LevelOne GEP-2650 User Manual
  1. Manuals
  2. Brands
  3. LevelOne Manuals
  4. Switch
  5. GEP-2650
  6. User manual

LevelOne GEP-2650 User Manual

26-port web smart gigabit poe switch 802.3at poe+, 24 poe outputs, 370w, 2 x sfp
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
GEP-2650
26-Port Web Smart Gigabit PoE Switch
802.3at PoE+,
24 PoE Outputs, 370W, 2 x SFP

User Manual

V1.0
Digital Data Communications Asia Co., Ltd.
http://www.level1.com

Advertisement

Table of Contents
loading

Related Manuals for LevelOne GEP-2650

Summary of Contents for LevelOne GEP-2650

  • Page 1: User Manual

    GEP-2650 26-Port Web Smart Gigabit PoE Switch 802.3at PoE+, 24 PoE Outputs, 370W, 2 x SFP User Manual V1.0 Digital Data Communications Asia Co., Ltd. http://www.level1.com...
  • Page 2 Introduction Reader object This book is suitable for the following personnel to read  Network Engineer  Technology promotion personnel  Network administrator Relevant information Manual name Description This manual describes some characteristics of the products in the functional and Product installation physical, provides procedures, hardware installation troubleshooting, module manual...
  • Page 3 The book agreed… the command line format conventions By using the Arial command line font,The following specific correlation scheme: Bold:Command keywords (unchanged must according to lose part of command) is represented by bold font. Italic:The command line parameters (the actual value for replacement parts must be ordered in the italicized) [ ] :Represented by [] the enclosed part, in command configuration is optional.

  • Page 4: Table Of Contents

    Table of contens This section introduces the configuration guide related content, including the following: Configuration command line interface Configuration management Configuration interface Configure access/trunk port Configure Link-aggregation Port Configure VLAN Configure MAC address Configuration of POE configuration IGMP Snooping 10. Configure SNMP 11.

  • Page 5: Configuration Command Line Interface

    Configuration command line interface This section describes methods to use the command line interface, you can manage the network equipment by using the command line interface 1.1. Command mode Device management interface is divided into a number of different models, the user the command mode determines the commands that you can use.
  • Page 6 Command Access method Prompt To leave or access About the model mode mode Global In privileged Switch(co To enter global Using the mode configuration( mode, use the nfig)# configuration mode, command to global configure enter the configure configure the configuration command to command.
  • Page 7 Command Function To obtain the command key string the same beginning. Example: abbreviated-command-entry? Switch# di? disable Turn off privileged commands display Show something for debug purpose The command key integrity Example: abbreviated-command-entry<Tab> Switch# show star<Tab> Switch# show startup-config ? Listed under the command of an associated keywords.
  • Page 8 The following table lists the user may be encountered in the use of CLI network management device error messages. CLI error information common: Error message Meaning How to get help % Ambiguous The user does not have enough Re enter the command, followed command: "show input character, network by a ambiguous words enter a...

  • Page 9: Configuration Management

    Function Operation Result Move the cursor in Left arrow or Ctrl-B Move the cursor to a character to the left. the edit line. Left arrow or Ctrl-B Move the cursor to a character on the right. Move the cursor to the first command line. Ctrl-A Move the cursor to the first command line Ctrl-E...

  • Page 10: System Configuration

    2.1.3. Configuration line login authentication To build the line login authentication, please in line configuration mode, according to specific needs, execute the following command: Command Function Step 1 Switch(config-line)# login local Set line login authentication local 2.2. System configuration 2.2.1. Summary Each network device has its own system clock, the clock to provide specific date (year, month, day) and time (time, minutes, seconds) and other information.
  • Page 11 2.2.4. Set the clock synchronization In setting the clock synchronization, can be better to view the system of log time, web operating time, convenient track record. command Function Switch(config)#ntp server ip-address Open the clock synchronization, the clock version [1-3] server configuration and version of IP. Switch(config)#ntp synchronize Clock synchronization.

  • Page 12: Connection Timeout

    system. You can know the general situation of the network system through the information. You can in privileged mode using the following table command display the system information: command Function Switch# show version Display system, version information Step 1 2.5. Console rate allocation 2.5.1.
  • Page 13 You can use the no exec-timeout command in the LINE configuration mode, cancel the timeout connected LINE. Switch# configure terminal // Enter global configuration mode Switch# line vty 0 // Enter the LINE configuration mode Switch(config-line)# exec-timeout 20 // Set the timeout period for the 20min 2.7.

