SMC Networks SMC EZ Switch 10/100/1000 SMCGS8P-Smart Management Manual

SMC Networks SMC EZ Switch 10/100/1000 SMCGS8P-Smart Management Manual

Smc networks ethernet switch management guide
Hide thumbs Also See for SMC EZ Switch 10/100/1000 SMCGS8P-Smart:
Table of Contents

Advertisement

TigerSwitch 10/100/1000
Gigabit Ethernet Switch
12 auto-MDI/MDI-X 10/100/1000BASE-T ports
4 ports shared with 4 SFP transceiver slots
Non-blocking switching architecture
Support for a redundant power unit
Spanning Tree Protocol
Up to six LACP or static 4-port trunks
Layer 2/3/4 CoS support through four priority queues
Full support for VLANs with GVRP
IGMP multicast filtering and snooping
Support for jumbo frames up to 9 KB
Manageable via console, Web, SNMP/RMON

Management Guide

SMC8612T

Advertisement

Table of Contents
loading

Summary of Contents for SMC Networks SMC EZ Switch 10/100/1000 SMCGS8P-Smart

  • Page 1: Management Guide

    TigerSwitch 10/100/1000 Gigabit Ethernet Switch 12 auto-MDI/MDI-X 10/100/1000BASE-T ports 4 ports shared with 4 SFP transceiver slots Non-blocking switching architecture Support for a redundant power unit Spanning Tree Protocol Up to six LACP or static 4-port trunks Layer 2/3/4 CoS support through four priority queues...
  • Page 3 TigerSwitch 10/100/1000 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 July 2003 Pub. # 150200034800A...
  • Page 4 Irvine, CA 92618 All rights reserved. Printed in Taiwan Trademarks: SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
  • Page 5 IMITED ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller.
  • Page 6 * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase. SMC Networks, Inc. 38 Tesla Irvine, CA 92618...
  • Page 7: Table Of Contents

    Switch Management 1-1 Connecting to the Switch ......1-1 Configuration Options ......1-1 Required Connections .
  • Page 8 Displaying Bridge Extension Capabilities ..2-31 Displaying Switch Hardware/Software Versions ..2-34 Port Configuration ....... 2-36 Displaying Connection Status .
  • Page 9 Statically Configuring a Trunk ....2-104 Configuring SNMP ....... 2-106 Setting Community Access Strings Specifying Trap Managers .
  • Page 10 ONTENTS disable ........3-15 configure ....... . . 3-16 show history .
  • Page 11 show users ....... . . 3-53 show version ....... 3-54 Authentication Commands .
  • Page 12 ONTENTS parity ........3-88 speed ........3-89 stopbits .
  • Page 13 spanning-tree protocol-migration ....3-126 spanning-tree link-type ..... . . 3-127 show spanning-tree .
  • Page 14 ONTENTS queue cos-map ......3-163 show queue bandwidth ..... . .3-165 show queue cos-map .
  • Page 15: Switch Management

    (CLI). Note: The IP address for this switch is assigned via DHCP by default. To change this address, see “Setting an IP Address”...
  • Page 16 WITCH ANAGEMENT The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions: • Set user names and passwords for up to 16 users • Set an IP interface for a management VLAN •...
  • Page 17: Required Connections

    A null-modem console cable is provided with the switch. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in Appendix C.
  • Page 18: Remote Connections

    DHCP or BOOTP protocol. The IP address for this switch is assigned via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 1-7.
  • Page 19: Basic Configuration

    CLI at the Privileged Exec level. Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps: 1.
  • Page 20: Setting Passwords

    Passwords can consist of up to eight alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows: 1. Open the console interface with the default user name and password “admin”...
  • Page 21: Setting An Ip Address

    Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router. Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.
  • Page 22 WITCH ANAGEMENT Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: • IP address for the switch • Default gateway for the network • Network mask for this network...
  • Page 23 DHCP values can include the IP address, subnet mask, and default gateway.) If the “bootp” or “dhcp” option is saved to the startup-config file, then the switch will start broadcasting service requests as soon as it is powered on. To automatically configure the switch by communicating with...
  • Page 24: Enabling Snmp Management Access

    The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
  • Page 25 SNMP management access to the switch is disabled. To prevent unauthorized access to the switch via SNMP, it is recommended that you change the default community strings. To configure a community string, complete the following steps: 1.
  • Page 26: Saving Configuration Settings

    Saving Configuration Settings Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in non-volatile storage, you must copy the running configuration file to the start-up configuration file using the “copy”...
  • Page 27: Managing System Files

    Startup configuration file name []: startup Console# Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
  • Page 28: System Defaults

    WITCH ANAGEMENT Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows. In the system flash memory, one file of each type must be set as the start-up file.
  • Page 29 Function Parameter HTTP Server Management HTTP Port Number SNMP Community Strings Authentication Failure Traps Link-up-Down Traps Security Privileged Exec Level Normal Exec Level Enable Privileged Exec from Normal Exec Level Authentication Console Port Baud Rate Connection Data bits Stop bits Parity Local Console Timeout 0 (disabled) YSTEM...
  • Page 30 WITCH ANAGEMENT Function Port Status Link Aggregation Static Trunks Spanning Tree Protocol Address Table Virtual LANs 1-16 Parameter Admin Status Auto-negotiation Flow Control 10/100/1000 Mbps Port Capability LACP (all ports) Status Fast Forwarding Aging Time Default VLAN PVID Acceptable Frame Type Ingress Filtering GVRP (global)
  • Page 31 Function Parameter Class of Service Ingress Port Priority Weighted Round Robin Class 0: 16 IP Precedence Priority IP DSCP Priority Multicast IGMP Snooping Filtering Act as Querier Broadcast Storm Status Protection Broadcast Limit Rate System Log Status Messages Logged Messages Logged to Flash Jumbo Frames Status...
  • Page 32 WITCH ANAGEMENT 1-18...
  • Page 33: Configuring The Switch

    Telnet. For more information on using the CLI, refer to Chapter 3 “Command Line Interface.” Prior to accessing the switch from a Web browser, be sure you have first performed the following tasks: 1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection, BOOTP or DHCP protocol.
  • Page 34: Navigating The Web Browser Interface

    Exec level), you can apply changes on all pages. 3. If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Protocol, then you can set the switch port attached to your management station to fast forwarding to improve the switch’s response time to...
  • Page 35: Home Page

    Home Page When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.
  • Page 36: Panel Display

    Panel Display The Web agent displays an image of the switch’s ports, indicating whether each link is up or down. Clicking on the image of a port opens the Port Configuration page as described on page 2-38.
  • Page 37: Main Menu

    Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu System System Information Provides basic system description,...
  • Page 38 Configures individual port settings for STP Configures individual trunk settings for STP Configures individual port settings for STP Configures individual trunk settings for STP Displays basic information on the VLAN type supported by this switch Page 2-38 2-41 2-42 2-45...
  • Page 39 Menu VLAN Current Table Shows the current port members of each VLAN Static List VLAN Static Table VLAN Static Membership by Port VLAN Port Configuration VLAN Trunk Configuration Priority Default Port Priority Sets the default priority for each port Default Trunk Priority Traffic Class Queue Scheduling...
  • Page 40: Basic Configuration

    VLAN ID Assigns ports that are attached to a neighboring multicast router/switch Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID Indicates multicast addresses associated with the selected VLAN Lists Ethernet and RMON port statistics...
  • Page 41 Command Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system.
  • Page 42 ONFIGURING THE WITCH Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows you to access the Command Line Interface via Telnet.) 2-10...
  • Page 43: Setting The Ip Address

    Console# Setting the IP Address An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s...
  • Page 44 Management VLAN – This is the only VLAN through which you can gain management access to the switch. By default, all ports on the switch are members of VLAN 1, so a management station can be connected to any port on the switch. However, if other VLANs are configured and you change the Management VLAN, you may lose management access to the switch.
  • Page 45: Manual Configuration

    Web – Click System, IP. Specify the Management VLAN, set the IP Address Mode to DHCP or BOOTP. Then click Apply to save your changes. The switch will broadcast a request for IP configuration settings on the next power reset. Otherwise, you can click Restart DHCP to immediately request a new address.
  • Page 46: Security

    Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service.
  • Page 47 administrator password as soon as possible, and store it in a safe place. (If for some reason your password is lost, you can reload the factory deafults file to restore the default passwords as described in “Troubleshooting Chart” on page A-1.) The default guest name is “guest”...
  • Page 48: Configuring Radius/Tacacs+ Logon Authentication

