ELTEX MES1000 Operation Manual
  1. Manuals
  2. Brands
  3. ELTEX Manuals
  4. Switch
  5. MES1000
  6. Operation manual

ELTEX MES1000 Operation Manual

L2 fast ethernet and gigabit ethernet managed switches,firmware version 1.1.42
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
L2 Fast Ethernet and Gigabit Ethernet Managed Switches
MES1000, MES2000
Operation Manual,Firmware Version 1.1.42

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the MES1000 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ELTEX MES1000

Summary of Contents for ELTEX MES1000

  • Page 1 L2 Fast Ethernet and Gigabit Ethernet Managed Switches MES1000, MES2000 Operation Manual,Firmware Version 1.1.42...
  • Page 2 Synchronized with firmware version 1.1.30. Changes in chapters: - 5.10.2 VLAN interface configuration - 5.12 Broadcast storm control Version 2.11 27/08/2014 Changes in chapters: - 5.10 Interface configuration - 5.16.6 EAPS protocol - 5.27 DHCP Relay mediation features MES1000, MES2000 Ethernet Switches...
  • Page 3 - PPPoE Intermediate Agent configuration Version 1.5 06/03/2013 Changes in chapters: - 5.4 System management commands; - 5.9 Selective Q-in-Q; - 5.17.2 IGMP Snooping function Added chapters: - Appendix B Typical buildings of networks on basis of EAPS protocol MES1000, MES2000 Ethernet Switches...
  • Page 4 Version 1.3 10/09/2012 Changes in chapters: 5.22 Physical diagnostics functions Version 1.2 21/08/2012 Added description of EAPS protocol configuration. Version 1.1 12/05/2012 Added chapters: - PPPoE Intermediate Agent configuration Version 1.0 21/12/2011 First issue. Firmware version 1.1.42 MES1000, MES2000 Ethernet Switches...

  • Page 5: Table Of Contents

    5.8.3 Configuration backup commands .................... 55 5.8.4 Automatic update and configuration commands ..............56 5.9 System time configuration ........................ 58 5.10 Interface configuration ........................61 5.10.1 Ethernet and Port-Channel interface parameters ..............62 5.10.2 VLAN interface configuration ....................69 MES1000, MES2000 Ethernet Switches...
  • Page 6 5.27 Security functions ........................... 171 5.27.1 Port security functions ....................... 171 5.27.2 Port-based client authentication (802.1x standard) ............172 5.27.3 DHCP protocol management and Option 82 ..............179 5.27.4 Client IP address protection (IP-source Guard) ..............183 MES1000, MES2000 Ethernet Switches...
  • Page 7 Configuration of multicast-TV VLAN ....................... 222 Configuration of IGMP Query Authorization via RADIUS ................ 224 APPENDIX B TYPICAL BUILDINGS OF NETWORKS ON BASIS OF EAPS PROTOCOL ........226 APPENDIX C DESCRIPTION OF SWITCH PROCESSES ..................228 MES1000, MES2000 Ethernet Switches...
  • Page 8 Notes contain important information, tips or recommendations on device operation and setup. Warnings are used to inform the user about harmful situations for the device and the user alike, which could cause malfunction or data loss. MES1000, MES2000 Ethernet Switches...

  • Page 9: Introduction

    High-speed data transmission, especially in large-scale networks, requires a network topology, that will allow flexible distribution of high-speed data flows. MES1000, MES2000 series switches could be used in large enterprise networks, SMB networks and operator's networks. They provide high performance, flexibility, security and multi-tier QoS.

  • Page 10: Product Description

    PRODUCT DESCRIPTION Purpose MES1000 and MES2000 series devices are the managed stackable network switches that operate on data-link and network layers of the OSI model. MES1024 network switches are equipped with 24 Fast Ethernet ports with electric interfaces and 2 Gigabit Ethernet ports combined with slots for SFT transceiver installation (combo ports).

  • Page 11: Mac Address Processing Functions

    Broadcast storm is a multiplication of broadcast messages in each host causing Broadcast Storm Control their exponential growth, that can lead to a network meltdown. Devices has a function that restricts the transfer rate for multicast and broadcast frames MES1000, MES2000 Ethernet Switches...
  • Page 12 (switch-switch or switch-server) in a single data communication channel. (LACP protocol) Protocol constantly tries to find ways for link aggregation; in case of link failure in the aggregated channel, its traffic will be automatically redistributed to MES1000, MES2000 Ethernet Switches...

  • Page 13: Third-Layer Functions Of Osi Model

    By default, the switch with DHCP snooping function enabled identifies and drops all DHCP requests with Option 82, if they were received via untrusted port. UDP relay Broadcast UDP traffic forwarding to the specified IP address. MES1000, MES2000 Ethernet Switches...

  • Page 14: Switch Control Functions

    Syslog is a protocol, designed for transmission of system event messages and error Syslog notifications to remote servers. MES1000, MES2000 Ethernet Switches...

  • Page 15: Additional Functions

    This mechanism allows to reduce the device power consumption by switching Green Ethernet inactive electric ports to the economy mode. Active monitoring technology used for measuring network performance and data IP SLA transmission quality. Supported operations: ICMP Echo, UDP Jitter. MES1000, MES2000 Ethernet Switches...

  • Page 16: Main Specifications

    4 output queues with different priorities for each port Multicast up to 1000 static multicast groups MSTP instances qty Jumbo frames Max. packet size 8 groups, up to 8 ports per group Stacking Up to 3 devices MES1000, MES2000 Ethernet Switches...
  • Page 17 Power consumption: 50W max. Charger specifications: MES2124MB - charge current: 1.7A; - circuit breaker tripping voltage: 10-10.5V; - low battery indication threshold voltage: 11V. Weight 2.5kg max. MES1024, MES1124, 430x44x138mm MES2124 MES1124M Dimensions 430x44x160mm MES1124MB MES2124M 430x44x180mm MES2124P 430x44x203mm MES1000, MES2000 Ethernet Switches...
  • Page 18 -40 to +70 С Operation relative humidity (non- up to 80% condensing) Storage relative humidity (non- from 10% to 95% condensing) Average lifetime 20 years Power supply type is determined at the time of order. MES1000, MES2000 Ethernet Switches...

  • Page 19: Design

    Front panel layout MES1024, MES1124, MES2124 is depicted in Fig. 1-3. Fig. 1— MES1024, front panel Fig. 2— MES1124, front panel Fig. 3— MES2124, front panel Table 2.10 lists sizes, LEDs and controls located on the front panel of the switch. MES1000, MES2000 Ethernet Switches...

  • Page 20: Mes1124Mb, Mes2124Mb Series Devices Panels Appearance And Layout

    Connector for AC power supply The earthing bolt. 2.4.2 MES1124MB, MES2124MB series devices panels appearance and layout Front panel layout MES1124MB, MES2124MB is depicted in Fig. 4-5. Fig. 4— MES1124MB, front panel Fig. 5— MES2124MB, front panel MES1000, MES2000 Ethernet Switches...
  • Page 21 The rear panel layout of MES1124MB, MES2124MB series switches is depicted in Fig. 6. Fig. 6 – MES1124MB, MES2124MB, rear panel An earthing bolt is located on the rear panel of MES1124MB, MES2124MB series devices and marked with (1) symbol. MES1000, MES2000 Ethernet Switches...

  • Page 22: Mes1124M, Mes2124M Series Devices Panels Appearance And Layout

    MES2124M front panel with 110-250VAC power supply connector is shown in Fig. 9, with 48VDC connector in Fig. 10. Fig. 9 – MES2124M AC, front panel Fig. 10 – MES1124M DC, front panel Table 2.12 lists sizes, LEDs and controls located on the front panel MES1124M, MES2124M. MES1000, MES2000 Ethernet Switches...
  • Page 23 The rear panel layout of MES1124M, MES2124M series switches is depicted in Fig. 11. Fig. 11 – MES1124M, MES2124M, rear panel An earthing bolt is located on the rear panel of MES1124M, MES2124M series devices and marked with (1) symbol. MES1000, MES2000 Ethernet Switches...

  • Page 24: Mes2208P Series Device Panel Appearance And Layout

    - pressing the key for more than 10 seconds resets the terminal to factory settings. Connector for DC power supply 36-72 VDC max 4A The earthing bolt. Ports 3, 4, 9, 10 are combo ports. The combined ports may have only one active interface at the same time. MES1000, MES2000 Ethernet Switches...

  • Page 25: Mes2124P Series Device Panel Appearance And Layout

    ~150-250VAC, 60/50Hz Connector for AC power supply max 2A The rear panel layout of MES2124P series switches is depicted in Fig. 14. Fig. 14—Rear panel of MES2124P Table 2.13 lists rear panel connectors of the switch. MES1000, MES2000 Ethernet Switches...

  • Page 26: Side Panels Of The Device

    'Installation and connection'. 2.4.7 Light Indication Ethernet interface status is represented by two LEDs—amber SPEED and green LINK/ACT—located next to each interface connector. Location of LEDs is depicted on Fig. 17, 18. LINK/ACT SPEED Fig. 17—RJ-45 socket appearance MES1000, MES2000 Ethernet Switches...
  • Page 27 Device starts up No IP addresses flashes assigned to interfaces Green, solid The device is stack 'master' Marker of the Master master device in a The device is not stack 'master' or stack stackable mode is not specified MES1000, MES2000 Ethernet Switches...