  • Page 14: Configuration Interface

    Configuration interface 3.1. Interface type Summary This chapter mainly to Ruijie equipment interface types are divided, and a detailed definition of each interface type interface type Ruijie equipment can be divided into the following two categories: (L2 interface) (L3 interface) (Layer three device support) 3.1.1.
  • Page 15 When the TAG VID (VLAN ID) the same with the default VLAN ID, receiving the data frame, and removed when it is sent The TAG sign and send. When the TAG VID (VLAN ID) as the default VLAN ID, receiving the data frame. In TAG, VID = default VLAN ID for the identification of priority.
  • Page 16 Receiving and sending frames Trunk port can receive Untagged frame and tagged frame.Trunk port allows Port to send VLAN range of non Native VLAN frame are TAG, sending Native VLAN frame without TAG. Untagged Frame If the received Trunk port frame without IEEE802.1Q TAG, then the frame in the interface of the Native VLAN transmission.
  • Page 17 3.1.5. Hybrid port Hybrid type of port can belong to multiple VLAN, can message receiving and transmitting a plurality of VLAN, can be used for the connection between devices, can also be used for different user computer.Hybrid port and the Trunk port is sending Hybrid port allows multiple VLAN message without a label, and only allowed to send the default Trunk port VLAN message without a label, the need to pay attention to is: Hybrid port with VLAN must already exist.
  • Page 18 In interface configuration mode you can attribute configuration interface. You can use interface in global configuration mode command into the SVI interface configuration mode. Command Function Switch(config)# interface vlan vlan ID Enter the interface command in global configuration mode, enter the SVI interface configuration mode. Under the given into the interface vlan1 interface example:...
  • Page 19 In some cases, may need to disable an interface. By setting the interface management state to close the corresponding interface. If you close an interface, the interface will not receive and transmit any frames, all functions will lose the interface corresponding to. Also by setting up the management state to re open the closed interface interface management state has two types: Up and Down, when the interface is closed, interface management state is down, otherwise up Command...

  • Page 20: Configure Access/Trunk Port

    Switch(config-if-gigabitEther Set port MTU Num:<64-10240> net-0/1)# Mtu num The following example shows how to set the interface Gigabitethernet 0/1 MTU: Switch# config terminal Enter configuration commands, one per line. End with CTRL+Z. Switch(config)# interface gigabitEthernet 0/1 Switch(config-if-gigabitEthernet-0/1)# Mtu 64 3.2.7. Two layer interface configuration The following table shows the default configuration of two layer interface, please refer to the "VLAN"...
  • Page 21 Switch( config-if-GigabitEthernet-0/1 )# Configuration port operation mode. switch mode {access |trunk | hybrid} Below is the example how to configure gigabitethernet 0/2 into access port operation mode. Switch# configure terminal Switch(config)# interface gigabitEthernet 0/2 Switch( config-if-GigabitEthernet-0/2 )# switch mode access Command Function Switch( config-if-GigabitEthernet-0/2 )#...
  • Page 22 switch access vlan 100 Switch(config-if-GigabitEthernet-0/2)# speed auto Switch(config-if-GigabitEthernet-0/2)# duplex auto 4.1.1. port You can confirgure the Hy bid port by below steps: Command Function configure terminal Enter the configuration pattern Interface gigabitEthernet <portnumber> Enter the port configuration pattern 100M,1000M,10000M switchport mode hybrid Configure port to be hybrid port switchport hybrid native vlan id Configure the default port to be VLAN...
  • Page 23 Below is the example to show how to clear the Gigabitethernet 0/1 counters: Switch# clear counters GigabitEthernet 0/1 4.1.4. Configure SVI This section mainly show how to describle SVI and some configurations of SVI . Create a SVI or revise an exsited SVI by interface vlan. SVI configuration:...
  • Page 24 Below is the example how to show the port status of Gigabitethernet 0/3: Switch#show interface GigabitEthernet 0/3 interface gigabitEthernet 0/3 configuration information Description Status : Enabled Link : Down Set Speed : Auto Act Speed : Unkown Set Duplex : Auto Act Duplex : Unkown Set Flow Control : Off...
  • Page 25 TotalPkts : 50492 TotalUcastPkts : 5429 TotalBroadcastPkts : 7253 TotalMulticastPkts : 37810 TotalSymbolErrors TotalAlignmetErrors TotalUndersizePkts TotalOversizePkts TotalFragments TotalJabbers TotalCollisions TotalPkts64Octets : 43300 TotalPkts65to127Octets : 5005 TotalPkts128to255Octets : 1125 TotalPkts256to511Octets : 695 TotalPkts512to1023Octets : 244 TotalPkts1024to1518Octets: 123...

  • Page 26: Configure Link-Aggregation Port

    Configure Link-aggregation Port This section will descirbls how to configure Link-aggregation Port based on the Ruijie equipment。 5.1. Summarize 5.1.1. Understand Link-aggregation Port We can bind many physical links into a logistical links,We call this logistical links Link-aggregation Port(AP)。AP offered by Ruijie compliant with IEEE802.3,It can be used to enlarge the link barndwidth to provide higher connection reliability。...
  • Page 27 AP flow balance diagram 5.2. Configure Link-aggregation Port instructor 5.2.1. Default Link-aggregation Port configuration AP default configurations as follow : Feature Default Two layer AP port Flow Balance Assign the flow according the input packets source MAC address. 5.2.2. Link-aggregation Port configuration Instructor AP members ports’...
  • Page 28 Once a port join an AP, any configuration can be set on the port until the port exit the AP. 5.2.3. Creat Link-aggregation Port First creat the Link aggregation group, then let the port join the AP as follow stepsinthe port configuration mode.:...

