Download Print this page

Edge-Core ES4612 Management Manual

Edge-Core ES4612 Management Manual

Gigabit ethernet switch

Table Of Contents

Table of Contents

Advertisement

Quick Links

Gigabit Ethernet Switch

Management Guide

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the ES4612 and is the answer not in the manual?

Questions and answers

Summary of Contents for Edge-Core ES4612

Page 1 Gigabit Ethernet Switch Management Guide...
Page 3: Management Guide
Management Guide Gigabit Ethernet Switch Layer 3 Workgroup Switch with 8 SFP Ports, and 4 Gigabit Combination (RJ-45/SFP) Ports...
Page 4 ES4612 F1.0.2.5 E092004-R01 150000046400A...
Page 5: Table Of Contents
Community Strings (for SNMP version 1 and 2c clients) Trap Receivers Configuring Access for SNMP Version 3 Clients Saving Configuration Settings Managing System Files Chapter 3: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page Configuration Options...
Page 6 Contents Console Port Settings Telnet Settings Configuring Event Logging System Log Configuration Remote Log Configuration Displaying Log Messages Resetting the System Setting the System Clock Configuring SNTP Setting the Time Zone Simple Network Management Protocol Enabling the SNMP Agent Setting Community Access Strings Specifying Trap Managers and Trap Types Configuring SNMPv3 Management Access Setting an Engine ID...
Page 7 Port Configuration Displaying Connection Status Configuring Interface Connections Creating Trunk Groups Statically Configuring a Trunk Enabling LACP on Selected Ports Configuring LACP Parameters Displaying LACP Port Counters Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Setting Broadcast Storm Thresholds Configuring Port Mirroring Configuring Rate Limits...
Page 8 Contents Selecting the Queue Mode Setting the Service Weight for Traffic Classes Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority Mapping IP Precedence Mapping DSCP Priority Mapping IP Port Priority Mapping CoS Values to ACLs Changing Priorities Based on ACL Rules Multicast Filtering IGMP Protocol...
Page 9 Configuring IP Routing Interfaces Address Resolution Protocol Proxy ARP Basic ARP Configuration Configuring Static ARP Addresses Displaying Dynamically Learned ARP Entries Displaying Local ARP Entries Displaying ARP Statistics Displaying Statistics for IP Protocols IP Statistics ICMP Statistics UDP Statistics TCP Statistics Configuring Static Routes Displaying the Routing Table Configuring the Routing Information Protocol...
Page 10 Contents Displaying Neighbor Information Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands...
Page 11 System Management Commands Device Designation Commands prompt hostname User Access Commands username enable password IP Filter Commands management show management Web Server Commands ip http port ip http server ip http secure-server ip http secure-port Telnet Server Commands ip telnet port ip telnet server Secure Shell Commands ip ssh server...
Page 12 Contents Time Commands sntp client sntp server sntp poll show sntp clock timezone calendar set show calendar System Status Commands show startup-config show running-config show system show users show version Frame Size Commands jumbo frame Flash/File Commands copy delete whichboot boot system Authentication Commands Authentication Sequence...
Page 13 dot1x operation-mode dot1x re-authenticate dot1x re-authentication dot1x timeout quiet-period dot1x timeout re-authperiod dot1x timeout tx-period show dot1x Access Control List Commands IP ACLs access-list ip permit, deny (Standard ACL) permit, deny (Extended ACL) show ip access-list access-list ip mask-precedence mask (IP ACL) show access-list ip mask-precedence ip access-group show ip access-group...
Page 14 Contents snmp-server engine-id show snmp engine-id snmp-server view show snmp view snmp-server group show snmp group snmp-server user show snmp user snmp ip filter DHCP Commands DHCP Client ip dhcp client-identifier ip dhcp restart client DHCP Relay ip dhcp restart relay ip dhcp relay server DHCP Server service dhcp...
Page 15 Interface Commands interface description speed-duplex negotiation capabilities media-type shutdown switchport broadcast packet-rate clear counters show interfaces status show interfaces counters show interfaces switchport Mirror Port Commands port monitor show port monitor Rate Limit Commands rate-limit Link Aggregation Commands channel-group lacp Address Table Commands mac-address-table static clear mac-address-table dynamic...
Page 16 Contents spanning-tree edge-port spanning-tree portfast spanning-tree link-type spanning-tree mst cost spanning-tree mst port-priority spanning-tree protocol-migration show spanning-tree show spanning-tree mst configuration VLAN Commands Editing VLAN Groups vlan database vlan Configuring VLAN Interfaces interface vlan switchport mode switchport acceptable-frame-types switchport ingress-filtering switchport native vlan switchport allowed vlan switchport forbidden vlan...
Page 17 show queue cos-map Priority Commands (Layer 3 and 4) map ip port (Global Configuration) map ip port (Interface Configuration) map ip precedence (Global Configuration) map ip precedence (Interface Configuration) map ip dscp (Global Configuration) map ip dscp (Interface Configuration) show map ip port show map ip precedence show map ip dscp Multicast Filtering Commands...
Page 18 Contents arp-timeout clear arp-cache show arp ip proxy-arp IP Routing Commands Global Routing Configuration ip routing ip route clear ip route show ip route show ip host-route show ip traffic Routing Information Protocol (RIP) router rip timers basic network neighbor version ip rip receive version ip rip send version...
Page 19 ip ospf hello-interval ip ospf priority ip ospf retransmit-interval ip ospf transmit-delay show ip ospf show ip ospf border-routers show ip ospf database show ip ospf interface show ip ospf neighbor show ip ospf summary-address show ip ospf virtual-links Multicast Routing Commands Static Multicast Routing Commands ip igmp snooping vlan mrouter show ip igmp snooping mrouter...
Page 20 Contents Router Redundancy Commands Virtual Router Redundancy Protocol Commands vrrp ip vrrp authentication vrrp priority vrrp timers advertise vrrp preempt show vrrp show vrrp interface show vrrp router counters show vrrp interface counters clear vrrp router counters clear vrrp interface counters Hot Standby Router Protocol Commands standby ip standby priority...
Page 21 Tables Table 1-1 Key Features Table 1-2 System Defaults Table 3-1 Web Page Configuration Buttons Table 3-2 Switch Main Menu Table 3-3 Logging Levels Table 3-4 SNMPv3 Security Models and Levels Table 3-5 HTTPS System Support Table 3-6 802.1x Statistics...
Page 22 Tables Table 4-18 show logging flash - display description Table 4-19 show logging trap - display description Table 4-20 SMTP Alert Commands Table 4-21 Time Commands Table 4-22 System Status Commands Table 4-23 Frame Size Commands Table 4-24 Flash/File Commands Table 4-25 File Directory Information Table 4-26...
Page 23 Table 4-63 Priority Commands Table 4-64 Priority Commands (Layer 2) Table 4-65 Default CoS Priority Levels Table 4-66 Priority Commands (Layer 3 and 4) Table 4-67 Mapping IP Precedence to CoS Values Table 4-68 Mapping IP DSCP to CoS Values Table 4-69 Multicast Filtering Commands Table 4-70...
Page 24 Tables Table 4-108 VRRP Commands Table 4-110 show vrrp brief - display description Table 4-109 show vrrp - display description Table 4-111 HSRP Commands Table 4-112 show standby - display description Table 4-113 show standby brief - display description Table B-1 Troubleshooting Chart xxiv 4-311...
Page 25 Figures Figure 3-1 Home Page Figure 3-2 Front Panel Indicators Figure 3-3 System Information Figure 3-4 Switch Information Figure 3-5 Bridge Extension Configuration Figure 3-6 IP Interface Configuration - Manual Figure 3-7 Default Gateway Figure 3-8 IP Interface Configuration - DHCP...
Page 26 Figures Figure 3-42 ACL Configuration - Extended IP Figure 3-43 ACL Configuration - MAC Figure 3-44 ACL Mask Configuration Figure 3-45 ACL Mask Configuration - IP Figure 3-46 ACL Mask Configuration - MAC Figure 3-47 ACL Port Binding Figure 3-48 Port - Port Information Figure 3-49 Port - Port Configuration...
Page 27 Figure 3-87 IP DSCP Priority Figure 3-88 IP Port Priority Status Figure 3-89 IP Port Priority Figure 3-90 ACL CoS Priority Figure 3-91 ACL Marker Figure 3-92 IGMP Configuration Figure 3-93 Multicast Router Port Information Figure 3-94 Static Multicast Router Port Configuration Figure 3-95 IP Multicast Registration Table Figure 3-96...
Page 28 Figures Figure 3-132 OSPF Area Configuration Figure 3-133 OSPF Range Configuration Figure 3-134 OSPF Interface Configuration Figure 3-135 OSPF Interface Configuration - Detailed Figure 3-136 OSPF Virtual Link Configuration Figure 3-137 OSPF Network Area Address Configuration Figure 3-138 OSPF Summary Address Configuration Figure 3-139 OSPF Redistribute Configuration Figure 3-140 OSPF NSSA Settings Figure 3-141 OSPF Link State Database Information...
Page 29: Chapter 1: Introduction
Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
Page 30: Description Of Software Features
Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings. Authentication – This switch authenticates management access via the console port, Telnet or web browser.
Page 31 Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Page 32 GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: •...
Page 33 When a host sends an ARP request for a remote network, the switch checks to see if it has the best route. If it does, it sends its own MAC address to the host. The host then sends traffic for the remote destination via the switch, which uses its own routing table to reach the destination on the other network.
Page 34: System Defaults
While Sparse mode is designed for network areas, such as the Wide Area Network, where the probability of multicast clients is low. This switch currently supports DVMRP and PIM-DM. System Defaults The switch’s system defaults are provided in the configuration file...
Page 35 Table 1-2 System Defaults (Continued) Function Parameter Web Management HTTP Server HTTP Port Number HTTP Secure Server HTTP Secure Port Number SNMP Community Strings Traps SNMP V3 Port Configuration Admin Status Auto-negotiation Flow Control Port Capability SFP/Module Port Capability Rate Limiting Input and output limits Port Trunking Static Trunks...
Page 36 Introduction Table 1-2 System Defaults (Continued) Function Parameter Spanning Tree Status Protocol Fast Forwarding (Edge Port) Address Table Aging Time Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Switchport Mode (Egress Mode) GVRP (global) GVRP (port interface) Traffic Prioritization Ingress Port Priority Weighted Round Robin IP Precedence Priority...
Page 37 Table 1-2 System Defaults (Continued) Function Parameter Router Redundancy HSRP VRRP Multicast Filtering IGMP Snooping (Layer 2) IGMP (Layer 3) Multicast Routing DVMRP PIM-DM System Log Status Messages Logged Messages Logged to Flash SMTP Email Alerts Event Handler SNTP Clock Synchronization System Defaults Default Disabled...
Page 38 Introduction 1-10...
Page 39: Chapter 2: Initial Configuration
The switch’s HTTP web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s web management interface can be accessed from any computer attached to the network.
Page 40: Required Connections
Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide.
Page 41: Remote Connections
IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol. The IP address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address”...
Page 42: Setting Passwords
This can be done in either of the following ways: Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.
Page 43: Dynamic Configuration
“netmask” is the network mask for the network. Press <Enter>. Type “exit” to return to the global configuration mode prompt. Press <Enter>. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway.
Page 44: Enabling Snmp Management Access
When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.
Page 45: Trap Receivers
• private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects. To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings.
Page 46: Configuring Access For Snmp Version 3 Clients
Console(config)# For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to “Simple Network Management Protocol” on page 3-35, or refer to the specific CLI commands for SNMP starting on page 4-113.
Page 47: Managing System Files
The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
Page 48 Initial Configuration 2-10...
Page 49: Figure
(Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Note: You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Chapter 4: “Command Line Interface.”...
Page 50: Navigating The Web Browser Interface
The default user name and password for the administrator is “admin.” Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side.
Page 51: Configuration Options
Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control). Clicking on the image of a port opens the Port Configuration page as described on page 3-81.
Page 52: Figure
Configuring the Switch Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu...
Page 53: Figure
Table 3-2 Switch Main Menu (Continued) Menu Security User Accounts Authentication Settings HTTPS Settings Settings Host-Key Settings Port Security 802.1x Information Configuration Port Configuration Statistics Configuration Mask Configuration Port Binding IP Filter Port Port Information Trunk Information Port Configuration Trunk Configuration...
Page 54: Figure
Configures trunk settings for a specified MST instance Enables GVRP VLAN registration protocol Displays information on the VLAN type supported by this switch Shows the current port members of each VLAN and whether or not the port is tagged or untagged...
Page 55: Figure
Table 3-2 Switch Main Menu (Continued) Menu Static Membership Port Configuration Trunk Configuration Private VLAN Status Link Status Protocol VLAN Configuration Port Configuration Priority Default Port Priority Default Trunk Priority Traffic Classes Traffic Classes Status Queue Mode Queue Scheduling IP Precedence/...
Page 56: Figure
Interface Settings Group Membership Statistics ICMP Description Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID Indicates multicast addresses associated with the selected VLAN Enables DNS; configures domain name and domain list; and specifies IP address of name servers for dynamic lookup...
Page 57: Figure
Shows all routing entries, including local, static and dynamic routes Globally enables multicast routing Shows each multicast route this switch has learned Configures VRRP groups, including virtual interface address, advertisement interval, preemption, priority, and authentication Displays global statistics for VRRP protocol packet errors...
Page 58: Figure
Enables/disables DVMRP per interface and sets the route metric Displays neighboring DVMRP routers Displays DVMRP routing information Enables or disables PIM-DM globally for the switch Enables or disables PIM-DM per interface, configures protocol settings for hello, prune and graft messages...
Page 59: Basic Configuration
Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system.
Page 60: Displaying Switch Hardware/Software Versions
• Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master (i.e., operating stand-alone). 3-12 : R&D 5...
Page 61: Figure 3-4 Switch Information
These additional parameters are displayed for the CLI. • Unit ID – Unit number in stack. • Redundant Power Status – Displays the status of the redundant power supply. Web – Click System, Switch Information. CLI – Use the following command to display version information. Console#show version...
Page 62: Displaying Bridge Extension Capabilities
GMRP (GARP Multicast Registration Protocol). • Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 3-138.) • Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses.
Page 63: Figure
This section describes how to configure an initial IP interface for management access over the network. The IP address for this switch is obtained via DHCP by default. To manually configure an address, you need to change the switch’s default settings to values that are compatible with your network.
Page 64: Manual Configuration
• VLAN – ID of the configured VLAN (1-4094, no leading zeroes). By default, all ports on the switch are members of VLAN 1. However, the management station can be attached to a port belonging to any VLAN, as long as that VLAN has been assigned an IP address.
Page 65: Figure 3-7 Default Gateway
Click IP, Global Setting. If this switch and management stations exist on other network segments, then specify the default gateway, and click Apply. CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.253 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254...
Page 66: Using Dhcp/Bootp
If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service via the CLI. 3-18...
Page 67: Managing Firmware
You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.
Page 68: Downloading System Software From A Server
IP address of the TFTP server, set the file type to “opcode,” enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Apply. If you replaced the current firmware used for startup and want to start using the new operation code, reboot the system via the System/Reset menu.
Page 69: Figure 3-11 Deleting Files
TFTP server, select “config” as the file type, then enter the source and destination file names. When the file has finished downloading, set the new file to start up the system, and then restart the switch. To start the new firmware, enter the “reload” command or reboot the system Console#copy tftp file TFTP server ip address: 10.1.0.19...
Page 70: Saving Or Restoring Configuration Settings
• File Transfer Method – The configuration copy operation includes these options: - file to file – Copies a file within the switch directory, assigning it a new name. - file to running-config – Copies a file in the switch to the running configuration.
Page 71: Downloading Configuration Settings From A Server
“tftp to file,” and enter the IP address of the TFTP server. Specify the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Apply.
Page 72: Figure
Configuring the Switch CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.19...
Page 73: Figure 3-14 Configuring The Console Port
• Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Auto; Default: Auto) •...
Page 74: Figure
• Telnet Status – Enables or disables Telnet access to the switch. (Default: Enabled) • Telnet Port Number – Sets the TCP port number for Telnet on the switch. (Default: 23) • Login Timeout – Sets the interval that the system waits for a user to log into the CLI.
Page 75: Figure 3-15 Configuring The Telnet Interface
• Password Threshold – Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts) •...
Page 76: Figure
Console# Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.
Page 77: Table 3-3 Logging Levels
* There are only Level 2, 5 and 6 error messages for the current firmware release. • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM.
Page 78: Figure
The attribute specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to process messages, such as sorting or storing messages in the corresponding database.
Page 79: Figure 3-17 Remote Logs
Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove. CLI –...
Page 80: Displaying Log Messages
Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.
Page 81: Setting The System Clock
You can also manually set the clock using the CLI. (See “calendar set” on page 4-57.) If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
Page 82: Setting The Time Zone
Configuring the Switch CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings. Console(config)#sntp client Console(config)#sntp poll 16 Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2 Console(config)#exit Console#show sntp Current time: 6 14:56:05 2004...
Page 83: Figure
MIB specifications and the protocol used to access this information over the network. The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports.
Page 84: Enabling The Snmp Agent
For security reasons, you should consider removing the default strings. Command Attributes • SNMP Community Capability – The switch supports up to five community strings. • Community String – A community string that acts like a password and permits access to the SNMP protocol.
Page 85: Specifying Trap Managers And Trap Types
Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as HP OpenView).
Page 86: Configuring Snmpv3 Management Access
Setting an Engine ID An SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects against message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets.
Page 87: Configuring Snmpv3 Users
A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engineID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users.