  • Page 28: Delivery Package

    MES1024, MES1124, MES2124, the DB-9M/DB-9M cable is provided SFP transceivers may be included in the delivery package on the customer's request. Used only in MES2208P, MES2124P series devices Used only in MES1124MB, MES2124MB series devices MES1000, MES2000 Ethernet Switches...

  • Page 29: Installation And Connection

    2. Align mounting holes in the support bracket with the corresponding holes in the rack guides. Use the holes of the same level on both sides of the guides to ensure the device horizontal installation. Use a screwdriver to screw the switch to the rack. MES1000, MES2000 Ethernet Switches...
  • Page 30 Fig. 20—Device rack installation Fig. 21 shows the example of MES1000/2000 rack installation. Fig. 21—MES1000/2000 switch rack installation Minimum height spacing for switches—not less than 1U. When switches are installed next to equipment with excessive heat generation, the spacing should be increased.

  • Page 31: Battery Connection To Mes1124Mb, Mes2124Mb

    1. Insert the top SFP module into a slot with its open side down, and the bottom SFP module with its open side up. Fig. 23—SFP transceiver installation 2. Press the module until it fits with a click. Fig. 24—Installed SFP transceivers MES1000, MES2000 Ethernet Switches...

  • Page 32: Connection To Power Supply

    AC power supply, use the cable from the delivery package. To connect the device to DC power supply, use the cable with cross-section not less than 1mm 5. Turn the device on and check the front panel LEDs to make sure the terminal is in normal operating conditions. MES1000, MES2000 Ethernet Switches...

  • Page 33: Device Startup, Initial Configuration

    <Enter> keys. The description of service menu capabilities for device management is provided in Section 6. Example of the following device startup. Preparing to decompress... 100% Decompressing SW from image-2 100% Running from RAM... ******************************************************************* *** Running Ver. 1.0.18 Date 23-Nov-2011 Time 18:14:56 *** ******************************************************************* MES1000, MES2000 Ethernet Switches...
  • Page 34 23-Nov-2011 18:15:04 %CDB-I-LOADCONFIG: Loading running configuration. 23-Nov-2011 18:15:04 %CDB-I-LOADCONFIG: Loading startup configuration. The monitor is activated with Trace Enabled. It will be automatic enabled after system reset also. Device configuration: Slot 1 - Eltex MES-2124 Device 0: GT_98DX1035 (AlleyCat) ------------------------------------ -- Unit Standalone ------------------------------------ 23-Nov-2011 18:15:16 %Entity-I-SEND-ENT-CONF-CHANGE-TRAP: entity configuration change trap.

  • Page 35: Configuration Procedure

    Set unit stack id Set unit working mode Back Enter your choice or press 'ESC' to exit: In the stack management menu, there are the following items available: [1]—show the device identifier in a stack [2]—assign the device identifier MES1000, MES2000 Ethernet Switches...

  • Page 36: Initial Configuration

    Privilege level 1 allows to access the device, but denies its configuration. Privilege level 15 allows both the access and configuration of the device.  Example of commands for assigning eltex password for admin user and creation of operator user with pass password and the privilege level 1: console> enable...
  • Page 37 Switches support management via SNMP v1/v2с/v3 and equipped with the integrated SNMP agent. SNMP agent supports the set of standard and extended MIB variables. For the switch integration into monitoring or management systems or for development of such systems, the full MIB description can be provided. MES1000, MES2000 Ethernet Switches...
  • Page 38 Port name ---------------- -------- ----------- ---------- ----- ------- ----- --------- Version 3 notifications Target Address Type Username Security Udp Filter Retries Level Port name ---------------- -------- ----------- -------- ----- ------- ----- --------- System Contact: System Location: MES1000, MES2000 Ethernet Switches...

  • Page 39: Security System Configuration

    (console port). Password recovery may be initiated via the console port only. You can set up device access passwords for the following access interfaces: MES1000, MES2000 Ethernet Switches...
  • Page 40 Enter the passwd3 password in reply to the password entry prompt, that appears during the registration in the SSH session. MES1000, MES2000 Ethernet Switches...
  • Page 41 If the password is lost, you can restart the device and interrupt its startup via the console port by pressing <Esc> or <Enter> keys in two seconds after the automatic startup message is displayed. The Startup menu will open, where you can initiate the password recovery procedure ([3] Password Recovery Procedure). MES1000, MES2000 Ethernet Switches...

  • Page 42: Device Management Command Line Interface

    1 console (config-if)# Terminal configuration mode (line configuration)—this mode is designed for terminal operation configuration. You can enter this mode from the global configuration mode. console(config)# line {console | telnet | ssh} console(config-line)# MES1000, MES2000 Ethernet Switches...

  • Page 43: Command Line Operation Principles

    Return to the normal mode from the privileged mode (if the disable [priv] priv: (1..15)/1 value is not defined—privilege level 1). configure[terminal] Enter the configuration mode. Enter the debug mode (this command is available to privileged debug-mode users only). MES1000, MES2000 Ethernet Switches...
  • Page 44 Change buffer size for history of entered commands. (0..216)/10 no history sie Set the default value. Enable welcome messages such as 'motd' (message of the motd-banner day). -/enabled no motd-banner Disable informational messages such as 'motd'. MES1000, MES2000 Ethernet Switches...

  • Page 45: Filtering Of Command Line Messages

    Apply the selected macro. (1..32) characters macro trace word Validate the selected macro. show parser macro [ gi_port: (1..3/0/1..28); Show parameters of macros configured on the device. description [interface fa_port: (1..3/0/1..24); {gigabitethernet gi_port | group: (1..8); fastethernet fa_port | MES1000, MES2000 Ethernet Switches...

  • Page 46: System Management Commands

    [tos tos] tos(0..255)/0 - ip_address —switch interface IP address, used for packet transmission - tos—type of service sent in the IP protocol header. For description of errors, occurring during the execution of commands, see tables 5.12, 5.13 MES1000, MES2000 Ethernet Switches...
  • Page 47 3. Execute 'show sessions' command. All outgoing connections for the current session will be listed in the table. 4. To return to remote device session, execute 'resume N' command, where N is a connection number from 'show sessions' command output. MES1000, MES2000 Ethernet Switches...
  • Page 48 Example use of command: traceroute console# traceroute eltex.com Type Esc to abort. Tracing the route to eltex.com (148.21.11.69) 1 gateway.eltex (192.168.1.101) 0 msec 0 msec 0 msec 2 eltexsrv (192.168.0.1) 0 msec 0 msec 0 msec 3 * * * Table 5.12 —Description of 'traceroute' command execution results...
  • Page 49 /stream and could be used for establishing connections to ports where UNIX-to-UNIX (UUCP) copy programs or other non-telnet protocols are running. Global configuration mode commands Command line request in global configuration mode appears as follows: console(config)# MES1000, MES2000 Ethernet Switches...

  • Page 50: Switch Stack Management

    The following two topologies are supported for device connection in a stack—ring and linear. It's recommended to use the ring topology for increased stack robustness. Privileged EXEC mode commands Command line request appears as follows: In the current firmware version. MES1000, MES2000 Ethernet Switches...
  • Page 51 Current stack topology—chain or ring Unit Mode After Reset: Switch operation mode after restart—standalone/stackable Unit Num After Reset: Switch identifier, that will be applied after restart Devices with identical Unit IDs won't be able to work in one stack. MES1000, MES2000 Ethernet Switches...

  • Page 52: Commands For Configuration Of Password Parameters

    Deny to use username as a password. username -/enabled no passwords complexity Allow to use username as a password. not-username Table 5.20 —System management commands in Privileged EXEC mode Command Action show passwords Show information on password restriction. configuration MES1000, MES2000 Ethernet Switches...

  • Page 53: File Operations

    Action copy source_url source-url: Copy file from the source location to destination location. destination_url [snmp] (1..160) characters - snmp—used only when file is being copied from/to startup- config Specify the utilization of the source address and MES1000, MES2000 Ethernet Switches...
  • Page 54 During command execution, [unit unit] parameter is available in the stackable mode only. write [memory|terminal] Save the current configuration into the initial configuration file. Change the filename. rename url new_url url: (1 .. 160) - url—current filename - new_url—new filename MES1000, MES2000 Ethernet Switches...

  • Page 55: Configuration Backup Commands

    Specify the time period for automatic creation of the backup time-period timer timer: 1..35791394 configuration backup. min/720min no backup time-period Restore the default value. backup auto Enable automatic configuration backup. -/disabled no backup auto Set the default value. MES1000, MES2000 Ethernet Switches...

  • Page 56: Automatic Update And Configuration Commands

    Switch will try to load configuration, if one of the following conditions is met: 1. The switch has default configuration. 2. User entered boot host dhcp command prior to the switch reboot, that will force the obtaining of configuration on startup. MES1000, MES2000 Ethernet Switches...
  • Page 57 #MAC address of the switch filename "mes2124-test.cfg"; #switch configuration name option image-filename 35265 15 1 13 "mes2000-image"; #text file name, , containing firmware file name next-server 192.168.1.3; #TFTP server IP address fixed-address 192.168.1.36; #switch IP address MES1000, MES2000 Ethernet Switches...

