-leave This command immediately deletes a member port of a multicast service if a leave packet is received at that port and immediate-leave is enabled for the parent VLAN.
Page 566: Show Mac-Address-Table Multicast
• user - Display only the user-configured multicast entries. • igmp-snooping - Display only entries learned through IGMP snooping. Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER, depending on selected options. 4-280 www.digisol.com...
Page 567: Igmp Query Commands (Layer 2)
DG-FS4526 User Manual Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: Console#show mac-address-table multicast vlan 1 igmp-snooping VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------- 224.1.2.3 Eth1/11 IGMP Console# IGMP Query Commands (Layer 2) This section describes commands used to configure Layer 2 IGMP query on the switch.
Page 568: Ip Igmp Snooping Query-Count
This command configures the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) 4-282 www.digisol.com...
Page 569: Ip Igmp Snooping Query-Max-Response-Time
DG-FS4526 User Manual Default Setting 125 seconds Command Mode Global Configuration Example The following shows how to configure the query interval to 100 seconds: Console(config)#ip igmp snooping query-interval 100 Console(config)# ip igmp snooping query-max-response-time This command configures the query report delay. Use the no form to restore the default.
Page 570: Ip Igmp Snooping Router-Port-Expire-Time
This section describes commands used to configure static multicast routing on the switch. Table 4-78 Static Multicast Routing Commands Command Function Mode Page ip igmp snooping vlan Adds a multicast router port 4-285 mrouter show ip igmp snooping Shows multicast router ports 4-285 mrouter 4-284 www.digisol.com...
Page 571: Ip Igmp Snooping Vlan Mrouter
DG-FS4526 User Manual ip igmp snooping vlan mrouter This command statically configures a multicast router port. Use the no form to remove the configuration. Syntax [no] ip igmp snooping vlan vlan-id mrouter interface • vlan-id - VLAN ID (Range: 1-4094) •...
Page 572: Igmp Filtering And Throttling Commands
4-29 show ip igmp throttle interface Displays the IGMP throttling setting for interfaces 4-29 ip igmp filter (Global Configuration) This command globally enables IGMP filtering and throttling on the switch. Use the no form to disable the feature. 4-286 www.digisol.com...
Page 573: Ip Igmp Profile
DG-FS4526 User Manual Syntax [no] ip igmp filter Default Setting Disabled Command Mode Global Configuration Command Usage • IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port. An IGMP filter profile can contain one or more, or a range of multicast addresses;...
Page 574: Permit, Deny
• low-ip-address - A valid IP address of a multicast group or start of a group range. • high-ip-address - A valid IP address for the end of a multicast group range. Default Setting None Command Mode IGMP Profile Configuration Command Usage 4-288 www.digisol.com...
Page 575: Ip Igmp Filter (Interface Configuration)
DG-FS4526 User Manual Enter this command multiple times to specify more than one multicast address or address range for a profile. Example Console(config)#ip igmp profile 19 Console(config-igmp-profile)#range 239.1.1.1 Console(config-igmp-profile)#range 239.2.3.1 239.2.3.100 Console(config-igmp-profile)# ip igmp filter (Interface Configuration) This command assigns an IGMP filtering profile to an interface on the switch. Use the no form to remove a profile from an interface.
Page 576: Ip Igmp Max-Groups Action
IGMP join reports will be dropped. If the action is set to replace, the switch randomly removes an existing group and replaces it with the new multicast group. Example Console(config)#interface ethernet 1/1 Console(config-if)#ip igmp max-groups action replace Console(config-if)# 4-290 www.digisol.com...
Page 577: Show Ip Igmp Filter
DG-FS4526 User Manual show ip igmp filter This command displays the global and interface settings for IGMP filtering. Syntax show ip igmp filter [interface interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1) - port - Port number. (Range: 1-26) •...
Page 578: Show Ip Igmp Throttle Interface
(MVR). A single network-wide VLAN can be used to transmit multicast traffic (such as television channels) across a service provider’s network. Any multicast traffic entering an MVR VLAN is sent to all subscribers. This can significantly reduce to processing overhead required to dynamically monitor and establish the distribution 4-292 www.digisol.com...