  • Page 29: Configure Vlan

    5.2.4. Configure Link-aggregation Port flow balance. In the congiguration mode, plase configure AP flow balance as follow steps: Command function Switch(config)# link-aggregation Configure AP flow balance,choose the way of [ap-id] load-balance {mac | ip-mac | ip} algorithm.: mac:According to the input packets’ source MAC address to assign.
  • Page 30 communicate with other host which is not in the same VLAN. It needs a 3 layers equipment.see figure below。 A port can be defined as a member of a VLAN. All of the terminals connected to this port are a part of virtual network, The entire network can support more than one VLAN.There is no need to adjust the network configuration from the physical when add, remove and revise the user.

  • Page 31: Vlan Configuration

    6.2. VLAN Configuration A VLAN is identified by VLAN ID。In the equipment ,you can add ,remove, revise VLAN 2-4094, but VLAN 1 is created by the device automatic and can not be removed. You can configure a port’s VLAN member type or add ,rmove a VLAN in port configurationmode. 6.2.1.
  • Page 32 6.2.4. Remove a VLAN Default VLAN(VLAN 1)is not allowed to delete。 Delete an existed VLAN in the global configuration mode: Command Function Input a VLAN ID and delete it。 Switch(config)# no vlan vlan-id 6.2.5. Assign access port to VLAN Assign a port to a VLAN in the interface configuration mode.: Command Function Switch(config-if-GigabitEthernet-0/1)# switch...
  • Page 33 You can set a common Ethernet port or a link-aggregation port as a Trunk port.(Please refer to link-aggregation port for link-aggregation port deatils. Use switch mode Command to switch a port between access mode and truck mode. Command Function Switch(config-if-GigabitEthernet-0/1)# Set a port to be Access mode.
  • Page 34 If you want to recovery a Trunk port’s all trunk attributes to default, please use the Command switch mode access 。 Identiy Trunk’s permission VLAN list. 6.3.3. You can limit some flow of VLAN can pass this Trunk port or not by configuring Truck port’s permission VLAN list.

  • Page 35: Show Vlan

    6.4.2. Configure a Hyhrid port In the port configuration mode can configure a port to be a hybrid port. Command Function Switch(config-if-GigabitEthernet-0/1)# Define the port type to be a 2 layer switch mode hybrid hybrid port. Step 1 Switch(config-if-GigabitEthernet-0/1)# Step 2 switch hybrid native vlan vlan-id Assign a Native VLAN for this port.

  • Page 36: Configure Mac Address

    Related show Commands are as follow: Command Function show vlan [vlan-id] Show all or specificed VLAN parameters. Below is the example to show the VLAN. Switch#show vlan vlan total num --------------- 4------------------------------- -------------------- NO. VID VLAN-Name Interface-Name ---- ---- -------------------------------- ------------------------------------------ DEFAULT ----[Untag Port]---- Gi 0/5...
  • Page 37 All MAC address in MAC address table of Ethernet switch is associated with the VLAN.Each VLAN will maintain its own logic address table. A MAC address that has been learned by VLAN, still be unknown by other VLANs. The MAC address of the Ethernet switch consists of the following information: User MAC Port Port Method...
  • Page 38 Step one of learning dynamic address User MAC Port Port Method VLAN 00d0.f8a6.5af7 Dynamic Table one of Ethernet switch MAC address UserB after receiving the message will reply message through Ethernet switch Gigabit port Ethernet 0/3 send UserA, at this point in the Ethernet switch MAC address table has been in existence UserA's MAC address, so the message is in the form of unicast forwarding to Gigabit Ethernet 0/2 ports, Ethernet switches at the same time will learn UserB MAC address, and the difference from the step 1is that UserC don’t receive message that UserB sent to UserA.

  • Page 39: Default Configuration

    3. Through UserA and UserB after an interactive process, Ethernet switches learn to UserA and UserB source MAC address, after UserA and UserB message interaction forward in unicast way, then UserC will no longer receive the interaction between the UserA and UserB message. 7.1.3.
  • Page 40 Command Function Switch#show mac-address all Check all address information on device Switch#show mac-address Check all dynamic address information dynamic on device Switch#show mac-address Check address information for ports interface gigabitEthernet port-id {all | dynamic | static} Switch#show mac-address check the address information of link link-aggregation ap-id {all | together group dynamic | static}...