    Console(config)#username bob password 0 smith Console(config)# Configuring RADIUS/TACACS+ Logon Authentication You can configure this switch to authenticate users logging into the system for management access using local, RADIUS, or TACACS+ authentication methods. RADIUS and TACACS+ are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS+-aware devices on the network.
  • Page 49 • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. •...
  • Page 50 RADIUS server. (Range: 1-30; Default: 2) • Timeout for a reply (secs) – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5) 2-18...
  • Page 51 Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI. ECURITY...
  • Page 52 ONFIGURING THE WITCH Web – Click System, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply. 2-20...
  • Page 53: Configuring Https

    Communication key with tacacs server: green Server port number: 200 Console(config)# Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface.
  • Page 54 (Default: Enabled) • HTTPS Port — Specifies the UDP port number used for HTTPS/SSL connection to the switch’s Web interface. The default is port 443. Web – Click System, HTTPS Settings. Select Enabled for the HTTPS Status and specify the port number, then click Apply.
  • Page 55: Replacing The Default Secure-Site Certificate

    If you want this warning to be replaced by a message confirming that the connection to the switch is secure, you must obtain a unique certificate and a private key and password from a recognized certification authority.
  • Page 56: Configuring Ssh

    ONFIGURING THE WITCH Note: The switch must be reset for the new certificate to be activated. To reset the switch, type: Console#reload Configuring SSH The Secure Shell (SSH) server feature provides remote management access via encrypted paths between the switch and SSH-enabled management station clients.
  • Page 57: Cli Commands

    Web – Click System, SSH Settings. Select Enabled for the SSH Server Status, specify the authentication timeout and number of retries, then click Apply. CLI Commands CLI – Enter the following commands to configure the SSH service. Console(config)#ip ssh server Console(config)#ip ssh timeout 100 Console(config)#ip ssh authentication-retries 5 Console(config)#...
  • Page 58: Managing Firmware

    You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.
  • Page 59 Web – Click System, Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Transfer from Server.
  • Page 60: Saving Or Restoring Configuration Settings

    CLI – Enter the IP address of the TFTP server, select config or opcode file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file TFTP server ip address: 10.1.0.99...
  • Page 61 Web – Click System, Configuration. Enter the IP address of the TFTP server, enter the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Transfer from Server.
  • Page 62: Copying The Running Configuration To A File

    WITCH CLI – Enter the IP address of the TFTP server, specify the source file on the server, and set the startup file name on the switch. If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch.
  • Page 63: Displaying Bridge Extension Capabilities

    GARP VLAN Registration Protocol (GVRP). Command Attributes • Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol). •...
  • Page 64 (i.e., multiple Spanning Trees). • GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering. •...
  • Page 65 Web – Click System, Bridge Extension. CLI – Enter the following command. Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Enabled...
  • Page 66: Displaying Switch Hardware/Software Versions

    Loader Version – Version number of loader code. • Boot-ROM Version – Version number of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master (i.e., operating stand-alone). 2-34...
  • Page 67 Web – Click System, Switch Information. CLI – Use the following command to display version information. Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status :not present Agent(master) Unit id Loader version Boot rom version Operation code version :2.0.0.19...
  • Page 68: Port Configuration

    ONFIGURING THE WITCH Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/ duplex mode, flow control, and auto-negotiation. Command Attributes • Name – Interface label. •...
  • Page 69 Web – Click Port, Port Information or Trunk Information. Modify the required interface settings, and click Apply. CLI – This example shows the connection status for Port 13. Console#show interfaces status ethernet 1/13 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-00-11-11-22-2F Configuration: Name:...
  • Page 70: Configuring Interface Connections

    ONFIGURING THE WITCH Configuring Interface Connections You can use the Trunk Configuration or Port Configuration page to enable/disable an interface, manually fix the speed and duplex mode, set flow control, set auto-negotiation, and set the interface capabilities to advertise. Command Attributes •...
  • Page 71 - FC - Supports flow control. Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem.
  • Page 72 ONFIGURING THE WITCH Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 Console(config-if)#shutdown Console(config-if)#no shutdown Console(config-if)#no negotiation Console(config-if)#speed-duplex 100half Console(config-if)#flowcontrol...
  • Page 73: Setting Broadcast Storm Thresholds

    The default threshold is 256 packets per second. • Broadcast control does not effect IP multicast traffic. • The specified threshold applies to all ports on the switch. Command Attributes • Threshold – Threshold as percentage of port bandwidth. (Range: 16, 64, 128, or 256 packets per second; Default: 256 packets per second) •...
  • Page 74: Configuring Port Mirroring

    ONFIGURING THE WITCH Web – Click Port, Port Broadcast Control. Set the threshold for all ports, and then click Apply. CLI – Specify the required interface, and then enter the threshold. The following sets broadcast suppression at 128 packets per second on port 1.
  • Page 75 The mirror port and monitor port speeds must match, otherwise traffic may be dropped from the monitor port. • The switch supports only one port mirror session. Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the target port, then click Add.
  • Page 76: Configuring Port Security

    Console(config-if)#port monitor ethernet 1/11 Console(config-if)# Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port.
  • Page 77 • It can be configured as an LACP trunk port, but the switch does not allow the LACP trunk to be enabled. Note: A port that is already configured as an LACP or static trunk port cannot be enabled as a secure port.
  • Page 78: Port Security Configuration

    WITCH Port Security Configuration On the Port/Port Security Status page, you can enable/disable security for any switch port. For each port number listed in the “Port” column, you can configure the following parameter: • Security Status — Enables or disables port security on the port.
  • Page 79: Address Table Settings

    Setting Static Addresses A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
  • Page 80 MAC address and VLAN, then click Add Static Address. CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset. Console(config)#mac-address-table address 00-e0-29-94-34-de ethernet 1/1 vlan 1 delete-on-reset...
  • Page 81: Displaying The Address Table

    Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address is forwarded directly to the associated port.
  • Page 82 ONFIGURING THE WITCH Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., Interface, MAC Address, or VLAN), the method of sorting the displayed addresses, then click Query. For example, the following screen shows the dynamic addresses for port 5. CLI –...
  • Page 83: Changing The Aging Time

    The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (i.e., an STP-compliant switch, bridge or...
  • Page 84 RSTP – Rapid Spanning Tree Protocol (IEEE 802.1w). STP uses a distributed algorithm to select a bridging device (STP-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device.
  • Page 85: Stp Information

    Protocol is currently enabled on the switch. • Bridge ID — Identifies a unique identifier for the switch in the Spanning Tree. The ID is calculated using the defined Spanning Tree priority of the switch and its MAC address. The lower the Bridge ID, the more likely the switch will act as the root.
  • Page 86 Spanning Tree that the switch has accepted as the root device. - Root Port — Specifies the port number on the switch that is closest to the root. The switch communicates with the root device through this port. If there is no root port, the switch has been accepted as the root device of the Spanning Tree network.
  • Page 87 • Root Hold Time* – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. • Configuration Changes — Specifies the number of times the Spanning Tree has been reconfigured. •...
  • Page 88 ONFIGURING THE WITCH CLI – This example shows the current Spanning Tree settings. Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.) Root Forward Delay (sec.) Designated Root...
  • Page 89: Stp Configuration

    RSTP node transmits, as described below: • STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
  • Page 90 - Range: 0-61440, in steps of 4096 - Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 • Hello Time — Interval (in seconds) at which the switch transmits a configuration message. - Default: 2 - Minimum: 1 - Maximum: The lower of 10 or [(Max.
  • Page 91 • Forward Delay — The maximum time (in seconds) the switch will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state;...
  • Page 92 ONFIGURING THE WITCH Web – Click Spanning Tree, STP Configuration. Modify the required attributes, then click Apply. CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes. Console(config)#spanning-tree mode rstp Console(config)#spanning-tree Console(config)#spanning-tree forward-time 15 Console(config)#spanning-tree hello-time 2 Console(config)#spanning-tree max-age 20 Console(config)#spanning-tree priority 40000 Console(config)#spanning-tree pathcost method long...
  • Page 93: Stp Port And Trunk Information

    - A port on a network segment with no other STA compliant bridging device is always forwarding. - If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
  • Page 94 Spanning Tree. • Designated Port — The priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.
  • Page 95 • Designated root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. • Fast forwarding – This field provides the same information as Admin Edge port, and is only included for backward compatibility with earlier products.
  • Page 96 ONFIGURING THE WITCH • Admin Edge Port – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state.
  • Page 97: Stp Port And Trunk Configuration