  • Page 58: System Time Configuration

    - zone—abbreviation of the phrase (zone description) hours-offset hours-offset: - hours-offset—hour offset from UTC zero meridian [minutes minutes-offset] -12..+13/0; - minutes-offset—minute offset from UTC zero meridian minutes-offset: (0..59)/0; no clock timezone Restore the default value. MES1000, MES2000 Ethernet Switches...
  • Page 59 Allow unicast SNTP client operation. -/denied no sntp unicast client enable Restore the default value. sntp unicast client poll Allow sequential polling of the selected unicast SNTP servers. -/denied no sntp unicast client poll Restore the default value. MES1000, MES2000 Ethernet Switches...
  • Page 60 15:29:08 NSK(UTC+7) Jun 17 2009 Time source is SNTP Time zone: Acronym is NOV Offset is UTC+7 Summertime: Acronym is NSK Recurring every year. Begins at first Sunday of April at 2:00. MES1000, MES2000 Ethernet Switches...

  • Page 61: Interface Configuration

    You can specify the mask value in Х.Х.Х.Х format, or in /N format, where N is the number of 1's in the binary mask representation. Use the following command to reset interface configuration to default: console(config)#default interface {gigabifastethernet fa_port | gigabitethernet gi_port | port-channel group | vlan vlan_id | tunnel tunnel_id | range {…}} MES1000, MES2000 Ethernet Switches...

  • Page 62: Ethernet And Port-Channel Interface Parameters

    MES2208P interface gigabitethernet gi_port—for Gigabit Ethernet 1-12 interface configuration interface port-channel group—for channel group configuration, where – group—sequential number of the channel group, possible values (1..8) – gi_port—Gigabit Ethernet interface sequential number, specified as: 1..4/0/1..12 MES1000, MES2000 Ethernet Switches...
  • Page 63 Set the default value. Enables autonegotiation of speed and duplex on the negotiation 10f, 10h, 100f, 100h, 1000f configured interface. You can define the specific compatibility [cap1 [cap2… cap5]] autonegotiation parameters; if these parameters are not MES1000, MES2000 Ethernet Switches...
  • Page 64 | dot1x-src-address | Set the default value. acl-deny | stp-bpdu-guard | stp-loopback-guard } errdisable recovery Define the time period for automatic interface reactivation. interval seconds seconds: (30..86400}/300 seconds no errdisable recovery Set the default value. interval MES1000, MES2000 Ethernet Switches...
  • Page 65 Show settings of the automatic interface reactivation. show errdisable interfaces gi_port: (1..3/0/1..28); [gigabitethernet gi_port | Show reasons for disabling the interface(s) and the automatic fa_port: (1..3/0/1..24); fastethernet fa_port | activation status. group: (1..8) port-channel group] Example execution of commands MES1000, MES2000 Ethernet Switches...
  • Page 66 1G-Fiber Disabled gi0/10 1G-Fiber Disabled gi0/11 1G-Combo-C Enabled gi0/12 1G-Combo-C Enabled gi0/13 1G-Fiber Disabled gi0/14 1G-Fiber Disabled gi0/15 1G-Fiber Disabled gi0/16 1G-Fiber Disabled gi0/17 1G-Fiber Disabled gi0/18 1G-Fiber Disabled gi0/19 1G-Fiber Disabled gi0/20 1G-Fiber Disabled MES1000, MES2000 Ethernet Switches...
  • Page 67 Multiple Collision Frames: 0 SQE Test Errors: 0 Deferred Transmissions: 0 Late Collisions: 0 Excessive Collisions: 0 Carrier Sense Errors: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Symbol Errors: 0 Received Pause Frames: 0 MES1000, MES2000 Ethernet Switches...
  • Page 68 Transmitted Pause Quantity of sent control MAC frames with PAUSE operation code. Frames  Show jumbo frame settings for the switch: console# show ports jumbo-frame Jumbo frames are disabled Jumbo frames will be disabled after reset MES1000, MES2000 Ethernet Switches...

  • Page 69: Vlan Interface Configuration

    {vlan_list} command. Given below are commands for entering the configuration mode of the VLAN 1 interface and entering the configuration mode of VLAN 1, 3, 7 group. console# configure console(config)# interface vlan 1 console(config-if)# console# configure MES1000, MES2000 Ethernet Switches...
  • Page 70 Remove VLAN list for the interface. vlan remove vlan_list switchport general pvid vlan_id (1..4094)/ Add port VLAN identifier (PVID) for the main interface. vlan_id 1—if default VLAN is no switchport general pvid defined, otherwise—4095 Set the default value. MES1000, MES2000 Ethernet Switches...
  • Page 71 Membership in the default VLAN is enabled by default. no switchport forbidden Set the default value. default-vlan switchport protected-port Put the port in isolation mode within the port group. no switchport-protected- Restore the default value. port MES1000, MES2000 Ethernet Switches...
  • Page 72 Command line request in Privileged EXEC mode appears as follows: console# Table 5.40 —Privileged EXEC mode commands Command Value Action show vlan Show information on all VLANs show interface description vlan_id: (1..4094) Show description VLAN interface. vlan vlan_id MES1000, MES2000 Ethernet Switches...
  • Page 73 4 Source ports : gi1/0/4-5 Receiver ports: gi1/0/1  Show information on protocol groups: console# show vlan protocols-groups Encapsulation Protocol Group Id ------------- ---------------- ---------------- 0x800 (IP) Ethernet 0x806 (ARP) Ethernet 0x86dd (IPv6) Ethernet MES1000, MES2000 Ethernet Switches...
  • Page 74 Egress rule Port Membership Type ---- -------------------------------- ----------- -------------------- Untagged System Forbidden VLANS: Vlan Name ---- -------------------------------- Classification rules: Protocol based VLANs: Group ID Vlan ID ------------ ------- Mac based VLANs: Group ID Vlan ID ------------ ------- MES1000, MES2000 Ethernet Switches...

  • Page 75: Selective Q-In-Q

    Command without the ingress_vlan_id parameter deletes the ingress_vlan_id] rule applied by default to the inbound traffic. no selective-qinq list Remove the selective qinq rule for the selected ingress_vlan_id egress ingress-vlan ingress_vlan_id: (1-4094) for outbound packets. ingress_vlan_id MES1000, MES2000 Ethernet Switches...

  • Page 76: Broadcast Storm Control

    Table 5.44 —Ethernet interface configuration mode commands Command Value/Default value Action storm-control include- Add multicast traffic to broadcast control. multicast -/default no storm-control include- Disable multicast traffic control. multicast storm-control include Add unknown unicast traffic to broadcast control. -/default unknown-unicast MES1000, MES2000 Ethernet Switches...

  • Page 77: Link Aggregation Groups (Lag)

    For description of LACP protocol group, see the corresponding section of the manual. To add the interface into a group, you have to restore the default interface settings, if they were modified. You can add interfaces into link aggregation group in the Ethernet interface configuration mode only. MES1000, MES2000 Ethernet Switches...

  • Page 78: Static Link Aggregation Groups

    For static groups, the priority of link utilization in aggregated group is not defined. To enable the interface operation in the static group, use 'channel-group {group} mode on' command in the configuration mode of the respective interface. MES1000, MES2000 Ethernet Switches...

  • Page 79: Lacp Link Aggregation Protocol

    [parameters | statistics | - parameters—show protocol configuration parameters protocol-state] - statistics—show protocol operation statistics - protocol-state—show protocol operation state. show lacp port-channel Show information on LACP protocol for the port group. group: (1..8) [group] Example execution of commands MES1000, MES2000 Ethernet Switches...

  • Page 80: Ipv4 Addressing Configuration

    Command line request in global configuration mode appears as follows: console(config)# Table 5.53 —Global configuration mode commands Command Value Action ip default-gateway Define the default gateway for the switch. -/default gateway is not ip_address defined no ip default-gateway Remove the default gateway for the switch. MES1000, MES2000 Ethernet Switches...

  • Page 81: Ipv6 Addressing Configuration

    Local IPv6 addresses (IPv6Z) are assigned to the interfaces by the switch; use the following format in the command syntax for IPv6Z addresses: <ipv6-link-local-address>%<interface-name> where interface-name—name of the interface: MES1000, MES2000 Ethernet Switches...
  • Page 82 Create IPv6 address on the interface. ipv6_address/prefix_length (3..128) [eui-64] [anycast] (64, if eui-64 parameter is - ipv6_address—IPv6 network assigned to the interface (8 used) blocks separated by a colon; each block has 16 bit of data, MES1000, MES2000 Ethernet Switches...
  • Page 83 Clear cache, that contains the information on the clear ipv6 neighbors neighbouring devices operating via IPv6 protocol. Information on static records will remain. EXEC mode commands Command line request in EXEC mode appears as follows: MES1000, MES2000 Ethernet Switches...

  • Page 84: Ipv6 Protocol Tunnelling (Isatap)

    IPv6 traffic via IPv4 addressing networks. Thus, nodes with IPv6 addressing, that support ISATAP tunnelling, will be able to communicate by icapsulating traffic into packets with IPv4 header. Global configuration mode commands Command line request in global configuration mode appears as follows: console(config)# MES1000, MES2000 Ethernet Switches...
  • Page 85 By default, IP address is not ip-address ipv4_address } - auto—IP address will be automatically assigned by the defined. system no tunnel source Delete local tunnel IP address. EXEC mode commands Command line request in EXEC mode appears as follows: console# MES1000, MES2000 Ethernet Switches...