  • Page 41: Static Address Configuration

    Switch(config)#on mac-address Resume address aging time to default value. agint-time The following example illustrates how to set the aging time of the equipment to be 180 seconds: Switch#configure terminal Enter configuration commands, one per line. End with CTRL+Z. Switch(config)#mac-address aging-time 180 The following example illustrates how to view the time configuration of address in the equipment: Switch#show mac-address aging-time Aging time : 180 s...
  • Page 42 7.5.2. View Configuration Command Function Switch#show mac-address static View all the information of static address. The following example illustrates how to view all the information of static address: Switch#show mac-address static VLAN TYPE interface STATE index ---- -------------- ------- -------------------- -------- ------ 1212.1212.1202...
  • Page 43 7.6.2. View Configuration Command Function Switch#show mac-address drop View all filtering address information. The following example illustrates how to view all the information of static address: Switch#show mac-address drop VLAN TYPE interface STATE index ---- -------------- ------- -------------------- -------- ------ VLAN TYPE interface...
  • Page 44 7.7.3. Point of Configuration Configure static MAC address table entries, make sure the following three elements: 1, destination MAC address the specified table item corresponding to. 2, specify the VLAN that the address belonging to(VLAN id) 3, interface ID (port - ID) When the switch receives the message with Mac-address as its destination address from the Vlan-id specified VLAN of the switch, the message will be forwarded to the interface specified by port-id.

  • Page 45: Configuration Of Poe

    Configuration of POE 8.1. Overview Power over Ethernet,Referred to as PoE,Is a technology that it can through in the Ethernet twisted-pair cable to transmit power and data to the device. With the technology including network telephone, WIFI AP, network camera, hubs, computer and other devices can get power directly from the twisted-pair cable.

  • Page 46: Poe Configuration

    According to the standard of the IEEE 802.3 af, PoE switches can use twisted-pair idle line to supply power , can also use the twisted pair Signal line to supply power , PD equipment shall supply power at the same time support the free line of power supply and signal lines in two ways.
  • Page 47 8.2.2. Set the power management mode Power supply management mode is refers to the equipment connection of PD for power distribution. PoE switches support power management model includes Auto mode、 Energy-saving mode and Static mode. Auto mode, according to detect the type of port PD grading to allocate power. About PD of class0 ~ 3 the equipment allocate the power in the following relations: Class0 - 15.4 W, Class1 - 4W,Class2 - 7W,...
  • Page 48 Switching power supply management mode, all PoE port under electricity, ports in accordance with the new management model of power supply to electricity. When switch to static mode, if there is no port assignments power set, the system automatically port configuration for power distribution, support only 802.3 af equipment distribution of each port 15.4 W, support at 802.3 equipment, distribution of each port 30 W.
  • Page 49 This command at the time of power supply management model for the static model is meaningless, because in the static mode of port power according to the user configuration force distribution, the switch can't be selected automatically, so the command is not effective in the static mode.If before the switch to static mode ports have configured the priority, then the command will be displayed, but do not take effect.
  • Page 50 Set port’s distribution power 8.2.5. Users can configure the porti's distribution power, to setting output value of the port in the static mode. When the power supply management model for the static mode, the command is used to power the distribution of the specified port.When switch to static mode for the first time, if the user has no port configuration for power distribution, on the support only 802.3 af POE switches, the distribution of the system will configuration for each port 15.4 W power, on the support 802.3at POE switches, the...
  • Page 51 Set system’s Reserve power 8.2.6. When using energy-saving mode, PoE switches according to the actual consumption of PD equipment power to calculate the power consumption of the system.If there is a PD device in this mode consumed power fluctuation is very big, will lead to damage of PoE switches under the heavy load PoE equipment.
  • Page 52 Command Function Switch# configure terminal Enter global configuration mode Switch(config)#poe uninterruptible-power Enable the hot start uninterrupted power supply function Switch(config)# end Return to the global model Switch#write Save the configuration, to ensure effective at the time of the next start Switch(config)# no poe uninterruptible-power Closed hot start uninterrupted power supply function...
  • Page 53 8.2.8. Set the power recovery mode If power supply equipment off electricity in actual application, can be set up port recovery mode to restore power,there are auto and manual in two ways,In auto mode,Power supply equipment to restore power, connection of PD equipment automatically restore power,in manual mode, through the user manual to restore power, the default configuration for manual.
  • Page 54 In practice it is often necessary to record specified PoE port access PD name,In RFC3621 provides pethPsePortType item to set port of PD. Switches also provides the CLI Settings to set this value. Command Function Switch# configure terminal Enter global configuration mode Switch(config)# interface Enter interface configuration mode, specified to gigabitEthernet port-id...
  • Page 55 Power control : Normal Power status : Detecting Max power : 29.123 W Allocate power : 19.124 W Current power : 0 W Average power : 0 W Peak power : 0 W Voltage : 0 V Current : 0 mA PD class : NO PD Devices Trouble cause...
  • Page 56 The meaning of the information displayed is: Display Item Instructions Interface The interface number. Power control Whether have enable the PoE function. Whether the PoE has already started to power supply. 。 Power status Max power Port to support maximum power. Port’s distribution power Allocate power Port’s consumed power.
  • Page 57 Port trouble cause Instructions None Normal power supply Overload During Startup Detection stage, found that the current is too big and disconnect Power Overload due to Icut PD equipment overload and disconnect the power Short Circuit Detected PD equipment short circuit and broken Thermal Powerdown High temperature protection and shut down Power Management...
  • Page 58 8.3.2. Display POE status The user can in privileged mode by the show command to view the system state of PoE. Command Function Switch#show poe powersupply Display POE power supply state of the whole system The following example to show the PoE system state of power supply: Switch#show poe powersupply Power-Over-Ethernet System power status: Powerring Port List : Gi0/1,...