Page 88: Figure 3-26 Configuring Snmpv3 Users
Configuring the Switch • Privacy – The encryption algorithm use for data privacy; only 56-bit DES is currently available • Actions – Enables the user to be assigned to another SNMPv3 group. Web – Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list.
Page 89: Figure
CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user chris group r&d v3 auth md5 greenpeace priv des56 einstien Console(config)#exit Console#show snmp user EngineId: 80000034030001f488f5200000 User Name: chris Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile...
Page 90: Figure 3-27 Configuring Snmpv3 Groups
Configuring the Switch Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a security model and level, and then select read and write views. Click Add to save the new group and return to the Groups list.
Page 91: Setting Snmpv3 Views
Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view. Click Back to save the new view and return to the SNMPv3 Views list.
Page 92: Figure
Row Status: active Console# User Authentication You can restrict management access to this switch using the following options: • User Accounts – Manually configure access rights for specified users. • Authentication Settings – Use remote authentication to configure access rights.
Page 93: Figure 3-29 User Accounts
Command Attributes • Account List – Shows the list of users that are allowed management access. (Defaults: admin, and guest) • New Account – Displays configuration settings for a new account. - User Name – The name of the user. (Maximum length: 8 characters;...
Page 94: Figure
Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.
Page 95: Figure 3-30 Authentication Server Settings
- Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2) - Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5) •...
Page 96: Figure
Command Usage • Both the HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure both services to use the same UDP port. • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] •...
Page 97: Replacing The Default Secure-Site Certificate
If you want this warning to be replaced by a message confirming that the connection to the switch is secure, you must obtain a unique certificate and a private key and password from a recognized certification authority.
Page 98: Configuring The Secure Shell
Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 99: Figure
Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access it. The following exchanges take place during this process: The client sends its public key to the switch.
Page 100: Figure
A host public/private key pair is used to provide secure communications between an SSH client and the switch. After generating this key pair, you must provide the host public key to SSH clients and import the client’s public key to the switch as described in the preceding section (Command Usage).
Page 101: Figure 3-32 Ssh Host-Key Settings
Web – Click Security, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key, and then click Generate. CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys.
Page 102: Configuring The Ssh Server
The SSH server includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Enabled) • Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
Page 103: Figure
Console# Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
Page 104: Figure 3-34 Port Security
Configuring the Switch • If a port is disabled (shut down) due to a security violation, it must be manually re-enabled from the Port/Port Configuration page (page 3-81). Command Attributes • Port – Port number. • Name – Descriptive text (page 4-150).
Page 105: Configuring 802.1X Port Authentication
(i.e., Authenticator) responds with an EAPOL identity request. The client provides its identity (such as a user name) in an EAPOL response to the switch, which it forwards to the RADIUS server. The RADIUS server verifies the client identity and sends an access challenge back to the client.
Page 106: Figure
EAP request packet to the client before it times out the authentication session. • Timeout for Quiet Period – Indicates the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client.
Page 107: Figure 3-35 802.1X Information
Web – Click 802.1x, Information. CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the CLI, see “show dot1x” on page 4-85. Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: quiet-period: tx-period:...
Page 108: Configuring 802.1X Global Settings
EAP request packet to the client before it times out the authentication session. (Range: 1-10; Default 2) • Timeout for Quiet Period – Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client.
Page 109: Configuring Port Authorization Mode
Web – Select Security, 802.1x, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, and then click Apply. CLI – This enables re-authentication and sets all of the global parameters for dot1x. Console(config)#dot1x re-authentication Console(config)#dot1x max-req 5...
Page 110: Displaying 802.1X Statistics
Console(config)#interface ethernet 1/2 Console(config-if)#dot1x port-control auto Console(config-if)#dot1x operation-mode multi-host max-count 10 Console(config-if)# Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Parameter Rx EAPOL Start Rx EAPOL Logoff Rx EAPOL Invalid Rx EAPOL Total...
Page 111: Figure 3-38 802.1X Statistics
Parameter Rx EAP Resp/Oth Rx EAP LenError Rx Last EAPOLVer Rx Last EAPOLSrc Tx EAPOL Total Tx EAP Req/Id Tx EAP Req/Oth Web – Select Security, 802.1x, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. Table 3-6 802.1x Statistics (Continued) Description The number of valid EAP Response frames (other than Resp/Id frames)
Page 112: Filtering Ip Addresses For Management Access
• If anyone tries to access a management interface on the switch from an invalid address, the switch will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.
Page 113: Figure 3-39 Ip Filter
Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add IP Filtering Entry. CLI – This example restricts management access for Telnet clients. Console(config)#management telnet-client 192.168.1.19 Console(config)#management telnet-client 192.168.1.25 192.168.1.30 Console(config)#exit Console#show management all-client...
Page 114: Access Control Lists
Otherwise, the bind operation will fail. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in an ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
Page 115: Setting The Acl Name And Type
Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 characters) • Type – There are three filtering modes: - Standard: IP ACL mode that filters packets based on the source IP address.
Page 116: Figure 3-41 Acl Configuration - Standard Ip
Configuring the Switch and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 117: Configuring An Extended Ip Acl
Configuring an Extended IP ACL Command Attributes • Action – An ACL can contain either all permit rules or all deny rules. (Default: Permit rules) • Source/Destination Address Type – Specifies the source or destination IP address. Use “Any” to include all possible addresses, “Host” to specify a specific host address in the Address field, or “IP”...
Page 118: Figure 3-42 Acl Configuration - Extended Ip
Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 119: Configuring A Mac Acl
Configuring a MAC ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) • Source/Destination Address Type – Use “Any” to include all possible addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an address range with the Address and Bitmask fields.
Page 120: Figure 3-43 Acl Configuration - Mac
Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexidecimal bitmask for an address range.
Page 121: Configuring Acl Masks
You must specify masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL.
Page 122: Configuring An Ip Acl Mask
Configuring the Switch Configuring an IP ACL Mask This mask defines the fields to check in the IP header. Command Usage • Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes.
Page 123: Figure 3-45 Acl Mask Configuration - Ip
Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address, a specific host address, or an address range. Include other criteria to search for in the rules, such as a protocol type or one of the service types.
Page 124: Configuring A Mac Acl Mask
Configuring the Switch Configuring a MAC ACL Mask This mask defines the fields to check in the packet header. Command Usage You must configure a mask for an ACL rule before you can bind it to a port. Command Attributes •...
Page 125: Binding A Port To An Access Control List
Otherwise, the bind operation will fail. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in an ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
Page 126: Port Configuration
Configuring the Switch Web – Click Security, ACL, Port Binding. Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic, select the required ACL from the drop-down list, then click Apply.
Page 127: Figure 3-48 Port - Port Information
• Port type – Indicates the port type. (1000BASE-T or SFP) • MAC address – The physical layer address for this port. (To access this item on the web, see “Setting the Switch’s IP Address” on page 3-15.) Configuration: • Name – Interface label.
Page 128 Configuring the Switch • Flow control – Shows if flow control is enabled or disabled. • LACP – Shows if LACP is enabled or disabled. • Port Security – Shows if port security is enabled or disabled. • Max MAC count – Shows the maximum number of MAC address that can be learned by a port.
Page 129: Configuring Interface Connections
- FC - Supports flow control Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.
Page 130: Figure 3-49 Port - Port Configuration
Configuring the Switch Note: Auto-negotiation must be disabled before you can configure or force the interface to use the Speed/Duplex Mode or Flow Control options. Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.
Page 131: Figure
LACP-configured ports on another device. You can configure any number of ports on the switch as LACP, as long as they are not already configured as part of a static trunk. If ports on another device are also configured as LACP, the switch and the other device will negotiate a trunk link between them.
Page 132: Statically Configuring A Trunk
Web – Click Trunk, Trunk Membership. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply.
Page 133: Figure
ID. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. • All ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation.
Page 134: Figure 3-51 Lacp Trunk Configuration
Configuring the Switch Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply. Figure 3-51 LACP Trunk Configuration CLI –...
Page 135: Configuring Lacp Parameters
- Ports must be configured with the same system priority to join the same LAG. - System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.
Page 136: Figure 3-52 Lacp - Aggregation Port
Configuring the Switch Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply.
Page 137: Displaying Lacp Port Counters
Displaying LACP Port Counters You can display statistics for LACP protocol messages. Parameter LACPDUs Sent LACPDUs Received Marker Sent Marker Received LACPDUs Unknown Pkts LACPDUs Illegal Pkts Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information.
Page 138: Displaying Lacp Settings And Status For The Local Side
Configuring the Switch Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation. Table 3-8 Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port.
Page 139: Figure 3-54 Lacp - Port Internal Information
Port Configuration Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information. Figure 3-54 LACP - Port Internal Information CLI – This function is not supported by the CLI. 3-91...
Page 140: Displaying Lacp Settings And Status For The Remote Side
Configuring the Switch Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Table 3-9 Neighbor Configuration Information Field Description Partner Admin System ID LAG partner’s system ID assigned by the user.
Page 141: Setting Broadcast Storm Thresholds
• Broadcast Storm Control is enabled by default. • The default threshold is 500 packets per second. • Broadcast control does not effect IP multicast traffic. • The specified threshold applies to all ports on the switch. Command Attributes • Port – Port number.
Page 142 Configuring the Switch CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2. Console(config)#interface ethernet 1/1 Console(config-if)#no switchport broadcast...
Page 143: Configuring Port Mirroring
Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Command Usage •...
Page 144: Configuring Rate Limits
Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
Page 145: Showing Port Statistics
This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of different frame types and sizes passing through each port.
Page 146 Configuring the Switch Parameter Transmit Discarded Packets Transmit Errors Etherlike Statistics Alignment Errors Late Collisions FCS Errors Excessive Collisions Single Collision Frames Internal MAC Transmit Errors Multiple Collision Frames Carrier Sense Errors SQE Test Errors Frames Too Long Deferred Transmissions...
Page 147 Table 3-10 Port Statistics (Continued) Parameter Received Frames Broadcast Frames Multicast Frames CRC/Alignment Errors Undersize Frames Oversize Frames Fragments 64 Bytes Frames 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames Description The total number of frames (bad, broadcast and multicast) received.
Page 148: Figure 3-59 Port Statistics
Configuring the Switch Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 3-59 Port Statistics 3-100...
Page 149: Address Table Settings
Setting Static Addresses A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 150: Displaying The Address Table
Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port.
Page 151: Figure 3-61 Dynamic Addresses
Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query. CLI – This example also displays the address table entries for port 1. Console#show mac-address-table interface ethernet 1/1 Interface Mac Address --------- ----------------- ---- -----------------...
Page 152: Changing The Aging Time
This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
Page 153: Displaying Global Settings
STA Information screen. Field Attributes • Spanning Tree State – Shows if the switch is enabled to participate in an STA-compliant network. • Bridge ID – A unique identifier for this bridge, consisting of the bridge priority and MAC address (where the address is taken from the switch system).
Page 154 Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.
Page 155: Figure 3-63 Sta Information
information that would make it return to a discarding state; otherwise, temporary data loops might result. • Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. •...
Page 156: Configuring Global Settings
RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 157 • Spanning Tree State – Enables/disables STA on this switch. (Default: Enabled) • Spanning Tree Type – Specifies the type of spanning tree used on this switch: - STP: Spanning Tree Protocol (IEEE 802.1D); i.e., when this option is selected, the switch will use RSTP set to STP forced compatibility mode).
Page 158 Configuration Settings for MSTP • Max Instance Numbers – The maximum number of MSTP instances to which this switch can be assigned. (Default: 65) • Configuration Digest – An MD5 signature key that contains the VLAN ID to MST ID mapping table. In other words, this key is a mapping of all VLANs to the CIST.
Page 159: Figure 3-64 Sta Configuration
Spanning Tree Algorithm Configuration Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. Figure 3-64 STA Configuration 3-111...
Page 160: Displaying Interface Settings
- A port on a network segment with no other STA compliant bridging device is always forwarding. - If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
Page 161 • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface. This parameter is determined by manual configuration or by auto-detection, as described for Admin Link Type in STA Port Configuration on page 3-115. •...
Page 162: Figure 3-65 Sta Port Information
• Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops.
Page 163: Configuring Interface Settings
• Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This...
Page 164 • Point-to-Point – A connection to exactly one other bridge. • Shared – A connection to two or more bridges. • Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media. (This is the default setting.) •...
Page 165: Configuring Multiple Spanning Trees
By default all VLANs are assigned to the Internal Spanning Tree (MST Instance 0) that connects all bridges and LANs within the MST region. This switch supports up to 65 instances. You should try to group VLANs which cover the same general area of your network.
Page 166: Command Attributes
Configuring the Switch To ensure that the MSTI maintains connectivity across the network, you must configure a related set of bridges with the same MSTI settings. Command Attributes • MST Instance – Instance identifier of this spanning tree. (Default: 0) •...
Page 167 CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 2 Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Instance Vlans configuration Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.)
Page 168: Displaying Interface Settings For Mstp
Configuring the Switch Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance. Field Attributes • MST Instance ID – Instance identifier to configure. (Range: 0-57; Default: 0) The other attributes are described under “Displaying Interface Settings,”...
Page 169: Configuring Interface Settings For Mstp
• Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.
Page 170: Figure 3-69 Mstp Port Configuration
Configuring the Switch • MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.) Note that when the Path Cost Method is set...
Page 171: Vlan Configuration
• Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs.
Page 172 VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port). But if the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.
Page 173: Forwarding Tagged/Untagged Frames
VLAN-aware devices (including the destination host), the switch must first strip off the VLAN tag before forwarding the frame. When the switch receives a tagged frame, it will pass this frame onto the VLAN(s) indicated by the frame tag.
Page 174: Enabling Or Disabling Gvrp (Global Setting)
VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. (Default: Disabled) Web – Click VLAN, 802.1Q VLAN, GVRP Status. Enable or disable GVRP, click Apply CLI –...
Page 175: Displaying Current Vlans
• VLAN ID – ID of configured VLAN (1-4094). • Up Time at Creation – Time this VLAN was created (i.e., System Up Time). • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP.
Page 176: Creating Vlans
Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes •...
Page 177: Adding Static Members To Vlans (Vlan Index)
Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol.
Page 178: Figure 3-74 Vlan Static Table - Adding Static Members
Configuring the Switch Command Attributes • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational.
Page 179: Adding Static Members To Vlans (Port Index)
CLI – The following example adds tagged and untagged ports to VLAN 2. Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 2 tagged Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#switchport allowed vlan add 2 untagged Console(config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#switchport allowed vlan add 2 tagged Console(config-if)# Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the...
Page 180: Configuring Vlan Behavior For Interfaces
STP. However, they do affect VLAN dependent BPDU frames, such as GMRP. • GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect. (See “Displaying Bridge Extension Capabilities” on page 3-14.) When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.
Page 181: Figure 3-76 Vlan Port Configuration
Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-3000 centiseconds; Default: 60) • GARP LeaveAll Timer message for VLAN group participants and the port leaving the group. This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group.
Page 182: Configuring Private Vlans
VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) Enabling Private VLANs Use the Private VLAN Status page to enable/disable the Private VLAN function.
Page 183: Configuring Uplink And Downlink Ports
Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports.
Page 184: Configuring Protocol Groups
Configuring the Switch Configuring Protocol Groups Create a protocol group for one or more protocols. Command Attributes • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • Frame Type – Frame type used by this protocol. (Options: Ethernet, RFC_1042, SNAP_8021h, SNAP_other, LLC_other) •...
Page 185: Figure 3-80 Protocol Vlan Port Configuration
- If the frame is untagged and the protocol type matches, the frame is forwarded to the appropriate VLAN. - If the frame is untagged but the protocol type does not match, the frame is forwarded to the default VLAN for this interface. Command Attributes •...
Page 186: Class Of Service Configuration
Layer 2 Queue Settings Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port.
Page 187: Figure 3-81 Default Port Priority
Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 Console(config-if)#end Console#show interfaces switchport ethernet 1/5 Information of Eth 1/5...
Page 188: Mapping Cos Values To Egress Queues
The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network.
Page 189: Figure 3-82 Traffic Classes
Priority Queue: 0 1 2 3 4 5 6 7 Mapping specific values for CoS priorities is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch. Class of Service Configuration Figure 3-82 Traffic Classes...
Page 190: Selecting The Queue Mode
Configuring the Switch Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Page 191: Figure 3-84 Queue Scheduling
Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weight, then click Apply. CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 1 3 5 7 9 11 13 15 Console(config)#exit Console#show queue bandwidth Information of Eth 1/1...
Page 192: Layer 3/4 Priority Settings
Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet or the number of the TCP port.
Page 193: Mapping Ip Precedence
Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
Page 194: Mapping Dscp Priority
Configuring the Switch CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings. Console(config)#map ip precedence Console(config)#interface ethernet 1/1...
Page 195: Figure 3-87 Ip Dscp Priority
Class of Service Value field, then click Apply. CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings.
Page 196: Mapping Ip Port Priority
Configuring the Switch Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110.
Page 197: Mapping Cos Values To Acls
CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS value 0, and then displays the IP Port Priority settings. Console(config)#map ip port Console(config)#interface ethernet 1/1 Console(config-if)#map ip port 80 cos 0...
Page 198: Changing Priorities Based On Acl Rules
You can change traffic priorities for frames matching the defined ACL rule. (This feature is commonly referred to as ACL packet marking.) This switch can change the IEEE 802.1p priority, IP Precedence, or DSCP Priority of IP frames; or change the IEEE 802.1p priority of Layer 2 frames.
Page 199: Figure 3-91 Acl Marker
Command Attributes • Port – Port identifier. • Name – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Precedence value. (Range: 0-7) • DSCP – Differentiated Services Code Point value. (Range: 0-63) •...