Page 579: Mvr (Global Configuration)
DG-FS4526 User Manual tree for a normal multicast VLAN. Also note that MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong. Table 4-80 Multicast VLAN Registration Commands...
Page 580: Mvr (Interface Configuration)
IP address specified for an MVR multicast group. (Range: 224.0.1.0 - 239.255.255.255) Default Setting • The port type is not defined. • Immediate leave is disabled. • No receiver port is a member of any configured multicast group. Command Mode Interface Configuration (Ethernet, Port Channel) 4-294 www.digisol.com...
Page 581 DG-FS4526 User Manual Command Usage • A port which is not configured as an MVR receiver or source port can use IGMP snooping to join or leave multicast groups using the standard rules for multicast filtering. • MVR receiver ports cannot be members of a trunk. Receiver ports can belong to different VLANs, but should not be configured as a member of the MVR VLAN.
Page 582: Show Mvr
Shows the VLAN used to transport all MVR multicast traffic. MVR Max Multicast Groups Shows the maximum number of multicast groups which can assigned to the MVR VLAN. MVR Current multicast groups Shows the number of multicast groups currently assigned to the MVR VLAN. 4-296 www.digisol.com...
Page 583 DG-FS4526 User Manual The following displays information about the interfaces attached to the MVR VLAN: Console#show mvr interface Port Type Status Immediate Leave ------- -------- ------------- --------------- eth1/1 SOURCE ACTIVE/UP Disable eth1/2 RECEIVER ACTIVE/UP Disable eth1/5 RECEIVER INACTIVE/DOWN Disable eth1/6...
Page 584: Ip Interface Commands
You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the configuration program. 4-298 www.digisol.com...
Page 585: Ip Default-Gateway
DG-FS4526 User Manual • If you select the bootp or dhcp option, IP is enabled but will not function until a BOOTP or DHCP reply has been received. Requests will be broadcast periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, default gateway, and subnet mask).
Page 586: Ip Dhcp Restart
This command displays the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console# Related Commands show ip redirects (4-301) 4-300 www.digisol.com...
Page 587: Show Ip Redirects
DG-FS4526 User Manual show ip redirects This command shows the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Console#show ip redirects IP default gateway 10.1.0.254 Console# Related Commands ip default-gateway (4-299) ping This command sends ICMP echo request packets to another node on the network.
Page 588 10 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 packets received (100%), 0 packets lost (0%) Approximate round trip times: Minimum = 10 ms, Maximum = 20 ms, Average = 10 ms Console# Related Commands interface (4-150) 4-302 www.digisol.com...
Page 589: Dhcp Snooping Commands
DG-FS4526 User Manual DHCP Snooping Commands DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port-related information to a DHCP server. This information can be useful in tracking an IP address back to a physical port. This section describes commands used to configure DHCP snooping.
Page 590 ACK message from a DHCP server. Also, when the switch sends out DHCP client packets for itself, no filtering takes place. However, when the switch receives any messages from a DHCP server, any packets received 4-304 www.digisol.com...
Page 591: Ip Dhcp Snooping Vlan
DG-FS4526 User Manual from untrusted ports are dropped. Example This example enables DHCP snooping globally for the switch. Console(config)#ip dhcp snooping Console(config)# Related Commands ip dhcp snooping vlan (4-305) ip dhcp snooping trust (4-306) ip dhcp snooping vlan This command enables DHCP snooping on the specified VLAN. Use the no form to restore the default setting.
Page 592: Ip Dhcp Snooping Trust
DHCP server must be configured as trusted. Example This example sets port 5 to untrusted. Console(config)#interface ethernet 1/5 Console(config-if)#no ip dhcp snooping trust Console(config-if)# Related Commands ip dhcp snooping (4-303) ip dhcp snooping vlan (4-305) 4-306 www.digisol.com...
Page 593: Ip Dhcp Snooping Verify Mac-Address
DG-FS4526 User Manual ip dhcp snooping verify mac-address This command verifies the client’s hardware address stored in the DHCP packet against the source MAC address in the Ethernet header. Use the no form to disable this function. Syntax [no] ip dhcp snooping verify mac-address...