    CLI – This example displys the current Spanning Tree status of a port. Console#show spanning-tree ethernet 1/5 1/ 5 information -------------------------------------------------------------- Admin status Role State Path cost Priority Designated cost Designated port Designated root Designated bridge Fast forwarding Forward transitions Admin edge port Oper edge port Admin Link type...
  • Page 98 • Priority — Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.
  • Page 99 - Point-to-Point — A connection to exactly one other bridge. - Shared — A connection to two or more bridges. - Auto — The switch automatically determines if the interface is attached to a point-to-point link or to shared media.
  • Page 100 • Migration — Re-checks the appropriate BPDU format to send on the selected interface. If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode.
  • Page 101 Web – Click Spanning Tree, STP Port Configuration or STP Trunk Configuration. Modify the required attributes, then click Apply. CLI – This example sets STP attributes for port 5. Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 128 Console(config-if)#spanning-tree cost 19 Console(config-if)#spanning-tree link-type auto Console(config-if)#no spanning-tree edge-port Console#spanning-tree protocol-migration ethernet 1/5 Console#...
  • Page 102: Vlan Configuration

    ONFIGURING THE WITCH VLAN Configuration In conventional networks with routers, broadcast traffic is split up into separate domains. Switches do not inherently support broadcast domains. This can lead to broadcast storms in large networks that handle traffic such as IPX or NetBEUI. By using IEEE 802.1Q-compliant VLANs, you can organize any group of network nodes into separate broadcast domains, thus confining broadcast traffic to the originating group.
  • Page 103: Assigning Ports To Vlans

    VLAN-aware network devices along the path that will carry this traffic to the same VLAN(s), either manually or dynamically using GVRP. However, if you want a port on this switch to participate in one or more VLANs, but none of the intermediate network devices nor the host at the other end of the connection supports VLANs, then you should add this port to the VLAN as an untagged port.
  • Page 104 VLANs, and then forward the message to all other ports. When the message arrives at another switch that supports GVRP, it will also place the receiving port in the specified VLANs, and pass the message on to all other ports.
  • Page 105: Forwarding Tagged/Untagged Frames

    Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you need to create a VLAN for that group and enable tagging on all ports.
  • Page 106: Displaying Basic Vlan Information

    Displaying Basic VLAN Information Command Attributes • VLAN Version Number – The VLAN version used by this switch as specified in the IEEE 802.1Q standard. (Web interface only.) • Maximum VLAN ID – Maximum VLAN ID recognized by this switch.
  • Page 107: Displaying Current Vlans

    Up Time at Creation – Time this VLAN was created; i.e., System Up Time. • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP. - Permanent: Added as a static entry.
  • Page 108 Command Attributes for CLI Interface • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. •...
  • Page 109: Creating Vlans

    Console# Creating VLANs Use The VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes •...
  • Page 110 ONFIGURING THE WITCH • Status – Shows if this VLAN is enabled or disabled (Web). - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e., does not pass packets. • State – Shows if this VLAN is enabled or disabled (CLI). - Active: VLAN is operational.
  • Page 111: Adding Interfaces Based On Membership Type

    VLAN via the GVRP protocol. (Note that VLAN 1 is the default untagged VLAN containing all ports on the switch, and cannot be modified via this page.) You can use the VLAN Static Table to assign ports to the specified VLAN group as an IEEE 802.1Q tagged port.
  • Page 112 ONFIGURING THE WITCH • Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk: - Tagged: Interface is a member of the VLAN. All packets transmitted by the port will be tagged, that is, carry a tag and therefore carry VLAN or CoS information.
  • Page 113 Web – Click VLAN, VLAN Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks. Click Apply. CLI –...
  • Page 114: Adding Interfaces Based On Static Membership

    ONFIGURING THE WITCH Adding Interfaces Based on Static Membership Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface add an interface to the selected VLAN as a tagged member. Command Attributes • Interface – Port or trunk identifier. •...
  • Page 115: Configuring Vlan Behavior For Interfaces

    CLI – This example adds Port 3 to VLAN 1 as a tagged port, and removes Port 3 from VLAN 2. Console(config)#interface ethernet 1/3 Console(config-if)#switchport allowed vlan add 1 tagged Console(config-if)#switchport allowed vlan remove 2 Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers.
  • Page 116 BPDU frames, such as GMRP. • GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect. (See “Displaying Bridge Extension Capabilities” on page 2-31.) When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.
  • Page 117 • GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time. This ensures that after a Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group.
  • Page 118 ONFIGURING THE WITCH Web – Click VLAN, VLAN Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply. CLI – This example sets port 1 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
  • Page 119: Class Of Service Configuration

    Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
  • Page 120 ONFIGURING THE WITCH Command Attributes • Default Priority – The priority that is assigned to untagged frames received on the specified port. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffers provided for each port. Web –...
  • Page 121: Mapping Cos Values To Egress Queues

    The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network.
  • Page 122 ONFIGURING THE WITCH Priority Level 0 (default) • Priority – CoS value. (Range: 0 to 7, where 7 is the highest priority) • Traffic Class – Output queue buffer. (Range: 0 - 3, where 3 is the highest CoS priority queue) 2-90 Traffic Type Background...
  • Page 123: Priority Queue

    Web – Click Priority, Traffic Classes. Assign priorities to the output queues, then click Apply. CLI – The following example shows how to map CoS values 0, 1 and 2 to CoS priority queue 0, value 3 to CoS priority queue 1, values 4 and 5 to CoS priority queue 2, and values 6 and 7 to CoS priority queue 3.
  • Page 124: Setting The Service Weight For Traffic Classes

    ONFIGURING THE WITCH Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 2-89, the traffic classes are mapped to one of the four egress queues provided for each port.
  • Page 125: Mapping Layer 3/4 Priorities To Cos Values

    IP Precedence or six bits for Differentiated Services Code Point (DSCP) service. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.
  • Page 126: Selecting Ip Precedence/Dscp Priority

    ONFIGURING THE WITCH Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes • IP Precedence/DSCP Priority Status – Selects IP Precedence, DSCP, or disables both priority services.
  • Page 127 network control, and the other bits for various application types. ToS bits are defined in the following table. Priority Level Command Attributes • IP Precedence Priority Table – Shows the IP Precedence to CoS map. • Class of Service Value – Maps a CoS value to the selected IP Precendence value.
  • Page 128 ONFIGURING THE WITCH Web – Click Priority, IP Precedence Priority. Select an IP Precedence value from the IP Precedence Priority Table by clicking on it with your cursor, enter a value in the Class of Service Value field, and then click Apply. Be sure to also select IP Precedence from the IP Precedence/DSCP Priority Status menu.
  • Page 129: Mapping Dscp Priority

    CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 on port 5, and then displays all the IP Precedence settings for that port. (Note that the setting is global and applies to all ports on the switch.)
  • Page 130 ONFIGURING THE WITCH that all the DSCP values that are not specified are mapped to CoS value 0. IP DSCP Value 10, 12, 14, 16 18, 20, 22, 24 26, 28, 30, 32, 34, 36 38, 40, 42 46, 56 Command Attributes •...
  • Page 131 LASS OF ERVICE ONFIGURATION Web – Click Priority, IP DSCP Priority. Select a DSCP priority value from the DSCP Priority Table by clicking on it with your cursor, enter a value in the Class of Service Value field, and then click Apply.
  • Page 132: Port Trunk Configuration

    WITCH CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 1 to CoS value 0 on port 5, and then displays all the DSCP Priority settings for that port. (Note that the setting is global and applies to all ports on the switch.)
  • Page 133 • You can create up to six trunks on the switch, with up to four ports per trunk. • The ports at both ends of a connection must be configured as trunk ports.
  • Page 134: Dynamically Configuring A Trunk With Lacp

    ID. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
  • Page 135 RUNK ONFIGURATION Web – Click Trunk, LACP Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply. 2-103...
  • Page 136: Statically Configuring A Trunk

    • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. The static trunks on this switch are Cisco EtherChannel compatible. • To avoid creating a loop in the network, be sure you add a...
  • Page 137 ONFIGURATION Web – Click Trunk, Trunk Configuration. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add. After you have completed adding ports to the member list, click Apply.
  • Page 138: Configuring Snmp

    ONFIGURING THE WITCH CLI – This example creates trunk 1 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 1 Console(config-if)#exit Console(config)#interface ethernet 1/11 Console(config-if)#channel-group 1...
  • Page 139: Setting Community Access Strings

    submit a valid community string for authentication. The options for configuring community strings and related trap functions are described in the following sections. Setting Community Access Strings You may configure up to five community strings authorized for management access. For security reasons, you should consider removing the default strings.
  • Page 140 ONFIGURING THE WITCH Web – Click SNMP, SNMP Configuration. Enter a new string in the Community String box and select the access rights from the Access Mode drop-down list, then click Add. CLI – The following example adds the string “spiderman” with read/write access.
  • Page 141: Specifying Trap Managers

