Edge-Core ES4625 Management Manual
  1. Manuals
  2. Brands
  3. Edge-Core Manuals
  4. Network Router
  5. ES4625
  6. Management manual
Edge-Core ES4625 Management Manual

Edge-Core ES4625 Management Manual

Microsoft gigabit ethernet stackable layer 3 switch managment guide
Hide thumbs Also See for ES4625:
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
Table of Contents

Advertisement

Quick Links

Powered by Accton
ES4625/ES4649
24/48-Port Gigabit Ethernet
Stackable Layer 3 Switch
Management Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ES4625 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Edge-Core ES4625

Summary of Contents for Edge-Core ES4625

  • Page 1 Powered by Accton ES4625/ES4649 24/48-Port Gigabit Ethernet Stackable Layer 3 Switch Management Guide...

  • Page 3: Management Guide

    Management Guide Gigabit Ethernet Switch Layer 3 Switch with 20/44 RJ-45 Ports, 4 Combination Ports (SFP/RJ-45), 1 Extender Module Slot, and 2 Stacking Ports...
  • Page 4 ES4625 ES4649 F3.1.1.21 E042005-R01 149100022900A...

  • Page 5: Table Of Contents

    Community Strings (for SNMP version 1 and 2c clients) Trap Receivers Configuring Access for SNMP Version 3 Clients Saving Configuration Settings Managing System Files Chapter 3: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page Configuration Options...
  • Page 6 Contents Displaying Switch Hardware/Software Versions Displaying Bridge Extension Capabilities Configuring Support for Jumbo Frames Setting the Switch’s IP Address Manual Configuration Using DHCP/BOOTP Managing Firmware Downloading System Software from a Server Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server...
  • Page 7 Configuring Port Settings for 802.1X Displaying 802.1X Statistics Filtering IP Addresses for Management Access Access Control Lists Configuring Access Control Lists Setting the ACL Name and Type Configuring a Standard IP ACL Configuring an Extended IP ACL Configuring a MAC ACL Configuring ACL Masks Specifying the Mask Type Configuring an IP ACL Mask...
  • Page 8 Contents Creating VLANs Adding Static Members to VLANs (VLAN Index) Adding Static Members to VLANs (Port Index) Configuring VLAN Behavior for Interfaces Configuring Private VLANs Enabling Private VLANs Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs Configuring Protocol Groups Mapping Protocols to VLANs Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces...
  • Page 9 Enabling the Server, Setting Excluded Addresses Configuring Address Pools Displaying Address Bindings Configuring Router Redundancy Virtual Router Redundancy Protocol Configuring VRRP Groups Displaying VRRP Global Statistics Displaying VRRP Group Statistics IP Routing Overview Initial Configuration IP Switching Routing Path Management Routing Protocols Basic IP Interface Configuration Configuring IP Routing Interfaces...
  • Page 10 Contents Displaying Link State Database Information Displaying Information on Border Routers Displaying Information on Neighbor Routers Multicast Routing Configuring Global Settings for Multicast Routing Displaying the Multicast Routing Table Configuring DVMRP Configuring Global DVMRP Settings Configuring DVMRP Interface Settings Displaying Neighbor Information Displaying the Routing Table Configuring PIM-DM Configuring Global PIM-DM Settings...
  • Page 11 System Management Commands Device Designation Commands prompt hostname switch renumber User Access Commands username enable password IP Filter Commands management show management Web Server Commands ip http port ip http server ip http secure-server...
  • Page 12 Contents Event Logging Commands logging on logging history logging host logging facility logging trap clear log show logging show log SMTP Alert Commands logging sendmail host logging sendmail level logging sendmail source-email logging sendmail destination-email logging sendmail show logging sendmail Time Commands sntp client sntp server...
  • Page 13 radius-server key radius-server retransmit radius-server timeout show radius-server TACACS+ Client tacacs-server host tacacs-server port tacacs-server key show tacacs-server Port Security Commands port security 802.1X Port Authentication dot1x system-auth-control dot1x default dot1x max-req dot1x port-control dot1x operation-mode dot1x re-authenticate dot1x re-authentication dot1x timeout quiet-period dot1x timeout re-authperiod dot1x timeout tx-period...
  • Page 14 Contents show access-group SNMP Commands snmp-server show snmp snmp-server community snmp-server contact snmp-server location snmp-server host snmp-server enable traps snmp-server engine-id show snmp engine-id snmp-server view show snmp view snmp-server group show snmp group snmp-server user show snmp user DHCP Commands DHCP Client ip dhcp client-identifier ip dhcp restart client...
  • Page 15 ip domain-name ip domain-list ip name-server ip domain-lookup show hosts show dns show dns cache clear dns cache Interface Commands interface description speed-duplex negotiation capabilities media-type shutdown switchport broadcast packet-rate clear counters show interfaces status show interfaces counters show interfaces switchport Mirror Port Commands port monitor show port monitor...
  • Page 16 Contents spanning-tree max-age spanning-tree priority spanning-tree pathcost method spanning-tree transmission-limit spanning-tree mst-configuration mst vlan mst priority name revision max-hops spanning-tree spanning-disabled spanning-tree cost spanning-tree port-priority spanning-tree edge-port spanning-tree portfast spanning-tree link-type spanning-tree mst cost spanning-tree mst port-priority spanning-tree protocol-migration show spanning-tree show spanning-tree mst configuration VLAN Commands Editing VLAN Groups...
  • Page 17 show bridge-ext switchport gvrp show gvrp configuration garp timer show garp timer Priority Commands Priority Commands (Layer 2) queue mode switchport priority default queue bandwidth queue cos-map show queue mode show queue bandwidth show queue cos-map Priority Commands (Layer 3 and 4) map ip port (Global Configuration) map ip port (Interface Configuration) map ip precedence (Global Configuration)
  • Page 18 Contents ip igmp snooping query-interval ip igmp snooping query-max-response-time ip igmp snooping router-port-expire-time Static Multicast Routing Commands ip igmp snooping vlan mrouter show ip igmp snooping mrouter IGMP Commands (Layer 3) ip igmp ip igmp robustval ip igmp query-interval ip igmp max-resp-interval ip igmp last-memb-query-interval ip igmp version show ip igmp interface...
  • Page 19 ip split-horizon ip rip authentication key ip rip authentication mode show rip globals show ip rip Open Shortest Path First (OSPF) router ospf router-id compatible rfc1583 default-information originate timers spf area range area default-cost summary-address redistribute network area area stub area nssa area virtual-link ip ospf authentication...
  • Page 20 Contents nbr-timeout report-interval flash-update-interval prune-lifetime default-gateway ip dvmrp ip dvmrp metric clear ip dvmrp route show router dvmrp show ip dvmrp route show ip dvmrp neighbor show ip dvmrp interface PIM-DM Multicast Routing Commands router pim ip pim dense-mode ip pim hello-interval ip pim hello-holdtime ip pim trigger-hello-interval ip pim join-prune-holdtime...
  • Page 21 Appendix A: Software Specifications Software Features Management Features Standards Management Information Bases Appendix B: Troubleshooting Problems Accessing the Management Interface Using System Logs Glossary Index Contents...
  • Page 22 Contents xxii...
  • Page 23 Tables Table 1-1 Key Features Table 1-2 System Defaults Table 3-1 Web Page Configuration Buttons Table 3-2 Switch Main Menu Table 3-3 Logging Levels Table 3-4 SNMPv3 Security Models and Levels Table 3-5 Supported Notification Messages Table 3-6 HTTPS System Support Table 3-7 802.1X Statistics...
  • Page 24 Tables Table 4-18 Logging Levels Table 4-19 show logging flash/ram - display description Table 4-20 show logging trap - display description Table 4-21 SMTP Alert Commands Table 4-22 Time Commands Table 4-23 System Status Commands Table 4-24 Frame Size Commands Table 4-25 Flash/File Commands Table 4-26...
  • Page 25 Table 4-63 Private VLAN Commands Table 4-64 Protocol-based VLAN Commands Table 4-65 GVRP and Bridge Extension Commands Table 4-66 Priority Commands Table 4-67 Priority Commands (Layer 2) Table 4-68 Default CoS Priority Levels Table 4-69 Priority Commands (Layer 3 and 4) Table 4-70 Mapping IP Precedence to CoS Values Table 4-71...
  • Page 26 Tables Table 4-108 show ip dvmrp neighbor - display description Table 4-109 PIM-DM Multicast Routing Commands Table 4-110 show ip pim neighbor - display description Table 4-111 Router Redundancy Commands Table 4-112 VRRP Commands Table 4-113 show vrrp - display description Table 4-114 show vrrp brief - display description Table B-1...
  • Page 27 Figures Figure 3-1 Home Page Figure 3-2 Front Panel Indicators Figure 3-3 System Information Figure 3-4 Switch Information Figure 3-5 Displaying Bridge Extension Configuration Figure 3-6 Configuring Support for Jumbo Frames Figure 3-7 IP Interface Configuration - Manual Figure 3-8...
  • Page 28 Figures Figure 3-42 802.1X Port Configuration Figure 3-43 802.1X Port Statistics Figure 3-44 IP Filter Figure 3-45 Selecting ACL Type Figure 3-46 ACL Configuration - Standard IP Figure 3-47 ACL Configuration - Extended IP Figure 3-48 ACL Configuration - MAC Figure 3-49 Selecting ACL Mask Types Figure 3-50...
  • Page 29 Figure 3-87 Traffic Classes Figure 3-88 Queue Mode Figure 3-89 Queue Scheduling Figure 3-90 IP Precedence/DSCP Priority Status Figure 3-91 IP Precedence Priority Figure 3-92 IP DSCP Priority Figure 3-93 IP Port Priority Status Figure 3-94 IP Port Priority Figure 3-95 Configuring Class Maps Figure 3-96 Configuring Policy Maps...
  • Page 30 Figures Figure 3-132 RIP Network Addresses Figure 3-133 RIP Interface Settings Figure 3-134 RIP Statistics Figure 3-135 OSPF General Configuration Figure 3-136 OSPF Area Configuration Figure 3-137 OSPF Range Configuration Figure 3-138 OSPF Interface Configuration Figure 3-139 OSPF Interface Configuration - Detailed Figure 3-140 OSPF Virtual Link Configuration Figure 3-141 OSPF Network Area Address Configuration Figure 3-142 OSPF Summary Address Configuration...

  • Page 31: Chapter 1: Introduction

    Chapter 1: Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.

  • Page 32: Description Of Software Features

    Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings. Authentication – This switch authenticates management access via the console port, Telnet or web browser.
  • Page 33 Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth. To avoid dropping frames on congested ports, the ES4625 and ES4649 provide 2 MB and 4 MB, respectively, for frame buffering. This buffer can queue packets...
  • Page 34 GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: •...
  • Page 35 When a host sends an ARP request for a remote network, the switch checks to see if it has the best route. If it does, it sends its own MAC address to the host. The host then sends traffic for the remote destination via the switch, which uses its own routing table to reach the destination on the other network.

  • Page 36: System Defaults

    VLAN. The switch uses IGMP Snooping and Query at Layer 2 and IGMP at Layer 3 to manage multicast group registration.
  • Page 37 Table 1-2 System Defaults (Continued) Function Parameter Authentication Privileged Exec Level Normal Exec Level Enable Privileged Exec from Normal Exec Level RADIUS Authentication TACACS Authentication 802.1X Port Authentication HTTPS Port Security IP Filtering Web Management HTTP Server HTTP Port Number HTTP Secure Server HTTP Secure Port Number SNMP...
  • Page 38 Introduction Table 1-2 System Defaults (Continued) Function Parameter Spanning Tree Status Algorithm Fast Forwarding (Edge Port) Address Table Aging Time Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Switchport Mode (Egress Mode) GVRP (global) GVRP (port interface) Traffic Prioritization Ingress Port Priority Weighted Round Robin IP Precedence Priority...
  • Page 39 Messages Logged to Flash SMTP Email Alerts Event Handler SNTP Clock Synchronization * There are interoperability problems between Flow Control and Head-of-Line (HOL) blocking for the switch ASIC; Flow Control is therefore not supported for this switch. System Defaults Default Snooping: Enabled...
  • Page 40 Introduction 1-10...

  • Page 41: Chapter 2: Initial Configuration

    The switch’s HTTP web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s web management interface can be accessed from any computer attached to the network.

  • Page 42: Required Connections

    • Configure Spanning Tree parameters • Configure Class of Service (CoS) priority queuing • Configure up to 6 static or LACP trunks per switch, up to 32 per stack • Enable port mirroring • Set broadcast storm control on any port •...

  • Page 43: Remote Connections

    1. This unit identification number appears on the Stack Unit ID LED on the front panel of the switch. It can also be selected on the front panel graphic of the web interface, or from the CLI.

  • Page 44: Selecting The Backup Unit

    Initial Configuration • If more than one stack Master is selected using the Master/Slave push button on the switch’s front panel, the system will select the unit with the lowest MAC address as the Master. • If the Master unit fails and another unit takes over control of the stack, the unit numbering will not change.

  • Page 45: Resilient Ip Interface For Management Access

    Maximum Stack Size – You can stack up to eight units as long as total number of switch ASIC chips is less than 32. Both the ES4625 and ES4649 use one ASIC chip for each 12 ports and one ASIC for the optional module. If no optional modules are installed, then you can stack up to eight ES4625 or ES4649 units in any combination.

  • Page 46: Basic Configuration

    If you see this message, you will have to reload the current firmware to switch as indicating in the previous section, and then reboot the switch.

  • Page 47: Setting Passwords

    Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment (if routing is not enabled on this switch). Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.

  • Page 48: Dynamic Configuration

    “netmask” is the network mask for the network. Press <Enter>. Type “exit” to return to the global configuration mode prompt. Press <Enter>. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway.

  • Page 49: Enabling Snmp Management Access

    When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

  • Page 50: Trap Receivers

    • private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects. To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings.

  • Page 51: Configuring Access For Snmp Version 3 Clients

    Console(config)# For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to “Simple Network Management Protocol” on page 3-37, or refer to the specific CLI commands for SNMP starting on page 4-107.

  • Page 52: Managing System Files

    The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.

  • Page 53: Chapter 3: Configuring The Switch

    (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Note: You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Chapter 4: “Command Line Interface.”...

  • Page 54: Navigating The Web Browser Interface

    Note: The examples in this chapter are based on the ES4649. Other than the number of fixed ports, there are no major differences between the ES4625 and ES4649. Figure 3-1 Home Page...

  • Page 55: Configuration Options

    Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control Port Configuration page as described on page 3-91.

  • Page 56: Main Menu

    Configuring the Switch Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu...
  • Page 57 Table 3-2 Switch Main Menu (Continued) Menu SNMPv3 Engine ID Remote Engine ID Users Remote Users Groups Views Security User Accounts Authentication Settings HTTPS Settings Settings Host-Key Settings Port Security 802.1X Information Configuration Port Configuration Statistics Configuration Mask Configuration Port Binding...
  • Page 58 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu LACP Configuration Aggregation Port Port Counters Information Port Internal Information Port Neighbors Information Displays settings and operational state for the remote side Port Broadcast Control Trunk Broadcast Control Mirror Port Configuration...
  • Page 59 Configures trunk settings for a specified MST instance Enables GVRP VLAN registration protocol Displays information on the VLAN type supported by this switch Shows the current port members of each VLAN and whether or not the port is tagged or untagged...
  • Page 60 Displays the ports that are attached to a neighboring multicast router for each VLAN ID Assigns ports that are attached to a neighboring multicast router Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID Indicates multicast addresses associated with the selected VLAN Enables DNS;...
  • Page 61 Shows all routing entries, including local, static and dynamic routes Globally enables multicast routing Shows each multicast route this switch has learned Configures VRRP groups, including virtual interface address, advertisement interval, preemption, priority, and authentication Displays global statistics for VRRP protocol packet errors...
  • Page 62 Configuring the Switch Table 3-2 Switch Main Menu (Continued) Menu Routing Protocol General Settings Network Addresses Interface Settings Statistics OSPF General Configuration Area Configuration Area Range Configuration Interface Configuration Virtual Link Configuration Network Area Address Configuration Summary Address Configuration Redistribute Configuration...
  • Page 63 Interface Information Neighbor Information Navigating the Web Browser Interface Description Enables or disables PIM-DM globally for the switch Enables or disables PIM-DM per interface, configures protocol settings for hello, prune and graft messages Displays summary information for each interface Displays neighboring PIM-DM routers...

  • Page 64: Basic Configuration

    Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system.

  • Page 65: Displaying Switch Hardware/Software Versions

    Fan Speed Test ... PASS Done All Pass. Console# Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. Field Attributes Main Board •...

  • Page 66: Figure 3-4 Switch Information

    Configuring the Switch • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master or Slave. These additional parameters are displayed for the CLI. • Unit ID – Unit number in stack.

  • Page 67: Displaying Bridge Extension Capabilities

    GMRP (GARP Multicast Registration Protocol). • Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 3-150.) • Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses.

  • Page 68: Configuring Support For Jumbo Frames

    Console# Configuring Support for Jumbo Frames The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.

  • Page 69: Setting The Switch's Ip Address

    Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for an IP address. (DHCP/BOOTP values can include the IP address, subnet mask, and default gateway.) •...

  • Page 70: Manual Configuration

    Configuring the Switch Manual Configuration Web – Click IP, General, Routing Interface. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” and specify a “Primary” interface. Enter the IP address, subnet mask and gateway, then click Apply.

  • Page 71: Using Dhcp/Bootp

    Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the stack to be dynamically configured by these services. Web – Click IP, General, Routing Interface. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes.

  • Page 72: Managing Firmware

    You can upload/download firmware to or from a TFTP server, or copy files to and from switch units in a stack. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.

  • Page 73: Downloading System Software From A Server

    IP address of the TFTP server, set the file type to “opcode,” enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Apply. If you replaced the current firmware used for startup and want to start using the new operation code, reboot the system via the System/Reset menu.

  • Page 74: Figure 3-12 Deleting Files

    TFTP server, select “config” as the file type, then enter the source and destination file names. When the file has finished downloading, set the new file to start up the system, and then restart the switch. To start the new firmware, enter the “reload” command or reboot the system.

  • Page 75: Saving Or Restoring Configuration Settings

    • File Transfer Method – The configuration copy operation includes these options: - file to file – Copies a file within the switch directory, assigning it a new name. - file to running-config – Copies a file in the switch to the running configuration.

  • Page 76: Downloading Configuration Settings From A Server

    “tftp to file,” and enter the IP address of the TFTP server. Specify the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Apply.

  • Page 77: Console Port Settings

    CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.

  • Page 78: Figure 3-15 Configuring The Console Port

    Configuring the Switch • Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive (from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud, Auto;...

  • Page 79: Telnet Settings

    • Telnet Status – Enables or disables Telnet access to the switch. (Default: Enabled) • Telnet Port Number – Sets the TCP port number for Telnet on the switch. (Default: 23) • Login Timeout – Sets the interval that the system waits for a user to log into the CLI.

  • Page 80: Figure 3-16 Configuring The Telnet Interface

    Configuring the Switch • Password – Specifies a password for the line connection. When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. (Default: No password) •...

  • Page 81: Configuring Event Logging

    Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.

  • Page 82: Remote Log Configuration

    The attribute specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to process messages, such as sorting or storing messages in the corresponding database.

  • Page 83: Figure 3-18 Remote Logs

    Web – Click System, Logs, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP List, and then click Remove. CLI –...

  • Page 84: Displaying Log Messages

    Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.

  • Page 85: Figure 3-20 Enabling And Configuring Smtp Alerts

    • SMTP Server List – Specifies a list of up to three recipient SMTP servers. The switch attempts to connect to the other listed servers if the first fails. Use the New SMTP Server text field and the Add/Remove buttons to configure the list.