Page 594: Ip Dhcp Snooping Information Policy
DHCP Option 82 information, the switch can be configured to set the action policy for these packets. Either the switch can drop the DHCP packets, keep the existing information, or replace it with the switch’s relay information. Example Console(config)#ip dhcp snooping information policy drop Console(config)# 4-308 www.digisol.com...
Page 595: Ip Dhcp Snooping Database Flash
DG-FS4526 User Manual ip dhcp snooping database flash This command writes all dynamically learned snooping entries to flash memory. Command Mode Global Configuration Command Usage This command can be used to store the currently learned dynamic DHCP snooping entries to flash memory. These entries will be restored to the snooping table when the switch is reset.
Page 596: Show Ip Dhcp Snooping Binding
{sip | sip-mac} no ip source-guard • sip - Filters traffic based on IP addresses stored in the binding table. • sip-mac - Filters traffic based on IP addresses and corresponding MAC addresses stored in the binding table. 4-310 www.digisol.com...
Page 597 DG-FS4526 User Manual Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage • Source guard is used to filter traffic on an unsecure port which receives messages from outside the network or firewall, and therefore may be subject to traffic attacks caused by a host trying to use the IP address of a neighbor.
Page 598: Ip Source-Guard Binding
• Static bindings are processed as follows: - If there is no entry with same VLAN ID and MAC address, a new entry is added to binding table using the type of static IP source guard binding. 4-312 www.digisol.com...
Page 599: Show Ip Source-Guard
DG-FS4526 User Manual - If there is an entry with same VLAN ID and MAC address, and the type of entry is static IP source guard binding, then the new entry will replace the old one. - If there is an entry with same VLAN ID and MAC address, and the type of...
Page 600: Switch Cluster Commands
(the default is enabled), then set the switch as a Cluster Commander. Set a Cluster IP Pool that does not conflict with any other IP subnets in the network. Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander. 4-314 www.digisol.com...
Page 601: Cluster Commander
DG-FS4526 User Manual • Switch clusters are limited to a single IP subnet (Layer 2 domain). • A switch can only be a Member of one cluster. • Configured switch clusters are maintained across power resets and network changes. Example...
Page 602: Cluster Member
(Range: 1-36) Default Setting No Members Command Mode Global Configuration Command Usage • The maximum number of cluster Members is 36. The maximum number of switch Candidates is 100 • Example Console(config)#cluster member mac-address 00-17-7c-0a-e2-f1 id 5 Console(config)# 4-316 www.digisol.com...
Page 603: Rcommand
DG-FS4526 User Manual rcommand This command provides access to a cluster Member CLI for configuration. Syntax rcommand id <member-id> member-id - The ID number of the Member switch. (Range: 1-36) Command Mode Privileged Exec Command Usage • This command only operates through a Telnet connection to the Commander switch.
Page 604: Show Cluster Members
Page upnp device Enables/disables UPnP on the network 4-319 upnp device ttl Sets the time-to-live (TTL) value. 4-319 upnp device advertise Sets the advertisement duration of the device 4-320 duration show upnp Displays UPnP status and parameters 4-320 4-318 www.digisol.com...
Page 605: Upnp Device
DG-FS4526 User Manual upnp device This command enables UPnP on the device. Use the no form to disable UPnP. Syntax [no] upnp device} Default Setting Disabled Command Mode Global Configuration Command Usage You must enable UPnP before you can configure time out settings for sending of UPnP messages.
Page 606: Upnp Device Advertise Duration
Console(config)#upnp device advertise duration 200 Console(config)# Related Commands upnp device ttl (4-319) show upnp This command displays the UPnP management status and time out settings. Command Mode Privileged Exec Example Console#show upnp UPnP global settings: Status: Enabled Advertise duration: TTL: Console# 4-320 www.digisol.com...
Page 607: Appendix A: Software Specifications