  • Page 86: Ipv6 Ra Guard Function Configuration

    Enable prefix-list for filtering RA messages in router mode. (1..32) characters prefix-list prefix-list - prefix-list – prefix-list name. ipv6 nd raguard trusted- By default, all ports are Add port to the trusted list. port untrusted MES1000, MES2000 Ethernet Switches...

  • Page 87: Dhcpv6 Guard Function Configuration

    - prefix-list – prefix-list name. ipv6 dhcp guard trusted- Add port to the trusted list. Trusted ports allow all types of port messages. By default, all ports are untrusted no ipv6 dhcp guard Delete port from trusted list. trusted-port MES1000, MES2000 Ethernet Switches...

  • Page 88: Protocol Configuration

    Show default domain name, DNS server list, static and cached matches between node names and IP addresses. show hosts [name] When network node name is used in command, the corresponding IP address will be shown. The name should contain from 1 to 158 characters. Example use of commands MES1000, MES2000 Ethernet Switches...

  • Page 89: Arp Protocol Configuration

    сonsole# configure console(config)# ip name-server 192.168.16.35 192.168.16.38 console(config)# ip domain-name eltex-sw-1 Define static match: network node with the name eltex.mes has IP address 192.168.16.39: сonsole# configure console(config)# ip host eltex.mes 192.168.16.39 5.16.2 ARP protocol configuration ARP (Address Resolution Protocol) is a channel-level interface that performs the identification of MAC address based on the IP address contained in the request.

  • Page 90: Gvrp Protocol Configuration

    -/disabled Disable GVRP protocol for the switch. no gvrp enable Ethernet interface configuration mode commands (interface range), port group interface Command line request in Ethernet interface, port group interface configuration mode appears as follows: console# configure MES1000, MES2000 Ethernet Switches...
  • Page 91 VLAN group. Privileged EXEC mode commands Command line request in privileged EXEC mode appears as follows: console# Table 5.75 —Privileged EXEC mode commands Command Value Action Clear collected GVRP statistics. gi_port: (1..3/0/1..28); clear gvrp statistics MES1000, MES2000 Ethernet Switches...

  • Page 92: Loopback Detection Mechanism (Loopback-Detection)

    Defines time in seconds, during which a VLAN will remain in based recovery-time the blocked state on port. (30..1000000) / disabled loopback-detection VLAN on port, on which the loop is detected, will not be vlan-based recovery-time unblocked automatically. MES1000, MES2000 Ethernet Switches...

  • Page 93: Stp Protocol Family (Stp, Rstp, Mstp)

    For isolated tree processing, the separate process is created for each tree in the system. The process matches the device ports that belong to the tree. Maximum allowed quantity of MSTP instances is given in Table 2.9. 5.16.5.1 STP, RSTP protocol configuration Global configuration mode commands MES1000, MES2000 Ethernet Switches...
  • Page 94 2*(Forward-Delay - 1) >= Max-Age >= 2*(Hello-Time + 1). Ethernet interface configuration mode commands, port group interface Command line request in Ethernet interface, port group interface configuration mode appears as follows: console(config-if)# MES1000, MES2000 Ethernet Switches...
  • Page 95 Method for defining the path value. Interface Long Short Port-channel 20000 Gigabit Ethernet (1000 Mbps) 20000 Fast Ethernet (100 Mbps) 200000 Process configuration mode commands Command line request in tree configuration mode appears as follows: console(config-mstp-process)# MES1000, MES2000 Ethernet Switches...
  • Page 96 Command line request in EXEC mode appears as follows: console# Table 5.85 —EXEC mode commands Command Value Action show spanning-tree bpdu Show BDPU packet processing mode for the interfaces. gi_port: {1..3/0/1..28}; [gigabitethernet gi_port | fa_port: {1..3/0/1..24}; fastethernet fa_port | group: {1..8}. port-channel group] MES1000, MES2000 Ethernet Switches...
  • Page 97 Save configuration and exit MSTP configuration mode. abort Discard configuration and exit MSTP configuration mode. Ethernet interface configuration mode commands, port group interface Command line request in Ethernet interface, port group interface configuration mode appears as follows: MES1000, MES2000 Ethernet Switches...
  • Page 98 Enable STP support, set the RSTP spanning tree priority value to 12288, forward-time interval 20 seconds, 'Hello' broadcast message transmission interval 5 seconds, spanning tree lifetime 38 seconds. console(config)# spanning-tree console(config)# spanning-tree mode rstp console(config)# spanning-tree priority 12288 console(config)# spanning-tree forward-time 20 console(config)# spanning-tree hello-time 5 MES1000, MES2000 Ethernet Switches...

  • Page 99: Flex-Link Function Configuration

    [forced | bandwidth| off] - bandwidth: upon establishing an interface, the interface with -/off the highest bandwidth will become active. - off: established interface will remain in a locked state. no flex-link preemption Restore the default value. mode MES1000, MES2000 Ethernet Switches...

  • Page 100: Eaps Protocol

    Identifier of VLAN being used for EAPS management. Also, the next successive VLAN identifier is used for secondary loop management. Master EAPS VLAN should not be used for 1..4093 transmission of other traffic types. no control-vlan Cancel VLAN assignment. MES1000, MES2000 Ethernet Switches...

  • Page 101: G.8032V2 (Erps) Protocol Configuration

    Table 5.96 —Global configuration mode commands Command Value/Default value Action erps Enable ERPS protocol operation. no erps Disable ERPS protocol operation. erps vlan vlan_id 1..4094 Create ERPS ring with VLAN R-APS identifier, that will be used MES1000, MES2000 Ethernet Switches...

  • Page 102: Exec Mode Commands

    Manual blocking of the specified west(east) port and -/no east(west) unblocking. no switch manual Disable manual blocking. abort Undo changes made since entry into the ring configuration mode. EXEC mode commands Command line request in EXEC mode appears as follows: console# MES1000, MES2000 Ethernet Switches...

  • Page 103: Lldp Protocol Configuration

    (1..10)/3 no lldp med fast-start Restore the default value. repeat-count lldp med network-policy number: (1..32); Define the rule for network-policy parameter (device network number application application: (voice, policy). This parameter is optional for LLDP MED protocol MES1000, MES2000 Ethernet Switches...
  • Page 104 If there are multiple IP addresses, the system will choose the starting IP address from dynamic IP address range. If dynamic addresses are not available, the system chooses the starting IP address from the available stactic IP address range. MES1000, MES2000 Ethernet Switches...
  • Page 105 Show TLVs LLDP restart state. overloading gi_port: (1..3/0/1..28); [gigabitethernet gi_port | fa_port: (1..3/0/1..24). fastethernet fa_port] show lldp neighbors Show information on the neighbouring devices with the active gi_port: (1..3/0/1..28); [gigabitethernet gi_port | LLDP protocol. fa_port: (1..3/0/1..24). fastethernet fa_port] MES1000, MES2000 Ethernet Switches...
  • Page 106 Define the delay between the subsequent LLDP frame transmissions, initiated by Tx delay changes of values or status. Port Port number. State Port operation mode for LLDP. TLV options being sent Possible values: Optional TLVs PD—port description SN—system name MES1000, MES2000 Ethernet Switches...
  • Page 107 Neighbouring device description. Port description Neighbouring device port description. Management address Device management address. Auto-negotiation Define, if the automatic port mode identification is supported. support Auto-negotiation status Define, if the automatic port mode identification support is enabled. MES1000, MES2000 Ethernet Switches...

  • Page 108: 10Oam Protocol Configuration

    - active—switch sends OAMPDU constantly - passive—switch will send OAMPDU only when OAMPDU are -/active present from the opposite device. no ethernet oam mode Restore the default value. ethernet-oam remote-failure -/enabled Enable 'remote-failure' events support and processing. MES1000, MES2000 Ethernet Switches...
  • Page 109 Show the state of one-way communication detection mechanism directional detection [interface gi_port: (1..3/0/1..28); for the selected interface. {gigabitethernet gi_port | fa_port: (1..3/0/1..24). fastethernet fa_port} ] Example execution of commands Show protocol state for gigabitethernet 1/0/3 port: console#show ethernet oam discovery interface GigabitEthernet 0/3 MES1000, MES2000 Ethernet Switches...

  • Page 110: 11Cfm Protocol Configuration

    (1..32) characters - level—CFM domain level level: (0..7)/0 no ethernet cfm domain Remove CFM domain (MD) with the 'name' name. name Domain configuration mode commands Command line request in domain configuration mode appears as follows: MES1000, MES2000 Ethernet Switches...
  • Page 111 - lower-mep-only—allows to exclude ports, where maintenance, is used by maintenance end point is created default - none—disable automatic creation of maintenance intermediate points (MIP) no mip auto-create Set the default value. MES1000, MES2000 Ethernet Switches...
  • Page 112 Command line request in privileged EXEC mode appears as follows: console# Table 5.111 —Privileged EXEC mode commands Command Value/Default value Action show ethernet cfm domain name: (1..32) characters Show information on the specific domain or all domains. [name] MES1000, MES2000 Ethernet Switches...

  • Page 113: Voice Vlan

    Siemens 00:60:B9 NEC/ Philips 00:0F:E2 Huawei-3COM 00:09:6E Avaya Voice VLAN can be activated on ports operating in trunk and general modes. Global configuration mode commands Command line request in global configuration mode appears as follows: console(config)# MES1000, MES2000 Ethernet Switches...
  • Page 114 Command line request in EXEC mode appears as follows: console# Table 5.114 —EXEC configuration mode commands Command Value/Default value Action show voice vlan gi_port: (1..3/0/1..28); [gigabitethernet gi_port | fa_port: (1..3/0/1..24); Show Voice VLAN state. fastethernet fa_port | group: (1..8) port-channel group] MES1000, MES2000 Ethernet Switches...