  • Page 59: Configuration Igmp Snooping

    configuration IGMP Snooping 9.1. Overview 9.1.1. Understand the working principle of IGMP Snooping IGMP Snooping is short for Internet Group Management Protocol.It is to run on the VLAN IP multicast constraint mechanism,Used to manage and control the IP multicast flow within the VLAN forwarding,Belong to the second layer of multicast functionality.IGMP Snooping function described below,Is carried out within the VLAN, related port is refers to the internal members of the VLAN.
  • Page 60 9.1.2. Understand the two types of IGMP Snooping port As shown in the figure below, the Router connection multicast source, run in the Switch A IGMP Snooping, Host A and Host C for receiver Host (i.e., IP multicast group members). Two types of IGMP Snooping port Multicast Router Port:Switches connected multicast router(three layer multicast equipment),Such as the Switch of A Gi 0/1 port.Switches connect all routing of this device ports (including dynamic and...
  • Page 61 9.1.4. Understand the working mechanism of IGMP Snooping Conventional query and specific queries IGMP will send all the hosts and routers in the network common set of query message,In Command to query the network segment what IP multicast address is 224.0.0.1 multicast groups.After receiving the IGMP universal set is the query message, switch the query message to the all port forwarding out within a VLAN, and receiving port of the newspaper article to do the following: If the port is already in routing connection port list, timer is reset to its aging.

  • Page 62: Configure Igmp Snooping

    IGMP Profiles is actually a set of filters,It can be defined as a series of multicast address range,and the definition of the multicast address access permit or deny action,For later "routing connection filtering of multicast data range", "IGMP Filtering" using the features. 9.2.
  • Page 63 IGMP Snooping : Enabled IGMPv2 immediate leave :Disabled Last Member Query Interval : 1000 Router-port aging time : 255 Report-port aging time : 260 9.2.2. Close the IGMP Snooping In the global mode, follow these steps to close the IGMP Snooping: Command Function Switch(config)# no ip igmp snooping...
  • Page 64 Switch(config)# ip igmp snooping timer Configure dynamic routing connection port aging router-port expiry time time, time:<60-300> the default value is 255s. Switch(config)# no ip igmp snooping timer The aging time to recover dynamic routing router-port expiry connection port as the default, the default value is 255s.
  • Page 65 Command Function Switch(config)# ip igmp profile Enter the IGMP Profile model, assign a number Step 1 profile-number for logos, the number range of 1-1024, by default, did not match any Profile. Switch (config-igmp-profile)# permit (optional) configured to permit or deny that a Step 2 | deny batch of multicast address range, the default...
  • Page 66 The following example is set Ethernet interface 0/1 to VLAN1 static routing connection Switch# configure terminal Switch(config)# ip igmp snooping vlan 1 mrouter interface GigabitEthernet 0/1 Switch(config)# end Switch#show ip igmp snooping mrouter Vlan SourceAddr Interface ---- --------- -------- 0.0.0.0 Gi 0/1(static) 9.2.8.
  • Page 67 9.3. Check the IGMP Snooping information We offer to view the IGMP snooping related information is as follows: 9.3.1. View the current mode IGMP Snooping in privileged mode using the following command to view the current working mode and global configuration: Command Function Switch# show ip igmp snooping...
  • Page 68 The following example uses show ip igmp snooping interface statistics command to view IGMP Snooping routing connection information: Switch#show ip igmp snooping interface GigabitEthernet statistics interface GrpNum ----- ------- Gi 0/1 Gi 0/2 Gi 0/3 Gi 0/4 Gi 0/5 Gi 0/6 Gi 0/7 Gi 0/8 Gi 0/9...