  • Page 86: Renumbering The Stack

    CLI – Enter the IP address of at least one SMTP server, set the syslog severity level to trigger an email message, and specify the switch (source) and up to five recipient (destination) email addresses. Enable SMTP with the logging sendmail command to complete the configuration.

  • Page 87: Resetting The System

    You can also manually set the clock using the CLI. (See “calendar set” on page 4-56.) If the clock is not set, the switch will only record the time from the factory default set at the last bootup.

  • Page 88: Setting The Time Zone

    Configuring the Switch Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply. CLI – This example configures the switch to operate as an SNTP client and then displays the current time and settings. Console(config)#sntp client Console(config)#sntp poll 16 Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2...

  • Page 89: Simple Network Management Protocol

    MIB specifications and the protocol used to access this information over the network. The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports.

  • Page 90: Table 3-4 Snmpv3 Security Models And Levels

    MIB objects for reading and writing, which are known as “views.” The switch has a default view (all MIB objects) and default groups defined for security models v1 and v2c. The following table shows the security models and levels available and the system default settings.

  • Page 91: Enabling The Snmp Agent

    Command Attributes • SNMP Community Capability – The switch supports up to five community strings. • Current – Displays a list of the community strings currently configured. • Community String – A community string that acts like a password and permits access to the SNMP protocol.

  • Page 92: Specifying Trap Managers And Trap Types

    • Notifications are issued by the switch as trap messages by default. The recipient of a trap message does not send a response to the switch. Traps are therefore not as reliable as inform messages, which include a request for acknowledgement of receipt.
  • Page 93 6. Then configure a remote user (page 3-46). Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Current – Displays a list of the trap managers currently configured. • Trap Manager IP Address – IP address of a new management station to receive notification messages.

  • Page 94: Configuring Snmpv3 Management Access

    1. If you want to change the default engine ID, do so before configuring other SNMP parameters. 2. Specify read and write access views for the switch MIB tree. 3. Configure SNMP user groups with the required security model (i.e., SNMP v1, v2c or v3) and security level (i.e., authentication and privacy).

  • Page 95: Setting A Local Engine Id

    SNMPv3 packets. A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engineID is deleted or changed, all SNMP users will be cleared.

  • Page 96: Configuring Snmpv3 Users

    Configuring the Switch The engine ID can be specified by entering 1 to 26 hexadecimal characters. If less than 26 characters are specified, trailing zeroes are added to the value. For example, the value “1234” is equivalent to “1234” followed by 22 zeroes.

  • Page 97: Figure 3-30 Configuring Snmpv3 Users

    Simple Network Management Protocol • Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available. • Privacy Password – A minimum of eight plain text characters is required. • Actions – Enables the user to be assigned to another SNMPv3 group. Web –...

  • Page 98: Configuring Remote Snmpv3 Users

    Configuring the Switch CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user chris group r&d v3 auth md5 greenpeace priv des56 einstien Console(config)#exit Console#show snmp user EngineId: 80000034030001f488f5200000...

  • Page 99: Figure 3-31 Configuring Remote Snmpv3 Users

    Simple Network Management Protocol • Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available. • Privacy Password – A minimum of eight plain text characters is required. Web – Click SNMP, SNMPv3, Remote Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list.

  • Page 100: Configuring Snmpv3 Groups

    Configuring the Switch CLI – Use the snmp-server user command to configure a new user name and assign it to a group. Console(config)#snmp-server user mark group r&d remote 192.168.1.19 v3 auth md5 greenpeace priv des56 einstien Console(config)#exit Console#show snmp user No user exist.

  • Page 101: Table 3-5 Supported Notification Messages

    Table 3-5 Supported Notification Messages Object Label Object ID RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 topologyChange 1.3.6.1.2.1.17.0.2 SNMPv2 Traps coldStart 1.3.6.1.6.3.1.1.5.1 warmStart 1.3.6.1.6.3.1.1.5.2 1.3.6.1.6.3.1.1.5.3 linkDown 1.3.6.1.6.3.1.1.5.4 linkUp 1.3.6.1.6.3.1.1.5.5 authenticationFailure RMON Events (V2) risingAlarm 1.3.6.1.2.1.16.0.1 fallingAlarm 1.3.6.1.2.1.16.0.2 Simple Network Management Protocol Description The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree;...
  • Page 102 Configuring the Switch Table 3-5 Supported Notification Messages (Continued) Object Label Object ID Private Traps swPowerStatus 1.3.6.1.4.1.259.6.10.64.2.1.0.1 ChangeTrap swFanFailureTrap 1.3.6.1.4.1.259.6.10.64.2.1.0.17 This trap is sent when the fan fails. swFanRecoverTrap 1.3.6.1.4.1.259.6.10.64.2.1.0.18 This trap is sent when the fan failure has swIpFilterRejectTrap 1.3.6.1.4.1.259.6.10.64.2.1.0.40 This trap is sent when an incorrect IP address is...

  • Page 103: Figure 3-32 Configuring Snmpv3 Groups

    Web – Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a security model and level, and then select read, write, and notify views. Click Add to save the new group and return to the Groups list.

  • Page 104: Setting Snmpv3 Views

    Web – Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view. Click Back to save the new view and return to the SNMPv3 Views list.

  • Page 105: User Authentication

    Row Status: active Console# User Authentication You can restrict management access to this switch and provide secure network access using the following options: • User Accounts – Manually configure management access rights for users. • Authentication Settings – Use remote authentication to configure access rights.

  • Page 106: Figure 3-34 User Accounts

    Configuring the Switch Command Attributes • Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin, and guest) • New Account – Displays configuration settings for a new account. - User Name – The name of the user.

  • Page 107: Configuring Local/Remote Logon Authentication

    Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.
  • Page 108 - Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2) - Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5) •...

  • Page 109: Figure 3-35 Authentication Server Settings

    Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. Figure 3-35 Authentication Server Settings CLI –...

  • Page 110: Configuring Https

    Command Usage • Both the HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure both services to use the same UDP port. • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] •...

  • Page 111: Replacing The Default Secure-Site Certificate

    Source private file name: <private key file name> Private password: <password for private key> Note: The switch must be reset for the new certificate to be activated. To reset the switch, type “reload” at the command prompt: Figure 3-36 HTTPS Settings...

  • Page 112: Configuring The Secure Shell

    Configuring the Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.

  • Page 113: Generating The Host Key Pair

    6. Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access it.

  • Page 114: Field Attributes

    (Range: RSA (Version 1), DSA (Version 2), Both: Default: Both) The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.

  • Page 115: Configuring The Ssh Server

    The SSH server includes basic settings for authentication. Field Attributes • SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled) • Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.

  • Page 116: Figure 3-38 Ssh Server Settings

    Configuring the Switch Web – Click Security, SSH, Settings. Enable SSH and adjust the authentication parameters as required, then click Apply. Note that you must first generate the host key pair on the SSH Host-Key Settings page before you can enable the SSH server.

  • Page 117: Configuring Port Security

    Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.

  • Page 118: Figure 3-39 Port Security

    Configuring the Switch Web – Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in the Status column to enable security for a port, set the maximum number of MAC addresses allowed on a port, and click Apply.

  • Page 119: Configuring 802.1X Port Authentication

    (i.e., Authenticator) responds with an EAPOL identity request. The client provides its identity (such as a user name) in an EAPOL response to the switch, which it forwards to the RADIUS server. The RADIUS server verifies the client identity and sends an access challenge back to the client.

  • Page 120: Displaying 802.1X Global Settings

    Configuring the Switch • The RADIUS server and client also have to support the same EAP authentication type – MD5. (Some clients have native support in Windows, otherwise the dot1x client must support it.) Displaying 802.1X Global Settings The 802.1X protocol provides port authentication.

  • Page 121: Configuring 802.1X Global Settings

    Command Attributes 802.1X System Authentication Control – Sets the global setting for 802.1X. (Default: Disabled) Web – Select Security, 802.1X, Configuration. Enable 802.1X globally for the switch, and click Apply. Figure 3-41 802.1X Global Configuration CLI – This example enables 802.1X globally for the switch.

  • Page 122: Figure 3-42 802.1X Port Configuration

    EAP request packet to the client before it times out the authentication session. (Range: 1-10; Default 2) • Quiet Period – Sets the time that a switch port waits after the Max Request count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds;...
  • Page 123 CLI – This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example, see “show dot1x” on page 4-85. Console(config)#interface ethernet 1/2 Console(config-if)#dot1x port-control auto Console(config-if)#dot1x re-authentication Console(config-if)#dot1x max-req 5 Console(config-if)#dot1x timeout quiet-period 40 Console(config-if)#dot1x timeout re-authperiod 5 Console(config-if)#dot1x timeout tx-period 40 Console(config-if)#end...

  • Page 124: Displaying 802.1X Statistics

    Configuring the Switch Displaying 802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Parameter Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator. Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator.

  • Page 125: Figure 3-43 802.1X Port Statistics

    Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. CLI – This example displays the dot1x statistics for port 4. Console#show dot1x statistics interface ethernet 1/4 Eth 1/4 Rx: EAPOL EAPOL Start Logoff...

  • Page 126: Filtering Ip Addresses For Management Access

    • If anyone tries to access a management interface on the switch from an invalid address, the switch will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.

  • Page 127: Figure 3-44 Ip Filter

    Web – Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add IP Filtering Entry. CLI – This example restricts management access for Telnet clients. Console(config)#management telnet-client 192.168.1.19 Console(config)#management telnet-client 192.168.1.25 192.168.1.30 Console(config)#exit Console#show management all-client...

  • Page 128: Access Control Lists

    Otherwise, the bind operation will fail. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in an ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.

  • Page 129: Setting The Acl Name And Type

    Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL. Command Attributes • Name – Name of the ACL. (Maximum length: 16 characters) • Type – There are three filtering modes: - Standard: IP ACL mode that filters packets based on the source IP address.

  • Page 130: Configuring An Extended Ip Acl

    Configuring the Switch and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
  • Page 131 • Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others; Default: TCP) • Source/Destination Port – Source/destination port number for the specified protocol type. (Range: 0-65535) •...

  • Page 132: Figure 3-47 Acl Configuration - Extended Ip

    Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.

  • Page 133: Configuring A Mac Acl

    Configuring a MAC ACL Command Attributes • Action – An ACL can contain any combination of permit or deny rules. • Source/Destination Address Type – Use “Any” to include all possible addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an address range with the Address and Bitmask fields.

  • Page 134: Figure 3-48 Acl Configuration - Mac

    Configuring the Switch Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexidecimal bitmask for an address range.

  • Page 135: Configuring Acl Masks

    You must specify masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL.

  • Page 136: Configuring An Ip Acl Mask

    Configuring the Switch Configuring an IP ACL Mask This mask defines the fields to check in the IP header. Command Usage • Masks that include an entry for a Layer 4 protocol source port or destination port can only be applied to packets with a header length of exactly five bytes.

  • Page 137: Figure 3-50 Acl Mask Configuration - Ip

    Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address, a specific host address, or an address range. Include other criteria to search for in the rules, such as a protocol type or one of the service types.

  • Page 138: Configuring A Mac Acl Mask

    Configuring the Switch Configuring a MAC ACL Mask This mask defines the fields to check in the packet header. Command Usage You must configure a mask for an ACL rule before you can bind it to a port. Command Attributes •...

  • Page 139: Binding A Port To An Access Control List

    Otherwise, the bind operation will fail. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in an ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.

  • Page 140: Port Configuration

    – Indicates the type of flow control currently in use. (IEEE 802.3x, Back-Pressure or None) 5. There are interoperability problems between Flow Control and Head-of-Line (HOL) blocking for the switch ASIC; Flow Control is therefore not supported for this switch. 3-88 Figure 3-52 ACL Port Binding...

  • Page 141: Figure 3-53 Port - Port Information

    • Port type – Indicates the port type. (1000BASE-T, SFP, or 10G) • MAC address – The physical layer address for this port. (To access this item on the web, see “Setting the Switch’s IP Address” on page 3-17.) Configuration: •...

  • Page 142: Current Status

    (shutdown, trap, trap-and-shutdown) • Media type – Shows the forced/preferred port type to use for combination ports 21-24 (ES4625) or 45-48 (ES4649). (copper forced, SFP forced, SFP preferred auto) Current status: • Link status – Indicates if the link is up or down.

  • Page 143: Configuring Interface Connections

    10G Modules: 10GBASE-LR – 10Gfull) • Media Type – Shows the forced/preferred port type to use for the combination ports. (ES4625: Ports 21-24; ES4649: Ports 45-48) - Copper-Forced - Always uses the built-in RJ-45 port. - SFP-Forced - Always uses the SFP port (even if module is not installed).

  • Page 144: Figure 3-54 Port - Port Configuration

    Configuring the Switch Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 Console(config-if)#shutdown Console(config-if)#no shutdown...

  • Page 145: Creating Trunk Groups

    • You can create up to 32 trunks on a switch or stack, with up to eight Gigabit ports per trunk or up to four 10Gbps ports per trunk. Note that because the stack functions conceptually as a single system, you can include ports from different units in the same trunk.

  • Page 146: Statically Configuring A Trunk

    Web – Click Port, Trunk Membership. Enter a trunk ID of 1-32 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply.

  • Page 147: Enabling Lacp On Selected Ports

    ID. • If more than eight ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. • All ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation.

  • Page 148: Figure 3-56 Lacp Trunk Configuration

    - Unit – Stack unit. (Range: 1-8) - Port – Port identifier. (Range: 1-25/49) Web – Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply.

  • Page 149: Configuring Lacp Parameters

    - Ports must be configured with the same system priority to join the same LAG. - System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.

  • Page 150: Figure 3-57 Lacp - Aggregation Port

    Configuring the Switch Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply.
  • Page 151 CLI – The following example configures LACP parameters for ports 1-10. Ports 1-8 are used as active members of the LAG, ports 9 and 10 are set to backup mode. Console(config)#interface ethernet 1/1 Console(config-if)#lacp actor system-priority 3 Console(config-if)#lacp actor admin-key 120 Console(config-if)#lacp actor port-priority 128 Console(config-if)#exit Console(config)#interface ethernet 1/10...

  • Page 152: Displaying Lacp Port Counters

    Configuring the Switch Displaying LACP Port Counters You can display statistics for LACP protocol messages. Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group. LACPDUs Received Number of valid LACPDUs received by this channel group. Marker Sent Number of valid Marker PDUs transmitted from this channel group.

  • Page 153: Displaying Lacp Settings And Status For The Local Side

    Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation. Table 3-9 LACP Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Current administrative value of the key for the aggregation port.

  • Page 154: Figure 3-59 Lacp - Port Internal Information

    Configuring the Switch Web – Click Port, LACP, Port Internal Information. Select a port channel to display the corresponding information. Figure 3-59 LACP - Port Internal Information CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1.

  • Page 155: Displaying Lacp Settings And Status For The Remote Side

    Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Table 3-10 LACP Neighbor Configuration Information Field Description Partner Admin System ID LAG partner’s system ID assigned by the user. Partner Oper System ID LAG partner’s system ID assigned by the LACP protocol.

  • Page 156: Setting Broadcast Storm Thresholds

    Configuring the Switch CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Console#show lacp 1 neighbors Port channel 1 neighbors ------------------------------------------------------------------------- Eth 1/2 ------------------------------------------------------------------------- Partner Admin System ID:...

  • Page 157: Figure 3-61 Port Broadcast Control

    Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Check the Enabled box for any interface, set the threshold, and click Apply. CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2.

  • Page 158: Configuring Port Mirroring

    Configuring the Switch Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.

  • Page 159: Configuring Rate Limits

    Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.

  • Page 160: Showing Port Statistics

    This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of different frame types and sizes passing through each port.
  • Page 161 Table 3-11 Port Statistics (Continued) Parameter Transmit Discarded Packets Transmit Errors Etherlike Statistics Alignment Errors Late Collisions FCS Errors Excessive Collisions Single Collision Frames Internal MAC Transmit Errors Multiple Collision Frames Carrier Sense Errors SQE Test Errors Frames Too Long Deferred Transmissions Internal MAC Receive Errors RMON Statistics...
  • Page 162 Configuring the Switch Parameter Received Frames Broadcast Frames Multicast Frames CRC/Alignment Errors Undersize Frames Oversize Frames Fragments 64 Bytes Frames 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames 3-110 Table 3-11 Port Statistics (Continued) Description The total number of frames (bad, broadcast and multicast) received.

  • Page 163: Figure 3-64 Port Statistics

    Port Configuration Web – Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 3-64 Port Statistics 3-111...

  • Page 164: Setting Static Addresses

    Setting Static Addresses A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.

  • Page 165: Displaying The Address Table

    Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port.

  • Page 166: Figure 3-66 Dynamic Addresses

    Configuring the Switch Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query. CLI – This example also displays the address table entries for port 1.

  • Page 167: Changing The Aging Time

    This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.

  • Page 168: Displaying Global Settings

    STA Information screen. Field Attributes • Spanning Tree State – Shows if the switch is enabled to participate in an STA-compliant network. • Bridge ID – A unique identifier for this bridge, consisting of the bridge priority, the...
  • Page 169 Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.

  • Page 170: Figure 3-68 Sta Information

    Configuring the Switch • Root Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.

  • Page 171: Configuring Global Settings

    RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
  • Page 172 • Spanning Tree State – Enables/disables STA on this switch. (Default: Enabled) • Spanning Tree Type – Specifies the type of spanning tree used on this switch: - STP: Spanning Tree Protocol (IEEE 802.1D); i.e., when this option is selected, the switch will use RSTP set to STP forced compatibility mode).
  • Page 173 Configuration Settings for MSTP • Max Instance Numbers – The maximum number of MSTP instances to which this switch can be assigned. (Default: 65) • Configuration Digest – An MD5 signature key that contains the VLAN ID to MST ID mapping table. In other words, this key is a mapping of all VLANs to the CIST.

  • Page 174: Figure 3-69 Sta Global Configuration

    Configuring the Switch Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. Figure 3-69 STA Global Configuration 3-122...

  • Page 175: Displaying Interface Settings

    - A port on a network segment with no other STA compliant bridging device is always forwarding. - If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
  • Page 176 Configuring the Switch • Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root which include this port. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.

  • Page 177: Figure 3-70 Sta Port Information

    • Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Algorithm is detecting network loops.

  • Page 178: Configuring Interface Settings

    Configuring the Switch CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 1/ 5 information -------------------------------------------------------------- Admin status: Role: State: External admin path cost: 10000 Internal admin cost: External oper path cost: Internal oper path cost:...
  • Page 179 • Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.

  • Page 180: Configuring Multiple Spanning Trees

    Configuring the Switch • Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the Protocol Migration button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the selected interfaces.
  • Page 181 To use multiple spanning trees: 1. Set the spanning tree type to MSTP (STA Configuration, page 3-119). 2. Enter the spanning tree priority for the selected MST instance (MSTP VLAN Configuration). 3. Add the VLANs that will share this MSTI (MSTP VLAN Configuration). Note: All VLANs are automatically added to the IST (Instance 0).

  • Page 182: Figure 3-72 Mstp Vlan Configuration

    Configuring the Switch Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priority, and click Apply. To add the VLAN members to an MSTI instance, enter the instance identifier, the VLAN identifier, and click Add.
  • Page 183 --------------------------------------------------------------- 1/ 7 information --------------------------------------------------------------- Admin status: Role: State: External admin path cost: 10000 Internal admin path cost: 10000 External oper path cost: Internal oper path cost: Priority: Designated cost: Designated port: Designated root: Designated bridge: Fast forwarding: Forward transitions: Admin edge port: Oper edge port: Admin Link type:...

  • Page 184: Displaying Interface Settings For Mstp

    Configuring the Switch Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance. Field Attributes MST Instance ID – Instance identifier to configure. (Range: 0-4094; Default: 0) The other attributes are described under “Displaying Interface Settings,”...