    SNMP notifications, you must enter at least one host IP address. • The switch can send SNMP version 1 or version 2c traps to a host IP address, depending on the SNMP version that the management station supports. The default is to send SNMP version 1 traps.
  • Page 142: Snmp Ip Filtering

    Console(config)#snmp-server host 10.1.19.23 batman Console(config)#snmp-server enable traps authentication SNMP IP Filtering The switch allows you to create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software.
  • Page 143 IP address group is specified by the mask. Note: The default setting is null, which allows all IP groups SNMP access to the switch. If one IP address is configured, the IP filtering is enabled and only addresses in the IP group will have SNMP access.
  • Page 144 ONFIGURING THE WITCH Web – Click SNMP, SNMP IP Filtering. To add an IP address, type the new IP address in the IP Address box, type the appropriate subnet mask in the Subnet Mask box, and then click “Add IP Filtering Entry.”...
  • Page 145: Multicast Configuration

    It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service. This procedure is called multicast filtering.
  • Page 146 IGMP Query – A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/switch on the LAN performing IP multicasting, one of these devices is elected “querier” and assumes the role of querying the LAN for group members.
  • Page 147 IGMP Report Delay — Sets the time (in seconds) between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out of that port and removes the entry from its list. (Default: 10, Range: 5 - 30) •...
  • Page 148 ONFIGURING THE WITCH Web – Click IGMP, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply. (The default settings are shown below.) CLI – This example modifies the settings for multicast filtering, and then displays the current status. Console(config)#ip igmp snooping Console(config)#ip igmp snooping querier Console(config)#ip igmp snooping query-count 10...
  • Page 149: Interfaces Attached To A Multicast Router

    You can use the Multicast Router Port Information page to display the ports on this switch attached to a neighboring multicast router/ switch for each VLAN ID. Displaying Interfaces Attached to a Multicast Router Command Attributes •...
  • Page 150: Specifying Interfaces Attached To A Multicast Router

    IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups.
  • Page 151: Displaying Port Members Of Multicast Services

    Web – Click IGMP, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add. After you have completed adding interfaces to the list, click Apply. CLI –...
  • Page 152 VLAN group. Web – Click IGMP, IP Multicast Registration Table. Select the VLAN ID and multicast IP address. The switch will display all the ports that are propagating this multicast service. CLI – This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresponding services.
  • Page 153: Adding Multicast Addresses To Vlans

    IGMP Parameters” on page 2-113. For certain application that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
  • Page 154: Showing Device Statistics

    WITCH Web – Click IGMP, IGMP Member Port Table. Specify the interface attached to a multicast service (via an IGMP-enabled switch or multicast router), indicate the VLAN that will propagate the multicast service, specify the multicast IP address, and then click Add.
  • Page 155 This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of different frame types and sizes passing through each port.
  • Page 156 ONFIGURING THE WITCH Parameter Received Errors Transmit Octets Transmit Unicast Packets Transmit Multicast Packets Transmit Broadcast Packets Transmit Discarded Packets Transmit Errors Etherlike Statistics Alignment Errors Late Collisions 2-124 Description The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
  • Page 157 Parameter FCS Errors Excessive Collisions Single Collision Frames The number of successfully transmitted frames Internal MAC Transmit Errors Multiple Collision Frames Carrier Sense Errors SQE Test Errors Frames Too Long Deferred Transmissions A count of frames for which the first transmission Internal MAC Receive Errors HOWING...
  • Page 158 ONFIGURING THE WITCH Parameter RMON Statistics Drop Events Jabbers Received Bytes Collisions Received Frames Broadcast Frames Multicast Frames CRC/Alignment Errors Undersize Frames Oversize Frames Fragments 2-126 Description The total number of events in which packets were dropped due to lack of resources. The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either an FCS...
  • Page 159 Parameter 64 Bytes Frames 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames HOWING Description The total number of frames (including bad packets) received and transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
  • Page 160 ONFIGURING THE WITCH Web – Click Statistics, Port Statistics. Select the required interface, and then click Query. You can also use the Refresh button at the bottom of the page to update the screen. 2-128...
  • Page 161: 801.1X Port Authentication

    CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 17027...
  • Page 162 RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. • Each switch port that will be used must be set to dot1x “Auto” mode. • Each client requiring authentication must have 802.1x client software installed and be properly configured.
  • Page 163: 802.1X Port Configuration

    802.1x Port Configuration The 802.1x protocol includes parameters that control the client authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
  • Page 164 (Default: Disabled) • Max Req — Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session. (Range: 1-10; Default 2) •...
  • Page 165 • Trunk — Indicates if the port is configured as a trunk port. To save any changes you make in this page, click Apply Changes. If you don’t want to save the changes, click Refresh CLI – This example shows configurable features for port 13. Console(config)#interface ethernet 1/13 Console(config-if)#dot1x port-control auto Console(config-if)#dot1x re-authentication...
  • Page 166: 802.1X Statistics

    ONFIGURING THE WITCH 802.1x Statistics The 802.1x protocol includes statistics for 802.1x protocol exchanges for any port. Statistical Values Parameter Rx EXPOL Start Rx EAPOL Logoff Rx EAPOL Invalid Rx EAPOL Total Rx EAP Resp/Id Rx EAP Resp/Oth Rx EAP LenError Rx Last EAPOLVer Rx Last EAPOLSrc Tx EAPOL Total...
  • Page 167 801.1X P UTHENTICATION 2-135...
  • Page 168 ONFIGURING THE WITCH 2-136...
  • Page 169: Command Line Interface

    (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch’s command-line interface (CLI) is very similar to entering commands on a UNIX system.
  • Page 170: Telnet Connection

    (10.1.0) and a host portion (1). To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example: Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.1 255.255.255.0...
  • Page 171 After you configure the switch with an IP address, you can open a Telnet session by performing these steps. 1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2. At the prompt, enter the user name and system password. The CLI will display the “Vty-0#”...
  • Page 172: Entering Commands

    OMMAND NTERFACE Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,”...
  • Page 173: Command Completion

    Command Completion If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “configure” example, typing con followed by a tab will result in printing the command up to “configure.” Getting Help on Commands You can display a brief description of the help system by entering the help command.
  • Page 174: Partial Keyword Lookup

    Secure shell The system configuration of starting up Information of system Login by tacacs server Display information about terminal lines System hardware and software status Switch VLAN Virtual Interface Information of interfaces counters Information of interfaces status Information of interfaces switchport...
  • Page 175: Negating The Effect Of Commands

    not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.” Console#show s? snmp Console#show s Negating the Effect of Commands For many configuration commands you can enter the prefix keyword “no”...
  • Page 176: Exec Commands

    * You must be in Privileged Exec mode to access any of the configuration modes. Exec Commands When you open a new console session on switch with the user name “guest,” the system enters Normal Exec command mode (or guest mode). Only a limited number of the commands are available in this mode.
  • Page 177: Configuration Commands

    Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in nonvolatile storage, use the copy running-config startup-config command.
  • Page 178: Command Line Processing

    OMMAND NTERFACE To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter Interface, Line Configuration, or VLAN mode, you must enter the “interface ...,”...
  • Page 179 character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing: Keystroke Ctrl-A Ctrl-B Ctrl-E Ctrl-F Ctrl-P Ctrl-U Ctrl-W Delete key or backspace key Function Shifts cursor to start of command line. Shifts cursor to the left one character.
  • Page 180: Command Groups

    Configures the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time Configures Spanning Tree settings for the switch 3-113 Configures VLAN settings, and defines port membership for VLAN groups Configures GVRP settings that permit automatic VLAN learning;...
  • Page 181 Command Description Group IGMP Snooping Configures IGMP multicast filtering, querier eligibility, query parameters, and specifies ports attached to a multicast router Priority Sets port priority for untagged frames, relative weight for each priority queue, also sets priority for IP precedence and DSCP Mirror Port Mirrors data to another port for analysis without affecting the data passing through or the...
  • Page 182: General Commands

    OMMAND NTERFACE General Commands Command enable disable configure reload exit quit help enable Use this command to activate Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 3-7. Syntax enable [level] level - Privilege level to log into the device.
  • Page 183: Disable

    Use this command to return to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode.
  • Page 184: Configure

    (3-14) configure Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, and VLAN Database Configuration.
  • Page 185: Show History

    show history Use this command to show the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 20 commands. Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history:...
  • Page 186: Reload

    Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue <y/n>? y Use this command to return to Privileged Exec mode. Default Setting...
  • Page 187: Exit

    Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode: Console(config-if)#end Console# exit Use this command to return to the previous configuration mode or exit the configuration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI...
  • Page 188: Flash/File Commands

    3-20 Function Copies a code image or a switch configuration to or from Flash memory or a TFTP server Deletes a file or code image Displays a list of files in Flash memory Displays the files booted...
  • Page 189: Copy

    When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation. The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection.
  • Page 190 (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) • The number of user-defined configuration files is limited only by available Flash memory space.
  • Page 191: Delete

    Startup configuration file name [startup]: Console# This example shows how to copy a secure-site certificate from an TFTP server. It then reboots the switch to activate the certificate: Console#copy tftp https-certificate TFTP server ip address: 10.1.0.19 Source certificate file name: SS-certificate...
  • Page 192: Dir

    The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file • config - Switch configuration file • opcode - Run-time operation code image file. • filename - Name of the file or image. If this file exists but contains errors, information on this file cannot be shown.
  • Page 193: Whichboot

    Command Mode Privileged Exec Command Usage • If you enter the command dir without any parameters, the system displays all files. • File information is shown below: Column Heading file name file type startup size Example The following example shows how to display all file information: Console#dir -------------------------------- -------------- ------- ----------- Factory_Default_Config.cfg...
  • Page 194: Boot System

    OMMAND NTERFACE Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the table on the previous page for a description of the file information displayed by this command. Console#whichboot file name ----------------- -------------- ------- ----------- diag_0060 Boot-Rom image run_0200 Operation Code startup...
  • Page 195: System Management Commands

    Specifies or modifies the host name for the device Sets user name authentication at login various privilege levels Allows jumbo frames to pass through the switch Specifies the port to be used by the Web browser interface ANAGEMENT OMMANDS Mode Page...
  • Page 196 3-28 Function Allows the switch to be monitored or configured from a browser Enables the HTTPS server on the switch GC Specifies the UDP port number used for HTTPS connection to the switch’s Web interface Enables the SSH server on the switch...
  • Page 197: Hostname

    Command System Status Commands show startup-config show running-config show system show users show version hostname Use this command to specify or modify the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host.
  • Page 198: Username

    OMMAND NTERFACE username Use this command to require user name authentication at login. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password} no username name • name - The name of the user. Up to 8 characters, case sensitive.
  • Page 199: Enable Password

    Command Usage The encrypted password is required for compatiblity with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example This example shows how the set the access level and password for a user.
  • Page 200: Jumbo Frame

    Example Console(config)#enable password level 15 0 admin Console(config)# Related Commands enable (3-14) jumbo frame Use this command to enable jumbo frames through the switch. Use the no form to disable jumbo frames. Syntax jumbo frame no jumbo frame Default Setting...
  • Page 201: Ip Http Port

    Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9000 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
  • Page 202: Ip Http Server

    OMMAND NTERFACE Command Mode Global Configuration Example Console(config)#ip http port 769 Console(config)# Related Commands ip http server (3-34) ip http server Use this command to allow this device to be monitored or configured from a browser. Use the no form to disable this function.
  • Page 203: Ip Http Secure-Server

    Use this command to enable the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface. Use the no form to disable this function. Syntax...
  • Page 204: Ip Http Secure-Port

    Related Commands ip http secure-port (3-36) ip http secure-port Use this command to specify the UDP port number used for HTTPS/SSL connection to the switch’s Web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port port_number –...
  • Page 205: Ip Ssh

    (3-35) ip ssh Use this command to configure authentication control parameters for the Secure Shell (SSH) server on this switch. Use the no form to restore the default settings. Syntax ip ssh {[timeout seconds] | [authentication-retries count]} no ip ssh {[timeout] | [authentication-retries]} •...
  • Page 206: Ip Ssh Server

    OMMAND NTERFACE Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase. Once an SSH session has been established, the timeout for user input is controlled by the exec-timeout command for vty sessions.
  • Page 207: Disconnect Ssh

    • The SSH server uses RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption. Example Console(config)#ip ssh server...
  • Page 208: Show Ssh

    OMMAND NTERFACE show ssh Use this command to display the current Secure Shell (SSH) server connections. Command Mode Privileged Exec Command Usage This command shows the following information: • Session – The session number. (Range: 0-3) • Username – The user name of the client. •...
  • Page 209: Logging On

    Command Mode Global Configuration Command Usage The logging process controls error messages saved to switch memory or sent to remote syslog servers. You can use the logging history command to control the type of error messages that are stored in memory. The logging trap command controls the type of error messages that are sent to specified syslog servers.
  • Page 210: Logging History

    (3-42) logging trap (3-45) clear logging (3-47) logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
  • Page 211 Level Argument Level Description errors warnings notifications informational debugging * There are only Level 2, 5 and 6 error messages for the current firmware release. Default Setting Flash: errors (level 3 - 0) RAM: warnings (level 7 - 0) Command Mode Global Configuration Command Usage The message level specified for Flash memory must be a higher...
  • Page 212: Logging Host

    OMMAND NTERFACE logging host Use this command to add a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax logging host host_ip_address no logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Command Mode...
  • Page 213: Logging Facility

    logging facility Use this command to set the facility type for remote logging of syslog messages. Use the no form to return the type to the default. Syntax logging facility type no logging facility type type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service.
  • Page 214 OMMAND NTERFACE Messages sent include the selected level up through level 0. Level Argument Level Description emergencies alerts critical errors warnings notifications informational debugging Default Setting Level 3 - 0 Command Mode Global Configuration Example Console(config)#logging trap 4 Console(config)# 3-46 System unusable Immediate action needed...
  • Page 215: Clear Logging

    clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] • flash - Event history stored in Flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
  • Page 216: Show Startup-Config

    OMMAND NTERFACE Default Setting None Command Mode Privileged Exec Example Console#show logging flash Syslog logging: Disable History logging in FLASH: level errors Console#show logging trap Syslog logging: Enable REMOTELOG status: enable REMOTELOG facility type: local use 3 REMOTELOG level type: Warning conditions REMOTELOG server ip address: 10.1.0.3 REMOTELOG server ip address: 10.1.0.4 REMOTELOG server ip address: 0.0.0.0...
  • Page 217 Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...
  • Page 218: Related Commands

    OMMAND NTERFACE Example Console#show startup-config building startup-config, please wait... snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1/1...
  • Page 219: Show Running-Config

    show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory.
  • Page 220: Show System

    OMMAND NTERFACE Example Console#show running-config building running-config, please wait... snmp-server community private rw snmp-server community public ro ip http port interface vlan 1 ip address 10.1.0.1 255.255.255.0 no bridge 1 spanning-tree line console line vty Console# Related Commands show startup-config (3-48) show system Use this command to display system information.
  • Page 221: Show Users

    DRAM Test ...PASS I2C Initialization...PASS Runtime Image Check ...PASS PCI Device Check ...PASS Switch Driver Initialization...PASS Switch Internal Loopback Test...PASS ------------------- DONE -------------------- Console# show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client.
  • Page 222: Show Version

    OMMAND NTERFACE Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users Username accounts: Username Privilege -------- --------- guest admin Online users: Line ----------- -------- ----------------- --------------- console vty 0 Console#...
  • Page 223: Authentication Commands

    Boot rom version Operation code version :1.0.1.3 Console# Authentication Commands You can configure the switch to authenticate users logging into the system for management access using local or authentication-server methods. Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+)
  • Page 224: Authentication Login

    OMMAND NTERFACE Command RADIUS Client radius-server host radius-server port radius-server key radius-server retransmit radius-server timeout Sets the interval between sending show radius-server TACACS+ Client tacacs-server host tacacs-server port tacacs-server key show tacacs-server authentication login Use this command to define the login authentication method and precedence.
  • Page 225 Command Mode Global Configuration Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server. •...
  • Page 226: Radius-Server Host

    OMMAND NTERFACE radius-server host Use this command to specify the RADIUS server. Use the no form to restore the default. Syntax radius-server host host_ip_address no radius-server host host_ip_address - IP address of a RADIUS server. Default Setting 10.1.0.1 Command Mode Global Configuration Example Console(config)#radius-server host 192.168.1.25...
  • Page 227: Radius-Server Key

    Example Console(config)#radius-server port 181 Console(config)# radius-server key Use this command to set the RADIUS encryption key. Use the no form to restore the default. Syntax radius-server key key_string no radius-server key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting None...
  • Page 228: Radius-Server Retransmit

    Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - Default Setting Command Mode Global Configuration...
  • Page 229: Show Radius-Server