Page 200: Multicast Filtering
A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these devices is elected “querier”...
Page 201: Layer 2 Igmp (Snooping And Query)
Note that IGMP neither alters nor routes IP multicast packets. A multicast routing protocol must be used to deliver IP multicast packets across different subnetworks. Therefore, when DVMRP or PIM routing is enabled for a subnet on this switch, you also need to enable IGMP.
Page 202: Configuring Igmp Snooping And Query Parameters
(Default: Disabled) • IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Range: 2-10, Default: 2) • IGMP Query Interval — Sets the frequency at which the switch sends IGMP host-query messages.
Page 203: Figure 3-92 Igmp Configuration
Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) CLI – This example modifies the settings for multicast filtering, and then displays the current status. Console(config)#ip igmp snooping Console(config)#ip igmp snooping querier Console(config)#ip igmp snooping query-count 10 Console(config)#ip igmp snooping query-interval 100...
Page 204: Displaying Interfaces Attached To A Multicast Router
Configuring the Switch Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.
Page 205: Specifying Static Interfaces For A Multicast Router
IGMP querier. Therefore, if the IGMP querier is a known multicast router/ switch connected over the network to an interface (port or trunk) on your switch, you can manually configure the interface (and a specified VLAN) to join all the current multicast groups supported by the attached router.
Page 206: Displaying Port Members Of Multicast Services
VLAN to propagate a specific multicast service. Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service.
Page 207: Assigning Ports To Multicast Services
Parameters” on page 3-154. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
Page 208: Layer 3 Igmp (Query Used With Multicast Routing)
(Note that IGMP Snooping can only be globally enabled.) IGMP Query – Multicast query is used to poll each known multicast group for active members, and dynamically configure the switch ports which need to forward multicast traffic. Although the implementation differs slightly, IGMP Query is used in conjunction with both Layer 2 IGMP Snooping and multicast routing.
Page 209 IGMP version 1 or 2. - The switch must be set to version 2 to enable the Max Query Response Time. • Querier – Device currently serving as the IGMP querier for this multicast service.
Page 210: Figure 3-97 Igmp Interface Settings
Configuring the Switch Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parameters for each interface, then click Apply. CLI – This example configures the IGMP parameters for VLAN 1.
Page 211: Displaying Multicast Group Information
• Expire – The time remaining before this entry will be aged out. (Default: 260 seconds) • V1 Timer – The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface.
Page 212: Configuring Domain Name Service
• If there is no domain list, the default domain name is used. If there is a domain list, the default domain name is not used. • When an incomplete host name is received by the DNS server on this switch and a domain name list has been specified, the switch will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.
Page 213: Figure 3-99 Dns General Configuration
Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name servers to use to use for address resolution, enable domain lookup status, and click Apply. Figure 3-99 DNS General Configuration CLI - This example sets a default domain name and a domain list.
Page 214: Configuring Static Dns Host To Address Entries
Configuring the Switch Configuring Static DNS Host to Address Entries You can manually configure static entries in the DNS table that are used to map domain names to IP addresses. Command Usage • Static entries may be used for local devices connected directly to the attached network, or for commonly used resources located elsewhere on the network.
Page 215: Figure 3-100 Dns Static Host Table
Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses. Console(config)#ip host rd5 192.168.1.55 10.1.0.55 Console(config)#ip host rd6 10.1.0.55 Console#show host...
Page 216: Displaying The Dns Cache
Configuring the Switch Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore unreliable.
Page 217: Dynamic Host Configuration Protocol
DHCP server on another subnet, or configure the DHCP server on this switch to support that subnet. When configuring the DHCP server on this switch, you can configure an address pool for each unique IP interface, or manually assign a static IP address to clients based on their hardware address or client identifier.
Page 218: Figure 3-102 Dhcp Relay Configuration
• VLAN ID – ID of configured VLAN. • VLAN Name – Name of the VLAN. • Server IP Address – Addresses of DHCP servers to be used by the switch’s DHCP relay agent in order of preference. Web – Click DHCP, Relay Configuration. Enter up to five IP addresses for any VLAN, then click Restart DHCP Relay to start the relay service.
Page 219: Configuring The Dhcp Server
Addresses can be assigned to clients from a common address pool configured for a specific IP interface on this switch, or fixed addresses can be assigned to hosts based on the client identifier code or MAC address.
Page 220: Figure 3-103 Dhcp Server General Configuration
Configuring the Switch Web – Click DHCP, Server, General. Enter a single address or an address range, and click Add. Figure 3-103 DHCP Server General Configuration CLI – This example enables the DHCP and sets an excluded address range. Console(config)#service dhcp Console(config)#ip dhcp excluded-address 10.1.0.250 10.1.0.254...
Page 221: Configuring Address Pools
8 network address pools, and up to 32 manually bound host address pools (i.e., one address per host pool). • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server).
Page 222: Figure 3-104 Dhcp Server Pool Configuration
DHCP client to map host names to IP addresses. • Netbios Server – IP address of the primary and alternate NetBIOS Windows Internet Naming Service (WINS) name server used for Microsoft DHCP clients. • Netbios Type – NetBIOS node type for Microsoft DHCP clients.
Page 223: Figure 3-105 Dhcp Server Pool - Network Configuration
Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as gateway server and DNS server.
Page 224: Figure 3-106 Dhcp Server Pool - Host Configuration
Configuring the Switch Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server.
Page 225: Displaying Address Bindings
• Delete – Clears this binding to the host. This command is normally used after modifying the address pool, or after moving DHCP service to another device. • Entry Count – Number of hosts that have been given addresses by the switch. Note: More than one DHCP server may respond to a service request by a host.
Page 226: Configuring Router Redundancy
This switch supports both the Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router Protocol (HSRP). These protocols are very similar. The primary difference is that VRRP requires you to specify the interface of one of the routers participating in the virtual group as the address for the master virtual router, while HSRP requires you to configure an arbitrary address for the virtual master router.
Page 227: Virtual Router Redundancy Protocol
• Several virtual master routers configured for mutual backup and load sharing. Load sharing can be accomplished by assigning a subset of addresses to different host address pools using the DHCP server. (See “Configuring Address Pools” on page 3-173.) Router 1 VRID 23 (Master) IP(R1) = 192.168.1.3 IP(VR23) = 192.168.1.3...
Page 228 Configuring the Switch • VRRP creates a virtual MAC address for the master router based on a standard prefix, with the last octet equal to the group ID. When a backup router takes over as the master, it continues to forward traffic addressed to this virtual MAC address.
Page 229 • Associated IP – IP address of the virtual router, or secondary IP addresses assigned to the current VLAN interface that are supported by this VRRP group. If this address matches a real interface on this switch, then this interface will become the virtual master router for this VRRP group.
Page 230: Figure 3-108 Vrrp Group Configuration
Configuring the Switch Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add. Figure 3-108 VRRP Group Configuration 3-182...
Page 231: Figure 3-109 Vrrp Group Configuration Detail
Configuring Router Redundancy Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real interface on this router to make it the master virtual router for the group. Otherwise, enter the virtual address for an existing group to make it a backup router.
Page 232: Displaying Vrrp Global Statistics
Configuring the Switch CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface address for the selected VLAN to the virtual IP address. It then adds a secondary IP address to the VRRP group, sets all of the other VRRP parameters, and then displays the configured settings.
Page 233: Displaying Vrrp Group Statistics
CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch. Console#show vrrp router counters VRRP Packets with Invalid Checksum : 0 VRRP Packets with Unknown Error VRRP Packets with Invalid VRID Console#...
Page 234: Hot Standby Router Protocol
Configuring the Switch Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group. CLI – This example displays VRRP protocol statistics for group 1, VLAN 1. Console#show vrrp 1 interface vlan 1 counters Total Number of Times Transitioned to MASTER...
Page 235 Command Usage Address Assignment – • The designated virtual IP address must be configured on at least one router in the virtual router group. If an IP address is not specified, the designated address is learned through the exchange of HSRP messages. Note that the designated address cannot be the same as a physical address.
Page 236 Configuring the Switch stops sending hello messages or sends other messages indicating that it is no longer acting as the designated router. • You can add a delay to the preempt function to give additional time to receive an advertisement message from the current master before taking control. If the router...
Page 237 • Authentication String – Key used to authenticate HSRP packets received from other routers. (Range: 1-8 alphanumeric characters) - All routers in the same HSRP group must be configured with the same authentication string. When a HSRP packet is received from another router in the group, its authentication string is compared to the string configured on this router.
Page 238: Figure 3-112 Hsrp Group Configuration
Configuring the Switch Web – Click IP, HSRP, Group Configuration. Select the VLAN ID, enter the HSRP group number, and click Add. Figure 3-112 HSRP Group Configuration 3-190...
Page 239: Figure 3-113 Hsrp Group Configuration Detail
Configuring Router Redundancy Click the Edit button for a group entry to open the detailed configuration window. Set the values for the advertisement interval, preemption, priority, and authentication as required. Enter the virtual IP address for the group. You can also enter secondary IP addresses that will be supported by the group.
Page 240 Configuring the Switch CLI – This example creates HSRP group 1, sets the virtual router’s address, adds a secondary IP address to the group, specifies an interface for tracking, sets all the other HSRP parameters, and then displays the configured settings.
Page 241: Ip Routing
This switch supports IP routing and routing path management via static routing definitions (page 3-211) and dynamic routing such as RIP (page 3-213) or OSPF (page 3-223). When IP routing is enabled (page 3-214), this switch acts as a wire-speed router, passing traffic between VLANs using different IP interfaces, and routing traffic to external IP networks.
Page 242: Ip Switching
However, if the packet belongs to a subnet not included on this switch, then the packet should be sent to a router (with the MAC address of the router itself used as the destination MAC address, and the destination IP address of the destination node).
Page 243: Routing Path Management
Non-IP Protocol Routing The switch supports IP routing only. Non-IP protocols such as IPX and Appletalk cannot be routed by this switch, and will be confined within their local VLAN group unless bridged by an external router. To coexist with a network built on multilayer switches, the subnetworks for non-IP protocols must follow the same logical boundary as that of the IP subnetworks.
Page 244: Basic Ip Interface Configuration
IP subnet address for at least one VLAN. Command Attributes • IP Routing Status – Configures the switch to operate as a Layer 2 switch or as a multilayer routing switch. (Options: Disable this field to restrict operation to Layer 2 switching;...
Page 245: Configuring Ip Routing Interfaces
Configuring IP Routing Interfaces You can specify the IP subnets connected to this router by manually assigning an IP address to each VLAN, or by using the RIP or OSPF dynamic routing protocol to identify routes that lead to other interfaces by exchanging protocol messages with other routers on the network.
Page 246: Figure 3-115 Ip Routing Interface
Configuring the Switch Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First specify a primary address, and click Set IP Configuration. If you need to assign secondary addresses, enter these addresses one at a time, and click Set IP Configuration after entering each address.
Page 247: Address Resolution Protocol
Address Resolution Protocol If IP routing is enabled (page 3-196), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next. ARP is used to map an IP address to a physical layer (i.e., MAC) address.
Page 248: Basic Arp Configuration
Configuring the Switch Basic ARP Configuration You can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to enable Proxy ARP for specific VLAN interfaces. Command Usage • The aging time determines how long dynamic entries remain the cache. If the timeout is too short, the router may tie up resources by repeating ARP requests for addresses recently flushed from the table.
Page 249: Configuring Static Arp Addresses
Configuring Static ARP Addresses For devices that do not respond to ARP requests, traffic will be dropped because the IP address cannot be mapped to a physical address. If this occurs, you can manually map an IP address to the corresponding physical address in the ARP. Command Usage •...
Page 250: Displaying Dynamically Learned Arp Entries
Configuring the Switch Displaying Dynamically Learned ARP Entries The ARP cache contains entries that map IP addresses to the corresponding physical address. Most of these entries will be dynamically learned through replies to broadcast messages. You can display all of the dynamic entries in the ARP cache, change specific dynamic entries into static entries, or clear all dynamic entries from the cache.
Page 251: Displaying Local Arp Entries
CLI - This example shows all entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address MAC Address --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff 10.1.0.11 00-11-22-33-44-55 10.1.0.12 01-02-03-04-05-06 10.1.0.19 00-10-b5-62-03-74 10.1.0.253 00-00-ab-cd-00-00 10.1.0.255 ff-ff-ff-ff-ff-ff Total entry : 6 Console#clear arp-cache This operation will delete all the dynamic entries in ARP Cache.
Page 252: Displaying Arp Statistics
Configuring the Switch CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address MAC Address --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff 10.1.0.11 00-11-22-33-44-55 10.1.0.12 01-02-03-04-05-06...
Page 253: Displaying Statistics For Ip Protocols
CLI - This example provides detailed statistics on common IP-related protocols. Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent: 9 generated 0 no route...
Page 254 Configuring the Switch Parameter Datagrams Forwarded Reassembly Required Reassembly Failures Datagrams Failing Fragmentation Received Header Errors Unknown Protocols Received Received Packets Delivered Discarded Output Packets Fragments Created Routing Discards Reassembly Successful Datagrams Successfully Fragmented 3-206 Table 3-18 IP Statistics (Continued)
Page 255: Icmp Statistics
Web - Click IP, Statistics, IP. CLI - See the example on page 3-204. ICMP Statistics Internet Control Message Protocol (ICMP) is a network layer protocol that transmits message packets to report errors in processing IP packets. ICMP is therefore an integral part of the Internet Protocol.
Page 256: Figure 3-122 Icmp Statistics
Configuring the Switch Parameter Timestamps Timestamp Replies Address Masks Address Mask Replies Web - Click IP, Statistics, ICMP. CLI - See the example on page 3-204. 3-208 Table 3-19 ICMP Statistics (Continued) Description The number of ICMP Timestamp (request) messages received/sent.
Page 257: Udp Statistics
UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary.
Page 258: Tcp Statistics
Configuring the Switch TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols. Parameter Segments Received Segments Sent Active Opens...
Page 259: Configuring Static Routes
Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF). However, you can also manually enter static routes in the routing table. Static routes may be required to access network segments where dynamic routing is not supported, or can be set to force the use of a specific route to a subnet, rather than using dynamic routing.
Page 260: Displaying The Routing Table
Configuring the Switch Displaying the Routing Table You can display all the routes that can be accessed via the local network interfaces, via static routes, or via a dynamically learned route. If route information is available through more than one of these methods, the priority for route selection is local, static, and then dynamic.
Page 261: Configuring The Routing Information Protocol
CLI - This example shows routes obtained from various methods. Console#show ip route Ip Address Netmask --------------- --------------- --------------- -------- ------ --------- 0.0.0.0 10.1.0.0 255.255.255.0 10.1.1.0 255.255.255.0 Total entries: 3 Console# Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing.
Page 262: Configuring General Protocol Settings
Configuring the Switch routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks. Moreover, RIP (version 1) wastes valuable network bandwidth by propagating routing information via broadcasts; it also considers too few network variables to make the best routing decision.
Page 263: Figure 3-127 Rip General Settings
Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset interfaces to RIPv1 or RIPv2, set the basic update timer, and then click Apply. CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds.
Page 264: Specifying Network Interfaces For Rip
Configuring the Switch Specifying Network Interfaces for RIP You must specify network interfaces that will be included in the RIP routing process. Command Usage • RIP only sends updates to interfaces specified by this command. • Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address.
Page 265: Configuring Network Interfaces For Rip
Configuring Network Interfaces for RIP For each interface that participates in the RIP routing process, you must specify the protocol message type accepted (i.e., RIP version) and the message type sent (i.e., RIP version or compatibility mode), the method for preventing loopback of protocol messages, and whether or not authentication is used (i.e., authentication only applies if RIPv2 messages are being sent or received).
Page 266 Configuring the Switch Protocol Message Authentication RIPv1 is not a secure protocol. Any device sending protocol messages from UDP port 520 will be considered a router by its neighbors. Malicious or unwanted protocol messages can be easily propagated throughout the network if no authentication is required.
Page 267: Figure 3-129 Rip Interface Settings
• Authentication Key – Specifies the key to use for authenticating RIPv2 packets. For authentication to function properly, both the sending and receiving interface must use the same password. (Range: 1-16 characters, case sensitive) Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method used to provide faster convergence and prevent loopback (i.e., prevent instability in the network topology), and the authentication option and corresponding password.
Page 268: Displaying Rip Information And Statistics
Configuring the Switch Displaying RIP Information and Statistics You can display basic information about the current global configuration settings for RIP, statistics about route changes and queries, information about the interfaces on this router that are using RIP, and information about known RIP peer devices.
Page 269: Figure 3-130 Rip Statistics
IP Routing Web - Click Routing Protocol, RIP, Statistics. Figure 3-130 RIP Statistics 3-221...
Page 270 Configuring the Switch CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the following commands. Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4...
Page 271: Configuring The Open Shortest Path First Protocol
Configuring the Open Shortest Path First Protocol Open Shortest Path First (OSPF) is more suited for large area networks which experience frequent changes in the links. It also handles subnets much better than RIP. OSPF protocol actively tests the status of each link to its neighbors to generate a shortest path tree, and builds a routing table based on this information.
Page 272: Configuring General Protocol Settings
Configuring the Switch • OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of a point-to-multipoint interface which allows OSPF to run over non-broadcast networks, as well as support for overlapping area ranges.
Page 273 • AS Boundary Router this router to exchange routing information with boundary routers in other autonomous systems to which it may be attached. If a router is enabled as an ASBR, then every other router in the autonomous system can learn about external routes from this device.