Class of Service Supports 4 levels of priority and Weighted Round Robin Queueing (which can be configured by VLAN tag or port), Layer 3/4 priority mapping: IP DSCP, IP Precedence, IP TOS, IP Port Multicast Filtering IGMP Snooping (Layer 2) www.digisol.com...
Page 608: Management Features
IEEE 802.1w Rapid Spanning Tree Protocol IEEE 802.1X Port Authentication IEEE 802.3-2005 Ethernet, Fast Ethernet, Gigabit Ethernet Full-duplex flow control Link Aggregation Control Protocol IEEE 802.3ac VLAN tagging DHCP Client (RFC 1541) HTTPS IGMP (RFC 1112) IGMPv2 (RFC 2236) www.digisol.com...
Page 609: Management Information Bases
DG-FS4526 User Manual RADIUS+ (RFC 2618) RMON (RFC 1757 groups 1,2,3,9) SNMP (RFC 1157) SNMPv2 (RFC 2571) SNMPv3 (RFC DRAFT 3414, 3410, 2273, 3411, 3415) SNTP (RFC 2030) SSH (Version 2.0) TFTP (RFC 1350) Management Information Bases Bridge MIB (RFC 1493)
Page 610 Software Specifications www.digisol.com...
Page 611: Appendix B: Troubleshooting
8 data bits, 1 stop bit, no parity, and 9600 bps. serial port connection • Check that the null-modem serial cable conforms to the pin-out connections provided in the Installation Guide. Forgot or lost the password • Contact your local distributor. www.digisol.com...
Page 612: Using System Logs
Repeat the sequence of commands or other actions that lead up to the error. Make a list of the commands or circumstances that led to the fault. Also make a list of any error messages displayed. Contact your distributor’s service engineer. For example: Console(config)#logging on Console(config)#logging history flash 7 Console(config)#snmp-server host 192.168.1.23 www.digisol.com...
Page 613: Glossary
A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification. EAPOL is implemented as part of the IEEE 802.1X Port Authentication standard. www.digisol.com Glossary-1...
Page 614 Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication. IEEE 802.3ac Defines frame extensions for VLAN tagging. IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links. (Now incorporated in IEEE 802.3-2002) Glossary-2 www.digisol.com...
Page 615 DG-FS4526 User Manual IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. IGMP Query On each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong.
Page 616 SNMP, and can set alarms on a variety of traffic conditions, including specific error types. Rapid Spanning Tree Protocol (RSTP) reduces the convergence time for network topology changes to about 10% of RSTP that required by the older IEEE 802.1D STP standard. Glossary-4 www.digisol.com...
Page 617 DG-FS4526 User Manual Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services.
Page 618 LAN. XModem A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected. Glossary-6 www.digisol.com...
Page 619: Index
VLANs 3-163, 4-238 downloading software 3-19, 4-73 configuration settings, saving or DSCP restoring 2-8, 3-20, 4-73 enabling 3-186 console port, required connections 2-2 mapping priorities 3-187, 4-253 dynamic addresses, displaying 3-123, 4-176 dynamic VLAN assignment 3-85, 3-86, 4-111 www.digisol.com Index-1...
Page 620 MAC address authentication 3-84, Layer 2 3-207, 4-276 4-108 query 3-207, 4-281 main menu 3-4 query, Layer 2 3-209, 4-281 Management Information Bases snooping 3-207, 4-276 (MIBs) A-3 snooping, configuring 3-208, 4-276 mirror port, configuring 3-115, 4-162 ingress filtering 3-153, 4-228 www.digisol.com Index-2...
Page 621 DG-FS4526 User Manual MSTP 4-202 ports global settings 4-201 autonegotiation 3-101, 4-152 interface settings 4-201 broadcast storm threshold 3-113, multicast filtering 3-207, 3-220, 3-234, 4-156 4-276 capabilities 3-101, 4-153 multicast groups 3-213, 4-280 duplex mode 3-101, 4-151 displaying 4-280 flow control 3-101, 4-154...
Page 622 3-154, 4-227 STP Also see STA interface configuration 3-153, switchport dot1q-ethertype 4-235 4-228–4-231 switchport mode dot1q-tunnel 4-234 private 3-162, 3-168, 4-236 system clock, setting 3-33, 4-62 protocol 4-243 system logs 3-27 voice VLAN 4-269 VoIP traffic 4-269 www.digisol.com Index-4...
Page 623 DG-FS4526 User Manual Web interface access requirements 3-1 configuration buttons 3-3 home page 3-2 menu list 3-4 panel display 3-3 www.digisol.com Index-5...
Page 624 Index www.digisol.com Index-6...

Digisol DG-FS4526 Management Manual

Chapter 1: Introduction

Chapter 2: Initial Configuration

Chapter 3: Configuring the Switch

Quick Links

Related Manuals for Digisol DG-FS4526

Summary of Contents for Digisol DG-FS4526