  • Page 115: Multicast Addressing

    | Ports are allowed to - remove—remove the port group/aggregated ports from the fastethernet fa_port | dynamically join the denying rule. port-channel group} multicast group by default. Interface listing should be delimited with '–' and ','. MES1000, MES2000 Ethernet Switches...
  • Page 116 - ip_multicast_address—multicast IP address ipv6_multicast_address fa_port: (1..3/0/1..24); - add—add ports to the group [[add | remove] group: (1..8) - remove—remove ports from the group gigabitethernet gi_port | Interface listing should be delimited with '–' and ','. fastethernet fa_port | MES1000, MES2000 Ethernet Switches...
  • Page 117 {forwarding | filtering} - forwarding—forward unregistered multicast packets -/forwarding - filtering—filter unregistered multicast packets no bridge multicast Restore the default value. unregistered Global configuration mode commands Command line request in global configuration mode appears as follows: console(config)# MES1000, MES2000 Ethernet Switches...
  • Page 118 Remove static/dynamic records from the multicast addressing clear mac address-table table. {dynamic| secure} gi_port: (1..3/0/1..28); - dynamic—remove dynamic records [interface fa_port: (1..3/0/1..24); - static—remove static records {gigabitethernet gi_port | group: (1..8) fastethernet fa_port |port- channel group} ] MES1000, MES2000 Ethernet Switches...
  • Page 119 [1..4094] for all VLAN interfaces. mode [vlan vlan_id] Show rules defined for multicast show bridge multicast reserved addresses. reserved-addresses View the current hash length in the MAC address table. show mac address-table mode MES1000, MES2000 Ethernet Switches...

  • Page 120: Igmp Snooping Function

    Function is disabled by default. no ip igmp snooping vlan Disable IGMP Snooping utilization by the switch for the vlan_id current VLAN interface. ip igmp snooping vlan vlan_id: (1..4094) Register multicast IP address in the multicast addressing table MES1000, MES2000 Ethernet Switches...
  • Page 121 {2 | 3} vlan_id: (1..4094) no ip igmp snooping vlan Restore the default value. vlan_id querier version ip igmp snooping vlan vlan_id: (1..4094) Define the source IP address for IGMP querier. vlan_id querier address MES1000, MES2000 Ethernet Switches...
  • Page 122 Enable forwarding of IGMP queries from client VLAN to switchport access Multicast VLAN and multicast traffic to client VLAN for the multicast-tv vlan vlan_id vlan_id: (1-4094) interface in 'access' mode. no switchport access Disable forwarding of IGMP queries from client VLAN to MES1000, MES2000 Ethernet Switches...
  • Page 123 (config)# ip igmp snooping console (config-if)# ip igmp snooping vlan 6 mrouter learn pim-dvmrp console (config)# interface vlan 6 console (config-if)# ip igmp snooping query-interval 100 console (config-if)# ip igmp robustness 4 console (config-if)# ip igmp query-max-response-time 15 MES1000, MES2000 Ethernet Switches...

  • Page 124: Mld Snooping-Multicast Traffic Control Protocol For Ipv6 Networks

    Remove mrouter ports. group: (1..8) vlan_id mrouter interface { gigabitethernet gi_port | fastethernet fa_port |port- channel group} Ipv6 mld snooping vlan Enable MLD Snooping Immediate-Leave process for the vlan_id: 1..4094/disable vlan_id immediate-leave current VLAN. MES1000, MES2000 Ethernet Switches...

  • Page 125: Vlan Interface

    Restore the default value. Table 5.127 —EXEC mode commands Command Value Action show ipv6 mld snooping vlan_id: 1..4094 Show information on registered groups according to filter groups [vlan vlan_id] parameters defined in the command. MES1000, MES2000 Ethernet Switches...

  • Page 126: Multicast Traffic Restriction Functions

    -/no permit no permit If mismatch to one of the defined ranges is found, IGMP- reports will be dropped. Ethernet interface configuration mode commands (interface range) Command line request in interface configuration mode appears as follows: console(config-if)# MES1000, MES2000 Ethernet Switches...

  • Page 127: Radius Authorization Of Igmp Queries

    Command line request in global configuration mode appears as follows: console(config)# Table 5.132 —Global configuration mode commands Command Value/Default value Action ip igmp snooping timeout : 0..10000 Set the lifetime in cache. If the value is equal to zero, lifetime MES1000, MES2000 Ethernet Switches...
  • Page 128 If the interface is defined in the command, cache records will gi_port: {1..3/0/1..28}; [gigabitethernet gi_port | be cleared for that interface. fa_port: {1..3/0/1..24}; fastethernet fa_port ] In the interface is not defined, the entire cache will be cleared. MES1000, MES2000 Ethernet Switches...

  • Page 129: Control Functions

    - line—use terminal password for authentication list_name: 1..12 characters - none—do not use authentication - radius—use RADIUS server list for authentication - tacacs—use TACACS server list for authentication If the console password is not defined, the access to MES1000, MES2000 Ethernet Switches...
  • Page 130 Method: the method list is set, the additional method will be applied login-authentication local, none, tacacs, only when the main authentication method will return the method1 [method2...] radius/local error. - local—by local database name MES1000, MES2000 Ethernet Switches...
  • Page 131 Called-Station-ID (30) IP address of the switch. Calling-Station-ID (31) User IP address. Acct-Session-ID (44) Unique accounting identifier. Acct-Authentic (45) Define the method for client authentication. Show the duration of user connection to the Acct-Session-Time (46) system. MES1000, MES2000 Ethernet Switches...
  • Page 132 Command line request in EXEC mode appears as follows: console> All commands from this section are available to the privileged users only. Table 5.140 —EXEC mode commands Command Action show accounting Show information on configured accounting methods. MES1000, MES2000 Ethernet Switches...

  • Page 133: Radius Protocol

    RADIUS protocol messages. Remove the specific IPv4 address used as the default source no radius-server source-ip address being sent in RADIUS protocol messages. Define IPv4 [ip_address] switch interface address as the source address for RADIUS protocol messages. MES1000, MES2000 Ethernet Switches...
  • Page 134 ------ ----- ------ ---------- ----- ---- 192.168.16.3 1645 1813 Global Global Global 196.168.16.3 1645 1813 Global Global Global Global values -------------- TimeOut : 5 Retransmit : 5 Deadtime : 10 Source IP : 0.0.0.0 Source IPv6 : :: MES1000, MES2000 Ethernet Switches...

  • Page 135: Tacacs+ Protocol

    Define the switch IP address used by default for message source_ip_address exchange with TACACS server no tacacs-server source-ip Define the switch interface IP address utilization for message source_ip_address exchange with TACACS server EXEC mode commands Command line request in EXEC mode appears as follows: console# MES1000, MES2000 Ethernet Switches...

  • Page 136: Simple Network Management Protocol (Snmp)

    1..32 characters - prefix-length—number of bits that comprise IPv4 address prefix format - ip-acl-name—name of the existing ACL list IPv4: A.B.C.D - groupname—define the name of the group, that IPv6: X:X:X:X::X should be pre-configured with the snmp-server MES1000, MES2000 Ethernet Switches...
  • Page 137 - exclude—OID is excluded from the filter rule snmp-server filter filter-name [oid] Remove SNMP filter rule. snmp-server host {ipv4_address | hostname: Define settings for inform and trap notification ipv6_address| hostname} (1..158) characters message transmission to SNMPv1/v2 server. MES1000, MES2000 Ethernet Switches...
  • Page 138 MAC addresses. -/disabled no snmp-server enable traps mac- Disables SNMP trap message transmission on notification change changes in table of learnt MAC addresses. snmp-server enable traps storm- -/enabled Enables SNMP trap message transmission upon MES1000, MES2000 Ethernet Switches...
  • Page 139 SNMP server with the address 192.168.16.3 in private community. console# configure console (config)# snmp-server enable console (config)# snmp-server contact support@eltex.nsk.ru console (config)# snmp-server location ”Okruzhnaya 29v” console (config)# snmp-server community-string public ro console (config)# snmp-server сommunity-string private rw 192.168.16.3...

  • Page 140: Remote Network Monitoring Protocol (Rmon)

    - owner —alarm event creator name no rmon alarm index Remove alarm event trigger criteria. MES1000, MES2000 Ethernet Switches...
  • Page 141 [event] Show RMON remote monitoring record table. (0..65535) - event—event index Example execution of commands  Show 10th Ethernet interface statistics of the first device in the stack: сonsole# show rmon statistics gigabitethernet 1/0/10 MES1000, MES2000 Ethernet Switches...
  • Page 142 (w/o frame bits, but with checksum bits).  Show information on statistics group for port 8: сonsole# show rmon collection stats gigabitethernet 1/0/8 Index Interface Interval Requested Samples Granted Samples Owner ----- --------- -------- ----------------- --------------- ------------------- 1/0/8 Eltex MES1000, MES2000 Ethernet Switches...
  • Page 143 1518 bytes (w/o frame bits, but with checksum bits), but formed correctly in other respects. Quantity of packets received during the record generation period, with length less Fragments than 64 bytes (w/o frame bits, but with checksum bits), that have invalid checksum MES1000, MES2000 Ethernet Switches...
  • Page 144 Sample Type threshold at the end point of the control interval. delta method—value of the variable collected in the last selection will be deducted from the current value and MES1000, MES2000 Ethernet Switches...
  • Page 145 Time and date of the last event generation. If no events has been generated, this Last time sent value will be equal to zero. Show RMON remote monitoring record table. console# show rmon log Maximum table size: 100 Event Description Time ----- ----------- -------------------- Errors Nov 10 2009 18:48:33 MES1000, MES2000 Ethernet Switches...