    Command Mode Global Configuration Example Console(config)#radius-server timeout 10 Console(config)# show radius-server Use this command to display the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console#show radius-server Server IP address: 10.1.0.99 Communication key with radius server: Server port number: 1812 Retransmit times: 2 Request timeout: 5...
  • Page 230: Tacacs-Server Port

    OMMAND NTERFACE Default Setting 10.11.12.13 Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25 Console(config)# tacacs-server port Use this command to specify the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages.
  • Page 231: Tacacs-Server Key

    tacacs-server key Use this command to set the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting None...
  • Page 232: Snmp Commands

    Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with radius server: Server port number: 49 Console# SNMP Commands Controls access to this switch from SNMP management stations, as well as the error types sent to trap managers. Command snmp-server community snmp-server...
  • Page 233: Snmp-Server Community

    snmp-server community Use this command to define the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol.
  • Page 234: Snmp-Server Contact

    OMMAND NTERFACE snmp-server contact Use this command to set the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters) Default Setting None Command Mode...
  • Page 235: Snmp-Server Host

    Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (3-66) snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host {host-addr community-string} [version 1 | no snmp-server host host-addr...
  • Page 236 • The switch can send SNMP version 1 or version 2c traps to a host IP address, depending on the SNMP version that the management station supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 traps.
  • Page 237: Snmp-Server Enable Traps

    snmp-server enable traps Use this command to enable this device to send Simple Network Management Protocol traps (SNMP notifications). Use the no form to disable SNMP notifications. Syntax snmp-server enable traps [authentication | link-up-down] no snmp-server enable traps [authentication | link-up-down] •...
  • Page 238: Snmp Ip Filter

    (3-67) snmp ip filter Sets the IP addresses of clients that are allowed management access to the switch via SNMP. Use the no form of this command to remove an IP address. Syntax snmp ip filter ip_address subnet_mask no snmp ip filter ip_address subnet_mask •...
  • Page 239: Show Snmp

    • The default setting is null, which allows all IP groups SNMP access to the switch. If one IP address is configured, the IP filtering is enabled and only addresses in the IP group will have SNMP access.
  • Page 240 OMMAND NTERFACE Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command. Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable...
  • Page 241: Ip Commands

    IP Commands An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. If you wish to manually configure IP settings, you need to change the switch’s user-specified defaults (IP address 0.0.0.0 and netmask 255.0.0.0)
  • Page 242: Ip Address

    OMMAND NTERFACE ip address Use this command to set the IP address for this device. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} no ip address • ip-address - IP address •...
  • Page 243: Ip Dhcp Restart

    (the default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN.
  • Page 244: Ip Default-Gateway

    OMMAND NTERFACE • If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain. Example In the following example, the device is reassigned the same address.
  • Page 245: Show Ip Interface

    Default Setting All interfaces Command Mode Privileged Exec Command Usage This switch can only be assigned one IP address. This address is used for managing the switch. Example Console#show ip interface IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1, and address mode: User specified.
  • Page 246: Show Ip Redirects

    • size - Number of bytes in a packet. (Range: 32-512, Default: 32) The actual packet size will be eight bytes larger than the size specified because the switch adds header information. Default Setting This command has no default for the host.
  • Page 247: Command Mode

    Command Mode Normal Exec, Privileged Exec Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of the ping command: - Normal response -The normal response occurs in one to ten seconds, depending on network traffic.
  • Page 248: Line Commands

    OMMAND NTERFACE Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or a virtual terminal. Note that Telnet is considered a virtual terminal connection, and the only commands that apply to Telnet include exec-timeout and password-thresh.
  • Page 249: Line

    line Use this command to identify a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access. Default Setting There is no default line.
  • Page 250: Login

    Command Mode Line Configuration Command Usage • There are three authentication modes provided by the switch itself at login: - login selects authentication by a single global password as specified by the password line configuration command.
  • Page 251: Password

    • This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication servers, you must use the RADIUS software installed on those servers. Example Console(config-line)#login local Console(config-line)# Related Commands username (3-30) password (3-83) password Use this command to specify the password for a line.
  • Page 252: Exec-Timeout

    OMMAND NTERFACE Command Usage • When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. You can use the password-thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state.
  • Page 253: Password-Thresh

    Default Setting CLI: No timeout Telnet: 10 minutes Command Mode Line Configuration Command Usage • If input is detected, the system resumes the current connection; or if no connections exist, it returns the terminal to the idle state and disconnects the incoming session. •...
  • Page 254: Silent-Time

    OMMAND NTERFACE Command Mode Line Configuration Command Usage • When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down.
  • Page 255: Databits

    Default Setting The default value is no silent-time. Command Mode Line Configuration Command Usage If the password threshold was not set with the password-thresh command, silent-time begins after the default value of three failed logon attempts. Example To set the silent time to 60 seconds, enter this command: Console(config-line)#silent-time 60 Console(config-line)# Related Commands...
  • Page 256: Parity

    OMMAND NTERFACE Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character. If no parity is required, specify 8 data bits per character.
  • Page 257: Speed

    Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example To specify no parity, enter this command: Console(config-line)#parity none Console(config-line)# speed Use this command to set the terminal line's baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds.
  • Page 258: Stopbits

    OMMAND NTERFACE Example To specify 57600 bps, enter this command: Console(config-line)#speed 57600 Console(config-line)# stopbits Use this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} •...
  • Page 259: Interface Commands

    Default Setting Shows all lines Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535...
  • Page 260: Interface

    OMMAND NTERFACE Command capabilities flowcontrol shutdown switchport broadcast port security clear counters Clears statistics on an interface show interfaces status show interfaces counters show interfaces switchport interface Use this command to configure an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-channel channel-id...
  • Page 261: Description

    Default Setting None Command Mode Global Configuration Example To specify the Ethernet port, enter the following command: Console(config)#interface ethernet 1/25 Console(config-if)# description Use this command to add a description to an interface. Use the no form to remove the description. Syntax description string no description...
  • Page 262: Speed-Duplex

    OMMAND NTERFACE speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default. Syntax speed-duplex {1000full | 100full | 100half | 10full | 10half} no speed-duplex •...
  • Page 263: Negotiation

    Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
  • Page 264: Capabilities

    • symmetric (Gigabit only) - When specified, the port transmits and receives pause frames; when not specified, the port will auto-negotiate to determine the sender and receiver for asymmetric pause frames. (The current switch ASIC only supports symmetric pause frames.) 3-96...
  • Page 265: Flowcontrol

    Interface Configuration (Ethernet, Port Channel) Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
  • Page 266 Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.
  • Page 267: Shutdown

    shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved.
  • Page 268: Switchport Broadcast

    • This command can enable or disable broadcast storm control for the selected interface. However, the specified threshold value applies to all ports on the switch. • Enabling jumbo frames for the switch will limit the maximum threshold for broadcast storm control to 64 packets per second. Example...
  • Page 269: Port Security

    • To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames received on a port for an initial training period, and then enable port security to stop address learning.
  • Page 270: Clear Counters

    - Cannot be connected to a network interconnection device. - Cannot be a member of a static trunk. - It can be configured as an LACP trunk port, but the switch does not allow the LACP trunk to be enabled.
  • Page 271: Show Interfaces Status

    Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session. However, if you log out and back into the management interface, the statistics displayed will show the absolute value accumulated since the last power reset.
  • Page 272: Show Interfaces Counters

    OMMAND NTERFACE Command Usage • If no interface is specified, information on all interfaces is displayed. • For a description of the items displayed by this command, see “Displaying Connection Status” on page 2-36. Example Console#show interface status ethernet 1/5 Information of Eth 1/5 Basic information: Port type: 1000T...
  • Page 273: Default Setting

    Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage • If no interface is specified, information on all interfaces is displayed. • For a description of the items displayed by this command, see “Showing Device Statistics”...
  • Page 274: Show Interfaces Switchport

    OMMAND NTERFACE show interfaces switchport Use this command to display the administrative and operational status of the specified interfaces.. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. •...
  • Page 275: Address Table Commands

    • Priority for untagged traffic – Indicates the default priority for untagged frames (page 3-160). • Gvrp status – Shows if GARP VLAN Registration Protocol is enabled or disabled (page 3-142). • Allowed Vlan – Shows the VLANs this interface has joined, where “(u)”...
  • Page 276: Mac-Address-Table Static

    • port-channel channel-id (Range: 1-4) • vlan-id - VLAN ID (Range: 1-4094) • action - • delete-on-reset - Assignment lasts until switch is reset. • permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent.
  • Page 277: Show Mac-Address-Table

    Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN. Use this command to add static addresses to the MAC Address Table. Static addresses have the following characteristics: •...
  • Page 278 OMMAND NTERFACE • interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-4) • vlan-id - VLAN ID (Range: 1-4094) • sort - Sort by address, vlan or interface. Default Setting None Command Mode...
  • Page 279: Clear Mac-Address-Table Dynamic

    Example Console#show mac-address-table Interface Mac Address --------- ----------------- ---- ----------------- Eth 1/ 1 00-e0-29-94-34-de Console# clear mac-address-table dynamic Use this command to remove any learned entries from the forwarding database and to clear the transmit and receive counts for any static or system configured entries. Default Setting None Command Mode...
  • Page 280: Show Mac-Address-Table Aging-Time

    OMMAND NTERFACE Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time Use this command to show the aging time for entries in the address table.
  • Page 281: Spanning Tree Commands

    Spanning Tree Commands This section includes commands that configure the Spanning Tree Protocol (STP) for the overall switch, and commands that configure STP for the selected interface. Command spanning-tree spanning-tree mode spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree priority spanning-tree...
  • Page 282: Spanning-Tree

    The Spanning Tree Protocol can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STP-compliant switch, bridge or...
  • Page 283: Spanning-Tree Mode

    RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
  • Page 284: Spanning-Tree Forward-Time

    Spanning Tree: Console(config)#spanning-tree mode rstp Console(config)# spanning-tree forward-time Use this command to configure the SpanningTree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4-30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
  • Page 285: Spanning-Tree Hello-Time

    Example Console(config)#spanning-tree forward-time 20 Console(config)# spanning-tree hello-time Use this command to configure the Spanning Tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds) The maximum value is the lower of 10 or [(max-age / 2) -1].
  • Page 286: Spanning-Tree Max-Age

    OMMAND NTERFACE spanning-tree max-age Use this command to configure the Spanning Tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds. (Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello-time + 1)].
  • Page 287: Spanning-Tree Priority

    Use this command to configure the Spanning Tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range – 0-61440, in steps of 4096; Options: 0, 4096, 8192,...
  • Page 288: Spanning-Tree Pathcost Method

    OMMAND NTERFACE spanning-tree pathcost method Use this command to configure the path cost method used for the Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 1-200,000,000.
  • Page 289: Spanning-Tree Transmission-Limit

    spanning-tree transmission-limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds. (Range: 1-10) Default Setting Command Mode Global Configuration...
  • Page 290: Spanning-Tree Cost

    OMMAND NTERFACE spanning-tree cost Use this command to configure the Spanning Tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the interface. (Range –...
  • Page 291: Spanning-Tree Port-Priority

    • This command defines the priority for the use of an interface in the Spanning Tree Protocol. If the path cost for all interfaces on a switch are the same, the interface with the highest priority (that is, lowest value) will be configured as an active link in the Spanning Tree.
  • Page 292: Spanning-Tree Portfast

    OMMAND NTERFACE Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree port-priority 0 Console(config-if)# Related Commands spanning-tree cost (3-122) spanning-tree portfast Use this command to set an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax spanning-tree portfast no spanning-tree portfast Default Setting Disabled Command Mode...
  • Page 293: Spanning-Tree Edge-Port

    • This command is the same as spanning-tree edge-port, and is only included for backward compatibility with earlier products. Note that this command may be removed for future software versions. Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree portfast Console(config-if)# Related Commands spanning-tree edge-port (3-125) spanning-tree edge-port Use this command to specify an interface as an edge port.
  • Page 294: Spanning-Tree Protocol-Migration

    - unit - This is device 1. - port-number • port-channel channel-id (Range: 1-6) Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced 3-126...
  • Page 295: Spanning-Tree Link-Type

    • When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link.
  • Page 296: Show Spanning-Tree

    OMMAND NTERFACE • RSTP only works on point-to-point links between two bridges. If you designate a port as a shared link, RSTP is forbidden. Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree link-type point-to-point Console(config-if)# show spanning-tree Use this command to show the configuration for the Spanning Tree.
  • Page 297 • For a description of the items displayed under “Spanning-tree information,” see “STP Configuration” on page 2-57. For a description of the items displayed for specific interfaces, see “STP Port and Trunk Information” on page 2-61. Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable...
  • Page 298: Vlan Commands

    OMMAND NTERFACE VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
  • Page 299: Vlan Database

    Command Display VLAN Information show vlan show interfaces status vlan show interfaces switchport vlan database Use this command to enter VLAN database mode. All commands in this mode will take effect immediately. Default Setting None Command Mode Global Configuration Command Usage •...
  • Page 300: Vlan

    OMMAND NTERFACE Related Commands show vlan (3-140) vlan Use this command to configure a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] •...
  • Page 301: Interface Vlan

    • VLAN 1 cannot be suspended, but any other VLAN can be suspended. • You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using vlan-id 105 and name RD5. The VLAN is activated by default.
  • Page 302: Switchport Mode

    OMMAND NTERFACE Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands show vlan (3-140) switchport mode Use this command to configure the VLAN membership mode for a port.
  • Page 303: Switchport Acceptable-Frame-Types

    Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid: Console(config)#interface ethernet 1/1 Console(config-if)#switchport mode hybrid Console(config-if)# Related Commands switchport acceptable-frame-types switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port.
  • Page 304: Switchport Ingress-Filtering

    OMMAND NTERFACE Example The following example shows how to restrict the traffic passed on port 1 to tagged frames: Console(config)#interface ethernet 1/1 Console(config-if)#switchport acceptable-frame-types tagged Console(config-if)# Related Commands switchport mode (3-134) switchport ingress-filtering Use this command to enable ingress filtering for an interface. Use the no form to restore the default.
  • Page 305: Switchport Native Vlan

    • Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STP. However, they do affect VLAN dependent BPDU frames, such as GMRP. Example The following example shows how to set the interface to port 1 and then enable ingress filtering: Console(config)#interface ethernet 1/1 Console(config-if)#switchport ingress-filtering Console(config-if)#...
  • Page 306: Switchport Allowed Vlan

    OMMAND NTERFACE • If acceptable frame types is set to all or switchport mode is set to hybrid, the PVID will be inserted into all untagged frames entering the ingress port. Example The following example shows how to set the PVID for port 1 to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport native vlan 3...
  • Page 307: Switchport Forbidden Vlan

    • Frames are always tagged within the switch. The tagged/ untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress. • If none of the intermediate network devices nor the host at the other end of the connection supports VLANs, the interface should be added to these VLANs as an untagged member.
  • Page 308: Show Vlan

    OMMAND NTERFACE • vlan-list - Separate nonconsecutive VLAN identifiers with a comma and no spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros. (Range: 1-4094) Default Setting No VLANs are included in the forbidden list. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage...
  • Page 309: Gvrp And Bridge Extension Commands

    VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB. Command...
  • Page 310: Switchport Gvrp

    Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# 3-142 Function Shows the GARP timer for the selected function Enables GVRP globally for the switch Shows bridge extension configuration Mode Page 3-145 3-146 3-147...
  • Page 311: Show Gvrp Configuration

    show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration.
  • Page 312: Garp Timer

    OMMAND NTERFACE garp timer Use this command to set the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} •...
  • Page 313: Show Garp Timer

    Note: Set GVRP timers on all Layer 2 devices connected in the same network to the same values. Otherwise, GVRP will not operate successfully. Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer (3-145) show garp timer Use this command to show the GARP timers for the selected interface.
  • Page 314: Bridge-Ext Gvrp

    GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. Example Console(config)#bridge-ext gvrp Console(config)#...
  • Page 315: Show Bridge-Ext

    show bridge-ext Use this command to show the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 2-74 and “Displaying Bridge Extension Capabilities” on page 2-31 for a description of the displayed items.
  • Page 316: Igmp Snooping Commands

    OMMAND NTERFACE IGMP Snooping Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
  • Page 317: Ip Igmp Snooping

    Use this command to enable IGMP snooping on this switch. Use the no form to disable it. Syntax ip igmp snooping no ip igmp snooping Default Setting...
  • Page 318: Ip Igmp Snooping Vlan Static

    OMMAND NTERFACE ip igmp snooping vlan static Use this command to add a port to a multicast group. Use the no form to remove the port. Syntax ip igmp snooping vlan vlan-id static ip-address interface no ip igmp snooping vlan vlan-id static ip-address interface •...
  • Page 319: Ip Igmp Snooping Version

    • All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1. • Some commands are only enabled for IGMPv2, including ip igmp query-max-response-time and ip igmp router-port-expire-time.
  • Page 320: Show Ip Igmp Snooping

