Page 1: Management Guide
Layer 2/3/4 CoS support through four priority queues Full support for VLANs with GVRP IGMP multicast filtering and snooping Layer 3 routing for unicast and multicast traffic Authentication via RADIUS, ACLs, or IEEE 802.1x Manageable via console, Web, SNMP/RMON Management Guide SMC6724L3...
Page 3 TigerSwitch 10/100 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 October 2003 Pub. # 150200033700A...
Page 4 38 Tesla Irvine, CA 92618 All rights reserved. Printed in Taiwan Trademarks: SMC is a registered trademark; and TigerSwitch is a trademark of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
Page 5 IMITED ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller.
Page 6 * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase. SMC Networks, Inc. 38 Tesla Irvine, CA 92618...
Page 7: Table Of Contents
Connecting to the Switch ........
Page 8 ONTENTS Using DHCP/BOOTP ......3-20 Managing Firmware ........3-22 Downloading System Software from a Server .
Page 9 Configuring Port Mirroring ......3-70 Showing Port Statistics ....... . 3-71 Configuring Rate Limits .
Page 10 ONTENTS Mapping IP Port Priority ......3-131 Copying IP Settings to Another Interface ....3-133 Multicast Filtering .
Page 11 Specifying Network Interfaces for RIP ....3-178 Configuring Network Interfaces for RIP ... . . 3-179 Displaying RIP Information and Statistics ... 3-183 Configuring the Open Shortest Path First Protocol .
Page 12 ONTENTS Minimum Abbreviation ....... . 4-4 Command Completion ....... . . 4-4 Getting Help on Commands .
Page 13 username ........4-33 enable password .
Page 14 ONTENTS radius-server timeout ......4-65 show radius-server ....... 4-65 802.1x Port Authentication .
Page 15 DHCP Commands ......... 4-97 DHCP Client .
Page 16 ONTENTS show interfaces switchport ......4-131 Mirror Port Commands ........4-133 port monitor .
Page 17 switchport mode ....... . 4-166 switchport acceptable-frame-types ....4-167 switchport ingress-filtering .
Page 18 ONTENTS ip igmp snooping ....... 4-197 ip igmp snooping vlan static ..... . . 4-197 ip igmp snooping version .
Page 19 ip route ........4-227 clear ip route .
Page 20 ONTENTS ip ospf priority ........4-268 ip ospf retransmit-interval ......4-269 ip ospf transmit-delay .
Page 21 ip pim trigger-hello-interval ..... . . 4-305 ip pim join-prune-holdtime ..... . . 4-306 ip pim graft-retry-interval .
Page 22 ONTENTS xxii...
Page 23: Introduction
This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s...
Page 24: Description Of Software Features
Multicast Filtering Supports IGMP snooping and query for Layer 2, and IGMP Multicast Routing Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network.
Page 25 Use the full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control...
Page 26 Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 27 (CRC). This prevents bad frames from entering the network and wasting bandwidth. To avoid dropping frames on congested ports, the switch provides 8 MB for frame buffering. This buffer can queue packets awaiting transmission on congested networks.
Page 28 NTRODUCTION Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 29 MAC address of a device on another network or subnet. When a host sends an ARP request for a remote network, the switch checks to see if it has the best route. If it does, it sends its own MAC address to the host. The host then sends traffic for the remote destination via the switch, which uses its own routing table to reach the destination on the other network.
Page 30: System Defaults
VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query at Layer 2 and IGMP at Layer 3 to manage multicast group registration.
Page 31 Function Parameter Authentication Privileged Exec Level Normal Exec Level Enable Privileged Exec from Normal Exec Level RADIUS Authentication 802.1x Port Authentication Disabled HTTP Server Management HTTP Port Number SNMP Community Strings Traps Port Admin Status Configuration Auto-negotiation Flow Control Port Capability YSTEM EFAULTS Default...
Page 32 NTRODUCTION Function Rate Limiting Port Trunking Broadcast Storm Protection Spanning Tree Protocol Address Table Virtual LANs Traffic Prioritization 1-10 Parameter Port Capability Input and output limits Static Trunks LACP (all ports) Status Broadcast Limit Rate Status Fast Forwarding (Edge Port) Aging Time Default VLAN PVID...
Page 33 Function Parameter IP Precedence Priority IP DSCP Priority IP Port Priority IP Settings Management. VLAN IP Address Subnet Mask Default Gateway DHCP BOOTP Unicast Routing RIP OSPF Multicast IGMP Snooping (Layer 2) Snooping: Enabled Filtering IGMP (Layer 3) Multicast Routing DVMRP PIM-DM System Log Status...
Page 34 NTRODUCTION 1-12...
Page 35: Initial Configuration
Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI). Note: The IP address for this switch is unassigned by default. To change this address, see “Setting an IP Address” on page 2-6.
Page 36: Required Connections
• Display system information and statistics Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch.