Page 274: Figure 3-131 Ospf General Configuration
Configuring the Switch Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. Figure 3-131 OSPF General Configuration CLI - This example configures the router with the same settings as shown in the screen capture for the web interface.
Page 275: Configuring Ospf Areas
Configuring OSPF Areas An autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default, all other areas are created as normal transit areas. Routers in a normal area may import or export routing information about individual nodes.
Page 276 Configuring the Switch backbone default external route for local AS • Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF, the default route, static routes, routes derived from other routing protocols such as RIP, or directly connected networks that are not running OSPF.
Page 277: Figure 3-132 Ospf Area Configuration
Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. Figure 3-132 OSPF Area Configuration CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub, and area 0.0.0.3 as an NSSA.
Page 278: Configuring Area Ranges (Route Summarization For Abrs)
Configuring the Switch Console# show ip ospf Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB)
Page 279: Figure 3-133 Ospf Range Configuration
Web - Click Routing Protocol, OSPF, Area Range Configuration. Specify the area identifier, the base address and network mask, select whether or not to advertise the summary route to other areas, and then click Apply. Figure 3-133 OSPF Range Configuration CLI - This example summarizes all the routes for area 1.
Page 280: Configuring Ospf Interfaces
Configuring the Switch Configuring OSPF Interfaces You should specify a routing interface for any local subnet that needs to communicate with other network segments located on this router or elsewhere in the network. First configure a VLAN for each subnet that will be directly connected to this router, assign IP interfaces to each VLAN (i.e., one primary interface and one or...
Page 281 - On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can use the transmit delay to force the router to wait a specified interval between transmissions. • Retransmit Interval – Sets the time between resending link-state advertisements. (Range: 1-65535 seconds;...
Page 282: Figure 3-134 Ospf Interface Configuration
Configuring the Switch - You can assign a unique password to each network (i.e., autonomous system) to improve the security of the routing database. However, the password must be used consistently on all neighboring routers throughout a network. • Message Digest Key-id – Assigns a key-id used in conjunction with the authentication key to verify the authenticity of routing protocol messages sent to neighboring routers.
Page 283: Figure 3-135 Ospf Interface Configuration - Detailed
Change any of the interface-specific protocol parameters, and then click Apply. Figure 3-135 OSPF Interface Configuration - Detailed CLI - This example configures the interface parameters for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 5 Console(config-if)#ip ospf transmit-delay 6 Console(config-if)#ip ospf retransmit-interval 7 Console(config-if)#ip ospf hello-interval 5 Console(config-if)#ip ospf dead-interval 50...
Page 284: Configuring Virtual Links
Configuring the Switch Configuring Virtual Links All OSPF areas must connect to the backbone. If an area does not have a direct physical connection to the backbone, you can configure a virtual link that provides a logical path to the backbone. To connect an...
Page 285: Figure 3-136 Ospf Virtual Link Configuration
Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set.
Page 286: Configuring Network Area Addresses
Configuring the Switch Configuring Network Area Addresses OSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricted by area to limit their impact on network performance. A large network should be split up into separate OSPF areas to increase network stability, and to reduce protocol traffic by summarizing routing information into more compact messages.
Page 287: Figure 3-137 Ospf Network Area Address Configuration
IP Routing Web - Click Routing Protocol, OSPF, Network Area Address Configuration. Configure a backbone area that is contiguous with all the other areas in your network, configure an area for all of the other OSPF interfaces, then click Apply. Figure 3-137 OSPF Network Area Address Configuration 3-239...
Page 288 Configuring the Switch CLI - This example configures the backbone area and one transit area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE)
Page 289: Configuring Summary Addresses (For External As Routes)
Configuring Summary Addresses (for External AS Routes) An Autonomous System Boundary Router (ASBR) can redistribute routes learned from other protocols into all attached autonomous systems. (See “Redistributing External Routes” on page 3-242) To reduce the amount of external LSAs imported into your local routing domain, you can configure the router to advertise an aggregate route that consolidates a broad range of external addresses.
Page 290: Redistributing External Routes
Configuring the Switch CLI - This example This example creates a summary address for all routes contained in 192.168.x.x. Console(config-router)#summary-address 192.168.0.0 255.255.0.0 Console(config-router)# Redistributing External Routes You can configure this router to import external routing information from other routing protocols into the autonomous system.
Page 291: Configuring Nssa Settings
Web - Click Routing Protocol, OSPF, Redistribute. Specify the protocol type to import, the metric type and path cost, then click Add. Figure 3-139 OSPF Redistribute Configuration CLI - This example redistributes routes learned from RIP as Type 1 external routes. Console(config-router)#redistribute rip metric-type 1 Console(config-router)# Configuring NSSA Settings...
Page 292: Figure 3-140 Ospf Nssa Settings
Configuring the Switch Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. Web - Click Routing Protocol, OSPF, NSSA Settings. Create a new NSSA or modify the routing behavior for an existing NSSA, and click Apply.
Page 293: Displaying Link State Database Information
Displaying Link State Database Information OSPF routers advertise routes using Link State Advertisements (LSAs). The full collection of LSAs collected by a router interface from the attached area is known as a link state database. Routers that are connected to multiple interfaces will have a separate database for each area.
Page 294: Figure 3-141 Ospf Link State Database Information
Configuring the Switch Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, then click Query. Figure 3-141 OSPF Link State Database Information CLI - The CLI provides a wider selection of display options for viewing the Link State Database.
Page 295: Displaying Information On Border Routers
Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR) known by this device. Field Attributes • Destination – Identifier for the destination router. • Next Hop – IP address of the next hop toward the destination. •...
Page 296: Displaying Information On Neighbor Routers
Configuring the Switch Displaying Information on Neighbor Routers You can display about neighboring routers on each interface within an OSPF area. Field Attributes • ID – Neighbor’s router ID. • Priority – Neighbor’s router priority. • State – OSPF state and identification flag.
Page 297: Multicast Routing
LAN environment. If DVMRP and PIM-DM are not enabled on this router or another multicast routing protocol is used on your network, you can manually configure the switch ports attached to a multicast router (page 3-157).
Page 298: Displaying The Multicast Routing Table
Configuring the Switch Displaying the Multicast Routing Table You can display information on each multicast route this router has learned via DVMRP or PIM. The router learns multicast routes from neighboring routers, and also advertises these routes to its neighbors. The router stores entries for all paths learned by itself or from other routers, without considering actual group membership or prune messages.
Page 299: Figure 3-145 Multicast Routing Table
Multicast Routing Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry. Figure 3-145 Multicast Routing Table 3-251...
Page 300 Configuring the Switch CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast source routed by DVMRP, and another source routed via PIM. Console#show ip mroute IP Multicast Forwarding is enabled.
Page 301: Configuring Global Dvmrp Settings
Multicast Routing Configuring DVMRP The Distance-Vector Multicast Routing Protocol (DVMRP) behaves somewhat similarly to RIP. A router supporting DVMRP periodically floods its attached networks to pass information about supported multicast services along to new routers and hosts. Routers that receive a DVMRP packet send a copy out to all paths (except the path back to the origin).
Page 302 Configuring the Switch Command Usage Broadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping is disabled, multicast traffic is flooded to all ports on the router. However, if IGMP snooping is enabled, then the first packet for any source group pair is flooded to all DVMRP downstream neighbors.
Page 303 which this device has received probes, and is used to verify whether or not these neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 10 seconds) • Neighbor Timeout Interval – Sets the interval to wait for messages from a DVMRP neighbor before declaring it dead.
Page 304: Configuring Dvmrp Interface Settings
Configuring the Switch Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control neighbor timeout, the exchange of routing information, or the prune lifetime, and click Apply. Figure 3-146 DVMRP General Settings CLI –...
Page 305: Figure 3-147 Dvmrp Interface Settings
DVMRP Interface Settings • VLAN – Selects a VLAN interface on this router. • Metric – Sets the metric for this interface used to calculate distance vectors. • Status – Enables or disables DVMRP. - If DVMRP is enabled on any interface, Layer 3 IGMP should also be enabled on the router (page 3-159).
Page 306: Displaying Neighbor Information
Configuring the Switch Displaying Neighbor Information You can display all the neighboring DVMRP routers. Command Attributes • Neighbor Address – The IP address of the network device immediately upstream for this multicast delivery tree. • Interface – The IP interface on this router that connects to the upstream neighbor.
Page 307: Displaying The Routing Table
Displaying the Routing Table The router learns source-routed information from neighboring DVMRP routers and also advertises learned routes to its neighbors. The router merely records path information it has learned on its own or from other routers. It does not consider group membership or prune messages.
Page 308: Configuring Pim-Dm
Configuring the Switch CLI – This example displays known DVMRP routes. onsole#show ip dvmrp route Source Mask --------------- --------------- --------------- --------- ------ ------ ------ 10.1.0.0 255.255.255.0 10.1.1.0 255.255.255.0 10.1.8.0 255.255.255.0 Console# Configuring PIM-DM Protocol-Independent Multicasting (PIM) provides two different modes of operation: sparse mode and dense mode.
Page 309: Configuring Pim-Dm Interface Settings
Web – Click Routing Protocol, PIM-DM, General Settings. Enable or disable PIM-DM globally for the router, and click Apply. Figure 3-150 PIM-DM General Settings CLI – This example enables PIM-DM globally and displays the current status. Console(config)#router pim Console#show router pim Admin Status: Enabled Console# Configuring PIM-DM Interface Settings...
Page 310 Configuring the Switch • Trigger Hello Interval – Configures the maximum time before transmitting a triggered PIM hello message after the router is rebooted or PIM is enabled on an interface. (Range: 1-65535 seconds; Default: 5) - When a router first starts or PIM is enabled on an interface, the hello-interval is set to random value between 0 and the Trigger Hello Interval.
Page 311: Figure 3-151 Pim-Dm Interface Settings
Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interface, modify any of the protocol parameters as required, and click Apply. Figure 3-151 PIM-DM Interface Settings CLI – This example sets the PIM-DM protocol parameters for VLAN 2, and displays the current settings.
Page 312: Displaying Interface Information
Configuring the Switch Displaying Interface Information You can display a summary of the current interface status for PIM-DM, including the number of neighboring PIM routers, and the address of the designated PIM router. Command Attributes • Interface – A VLAN interface on this router.
Page 313: Figure 3-153 Pim-Dm Neighbor Information
Web – Click Routing Protocol, PIM-DM, Neighbor Information. Figure 3-153 PIM-DM Neighbor Information CLI – This example displays the only neighboring PIM-DM router. Console#show ip pim neighbor Address VLAN Interface --------------- ---------------- -------- -------- ------- 10.1.0.253 Console# Uptime Expire Mode Dense Multicast Routing 4-310...
Page 314 Configuring the Switch 3-266...
Page 315: Chapter 4: Command Line Interface
Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system.
Page 316 Command Line Interface To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0...
Page 317: Entering Commands
Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Page 318: Table
Display HSRP information startup-config The system configuration of starting up system Information of system tacacs-server Login by TACACS server users Display information about terminal lines version System hardware and software status vlan Switch VLAN Virtual Interface vrrp Show vrrp Console#show...
Page 319: Partial Keyword Lookup
The command “show interfaces ?” will display the following information: Console#show interfaces ? counters Information of interfaces counters protocol-vlan Protocol-vlan information status Information of interfaces status switchport Information of interfaces switchport Console# Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided.
Page 320: Understanding Command Modes
You must be in Global Configuration mode to access any of the other configuration modes. Exec Commands When you open a new console session on the switch with the user name and password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>”...
Page 321: Configuration Commands
Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the copy running-config startup-config command.
Page 322: Table 4-2 Configuration Command Modes
Command Line Interface To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. Table 4-2 Configuration Command Modes Mode Command Line line {console | vty} Access access-list ip standard Control List...
Page 323: Command Line Processing
Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?”...
Page 324: Command Groups
Multicast Filtering Configures IGMP multicast filtering, query parameters, and specifies ports attached to a multicast router IP Interface Configures IP address for the switch interfaces; also configures ARP parameters and static entries IP Routing Configures static and dynamic unicast routing...
Page 325: Line Commands
Table 4-4 Command Group Index (Continued) Command Group Description Multicast Routing Configures multicast routing protocols DVMRP and PIM-DM Router Redundancy Configures router redundancy to create primary and backup routers The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) PE (Privileged Exec) GC (Global Configuration)
Page 326: Line
Command Line Interface line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line.
Page 327: Password
Command Usage • There are three authentication modes provided by the switch itself at login: - login selects authentication by a single global password as specified by the password line configuration command. When using this method, the management interface starts in Normal Exec (NE) mode.
Page 328: Timeout Login Response
Command Line Interface number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state. • The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server.
Page 329: Exec-Timeout
exec-timeout This command sets the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout [seconds] no exec-timeout seconds - Integer that specifies the number of seconds. (Range: 0 - 65535 seconds; 0: no timeout) Default Setting CLI: No timeout Telnet: 10 minutes...
Page 330: Silent-Time
Command Line Interface Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down.
Page 331: Databits
databits This command sets the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character. •...
Page 332: Speed
Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported. If you select the “auto” option, the switch will automatically detect the baud rate configured on the attached terminal, and adjust the speed accordingly.
Page 333: Disconnect
Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# disconnect This command terminates an SSH, Telnet, or console connection. Syntax disconnect session-id session-id – The session identifier for an SSH, Telnet or console connection.
Page 334: General Commands
Command Line Interface Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535 General Commands...
Page 335: Enable
This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes” on page 4-6.
Page 336: Configure
This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration.
Page 337: Reload
Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue <y/n>? y General Commands 4-23...
Page 338: End
Command Line Interface This command returns to Privileged Exec mode. Default Setting None Command Mode Global Configuration, Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration. Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console#...
Page 339: System Management Commands
Table 4-7 System Management Commands Command Group Function Device Designation Configures information that uniquely identifies this switch User Access Configures the basic user names and passwords for management access IP Filter Configures IP addresses that are allowed management access...
Page 340: Prompt
Command Line Interface prompt This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters) Default Setting Console Command Mode Global Configuration...
Page 341: User Access Commands
User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-11), user authentication via a remote authentication server (page 4-70), and host access authentication for specific ports (page 4-79).
Page 342: Enable Password
Command Line Interface Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example This example shows how the set the access level and password for a user.
Page 343: Ip Filter Commands
Global Configuration Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the switch will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.
Page 344: Show Management
Console# show management This command displays the client IP addresses that are allowed management access to the switch through various protocols. Syntax show management {all-client | http-client | snmp-client | telnet-client} • all-client - Adds IP address(es) to the SNMP, web and Telnet groups.
Page 345: Ip Http Port
Specifies the port to be used by the web browser interface ip http server Allows the switch to be monitored or configured from a browser GC ip http secure-server Enables HTTPS/SSL for encrypted communications ip http secure-port...
Page 346: Ip Http Secure-Server
This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the no form to disable this function. Syntax [no] ip http secure-server...
Page 347: Ip Http Secure-Port
(4-64) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’s web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port port_number –...
Page 348: Telnet Server Commands
Specifies the port to be used by the Telnet interface ip telnet server Allows the switch to be monitored or configured from Telnet ip telnet port This command specifies the TCP port number used by the Telnet interface. Use the no form to use the default port.
Page 349: Secure Shell Commands
Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 350 Configure Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key...
Page 351: Ip Ssh Server
The client sends its public key to the switch. The switch compares the client's public key to those stored in memory. If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client.
Page 352: Ip Ssh Timeout
Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase. Once an SSH session has been established, the timeout for user input is controlled by the exec-timeout command for vty sessions.
Page 353: Ip Ssh Server-Key Size
Command Mode Global Configuration Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with the SSH client, and is fixed at 1024 bits. Example Console(config)#ip ssh server-key size 512...
Page 354: Ip Ssh Crypto Host-Key Generate
Command Line Interface Example Console#delete public-key admin dsa Console# ip ssh crypto host-key generate This command generates the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [dsa | rsa] • dsa – DSA (Version 2) key type. •...
Page 355: Ip Ssh Save Host-Key
Command Mode Privileged Exec Command Usage • This command clears the host key from volatile memory (RAM). Use the no ip ssh save host-key command to clear the host key from flash memory. • The SSH server must be disabled before you can execute this command. Example Console#ip ssh crypto zeroize dsa Console#...
Page 356: Show Ssh
Command Line Interface Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# show ssh This command displays the current SSH server connections. Command Mode Privileged Exec Example Console#show ssh Connection Version State Session-Started...
Page 357: Show Public-Key
show public-key This command shows the public key for the specified user or for the host. Syntax show public-key [user [username]| host] username – Name of an SSH user. (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage •...
Page 358: Event Logging Commands
Clears messages from the logging buffer show logging Displays the state of logging logging on This command controls logging of error messages, sending debug or error messages to switch memory. The no form disables the logging process. Syntax [no] logging on Default Setting None...
Page 359: Logging History
This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
Page 360: Logging Host
The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database.
Page 361: Table
logging trap This command enables the logging of system messages to a remote server, or limits the syslog messages saved to a remote server based on severity. Use this command without a specified level to enable remote logging. Use the no form to disable remote logging.
Page 362: Show Logging
Command Line Interface Related Commands show logging (4-48) show logging This command displays the logging configuration, along with any system and event messages stored in memory. Syntax show logging {flash | ram | sendmail | trap} • flash - Event history stored in flash memory (i.e., permanent memory). •...
Page 363: Smtp Alert Commands
The following example displays settings for the trap function. Console#show logging trap Syslog logging: Enable REMOTELOG status: disable REMOTELOG facility type: local use 7 REMOTELOG level type: Debugging messages REMOTELOG server IP address: 1.2.3.4 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 Console#...