  • Page 185: Configuring Interface Settings For Mstp

    • Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.

  • Page 186: Figure 3-74 Mstp Port Configuration

    Configuring the Switch • Admin MST Path Cost – This parameter is used by the MSTP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.

  • Page 187: Vlan Configuration

    • Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs.
  • Page 188 VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port). But if the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.

  • Page 189: Forwarding Tagged/Untagged Frames

    VLAN-aware devices (including the destination host), the switch must first strip off the VLAN tag before forwarding the frame. When the switch receives a tagged frame, it will pass this frame onto the VLAN(s) indicated by the frame tag.

  • Page 190: Enabling Or Disabling Gvrp (Global Setting)

    VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. (Default: Disabled) Web – Click VLAN, 802.1Q VLAN, GVRP Status. Enable or disable GVRP, click Apply CLI –...

  • Page 191: Displaying Current Vlans

    • VLAN ID – ID of configured VLAN (1-4093). • Up Time at Creation – Time this VLAN was created (i.e., System Up Time). • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP.

  • Page 192: Creating Vlans

    Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes •...

  • Page 193: Adding Static Members To Vlans (Vlan Index)

    Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol.

  • Page 194: Figure 3-79 Vlan Static Table - Adding Static Members

    Configuring the Switch Command Attributes • VLAN – ID of configured VLAN (1-4093). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e., does not pass packets.

  • Page 195: Adding Static Members To Vlans (Port Index)

    CLI – The following example adds tagged and untagged ports to VLAN 2. Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 2 tagged Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#switchport allowed vlan add 2 untagged Console(config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#switchport allowed vlan add 2 tagged Console(config-if)# Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the...

  • Page 196: Configuring Vlan Behavior For Interfaces

    STP. However, they do affect VLAN dependent BPDU frames, such as GMRP. • GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect. (See “Displaying Bridge Extension Capabilities” on page 3-15.) When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.

  • Page 197: Figure 3-81 Vlan Port Configuration

    Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-3000 centiseconds; Default: 60) • GARP LeaveAll Timer message for VLAN group participants and the port leaving the group. This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group.

  • Page 198: Configuring Private Vlans

    VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) Enabling Private VLANs Use the Private VLAN Status page to enable/disable the Private VLAN function.

  • Page 199: Configuring Uplink And Downlink Ports

    Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports.

  • Page 200: Configuring Protocol Groups

    CLI – The following creates protocol group 1, and then specifies Ethernet frames with IP and ARP protocol types. Console(config)#protocol-vlan protocol-group 1 add frame-type ethernet protocol-type ip Console(config)#protocol-vlan protocol-group 1 add frame-type ethernet protocol-type arp Console(config)# 17. SNAP frame types are not supported by this switch due to hardware limitations. 3-148 4-199...

  • Page 201: Mapping Protocols To Vlans

    Mapping Protocols to VLANs Map a protocol group to a VLAN for each interface that will participate in the group. Command Usage • When creating a protocol-based VLAN, only assign interfaces using this configuration screen. If you assign interfaces using any of the other VLAN menus such as the VLAN Static Table (page 3-141) or VLAN Static Membership by Port menu (page 3-143), these interfaces will admit traffic of any protocol type into the associated VLAN.

  • Page 202: Class Of Service Configuration

    Layer 2 Queue Settings Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port.

  • Page 203: Figure 3-86 Default Port Priority

    Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 Console(config-if)#end Console#show interfaces switchport ethernet 1/5 Information of Eth 1/5...

  • Page 204: Mapping Cos Values To Egress Queues

    The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network.

  • Page 205: Figure 3-87 Traffic Classes

    Priority Queue: 0 1 2 3 4 5 6 7 Mapping specific values for CoS priorities is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch. Class of Service Configuration Figure 3-87 Traffic Classes...

  • Page 206: Selecting The Queue Mode

    Configuring the Switch Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.

  • Page 207: Priority Queues

    Web – Click Priority, Queue Scheduling. Select the interface, highlight a traffic class (i.e., output queue), enter a weight, then click Apply. CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 1 3 5 7 9 11 13 15 Console(config)#exit Console#show queue bandwidth Information of Eth 1/1...

  • Page 208: Layer 3/4 Priority Settings

    Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values This switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet or the number of the TCP port.

  • Page 209: Mapping Ip Precedence

    Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).

  • Page 210: Table 3-15 Mapping Dscp Priority

    Configuring the Switch CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings. Console(config)#map ip precedence Console(config)#interface ethernet 1/1...

  • Page 211: Figure 3-92 Ip Dscp Priority

    Class of Service Value field, then click Apply. CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings.

  • Page 212: Mapping Ip Port Priority

    Configuring the Switch Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110.

  • Page 213: Quality Of Service

    CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS value 0, and then displays the IP Port Priority settings. Console(config)#map ip port Console(config)#interface ethernet 1/1 Console(config-if)#map ip port 80 cos 0...

  • Page 214: Configuring Quality Of Service Parameters

    Configuring the Switch Configuring Quality of Service Parameters To create a service policy for a specific category or ingress traffic, follow these steps: 1. Use the “Class Map” to designate a class name for a specific category of traffic. 2. Edit the rules for each class to specify a type of traffic based on an access list, a DSCP or IP Precedence value, or a VLAN.
  • Page 215 Command Attributes Class Map • Modify Name and Description – Configures the name and a brief description of a class map. (Range: 1-32 characters for the name; 1-256 characters for the description) • Edit Rules – Opens the “Match Class Settings” page for the selected class entry. Modify the criteria used to classify ingress traffic on this page.

  • Page 216: Figure 3-95 Configuring Class Maps

    Configuring the Switch Web – Click QoS, DiffServ, then click Add Class to create a new class, or Edit Rules to change the rules of an existing class. CLI - This example creates a class map call “rd-class,” and sets it to match packets marked for DSCP service value 3.

  • Page 217: Creating Qos Policies

    Creating QoS Policies This function creates a policy map that can be attached to multiple interfaces. Command Usage • To configure a Policy Map, follow these steps: - Create a Class Map as described on page 3-162. - Open the Policy Map page, and click Add Policy. - When the Policy Configuration page opens, fill in the “Policy Name”...
  • Page 218 Configuring the Switch Policy Rule Settings - Class Settings - • Class Name – Name of class map. • Action – Shows the service provided to ingress traffic by setting a CoS, DSCP, or IP Precedence value in a matching packet (as specified in Match Class Settings on page 3-162).

  • Page 219: Figure 3-96 Configuring Policy Maps

    Quality of Service Web – Click QoS, DiffServ, Policy Map to display the list of existing policy maps. To add a new policy map click Add Policy. To configure the policy rule settings click Edit Classes. Figure 3-96 Configuring Policy Maps 3-167...

  • Page 220: Attaching A Policy Map To Ingress Queues

    Configuring the Switch CLI – This example creates a policy map called “rd-policy,” sets the average bandwidth the 1 Mbps, the burst rate to 1522 bps, and the response to reduce the DSCP value for violating packets to 0. Console(config)#policy-map rd_policy#3...

  • Page 221: Multicast Filtering

    A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these devices is elected “querier”...

  • Page 222: Layer 2 Igmp (Snooping And Query)

    Note that IGMP neither alters nor routes IP multicast packets. A multicast routing protocol must be used to deliver IP multicast packets across different subnetworks. Therefore, when DVMRP or PIM routing is enabled for a subnet on this switch, you also need to enable IGMP.

  • Page 223: Configuring Igmp Snooping And Query Parameters

    (Default: Disabled) • IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Range: 2-10, Default: 2) • IGMP Query Interval — Sets the frequency at which the switch sends IGMP host-query messages.

  • Page 224: Current Status

    Configuring the Switch Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) CLI – This example modifies the settings for multicast filtering, and then displays the current status.

  • Page 225: Displaying Interfaces Attached To A Multicast Router

    Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.

  • Page 226: Specifying Static Interfaces For A Multicast Router

    IGMP querier. Therefore, if the IGMP querier is a known multicast router/ switch connected over the network to an interface (port or trunk) on your switch, you can manually configure the interface (and a specified VLAN) to join all the current multicast groups supported by the attached router.

  • Page 227: Displaying Port Members Of Multicast Services

    VLAN to propagate a specific multicast service. Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service.

  • Page 228: Assigning Ports To Multicast Services

    Parameters” on page 3-171. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.

  • Page 229: Layer 3 Igmp (Query Used With Multicast Routing)

    (Note that IGMP Snooping can only be globally enabled.) IGMP Query – Multicast query is used to poll each known multicast group for active members, and dynamically configure the switch ports which need to forward multicast traffic. Although the implementation differs slightly, IGMP Query is used in conjunction with both Layer 2 IGMP Snooping and multicast routing.
  • Page 230 IGMP version 1 or 2. - The switch must be set to version 2 to enable the Max Query Response Time. • Querier – Device currently serving as the IGMP querier for this multicast service.

  • Page 231: Figure 3-103 Igmp Interface Settings

    Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parameters for each interface, then click Apply. CLI – This example configures the IGMP parameters for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip igmp Console(config-if)#ip igmp last-memb-query-interval 10 Console(config-if)#ip igmp max-resp-interval 20...

  • Page 232: Displaying Multicast Group Information

    • Expire – The time remaining before this entry will be aged out. (Default: 260 seconds) • V1 Timer – The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface.

  • Page 233: Configuring Domain Name Service

    • If there is no domain list, the default domain name is used. If there is a domain list, the default domain name is not used. • When an incomplete host name is received by the DNS service on this switch and a domain name list has been specified, the switch will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.

  • Page 234: Figure 3-105 Dns General Configuration

    Configuring the Switch Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name servers to use to use for address resolution, enable domain lookup status, and click Apply. Figure 3-105 DNS General Configuration CLI - This example sets a default domain name and a domain list.

  • Page 235: Configuring Static Dns Host To Address Entries

    Configuring Static DNS Host to Address Entries You can manually configure static entries in the DNS table that are used to map domain names to IP addresses. Command Usage • Static entries may be used for local devices connected directly to the attached network, or for commonly used resources located elsewhere on the network.

  • Page 236: Figure 3-106 Dns Static Host Table

    Configuring the Switch Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses.

  • Page 237: Displaying The Dns Cache

    Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore unreliable. •...

  • Page 238: Dynamic Host Configuration Protocol

    DHCP server on another subnet, or configure the DHCP server on this switch to support that subnet. When configuring the DHCP server on this switch, you can configure an address pool for each unique IP interface, or manually assign a static IP address to clients based on their hardware address or client identifier.

  • Page 239: Figure 3-108 Dhcp Relay Configuration

    • VLAN ID – ID of configured VLAN. • VLAN Name – Name of the VLAN. • Server IP Address – Addresses of DHCP servers to be used by the switch’s DHCP relay agent in order of preference. • Restart DHCP Relay – Use this button to enable or re-initialize DHCP relay service.

  • Page 240: Configuring The Dhcp Server

    Addresses can be assigned to clients from a common address pool configured for a specific IP interface on this switch, or fixed addresses can be assigned to hosts based on the client identifier code or MAC address.

  • Page 241: Figure 3-109 Dhcp Server General Configuration

    Web – Click DHCP, Server, General. Enter a single address or an address range, and click Add. Figure 3-109 DHCP Server General Configuration CLI – This example enables the DHCP and sets an excluded address range. Console(config)#service dhcp Console(config)#ip dhcp excluded-address 10.1.0.250 10.1.0.254 Console# Dynamic Host Configuration Protocol 4-125...

  • Page 242: Configuring Address Pools

    8 network address pools, and up to 32 manually bound host address pools (i.e., one address per host pool). • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server).

  • Page 243: Figure 3-110 Dhcp Server Pool Configuration

    DHCP client to map host names to IP addresses. • Netbios Server – IP address of the primary and alternate NetBIOS Windows Internet Naming Service (WINS) name server used for Microsoft DHCP clients. • Netbios Type – NetBIOS node type for Microsoft DHCP clients.

  • Page 244: Figure 3-111 Dhcp Server Pool - Network Configuration

    Configuring the Switch Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as gateway server and DNS server.

  • Page 245: Figure 3-112 Dhcp Server Pool - Host Configuration

    Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server.

  • Page 246: Displaying Address Bindings

    • Delete – Clears this binding to the host. This command is normally used after modifying the address pool, or after moving DHCP service to another device. • Entry Count – Number of hosts that have been given addresses by the switch. Note: More than one DHCP server may respond to a service request by a host.

  • Page 247: Configuring Router Redundancy

    This switch supports the Virtual Router Redundancy Protocol (VRRP). This protocol requires you to specify the interface of one of the routers participating in the virtual group as the address for the master virtual router.

  • Page 248: Virtual Router Redundancy Protocol

    Configuring the Switch • Several virtual master routers configured for mutual backup and load sharing. Load sharing can be accomplished by assigning a subset of addresses to different host address pools using the DHCP server. (See “Configuring Address Pools” on page 3-190.)
  • Page 249 • VRRP creates a virtual MAC address for the master router based on a standard prefix, with the last octet equal to the group ID. When a backup router takes over as the master, it continues to forward traffic addressed to this virtual MAC address. However, the backup router cannot reply to ICMP pings sent to addresses associated with the virtual group because the IP address owner is off line.
  • Page 250 • Associated IP – IP address of the virtual router, or secondary IP addresses assigned to the current VLAN interface that are supported by this VRRP group. If this address matches a real interface on this switch, then this interface will become the virtual master router for this VRRP group.

  • Page 251: Figure 3-114 Vrrp Group Configuration

    Configuring Router Redundancy Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add. Figure 3-114 VRRP Group Configuration 3-199...

  • Page 252: Figure 3-115 Vrrp Group Configuration Detail

    Configuring the Switch Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real interface on this router to make it the master virtual router for the group. Otherwise, enter the virtual address for an existing group to make it a backup router.

  • Page 253: Displaying Vrrp Global Statistics

    CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface address for the selected VLAN to the virtual IP address. It then adds a secondary IP address to the VRRP group, sets all of the other VRRP parameters, and then displays the configured settings.

  • Page 254: Displaying Vrrp Group Statistics

    Configuring the Switch CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch. Console#show vrrp router counters VRRP Packets with Invalid Checksum : 0 VRRP Packets with Unknown Error VRRP Packets with Invalid VRID...

  • Page 255: Figure 3-117 Vrrp Group Statistics

    Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group. CLI – This example displays VRRP protocol statistics for group 1, VLAN 1. Console#show vrrp 1 interface vlan 1 counters Total Number of Times Transitioned to MASTER Total Number of Received Advertisements Packets Total Number of Received Error Advertisement Interval Packets Total Number of Received Authentication Failures Packets...

  • Page 256: Initial Configuration

    This switch supports IP routing and routing path management via static routing definitions (page 3-222) and dynamic routing such as RIP (page 3-224) or OSPF (page 3-234). When IP routing is enabled (page 3-225), this switch acts as a wire-speed router, passing traffic between VLANs using different IP interfaces, and routing traffic to external IP networks.

  • Page 257: Ip Switching

    However, if the packet belongs to a subnet not included on this switch, then the packet should be sent to a router (with the MAC address of the router itself used as the destination MAC address, and the destination IP address of the destination node).

  • Page 258: Routing Path Management

    Non-IP Protocol Routing The switch supports IP routing only. Non-IP protocols such as IPX and Appletalk cannot be routed by this switch, and will be confined within their local VLAN group unless bridged by an external router. To coexist with a network built on multilayer switches, the subnetworks for non-IP protocols must follow the same logical boundary as that of the IP subnetworks.

  • Page 259: Basic Ip Interface Configuration

    IP subnet address for at least one VLAN. Command Attributes • IP Routing Status – Configures the switch to operate as a Layer 2 switch or as a multilayer routing switch. (Options: Disable this field to restrict operation to Layer 2 switching;...

  • Page 260: Configuring Ip Routing Interfaces

    Configuring the Switch Configuring IP Routing Interfaces You can specify the IP subnets connected to this router by manually assigning an IP address to each VLAN, or by using the RIP or OSPF dynamic routing protocol to identify routes that lead to other interfaces by exchanging protocol messages with other routers on the network.

  • Page 261: Figure 3-119 Ip Routing Interface

    Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First specify a primary address, and click Set IP Configuration. If you need to assign secondary addresses, enter these addresses one at a time, and click Set IP Configuration after entering each address.

  • Page 262: Address Resolution Protocol

    Configuring the Switch Address Resolution Protocol If IP routing is enabled (page 3-207), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next. ARP is used to map an IP address to a physical layer (i.e., MAC) address.

  • Page 263: Basic Arp Configuration

    Basic ARP Configuration You can use the ARP General configuration menu to specify the timeout for ARP cache entries, or to enable Proxy ARP for specific VLAN interfaces. Command Usage • The aging time determines how long dynamic entries remain the cache. If the timeout is too short, the router may tie up resources by repeating ARP requests for addresses recently flushed from the table.

  • Page 264: Configuring Static Arp Addresses

    Configuring the Switch Configuring Static ARP Addresses For devices that do not respond to ARP requests, traffic will be dropped because the IP address cannot be mapped to a physical address. If this occurs, you can manually map an IP address to the corresponding physical address in the ARP.

  • Page 265: Displaying Dynamically Learned Arp Entries

    IP Routing Displaying Dynamically Learned ARP Entries The ARP cache contains entries that map IP addresses to the corresponding physical address. Most of these entries will be dynamically learned through replies to broadcast messages. You can display all of the dynamic entries in the ARP cache, change specific dynamic entries into static entries, or clear all dynamic entries from the cache.

  • Page 266: Displaying Local Arp Entries

    Configuring the Switch CLI - This example shows all entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address MAC Address --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff 10.1.0.11 00-11-22-33-44-55 10.1.0.12 01-02-03-04-05-06 10.1.0.19 00-10-b5-62-03-74 10.1.0.253 00-00-ab-cd-00-00 10.1.0.255 ff-ff-ff-ff-ff-ff...

  • Page 267: Displaying Arp Statistics

    CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address MAC Address --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff 10.1.0.11 00-11-22-33-44-55 10.1.0.12 01-02-03-04-05-06 10.1.0.19 00-10-b5-62-03-74 10.1.0.253 00-00-ab-cd-00-00 10.1.0.255 ff-ff-ff-ff-ff-ff Total entry : 6...

  • Page 268: Displaying Statistics For Ip Protocols

    Configuring the Switch CLI - This example provides detailed statistics on common IP-related protocols. Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts...
  • Page 269 Parameter Datagrams Forwarded Reassembly Required Reassembly Failures Datagrams Failing Fragmentation Received Header Errors Unknown Protocols Received Received Packets Delivered Discarded Output Packets Fragments Created Routing Discards Reassembly Successful Datagrams Successfully Fragmented Table 3-18 IP Statistics (Continued) Description The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination.

  • Page 270: Icmp Statistics

    Configuring the Switch Web - Click IP, Statistics, IP. CLI - See the example on page 3-215. ICMP Statistics Internet Control Message Protocol (ICMP) is a network layer protocol that transmits message packets to report errors in processing IP packets. ICMP is therefore an integral part of the Internet Protocol.

  • Page 271: Figure 3-126 Icmp Statistics

    Parameter Timestamps Timestamp Replies Address Masks Address Mask Replies Web - Click IP, Statistics, ICMP. CLI - See the example on page 3-215. Table 3-19 ICMP Statistics (Continued) Description The number of ICMP Timestamp (request) messages received/sent. The number of ICMP Timestamp Reply messages received/sent. The number of ICMP Address Mask Request messages received/sent.

  • Page 272: Udp Statistics

    Configuring the Switch UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets.

  • Page 273: Tcp Statistics

    TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols. Parameter Segments Received Segments Sent Active Opens Failed Connection Attempts Current Connections Receive Errors Segments Retransmitted...