  • Page 69: Configure Snmp

    The following example is to check the GDA table of each group multicast group information, and all the members of a multicast group port information: Switch#show ip igmp snooping groups Vlan Group Version Interface Status ---- --------------- ------- ------------------- -------------- 239.255.255.250 3 Gi 0/3 V2 members...
  • Page 70 Fig. 1-1 NMS and Agent relationship MIB(Management Information Base)Is a virtual network management information base.Managed network device contains a large amount of information,in order to be able to in the SNMP message uniquely identifies a particular management unit,MIB with tree like hierarchical structure to describe the management unit in the network equipment.The tree node represents a specific management unit.The diagram below MIB object named tree,For a management unit System uniquely identifies the network equipment in the,A list of Numbers can be used to represent such as {1.3.6.1.2.1.1},this string...
  • Page 71 SNMPv2C increased the Get-bulk operating mechanism and it can return an error message type more detailed of the management workstation.Get-bulk operation can obtain all information in the form or access to large amounts of data,to reduce the number of the request response.SNMPv2C error handling ability improvement including expansion of error code to distinguish between different types of errors,in SNMPv1 these errors only an error code.Now through the error code can distinguish wrong type.Because the Internet may exist support SNMPv1 and SNMPv2C management workstation,so the...
  • Page 72 Read-write:For the authorized management workstation provides read and write access to all MIB variables. Currently available security model there are two categories:SNMPv1、SNMPv2C。 The table below for the currently available security model and security level Security Security level Identify Encryption Instructions model SNMPv1 noAuthNoPriv...
  • Page 73 10.2.2. Configure SNMP host address The Agent in certain cases,also will send a message to the NMS,to configure the Agent actively send messages NMS host address,In global configuration mode, perform the following command: Command Function Switch#configure terminal Enter the global model Switch(config)#snmp-server start Enable SNMP Switch(config)# snmp-server host { host-addr...
  • Page 74 Switch(config)# no snmp-server enable traps [type] Deny active Agent sends the Trap message [option] 10.2.6. Configure the link the trap strategy In the equipment can be based on the interface configuration LinkTrap whether to send the interface,When the function is enabled, if the interface changes state of the Link, the SNMP will send LinkTrap,don't send conversely.By default, this function enable.
  • Page 75 0 Bad values errors 0 General errors 0 Response PDUs 18 Trap PDUs 10.3.3. View the current state of SNMP community In privileged user mode, execute show community to view the current state of the SNMP community. Switch#show community ---------------------------------------------------- Community Read/Write ----------------------------------------------------...
  • Page 76 10.4.1.1. Statistics group Statistics group was first in group RMON, each sub network basic statistical information statistics statistical monitoring.At present, only the network equipment’s interface interface can be monitoring, statistics. The group contains an Ethernet statistics, statistical content including discarded packets, broadcast packets, CRC error, size block, conflicts, etc.
  • Page 77 10.4.2.2. Configuration history control group You can use the following command to add a history control table: Command Function Switch(config-if-gigabitEthernet-0/1)# rmon Add a history control table collection history index [owner ownername] [buckets bucket-number] [interval seconds] Switch(config-if-gigabitEthernet-0/1)# no rmon To delete a history control table collection history index Statistics of the series of products the current version only supports Ethernet interface.
  • Page 78 Bucket-number:Control specifies the data source, time interval.Each sampling interval, are a sampling.Sampling results preserved,Bucket-number A specifies the maximum number of sampling save, when sampling record peak, covering the earliest records.Bucket-number value range is 1-65535, the default value is 10. Interval:Sampling interval.The default value is 1800 seconds, value between 1-3600. 10.4.2.3.
  • Page 79 10.4.2.4. Display RMON status Command Function show rmon alarm Display alarm group Switch# show rmon event Display event group Switch# show rmon Display history group Switch# history[control|ethernet] show rmon statistics ethernet Display statistics group Switch# 10.4.3. RMON configuration instance 10.4.3.1. Statistical group instance configuration If you want to statistics Ethernet port 3, using the following commands: Switch(config)# interface gigabitEthernet 0/3...
  • Page 80 Falling threshold : 10, assigned to event: 1 show rmon event Switch#show rmon event Event 1 is active, owned by zhangsan Description : "ifInNUcastPktsistoomuch" Event firing causes: log, last fired at 00:20:35 Current log entries: logIndex logTime Description ---------------------------------------------------------------- 00:19:35 "ifInNUcastPktsistoomuch"...

  • Page 81: Configure Span

    Pkts128to255Octets:76 Pkts256to511Octets:7 Pkts512to1023Octets:0 Pkts1024to1518Octets:0 11. Configure SPAN 11.1. Overview 11.1.1. Learning SPAN The user can use the port mirroring (SPAN) provides the function, the Design-Port packet is copied to the switch on another connected with network monitoring equipment port, for network monitoring and troubleshooting.
  • Page 82 the SPAN session is only active.Operation users can view the SPAN session through the command show monitor session . 11.2.2. Image data flow 11.2.2.1. Data flow direction The SPAN session consists of the following three direction of data flow: The input data stream:All of the source port receives the message will be copied to the port of destination.In a SPAN session, users can monitor one or more source po rt input message.For some reason (e.g., port security), from the source port input message may be discarded, but this does not affect the function of SPAN, the newspaper article will still be the mirror to the...
  • Page 83 11.3. Configure SPAN 11.3.1. SPAN default state Features Default value SPAN status close 11.3.2. Create the SPAN session and specify the destination port and port Users can create the SPAN session according to the following steps and specify the destination port (monitor port) and port (by monitoring port): Command Function...