Page 364: Logging Sendmail Host
If it fails to send mail, the switch selects the next server in the list and tries to send mail again. If it still fails, the system will repeat the process at a periodic interval.
Page 365: Logging Sendmail Source-Email
Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. Example This example will send email alerts for system errors from level 3 through 0.
Page 366: Logging Sendmail
Command Line Interface Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# logging sendmail This command enables SMTP event handling. Use the no form to disable this function.
Page 367: Time Commands
(NTP or SNTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. If the clock is not set, the switch will only record the time from the factory default set at the last bootup. Command...
Page 368: Sntp Server
Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode. The client will poll the time servers in the order specified until a response is received. It issues time synchronization requests based on the interval set via the sntp poll command.
Page 369: Sntp Poll
- Interval between time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode Global Configuration Command Usage This command is only applicable when the switch is set to SNTP client mode. Example Console(config)#sntp poll 60 Console# Related Commands sntp client (4-53)
Page 370: Clock Timezone
Current server: 137.92.140.80 Console# clock timezone This command sets the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} • name - Name of timezone, usually an acronym. (Range: 1-29 characters) •...
Page 371: Calendar Set
This command sets the system clock. It may be used if there is no time server on your network, or if you have not configured the switch to receive signals from a time server. Syntax calendar set hour min sec {day month year | month day year} •...
Page 372: System Status Commands
Command Line Interface System Status Commands Table 4-22 System Status Commands Command Function show startup-config Displays the contents of the configuration file (stored in flash memory) that is used to start up the system show running-config Displays the configuration data currently in use show system Displays system information show users...
Page 373: Show Running-Config
Example Console#show startup-config building startup-config, please wait... username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca snmp-server community public ro snmp-server community private rw! vlan database vlan 1 name DefaultVlan media ethernet state active interface vlan 1 ip address dhcp...
Page 374 Command Line Interface - VLAN database (VLAN ID, name and state) - VLAN configuration settings for each interface - Multiple spanning tree instances (name and interfaces) - IP address configured for VLANs - Routing protocol configuration settings - Spanning tree settings - Any configured settings for the console port and Telnet Example Console#show running-config...
Page 375: Show System
Jumbo Frame POST result DUMMY Test 1...PASS UART LOOP BACK Test...PASS DRAM Test...PASS Timer Test...PASS PCI Device 1 Test...PASS Switch Int Loopback test...PASS Done All Pass.Port 12 link-up notification. Console# System Management Commands : [NONE] : [NONE] : [NONE] : 00-30-f1-47-58-3a...
Page 376: Show Users
This command displays hardware and software version information for the system. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage See “Displaying Switch Hardware/Software Versions” on page 3-12 for detailed information on the items displayed by this command. 4-62 None None 0:14:14 0:00:00 192.168.1.19...
Page 377: Frame Size Commands
Command Mode Global Configuration Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
Page 378: Flash/File Commands
This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation.
Page 379 TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) • Due to the size limit of the flash memory, the switch supports only two operation code files.
Page 380 \Write to FLASH finish. Success. Console# This example shows how to copy a secure-site certificate from an TFTP server. It then reboots the switch to activate the certificate: Console#copy tftp https-certificate TFTP server ip address: 10.1.0.19 Source certificate file name: SS-certificate...
Page 381: Delete
The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file. • config - Switch configuration file. • opcode - Run-time operation code image file. • filename - Name of the file or image. If this file exists but contains errors, information on this file cannot be shown.
Page 382: Whichboot
Command Line Interface Command Usage • If you enter the command dir without any parameters, the system displays all files. • File information is shown below: Column Heading file name file type startup size Example The following example shows how to display all file information: Console#dir -------------------------------- -------------- ------- ----------- Factory_Default_Config.cfg...
Page 383: Boot System
boot system This command specifies the file or image used to start up the system. Syntax boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom - Boot ROM. •...
Page 384: Authentication Login
Command Line Interface Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x. Table 4-26 Authentication Commands...
Page 385: Authentication Enable
• RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server. • You can specify three authentication methods in a single command to indicate the authentication sequence.
Page 386: Radius-Server Host
RADIUS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch. Table 4-28 RADIUS Client Commands Command...
Page 387: Radius-Server Port
radius-server port This command sets the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812 Command Mode Global Configuration Example...
Page 388: Radius-Server Retransmit
This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode...
Page 389: Tacacs+ Client
TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch. Table 4-29 TACACS+ Client Commands Command...
Page 390: Tacacs-Server Port
Command Line Interface tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages. (Range: 1-65535) Default Setting Command Mode Global Configuration...
Page 391: Show Tacacs-Server
MAC address that is unknown or has been previously learned from another port. If a device with an unauthorized MAC address attempts to use the switch port, the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message.
Page 392: Port Security
Interface Configuration (Ethernet) Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted.
Page 393: 802.1X Port Authentication
(4-167) 802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).
Page 394: Authentication Dot1X Default
Console(config)#dot1x default Console(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session. Use the no form to restore the default.
Page 395: Dot1X Port-Control
Command Mode Global Configuration Example Console(config)#dot1x max-req 2 Console(config)# dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control •...
Page 396: Dot1X Operation-Mode
Command Line Interface dot1x operation-mode This command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to restore the default to single host. Use the no form with the multi-host max-count keywords to restore the default maximum count.
Page 397: Dot1X Re-Authentication
Console(config)#dot1x re-authentication Console(config)# dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default. Syntax...
Page 398: Dot1X Timeout Re-Authperiod
Console(config)#dot1x timeout re-authperiod 300 Console(config)# dot1x timeout tx-period This command sets the time that the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number of seconds.
Page 399: Show Dot1X
This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] • statistics - Displays dot1x status for each port. • interface • ethernet unit/port - unit - This is device 1.
Page 400 Command Line Interface • Backend State Machine - State - Request Count - Identifier(Server) – Identifier carried in the most recent EAP Success, • Reauthentication State Machine - State Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: quiet-period: tx-period: supp-timeout: server-timeout: 30 reauth-max:...
Page 401: Access Control List Commands
• The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
Page 402: Ip Acls
You must specify masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny the rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ACL.
Page 403: Access-List Ip
Table 4-33 IP ACL Commands (Continued) Command Function show map access-list ip Shows CoS value mapped to an access list for an interface PE match access-list ip Changes the 802.1p priority, IP Precedence, or DSCP Priority of a frame matching the defined rule (i.e., also called packet marking) show marking Displays the current configuration for packet marking...
Page 404: Permit, Deny (Standard Acl)
Command Line Interface permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source. Use the no form to remove a rule. Syntax [no] {permit | deny} {any | source bitmask | host source} •...
Page 405: Permit, Deny (Extended Acl)
permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule. Syntax [no] {permit | deny} [protocol-number | udp] {any | source address-bitmask | host source}...
Page 406 Command Line Interface Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match”...
Page 407: Show Ip Access-List
Related Commands access-list ip (4-89) show ip access-list This command displays the rules for configured IP ACLs. Syntax show ip access-list {standard | extended} [acl_name] • standard – Specifies a standard IP ACL. • extended – Specifies an extended IP ACL. •...
Page 408: Mask (Ip Acl)
Command Line Interface Command Usage • A mask can only be used by all ingress ACLs or all egress ACLs. • The precedence of the ACL rules applied to a packet is not determined by order of the rules, but instead by the order of the masks; i.e., the first mask that matches a rule will determine the rule that is applied to a packet.
Page 409 Command Mode IP Mask Command Usage • Packets crossing a port are checked against all the rules in the ACL until a match is found. The order in which these packets are checked is determined by the mask, and not the order in which the ACL rules were entered. •...
Page 410 Command Line Interface This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others. Console(config)#access-list ip standard A2 Console(config-std-acl)#permit any Console(config-std-acl)#deny host 171.69.198.102 Console(config-std-acl)#end Console#show access-list IP standard access-list A2: deny host 171.69.198.102 permit any...
Page 411: Show Access-List Ip Mask-Precedence
(i.e., the ACL is active), the order in which the rules are displayed is determined by the associated mask. Switch(config)#access-list ip extended 6 Switch(config-ext-acl)#permit any any Switch(config-ext-acl)#deny tcp any any control-flag 2 2 Switch(config-ext-acl)#end Console#show access-list IP extended access-list A6:...
Page 412: Ip Access-Group
• If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. • You must configure a mask for an ACL rule before you can bind it to a port.
Page 413: Map Access-List Ip
Related Commands ip access-group (4-98) map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to remove the CoS mapping. Syntax [no] map access-list ip acl_name cos cos-value •...
Page 414: Show Map Access-List Ip
Command Line Interface show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax show map access-list ip [interface] interface •...
Page 415: Show Marking
Note that the IP frame header can include either the IP Precedence or DSCP priority type. • The precedence for priority mapping by this switch is IP Precedence or DSCP Priority, and then 802.1p priority.
Page 416: Access-List Mac
Command Line Interface MAC ACLs Command Function access-list mac Creates a MAC ACL and enters configuration mode permit, deny Filters packets matching a specified source and destination address, packet format, and Ethernet type show mac access-list Displays the rules for configured MAC ACLs access-list mac Changes to the mode for configuring access control masks GC mask-precedence...
Page 417: Permit, Deny (Mac Acl)
Example Console(config)#access-list mac jerry Console(config-mac-acl)# Related Commands permit, deny 4-103 mac access-group (4-108) show mac access-list (4-104) permit, deny (MAC ACL) This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or destination address (i.e., physical layer address), or Ethernet protocol type.
Page 418: Show Mac Access-List
Command Line Interface • destination – Destination MAC address range with bitmask. • address-bitmask • vid – VLAN ID. (Range: 1-4095) • vid-bitmask – VLAN bitmask. (Range: 1-4095) • protocol – A specific Ethernet protocol number. (Range: 600-fff hex.) • protocol-bitmask Default Setting None Command Mode...
Page 419: Access-List Mac Mask-Precedence
Example Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands permit, deny 4-103 mac access-group (4-108) access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no form to delete the mask table. Syntax [no] access-list ip mask-precedence {in | out} •...
Page 420 Command Line Interface mask (MAC ACL) This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use the no form to remove a mask. Syntax [no] mask [pktformat] {any | host | source-bitmask} {any | host | destination-bitmask} [vid [vid-bitmask]] [ethertype [ethertype-bitmask]] •...
Page 421 Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3 Console(config-mac-acl)#end Console#show access-list...
Page 422: Show Access-List Mac Mask-Precedence
• If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. • You must configure a mask for an ACL rule before you can bind it to a port.
Page 423: Show Mac Access-Group
Related Commands show mac access-list (4-104) show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Console#show mac access-group Interface ethernet 1/5 MAC access-list M5 out Console# Related Commands mac access-group (4-108) map access-list mac This command sets the output queue for packets matching an ACL rule.
Page 424: Show Map Access-List Mac
Command Line Interface Example Console(config)#int eth 1/5 Console(config-if)#map access-list mac M5 cos 0 Console(config-if)# Related Commands queue cos-map (4-210) show map access-list mac (4-110) show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface.
Page 425: Match Access-List Mac
match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined ACL rule. (This feature is commonly referred to as ACL packet marking.) Use the no form to remove the ACL marker. Syntax match access-list mac acl_name set priority priority no match access-list mac acl_name •...
Page 426: Acl Information
Command Line Interface ACL Information Table 4-37 ACL Information Commands Command Function show access-list Show all ACLs and associated rules show access-group Shows the ACLs assigned to each port show access-list This command shows all ACLs and associated rules, as well as all the user-defined masks.
Page 427: Snmp Commands
SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption; as well as controlling user access to specific areas of the MIB tree.
Page 428: Show Snmp
Command Line Interface Command Mode Global Configuration Example Console(config)#snmp-server Console(config)# show snmp This command can be used to check the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
Page 429: Snmp-Server Community
snmp-server community This command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified community string. Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol.
Page 430: Snmp-Server Location
Command Line Interface Related Commands snmp-server location (4-116) snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location. (Maximum length: 255 characters) Default Setting None...
Page 431: Snmp-Server Host
• Some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. • The switch can send SNMP Version 1, 2c or 3 notifications to a host IP address, depending on the SNMP version that the management station...
Page 432: Snmp-Server Enable Traps
Otherwise, the authentication password and/or privacy password will not exist, and the switch will not authorize SNMP access for the host. However, if you specify a V3 host with the “noauth” option, an SNMP user account will be generated, and the switch will authorize SNMP access for the host.
Page 433: Snmp-Server Engine-Id
“1234” is equivalent to “1234” followed by 22 zeroes. • A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared.
Page 434: Snmp-Server View
Command Line Interface Table 4-39 show snmp engine-id - display description Field Description Local SNMP engineID String identifying the engine ID. Local SNMP engineBoots The number of times that the engine has (re-)initialized since the snmp EngineID was last configured. snmp-server view This command adds an SNMP view which controls user access to the MIB.
Page 435: Show Snmp View
show snmp view This command shows information on the SNMP views. Command Mode Privileged Exec Example Console#show snmp view View Name: mib-2 Subtree OID: 1.2.2.3.6.2.1 View Type: included Storage Type: permanent Row Status: active View Name: defaultview Subtree OID: 1 View Type: included Storage Type: permanent Row Status: active...
Page 436 Command Line Interface Default Setting Default groups: public readview - Every object belonging to the Internet OID space (1.3.6.1). writeview - Nothing is defined. Command Mode Global Configuration Command Usage • A group sets the access policy for the assigned users. •...
Page 437: Show Snmp Group
show snmp group Four default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and read/write access. Command Mode Privileged Exec Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview Write View: daily Notify View: none Storage Type: permanent Row Status: active...
Page 438: Snmp-Server User
Command Line Interface Table 4-41 show snmp group - display description Field Description groupname Name of an SNMP group. security model The SNMP version. readview The associated read view. writeview The associated write view. notifyview The associated notify view. storage-type The storage type for this entry.
Page 439: Show Snmp User
The row status of this entry. snmp ip filter This command sets the IP addresses of clients that are allowed management access to the switch via SNMP. Use the no form the remove an IP address. Syntax [no] snmp ip filter ip_address subnet_mask •...
Page 440: Dhcp Commands
If one IP address is configured, IP filtering is enabled and only addresses in the specified IP group will have SNMP access. • IP filtering does not affect management access to the switch using the web interface or Telnet.
Page 441: Ip Dhcp Client-Identifier
ip dhcp client-identifier This command specifies the DCHP client identifier for the current interface. Use the no form to remove this identifier. Syntax ip dhcp client-identifier {text text | hex hex} no ip dhcp client-identifier • text - A text string. (Range: 1-15 characters) •...
Page 442: Dhcp Relay
This command is used to configure DHCP relay functions for host devices attached to the switch. If DHCP relay service is enabled, and this switch sees a DHCP request broadcast, it inserts its own IP address into the request so the DHCP server will know the subnet where the client is located.
Page 443: Ip Dhcp Relay Server
Related Commands ip dhcp relay server (4-129) ip dhcp relay server This command specifies the addresses of DHCP servers to be used by the switch’s DHCP relay agent. Use the no form to clear all addresses. Syntax ip dhcp relay server address1 [address2 [address3 ...]] no ip dhcp relay server address - IP address of DHCP server.
Page 444: Dhcp Server
Displays address bindings on the DHCP server *These commands are used for manually binding an address to a client. service dhcp This command enables the DHCP server on this switch. Use the no form to disable the DHCP server. Syntax...
Page 445: Ip Dhcp Excluded-Address
Command Mode Global Configuration Usage Guidelines • After executing this command, the switch changes to DHCP Pool Configuration mode, identified by the (config-dhcp)# prompt. • From this mode, first configure address pools for the network interfaces (using the network command). You can also manually bind an address to a specific client (with the host command) if required.
Page 446: Network
DHCP Pool Configuration Usage Guidelines • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If there is no gateway in the client request (i.e., the request was not forwarded by a relay server), the switch...
Page 447: Default-Router
default-router This command specifies default routers for a DHCP pool. Use the no form to remove the default routers. Syntax default-router address1 [address2] no default-router • address1 - Specifies the IP address of the primary router. • address2 - Specifies the IP address of an alternate router. Default Setting None Command Mode...
Page 448: Dns-Server
Command Line Interface dns-server This command specifies the Domain Name System (DNS) IP servers available to a DHCP client. Use the no form to remove the DNS server list. Syntax dns-server address1 [address2] no dns-server • address1 - Specifies the IP address of the primary DNS server. •...
Page 449: Bootfile
Related Commands next-server (4-134) netbios-name-server This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to Microsoft DHCP clients. Use the no form to remove the NetBIOS name server list. Syntax netbios-name-server address1 [address2] no netbios-name-server •...
Page 450: Netbios-Node-Type
Command Line Interface Related Commands netbios-node-type (4-136) netbios-node-type This command configures the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS node type. Syntax netbios-node-type type no netbios-node-type type - Specifies the NetBIOS node type: •...
Page 451: Host
• Host addresses must fall within the range specified for an existing network pool. • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server).
Page 452: Client-Identifier
Command Line Interface • The no host command only clears the address from the DHCP server database. It does not cancel the IP address currently in use by the host. Example Console(config-dhcp)#host 10.1.0.21 255.255.255.0 Console(config-dhcp)# Related Commands client-identifier (4-138) hardware-address (4-139) client-identifier This command specifies the client identifier of a DHCP client.
Page 453: Hardware-Address
hardware-address This command specifies the hardware address of a DHCP client. This command is valid for manual bindings only. Use the no form to remove the hardware address. Syntax hardware-address hardware-address type no hardware-address • hardware-address - Specifies the MAC address of the client device. •...