  • Page 274: Configuring Static Routes

    Configuring the Switch Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF). However, you can also manually enter static routes in the routing table. Static routes may be required to access network segments where dynamic routing is not supported, or can be set to force the use of a specific route to a subnet, rather than using dynamic routing.

  • Page 275: Displaying The Routing Table

    Displaying the Routing Table You can display all the routes that can be accessed via the local network interfaces, via static routes, or via a dynamically learned route. If route information is available through more than one of these methods, the priority for route selection is local, static, and then dynamic.

  • Page 276: Configuring The Routing Information Protocol

    Configuring the Switch CLI - This example shows routes obtained from various methods. Console#show ip route Ip Address Netmask --------------- --------------- --------------- -------- ------ --------- 0.0.0.0 10.1.0.0 255.255.255.0 10.1.1.0 255.255.255.0 Total entries: 3 Console# Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing.

  • Page 277: Configuring General Protocol Settings

    routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks. Moreover, RIP (version 1) wastes valuable network bandwidth by propagating routing information via broadcasts; it also considers too few network variables to make the best routing decision. Configuring General Protocol Settings RIP is used to specify how routers exchange routing information.

  • Page 278: Figure 3-131 Rip General Settings

    Configuring the Switch Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset interfaces to RIPv1 or RIPv2, set the basic update timer, and then click Apply. CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds.

  • Page 279: Specifying Network Interfaces For Rip

    Specifying Network Interfaces for RIP You must specify network interfaces that will be included in the RIP routing process. Command Usage • RIP only sends updates to interfaces specified by this command. • Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address.

  • Page 280: Configuring Network Interfaces For Rip

    Configuring the Switch Configuring Network Interfaces for RIP For each interface that participates in the RIP routing process, you must specify the protocol message type accepted (i.e., RIP version) and the message type sent (i.e., RIP version or compatibility mode), the method for preventing loopback of protocol messages, and whether or not authentication is used (i.e., authentication only...
  • Page 281 Protocol Message Authentication RIPv1 is not a secure protocol. Any device sending protocol messages from UDP port 520 will be considered a router by its neighbors. Malicious or unwanted protocol messages can be easily propagated throughout the network if no authentication is required.

  • Page 282: Figure 3-133 Rip Interface Settings

    Configuring the Switch • Authentication Key – Specifies the key to use for authenticating RIPv2 packets. For authentication to function properly, both the sending and receiving interface must use the same password. (Range: 1-16 characters, case sensitive) Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method used to provide faster convergence and prevent loopback (i.e., prevent instability in the network topology),...

  • Page 283: Displaying Rip Information And Statistics

    Displaying RIP Information and Statistics You can display basic information about the current global configuration settings for RIP, statistics about route changes and queries, information about the interfaces on this router that are using RIP, and information about known RIP peer devices. Table 3-22 RIP Information and Statistics Parameter Globals...

  • Page 284: Figure 3-134 Rip Statistics

    Configuring the Switch Web - Click Routing Protocol, RIP, Statistics. Figure 3-134 RIP Statistics 3-232...
  • Page 285 CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the following commands. Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration Interface...

  • Page 286: Configuring The Open Shortest Path First Protocol

    Configuring the Switch Configuring the Open Shortest Path First Protocol Open Shortest Path First (OSPF) is more suited for large area networks which experience frequent changes in the links. It also handles subnets much better than RIP. OSPF protocol actively tests the status of each link to its neighbors to generate a shortest path tree, and builds a routing table based on this information.

  • Page 287: Configuring General Protocol Settings

    • OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of a point-to-multipoint interface which allows OSPF to run over non-broadcast networks, as well as support for overlapping area ranges. • When using OSPF, you must organize your network (i.e., autonomous system) into normal, stub, or not-so-stubby areas;...
  • Page 288 Configuring the Switch • AS Boundary Router this router to exchange routing information with boundary routers in other autonomous systems to which it may be attached. If a router is enabled as an ASBR, then every other router in the autonomous system can learn about external routes from this device.

  • Page 289: Figure 3-135 Ospf General Configuration

    Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. Figure 3-135 OSPF General Configuration CLI - This example configures the router with the same settings as shown in the screen capture for the web interface.

  • Page 290: Configuring Ospf Areas

    Configuring the Switch Configuring OSPF Areas An autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default, all other areas are created as normal transit areas. Routers in a normal area may import or export routing information about individual nodes.
  • Page 291 backbone default external route for local AS • Routes that can be advertised with NSSA external LSAs include network destinations outside the AS learned via OSPF, the default route, static routes, routes derived from other routing protocols such as RIP, or directly connected networks that are not running OSPF.

  • Page 292: Figure 3-136 Ospf Area Configuration

    Configuring the Switch Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. Figure 3-136 OSPF Area Configuration CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub,...

  • Page 293: Configuring Area Ranges (Route Summarization For Abrs)

    Console#show ip ospf Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB) Number of interfaces in this area is 1 SPF algorithm executed 8 times Area 0.0.0.3 (NSSA)

  • Page 294: Figure 3-137 Ospf Range Configuration

    Configuring the Switch Web - Click Routing Protocol, OSPF, Area Range Configuration. Specify the area identifier, the base address and network mask, select whether or not to advertise the summary route to other areas, and then click Apply. Figure 3-137 OSPF Range Configuration CLI - This example summarizes all the routes for area 1.

  • Page 295: Configuring Ospf Interfaces

    Configuring OSPF Interfaces You should specify a routing interface for any local subnet that needs to communicate with other network segments located on this router or elsewhere in the network. First configure a VLAN for each subnet that will be directly connected to this router, assign IP interfaces to each VLAN (i.e., one primary interface and one or more secondary interfaces), and then use the OSPF / Network Area Address Configuration page to assign an interface address range to an OSPF area.
  • Page 296 Configuring the Switch - On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can use the transmit delay to force the router to wait a specified interval between transmissions.

  • Page 297: Figure 3-138 Ospf Interface Configuration

    - You can assign a unique password to each network (i.e., autonomous system) to improve the security of the routing database. However, the password must be used consistently on all neighboring routers throughout a network. • Message Digest Key-id – Assigns a key-id used in conjunction with the authentication key to verify the authenticity of routing protocol messages sent to neighboring routers.

  • Page 298: Figure 3-139 Ospf Interface Configuration - Detailed

    Configuring the Switch Change any of the interface-specific protocol parameters, and then click Apply. Figure 3-139 OSPF Interface Configuration - Detailed CLI - This example configures the interface parameters for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 5 Console(config-if)#ip ospf transmit-delay 6...

  • Page 299: Configuring Virtual Links

    Configuring Virtual Links All OSPF areas must connect to the backbone. If an area does not have a direct physical connection to the backbone, you can configure a virtual link that provides a logical path to the backbone. To connect an isolated area to the backbone, the logical path can cross a single non-backbone area (i.e., transit area)

  • Page 300: Figure 3-140 Ospf Virtual Link Configuration

    Configuring the Switch Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set.

  • Page 301: Configuring Network Area Addresses

    Configuring Network Area Addresses OSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricted by area to limit their impact on network performance. A large network should be split up into separate OSPF areas to increase network stability, and to reduce protocol traffic by summarizing routing information into more compact messages.

  • Page 302: Figure 3-141 Ospf Network Area Address Configuration

    Configuring the Switch Web - Click Routing Protocol, OSPF, Network Area Address Configuration. Configure a backbone area that is contiguous with all the other areas in your network, configure an area for all of the other OSPF interfaces, then click Apply.
  • Page 303 CLI - This example configures the backbone area and one transit area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 8 times...

  • Page 304: Configuring Summary Addresses (For External As Routes)

    Configuring the Switch Configuring Summary Addresses (for External AS Routes) An Autonomous System Boundary Router (ASBR) can redistribute routes learned from other protocols into all attached autonomous systems. (See “Redistributing External Routes” on page 3-253) To reduce the amount of external LSAs imported into your local routing domain, you can configure the router to advertise an aggregate route that consolidates a broad range of external addresses.

  • Page 305: Redistributing External Routes

    CLI - This example This example creates a summary address for all routes contained in 192.168.x.x. Console(config-router)#summary-address 192.168.0.0 255.255.0.0 Console(config-router)# Redistributing External Routes You can configure this router to import external routing information from other routing protocols into the autonomous system. Router Command Usage •...

  • Page 306: Configuring Nssa Settings

    Configuring the Switch Web - Click Routing Protocol, OSPF, Redistribute. Specify the protocol type to import, the metric type and path cost, then click Add. Figure 3-143 OSPF Redistribute Configuration CLI - This example redistributes routes learned from RIP as Type 1 external routes.

  • Page 307: Figure 3-144 Ospf Nssa Settings

    Note: This router supports up 16 areas, either normal transit areas, stubs, or NSSAs. Web - Click Routing Protocol, OSPF, NSSA Settings. Create a new NSSA or modify the routing behavior for an existing NSSA, and click Apply. CLI - This example configures area 0.0.0.1 as a stub and sets the cost for the default summary route to 10.

  • Page 308: Displaying Link State Database Information

    Configuring the Switch Displaying Link State Database Information OSPF routers advertise routes using Link State Advertisements (LSAs). The full collection of LSAs collected by a router interface from the attached area is known as a link state database. Routers that are connected to multiple interfaces will have a separate database for each area.

  • Page 309: Figure 3-145 Ospf Link State Database Information

    IP Routing Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, then click Query. Figure 3-145 OSPF Link State Database Information CLI - The CLI provides a wider selection of display options for viewing the Link State Database.

  • Page 310: Displaying Information On Border Routers

    Configuring the Switch Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR) known by this device. Field Attributes • Destination – Identifier for the destination router.

  • Page 311: Displaying Information On Neighbor Routers

    Displaying Information on Neighbor Routers You can display about neighboring routers on each interface within an OSPF area. Field Attributes • ID – Neighbor’s router ID. • Priority – Neighbor’s router priority. • State – OSPF state and identification flag. States include: - Down –...

  • Page 312: Multicast Routing

    LAN environment. If DVMRP and PIM-DM are are not enabled on this router or another multicast routing protocol is used on your network, you can manually configure the switch ports attached to a multicast router (page 3-174).

  • Page 313: Displaying The Multicast Routing Table

    Displaying the Multicast Routing Table You can display information on each multicast route this router has learned via DVMRP or PIM. The router learns multicast routes from neighboring routers, and also advertises these routes to its neighbors. The router stores entries for all paths learned by itself or from other routers, without considering actual group membership or prune messages.

  • Page 314: Figure 3-149 Multicast Routing Table

    Configuring the Switch Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry. Figure 3-149 Multicast Routing Table 3-262...
  • Page 315 CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast source routed by DVMRP, and another source routed via PIM. Console#show ip mroute IP Multicast Forwarding is enabled. IP Multicast Routing Table Flags: P - Prune, F - Forwarding (234.5.6.7, 10.1.0.0, 255.255.255.0)

  • Page 316: Configuring Dvmrp

    Configuring the Switch Configuring DVMRP The Distance-Vector Multicast Routing Protocol (DVMRP) behaves somewhat similarly to RIP. A router supporting DVMRP periodically floods its attached networks to pass information about supported multicast services along to new routers and hosts. Routers that receive a DVMRP packet send a copy out to all paths (except the path back to the origin).
  • Page 317 Command Usage Broadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping is disabled, multicast traffic is flooded to all ports on the router. However, if IGMP snooping is enabled, then the first packet for any source group pair is flooded to all DVMRP downstream neighbors.
  • Page 318 Configuring the Switch which this device has received probes, and is used to verify whether or not these neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 10 seconds) • Neighbor Timeout Interval – Sets the interval to wait for messages from a DVMRP neighbor before declaring it dead.

  • Page 319: Configuring Dvmrp Interface Settings

    Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control neighbor timeout, the exchange of routing information, or the prune lifetime, and click Apply. Figure 3-150 DVMRP General Settings CLI – This sets the global parameters for DVMRP and displays the current settings. Console(config)#router dvmrp Console(config-router)#probe-interval 30 Console(config-router)#nbr-timeout 40...

  • Page 320: Figure 3-151 Dvmrp Interface Settings

    Configuring the Switch DVMRP Interface Settings • VLAN – Selects a VLAN interface on this router. • Metric – Sets the metric for this interface used to calculate distance vectors. • Status – Enables or disables DVMRP. - If DVMRP is enabled on any interface, Layer 3 IGMP should also be enabled on the router (page 3-176).

  • Page 321: Displaying Neighbor Information

    Displaying Neighbor Information You can display all the neighboring DVMRP routers. Command Attributes • Neighbor Address – The IP address of the network device immediately upstream for this multicast delivery tree. • Interface – The IP interface on this router that connects to the upstream neighbor. •...

  • Page 322: Displaying The Routing Table

    Configuring the Switch Displaying the Routing Table The router learns source-routed information from neighboring DVMRP routers and also advertises learned routes to its neighbors. The router merely records path information it has learned on its own or from other routers. It does not consider group membership or prune messages.

  • Page 323: Configuring Pim-Dm

    CLI – This example displays known DVMRP routes. onsole#show ip dvmrp route Source Mask --------------- --------------- --------------- --------- ------ ------ ------ 10.1.0.0 255.255.255.0 10.1.1.0 255.255.255.0 10.1.8.0 255.255.255.0 Console# Configuring PIM-DM Protocol-Independent Multicasting (PIM) provides two different modes of operation: sparse mode and dense mode. Sparse mode (SM) is designed for networks where the probability of multicast group members is low, such as the Internet.

  • Page 324: Configuring Pim-Dm Interface Settings

    Configuring the Switch Web – Click Routing Protocol, PIM-DM, General Settings. Enable or disable PIM-DM globally for the router, and click Apply. Figure 3-154 PIM-DM General Settings CLI – This example enables PIM-DM globally and displays the current status. Console(config)#router pim...
  • Page 325 • Trigger Hello Interval – Configures the maximum time before transmitting a triggered PIM hello message after the router is rebooted or PIM is enabled on an interface. (Range: 1-65535 seconds; Default: 5) - When a router first starts or PIM is enabled on an interface, the hello-interval is set to random value between 0 and the Trigger Hello Interval.

  • Page 326: Figure 3-155 Pim-Dm Interface Settings

    Configuring the Switch Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interface, modify any of the protocol parameters as required, and click Apply. Figure 3-155 PIM-DM Interface Settings CLI – This example sets the PIM-DM protocol parameters for VLAN 2, and displays the current settings.

  • Page 327: Displaying Interface Information

    Displaying Interface Information You can display a summary of the current interface status for PIM-DM, including the number of neighboring PIM routers, and the address of the designated PIM router. Command Attributes • Interface – A VLAN interface on this router. •...

  • Page 328: Figure 3-157 Pim-Dm Neighbor Information

    Configuring the Switch Web – Click Routing Protocol, PIM-DM, Neighbor Information. Figure 3-157 PIM-DM Neighbor Information CLI – This example displays the only neighboring PIM-DM router. Console#show ip pim neighbor Address VLAN Interface --------------- ---------------- -------- -------- ------- 10.1.0.253 Console#...

  • Page 329: Chapter 4: Command Line Interface

    Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system.
  • Page 330 The IP address for this switch is obtained via DHCP by default. To access the stack through a Telnet session, you must first set the IP address for the Master unit, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0...

  • Page 331: Entering Commands

    Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.

  • Page 332: Showing Commands

    Specify spanning-tree Secure shell startup-config The system configuration of starting up system Information of system tacacs-server Login by TACACS server users Display information about terminal lines version System hardware and software status vlan Switch VLAN Virtual Interface vrrp Show vrrp Console#show...

  • Page 333: Partial Keyword Lookup

    The command “show interfaces ?” will display the following information: Console#show interfaces ? counters Information of interfaces counters protocol-vlan Protocol-vlan information status Information of interfaces status switchport Information of interfaces switchport Console# Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided.

  • Page 334: Understanding Command Modes

    You must be in Global Configuration mode to access any of the other configuration modes. Exec Commands When you open a new console session on the switch with the user name and password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>”...

  • Page 335: Configuration Commands

    Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the copy running-config startup-config command.

  • Page 336: Table 4-2 Configuration Command Modes

    Command Line Interface To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. Table 4-2 Configuration Command Modes Mode Command Line line {console | vty} Access access-list ip standard Control List...

  • Page 337: Command Line Processing

    Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?”...

  • Page 338: Command Groups

    Multicast Filtering Configures IGMP multicast filtering, query parameters, and specifies ports attached to a multicast router IP Interface Configures IP address for the switch interfaces; also configures ARP parameters and static entries IP Routing Configures static and dynamic unicast routing...

  • Page 339: Line Commands

    Table 4-4 Command Group Index (Continued) Command Group Description Multicast Routing Configures multicast routing protocols DVMRP and PIM-DM Router Redundancy Configures router redundancy to create primary and backup routers The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) PE (Privileged Exec) GC (Global Configuration)

  • Page 340: Line

    Command Line Interface line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line.

  • Page 341: Password

    Command Usage • There are three authentication modes provided by the switch itself at login: - login selects authentication by a single global password as specified by the password line configuration command. When using this method, the management interface starts in Normal Exec (NE) mode.

  • Page 342: Timeout Login Response

    Command Line Interface • The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config-line)#password 0 secret Console(config-line)#...

  • Page 343: Exec-Timeout

    exec-timeout This command sets the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout [seconds] no exec-timeout seconds - Integer that specifies the timeout interval. (Range: 0 - 65535 seconds; 0: no timeout) Default Setting CLI: No timeout Telnet: 10 minutes...

  • Page 344: Silent-Time

    Command Line Interface Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down.

  • Page 345: Databits

    databits This command sets the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character. •...

  • Page 346: Speed

    Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported. If you select the “auto” option, the switch will automatically detect the baud rate configured on the attached terminal, and adjust the speed accordingly.

  • Page 347: Disconnect

    Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# disconnect This command terminates an SSH, Telnet, or console connection. Syntax disconnect session-id session-id – The session identifier for an SSH, Telnet or console connection.

  • Page 348: General Commands

    Command Line Interface Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: Interactive timeout: Disabled Login timeout: Disabled Silent time: Baudrate: Databits: Parity: Stopbits: VTY configuration: Password threshold: Interactive timeout: 600 sec Login timeout: 300 sec Console# General Commands Command...

  • Page 349: Disable

    This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes” on page 4-6.

  • Page 350: Configure

    This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration.

  • Page 351: Reload

    None Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue <y/n>? y This command returns to Privileged Exec mode. Default Setting None...

  • Page 352: Exit

    Command Line Interface exit This command returns to the previous configuration mode or exits the configuration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session...

  • Page 353: System Management Commands

    Table 4-7 System Management Commands Command Group Function Device Designation Configures information that uniquely identifies this switch User Access Configures the basic user names and passwords for management access IP Filter Configures IP addresses that are allowed management access...

  • Page 354: Hostname

    Console(config)#hostname RD#1 Console(config)# switch renumber This command resets the switch unit identification numbers in the stack. All stack members are numbered sequentially starting from the top unit for a non-loop stack, or starting from the Master unit for a looped stack.

  • Page 355: User Access Commands

    User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-11), user authentication via a remote authentication server (page 4-70), and host access authentication for specific ports (page 4-80).

  • Page 356: Enable Password

    Command Line Interface Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example This example shows how the set the access level and password for a user.

  • Page 357: Ip Filter Commands

    Global Configuration Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the switch will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.

  • Page 358: Show Management

    Console# show management This command displays the client IP addresses that are allowed management access to the switch through various protocols. Syntax show management {all-client | http-client | snmp-client | telnet-client} • all-client - Adds IP address(es) to the SNMP, web and Telnet groups.

  • Page 359: Web Server Commands

    Specifies the port to be used by the web browser interface ip http server Allows the switch to be monitored or configured from a browser GC ip http secure-server Enables HTTPS (HTTP/SSL) for encrypted communications ip http secure-port...