Page 37 DB-9 connector. 2. Connect the other end of the cable to the RS-232 serial port on the switch. 3. Make sure the terminal emulation software is set as follows: • Select the appropriate serial port (COM port 1 or COM port 2).
Page 38: Remote Connections
The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using...
Page 39: Basic Configuration
Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps: 1.
Page 40: Setting Passwords
Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router. Dynamic — The switch sends IP configuration requests to BOOTP or...
Page 41: Manual Configuration
Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment (if routing is not enabled on this switch).
Page 42: Dynamic Configuration
If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on. To automatically configure the switch by communicating with BOOTP or...
Page 43: Enabling Snmp Management Access
The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as HP OpenView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
Page 44 If there are no community strings, then SNMP management access to the switch is disabled. To prevent unauthorized access to the switch via SNMP, it is recommended that you change the default community strings. To configure a community string, complete the following steps: 1.
Page 45: Trap Receivers
“community-string” is the string associated with that host. Press <Enter>. 2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down.
Page 46: Managing System Files
See “Upgrading Firmware via the Serial Port” on page B-1. Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows.
Page 47 ANAGING YSTEM ILES Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.
Page 48 NITIAL ONFIGURATION 2-14...
Page 49: Configuring The Switch
For more information on using the CLI, refer to Chapter 4 “Command Line Interface.” Prior to accessing the switch from a Web browser, be sure you have first performed the following tasks: 1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection, BOOTP or DHCP protocol.
Page 50 If you log in as “admin” (Privileged Exec level), you can change the settings on any page. 3. If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin...
Page 51: Navigating The Web Browser Interface
“admin.” Home Page When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side.
Page 52: Configuration Options
Panel Display The Web agent displays an image of the switch’s ports, indicating whether each link is up or down. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control).
Page 53: Main Menu
Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu System System Information...
Page 54 Configures individual trunk settings for STA Configures individual port settings for STA Configures individual trunk settings for STA Displays information on the VLAN type supported by this switch and whether or not the port is tagged or untagged Used to create or remove VLAN groups...
Page 55 VLAN ID Assigns ports that are attached to a neighboring multicast router Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID Indicates multicast addresses associated with the selected VLAN...
Page 56 ONFIGURING THE WITCH Menu Statistics Rate Limit Input Rate Limit Port Configuration Input Rate Limit Trunk Configuration Output Rate Limit Port Configuration Output Rate Limit Trunk Configuration dot1X (IEEE 802.1x) dot1X Information dot1X Configuration dot1X Port Configuration dot1X Statistics SNTP SNTP Configuration Clock Time Zone General...
Page 57 General Settings Multicast Routing Table AVIGATING THE Description routing table Shows internal addresses used by the switch Shows statistics on ARP requests sent and received Configures Layer 3 IGMP for specific VLAN interfaces IGMP Shows statistics for IP traffic, including the...
Page 58 ONFIGURING THE WITCH Menu Routing Protocol General Settings Network Addresses Configures the network interfaces that will use Interface Settings Statistics OSPF General Configuration Area Configuration Specifies rules for importing routes into each Area Range Configuration Interface Configuration Virtual Link Configuration Network Area Address Configuration...
Page 59 Enables/disables DVMRP per interface and sets route metric Displays neighboring DVMRP routers Displays DVMRP routing information Enables or disables PIM-DM globally for the switch Enables/disables PIM-DM per interface, configures protocol settings for hello, prune and graft messages Displays summary information for each interface 3-236 Displays neighboring PIM-DM routers Specifies DHCP relay servers;...
Page 60: Basic Configuration
Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system.
Page 61 Console(config)#hostname R&D 5 Console(config)#snmp-server location WC 9 Console(config)#snmp-server contact Ted Console(config)#exit Console#show system System description: TigerSwitch 10/100 Managed 24+2 L3 Switch System OID string: 1.3.6.1.4.1.202.20.29 System information System Up time: 0 days, 2 hours, 4 minutes, and 7.13 seconds System Name...
Page 62: Displaying Switch Hardware/Software Versions
• Boot-ROM Version – Version number of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master (i.e., operating stand-alone). Expansion Slots • Expansion Slot – Indicates any installed module type.
Page 63 Web – Click System, Switch Information. CLI – Use the following command to display version information. Console#show version Unit1 Serial number Service tag Hardware version Number of ports Main power status Redundant power status :not present Agent(master) Unit id Loader version Boot rom version Operation code version :0.0.2.24...
Page 64: Displaying Bridge Extension Capabilities
• Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol). • Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 3-120.) •...
Page 65: Setting The Switch's Ip Address
Setting the Switch’s IP Address This section describes how to configure an initial IP interface for management access over the network. The IP address for this switch is unassigned by default. To manually configure an address, you need to change the switch’s default settings (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network.
Page 66 Command Attributes • VLAN – ID of the configured VLAN (1-4094, no leading zeroes). By default, all ports on the switch are members of VLAN 1. However, the management station can be attached to a port belonging to any VLAN, as long as that VLAN has been assigned an IP address.