Page 454: Show Ip Dhcp Binding
Command Line Interface Usage Guidelines • An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the DHCP server clears all automatic bindings. • Use the no host command to delete a manual binding. •...
Page 455: Dns Commands
DNS Commands These commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS domain name to IP address mapping table, configure default domain names, or specify one or more name servers to use for domain name to address translation.
Page 456: Clear Host
Command Line Interface Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP address is associated with a host name using this command, a DNS client can try each address in succession, until it establishes a connection with the target device.
Page 457: Ip Domain-List
• Domain names are added to the end of the list one at a time. • When an incomplete host name is received by the DNS server on this switch, it will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.
Page 458: Ip Name-Server
Command Line Interface Example This example adds two domain names to the current list and then displays the list. Console(config)#ip domain-list sample.com.jp Console(config)#ip domain-list sample.com.uk Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List:...
Page 459: Ip Domain-Lookup
Example This example adds two domain-name servers to the list and then displays the list. Console(config)#ip domain-server 192.168.1.55 10.1.0.55 Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# Related Commands...
Page 460: Show Hosts
Command Line Interface Example This example enables DNS and then displays the configuration. Console(config)#ip domain-lookup Console(config)#end Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# Related Commands ip domain-name (4-142) ip name-server (4-144) show hosts...
Page 461: Show Dns
show dns This command displays the configuration of the DNS server. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# show dns cache This command displays entries in the DNS cache.
Page 462: Clear Dns Cache
Command Line Interface clear dns cache This command clears all entries in the DNS cache. Command Mode Privileged Exec Example Console#clear dns cache Console#show dns cache FLAG TYPE Console# 4-148 DOMAIN...
Page 463: Interface Commands
Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Command Function interface Configures an interface type and enters interface configuration mode description Adds a description to an interface configuration speed-duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled...
Page 464: Description
Command Line Interface Command Mode Global Configuration Example To specify port 4, enter the following command: Console(config)#interface ethernet 1/4 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface.
Page 465: Negotiation
Interface Configuration (Ethernet, Port Channel) Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 466: Capabilities
• symmetric (Gigabit only) - When specified, the port transmits and receives pause frames; when not specified, the port will auto-negotiate to determine the sender and receiver for asymmetric pause frames. (The current switch ASIC only supports symmetric pause frames.) Default Setting •...
Page 467: Flow Control
Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.
Page 468: Media-Type
Default Setting sfp-preferred-auto Command Mode Interface Configuration (Ethernet) Example This forces the switch to use the built-in RJ-45 port for the combination port 8. Console(config)#interface ethernet 1/8 Console(config-if)#media-type copper-forced Console(config-if)# shutdown This command disables an interface. To restart a disabled interface, use the no form.
Page 469: Switchport Broadcast Packet-Rate
• When broadcast traffic exceeds the specified threshold, packets above that threshold are dropped. • This command can enable or disable broadcast storm control for the selected interface. However, the specified threshold value applies to all ports on the switch. Interface Commands 4-155...
Page 470: Clear Counters
Command Line Interface Example The following shows how to configure broadcast storm control at 600 packets per second: Console(config)#interface ethernet 1/5 Console(config-if)#switchport broadcast packet-rate 600 Console(config-if)# clear counters This command clears statistics on an interface. Syntax clear counters interface interface •...
Page 471: Show Interfaces Status
show interfaces status This command displays the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all interfaces.
Page 472: Show Interfaces Counters
Command Line Interface show interfaces counters This command displays interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage...
Page 473: Show Interfaces Switchport
show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces.
Page 474: Mirror Port Commands
[rx | tx | both] no port monitor interface • interface - ethernet unit/port (source port) - unit - Switch (unit 1). - port - Port number. • rx - Mirror received packets. • tx - Mirror transmitted packets.
Page 475: Show Port Monitor
However, you should avoid sending too much traffic to the destination port from multiple source ports. Example The following example configures the switch to mirror all packets from port 6 to 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 both...
Page 476: Rate Limit Commands
Command Line Interface Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------- Destination port(listen port):Eth1/1 Source port(monitored port) Mode Console# Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface.
Page 477: Link Aggregation Commands
Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP. This switch supports up to six trunks. For example, a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex.
Page 478: Channel-Group
• The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.
Page 479 • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 480: Address Table Commands
• port-channel channel-id (Range: 1-6) • vlan-id - VLAN ID (Range: 1-4094) • action - - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent.
Page 481: Clear Mac-Address-Table Dynamic
Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table. Static addresses have the following characteristics: • Static addresses will not be removed from the address table when a given interface link is down.
Page 482: Mac-Address-Table Aging-Time
Command Line Interface Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: - Learned - Dynamic address entries - Permanent - Static entry - Delete-on-reset - Static entry to be deleted when system is reset •...
Page 483: Show Mac-Address-Table Aging-Time
Aging time: 300 sec. Console# Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 4-55 Spanning Tree Commands Command Function spanning-tree...
Page 484: Spanning-Tree
Shows the multiple spanning tree configuration configuration spanning-tree This command enables the Spanning Tree Algorithm globally for the switch. Use the no form to disable it. Syntax [no] spanning-tree Default Setting Spanning tree is enabled.
Page 485: Spanning-Tree Mode
This example shows how to enable the Spanning Tree Algorithm for the switch: Console(config)#spanning-tree Console(config)# spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to restore the default. Syntax spanning-tree mode {stp | rstp no spanning-tree mode •...
Page 486: Spanning-Tree Forward-Time
- Be careful when switching between spanning tree modes. Changing modes stops all spanning-tree instances for the previous mode and restarts the system in the new mode, temporarily disrupting user traffic. Example The following example configures the switch to use Rapid Spanning Tree: Console(config)#spanning-tree mode rstp Console(config)# spanning-tree forward-time This command configures the spanning tree bridge forward time globally for this switch.
Page 487: Spanning-Tree Hello-Time
This command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].
Page 488: Spanning-Tree Priority
Example Console(config)#spanning-tree max-age 40 Console(config)# spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range: 0 - 65535) (Range –...
Page 489: Spanning-Tree Transmission-Limit
Console(config)#spanning-tree transmission-limit 4 Console(config)# spanning-tree mst-configuration This command changes to Multiple Spanning Tree (MST) configuration mode. Default Setting • No VLANs are mapped to any MST instance. • The region name is set the switch’s MAC address. Spanning Tree Commands 4-175...
Page 490: Mst Vlan
• By default all VLANs are assigned to the Internal Spanning Tree (MSTI 0) that connects all bridges and LANs within the MST region. This switch supports up to 58 instances. You should try to group VLANs which cover the same general area of your network.
Page 491: Mst Priority
MAC address will then become the root device. • You can set this switch to act as the MSTI root device by specifying a priority of 0, or as the MSTI alternate device by specifying a priority of 16384.
Page 492: Revision
The MST region name and revision number (page 4-178) are used to designate a unique MST region. A bridge (i.e., spanning-tree compliant device such as this switch) can only belong to one MST region. And all bridges in the same region must be configured with the same MST instances.
Page 493: Max-Hops
max-hops This command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to restore the default. Syntax max-hops hop-number hop-number - Maximum hop number for multiple spanning tree. (Range: 1-40) Default Setting Command Mode MST Configuration Command Usage...
Page 494: Spanning-Tree Cost
Command Line Interface spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 1-200,000,000)) The recommended range is: •...
Page 495: Spanning-Tree Edge-Port
• This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.
Page 496: Spanning-Tree Portfast
Command Line Interface Example Console(config)#interface ethernet ethernet 1/5 Console(config-if)#spanning-tree edge-port Console(config-if)# Related Commands spanning-tree portfast (4-182) spanning-tree portfast This command sets an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax [no] spanning-tree portfast Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel)
Page 497: Spanning-Tree Link-Type
• When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link.
Page 498: Spanning-Tree Mst Port-Priority
Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command defines the priority for the use of an interface in the multiple spanning-tree. If the path cost for all interfaces on a switch are the same, the 4-184...
Page 499: Spanning-Tree Protocol-Migration
Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e.,...
Page 500: Show Spanning-Tree
Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree (CST) and for every interface in the tree. • Use the show spanning-tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree (CST).
Page 501 Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Instance Vlans configuration Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.) Root Forward Delay (sec.) Max hops Remaining hops Designated Root...
Page 502: Show Spanning-Tree Mst Configuration
Command Line Interface show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Command Mode Privileged Exec Example Console#show spanning-tree mst configuration Mstp Configuration Information -------------------------------------------------------------- Configuration name:00 30 f1 8f d5 50 Revision level:0 Instance VLANs -------------------------------------------------------------- Console# VLAN Commands...
Page 503: Vlan Database
Editing VLAN Groups Table 4-57 Commands for Editing VLAN Groups Command Function vlan database Enters VLAN database mode to add, change, and delete VLANs vlan Configures a VLAN, including VID, name and state vlan database This command enters VLAN database mode. All commands in this mode will take effect immediately.
Page 504: Vlan
• no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state returns the VLAN to the default state (i.e., active). • You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.
Page 505: Configuring Vlan Interfaces
Configuring VLAN Interfaces Table 4-58 Commands for Configuring VLAN Interfaces Command Function interface vlan Enters interface configuration mode for a specified VLAN switchport mode Configures VLAN membership mode for an interface switchport Configures frame types to be accepted by an interface acceptable-frame-types switchport ingress-filtering Enables ingress filtering on an interface...
Page 506: Switchport Mode
Command Line Interface switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN.
Page 507: Switchport Ingress-Filtering
Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN. Example The following example shows how to restrict the traffic received on port 1 to tagged frames: Console(config)#interface ethernet 1/1 Console(config-if)#switchport acceptable-frame-types tagged...
Page 508: Switchport Native Vlan
Command Line Interface Example The following example shows how to set the interface to port 1 and then enable ingress filtering: Console(config)#interface ethernet 1/1 Console(config-if)#switchport ingress-filtering Console(config-if)# switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default.
Page 509: Switchport Allowed Vlan
VLAN groups as a tagged member. • Frames are always tagged within the switch. The tagged/untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress.
Page 510: Switchport Forbidden Vlan
Command Line Interface switchport forbidden vlan This command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add. •...
Page 511: Displaying Vlan Information
Displaying VLAN Information Table 4-59 Commands for Displaying VLAN Information Command Function show vlan Shows VLAN information show interfaces status vlan Displays status for the specified VLAN interface show interfaces switchport Displays the administrative and operational status of an interface show vlan This command shows VLAN information.
Page 512: Configuring Private Vlans
VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the uplink port. • Private VLANs and normal VLANs can exist simultaneously within the same switch. • Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN.
Page 513: Show Pvlan
This kind of configuration deprives users of the basic benefits of VLANs, including security and easy accessibility. To avoid these problems, you can configure this switch with protocol-based VLANs that divide the physical network into logical VLAN groups for each required protocol.
Page 514: Protocol-Vlan Protocol-Group (Configuring Groups)
Command Line Interface protocol-vlan protocol-group (Configuring Groups) This command creates a protocol group, or to add specific protocols to a group. Use the no form to remove a protocol group. Syntax protocol-vlan protocol-group group-id [{add | remove} frame-type frame protocol-type protocol] no protocol-vlan protocol-group group-id •...
Page 515: Show Protocol-Vlan Protocol-Group
Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of the other VLAN commands (such as vlan on page 4-190), these interfaces will admit traffic of any protocol type into the associated VLAN. •...
Page 516: Show Interfaces Protocol-Vlan Protocol-Group
Command Line Interface show interfaces protocol-vlan protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces. Syntax show interfaces protocol-vlan protocol-group [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. •...
Page 517: Gvrp And Bridge Extension Commands
This command enables GVRP globally for the switch. Use the no form to disable it. Syntax [no] bridge-ext gvrp Default Setting Disabled Command Mode Global Configuration...
Page 518: Show Bridge-Ext
Command Line Interface show bridge-ext This command shows the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 3-126 and “Displaying Bridge Extension Capabilities” on page 3-14 for a description of the displayed items.
Page 519: Show Gvrp Configuration
show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration. Command Mode Normal Exec, Privileged Exec Example...
Page 520: Show Garp Timer
Command Line Interface Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate.
Page 521: Priority Commands
The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 522: Queue Mode
Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Page 523: Switchport Priority Default
IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. • This switch provides eight priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the show queue bandwidth command.
Page 524: Queue Bandwidth
Command Line Interface queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues. Use the no form to restore the default weights. Syntax queue bandwidth weight1...weight4 no queue bandwidth weight1...weight4 - The ratio of weights for queues 0 - 7 determines the weights used by the WRR scheduler.
Page 525: Show Queue Mode
Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown below.
Page 526: Show Queue Bandwidth
Command Line Interface Example Console#sh queue mode Wrr status: Enabled Console# show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues. Default Setting None Command Mode Privileged Exec Example Console#show queue bandwidth Information of Eth 1/1 Queue ID Weight --------...
Page 527: Priority Commands (Layer 3 And 4)
Example Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 CoS Value : 0 1 2 3 4 5 6 7 Priority Queue: 2 0 1 3 4 5 6 7 Console# Priority Commands (Layer 3 and 4) Table 4-66 Priority Commands (Layer 3 and 4) Command Function map ip port...
Page 528: Map Ip Port (Interface Configuration)
Command Line Interface Example The following example shows how to enable TCP/UDP port mapping globally: Console(config)#map ip port Console(config)# map ip port (Interface Configuration) This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number...
Page 529: Map Ip Precedence (Interface Configuration)
Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type. Example The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence...
Page 530: Map Ip Dscp (Global Configuration)
Command Line Interface map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [no] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage •...
Page 531: Show Map Ip Port
Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Table 4-68 Mapping IP DSCP to CoS Values IP DSCP Value 10, 12, 14, 16 18, 20, 22, 24 26, 28, 30, 32, 34, 36 38, 40, 42...
Page 532: Show Map Ip Precedence
Command Line Interface Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no. COS --------- -------- --- Eth 1/ 5 Console# Related Commands...
Page 533: Show Map Ip Dscp
Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --- Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Console# Related Commands map ip precedence (Global Configuration) (4-214)
Page 534: Multicast Filtering Commands
(Interface Configuration) (4-216) Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 535: Igmp Snooping Commands
Shows the IGMP snooping and query configuration show mac-address-table Shows the IGMP snooping MAC multicast list multicast ip igmp snooping This command enables IGMP snooping on this switch. Use the no form to disable it. Syntax [no] ip igmp snooping Default Setting Enabled...
Page 536: Ip Igmp Snooping Version
Version 1. • Some commands are only enabled for IGMPv2, including ip igmp query-max-response-time and ip igmp query-timeout. Example The following configures the switch to use IGMP Version 1: Console(config)#ip igmp snooping version 1 Console(config)# show ip igmp snooping This command shows the IGMP snooping configuration.
Page 537: Show Mac-Address-Table Multicast
Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-154 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Query count: 2 Query interval: 125 sec Query max response time: 10 sec Router port expire time: 300 sec...
Page 538: Igmp Query Commands (Layer 2)
Configures the query timeout router-port-expire-time ip igmp snooping querier This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [no] ip igmp snooping querier Default Setting Enabled Command Mode...
Page 539: Ip Igmp Snooping Query-Interval
This command configures the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds...
Page 540: Ip Igmp Snooping Query-Max-Response-Time
Global Configuration Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries...
Page 541: Ip Igmp Snooping Vlan Mrouter
Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds: Console(config)#ip igmp snooping router-port-expire-time 300 Console(config)#...
Page 542: Show Ip Igmp Snooping Mrouter
Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Page 543: Igmp Commands (Layer 3)
IGMP Commands (Layer 3) Table 4-73 IGMP Commands (Layer 3) Command Function ip igmp Enables IGMP for the specified interface ip igmp robustval Configures the expected packet loss ip igmp query-interval Configures frequency for sending host query messages ip igmp max-resp-interval Configures the maximum host response time ip igmp Configures frequency for sending group-specific host query...
Page 544: Ip Igmp Robustval
This command configures the frequency at which host query messages are sent. Use the no form to restore the default. Syntax ip igmp query-interval seconds no ip igmp query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 1-255) Default Setting 125 seconds Command Mode...
Page 545: Ip Igmp Max-Resp-Interval
Interface Configuration (VLAN) Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines how long any responder (i.e., client or router) still in the group has to respond to a query message before the router deletes the group.
Page 546: Ip Igmp Last-Memb-Query-Interval
Command Line Interface Related Commands ip igmp version (4-232) ip igmp query-interval (4-230) ip igmp last-memb-query-interval This command configures the last member query interval. Use the no form of this command to restore the default. Syntax ip igmp last-memb-query-interval seconds no ip igmp last-memb-query-interval seconds - The report delay for the last member query.
Page 547: Show Ip Igmp Interface
• All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. • The switch must be set to version 2 to enable the ip igmp max-resp-interval (page 4-231).
Page 548: Clear Ip Igmp Group
• This command displays information for multicast groups learned via IGMP, not static groups. • If the switch receives an IGMP Version 1 Membership Report, it sets a timer to note that there are Version 1 hosts present which are members of the group for which it heard the report.
Page 549: Table 4-74 Show Ip Igmp Groups - Display Description
• If there are Version 1 hosts present for a particular group, the switch will ignore any Leave Group messages that it receives for that group. Example The following shows the IGMP groups currently active on VLAN 1: Console#show ip igmp groups vlan 1...
Page 550: Ip Interface Commands
Command Line Interface IP Interface Commands There are no IP addresses assigned to this router by default. You must manually configure a new address to manage the router over your network or to connect the router to existing IP subnets. You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment (if routing is not enabled).