  • Page 84: Configure The Flow Control Based Port

    11.3.3. Delete the SPAN session Users can follow the steps below to remove from a SPAN session. Command Function Switch(config)# no monitor session Step 1 session_num Delete the specified SPAN session. Use the no monitor session session_num global configuration command to delete from the specified SPAN group.
  • Page 85 In interface configuration mode, please use the following command to configure the storm control: Command Function broadcast Enable to the control function of the broadcast storm. multicast Enable Open to the unknown multicast storm control functions. unicast Enable to the unknown unicast storm control Switch(config-if-GigabitEthern function.
  • Page 86 Gi 0/2 disable disable disable none Gi 0/3 disable disable disable none Gi 0/4 disable disable disable none Gi 0/5 disable disable disable none Gi 0/6 disable disable disable none Gi 0/7 disable disable disable none Gi 0/8 disable disable disable none Gi 0/9...

  • Page 87: Port Security

    Switch#show isolate-port Gi 0/1 : Gi 0/2 Gi 0/2 : Gi 0/1 Gi 0/3 : Gi 0/4 : Gi 0/5 : Gi 0/6 : Gi 0/7 : Gi 0/8 : Gi 0/9 : link-aggregation 1 : 12.3. Port Security 12.3.1. Overview Port security function through the source MAC address message to define whether packet can enter the switch port,You can set a specific static MAC addresses or learn to limit the number of dynamic MAC address to control the message whether can enter the port.Enable port security port called port...
  • Page 88 Safe way of address binding None Dynamic MAC addresses learning Enable 12.3.3. Configure port security In interface configuration mode, please configure port security and exception processing mode uses the following commands: Command Function Switch(config-if-GigabitEthernet-0/3)#port-secu Enable the port security functions of the rity enable default [deny|permit] interface:Deny:Unbound port refused Permit:Unbound port permit...
  • Page 89 Switch(config-if-GigabitEthernet-0/1)#port-security add ip-address 1.1.1.1 mac-address 0000.0000.0001 Switch(config-if-GigabitEthernet-0/1)#port-security visitor ip-address 1.1.1.3 mac-address 0000.0000.0002 times 5 Description xxx When the host match permit rule, which is to permit the host biggest quantity is full can also access the network; When refused to host matching rules, which is to allow the host biggest quantity under cannot access the network.
  • Page 90 12.3.5. View port security information In privileged mode, through the following command to check port security information: Command Function Switch#show port-security active-table View the current port security is not binding information Switch#show port-security all View the current port security all information Switch#show port-security default View the current port security unbounded port is granted or denied...

  • Page 91: Anti-Illegal Dhcp Server

    Switch#show port-security default IP address MAC address interface-name bind-code age-t(m) out-t(m) description ---- ---- -------------------------------- ------------------------------------------ ----- ---- ---- PERMIT(DEFAULT) ---- ---- The following example shows the current port security binding information: Switch#show port-security rule IP address MAC address interface-name bind-code age-t(m) out-t(m) description...

  • Page 92: Dhcp Snooping Configuration

    But discards all the DHCP Offer message from UNTRUST port, then we set legal DHCP Server connected port as TRUST port, and the other port set as UNTRUST port, this can realize the shielding of illegal DHCP Server. As shown in diagram 1-1 network environment. The Client obtain IP address and surf the Internet through legal DHCP Server.
  • Page 93 Command Function Switch(config-if-GigabitEthernet-0/1)# set the port as DHCP Snooping trusted dhcp-snooping trust port. Switch(config-if-GigabitEthernet-0/1)# delete the port from trusted port, that is, to no dhcp-snooping trust set it as untrusted port. Switch(config-link-aggregation1)#dhc set the link aggregation group as DHCP Snooping trusted link aggregation p-snooping trust group(the link aggregation group must has been established)
  • Page 94 Switch(config)#no dhcp-snooping Disable DHCP Snooping The following example is to disable global DHCP Snooping. Switch# configure terminal Switch(config)#no dhcp-snooping Global DHCP mode: disable 13.3. View DHCP Snooping Information Use the following command to view DHCP Snooping information in privileged mode: Command Function Switch#show dhcp-snooping...