    OMMAND NTERFACE show ip igmp snooping Use this command to show the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Parameters” on page 2-113 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status: Enabled...
  • Page 321: Ip Igmp Snooping Querier

    VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------- 224.1.2.3 Console# ip igmp snooping querier Use this command to enable the switch as an IGMP snooping querier. Use the no form to disable it. Syntax ip igmp snooping querier no ip igmp snooping querier...
  • Page 322: Ip Igmp Snooping Query-Count

    OMMAND NTERFACE Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic. Example Console(config)#ip igmp snooping querier Console(config)# ip igmp snooping query-count Use this command to configure the query count. Use the no form to restore the default.
  • Page 323: Ip Igmp Snooping Query-Interval

    Use this command to configure the snooping query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds Command Mode...
  • Page 324: Ip Igmp Snooping Query-Max-Response-Time

    Command Mode Global Configuration Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has...
  • Page 325: Ip Igmp Snooping Router-Port-Expire-Time

    Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must be using IGMPv2 for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds: Console(config)#ip igmp snooping query-time-out 300...
  • Page 326: Ip Igmp Snooping Vlan Mrouter

    IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups.
  • Page 327: Show Ip Igmp Snooping Mrouter

    show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage...
  • Page 328: Priority Commands

    The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
  • Page 329: Switchport Priority Default

    Command show map ip precedence show map ip dscp Shows the IP DSCP map switchport priority default Use this command to set a priority for incoming untagged frames, or the priority of frames received by the device connected to the specified interface.
  • Page 330: Queue Bandwidth

    OMMAND NTERFACE • This switch provides four priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the queue bandwidth command. Inbound frames that do not have VLAN tags are tagged with the input port’s default ingress user priority, and then placed in the appropriate priority queue at the output port.
  • Page 331: Queue Cos-Map

    Command Mode Global Configuration Command Usage WRR allows bandwidth sharing at the egress port by defining scheduling weights. Example The following example shows how to assign WRR weights of 1, 3, 5 and 7 to the CoS priority queues 0, 1, 2 and 3: Console(config)#queue bandwidth 1 3 5 7 Console(config)# Related Commands...
  • Page 332 OMMAND NTERFACE Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.
  • Page 333: Show Queue Bandwidth

    Example The following example shows how to map CoS values 0, 1 and 2 to CoS priority queue 0, value 3 to CoS priority queue 1, values 4 and 5 to CoS priority queue 2, and values 6 and 7 to CoS priority queue 3: Console(config)#interface ethernet 1/1 Console(config-if)#queue cos-map 0 0 1 2...
  • Page 334: Show Queue Cos-Map

    OMMAND NTERFACE show queue cos-map Use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...
  • Page 335: Map Ip Precedence (Interface Configuration)

    Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type.
  • Page 336 OMMAND NTERFACE Default Setting The list below shows the default priority mapping. IP Precedence Value Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Precedence or IP DSCP, and default switchport priority. •...
  • Page 337: Map Ip Dscp (Global Configuration)

    map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax map ip dscp no map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage •...
  • Page 338: Map Ip Dscp (Interface Configuration)

    OMMAND NTERFACE map ip dscp (Interface Configuration) Use this command to set IP DSCP priority (i.e., Differentiated Services Code Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp •...
  • Page 339: Show Map Ip Precedence

    Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard, and then mapped to the queue defaults. •...
  • Page 340: Show Map Ip Dscp

    OMMAND NTERFACE Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --- Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Console# Related Commands...
  • Page 341 Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Console# Related Commands map ip dscp (Global Configuration) (3-169) map ip dscp (Interface Configuration) (3-170) RIORITY OMMANDS...
  • Page 342: Mirror Port Commands

    [rx | tx | both] no port monitor interface • interface - ethernet unit/port (source port) - unit - Switch (unit 1). - port - Port number. • rx - Mirror received packets. • tx - Mirror transmitted packets.
  • Page 343: Show Port Monitor

    • The source and destination ports have to be either both in the port range 1-12 or both in the port range 13-24. Example The following example configures the switch to mirror all packets from port 6 to port 11: Console(config)#interface ethernet 1/11...
  • Page 344: Privileged Exec

    OMMAND NTERFACE Default Setting Shows all sessions. Command Mode Privileged Exec Command Usage This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX, RX/TX). Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end...
  • Page 345: Port Trunking Commands

    Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP. This switch supports up to six trunks. For example, a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex.
  • Page 346: Channel-Group

    Command Usage • When configuring static trunks, the switches must comply with the Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk. • Use no interfaces port-channel to remove a trunk from the switch. 3-178...
  • Page 347: Lacp

    • The ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation. • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.
  • Page 348 • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
  • Page 349: Troubleshooting

    VLAN access to the switch (default is VLAN 1). • Check that you have a valid network connection to the switch and that the port you are using has not been disabled. • Check network cabling between the management station and the switch.
  • Page 350 • Check that the null-modem serial cable conforms to the pin-out connections provided in Appendix B. • Set the switch to its default configuration. Make a direct connection to the switch’s console port and power cycle the switch. Immediately after powering on, press <Ctrl><u>...
  • Page 351: Upgrading Firmware Via The Serial Port

    VT100 terminal emulation software that supports the XModem protocol. (See “Required Connections” on page 1-3.) 1. Connect a PC to the switch’s Console port using a null-modem or crossover RS-232 cable with a female DB-9 connector. 2. Configure the terminal emulation software’s communication parameters to 9600 baud, 8 data bits, 1 stop bit, no parity, and set flow control to none.
  • Page 352 --------------------------------- ---- ---- ---------- ---------- [X]modem Download [C]hange Baudrate Select> 5. Press <C> to change the baud rate of the switch’s serial connection. 6. Press <B> to select the option for 115200 baud. There are two baud rate settings available, 9600 and 115200.
  • Page 353 You can store a maximum of only two runtime and two diagnostic code files in the switch’s flash memory. Use the [D]elete File command to remove a runtime or diagnostic file. 9. Press <X> to start to download the new code file.
  • Page 354 13. When you have finished downloading code files, use the [C]hange Baudrate menu option to change the baud rate of the switch’s serial connection back to 9600 baud. 14. Set your PC’s terminal emulation software baud rate back to 9600 baud. Press <Enter> to reset communications with the switch.
  • Page 355: Glossary

    10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cable. 100BASE-TX IEEE 802.3u specification for 100 Mbps Fast Ethernet over two pairs of Category 5 UTP cable. 1000BASE-T IEEE 802.3ab specification for Gigabit Ethernet over two pairs of Category 5, 5e, or 6 100-ohm UTP cable.
  • Page 356 Fast Ethernet A 100 Mbps network communication system based on Ethernet and the CSMA/CD access method. Full Duplex Transmission method that allows switch and network card to transmit and receive concurrently, effectively doubling the bandwidth of that link. Glossary-2...
  • Page 357 Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network. Generic Attribute Registration Protocol (GARP)
  • Page 358 LOSSARY IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.3 Defines carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.
  • Page 359 Management of the network from a station attached directly to the network. IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses.
  • Page 360 Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group.
  • Page 361 Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network. Telnet Defines a remote communication facility for interfacing to a terminal device over TCP/IP.
  • Page 362 LOSSARY Glossary-8...
  • Page 363: Index

    Numerics 802.1x configure 2-131 2-134 address table 2-47 BOOTP 2-13 broadcast storm, threshold 2-41 Class of Service configuring 2-87 queue mapping 2-87 community string 2-107 configuration settings, saving or restoring 2-28 default priority, ingress port 2-87 default settings 1-14 DHCP 2-13 downloading software 2-26 dynamic addresses, displaying 3-109 edge port, STP 3-125...
  • Page 364 2-26 software version, displaying 2-34 Spanning Tree Protocol 2-51 SSL 3-35 startup files displaying 2-26 setting 2-26 Index-2 statistics, switch 2-122 STP 3-113 3-122 system software, downloading from TACACS 2-16 TACACS, logon authentication 2-16 trap manager 2-109 troubleshooting A-1...
  • Page 366 FOR TECHNICAL SUPPORT, CALL: From U.S.A. and Canada (24 hours a day, 7 days a week) (800) SMC-4-YOU; (949) 679-8000; Fax: (949) 679-1481 From Europe (8:00 AM - 5:30 PM UK Time) 44 (0) 118 974 8700; Fax: 44 (0) 118 974 8701 INTERNET E-mail addresses: techsupport@smc.com...

This manual is also suitable for:

8612t - annexe 1Tigerswitch smc8612t

Table of Contents