Page 551 Default Setting IP address: 0.0.0.0 Netmask: 255.0.0.0 Command Mode Interface Configuration (VLAN) Command Usage • If this router is directly connected to end node devices (or connected to end nodes via shared media) that will be assigned to a specific subnet, then you must create a router interface for each VLAN that will support routing.
Page 552: Ip Default-Gateway
Command Line Interface Example In the following example, the device is assigned an address in VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)# Related Commands ip dhcp restart client (4-127) ip default-gateway This command specifies the default gateway for destinations not found in the local routing tables.
Page 553: Show Ip Interface
show ip interface This command displays the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Console#show ip interface Vlan 1 is up, addressing mode is User Interface address is 10.1.0.254, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled...
Page 554 Command Line Interface Default Setting This command has no default for the host. Command Mode Normal Exec, Privileged Exec Command Usage • Use the ping command to see if another site on the network can be reached. • The following are some results of the ping command: - Normal response - The normal response occurs in one to ten seconds, depending on network traffic.
Page 555: Address Resolution Protocol (Arp)
Address Resolution Protocol (ARP) Table 4-77 Address Resolution Protocol Commands Command Function Adds a static entry in the ARP cache arp-timeout Sets the time a dynamic entry remains in the ARP cache clear arp-cache Deletes all dynamic entries from the ARP cache show arp Displays entries in the ARP cache ip proxy-arp...
Page 556: Arp-Timeout
Command Line Interface arp-timeout This command sets the aging time for dynamic entries in the Address Resolution Protocol (ARP) cache. Use the no form to restore the default. Syntax arp-timeout seconds no arp-timeout seconds - The time a dynamic entry remains in the ARP cache. (Range: 300-86400;...
Page 557: Ip Proxy-Arp
Command Usage This command displays information about the ARP cache. The first line shows the cache timeout. It also shows each cache entry, including the corresponding IP address, MAC address, type (static, dynamic, other), and VLAN interface. Note that entry type “other” indicates local addresses for this router.
Page 558: Ip Routing Commands
Command Line Interface IP Routing Commands After you configure network interfaces for this router, you must set the paths used to send traffic between different interfaces. If you enable routing on this device, traffic will automatically be forwarded between all of the local subnetworks. However, to forward traffic to devices on other subnetworks, you can either configure fixed paths with static routing commands, or enable a dynamic routing protocol that exchanges information with other routers on the network to automatically determine the best...
Page 559: Ip Route
Command Usage • The command affects both static and dynamic unicast routing. • If IP routing is enabled, all IP packets are routed using either static routing or dynamic routing via RIP or OSPF, and other packets for all non-IP protocols (e.g., NetBuei, NetWare or AppleTalk) are switched based on MAC addresses.
Page 560: Clear Ip Route
Command Line Interface clear ip route This command removes dynamically learned entries from the IP routing table. Syntax clear ip route {network [netmask] | *} • network – Network or subnet address. • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets.
Page 561: Show Ip Host-Route
Example Console#show ip route Ip Address Netmask --------------- --------------- --------------- ---------- ------ --------- 0.0.0.0 10.2.48.2 255.255.252.0 10.2.5.6 255.255.255.0 10.3.9.1 255.255.255.0 Total entry: 4 Console# Table 4-80 show ip route - display description Field Description Ip Address IP address of the destination network, subnetwork, or host. Note that the address 0.0.0.0 indicates the default gateway for this router.
Page 562: Show Ip Traffic
Command Line Interface show ip traffic This command displays statistics for IP, ICMP, UDP, TCP and ARP protocols. Command Mode Privileged Exec Command Usage For a description of the information shown by this command, see “Displaying Statistics for IP Protocols” on page 3-205. Example Console#show ip traffic IP statistics:...
Page 563: Router Rip
Table 4-82 Routing Information Protocol Commands Command Function ip rip authentication key Enables authentication for RIP2 packets and specifies keys ip rip authentication mode Specifies the type of authentication used for RIP2 packets show rip globals Displays global configuration settings and statistics for RIP show ip rip Displays RIP configuration information for each network interface PE router rip...
Page 564: Network
Command Line Interface Default Setting Update: 30 seconds Timeout: 180 seconds Garbage collection: 120 seconds Command Usage • The update timer sets the rate at which updates are sent. This is the fundamental timer used to control all basic RIP processes. •...
Page 565: Neighbor
Command Usage • RIP only sends updates to interfaces specified by this command. • Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address. In other words, if a subnet address nnn.xxx.xxx.xxx is entered, the first field (nnn) determines the class: 0 - 127 is class A, and only the first field in the network address is used.
Page 566: Version
Command Line Interface version This command specifies a RIP version used globally by the router. Use the no form to restore the default value. Syntax version {1 | 2} no version • 1 - RIP Version 1 • 2 - RIP Version 2 Command Mode Router Configuration Default Setting...
Page 567: Ip Rip Receive Version
ip rip receive version This command specifies a RIP version to receive on an interface. Use the no form to restore the default value. Syntax ip rip receive version {none | 1 | 2 | 1 2} no ip rip receive version •...
Page 568: Ip Rip Send Version
Command Line Interface ip rip send version This command specifies a RIP version to send on an interface. Use the no form to restore the default value. Syntax ip rip send version {none | 1 | 2 | v2-broadcast} no ip rip send version •...
Page 569: Ip Split-Horizon
ip split-horizon This command enables split-horizon or poison-reverse (a variation) on an interface. Use the no form to disable split-horizon. Syntax ip split-horizon [poison-reverse] no ip split-horizon poison-reverse - Enables poison-reverse on the current interface. Command Mode Interface Configuration (VLAN) Default Setting split-horizon Command Usage...
Page 570: Ip Rip Authentication Mode
Command Line Interface • For authentication to function properly, both the sending and receiving interface must be configured with the same password. Example This example sets an authentication password of “small” to verify incoming routing messages and to tag outgoing routing messages. Console(config)#interface vlan 1 Console(config-if)#ip rip authentication key small Console(config-if)#...
Page 571: Show Rip Globals
show rip globals This command displays global configuration settings for RIP. Command Mode Privileged Exec Example Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 0 Number of Queries: 1 Console# Table 4-83 show rip globals - display description Field Description RIP Process...
Page 572: Table 4-84 Show Ip Rip - Display Description
Command Line Interface Example Console#show ip rip configuration Interface SendMode --------------- --------------- ------------- -------------- ------------------ 10.1.0.253 rip1Compatible 10.1.1.253 rip1Compatible Console#show ip rip status Interface RcvBadPackets --------------- --------------- -------------- --------------- 10.1.0.253 10.1.1.253 Console#show ip rip peer Peer UpdateTime --------------- ------------ --------- --------------- -------------- 10.1.0.254 1625 10.1.1.254...
Page 573: Open Shortest Path First (Ospf)
Open Shortest Path First (OSPF) Table 4-85 Open Shortest Path First Commands Command Function General Configuration router ospf Enables or disables OSPF router-id Sets the router ID for this device compatible rfc1583 Calculates summary route costs using RFC 1583 (OSPFv1) default-information Generates a default external route into an autonomous system originate...
Page 574: Router Ospf
Command Line Interface Table 4-85 Open Shortest Path First Commands (Continued) Command Function show ip ospf Displays all summary address redistribution information summary-address show ip ospf virtual-links Displays parameters and the adjacency state of virtual links router ospf This command enables Open Shortest Path First (OSPF) routing for all IP interfaces on the router.
Page 575: Compatible Rfc1583
Command Usage • The router ID must be unique for every router in the autonomous system. Using the default setting based on the lowest interface address ensures that each router ID is unique. Also, note that you cannot set the router ID to 0.0.0.0 or 255.255.255.255.
Page 576: Default-Information Originate
Command Line Interface default-information originate This command generates a default external route into an autonomous system. Use the no form to disable this feature. Syntax default-information originate [always] [metric interface-metric] [metric-type metric-type] no default-information originate • always - Always advertise a default route to the local AS regardless of whether the router has a default route.
Page 577: Timers Spf
Command Usage • Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations. • Using a low value allows the router to switch to a new path faster, but uses more CPU processing time. Example...
Page 578: Area Range
Command Line Interface area range This command summarizes the routes advertised by an Area Border Router (ABR). Use the no form to disable this function. Syntax [no] area area-id range ip-address netmask [advertise | not-advertise] • area-id - Identifies an area for which the routes are summarized. (The area ID must be in the form of an IP address.) •...
Page 579: Summary-Address
Default Setting Command Usage • If you enter this command for a normal area, it will changed to a stub. • If the default cost is set to “0,” the router will not advertise a default route into the attached stub or NSSA. Example Console(config-router)#area 10.3.9.0 default-cost 10 Console(config-router)#...
Page 580: Redistribute
Command Line Interface redistribute This command imports external routing information from other routing domains (i.e., protocols) into the autonomous system. Use the no form to disable this feature. Syntax [no] redistribute [rip | static] [metric metric-value] [metric-type type-value] • rip - External routes will be imported from the Routing Information Protocol into this Autonomous System.
Page 581: Network Area
network area This command defines an OSPF area and the interfaces that operate within this area. Use the no form to disable OSPF for a specified interface. Syntax [no] network ip-address netmask area area-id • ip-address - Address of the interfaces to add to the area. •...
Page 582: Area Stub
Command Line Interface area stub This command defines a stub area. To remove a stub, use the no form without the optional keyword. To remove the summary attribute, use the no form with the summary keyword. Syntax [no] area area-id stub [summary] •...
Page 583: Area Nssa
area nssa This command defines a not-so-stubby area (NSSA). To remove an NSSA, use the no form without any optional keywords. To remove an optional attribute, use the no form without the relevant keyword. Syntax [no] area area-id nssa [no-redistribution] [default-information-originate] •...
Page 584: Area Virtual-Link
Command Line Interface Example This example creates a stub area 10.3.0.0, and assigns all interfaces with class B addresses 10.3.x.x to the NSSA. It also instructs the router to generate external LSAs into the NSSA when it is an NSSA ABR or NSSA ASBR. Console(config-router)#area 10.3.0.0 nssa default-information-originate Console(config-router)#network 10.3.0.0 255.255.0.0 area 10.2.0.0 Console(config-router)#...
Page 585 propagation delays. LSAs have their age incremented by this amount before transmission. This value must be the same for all routers attached to an autonomous system. (Range: 1-3600 seconds; Default: 1 seconds) • dead-interval seconds - Specifies the time that neighbor routers will wait for a hello packet before they declare the router down.
Page 586: Ip Ospf Authentication
Command Line Interface Example This example creates a virtual link using the defaults for all optional parameters. Console(config-router)#network 10.4.0.0 0.255.255.0.0 area 10.4.0.0 Console(config-router)#area 10.4.0.0 virtual-link 10.4.3.254 Console(config-router)# This example creates a virtual link using MD5 authentication. Console(config-router)#network 10.4.0.0 0.255.255.0.0 area 10.4.0.0 Console(config-router)#area 10.4.0.0 virtual-link 10.4.3.254 message-digest-key 5 md5 ld83jdpq Console(config-router)#...
Page 587: Ip Ospf Authentication-Key
Related Commands ip ospf authentication-key (4-273) ip ospf message-digest-key (4-274) ip ospf authentication-key This command assigns a simple password to be used by neighboring routers. Use the no form to remove the password. Syntax ip ospf authentication-key key no ip ospf authentication-key key - Sets a plain text password.
Page 588: Ip Ospf Message-Digest-Key
Command Line Interface ip ospf message-digest-key This command enables message-digest (MD5) authentication on the specified interface and to assign a key-id and key to be used by neighboring routers. Use the no form to remove an existing key. Syntax ip ospf message-digest-key key-id md5 key no ip ospf message-digest-key key-id •...
Page 589: Ip Ospf Cost
ip ospf cost This command explicitly sets the cost of sending a packet on an interface. Use the no form to restore the default value. Syntax ip ospf cost cost no ip ospf cost cost - Link metric for this interface. Use higher values to indicate slower ports.
Page 590: Ip Ospf Hello-Interval
Command Line Interface Related Commands ip ospf hello-interval (4-276) ip ospf hello-interval This command specifies the interval between sending hello packets on an interface. Use the no form to restore the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval seconds - Interval at which hello packets are sent from an interface.
Page 591: Ip Ospf Retransmit-Interval
Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to any value other than zero, the router with the highest priority will become the DR and the router with the next highest priority becomes the BDR.
Page 592: Ip Ospf Transmit-Delay
Command Line Interface ip ospf transmit-delay This command sets the estimated time to send a link-state update packet over an interface. Use the no form to restore the default value. Syntax ip ospf transmit-delay seconds no ip ospf transmit-delay seconds - Sets the estimated time required to send a link-state update. (Range: 1-65535) Command Mode Interface Configuration (VLAN)
Page 593: Show Ip Ospf Border-Routers
Table 4-86 show ip ospf - display description Field Routing Process with ID Supports only single TOS (TOS0) route It is an router type Number of areas in this router Area identifier Number of interfaces SPF algorithm executed show ip ospf border-routers This command shows entries in the routing table that lead to an Area Border Router (ABR) or Autonomous System Boundary Router (ASBR).
Page 594: Show Ip Ospf Database
Command Line Interface show ip ospf database This command shows information about different OSPF Link State Advertisements (LSAs) stored in this router’s database. Syntax show ip ospf [area-id] database [adv-router [ip-address]] show ip ospf [area-id] database [asbr-summary] [link-state-id] show ip ospf [area-id] database [asbr-summary] [link-state-id] [adv-router [ip-address]] show ip ospf [area-id] database [asbr-summary] [link-state-id] [self-originate] [link-state-id] show ip ospf [area-id] database [database-summary] show ip ospf [area-id] database [external] [link-state-id]...
Page 595: Table 4-88 Show Ip Ospf Database - Display Description
Command Mode Privileged Exec Examples The following shows output for the show ip ospf database command. Console#show ip ospf database Displaying Router Link States(Area 10.1.0.0) Link ID ADV Router --------------- --------------- ------ ----------- ----------- 10.1.1.252 10.1.1.252 10.1.1.253 10.1.1.253 Displaying Net Link States(Area 10.1.0.0) Link ID ADV Router --------------- --------------- ------ ----------- -----------...
Page 596: Table 4-89 Show Ip Ospf Asbr-Summary - Display Description
Command Line Interface The following shows output when using the asbr-summary keyword. Console#show ip ospf database asbr-summary OSPF Router with id(10.1.1.253) Displaying Summary ASB Link States(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Router) Link State ID: 192.168.5.1 (AS Boundary Router's Router ID) Advertising Router: 192.168.1.5 LS Sequence Number: 80000002...
Page 597: Table 4-90 Show Ip Ospf Database-Summary - Display Description
The following shows output when using the database-summary keyword. Console#show ip ospf database database-summary Area ID (10.1.0.0) Router Network Total LSA Counts : 4 Console# Table 4-90 show ip ospf database-summary - display description Field Description Area ID Area identifier Router Number of router LSAs Network...
Page 598: Table 4-91 Show Ip Ospf External - Display Description
Command Line Interface The following shows output when using the external keyword. Console#show ip ospf database external OSPF Router with id(192.168.5.1) (Autonomous system 5) Displaying AS External Link States LS age: 433 Options: (No TOS-capability) LS Type: AS External Link Link State ID: 10.1.1.253 (External Network Number) Advertising Router: 10.1.2.254 LS Sequence Number: 80000002...
Page 599: Table 4-92 Show Ip Ospf Network - Display Description
The following shows output when using the network keyword. Console#show ip ospf database network OSPF Router with id(10.1.1.253) Displaying Net Link States(Area 10.1.0.0) Link State Data Network (Type 2) ------------------------------- LS age: 433 Options: Support External routing capability LS Type: Network Links Link State ID: 10.1.1.252 (IP interface address of the Designated Router) Advertising Router: 10.1.1.252 LS Sequence Number: 80000002...
Page 600: Table 4-93 Show Ip Ospf Router - Display Description
Command Line Interface The following shows output when using the router keyword. Console#show ip ospf database router OSPF Router with id(10.1.1.253) Displaying Router Link States(Area 10.1.0.0) Link State Data Router (Type 1) ------------------------------- LS age: 233 Options: Support External routing capability LS Type: Router Links Link State ID: 10.1.1.252 (Originating Router's Router ID) Advertising Router: 10.1.1.252...
Page 601: Table 4-94 Show Ip Ospf Summary - Display Description
Table 4-93 show ip ospf router - display description (Continued) Field Description Number of TOS metrics Type of Service metric – This router only supports TOS 0 (or normal service) Metrics Cost of the link The following shows output when using the summary keyword. Console#show ip ospf database summary OSPF Router with id(10.1.1.253) Displaying Summary Net Link States(Area 10.1.0.0)
Page 602: Show Ip Ospf Interface
Command Line Interface show ip ospf interface This command displays summary information for OSPF interfaces. Syntax show ip ospf interface [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.1.1.253, Mask 255.255.255.0, Area 10.1.0.0 Router ID 10.1.1.253, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1...
Page 603: Show Ip Ospf Neighbor
show ip ospf neighbor This command displays information about neighboring routers on each interface within an OSPF area. Syntax show ip ospf neighbor Command Mode Privileged Exec Example Console#show ip ospf neighbor --------------- ------ ---------------- --------------- 10.1.1.252 Console# Table 4-96 show ip ospf neighbor - display description Field Description Neighbor’s router ID...
Page 604: Show Ip Ospf Summary-Address
Command Line Interface show ip ospf summary-address This command displays all summary address information. Syntax show ip ospf summary-address Command Mode Privileged Exec Example This example shows a summary address and associated network mask. Console#show ip ospf summary-address 10.1.0.0/255.255.0.0 Console# Related Commands summary-address (4-265) show ip ospf virtual-links...