  • Page 146: Acl Access Lists For Device Management

    {ipv4_address | service: {telnet, ssh, ipv6_address/prefix-length} snmp, http, https} [mask {mask| prefix-length}] [gigabitethernet gi_port | fastethernet fa_port |port- channel group|vlan vlan_id] [service service] Define the restriction criteria for the access control list. deny gi_port: (1..3/0/1..28); MES1000, MES2000 Ethernet Switches...

  • Page 147: Access Configuration

    Restore the default value. ip ssh pubkey-auth Enable public key utilization for incoming SSH sessions. Public key utilization is no ip ssh pubkey-auth Disable public key utilization for incoming SSH sessions. disabled by default. MES1000, MES2000 Ethernet Switches...
  • Page 148 Command line request in individual public key generation mode appears as follows: console# configure console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key eltex rsa console(config-pubkey-key)# Table 5.163 —Individual public key generation mode commands Command Action key-string Create the public key for the specific user. MES1000, MES2000 Ethernet Switches...
  • Page 149 Show HTTP server state show ip https Show HTTPS server state Example execution of commands Enable SSH server on the switch. Enable public key utilization. Create RSA key for eltex user: console# configure console(config)# ip ssh server console(config)# ip ssh pubkey-auth...
  • Page 150 (0..59) seconds/ 10 minutes no exec-timeout Restore the default value. EXEC mode commands Command line request in EXEC mode appears as follows: console# Table 5.167 —EXEC mode commands Command Action show line Show the terminal parameters. [console|telnet|ssh] MES1000, MES2000 Ethernet Switches...

  • Page 151: Alarm Log, Syslog Protocol

    Enable control access events registration. Registration is enabled by no management logging default. Disable control access events registration. deny logging aggregation on Enable syslog message aggregation control. no logging aggregation on Disable syslog message aggregation. MES1000, MES2000 Ethernet Switches...
  • Page 152 Example use of commands  Enable error message registration at the console: console# configure console (config)# logging on console (config)# logging console errors  Clear the log file: console# clear logging file Clear Logging File [y/n]y MES1000, MES2000 Ethernet Switches...

  • Page 153: Port Mirroring (Monitoring)

    VLAN. vlan_id: (1..4096) Monitoring port should not belong to the configured VLAN. VLAN monitoring may be enabled only when there is a single controlling port configured for the system. MES1000, MES2000 Ethernet Switches...
  • Page 154 1/0/13 console(config-if)# port monitor gigabitethernet 1/0/18  Show information on monitored and controlling ports. console# show ports monitor Source Port Destination Port Type Status ----------- ---------------- ------- ---------- gi1/0/18 gi1/0/13 RX,TX notReady MES1000, MES2000 Ethernet Switches...

  • Page 155: Sflow Function

    EXEC mode commands Command line request in EXEC mode appears as follows: console> Table 5.176 —Commands available in EXEC mode Command Value/Default value Action show sflow configuration Show sflow settings. gi_port: (1..3/0/1..28); MES1000, MES2000 Ethernet Switches...

  • Page 156: Physical Layer Diagnostics Functions

    The green-ethernet mode is enabled by default. Permissible measurement accuracy is defined by line parameters variety and amounts up to 6m. Privileged EXEC mode commands Command line request in privileged EXEC mode appears as follows: console# MES1000, MES2000 Ethernet Switches...
  • Page 157 Test failed—physical fault OK—pair is OK Open—break Short—pair contacts are shorted Impedance-mismatch—impedance mismatch (line attenuation is too large) Short-with-pair—pairs are shorted together Not tested—testing is not performed  Show the last testing results: console# show cable-diagnostics tdr MES1000, MES2000 Ethernet Switches...

  • Page 158: Optical Transceiver Diagnostics

    (current, input- values parameter high-alarm syslog/snmp-trap message generation for the specific power, output-power, high-warning low-warning parameter. temperature, voltage) low-alarm - current Values for: - input-power current: (0-131000) uA input-power: (-40000- - output-power 8200) mdBm - temperature MES1000, MES2000 Ethernet Switches...
  • Page 159 Table 5.182—Optical transceiver diagnostics parameters Parameter Value Temp Transceiver temperature. Voltage Transceiver power voltage. Current Current deviation for transmission. Output Power Output power for transmission (mW). Input Power Input power for receiving (mW). Loss of signal. MES1000, MES2000 Ethernet Switches...

  • Page 160: Ip Service Level Agreements (Ip Sla)

    Go to operation configuration context. index: (1..20) no ip sla operation index Remove an existing IP SLA operation. Privileged EXEC mode commands Command line request in privileged EXEC mode appears as follows: console# MES1000, MES2000 Ethernet Switches...

  • Page 161: Icmp Echo Operation

    [source-address source- gi_port(1..3/0/1..24); - source-address—IPv4 address used for placement into ICMP address] [source-interface fa_port: (1..3/0/1..24); packet header, optional parameter source-interface] - source-interface—port for sending packets, optional parameter You can define target-address, source-address, and source-interface parameters only at MES1000, MES2000 Ethernet Switches...
  • Page 162 Latest operation return code: completion code of the last executed operation:  OK: previous operation has been completed successfully.  Failed: measurement attempt has failed. Latest latency value: value of the last successfully measured ICMP packet transit time. MES1000, MES2000 Ethernet Switches...

  • Page 163: Udp Jitter Operation

    - target-port : destination UDP port; should match UDP port, port source-port] [num- num-packets: (1-1000)/10 configured on the responder. packets num-packets] packets - source-address: IPv4 address used for placement into UDP [interval interval] interval: (1-60000)/20 ms packet header. MES1000, MES2000 Ethernet Switches...
  • Page 164 Latency Min/Avg/Max: 5/7/24 ms Latency one-way values: Number of SD Latency samples: 0 Number of DS Latency samples: 0 Source to Destination Latency one way Min/Avg/Max: 0/0/0 ms Source to Destination Latency one way Sum: 0 ms MES1000, MES2000 Ethernet Switches...
  • Page 165 Out Of Sequence: number of packets returned out of sequence. Number of successes: number of successfully completed operations. Number of failures: number of failed operations. Failed operations: counters that show the number of measurement operations completed with the respective error code. MES1000, MES2000 Ethernet Switches...

  • Page 166: Green Ethernet Configuration

    Enable the power saving mode for the port permanently. force -/disabled no green-ethernet short- Enable the power saving mode for the port permanently. reach force Privileged EXEC mode commands Command line request in Privileged EXEC mode appears as follows: console# MES1000, MES2000 Ethernet Switches...

  • Page 167: Power Over Ethernet (Poe)

    LU—interface is in the UP state LD—interface is in the DOWN state LL—cable length exceeds the threshold value LT—optical interface MES1000, MES2000 Ethernet Switches...
  • Page 168 Define the power limit for the selected port. power inline limit power Power: {0..30000}/30000 Restore the default power limit value. no power inline limit The maximum power limit is set by default. MES1000, MES2000 Ethernet Switches...
  • Page 169 Description of the displayed power supply parameters is listed in the table. Table 5.196—Power supply status parameters. Power Status of the PoE power supply subsystem Nominal Power Rated power of the PoE subsystem power supply unit MES1000, MES2000 Ethernet Switches...
  • Page 170 Classification of the connected device according to IEEE 802.3af, IEEE 802.3at standards Overload Counter Power overload event counter Short Counter Short circuit event counter Denied Counter Power supply denied event counter Absent Counter Powered device absence event counter Invalid Signature Connected PoE device classification error counter Counter MES1000, MES2000 Ethernet Switches...

  • Page 171: Security Functions

    Disable security function for the interface. port security mode {max- Enable the MAC address learning restriction mode for the addresses | lock} -/lock configured interface. - max-addresses—remove the current dynamically learnt MES1000, MES2000 Ethernet Switches...