  • Page 360: Ip Http Secure-Server

    This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the no form to disable this function. Syntax [no] ip http secure-server...

  • Page 361: Ip Http Secure-Port

    (4-64) ip http secure-port This command specifies the UDP port number used for HTTPS connection to the switch’s web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port port_number –...

  • Page 362: Telnet Server Commands

    Secure Shell Commands The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.

  • Page 363: Table 4-15 Secure Shell Commands

    4-70. If public key authentication is specified by the client, then you must configure authentication keys on both the client and the switch as described in the following section. Note that regardless of whether you use public key or password authentication, you still have to generate authentication keys on the switch and enable the SSH server.
  • Page 364 Configure Challenge-Response Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can gain access.

  • Page 365: Ip Ssh Server

    This command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service. Syntax [no] ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage • The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions.

  • Page 366: Ip Ssh Authentication-Retries

    Command Line Interface Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase. Once an SSH session has been established, the timeout for user input is controlled by the exec-timeout command for vty sessions.

  • Page 367: Delete Public-Key

    Command Mode Global Configuration Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with the SSH client, and is fixed at 1024 bits. Example Console(config)#ip ssh server-key size 512...

  • Page 368: Ip Ssh Crypto Zeroize

    Command Line Interface Command Usage • This command stores the host key pair in memory (i.e., RAM). Use the ip ssh save host-key command to save the host key pair to flash memory. • Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process.

  • Page 369: Ip Ssh Save Host-Key

    ip ssh save host-key This command saves the host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa] • dsa – DSA key type. • rsa – RSA key type. Default Setting Saves both the DSA and RSA key. Command Mode Privileged Exec Example...

  • Page 370: Show Public-Key

    Command Line Interface Table 4-16 show ssh - display description Field Description Session The session number. (Range: 0-3) Version The Secure Shell version number. State The authentication negotiation state. (Values: Negotiation-Started, Authentication-Started, Session-Started) Username The user name of the client. Encryption The encryption method is automatically negotiated between the client and server.

  • Page 371: Event Logging Commands

    Displays the state of logging show log Displays log messages logging on This command controls logging of error messages, sending debug or error messages to switch memory. The no form disables the logging process. Syntax [no] logging on System Management Commands Mode...

  • Page 372: Logging History

    (4-44) clear log (4-47) logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...

  • Page 373: Logging Host

    Default Setting Flash: errors (level 3 - 0) RAM: warnings (level 7 - 0) Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority (i.e., numerically lower) than that specified for RAM. Example Console(config)#logging history ram 0 Console(config)#...

  • Page 374: Logging Trap

    The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database.

  • Page 375: Clear Log

    (4-49) show logging This command displays the configuration settings for logging messages to local switch memory, to an SMTP event handler, or to a remote syslog server. Syntax show logging {flash | ram | sendmail | trap} • flash - Displays settings for storing event messages in flash memory (i.e., permanent memory).

  • Page 376: Related Commands

    Command Line Interface Example The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), and the message level for RAM is “debugging” (i.e., default level 7 - 0). Console#show logging flash Syslog logging: History logging in FLASH: level errors...

  • Page 377: Show Log

    show log This command displays the log messages stored in local memory. Syntax show log {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).

  • Page 378: Logging Sendmail Host

    If it fails to send mail, the switch selects the next server in the list and tries to send mail again. If it still fails, the system will repeat the process at a periodic interval.

  • Page 379: Logging Sendmail Source-Email

    (Range: 1-41 characters) Default Setting None Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. Example Console(config)#logging sendmail source-email bill@this-company.com Console(config)# logging sendmail destination-email This command specifies the email recipients of alert messages.

  • Page 380: Logging Sendmail

    Command Line Interface Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# logging sendmail This command enables SMTP event handling. Use the no form to disable this function.

  • Page 381: Sntp Client

    (NTP or SNTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. If the clock is not set, the switch will only record the time from the factory default set at the last bootup. Command...

  • Page 382: Sntp Server

    Global Configuration Command Usage This command specifies time servers from which the switch will poll for time updates when set to SNTP client mode. The client will poll the time servers in the order specified until a response is received. It issues time synchronization requests based on the interval set via the sntp poll command.

  • Page 383: Sntp Poll

    This command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds)

  • Page 384: Clock Timezone

    (4-55) calendar set This command sets the system clock. It may be used if there is no time server on your network, or if you have not configured the switch to receive signals from a time server. Syntax calendar set hour min sec {day month year | month day year} •...

  • Page 385: Show Calendar

    Default Setting None Command Mode Privileged Exec Example This example shows how to set the system clock to 15:12:34, February 1st, 2002. Console#calendar set 15:12:34 1 February 2002 Console# show calendar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileged Exec Example...

  • Page 386: Command Usage

    “!” symbols, and includes the configuration mode command, and corresponding commands. This command displays the following information: - MAC address for each switch in the stack - SNTP server settings - SNMP community strings - Users (names and access levels)

  • Page 387: Show Running-Config

    “!” symbols, and includes the configuration mode command, and corresponding commands. This command displays the following information: - MAC address for each switch in the stack - SNTP server settings - SNMP community strings - Users (names, access levels, and encrypted passwords)
  • Page 388 Command Line Interface - IP address configured for VLANs - Layer 4 precedence settings - Routing protocol configuration settings - Spanning tree settings - Any configured settings for the console port and Telnet Example Console#show running-config building running-config, please wait... !<stackingDB>0000000000000000</stackingDB>...

  • Page 389: Show System

    • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: 44GE+4Combo Layer2/3/4 Stackable Switch System OID string: 1.3.6.1.4.1.259.6.10.64 System information System Up time: 0 days, 1 hours, 23 minutes, and 44.61 seconds...

  • Page 390: Show Users

    This command displays hardware and software version information for the system. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage See “Displaying Switch Hardware/Software Versions” on page 3-13 for detailed information on the items displayed by this command. 4-62 None None 0:14:14 0:00:00 192.168.1.19...

  • Page 391: Frame Size Commands

    Command Mode Global Configuration Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.

  • Page 392: Flash/File Commands

    This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation.
  • Page 393 • To replace the startup configuration, you must use startup-config as the destination. • Use the copy file unit command to copy a local file to another switch in the stack. Use the copy unit file command to copy a file from another switch in the stack.
  • Page 394 \Write to FLASH finish. Success. Console# This example shows how to copy a secure-site certificate from an TFTP server. It then reboots the switch to activate the certificate: Console#copy tftp https-certificate TFTP server ip address: 10.1.0.19 Source certificate file name: SS-certificate...

  • Page 395: Delete

    The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file. • config - Switch configuration file. • opcode - Run-time operation code image file. • filename - Name of configuration file or code image. If this file exists but contains errors, information on this file cannot be shown.

  • Page 396: Whichboot

    Command Line Interface Command Usage • If you enter the command dir without any parameters, the system displays all files. • A colon (:) is required after the specified unit number. • File information is shown below: Column Heading file name file type startup size...

  • Page 397: Boot System

    Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command. Console#whichboot file name -------------------------------- ----------------------- ------- ----------- Unit1: D1014 V31121 startup1.cfg Console# boot system This command specifies the file or image used to start up the system.

  • Page 398: Authentication Commands

    Command Line Interface Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1X. Table 4-27 Authentication Commands...

  • Page 399: Related Commands

    • RADIUS and TACACS+ logon authentication assigns a specific privilege level for each user name and password pair. The user name, password, and privilege level must be configured on the authentication server. • You can specify three authentication methods in a single command to indicate the authentication sequence.

  • Page 400: Radius Client

    • port_number - RADIUS serverUDP port used for authentication messages. (Range: 1-65535) • timeout - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) • retransmit - Number of times the switch will try to authenticate logon access via the RADIUS server.

  • Page 401: Radius-Server Port

    • key - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting • auth-port - 1812 • timeout - 5 seconds • retransmit - 2 Command Mode Global Configuration Example Console(config)#radius-server 1 host 192.168.1.20 port 181 timeout 10...

  • Page 402: Radius-Server Retransmit

    This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode...

  • Page 403: Show Radius-Server

    TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch. Table 4-30 TACACS+ Client Commands Command...

  • Page 404: Tacacs-Server Host

    Command Line Interface tacacs-server host This command specifies the TACACS+ server. Use the no form to restore the default. Syntax tacacs-server host host_ip_address no tacacs-server host host_ip_address - IP address of a TACACS+ server. Default Setting 10.11.12.13 Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25 Console(config)#...

  • Page 405: Tacacs-Server Key

    tacacs-server key This command sets the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting None...

  • Page 406: Port Security Commands

    MAC address that is unknown or has been previously learned from another port. If a device with an unauthorized MAC address attempts to use the switch port, the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message.
  • Page 407 Command Usage • If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted.

  • Page 408: 802.1X Port Authentication

    Command Line Interface 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).

  • Page 409: Dot1X Default

    Console(config)#dot1x default Console(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session. Use the no form to restore the default.

  • Page 410: Dot1X Operation-Mode

    Command Line Interface Default force-authorized Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# dot1x operation-mode This command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to restore the default to single host.

  • Page 411: Dot1X Re-Authenticate

    Console(config-if)#dot1x re-authentication Console(config-if)# dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default. Syntax...

  • Page 412: Dot1X Timeout Re-Authperiod

    Console(config-if)#dot1x timeout re-authperiod 300 Console(config-if)# dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax...

  • Page 413: Show Dot1X

    This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] • statistics - Displays dot1x status for each port. • interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number.

  • Page 414: Port Control

    Command Line Interface - Max Count - Port-control - Supplicant - Current Identifier • Authenticator State Machine - State - Reauth Count • Backend State Machine - State - Request Count - Identifier(Server) • Reauthentication State Machine - State Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable...

  • Page 415: Access Control List Commands

    An ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress or egress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule.

  • Page 416: Masks For Access Control Lists

    • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.

  • Page 417: Ip Acls

    IP ACLs Command Function access-list ip Creates an IP ACL and enters configuration mode for standard or extended IP ACLs permit, deny Filters packets matching a specified source IP address permit, deny Filters packets meeting the specified criteria, including source and destination IP address, TCP/UDP port number, protocol type, and TCP control code show ip access-list Displays the rules for configured IP ACLs...

  • Page 418: Permit, Deny (Standard Acl)

    Command Line Interface Example Console(config)#access-list ip standard david Console(config-std-acl)# Related Commands permit, deny 4-90 ip access-group (4-98) show ip access-list (4-93) permit, deny (Standard ACL) This command adds a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source.

  • Page 419: Permit, Deny (Extended Acl)

    permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule. Syntax [no] {permit | deny} [protocol-number | udp] {any | source address-bitmask | host source}...
  • Page 420 Command Line Interface Command Usage • All new rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match”...

  • Page 421: Show Ip Access-List

    Related Commands access-list ip (4-89) show ip access-list This command displays the rules for configured IP ACLs. Syntax show ip access-list {standard | extended} [acl_name] • standard – Specifies a standard IP ACL. • extended – Specifies an extended IP ACL. •...

  • Page 422: Mask (Ip Acl)

    Command Line Interface • You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule. Example Console(config)#access-list ip mask-precedence in Console(config-ip-mask-acl)# Related Commands mask (IP ACL) (4-94) ip access-group (4-98) mask (IP ACL)

  • Page 423: Command Usage

    Command Usage • Packets crossing a port are checked against all the rules in the ACL until a match is found. The order in which these packets are checked is determined by the mask, and not the order in which the ACL rules were entered. •...
  • Page 424 Command Line Interface This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others. Console(config)#access-list ip standard A2 Console(config-std-acl)#permit any Console(config-std-acl)#deny host 171.69.198.102 Console(config-std-acl)#end Console#show access-list IP standard access-list A2: deny host 171.69.198.102 permit any...

  • Page 425: Show Access-List Ip Mask-Precedence

    (i.e., the ACL is active), the order in which the rules are displayed is determined by the associated mask. Switch(config)#access-list ip extended 6 Switch(config-ext-acl)#permit any any Switch(config-ext-acl)#deny tcp any any control-flag 2 2 Switch(config-ext-acl)#end Console#show access-list IP extended access-list A6:...

  • Page 426: Ip Access-Group

    • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. • You must configure a mask for an ACL rule before you can bind it to a port.

  • Page 427: Mac Acls

    MAC ACLs Command Function access-list mac Creates a MAC ACL and enters configuration mode permit, deny Filters packets matching a specified source and destination address, packet format, and Ethernet type show mac access-list Displays the rules for configured MAC ACLs access-list mac Changes to the mode for configuring access control masks GC mask-precedence...
  • Page 428 Command Line Interface Related Commands permit, deny (4-100) mac access-group (4-105) show mac access-list (4-101) permit, deny (MAC ACL) This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or destination address (i.e., physical layer address), or Ethernet protocol type.

  • Page 429: Permit, Deny (Mac Acl)

    • vid-bitmask – VLAN bitmask. (Range: 1-4093) • protocol – A specific Ethernet protocol number. (Range: 600-fff hex.) • protocol-bitmask Default Setting None Command Mode MAC ACL Command Usage • New rules are added to the end of the list. •...

  • Page 430: Access-List Mac Mask-Precedence

    Command Line Interface access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no form to delete the mask table. Syntax [no] access-list ip mask-precedence {in | out} • in – Ingress mask for ingress ACLs. •...

  • Page 431: Default Setting

    • vid-bitmask – VLAN ID of rule must match this bitmask. • ethertype – Check the Ethernet type field. • ethertype-bitmask – Ethernet type of rule must match this bitmask. Default Setting None Command Mode MAC Mask Command Usage • Up to seven masks can be assigned to an ingress or egress ACL. •...

  • Page 432: Show Access-List Mac Mask-Precedence

    Command Line Interface This example creates an Egress MAC ACL. Console(config)#access-list mac M5 Console(config-mac-acl)#deny tagged-802.3 host 00-11-11-11-11-11 any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3 ethertype 0806 Console(config-mac-acl)#end Console#show access-list MAC access-list M5: deny tagged-802.3 host 00-11-11-11-11-11 any deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806 Console(config)#access-list mac mask-precedence out Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid Console(config-mac-mask-acl)#exit...

  • Page 433: Mac Access-Group

    • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. • You must configure a mask for an ACL rule before you can bind it to a port.

  • Page 434: Show Access-List

    Command Line Interface ACL Information Table 4-36 ACL Information Commands Command Function show access-list Show all ACLs and associated rules show access-group Shows the ACLs assigned to each port show access-list This command shows all ACLs and associated rules, as well as all the user-defined masks.

  • Page 435: Snmp Commands

    SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption; as well as controlling user access to specific areas of the MIB tree.

  • Page 436: Show Snmp

    Command Line Interface Example Console(config)#snmp-server Console(config)# show snmp This command can be used to check the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.

  • Page 437: Snmp-Server Community

    snmp-server community This command defines the SNMP v1 and v2c community access string. Use the no form to remove the specified community string. Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol.

  • Page 438: Snmp-Server Location

    Command Line Interface Related Commands snmp-server location (4-110) snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location. (Maximum length: 255 characters) Default Setting None...
  • Page 439 • Notifications are issued by the switch as trap messages by default. The recipient of a trap message does not send a response to the switch. Traps are therefore not as reliable as inform messages, which include a request for acknowledgement of receipt.

  • Page 440: Snmp-Server Enable Traps

    6. Specify a remote engine ID where the user resides (page 4-113). 7. Then configure a remote user (page 4-119). • The switch can send SNMP Version 1, 2c or 3 notifications to a host IP address, depending on the SNMP version that the management station supports.

  • Page 441: Snmp-Server Engine-Id

    • ip-address - The Internet address of the remote device. • engineid-string - String identifying the engine ID. (Range: 1-26 hexadecimal characters) Default Setting A unique engine ID is automatically generated by the switch based on its MAC address. Command Mode Global Configuration Command Usage •...

  • Page 442: Show Snmp Engine-Id

    “1234” is equivalent to “1234” followed by 22 zeroes. • A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared.

  • Page 443: Snmp-Server View

    snmp-server view This command adds an SNMP view which controls user access to the MIB. Use the no form to remove an SNMP view. Syntax snmp-server view view-name oid-tree {included | excluded} no snmp-server view view-name • view-name - Name of an SNMP view. (Range: 1-64 characters) •...

  • Page 444: Show Snmp View

    Command Line Interface show snmp view This command shows information on the SNMP views. Command Mode Privileged Exec Example Console#show snmp view View Name: mib-2 Subtree OID: 1.2.2.3.6.2.1 View Type: included Storage Type: permanent Row Status: active View Name: defaultview Subtree OID: 1 View Type: included Storage Type: volatile...
  • Page 445 • When privacy is selected, the DES 56-bit algorithm is used for data encryption. • For additional information on the notification messages supported by this switch, see “Supported Notification Messages” on page 3-49. Also, note that the authentication, link-up and link-down messages are legacy traps and must therefore be enabled in conjunction with the snmp-server enable traps command (page 4-112).

  • Page 446: Show Snmp Group

    Command Line Interface show snmp group Four default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and read/write access. Command Mode Privileged Exec Example Console#show snmp group Group Name: r&d Security Model: v3 Read View: defaultview Write View: daily Notify View: none Storage Type: permanent...

  • Page 447: Snmp-Server User

    Table 4-40 show snmp group - display description (Continued) Field Description writeview The associated write view. notifyview The associated notify view. storage-type The storage type for this entry. Row Status The row status of this entry. snmp-server user This command adds a user to an SNMP group, restricting the user to a specific SNMP Read, Write, or Notify View.

  • Page 448: Show Snmp User

    Command Line Interface the user resides. Then use the snmp-server user command to specify the user and the IP address for the remote device where the user resides. The remote agent’s SNMP engine ID is used to compute authentication/privacy digests from the user’s password. If the remote engine ID is not first configured, the snmp-server user command specifying a remote user will fail.

  • Page 449: Dhcp Client

    (DHCP) client, relay, and server functions. You can configure any VLAN interface to be automatically assigned an IP address via DHCP. This switch can be configured to relay DHCP client configuration requests to a DHCP server on another network, or you can configure this switch to provide DHCP service directly to any client.

  • Page 450: Ip Dhcp Restart Client

    Command Line Interface Command Usage This command is used to include a client identifier in all communications with the DHCP server. The identifier type depends on the requirements of your DHCP server. Example Console(config)#interface vlan 2 Console(config-if)#ip dhcp client-identifier hex 00-00-e8-66-65-72 Console(config-if)# Related Commands ip dhcp restart client (4-122)

  • Page 451: Dhcp Relay

    This command is used to configure DHCP relay functions for host devices attached to the switch. If DHCP relay service is enabled, and this switch sees a DHCP request broadcast, it inserts its own IP address into the request so the DHCP server will know the subnet where the client is located.

  • Page 452: Ip Dhcp Relay Server

    Command Line Interface ip dhcp relay server This command specifies the addresses of DHCP servers to be used by the switch’s DHCP relay agent. Use the no form to clear all addresses. Syntax ip dhcp relay server address1 [address2 [address3 ...]] no ip dhcp relay server address - IP address of DHCP server.

  • Page 453: Service Dhcp

    Displays address bindings on the DHCP server * These commands are used for manually binding an address to a client. service dhcp This command enables the DHCP server on this switch. Use the no form to disable the DHCP server. Syntax...

  • Page 454: Ip Dhcp Pool

    Command Mode Global Configuration Usage Guidelines • After executing this command, the switch changes to DHCP Pool Configuration mode, identified by the (config-dhcp)# prompt. • From this mode, first configure address pools for the network interfaces (using the network command). You can also manually bind an address to a specific client (with the host command) if required.

  • Page 455: Network

    DHCP Pool Configuration Usage Guidelines • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If there is no gateway in the client request (i.e., the request was not forwarded by a relay server), the switch...