  • Page 95: Anti-Arp-Spoofing

    14. Anti-ARP-Spoofing 14.1. Summary According to the design of the ARP protocol, in order to reduce the excessive ARP data communication in the network, a host, even if received ARP reply is not requested itself, it also can insert it into the ARP cache table, but the ARP protocol itself does not check the validity of ARP message it received.
  • Page 96 Command Function Switch(config-if-GigabitEthernet-0/1)# Disable Anti-ARP-Spoofing function of the no arp-inspection port Switch(config-link-aggregation1)#no Disable Anti-ARP-Spoofing function of the arp-inspection link aggregation group. The following example is to disable Anti-ARP-Spoofing function: Switch#configure terminal Enter configuration commands, one per line. End with CTRL+Z. Switch(config)#interface gigabitEthernet 0/1 Switch(config-if-GigabitEthernet-0/1)#no arp-inspection Switch#configure terminal...
  • Page 97 Gi 0/8 arp-inspection: enable Gi 0/9 arp-inspection: enable link-aggregation 1 arp-inspection: enable Notes: enable:enable Anti-ARP-Spoofing disable:disable Anti-ARP-Spoofing The following example is to view the list item information of Anti-ARP-Spoofing function: Switch#show arp-inspection status MAC address IP address interface-name tbl-status ---- ---- -------------------------------- ----------------------------------------- 0001.7AD2.4D8C 192.168.100.1...
  • Page 98 15. Port Rate Limit 15.1. Overview With the rapid development of the Internet, there are more and more needs to transmit multimedia stream on the Internet. Generally speaking, Users ask different service quality for different multimedia application. It needs the network can allocate and schedule the resource according to the users’...
  • Page 99 15.3. Close the port rate limitation Enter the interface pattern to close the Rate limitation. Command Function Switch(config-if-GigabitEthernet- Close the port Upstream Rate Limitation 0/1)#no rate-limit Switch(config-if-GigabitEthernet-0/ Close the port Downstream Rate Limitation 1)#no traffic-shape Below is the example to close the port upstream Rate limitation: Switch#configure terminal Enter configuration commands, one per line.

  • Page 100: Loopback Detection

    15.4. Check the port Downstream rate limitation information In the privileged pattern, check the port Downstream limitation information by below Commands. Command Function Switch#show traffic-shape Show the downstream rate limitation [interface] information. Below is the example to show the port Downstream Rate limitation information: Switch#show traffic-shape Gi 0/1 traffic-shape 128 1000...
  • Page 101 16.2. Configure loop detection. Enter global patterns to configure loop detection. Command Function Switch(config)#loopback-detection Configure loop detection,enable: Open detection (default on) [enable|interval|errdisable] Interval:Set loop detection time.(2-15secs, Default3s) Errdisable:Port recovery time(30-86400S Default 60s) Below is the example that configuration port open loop detection and set the detection time slot:...
  • Page 102 Switch(config-if-GigabitEthernet-0/1)#loopback-detection control Switch(config-if-GigabitEthernet-0/1)#no loopback-detection control. Notes: Revise the link aggregation loop processing mechanism, Similarly 16.4. Check loopback detection Enter the privileged pattern to check the loopback-detection. Command Function Switch#show loopback-detection Check loopback detection and configuration: Below is the example to check loopback detection. Switch#show loopback-detection Loopback detection is Runing on! Detection interval time is 2 seconds...

  • Page 103: Access Control

    Switch(config)#no loopback-detection enable 17. Access Control 17.1. Overview Information between port and port and communication inside and outside is essential business requirements of enterprise internet. To ensure security of the network, it needs safety strategy to ensure unauthorized users can only access specific network resources to reach and control visits.
  • Page 104 Enter into extended IP Switch(config)#ip access-list extended 10and configure Command Function Switch(config-ext-ip-nacl)#0 Rule of configuration: [permit|deny] [any|host|sip] Permit: Allow matching rules of IP data flow Deny: Refuse matching rules of IP data flow Enter into extended MAC Switch(config)#mac access-list extended 20 and configure Command Function Switch(config-ext-mac-nacl)# 0...
  • Page 105 Enter into extended MAC Switch(config)#mac access-list extended 20and configure Function Command Switch(config-ext-mac- Rule of configuration access list: nacl)# 0 deny Any:Any source mac address, objective MAC [any|host] parameters (any|host) host:specified source mac, objective MAC parameters (any|host) Protocol: <0x0000-0xffff> optional After the success of the configuration rules into port under application configuration Function Command Switch(config-if-GigabitEthernet-0/1)#mac...
  • Page 106 Command Function Switch(config-if-Gigabit Cancel configuration access control list: Ethernet-0/3)#no ip 0-9:cancel standard IP access control list on ports from access-list 0-9 table (0-9|10-19) 10-19:cancel extended IP access control list on ports from 10-19 table Switch(config-if-Gigabit Configure access control list: cancel port extended mac Ethernet-0/3)#no mac access control list from 20-25 access-list (20-25)...

  • Page 107: File System Configuration

    Switch(config)#no access-list 9 Delete rules Switch#configure terminal Enter configuration commands, one per line. End with CTRL+Z. Switch(config)#ip access-list extended 10 Switch(config-ext-ip-nacl)#no 9 17.4. Check access control list Enter into rivilege mode and check access-list: Command Function Switch#show access-list Check access-list all information Following is to check access control function: Switch#show access-list ip access-list standard 9...
  • Page 108 Command Function Switch#configure filesystem Enter the file configuration mode Switch(config-fs)#dir Dir command to display the directory file, the default directory is usually Flash file systems. Switch(config-fs)#dir {word} Display files in the specified directory, word: directory name Switch(config-fs)#copy tftp Switches through the TFTP download file {Server IP} {The file name on the server }{Save the file name on switch }...
  • Page 109 The Data of this dir will be lost! if OS is deleted,the system will hangup! Please confirm to continue?(Yes/No)y Switch(config-fs)#...

Table of Contents