  • Page 172: Port-Based Client Authentication (802.1X Standard)

    Only authenticated and authorized users will be able to send and receive the data. Port user authentication is performed by RADIUS server and EAP (Extensible Authentication Protocol). Global configuration mode commands Command line request in global configuration mode appears as follows: console(config)# MES1000, MES2000 Ethernet Switches...
  • Page 173 Restore the default value. dot1x max-req count Specify the maximum number of attempts for protocol request transfer to EAP client before the new authentication 1..10/2 process execution. no dot1x max-req Restore the default value. MES1000, MES2000 Ethernet Switches...
  • Page 174 Force Authorized Authorized* Disabled 3600 gi0/10 Force Authorized Authorized* Disabled 3600 gi0/11 Force Authorized Authorized Disabled 3600 gi0/12 Force Authorized Authorized* Disabled 3600 gi0/13 Force Authorized Authorized* Disabled 3600 gi0/14 Force Authorized Authorized* Disabled 3600 MES1000, MES2000 Ethernet Switches...
  • Page 175 The period between the recurrent EAP request transfers to client. The period, during which the switch will wait for response from authentication Server timeout server. Session Time The that the user is connected to the device. Mac address User MAC address. MES1000, MES2000 Ethernet Switches...
  • Page 176 The first authentication option, when the port-based authentication requires only a single client authentication so that all clients will be able to access the system (multiple hosts mode), and the second option, when the authentication requires authentication of all clients connected to the MES1000, MES2000 Ethernet Switches...
  • Page 177 802.1x authentication: {default | human} - default: default value, enumeration is consistent with internal ifIndexes. -/default - human: port enumeration begins with 1 (as on the front panel). no dot1x radius-attributes Restore the default value. nas-port format-type MES1000, MES2000 Ethernet Switches...
  • Page 178 Enables Tunnel-Private-Group-ID (81) option processing in vlan RADIUS server messages. -/disabled no dot1x radius-attributes Disables Tunnel-Private-Group-ID (81) option processing in vlan RADIUS server messages. VLAN configuration mode commands Command line request in VLAN interface configuration mode appears as follows: console(config-if)# MES1000, MES2000 Ethernet Switches...

  • Page 179: Dhcp Protocol Management And Option 82

    DHCP Option 82 allows to inform DHCP server about the DHCP Relay Agent and its port, that were involved in transmission of the particular request. It is used for establishing matches between IP addresses and switch ports, and ensuring protection from attacks via DHCP. Option 82 contains additional MES1000, MES2000 Ethernet Switches...
  • Page 180 Specify the access-node_id identifier of option 82. format-type access-node-id node_id node_id: 1..32 characters no ip dhcp information Set the default value. option format-type access- node-id ip dhcp information option remote_id: (1..32) Specifies the Option 82 remote_id identifier. format-type remote-id characters/- MES1000, MES2000 Ethernet Switches...
  • Page 181 Action ip dhcp snooping trust Add the interface into the trusted interface list, when DHCP The interface is not trusted management is used. Trusted interface DHCP traffic is deemed by default. as safe and not controlled. MES1000, MES2000 Ethernet Switches...
  • Page 182 | port- group: (1..8) channel group] Show matches from the DHCP management file (database). show ip dhcp snooping gi_port: (1..3/0/1..28); binding fa_port: (1..3/0/1..24); [mac-address mac_address] group: (1..8) [ip-address ip_address ] vlan_id: (1..4094) [vlan vlan_id] MES1000, MES2000 Ethernet Switches...

  • Page 183: Client Ip Address Protection (Ip-Source Guard)

    MAC address and VLAN group for the selected ip_address interface in the command. gi_port: (1..3/0/1..28); {gigabitethernet gi_port | fa_port: (1..3/0/1..24); fastethernet fa_port | vlan_id: (1..4094); port-channel group} group: (1..8) no ip source-guard binding Remove static record from the match table. mac_address vlan_id MES1000, MES2000 Ethernet Switches...
  • Page 184 (1..3/0/1..28); [ip-address ip_address ] fa_port: (1..3/0/1..24); [vlan vlan_id] vlan_id: (1..4094); [gigabitethernet gi_port | group: (1..8) fastethernet fa_port | port- channel group] show ip source-guard Command shows inactive sender IP addresses. inactive Example execution of commands MES1000, MES2000 Ethernet Switches...

  • Page 185: Arp Management (Arp Inspection)

    Destination MAC address: For ARP responses, MAC address in the Ethernet header is compared to the destination address in the ARP content to check if they match. IP address: ARP packet content is checked for incorrect IP addresses. MES1000, MES2000 Ethernet Switches...
  • Page 186 Show ARP Inspection configuration for the selected gi_port: (1..3/0/1..28); [gigabitethernet gi_port | interface/all interfaces. fa_port: (1..3/0/1..24) fastethernet fa_port | group: (1..8) port-channel group] show ip arp inspection list Show static IP and MAC address match lists (this command is MES1000, MES2000 Ethernet Switches...

  • Page 187: Mac Address Notification Function Configuration

    The maximum time interval between SNMP notification mac address-table transmissions. If the interval value equals 0, the generation of notification change [0..4294967295]/1 notifications and events saving to history will be performed interval {value} immediately right after MAC address table state change MES1000, MES2000 Ethernet Switches...
  • Page 188 (config)# mac address-table notification change console (config)# mac address-table notification change interval 60 console (config)# mac address-table notification change history 100 console (config)# interface gigabitethernet 0/7 console (config-if)# snmp trap mac-notification change console (config-if)# exit console (config)# MES1000, MES2000 Ethernet Switches...

  • Page 189: Dhcp Relay Mediation Features

    Table 5.228 —Ethernet interface configuration mode commands Command Value Action ip dhcp relay information Define the processing mode for DHCP packets with Option 82. -/global policy {keep | replace | - keep: skip packets unchanged MES1000, MES2000 Ethernet Switches...

  • Page 190: Pppoe Intermediate Agent Configuration

    (MTU) sent by PPPoE IA in PADO or PADS packets is 128 characters format-type exceeded. The command in negative form restores the default generic-error-message setting. Contains the «PPPoE word MES1000, MES2000 Ethernet Switches...
  • Page 191 Displays statistics of PPPoE Intermediate Agent. If the agent statistics [interface fa_port: (1..3/0/1..24); command does not explicitly specify an interface, it is {gigabitethernet gi_port | po: (1…8). performed for all interfaces with enabled PPPoE IA and trusted MES1000, MES2000 Ethernet Switches...

  • Page 192: Dhcp Server Configuration

    Defines the time period for the DHCP server to wait for a response to the ICMP request which has been sent to the time: (300– 1000)/500 address. msec no ip dhcp ping timeout Sets the default value. MES1000, MES2000 Ethernet Switches...
  • Page 193 Defines the default list of routers for a DHCP client. The list of routers is not ip_address_list - ip_address_list: list of TFTP server IP addresses; may defined by default. contain up to 8 space-delimited entries. MES1000, MES2000 Ethernet Switches...

  • Page 194: Privileged Exec Mode Commands

    Deletes records from the table which binds physical addresses { ip_address | *} with the addresses taken from the pool and assigned by the DHCP server: - ip_address—IP address assigned by the DHCP server; *—delete all records. MES1000, MES2000 Ethernet Switches...

  • Page 195: Acl Configuration (Access Control Lists)

    The ACL & SQinQ mode enables simultaneous TCAM resource utilization by multiple services. TCAM distribution across the services is performed automatically. To estimate TCAM utilization, use the 'show system resources tcam' command. ACLs for IPv6, IPv4 and MAC addresses should have different names. MES1000, MES2000 Ethernet Switches...
  • Page 196 [profile profile_id] physical interface and binds the list to the interface. access_list: 1..32 The 'profile' parameter is available in acl only characters mode only profile_id: 0..2 no service-acl input Removes the list from the interface. [profile profile_id] MES1000, MES2000 Ethernet Switches...

  • Page 197: Ipv4 Acl Configuration

    EltexAL console(config-ip-al)# — Table 5.242 Main parameters of commands Parameter Value Action permit Permit Creates a permitting filtration rule in ACL. deny Deny Creates a denying filtration rule in ACL. MES1000, MES2000 Ethernet Switches...
  • Page 198 Possible message codes of the icmp_code field: (0–255). igmp_type Type of IGMP messages used for IGMP packets filtration. Possible message codes of the igmp_type field: host-query, IGMP message type host-report, dvmrp, pim, cisco-trace, host-report-v2, host- leave-v2, host-report-v3 or the message type number (0–255). MES1000, MES2000 Ethernet Switches...
  • Page 199 Adds a permit filtration record for the ICMP protocol. Packets which fulfil {any|source_ip source_ip -wildcard} the record's requirements will be processed by the switch. {any|destination_ip destination_ip_wildcard} {any|icmp_type} {any|icmp_code} [dscp dscp | ip-precedence precedence] [time-range range_name] [index index] [offset-list offset_list_name] MES1000, MES2000 Ethernet Switches...
  • Page 200 [time-range range_name] [disable-port|log-input] [index index] [offset-list offset_list_name] deny udp {any| source_ip source_ip_wildcard} Add the denying filtering record for UDP protocol. Packets that meet the {any| source_port} record conditions will be blocked by the switch. When the keyword MES1000, MES2000 Ethernet Switches...

  • Page 201: Ipv6 Acl Configuration

    It is used for filtration of ICMP packets. Possible message codes and values of the icmp_type field: destination- unreachable (1), packet-too-big (2), time-exceeded (3), ICMP message type parameter-problem (4), echo-request (128), echo-reply (129), mld-query (130), mld-report (131), mldv2-report (143), mld- done (132), router-solicitation (133), router-advertisement MES1000, MES2000 Ethernet Switches...
  • Page 202 Adds a permit filtration record for the ICMP protocol. Packets which fulfil permit icmp the record's requirements will be processed by the switch. {any|source_prefix/length} { any|destination_prefix/length} {any|icmp_type} {any|icmp_code} [dscp dscp | precedence precedence] [time-range time_name] [offset-list offset_list_name] MES1000, MES2000 Ethernet Switches...
  • Page 203 One command may contain up to 4 templates having the following parameters: offset_base—basic offset. Possible values: L3—beginning of the IPv4 header, L4—end of the IPv4 header. offset—byte offset within a packet. Basic offset is considered as a starting point. MES1000, MES2000 Ethernet Switches...