  • Page 456: Domain-Name

    Command Line Interface Command Mode DHCP Pool Configuration Usage Guidelines The IP address of the router should be on the same subnet as the client. You can specify up to two routers. Routers are listed in order of preference (starting with address1 as the most preferred router). Example Console(config-dhcp)#default-router 10.1.0.54 10.1.0.64 Console(config-dhcp)#...

  • Page 457: Next-Server

    Usage Guidelines • If DNS IP servers are not configured for a DHCP client, the client cannot correlate host names to IP addresses. • Servers are listed in order of preference (starting with address1 as the most preferred server). Example Console(config-dhcp)#dns-server 10.1.1.253 192.168.3.19 Console(config-dhcp)# next-server...

  • Page 458: Netbios-Name-Server

    Related Commands next-server (4-129) netbios-name-server This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to Microsoft DHCP clients. Use the no form to remove the NetBIOS name server list. Syntax netbios-name-server address1 [address2] no netbios-name-server •...

  • Page 459: Netbios-Node-Type

    This command configures the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS node type. Syntax netbios-node-type type no netbios-node-type type - Specifies the NetBIOS node type: • broadcast • hybrid (recommended) • mixed •...

  • Page 460: Host

    • Host addresses must fall within the range specified for an existing network pool. • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server).

  • Page 461: Client-Identifier

    Example Console(config-dhcp)#host 10.1.0.21 255.255.255.0 Console(config-dhcp)# Related Commands client-identifier (4-133) hardware-address (4-134) client-identifier This command specifies the client identifier of a DHCP client. Use the no form to remove the client identifier. Syntax client-identifier {text text | hex hex} no client-identifier •...

  • Page 462: Hardware-Address

    Command Line Interface hardware-address This command specifies the hardware address of a DHCP client. This command is valid for manual bindings only. Use the no form to remove the hardware address. Syntax hardware-address hardware-address type no hardware-address • hardware-address - Specifies the MAC address of the client device. •...

  • Page 463: Usage Guidelines

    Usage Guidelines • An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the DHCP server clears all automatic bindings. • Use the no host command to delete a manual binding. • This command is normally used after modifying the address pool, or after moving DHCP service to another device.

  • Page 464: Dns Commands

    Command Line Interface DNS Commands These commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS domain name to IP address mapping table, configure default domain names, or specify one or more name servers to use for domain name to address translation.

  • Page 465: Clear Host

    Command Usage Servers or other network devices may support one or more connections via multiple IP addresses. If more than one IP address is associated with a host name using this command, a DNS client can try each address in succession, until it establishes a connection with the target device.

  • Page 466: Ip Domain-List

    • Domain names are added to the end of the list one at a time. • When an incomplete host name is received by the DNS service on this switch, it will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.

  • Page 467: Ip Name-Server

    Example This example adds two domain names to the current list and then displays the list. Console(config)#ip domain-list sample.com.jp Console(config)#ip domain-list sample.com.uk Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: Console# Related Commands ip domain-name (4-137)

  • Page 468: Ip Domain-Lookup

    Command Line Interface Example This example adds two domain-name servers to the list and then displays the list. Console(config)#ip domain-server 192.168.1.55 10.1.0.55 Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console#...

  • Page 469: Show Hosts

    Related Commands ip domain-name (4-137) ip name-server (4-139) show hosts This command displays the static host name-to-address mapping table. Command Mode Privileged Exec Example Note that a host name will be displayed as an alias if it is mapped to the same address(es) as a previously configured entry.

  • Page 470: Show Dns Cache

    Command Line Interface show dns cache This command displays entries in the DNS cache. Command Mode Privileged Exec Example Console#show dns cache FLAG TYPE CNAME CNAME CNAME CNAME CNAME CNAME ALIAS Console# Table 4-47 show dns cache - display description Field Description The entry number for each resource record.

  • Page 471: Interface Commands

    Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Command Function interface Configures an interface type and enters interface configuration mode description Adds a description to an interface configuration speed-duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled...

  • Page 472: Description

    Command Line Interface Command Mode Global Configuration Example To specify port 4, enter the following command: Console(config)#interface ethernet 1/4 Console(config-if)# description This command adds a description to an interface. Use the no form to remove the description. Syntax description string no description string - Comment or a description to help you remember what is attached to this interface.

  • Page 473: Negotiation

    Interface Configuration (Ethernet, Port Channel) Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.

  • Page 474: Capabilities

    Interface Configuration (Ethernet, Port Channel) Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.

  • Page 475: Flow Control

    Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-145) capabilities (flowcontrol, symmetric) (4-146) 32. There are interoperability problems between Flow Control and Head-of-Line (HOL) blocking for the switch ASIC; Flow Control is therefore not supported for this switch. Interface Commands 4-147...

  • Page 476: Media-Type

    Default Setting sfp-preferred-auto Command Mode Interface Configuration (Ethernet) Example This forces the switch to use the built-in RJ-45 port for the combination port 48. Console(config)#interface ethernet 1/48 Console(config-if)#media-type copper-forced Console(config-if)# shutdown This command disables an interface. To restart a disabled interface, use the no form.

  • Page 477: Switchport Broadcast Packet-Rate

    switchport broadcast packet-rate This command configures broadcast storm control. Use the no form to disable broadcast storm control. Syntax switchport broadcast packet-rate rate no switchport broadcast rate - Threshold level as a rate; i.e., packets per second. (Range: 1000BASE - 500-262143, 10GBASE - 1041-262143) Default Setting Enabled for all ports Packet-rate limit: 1000BASE - 500 pps, 10GBASE - 1041 pps...

  • Page 478: Show Interfaces Status

    Command Line Interface Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session. However, if you log out and back into the management interface, the statistics displayed will show the absolute value accumulated since the last power reset.

  • Page 479: Show Interfaces Counters

    Example Console#show interfaces status ethernet 1/5 Information of Eth 1/5 Basic information: Port type: Mac address: Configuration: Name: Port admin: Speed-duplex: Capabilities: Broadcast storm: Broadcast storm limit: Flow control: LACP: Port security: Max MAC count: Port security action: Media type: Current status: Link status: Port operation status:...

  • Page 480: Show Interfaces Switchport

    Command Line Interface Example Console#show interfaces counters ethernet 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 3064 Broadcast input: 262, Broadcast output: 1...

  • Page 481: Table 4-49 Show Interfaces Switchport - Display Description

    Example This example shows the configuration setting for port 4. Console#show interfaces switchport ethernet 1/4 Broadcast threshold: LACP status: Ingress rate limit: Egress rate limit: VLAN membership mode: Ingress rule: Acceptable frame type: Native VLAN: Priority for untagged traffic: 0 GVRP status: Allowed VLAN: Forbidden VLAN:...

  • Page 482: Mirror Port Commands

    Command Line Interface Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Command Function port monitor Configures a mirror session show port monitor Shows the configuration for a mirror port port monitor This command configures a mirror session.

  • Page 483: Show Port Monitor

    Example The following example configures the switch to mirror all packets from port 6 to 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 both Console(config-if)# show port monitor This command displays mirror information. Syntax show port monitor [interface] interface - ethernet unit/port (source port) •...

  • Page 484: Rate Limit Commands

    Command Line Interface Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.

  • Page 485: Link Aggregation Commands

    Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP. This switch supports up to six trunks. For example, a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex.

  • Page 486: Channel-Group

    • When configuring static trunks, the switches must comply with the Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk. • Use no interfaces port-channel to remove a trunk from the switch. Example The following example creates trunk 1 and then adds port 11:...

  • Page 487: Lacp

    • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than eight ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.

  • Page 488: Lacp System-Priority

    • Port must be configured with the same system priority to join the same LAG. • System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.

  • Page 489: Lacp Admin-Key (Ethernet Interface)

    Syntax lacp admin-key key [no] lacp admin-key key - The port channel admin key is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch. (Range: 0-65535) Link Aggregation Commands 4-161...

  • Page 490: Lacp Port-Priority

    Command Line Interface Default Setting Command Mode Interface Configuration (Port Channel) Command Usage • Ports are only allowed to join the same LAG if (1) the LACP system priority matches, (2) the LACP port admin key matches, and (3) the LACP port channel key matches (if configured).

  • Page 491: Show Lacp

    Example Console(config)#interface ethernet 1/5 Console(config-if)#lacp actor port-priority 128 show lacp This command displays LACP information. Syntax show lacp [port-channel] {counters | internal | neighbors | sys-id} • port-channel - Local identifier for a link aggregation group. (Range: 1-32) • counters - Statistics for LACP protocol messages. •...

  • Page 492: Table 4-54 Show Lacp Internal - Display Description

    Command Line Interface Console#show lacp 1 internal Port channel: 1 ------------------------------------------------------------------------- Oper Key: Admin Key: 0 Eth 1/ 2 ------------------------------------------------------------------------- LACPDUs Internal: LACP System Priority: 32768 LACP Port Priority: Admin Key: Oper Key: Admin State: defaulted, aggregation, long timeout, LACP-activity Oper State: Table 4-54 show lacp internal - display description Field...

  • Page 493: Table 4-55 Show Lacp Neighbors - Display Description

    Console#show lacp 1 neighbors Port channel 1 neighbors ------------------------------------------------------------------------- Eth 1/1 ------------------------------------------------------------------------- Partner Admin System ID: Partner Oper System ID: Partner Admin Port Number: 2 Partner Oper Port Number: Port Admin Priority: Port Oper Priority: Admin Key: Oper Key: Admin State: Oper State: Table 4-55 show lacp neighbors - display description Field...

  • Page 494: Address Table Commands

    ------------------------------------------------------------------------- Table 4-56 show lacp sysid - display description Field Description Channel group A link aggregation group configured on this switch. LACP system priority for this channel group. System Priority System MAC address. System MAC Address * The LACP system priority and system MAC address are concatenated to form the LAG system ID.

  • Page 495: Mac-Address-Table Static

    • port-channel channel-id (Range: 1-32) • vlan-id - VLAN ID (Range: 1-4093) • action - - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent.

  • Page 496: Clear Mac-Address-Table Dynamic

    Command Line Interface clear mac-address-table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries. Default Setting None Command Mode Privileged Exec Example Console#clear mac-address-table dynamic Console# show mac-address-table This command shows classes of entries in the bridge-forwarding database.

  • Page 497: Mac-Address-Table Aging-Time

    means to match a bit and “1” means to ignore a bit. For example, a mask of 00-00-00-00-00-00 means an exact match, and a mask of FF-FF-FF-FF-FF-FF means “any.” • The maximum number of address entries is 8191. Example Console#show mac-address-table Interface MAC Address --------- ----------------- ---- ----------------- Eth 1/ 1 00-e0-29-94-34-de...

  • Page 498: Spanning Tree Commands

    Command Line Interface Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 4-58 Spanning Tree Commands Command Function spanning-tree Enables the spanning tree protocol...

  • Page 499: Spanning-Tree

    This example shows how to enable the Spanning Tree Algorithm for the switch: Console(config)#spanning-tree Console(config)# spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to restore the default. Syntax spanning-tree mode {stp | rstp no spanning-tree mode •...

  • Page 500: Spanning-Tree Forward-Time

    RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.

  • Page 501: Spanning-Tree Hello-Time

    Example Console(config)#spanning-tree forward-time 20 Console(config)# spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds.

  • Page 502: Spanning-Tree Priority

    Example Console(config)#spanning-tree max-age 40 Console(config)# spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range: 0 - 65535) (Range –...

  • Page 503: Spanning-Tree Pathcost Method

    spanning-tree pathcost method This command configures the path cost method used for Rapid Spanning Tree and Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 1-200,000,000. •...

  • Page 504: Spanning-Tree Mst-Configuration

    • By default all VLANs are assigned to the Internal Spanning Tree (MSTI 0) that connects all bridges and LANs within the MST region. This switch supports up to 58 instances. You should try to group VLANs which cover the same general area of your network.

  • Page 505: Mst Priority

    MAC address will then become the root device. • You can set this switch to act as the MSTI root device by specifying a priority of 0, or as the MSTI alternate device by specifying a priority of 16384.

  • Page 506: Revision

    The MST region name and revision number (page 4-178) are used to designate a unique MST region. A bridge (i.e., spanning-tree compliant device such as this switch) can only belong to one MST region. And all bridges in the same region must be configured with the same MST instances.

  • Page 507: Max-Hops

    max-hops This command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to restore the default. Syntax max-hops hop-number hop-number - Maximum hop number for multiple spanning tree. (Range: 1-40) Default Setting Command Mode MST Configuration Command Usage...

  • Page 508: Spanning-Tree Cost

    Command Line Interface spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 0 for auto-configuration, or 1-200,000,000) The recommended range is: •...

  • Page 509: Spanning-Tree Port-Priority

    • This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.

  • Page 510: Spanning-Tree Portfast

    Command Line Interface devices such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to initiate reconfiguration when the interface changes state, and also overcomes other STA-related timeout problems.

  • Page 511: Spanning-Tree Link-Type

    • When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link.

  • Page 512: Spanning-Tree Mst Port-Priority

    Command Line Interface The recommended range is - - Ethernet: 200,000-20,000,000 - Fast Ethernet: 20,000-2,000,000 - Gigabit Ethernet: 2,000-200,000 - 10 Gigabit Ethernet: 200-20,000 Default Setting By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below.

  • Page 513: Spanning-Tree Protocol-Migration

    • This command defines the priority for the use of an interface in the multiple spanning-tree. If the path cost for all interfaces on a switch are the same, the interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.

  • Page 514: Show Spanning-Tree

    Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree (CST) and for every interface in the tree. • Use the show spanning-tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree (CST).
  • Page 515 Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode: Spanning tree enable/disable: Instance: Vlans configuration: Priority: Bridge Hello Time (sec.): Bridge Max Age (sec.): Bridge Forward Delay (sec.): Root Hello Time (sec.): Root Max Age (sec.): Root Forward Delay (sec.): Max hops: Remaining hops: Designated Root:...

  • Page 516: Show Spanning-Tree Mst Configuration

    Command Line Interface show spanning-tree mst configuration This command shows the configuration of the multiple spanning tree. Command Mode Privileged Exec Example Console#show spanning-tree mst configuration Mstp Configuration Information -------------------------------------------------------------- Configuration name: R&D Revision level:0 Instance Vlans -------------------------------------------------------------- Console# VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment.

  • Page 517: Vlan Database

    vlan database This command enters VLAN database mode. All commands in this mode will take effect immediately. Default Setting None Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command.

  • Page 518: Command Usage

    • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state returns the VLAN to the default state (i.e., active). • You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default.

  • Page 519: Switchport Mode

    Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown (4-148) switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the default.

  • Page 520: Switchport Acceptable-Frame-Types

    Command Line Interface switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port accepts all frames, tagged or untagged. •...

  • Page 521: Switchport Native Vlan

    • If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be discarded. • Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STA. However, they do affect VLAN dependent BPDU frames, such as GMRP.

  • Page 522: Switchport Allowed Vlan

    VLAN groups as a tagged member. • Frames are always tagged within the switch. The tagged/untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress.

  • Page 523: Switchport Forbidden Vlan

    switchport forbidden vlan This command configures forbidden VLANs. Use the no form to remove the list of forbidden VLANs. Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} no switchport forbidden vlan • add vlan-list - List of VLAN identifiers to add. •...

  • Page 524: Show Vlan

    Command Line Interface show vlan This command shows VLAN information. Syntax show vlan [id vlan-id | name vlan-name] • id - Keyword to be followed by the VLAN ID. vlan-id - ID of the configured VLAN. (Range: 1-4093, no leading zeroes) •...

  • Page 525: Configuring Private Vlans

    VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the uplink port. • Private VLANs and normal VLANs can exist simultaneously within the same switch. • Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN.

  • Page 526: Show Pvlan

    This kind of configuration deprives users of the basic benefits of VLANs, including security and easy accessibility. To avoid these problems, you can configure this switch with protocol-based VLANs that divide the physical network into logical VLAN groups for each required protocol.

  • Page 527: Protocol-Vlan Protocol-Group (Configuring Groups)

    • vlan-id - VLAN to which matching protocol traffic is forwarded. (Range: 1-4093) Default Setting No protocol groups are mapped for any interface. 33. SNAP frame types are not supported by this switch due to hardware limitations. VLAN Commands 4-199...

  • Page 528: Show Protocol-Vlan Protocol-Group

    Command Line Interface Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of the other VLAN commands (such as vlan on page 4-189), these interfaces will admit traffic of any protocol type into the associated VLAN.

  • Page 529: Show Interfaces Protocol-Vlan Protocol-Group

    show interfaces protocol-vlan protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces. Syntax show interfaces protocol-vlan protocol-group [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number. (Range: 1-25/49) •...

  • Page 530: Gvrp And Bridge Extension Commands

    This command enables GVRP globally for the switch. Use the no form to disable it. Syntax [no] bridge-ext gvrp Default Setting Disabled Command Mode Global Configuration...

  • Page 531: Switchport Gvrp

    Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 3-138 and “Displaying Bridge Extension Capabilities” on page 3-15 for a description of the displayed items. Example Console#show bridge-ext Max support VLAN numbers: Max support VLAN ID: Extended multicast filtering services: No Static entry individual port: VLAN learning:...

  • Page 532: Garp Timer

    Command Line Interface Default Setting Shows both global and interface-specific configuration. Command Mode Normal Exec, Privileged Exec Example Console#show gvrp configuration ethernet 1/7 Eth 1/ 7: GVRP configuration: Disabled Console# garp timer This command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’...

  • Page 533: Show Garp Timer

    Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer (4-205) show garp timer This command shows the GARP timers for the selected interface. Syntax show garp timer [interface] interface • ethernet unit/port - unit - Stack unit. (Range: 1-8) - port - Port number.

  • Page 534: Priority Commands

    The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.

  • Page 535: Switchport Priority Default

    Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.

  • Page 536: Queue Bandwidth

    Command Line Interface • This switch provides eight priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the show queue bandwidth command. Inbound frames that do not have VLAN tags are tagged with the input port’s default ingress user priority, and then placed in the...

  • Page 537: Queue Cos-Map

    7 is the highest priority. Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown below.

  • Page 538: Show Queue Mode

    Command Line Interface show queue mode This command shows the current queue mode. Default Setting None Command Mode Privileged Exec Example Console#sh queue mode Wrr status: Enabled Console# show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues.

  • Page 539: Priority Commands (Layer 3 And 4)

    Default Setting None Command Mode Privileged Exec Example Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 CoS Value: 0 1 2 3 4 5 6 7 Priority Queue: 2 0 1 3 4 5 6 7 Console# Priority Commands (Layer 3 and 4) Table 4-69 Priority Commands (Layer 3 and 4) Command Function...

  • Page 540: Map Ip Port (Interface Configuration)

    Command Line Interface Example The following example shows how to enable TCP/UDP port mapping globally: Console(config)#map ip port Console(config)# map ip port (Interface Configuration) This command sets IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number...

  • Page 541: Map Ip Precedence (Interface Configuration)

    • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type. Example The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence Console(config)# map ip precedence (Interface Configuration) This command sets IP precedence priority (i.e., IP Type of Service priority).

  • Page 542: Map Ip Dscp (Global Configuration)

    Command Line Interface map ip dscp (Global Configuration) This command enables IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax [no] map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage •...

  • Page 543: Show Map Ip Port

    Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. Table 4-71 Mapping IP DSCP to CoS Values IP DSCP Value 10, 12, 14, 16 18, 20, 22, 24 26, 28, 30, 32, 34, 36 38, 40, 42...

  • Page 544: Show Map Ip Precedence

    Command Line Interface Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no. COS --------- -------- --- Eth 1/ 5 Console# Related Commands...