Page 605: Multicast Routing Commands
Multicast Routing Commands This router uses IGMP snooping and query to determine the ports connected to downstream multicast hosts, and to propagate this information back up through the multicast tree to ensure that requested services are forwarded through each intermediate node between the multicast server and its hosts, and also to filter traffic from all of the other interfaces that do not require these services.
Page 606: Show Ip Igmp Snooping Mrouter
Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Page 607: General Multicast Routing Commands
General Multicast Routing Commands Table 4-100 General Multicast Routing Commands Command Function ip multicast-routing Enables IP multicast routing show ip mroute Shows the IP multicast routing table ip multicast-routing This command enables IP multicast routing. Use the no form to disable IP multicast routing.
Page 608: Table 4-101 Show Ip Mroute - Display Description
Command Line Interface Command Mode Privileged Exec Command Usage This command displays information for multicast routing. If no optional parameters are selected, detailed information for each entry in the multicast address table is displayed. If you select a multicast group and source pair, detailed information is displayed only for the specified entry.
Page 609: Dvmrp Multicast Routing Commands
This example lists all entries in the multicast table in summary form: Console#show ip mroute summary IP Multicast Forwarding is enabled. IP Multicast Routing Table (Summary) Flags: P - Prune UP Group Source --------------- --------------- --------------- ---------- ------- ------ 224.1.1.1 10.1.0.0 224.2.2.2 10.1.0.0...
Page 610: Probe-Interval
Command Line Interface Command Mode Global Configuration Command Usage This command enables DVMRP globally for the router and enters router configuration mode. Make any changes necessary to the global DVMRP parameters. Then specify the interfaces that will support DVMRP multicast routing using the ip dvmrp command, and set the metric for each interface.
Page 611: Nbr-Timeout
Command Usage Probe messages are sent to neighboring DVMRP routers from which this device has received probes, and is used to verify whether or not these neighbors are still active members of the multicast tree. Example Console(config-router)#probe-interval 30 Console(config-router)# nbr-timeout This command sets the interval to wait for messages from a DVMRP neighbor before declaring it dead.
Page 612: Flash-Update-Interval
Command Line Interface Command Mode Router Configuration Example Console(config-router)#report-interval 90 Console(config-router)# flash-update-interval This command specifies how often to send trigger updates, which reflect changes in the network topology. Use the no form to restore the default value. Syntax flash-update-interval seconds no flash-update-interval seconds - Interval between sending flash updates when network topology changes have occurred.
Page 613: Default-Gateway
Example Console(config-router)#prune-lifetime 5000 Console(config-router)# default-gateway This command specifies the default DVMRP gateway for IP multicast traffic. Use the no form to remove the default gateway. Syntax default-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway. Default Setting None Command Mode Router Configuration...
Page 614: Ip Dvmrp Metric
Command Line Interface Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage To fully enable DVMRP, you need to enable multicast routing globally for the router with the ip multicast-routing command (page 4-293), enable DVMRP globally for the router with the router dvmrp command (page 4-295), and also enable DVMRP for each interface that will participate in multicast routing with the ip dvmrp command.
Page 615: Clear Ip Dvmrp Route
Example Console(config)#interface vlan 1 Console(config-if)#ip dvmrp metric 2 Console(config-if)# clear ip dvmrp route This command clears all dynamic routes learned by DVMRP. Command Mode Privileged Exec Example As shown below, this command clears everything from the route table except for the default route.
Page 616: Show Ip Dvmrp Route
Command Line Interface Example The default settings are shown in the following example: Console#show route dvmrp Admin Status Probe Interval Nbr expire Minimum Flash Update Interval prune lifetime route report Default Gateway Metric of Default Gateway Console# show ip dvmrp route This command displays all entries in the DVMRP routing table.
Page 617: Show Ip Dvmrp Neighbor
show ip dvmrp neighbor This command displays all of the DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp neighbor Address Interface ---------------- --------------- -------- -------- ------------- 10.1.0.254 Console# Table 4-104 show ip dvmrp neighbor - display description Field Description Address...
Page 618: Pim-Dm Multicast Routing Commands
Command Line Interface PIM-DM Multicast Routing Commands Table 4-105 PIM-DM Multicast Routing Commands Command Function router pim Enables PIM globally for the router ip pim dense-mode Enables PIM on the specified interface ip pim hello-interval Sets the interval between sending PIM hello messages ip pim hello-holdtime Sets the time to wait for hello messages from a neighboring PIM router before declaring it dead...
Page 619: Ip Pim Dense-Mode
Example Console(config)#router pim Console#show router pim Admin Status: Enabled Console# ip pim dense-mode This command enables PIM-DM on the specified interface. Use the no form to disable PIM-DM on this interface. Syntax [no] ip pim dense-mode Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage •...
Page 620: Ip Pim Hello-Interval
Command Line Interface ip pim hello-interval This command configures the frequency at which PIM hello messages are transmitted. Use the no form to restore the default value. Syntax ip pim hello-interval seconds no pim hello-interval seconds - Interval between sending PIM hello messages. (Range: 1-65535) Default Setting 30 seconds...
Page 621: Ip Pim Trigger-Hello-Interval
Example Console(config-if)#ip pim hello-holdtime 210 Console(config-if)# ip pim trigger-hello-interval This command configures the maximum time before transmitting a triggered PIM Hello message after the router is rebooted or PIM is enabled on an interface. Use the no form to restore the default value. Syntax ip pim triggerr-hello-interval seconds no ip pim triggerr-hello-interval...
Page 622: Ip Pim Graft-Retry-Interval
Command Line Interface Default Setting 210 seconds Command Mode Interface Configuration (VLAN) Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces on the router. If there are no requesting groups on that interface, the leaf node sends a prune message upstream and enters a prune state for this multicast stream.
Page 623: Ip Pim Max-Graft-Retries
ip pim max-graft-retries This command configures the maximum number of times to resend a Graft message if it has not been acknowledged. Use the no form to restore the default value. Syntax ip pim max-graft-retries retries no ip pim graft-retry-interval retries - The maximum number of times to resend a Graft.
Page 624: Show Ip Pim Neighbor
Command Line Interface Example Console#show ip pim interface 1 Vlan 1 is up PIM is enabled, mode is Dense. Internet address is 10.1.0.253. Hello time interval is 30 sec, trigger hello time interval is 5 sec. Hello holdtime is 105 sec. Join/Prune holdtime is 210 sec.
Page 625: Router Redundancy Commands
Router Redundancy Commands Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load. The primary goal of router redundancy is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down.
Page 626: Vrrp Ip
Command Line Interface vrrp ip This command enables the Virtual Router Redundancy Protocol (VRRP) on an interface and specify the IP address of the virtual router. Use the no form to disable VRRP on an interface and remove the IP address from the virtual router. Syntax [no] vrrp group ip ip-address [secondary] •...
Page 627: Vrrp Authentication
vrrp authentication This command specifies the key used to authenticate VRRP packets received from other routers. Use the no form to prevent authentication. Syntax vrrp group authentication key no vrrp group authentication • group - Identifies the virtual router group. (Range: 1-255) •...
Page 628: Vrrp Timers Advertise
Command Line Interface Command Usage • A router that has a physical interface with the same IP address as that used for the virtual router will become the master virtual router. The backup router with the highest priority will become the master router if the current master fails.
Page 629: Vrrp Preempt
• VRRP advertisements are sent to the multicast address 224.0.0.8. Using a multicast address reduces the amount of traffic that has to processed by network devices that are not part of the designated VRRP group. • If the master router stops sending advertisements, backup routers will bid to become the master router based on priority.
Page 630: Show Vrrp
Command Line Interface Related Commands vrrp priority (4-313) show vrrp This command displays status information for VRRP. Syntax show vrrp [brief | group] • brief - Displays summary information for all VRRP groups on this router. • group - Identifies a VRRP group. (Range: 1-255) Defaults None Command Mode...
Page 631: Table 4-110 Show Vrrp Brief - Display Description
Table 4-109 show vrrp - display description Field Description State VRRP role of this interface (master or backup) Virtual IP Virtual address that identifies this VRRP group address Virtual MAC Virtual MAC address derived from the owner of the virtual IP address address Advertisement Interval at which the master virtual router advertises its role as the master...
Page 632: Show Vrrp Interface
Command Line Interface show vrrp interface This command displays status information for the specified VRRP interface. Syntax show vrrp interface vlan vlan-id [brief] • vlan-id - Identifier of configured VLAN interface. (Range: 1-4094) • brief - Displays summary information for all VRRP groups on this router. Defaults None Command Mode...
Page 633: Show Vrrp Interface Counters
show vrrp interface counters This command displays counters for VRRP protocol events and errors that have occurred for the specified group and interface. show vrrp group interface vlan interface counters • group - Identifies a VRRP group. (Range: 1-255) • interface - Identifier of configured VLAN interface. (Range: 1-4094) Defaults None Command Mode...
Page 634: Hot Standby Router Protocol Commands
Command Line Interface Defaults None Command Mode Privileged Exec Example Console#clear vrrp 1 interface 1 counters Console# Hot Standby Router Protocol Commands To configure HSRP, add the interface for each router that will participate in the virtual router group, set the priorities, and configure an authentication string. The HSRP protocol will automatically select the master and standby router based on the priority settings.
Page 635: Standby Ip
standby ip This command enables the Hot Standby Router Protocol (HSRP) on an interface and specify the IP address of the virtual router. Use the no form to disable HSRP on an interface and remove the IP address for the virtual router. Syntax standby [group] ip [ip-address [secondary]] no standby [group] ip [ip-address]...
Page 636: Standby Priority
Command Line Interface Example This example creates HSRP group 1 for VLAN 1, and also adds a secondary interface as a member of the group. Console(config)#interface vlan 1 Console(config-if)#standby 1 ip 192.168.1.7 Console(config-if)#standby 1 ip 192.168.2.6 secondary Console(config-if)# standby priority This command sets the priority of this router in a HSRP group.
Page 637: Standby Preempt
Related Commands standby authentication (4-324) standby track (4-326) standby preempt This command configures the router to take over as the master virtual router for an HSRP group if it has higher priority than the current master virtual router. Use the no form to disable preemption.
Page 638: Standby Authentication
Command Line Interface standby authentication This command specifies the key used to authenticate HSRP packets received from other routers. Use the no form to delete an authentication string. Syntax standby [group] authentication string no standby [group] authentication • group - Identifies the HSRP group. (Range: 0-255) •...
Page 639: Standby Timers
standby timers This command sets the time between the master and standby router sending hello packets, and the time before other routers declare the active master router or standby router down. Use the no form to restore the default timer values. Syntax standby [group] timers hellotime holdtime no standby [group] timers...
Page 640: Standby Track
Command Line Interface standby track This command configures an interface so that the HSRP priority changes based on the availability of other IP interfaces on this router. Use the no form to disable tracking. Syntax standby [group] track vlan vlan-id [interface-priority] no standby [group] track vlan vlan-id •...
Page 641: Show Standby
show standby This command displays status information for HSRP. Syntax show standby [active | init | listen | standby] [brief] • active - Displays HSRP groups in the active state. • init - Displays HSRP groups in the initial state. •...
Page 642: Table 4-113 Show Standby Brief - Display Description
Command Line Interface Table 4-112 show standby - display description (Continued) Field Description priority Priority of this router. may preempt Router will attempt to take over as the master router if its priority is higher. Preemption Delay before a router with higher priority can preempt the current acting master delayed Hellotime Interval at which this router advertises when acting as the master or standby router...
Page 643: Show Standby Interface
show standby interface This command displays HSRP status information for the specified interface. Syntax show standby interface vlan vlan-id [group group] [active | init | listen | standby] [brief] • vlan-id - Identifier of configured VLAN interface. (Range: 1-4094) • group - Identifies the HSRP group. (Range: 0-255) •...
Page 644 Command Line Interface 4-330...
Page 645: Appendix A: Software Specifications
Appendix A: Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) DHCP Client, Relay, Server DNS Server Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-SX/LX - 1000 Mbps at full duplex (SFP), 1000BASE-LH - 1000 Mbps at full duplex (SFP), 100BASE-FX - 100 Mbps at full duplex (SFP)
Page 646: Management Features
Software Specifications Multicast Filtering IGMP Snooping (Layer 2) IGMP (Layer 3) Multicast Routing DVMRP, PIM-DM IP Routing ARP, Proxy ARP Static routes RIP, RIPv2 and OSPFv2 dynamic routing VRRP (Virtual Router Redundancy Protocol) HSRP (Hot Standby Router Protocol) Additional Features BOOTP client CIDR (Classless Inter-Domain Routing) SNTP (Simple Network Time Protocol)
Page 647: Management Information Bases
Management Information Bases IEEE 802.3x Full-duplex flow control (ISO/IEC 8802-3) IEEE 802.3z Gigabit Ethernet, IEEE 802.3ab 1000BASE-T IEEE 802.3ac VLAN tagging IEEE 802.3ad Link Aggregation Control Protocol ARP (RFC 826) DHCP Client (RFC 1541) DHCP Relay (RFC 951) DHCP Server (RFC 2131) DVMRP (RFC 1075) HSRP (RFC 2281) HTTPS...
Page 648 Software Specifications PIM MIB (RFC 2934) Port Access Entity MIB (IEEE 802.1x) Port Access Entity Equipment MIB Private MIB RADIUS Authentication Client MIB (RFC 2621) RIP1 MIB (RFC 1058) RIP2 MIB (RFC 2453) RMON MIB (RFC 2819) RMON II Probe Configuration Group (RFC 2021, partial implementation) SNMP framework MIB (RFC 2571) SNMP-MPD MIB (RFC 2572) SNMP Target MIB, SNMP Notification MIB (RFC 2573)
Page 649: Appendix B: Troubleshooting
• Be sure the management station has an IP address in the same subnet as • If you are trying to connect to the switch via the IP address for a tagged • If you cannot connect using Telnet, you may have exceeded the maximum Cannot connect using •...
Page 650: Using System Logs
Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 651: Glossary
ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address. This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next.
Page 652 EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification.
Page 653 An IEEE standard for the Multiple Spanning Tree Protocol (MSTP) which provides independent spanning trees for VLAN groups. IEEE 802.1x Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication. IEEE 802.3ac Defines frame extensions for VLAN tagging.
Page 654 Glossary IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Page 655 Glossary Network Time Protocol (NTP) NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. Open Shortest Path First (OSPF) OSPF is a link-state routing protocol that functions better over a larger network such as the Internet, as opposed to distance-vector routing protocols such as RIP.
Page 656 A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Mail Transfer Protocol (SMTP) A standard host-to-host mail transport protocol that operates over TCP, port 25.
Page 657 Glossary Terminal Access Controller Access Control System Plus (TACACS+) is a logon authentication protocol that uses software running on a central TACACS+ server to control access to TACACS-compliant devices on the network. Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol suite that includes TCP as the primary transport protocol, and IP as the network layer protocol.
Page 658 Glossary Glossary-8...
Page 659: Index
Index Numerics 802.1x, port authentication 3-57, 4-79 acceptable frame type 3-132, 4-192 Access Control List See ACL Extended IP 3-67, 4-87, 4-88, 4-91 MAC 3-67, 4-87, 4-102, 4-102–4-104 Standard IP 3-67, 4-87, 4-88, 4-90 Address Resolution Protocol See ARP address table 3-101, 4-166 aging time 3-104, 4-169 configuration 3-200, 4-241 description 3-199...
Page 660 firmware displaying version 3-12, 4-62 upgrading 3-20, 4-64 GARP VLAN Registration Protocol See GVRP gateway, default 3-16, 3-196, 4-238 GVRP global setting 3-126, 4-203 interface configuration 3-132, 4-204 hardware version, displaying 3-12, 4-62 Hot Standby Router Redundancy See HSRP HSRP 3-186, 4-320 authentication 3-189, 4-324 configuration settings 3-186, 4-320 interface tracking 3-189, 4-326...
Page 661 mirror port, configuring 3-95, 4-160 MSTP 4-171 global settings 3-117, 4-169 interface settings 3-115, 4-170 multicast filtering 3-152, 4-220 multicast groups 3-158, 3-163, 4-223 displaying 3-163, 4-223 static 3-158, 4-221, 4-223 multicast routing 3-249, 4-291 description 3-249 DVMRP 3-253, 4-295 enabling 3-249, 4-293 general commands 4-293 global settings 3-249, 4-293...
Page 662 specifying interfaces 3-216, 4-250 statistics 3-220, 4-258 router redundancy HSRP 3-186, 4-320 protocols 3-178, 4-311 VRRP 3-179, 4-311 routing table, displaying 3-212, 4-246, 4-247 RSTP 3-104, 4-171 global configuration 3-105, 4-171 secure shell 3-50, 4-35 Secure Shell configuration 3-50, 4-38 serial port configuring 4-11 Simple Network Management Protocol...
Page 663 egress mode 3-133, 4-192 interface configuration 3-132, 4-192–4-196 private 3-134, 4-198 protocol 3-135, 4-199 VRRP 3-179, 4-311 authentication 3-181, 4-313 configuration settings 3-179, 4-311 group statistics 3-185, 4-316 preemption 3-180, 3-181, 4-315 priority 3-180, 3-181, 4-313 protocol message statistics 3-184, 4-318 timers 3-181, 4-314 virtual address 3-179, 3-181, 4-312...
Page 664 Index Index-6...
Page 666 ES4612 E092004-R01 150000046400A...

Save PDF