  • Page 204: Mac Acl Configuration

    The index indicates position of the rule in a table. The lower Rule index the index, the higher is the priority (1–2,147,483,647). In order to select the whole range of parameters except dscp and ip-precedence, the any parameter is used. MES1000, MES2000 Ethernet Switches...

  • Page 205: Access List Time Range Configuration (Time-Range)

    Parameter Value Action absolute start hh:mm day month year Set the absolute time and date, when the access list takes hh:mm: (0..23):(0..5) effect. day: 1..31 month: Jan .. Dec no absolute start Remove the time limit MES1000, MES2000 Ethernet Switches...

  • Page 206: Configuration Of Protection From Dos Attacks

    Command line in the interface configuration mode for Ethernet interface and a group of ports appears as follows: console (config-if)# Table 5.250 Command for configuration of interface protection from DoS attacks Command Value Action security-suite deny Creates/removes a rule denying traffic which fulfils criteria. {fragmented|icmp|syn} - fragmented—fragmented packets; MES1000, MES2000 Ethernet Switches...

  • Page 207: Quality Of Services (Qos)

    FIFO queue buffer, i. e. such packets will be permanently lost. This can be solved by organising queues by traffic priority. The QoS mechanism (Quality of Service) implemented in MES1000, MES2000 switches allows organisation of 4 queues by packets priority depending on the type of data being sent.
  • Page 208 1: 3 lower queues will be considered in WRR, the 4th one will by default. not; 2: 2 lower queues will be considered in WRR, the 3th and the 4th ones will not. no priority-queue out Sets the default value. MES1000, MES2000 Ethernet Switches...
  • Page 209 (0–63), Fills in the table of repeated DSCP marking. Sets new DSCP in-dscp to out-dscp values for incoming packets with specified DSCPs. out-dscp: (0–63) - in-dscp—defines up to 8 DSCP values separated by spaces. MES1000, MES2000 Ethernet Switches...
  • Page 210 Valid for the qos advanced mode only. no class class-map-name Removes a class-map traffic classification rule from the policy- map strategy. Commands of the Configuration Mode for Classification Rules Command line request in the configuration mode for classification rules appears as follows: MES1000, MES2000 Ethernet Switches...
  • Page 211 Commands for Interface Configuration of Ethernet Interface and a Group of Ports Command line request in the interface configuration mode for Ethernet interface and a group of ports appears as follows: console(config-if)# MES1000, MES2000 Ethernet Switches...
  • Page 212 Valid for the qos advanced mode only. Displays configuration of average rate and bandwidth limit for traffic classification rules. show qos Valid for the qos advanced mode only. aggregate-policer [aggregate-policer-name] Displays interface QoS parameters. show qos interface [buffers - vlan_id—VLAN number (1–4049); MES1000, MES2000 Ethernet Switches...

  • Page 213: Qos Statistics

    Table 5.257 Global configuration mode commands Command Value/Default Value Action qos statistics Enables QoS statistics for bandwidth limitation. aggregate-policer (1–32) characters aggregate-policer-name QoS statistics is disabled by no qos statistics Disables QoS statistics for bandwidth limitation. default. aggregate-policer aggregate-policer-name MES1000, MES2000 Ethernet Switches...
  • Page 214 QoS statistics is disabled by default. EXEC Mode Commands Command line request in the EXEC mode appears as follows: console# — Table 5.259 EXEC mode commands Command Action clear qos statistics Clears QoS statistics. Displays QoS statistics. show qos statistics MES1000, MES2000 Ethernet Switches...

  • Page 215: Service Menu, Change Of Software

    This procedure is used to recover lost password, it allows to connect to the device without Procedure password. <3> To recover password press <3> key, during next connecting to device the password will be Password Recovery ignored. Procedure Current password will be ignored! MES1000, MES2000 Ethernet Switches...
  • Page 216 1 stands for independent mode, Setting device value 2 stands for stacking mode, operation mode To return to stack menu, press [enter] key. ==== Press Enter To Continue ==== To exit the menu press<4>key Back <4> Exit from menu MES1000, MES2000 Ethernet Switches...

  • Page 217: Update Of Software From Tftp Server

    1. With command copy copy new file of the software to device in assigned section of memory (image2). Format of the command: copy tftp:// tftp_ip_address/[directory/]filename image Sample of command execution: console# copy tftp://192.168.16.34/file1 image Accessing file `file1’ on 192.168.16.34 Loading file1 from 192.168.16.34: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Copy took 00:01:11 [hh:mm:ss] MES1000, MES2000 Ethernet Switches...

  • Page 218: Update Of Loading File Of The Device (Initial Loader)

    Software update procedure: 1. With help of command copy copy new loading file to the device. Command format: copy tftp://tftp_ip_address/[directory/]filename boot. console# copy tftp://192.168.16.34/332448-10018.rfb boot Erasing file..done. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Copy: 2739187 bytes copied in 00:01:18 [hh:mm:ss] MES1000, MES2000 Ethernet Switches...
  • Page 219 2. Reboot the switch by command reload. console# reload This command will reset the whole system and disconnect your current session. Do you want to continue (y/n) [n]? Confirm reboot by entering " y" MES1000, MES2000 Ethernet Switches...

  • Page 220: Appendix A Samples Of Use And Configuration Of Device

    1/0/1-2 console(config-if)# switchport mode trunk console(config-if)# switchport trunk allowed vlan add 10,20,30,40,50,60 console(config-if)# exit console(config)# spanning-tree mst configuration console(config-mst)# name sandbox console(config-mst)# instance 1 add vlan 10,20,30 console(config-mst)# instance 2 add vlan 40,50,60 console(config-mst)# exit MES1000, MES2000 Ethernet Switches...
  • Page 221 You haven't saved your changes. Are you sure you want to continue ? (Y/N)[N] Y This command will reset the whole system and disconnect your current session. Do you want to continue ? (Y/N)[N] Y Shutting down ... console# configure console(config)# interface vlan 1 console(config-if)# no ip address MES1000, MES2000 Ethernet Switches...

  • Page 222: Configuration Of Selective-Qinq

    VLAN except for multicast-tv VLAN. Users can only receive multi address traffic from multicast-tv VLAN and cannot transfer data in this VLAN. Besides multicast traffic source port of the switch shall be configured, this port shall be member of multicast-tv VLAN. MES1000, MES2000 Ethernet Switches...
  • Page 223 Sample of configuration of the port in customer mode This type of communication can be used for marking users’ IGMP reports of specific VLAN (CVLAN) with specific external marks (SVLAN). 1. Enable filtration of multi address data: console(config)# bridge multicast filtering MES1000, MES2000 Ethernet Switches...

  • Page 224: Configuration Of Igmp Query Authorization Via Radius

    = mestest nastype = cisco shortname = private 2. '/etc/freeradius/users' file contents 001B214FF81F Cleartext-Password := "001B214FF81F", NAS-PORT == 1, Framed- IP-Address =~ "233.7.*.*", NAS-IP-Address == "10.113.113.2" Switch Settings console(config)# bridge multicast filtering console(config)# vlan database MES1000, MES2000 Ethernet Switches...
  • Page 225 1/0/4 console(config)# switchport mode trunk console(config)# switchport trunk allowed vlan add 30 console(config)# exit console(config)# interface vlan 1 console(config)# ip address 10.113.113.2 255.255.255.0 console(config)# no ip address dhcp console(config)# exit MES1000, MES2000 Ethernet Switches...

  • Page 226: Appendix B Typical Buildings Of Networks On Basis Of Eaps Protocol

    In topology of network 3 rings (can be 2 or more) and 2 common hubs between them. In this case it is required to define EAPS domain and establish one ring as main and rest of rings - as secondary. MES1000, MES2000 Ethernet Switches...
  • Page 227 3. Topology several domains with common "rings" In network topology 2 rings (can be more than two) with one common hub. In this case it is required to define EAPS domain for each ring. MES1000, MES2000 Ethernet Switches...

  • Page 228: Appendix C Description Of Switch Processes

    Processing of stack status commands: adding master/slave, studying topology, update of software version of the slave BSNC Automatic function for synchronization of master and slave in stack BOXM Additional actions in stack (receipt of information about stack, indication, messages exchange, change of unit id) MES1000, MES2000 Ethernet Switches...
  • Page 229 Processing of intercepted fragmented IP packages ICMP Realization of ICMP protocol TFTP Realization of TFTP protocol IPRD Supplementary task for ARP, RIP, OSPF DNSC DNS client PNGA Ping realization UDPR UDP relay TRCE Trace route realization SSLP Realization of SSL MES1000, MES2000 Ethernet Switches...
  • Page 230 Server and Relay Agent DHCP DHCp DHCP-ping IPMT Management of IP multicast routing and igmp proxy MSCm Manager for working with terminal sessions STSA CLI session through COM port STSB STSC CLI session through VLAN STSD STSE MES1000, MES2000 Ethernet Switches...
  • Page 231 +7(383) 272-83-31 E-mail: techsupp@eltex.nsk.ru In official website of the Eltex Ltd. you can find technical documentation and software for products, advert to knowledge base, leave your interactive inquiry or ask for consultation from engineers of Service center in our technical forum: http://www.eltex.nsk.ru/en/...

This manual is also suitable for:

Mes2000

Table of Contents