  • Page 545: Show Map Ip Dscp

    Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --- Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Console# Related Commands map ip precedence (Global Configuration) (4-212)

  • Page 546: Quality Of Service Commands

    Command Line Interface Related Commands map ip dscp (Global Configuration) (4-214) map ip dscp (Interface Configuration) (4-214) Quality of Service Commands The commands described in this section are used to configure Differentiated Services (DiffServ) classification criteria and service policies. You can classify traffic based on access lists, IP Precedence or DSCP values, or VLANs.

  • Page 547: Class-Map

    any traffic that exceeds the specified rate, or just reduce the DSCP service level for traffic exceeding the specified rate. Use the service-policy command to assign a policy map to a specific interface. Notes: 1. You can only configure one rule per Class Map. However, you can include multiple classes in a Policy Map.

  • Page 548: Match

    Command Line Interface Related Commands show class map (4-225) match This command defines the criteria used to classify traffic. Use the no form to delete the matching criteria. Syntax [no] match {access-list acl-name | ip dscp dscp | ip precedence ip-precedence | vlan vlan} •...

  • Page 549: Policy-Map

    This example creates a class map call “rd_class#2,” and sets it to match packets marked for IP Precedence service value 5: Console(config)#class-map rd_class#2 match-any Console(config-cmap)#match ip precedence 5 Console(config-cmap)#exit Console(config)#access-list ip mask-precedence in Console(config-ip-mask-acl)#mask any any precedence Console(config-ip-mask-acl)# This example creates a class map call “rd_class#3,” and sets it to match packets marked for VLAN 1: Console(config)#class-map rd_class#3 match-any Console(config-cmap)#match vlan 1...

  • Page 550: Class

    Command Line Interface average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violating packets. Console(config)#policy-map rd_policy Console(config-pmap)#class rd_class Console(config-pmap-c)#set ip dscp 3 Console(config-pmap-c)#police 100000 1522 exceed-action drop Console(config-pmap-c)# class This command defines a traffic classification upon which a policy can act, and enters Policy Map Class configuration mode.

  • Page 551: Set

    This command services IP traffic by setting a CoS, DSCP, or IP Precedence value in a matching packet (as specified by the match command on page 4-220). Use the no form to remove the traffic classification. Syntax [no] set {cos new-cos | ip dscp new-dscp | ip precedence new-precedence} •...

  • Page 552: Service-Policy

    Command Line Interface Command Usage • You can configure up to 63 policers (i.e., class maps) for Fast Ethernet and Gigabit Ethernet ingress ports, and up to 225 policers for 10G Ethernet ingress ports. • Policing is based on a token bucket, where bucket depth (i.e., the maximum burst before the bucket overflows) is by specified the burst-byte field, and the average rate tokens are removed from the bucket is by specified by the rate-bps option.

  • Page 553: Show Class-Map

    Example This example applies a service policy to an ingress interface. Console(config)#interface ethernet 1/1 Console(config-if)#service-policy input rd_policy Console(config-if)# show class-map This command displays the QoS class maps which define matching criteria used for classifying traffic. Syntax show class-map [class-map-name] class-map-name - Name of the class map. (Range: 1-32 characters) Default Setting Displays all class maps.

  • Page 554: Show Policy-Map Interface

    Console# Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.

  • Page 555: Igmp Snooping Commands

    Shows the IGMP snooping and query configuration show mac-address-table Shows the IGMP snooping MAC multicast list multicast ip igmp snooping This command enables IGMP snooping on this switch. Use the no form to disable it. Syntax [no] ip igmp snooping Default Setting Enabled...

  • Page 556: Ip Igmp Snooping Version

    Version 1. • Some commands are only enabled for IGMPv2, including ip igmp query-max-response-time and ip igmp query-timeout. Example The following configures the switch to use IGMP Version 1: Console(config)#ip igmp snooping version 1 Console(config)# show ip igmp snooping This command shows the IGMP snooping configuration.

  • Page 557: Show Mac-Address-Table Multicast

    Command Usage See “Configuring IGMP Snooping and Query Parameters” on page 3-171 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Querier status: Query count: Query interval: Query max response time: 10 sec Router port expire time: 300 sec IGMP snooping version:...

  • Page 558: Igmp Query Commands (Layer 2)

    Configures the query timeout router-port-expire-time ip igmp snooping querier This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [no] ip igmp snooping querier Default Setting Enabled Command Mode...

  • Page 559: Ip Igmp Snooping Query-Interval

    This command configures the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds...

  • Page 560: Ip Igmp Snooping Router-Port-Expire-Time

    Global Configuration Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries...

  • Page 561: Static Multicast Routing Commands

    Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.

  • Page 562: Show Ip Igmp Snooping Mrouter

    Command Line Interface Example The following shows how to configure port 11 as a multicast router port within VLAN 1: Console(config)#ip igmp snooping vlan 1 mrouter ethernet 1/11 Console(config)# show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports.

  • Page 563: Ip Igmp

    ip igmp This command enables IGMP on a VLAN interface. Use the no form of this command to disable IGMP on the specified interface. Syntax [no] ip igmp Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage IGMP query can be enabled globally at Layer 2 via the ip igmp snooping command, or enabled for specific VLAN interfaces at Layer 3 via the ip igmp command.

  • Page 564: Ip Igmp Query-Interval

    This command configures the frequency at which host query messages are sent. Use the no form to restore the default. Syntax ip igmp query-interval seconds no ip igmp query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 1-255) Default Setting 125 seconds Command Mode...

  • Page 565: Ip Igmp Max-Resp-Interval

    Interface Configuration (VLAN) Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines how long any responder (i.e., client or router) still in the group has to respond to a query message before the router deletes the group.

  • Page 566: Ip Igmp Version

    • All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. • The switch must be set to version 2 to enable the ip igmp max-resp-interval (page 4-237).

  • Page 567: Show Ip Igmp Interface

    show ip igmp interface This command shows the IGMP configuration for a specific VLAN interface or for all interfaces. Syntax show ip igmp interface [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4093) Default Setting None Command Mode Normal Exec, Privileged Exec Example The following example shows the IGMP configuration for VLAN 1, as well as the device currently serving as the IGMP querier for this multicast service.

  • Page 568: Show Ip Igmp Groups

    Version 1 hosts present which are members of the group for which it heard the report. • If there are Version 1 hosts present for a particular group, the switch will ignore any Leave Group messages that it receives for that group.

  • Page 569: Ip Interface Commands

    The time remaining before this entry will be aged out. (The default is 260 seconds.) V1Timer The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface. (The default is 400 seconds.) IP Interface Commands There are no IP addresses assigned to this router by default.

  • Page 570: Ip Address

    Command Line Interface ip address This command sets the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} [secondary] no ip address •...

  • Page 571: Ip Default-Gateway

    periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, default gateway, and subnet mask). • You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart client command, or by rebooting the router.

  • Page 572: Show Ip Interface

    Command Line Interface Related Commands show ip redirects (4-244) ip routing (4-249) ip route (4-250) show ip interface This command displays the settings of an IP interface. Command Mode Privileged Exec Example Console#show ip interface Vlan 1 is up, addressing mode is User Interface address is 10.1.0.254, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled...

  • Page 573: Ping

    ping This command sends ICMP echo request packets to another node on the network. Syntax ping host [count count][size size] • host - IP address or IP alias of the host. • count - Number of packets to send. (Range: 1-16, default: 5) •...

  • Page 574: Address Resolution Protocol (Arp)

    Command Line Interface Address Resolution Protocol (ARP) Table 4-81 Address Resolution Protocol Commands Command Function Adds a static entry in the ARP cache arp-timeout Sets the time a dynamic entry remains in the ARP cache clear arp-cache Deletes all dynamic entries from the ARP cache show arp Displays entries in the ARP cache ip proxy-arp...

  • Page 575: Arp-Timeout

    arp-timeout This command sets the aging time for dynamic entries in the Address Resolution Protocol (ARP) cache. Use the no form to restore the default. Syntax arp-timeout seconds no arp-timeout seconds - The time a dynamic entry remains in the ARP cache. (Range: 300-86400;...

  • Page 576: Ip Proxy-Arp

    Command Line Interface Command Usage This command displays information about the ARP cache. The first line shows the cache timeout. It also shows each cache entry, including the corresponding IP address, MAC address, type (static, dynamic, other), and VLAN interface. Note that entry type “other” indicates local addresses for this router.

  • Page 577: Ip Routing Commands

    IP Routing Commands After you configure network interfaces for this router, you must set the paths used to send traffic between different interfaces. If you enable routing on this device, traffic will automatically be forwarded between all of the local subnetworks. However, to forward traffic to devices on other subnetworks, you can either configure fixed paths with static routing commands, or enable a dynamic routing protocol that exchanges information with other routers on the network to automatically determine the best...

  • Page 578: Ip Route

    Command Line Interface Command Usage • The command affects both static and dynamic unicast routing. • If IP routing is enabled, all IP packets are routed using either static routing or dynamic routing via RIP or OSPF, and other packets for all non-IP protocols (e.g., NetBuei, NetWare or AppleTalk) are switched based on MAC addresses.

  • Page 579: Clear Ip Route

    clear ip route This command removes dynamically learned entries from the IP routing table. Syntax clear ip route {network [netmask] | *} • network – Network or subnet address. • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets.

  • Page 580: Show Ip Host-Route

    Command Line Interface Example Console#show ip route Ip Address Netmask --------------- --------------- --------------- ---------- ------ --------- 0.0.0.0 10.2.48.2 255.255.252.0 10.2.5.6 255.255.255.0 10.3.9.1 255.255.255.0 Total entry: 4 Console# Table 4-84 show ip route - display description Field Description Ip Address IP address of the destination network, subnetwork, or host. Note that the address 0.0.0.0 indicates the default gateway for this router.

  • Page 581: Show Ip Traffic

    show ip traffic This command displays statistics for IP, ICMP, UDP, TCP and ARP protocols. Command Mode Privileged Exec Command Usage For a description of the information shown by this command, see “Displaying Statistics for IP Protocols” on page 3-216. Example Console#show ip traffic IP statistics:...

  • Page 582: Routing Information Protocol (Rip)

    Command Line Interface Routing Information Protocol (RIP) Table 4-86 Routing Information Protocol Commands Command Function router rip Enables the RIP routing protocol timers basic Sets basic timers, including update, timeout, garbage collection RC network Specifies the network interfaces that are to use RIP routing neighbor Defines a neighboring router with which to exchange information RC version...

  • Page 583: Timers Basic

    timers basic This command configures the RIP update timer, timeout timer, and garbage- collection timer. Use the no form to restore the defaults. Syntax timers basic update-seconds no timers basic update-seconds – Sets the update timer to the specified value, sets the timeout time value to 6 times the update time, and sets the garbage- collection timer to 4 times the update time.

  • Page 584: Network

    Command Line Interface network This command specifies the network interfaces that will be included in the RIP routing process. Use the no form to remove an entry. Syntax [no] network subnet-address subnet-address – IP address of a network directly connected to this router. Command Mode Router Configuration Default Setting...

  • Page 585: Version

    Command Usage This command can be used to configure a static neighbor with which this router will exchange information, rather than relying on broadcast messages generated by the RIP protocol. Example Console(config-router)#neighbor 10.2.0.254 Console(config-router)# version This command specifies a RIP version used globally by the router. Use the no form to restore the default value.

  • Page 586: Ip Rip Receive Version

    Command Line Interface ip rip receive version This command specifies a RIP version to receive on an interface. Use the no form to restore the default value. Syntax ip rip receive version {none | 1 | 2 | 1 2} no ip rip receive version •...

  • Page 587: Ip Rip Send Version

    ip rip send version This command specifies a RIP version to send on an interface. Use the no form to restore the default value. Syntax ip rip send version {none | 1 | 2 | v2-broadcast} no ip rip send version •...

  • Page 588: Ip Split-Horizon

    Command Line Interface ip split-horizon This command enables split-horizon or poison-reverse (a variation) on an interface. Use the no form to disable split-horizon. Syntax ip split-horizon [poison-reverse] no ip split-horizon poison-reverse - Enables poison-reverse on the current interface. Command Mode Interface Configuration (VLAN) Default Setting split-horizon...

  • Page 589: Ip Rip Authentication Mode

    • For authentication to function properly, both the sending and receiving interface must be configured with the same password. Example This example sets an authentication password of “small” to verify incoming routing messages and to tag outgoing routing messages. Console(config)#interface vlan 1 Console(config-if)#ip rip authentication key small Console(config-if)# Related Commands...

  • Page 590: Show Rip Globals

    Command Line Interface show rip globals This command displays global configuration settings for RIP. Command Mode Privileged Exec Example Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 0 Number of Queries: 1 Console# Table 4-87 show rip globals - display description Field Description...

  • Page 591: Table 4-88 Show Ip Rip - Display Description

    Example Console#show ip rip configuration Interface SendMode --------------- --------------- ------------- -------------- ------------------ 10.1.0.253 rip1Compatible 10.1.1.253 rip1Compatible Console#show ip rip status Interface RcvBadPackets --------------- --------------- -------------- --------------- 10.1.0.253 10.1.1.253 Console#show ip rip peer Peer UpdateTime --------------- ------------ --------- --------------- -------------- 10.1.0.254 1625 10.1.1.254 1625...

  • Page 592: Open Shortest Path First (Ospf)

    Command Line Interface Open Shortest Path First (OSPF) Table 4-89 Open Shortest Path First Commands Command Function General Configuration router ospf Enables or disables OSPF router-id Sets the router ID for this device compatible rfc1583 Calculates summary route costs using RFC 1583 (OSPFv1) default-information Generates a default external route into an autonomous system originate...

  • Page 593: Router Ospf

    Table 4-89 Open Shortest Path First Commands (Continued) Command Function show ip ospf neighbor Displays neighbor information show ip ospf Displays all summary address redistribution information summary-address show ip ospf virtual-links Displays parameters and the adjacency state of virtual links router ospf This command enables Open Shortest Path First (OSPF) routing for all IP interfaces on the router.

  • Page 594: Compatible Rfc1583

    Command Line Interface Command Usage • The router ID must be unique for every router in the autonomous system. Using the default setting based on the lowest interface address ensures that each router ID is unique. Also, note that you cannot set the router ID to 0.0.0.0 or 255.255.255.255.

  • Page 595: Default-Information Originate

    default-information originate This command generates a default external route into an autonomous system. Use the no form to disable this feature. Syntax default-information originate [always] [metric interface-metric] [metric-type metric-type] no default-information originate • always - Always advertise a default route to the local AS regardless of whether the router has a default route.

  • Page 596: Timers Spf

    Command Usage • Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations. • Using a low value allows the router to switch to a new path faster, but uses more CPU processing time. Example...

  • Page 597: Area Default-Cost

    Default Setting Disabled Command Usage • This command can be used to advertise routes between areas. • If routes are set to be advertised, the router will issue a Type 3 summary LSA for each address range specified with this command. •...

  • Page 598: Summary-Address

    Command Line Interface summary-address This command aggregates routes learned from other protocols. Use the no form to remove a summary address. Syntax [no] summary-address summary-address netmask • summary-address - Summary address covering a range of addresses. • netmask - Network mask for the summary route. Command Mode Router Configuration Default Setting...

  • Page 599: Network Area

    Default Setting redistribution - none protocol - RIP and static metric-value - 0 type-metric - 2 Command Usage • This router supports redistribution for both RIP and static routes. • When you redistribute external routes into an OSPF autonomous system (AS), the router automatically becomes an autonomous system boundary router (ASBR).

  • Page 600: Area Stub

    Command Line Interface Command Usage • An area ID uniquely defines an OSPF broadcast area. The area ID 0.0.0.0 indicates the OSPF backbone for an autonomous system. Each router must be connected to the backbone via a direct connection or a virtual link. •...

  • Page 601: Command Usage

    Command Usage • All routers in a stub must be configured with the same area ID. • Routing table space is saved in a stub by blocking Type-4 AS summary LSAs and Type 5 external LSAs. The default setting for this command completely isolates the stub by blocking Type-3 summary LSAs that advertise the default route for destinations external to the local area or the autonomous system.

  • Page 602: Area Virtual-Link

    Command Line Interface Command Usage • All routers in a NSSA must be configured with the same area ID. • An NSSA is similar to a stub, because when the router is an ABR, it can send a default route for other areas in the AS into the NSSA using the default- information-originate keyword.
  • Page 603 • authentication - Specifies the authentication mode. If no optional parameters follow this keyword, then plain text authentication is used along with the password specified by the authentication-key. If message-digest authentication is specified, then the message-digest-key and md5 parameters must also be specified. If the null option is specified, then no authentication is performed on any OSPF routing protocol messages.

  • Page 604: Ip Ospf Authentication

    Command Line Interface Default Setting area-id: None router-id: None hello-interval: 10 seconds retransmit-interval: 5 seconds transmit-delay: 1 second dead-interval: 40 seconds authentication-key: None message-digest-key: None Command Usage • All areas must be connected to a backbone area (0.0.0.0) to maintain routing connectivity throughout the autonomous system.

  • Page 605: Ip Ospf Authentication-Key

    Command Mode Interface Configuration (VLAN) Default Setting No authentication Command Usage • Before specifying plain-text password authentication for an interface, configure a password with the ip ospf authentication-key command. Before specifying MD5 authentication for an interface, configure the message-digest key-id and key with the ip ospf message-digest-key command. •...

  • Page 606: Ip Ospf Message-Digest-Key

    Command Line Interface Example This example sets a password for the specified interface. Console(config)#interface vlan 1 Console(config-if)#ip ospf authentication-key badboy Console(config-if)# Related Commands ip ospf authentication (4-276) ip ospf message-digest-key This command enables message-digest (MD5) authentication on the specified interface and to assign a key-id and key to be used by neighboring routers. Use the no form to remove an existing key.

  • Page 607: Ip Ospf Cost

    Related Commands ip ospf authentication (4-276) ip ospf cost This command explicitly sets the cost of sending a packet on an interface. Use the no form to restore the default value. Syntax ip ospf cost cost no ip ospf cost cost - Link metric for this interface.

  • Page 608: Ip Ospf Hello-Interval

    Command Line Interface Example Console(config)#interface vlan 1 Console(config-if)#ip ospf dead-interval 50 Console(config-if)# Related Commands ip ospf hello-interval (4-280) ip ospf hello-interval This command specifies the interval between sending hello packets on an interface. Use the no form to restore the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval...

  • Page 609: Ip Ospf Retransmit-Interval

    Default Setting Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to any value other than zero, the router with the highest priority will become the DR and the router with the next highest priority becomes the BDR.

  • Page 610: Ip Ospf Transmit-Delay

    Command Line Interface ip ospf transmit-delay This command sets the estimated time to send a link-state update packet over an interface. Use the no form to restore the default value. Syntax ip ospf transmit-delay seconds no ip ospf transmit-delay seconds - Sets the estimated time required to send a link-state update. (Range: 1-65535) Command Mode Interface Configuration (VLAN)

  • Page 611: Show Ip Ospf Border-Routers

    Table 4-90 show ip ospf - display description Field Routing Process with ID Supports only single TOS (TOS0) route It is an router type Number of areas in this router Area identifier Number of interfaces SPF algorithm executed show ip ospf border-routers This command shows entries in the routing table that lead to an Area Border Router (ABR) or Autonomous System Boundary Router (ASBR).

  • Page 612: Show Ip Ospf Database

    Command Line Interface show ip ospf database This command shows information about different OSPF Link State Advertisements (LSAs) stored in this router’s database. Syntax show ip ospf [area-id] database [adv-router [ip-address]] show ip ospf [area-id] database [asbr-summary] [link-state-id] show ip ospf [area-id] database [asbr-summary] [link-state-id] [adv-router [ip-address]] show ip ospf [area-id] database [asbr-summary] [link-state-id] [self-originate] [link-state-id] show ip ospf [area-id] database [database-summary] show ip ospf [area-id] database [external] [link-state-id]...

  • Page 613: Privileged Exec

    Command Mode Privileged Exec Examples The following shows output for the show ip ospf database command. Console#show ip ospf database Displaying Router Link States(Area 10.1.0.0) Link ID ADV Router --------------- --------------- ------ ----------- ----------- 10.1.1.252 10.1.1.252 10.1.1.253 10.1.1.253 Displaying Net Link States(Area 10.1.0.0) Link ID ADV Router --------------- --------------- ------ ----------- -----------...

  • Page 614: Table 4-93 Show Ip Ospf Asbr-Summary - Display Description

    Command Line Interface The following shows output when using the asbr-summary keyword. Console#show ip ospf database asbr-summary OSPF Router with id(10.1.1.253) Displaying Summary ASB Link States(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Router) Link State ID: 192.168.5.1 (AS Boundary Router's Router ID) Advertising Router: 192.168.1.5 LS Sequence Number: 80000002...

  • Page 615: Table 4-94 Show Ip Ospf Database-Summary - Display Description

    The following shows output when using the database-summary keyword. Console#show ip ospf database database-summary Area ID (10.1.0.0) Router Network Total LSA Counts : 4 Console# Table 4-94 show ip ospf database-summary - display description Field Description Area ID Area identifier Router Number of router LSAs Network...

  • Page 616: Table 4-95 Show Ip Ospf External - Display Description

    Command Line Interface The following shows output when using the external keyword. Console#show ip ospf database external OSPF Router with id(192.168.5.1) (Autonomous system 5) Displaying AS External Link States LS age: 433 Options: (No TOS-capability) LS Type: AS External Link Link State ID: 10.1.1.253 (External Network Number) Advertising Router: 10.1.2.254 LS Sequence Number: 80000002...

  • Page 617: Table 4-96 Show Ip Ospf Network - Display Description

    The following shows output when using the network keyword. Console#show ip ospf database network OSPF Router with id(10.1.1.253) Displaying Net Link States(Area 10.1.0.0) Link State Data Network (Type 2) ------------------------------- LS age: 433 Options: Support External routing capability LS Type: Network Links Link State ID: 10.1.1.252 (IP interface address of the Designated Router) Advertising Router: 10.1.1.252 LS Sequence Number: 80000002...

  • Page 618: Table 4-97 Show Ip Ospf Router - Display Description

    Command Line Interface The following shows output when using the router keyword. Console#show ip ospf database router OSPF Router with id(10.1.1.253) Displaying Router Link States(Area 10.1.0.0) Link State Data Router (Type 1) ------------------------------- LS age: 233 Options: Support External routing capability LS Type: Router Links Link State ID: 10.1.1.252 (Originating Router's Router ID) Advertising Router: 10.1.1.252...

  • Page 619: Table 4-98 Show Ip Ospf Summary - Display Description

    Table 4-97 show ip ospf router - display description (Continued) Field Description Number of TOS metrics Type of Service metric – This router only supports TOS 0 (or normal service) Metrics Cost of the link The following shows output when using the summary keyword. Console#show ip ospf database summary OSPF Router with id(10.1.1.253) Displaying Summary Net Link States(Area 10.1.0.0)

  • Page 620: Show Ip Ospf Interface

    Command Line Interface show ip ospf interface This command displays summary information for OSPF interfaces. Syntax show ip ospf interface [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4093) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.1.1.253, Mask 255.255.255.0, Area 10.1.0.0 Router ID 10.1.1.253, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1...

  • Page 621: Show Ip Ospf Neighbor

    show ip ospf neighbor This command displays information about neighboring routers on each interface within an OSPF area. Syntax show ip ospf neighbor Command Mode Privileged Exec Example Console#show ip ospf neighbor --------------- ------ ---------------- --------------- 10.1.1.252 Console# Table 4-100 show ip ospf neighbor - display description Field Description Neighbor’s router ID...

  • Page 622: Show Ip Ospf Summary-Address

    Command Line Interface show ip ospf summary-address This command displays all summary address information. Syntax show ip ospf summary-address Command Mode Privileged Exec Example This example shows a summary address and associated network mask. Console#show ip ospf summary-address 10.1.0.0/255.255.0.0 Console# Related Commands summary-address (4-270) show ip ospf virtual-links...

  • Page 623: Ip Igmp Snooping Vlan Mrouter

    Multicast Routing Commands This router uses IGMP snooping and query to determine the ports connected to downstream multicast hosts, and to propagate this information back up through the multicast tree to ensure that requested services are forwarded through each intermediate node between the multicast server and its hosts, and also to filter traffic from all of the other interfaces that do not require these services.

  • Page 624: Show Ip Igmp Snooping Mrouter

    Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.

  • Page 625: Show Ip Mroute

    General Multicast Routing Commands Table 4-104 General Multicast Routing Commands Command Function ip multicast-routing Enables IP multicast routing show ip mroute Shows the IP multicast routing table ip multicast-routing This command enables IP multicast routing. Use the no form to disable IP multicast routing.

  • Page 626: Table 4-105 Show Ip Mroute - Display Description

    Command Line Interface Command Usage This command displays information for multicast routing. If no optional parameters are selected, detailed information for each entry in the multicast address table is displayed. If you select a multicast group and source pair, detailed information is displayed only for the specified entry. If the summary option is selected, an abbreviated list of information for each entry is displayed on a single line.

  • Page 627: Router Dvmrp

    DVMRP Multicast Routing Commands Table 4-106 DVMRP Multicast Routing Commands Command Function router dvmrp Enables DVMRP and enters router configuration mode probe-interval Sets the interval for sending neighbor probe messages nbr-timeout Sets the delay before declaring an attached neighbor router down report-interval Sets the interval for propagating the complete set of routing tables to other neighbor routers...

  • Page 628: Probe-Interval

    Command Line Interface Example Console(config)#router dvmrp Console(config-router)#end Console#show router dvmrp Admin Status Probe Interval Nbr expire Minimum Flash Update Interval prune lifetime route report Default Gateway Metric of Default Gateway Console# Related Commands ip dvmrp (4-303) show router dvmrp (4-305) probe-interval This command sets the interval for sending neighbor probe messages to the multicast group address for all DVMRP routers.

  • Page 629: Nbr-Timeout

    nbr-timeout This command sets the interval to wait for messages from a DVMRP neighbor before declaring it dead. Use the no form to restore the default value. Syntax nbr-timeout seconds no nbr-timeout seconds - Interval before declaring a neighbor dead. (Range: 1-65535) Default Setting 35 seconds Command Mode...

  • Page 630: Flash-Update-Interval

    Command Line Interface flash-update-interval This command specifies how often to send trigger updates, which reflect changes in the network topology. Use the no form to restore the default value. Syntax flash-update-interval seconds no flash-update-interval seconds - Interval between sending flash updates when network topology changes have occurred.

  • Page 631: Default-Gateway

    default-gateway This command specifies the default DVMRP gateway for IP multicast traffic. Use the no form to remove the default gateway. Syntax default-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway. Default Setting None Command Mode Router Configuration Command Usage •...

  • Page 632: Ip Dvmrp Metric

    Command Line Interface Command Usage To fully enable DVMRP, you need to enable multicast routing globally for the router with the ip multicast-routing command (page 4-297), enable DVMRP globally for the router with the router dvmrp command (page 4-299), and also enable DVMRP for each interface that will participate in multicast routing with the ip dvmrp command.

  • Page 633: Clear Ip Dvmrp Route

    clear ip dvmrp route This command clears all dynamic routes learned by DVMRP. Command Mode Privileged Exec Example As shown below, this command clears everything from the route table except for the default route. Console#clear ip dvmrp route clear all ip dvmrp route Console#show ip dvmrp route Source Mask...

  • Page 634: Show Ip Dvmrp Route

    Command Line Interface show ip dvmrp route This command displays all entries in the DVMRP routing table. Command Mode Normal Exec, Privileged Exec Example DMVRP routes are shown in the following example: Console#show ip dvmrp route Source Mask --------------- --------------- --------------- --------- ------ ------ ------ 10.1.0.0 255.255.255.0 10.1.1.0...

  • Page 635: Show Ip Dvmrp Neighbor

    show ip dvmrp neighbor This command displays all of the DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp neighbor Address Interface ---------------- --------------- -------- -------- ------------- 10.1.0.254 Console# Table 4-108 show ip dvmrp neighbor - display description Field Description Address...

  • Page 636: Router Pim

    Command Line Interface PIM-DM Multicast Routing Commands Table 4-109 PIM-DM Multicast Routing Commands Command Function router pim Enables PIM globally for the router ip pim dense-mode Enables PIM on the specified interface ip pim hello-interval Sets the interval between sending PIM hello messages ip pim hello-holdtime Sets the time to wait for hello messages from a neighboring PIM router before declaring it dead...

  • Page 637: Ip Pim Dense-Mode

    ip pim dense-mode This command enables PIM-DM on the specified interface. Use the no form to disable PIM-DM on this interface. Syntax [no] ip pim dense-mode Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage • To fully enable PIM-DM, you need to enable multicast routing globally for the router with the ip multicast-routing command (page 4-297), enable PIM-DM globally for the router with the router pim command (page 4-308), and also enable PIM-DM for each interface that will participate in multicast routing with...

  • Page 638: Ip Pim Hello-Interval

    Command Line Interface ip pim hello-interval This command configures the frequency at which PIM hello messages are transmitted. Use the no form to restore the default value. Syntax ip pim hello-interval seconds no pim hello-interval seconds - Interval between sending PIM hello messages. (Range: 1-65535) Default Setting 30 seconds...

  • Page 639: Ip Pim Trigger-Hello-Interval

    ip pim trigger-hello-interval This command configures the maximum time before transmitting a triggered PIM Hello message after the router is rebooted or PIM is enabled on an interface. Use the no form to restore the default value. Syntax ip pim triggerr-hello-interval seconds no ip pim triggerr-hello-interval seconds - The maximum time before sending a triggered PIM Hello message.

  • Page 640: Ip Pim Graft-Retry-Interval

    Command Line Interface Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces on the router. If there are no requesting groups on that interface, the leaf node sends a prune message upstream and enters a prune state for this multicast stream.

  • Page 641: Show Router Pim

    Default Setting Command Mode Interface Configuration (VLAN) Example Console(config-if)#ip pim max-graft-retries 5 Console(config-if)# show router pim This command displays the global PIM configuration settings. Command Mode Normal Exec, Privileged Exec Example Console#show router pim Admin Status: Enabled Console# show ip pim interface This command displays information about interfaces configured for PIM.

  • Page 642: Router Redundancy Commands

    Command Line Interface show ip pim neighbor This command displays information about PIM neighbors. Syntax show ip pim neighbor [ip-address] ip-address - IP address of a PIM neighbor. Default Setting Displays information for all known PIM neighbors. Command Mode Normal Exec, Privileged Exec Example Console#show ip pim neighbor Address...

  • Page 643: Virtual Router Redundancy Protocol Commands

    Virtual Router Redundancy Protocol Commands To configure VRRP, select an interface on one router in the group to serve as the master virtual router. This physical interface is used as the virtual address for the router group. Now set the same virtual address and a priority on the backup routers, and configure an authentication string.

  • Page 644: Command Usage

    Command Line Interface Command Usage • The interfaces of all routers participating in a virtual router group must be within the same IP subnet. • The IP address assigned to the virtual router must already be configured on the router that will be the Owner. In other words, the IP address specified in this command must already exist on one, and only one, router in the virtual router group, and the network mask for the virtual router address is derived from the Owner.

  • Page 645: Vrrp Priority

    • When a VRRP packet is received from another router in the group, its authentication key is compared to the string configured on this router. If the keys match, the message is accepted. Otherwise, the packet is discarded. • Plain text authentication does not provide any real security. It is supported only to prevent a misconfigured router from participating in VRRP.

  • Page 646: Vrrp Timers Advertise

    Command Line Interface vrrp timers advertise This command sets the interval at which the master virtual router sends advertisements communicating its state as the master. Use the no form to restore the default interval. Syntax vrrp group timers advertise interval no vrrp group timers advertise •...

  • Page 647: Show Vrrp

    Default Setting Preempt: Enabled Delay: 0 seconds Command Mode Interface (VLAN) Command Usage • If preempt is enabled, and this backup router has a priority higher than the current acting master, it will take over as the new master. However, note that if the original master (i.e., the owner of the VRRP IP address) comes back on line, it will always resume control as the master.

  • Page 648: Table 4-113 Show Vrrp - Display Description

    Command Line Interface Example This example displays the full listing of status information for all groups. Console#show vrrp Vlan 1 - Group 1, state Virtual IP address Virtual MAC address Advertisement interval Preemption Min delay Priority Authentication Authentication key Master Router Master priority Master Advertisement interval Master down interval...

  • Page 649: Show Vrrp Interface

    Table 4-114 show vrrp brief - display description Field Description Interface VLAN interface VRRP group State VRRP role of this interface (master or backup) Virtual addr Virtual address that identifies this VRRP group Interval at which the master virtual router advertises its role as the master Shows whether or not a higher priority router can preempt the current acting master Prio Priority of this router...

  • Page 650: Show Vrrp Router Counters

    Command Line Interface show vrrp router counters This command displays counters for errors found in VRRP protocol packets. Command Mode Privileged Exec Example Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number. Console#show vrrp router counters Total Number of VRRP Packets with Invalid Checksum : 0 Total Number of VRRP Packets with Unknown Error Total Number of VRRP Packets with Invalid VRID...

  • Page 651: Clear Vrrp Router Counters

    clear vrrp router counters This command clears VRRP system statistics. Command Mode Privileged Exec Example Console#clear vrrp router counters Console# clear vrrp interface counters This command clears VRRP system statistics for the specified group and interface. clear vrrp group interface interface counters •...
  • Page 652 Command Line Interface 4-324...

  • Page 653: Appendix A: Software Specifications

    Appendix A: Software Specifications Software Features Authentication Local, RADIUS, TACACS+, Port (802.1X), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) DHCP Client, Relay, Server DNS Client, Proxy Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-SX/LX/LH - 1000 Mbps at full duplex (SFP), 10GBASE-LR - 10 Gbps at full duplex (Module) Broadcast Storm Control...

  • Page 654: Management Features

    Software Specifications Multicast Routing DVMRP, PIM-DM IP Routing ARP, Proxy ARP Static routes RIP, RIPv2 and OSPFv2 dynamic routing VRRP (Virtual Router Redundancy Protocol) Additional Features BOOTP client CIDR (Classless Inter-Domain Routing) SNTP (Simple Network Time Protocol) SNMP (Simple Network Management Protocol) RMON (Remote Monitoring, groups 1,2,3,9) SMTP Email Alerts Management Features...

  • Page 655: Management Information Bases

    Management Information Bases DHCP Relay (RFC 951) DHCP Server (RFC 2131) DVMRP (RFC 1075) HTTPS ICMP (RFC 792) IGMP (RFC 1112) IGMPv2 (RFC 2236) OSPF (RFC 2328, 1587) PIM-DM (draft-ietf-idmr-pim-dm-06) RADIUS+ (RFC 2618) RIP (RFC 1058) RIPv2 (RFC 2453) RMON (RFC 1757 groups 1,2,3,9) SNMP (RFC 1157) SNMPv2c (RFC 2571) SNMPv3 (RFC RAFT 3414, 2570, 2273, 3411, 3415)
  • Page 656 Software Specifications RMON MIB (RFC 2819) RMON II Probe Configuration Group (RFC 2021, partial implementation) SNMPv2 IP MIB (RFC 2011) SNMP Framework MIB (RFC 3411) SNMP-MPD MIB (RFC 3412) SNMP Target MIB, SNMP Notification MIB (RFC 3413) SNMP User-Based SM MIB (RFC 3414) SNMP View Based ACM MIB (RFC 3415) SNMP Community MIB (RFC 2576) TACACS+ Authentication Client MIB...

  • Page 657: Appendix B: Troubleshooting

    • Be sure the management station has an IP address in the same subnet as • If you are trying to connect to the switch via the IP address for a tagged • If you cannot connect using Telnet, you may have exceeded the maximum Cannot connect using •...

  • Page 658: Using System Logs

    Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.

  • Page 659: Glossary

    ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address. This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next.
  • Page 660 EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification.
  • Page 661 An IEEE standard for the Multiple Spanning Tree Protocol (MSTP) which provides independent spanning trees for VLAN groups. IEEE 802.1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication. IEEE 802.3ac Defines frame extensions for VLAN tagging.
  • Page 662 Glossary IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
  • Page 663 Glossary Network Time Protocol (NTP) NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. Open Shortest Path First (OSPF) OSPF is a link-state routing protocol that functions better over a larger network such as the Internet, as opposed to distance-vector routing protocols such as RIP.
  • Page 664 A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Mail Transfer Protocol (SMTP) A standard host-to-host mail transport protocol that operates over TCP, port 25.
  • Page 665 Glossary Telnet Defines a remote communication facility for interfacing to a terminal device over TCP/IP. Terminal Access Controller Access Control System Plus (TACACS+) is a logon authentication protocol that uses software running on a central TACACS+ server to control access to TACACS-compliant devices on the network. Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol suite that includes TCP as the primary transport protocol, and IP as the network layer protocol.
  • Page 666 Glossary Glossary-8...

  • Page 667: Index

    Index Numerics 802.1X, port authentication 3-67, 4-80 acceptable frame type 3-144, 4-192 Access Control List See ACL Extended IP 3-77, 4-87, 4-89, 4-91 MAC 3-77, 4-87, 4-99, 4-99–4-101 Standard IP 3-77, 4-87, 4-89, 4-90 Address Resolution Protocol See ARP address table 3-112, 4-166 aging time 3-115, 4-169 configuration 3-211, 4-246 description 3-210...
  • Page 668 Index Dynamic Host Configuration Protocol See DHCP edge port, STA 3-125, 3-127, 4-181 event logging 4-43 firmware displaying version 3-13, 4-62 upgrading 3-21, 4-64 GARP VLAN Registration Protocol See GVRP gateway, default 3-17, 3-207, 4-243 GVRP global setting 3-138, 4-202 interface configuration 3-144, 4-203 hardware version, displaying 3-13, 4-62...
  • Page 669 MSTP 4-171 global settings 3-128, 4-170 interface settings 3-126, 4-170 multicast filtering 3-169, 4-226 multicast groups 3-175, 3-180, 4-229 displaying 3-180, 4-229 static 3-175, 4-227, 4-229 multicast routing 3-260, 4-295 description 3-260 DVMRP 3-264, 4-299 enabling 3-260, 4-297 general commands 4-297 global settings 3-260, 4-297 PIM-DM 3-271, 4-308 routing table 3-261, 4-297...
  • Page 670 Index interface protocol settings 3-228, 4-256–4-261 specifying interfaces 3-227, 4-256 statistics 3-231, 4-263 router redundancy protocols 3-195, 4-314 VRRP 3-196, 4-315 routing table, displaying 3-223, 4-251, 4-252 RSTP 3-115, 4-171 global configuration 3-116, 4-171 secure shell 3-60, 4-34 Secure Shell configuration 3-60, 4-37, 4-38 serial port configuring 4-11...
  • Page 671 interface configuration 3-144, 4-192–4-195 private 3-146, 4-197 protocol 3-147, 4-198 VRRP 3-196, 4-315 authentication 3-198, 4-316 configuration settings 3-196, 4-315 group statistics 3-202, 4-319 preemption 3-197, 3-198, 4-318 priority 3-197, 3-198, 4-317 protocol message statistics 3-201, 4-322 timers 3-198, 4-318 virtual address 3-196, 3-198, 4-315 Web interface access requirements 3-1...
  • Page 672 Index Index-6...
  • Page 674 ES4625 ES4649 E042005-R01 149100022900A...

This manual is also suitable for:

Es4649

Table of Contents

Save PDF