Page 67: Manual Configuration
“Primary” interface, enter the IP address and subnet mask, then click Set IP Configuration. Click IP, Global Setting. If this switch and management stations exist on other network segments, then specify the default gateway, and click Apply. ASIC...
Page 68: Using Dhcp/Bootp
IP Address Mode to DHCP or BOOTP. Click Apply to save your changes. Then click Restart DHCP to immediately request a new address. Note that the switch will also broadcast a request for IP configuration settings on each power reset.
Page 69 Console# Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service via the CLI.
Page 70: Managing Firmware
You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.
Page 71: Saving Or Restoring Configuration Settings
CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file TFTP server ip address: 10.1.0.19...
Page 72: Downloading Configuration Settings From A Server
Web – Click System, Configuration. Enter the IP address of the TFTP server, enter the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Transfer from Server.
Page 73: Setting The System Clock
-Write to FLASH finish. Success. Console#reload If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch. Console#config Console(config)#boot system config: startup-new Console(config)#exit...
Page 74: Configuring Sntp
Command Attributes • Current Time – Displays the current time. • SNTP Client – Configures the switch to operate as an SNTP unicast client. This mode requires at least one time server to be specified in the SNTP Server field.
Page 75: Setting The Time Zone
CLI – This example configures the switch to operate as an SNTP broadcast client. Console(config)#sntp client Console(config)#sntp poll 16 Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2 Console(config)#sntp broadcast client Console(config)# Setting the Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian,...
Page 76: Resetting The System
ONFIGURING THE WITCH Resetting the System Web – Click System, Reset. Click the Reset button to restart the switch. CLI – Use the reload command to restart the switch. Console#reload System will be restarted, continue <y/n>? Note: When restarting the system, it will always run the Power-On Self-Test.
Page 77 The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with the password “admin.” Note that user names can only be assigned via the CLI. Command Attributes • User Name* – The name of the user. (Maximum length: 8 characters;...
Page 78: Configuring Local/Remote Logon Authentication
Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on the RADIUS protocol. Remote Authentication...
Page 79 (Range: 1-30; Default: 2) • Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5) Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI.
Page 80: Configuring 802.1X Port Authentication
The IEEE 802.1x (dot1x) standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. Access to all switch 3-32 4-60...
Page 81 (i.e., Authenticator) responds with an EAPOL identity request. The client provides its identity (such as a user name) in an EAPOL response to the switch, which it forwards to the RADIUS server. The RADIUS server verifies the client identity and sends an access challenge back to the client.
Page 82: Displaying 802.1X Global Settings
ONFIGURING THE WITCH • Each switch port that will be used must be set to dot1x “Auto” mode. • Each client that needs to be authenticated must have dot1x client software installed and properly configured. • The RADIUS server and 802.1x client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.)
Page 83 • Server timeout – The time the switch waits for a response from the authentication server (RADIUS) to an authentication request. • Re-authentication Max Count – The number of times the switch will attempt to re-authenticate a connected client before the port becomes unauthorized.
Page 84: Configuring 802.1X Global Settings
(Default: Disabled) • dot1X Max Request Count – Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session. (Range: 1-10; Default 2) 3-36...
Page 85 • Timeout for Quiet Period – Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) • Timeout for Re-authentication Period – Sets the time period after which a connected client must be re-authenticated.
Page 86: Configuring Port Authorization Mode
ONFIGURING THE WITCH Configuring Port Authorization Mode When dot1x is enabled, you need to specify the dot1x authentication mode configured for each port. Command Attributes • Status – Indicates if authentication is enabled or disabled on the port. • Mode – Sets the authentication mode to one of the following options: - Auto –...
Page 87: Displaying 802.1X Statistics
CLI – This example sets the authentication mode to enable dot1x on port 2. Console(config)#interface ethernet 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values Parameter Rx EXPOL Start Rx EAPOL Logoff...
Page 88 ONFIGURING THE WITCH Parameter Tx EAP Req/Id Tx EAP Req/Oth Web – Select dot1X, dot1X Statistics. Select the required port and then click Query. Click Refresh to update the statistics. CLI – This example displays the dot1x statistics for port 4. Console#show dot1x statistics interface ethernet 1/4 Eth 1/4 Rx: EXPOL...
Page 89: Access Control Lists
• However, due to resource restrictions, the average number of rules bound to the ports should not exceed 20. • The switch does not support the explicit “deny any any” rule for the IP ACL or MAC ACL. If these rules are included in an ACL, and you attempt to bind the ACL to an interface, the bind operation will fail.
Page 90: Setting The Acl Name And Type
ONFIGURING THE WITCH The order in which active ACLs are checked is as follows: 1. User-defined rules in the MAC ACL. 2. User-defined rules in the IP ACL. 3. Explicit default rule (permit any any) in the IP ACL. 4. Explicit default rule (permit any any) in the MAC ACL. 5.
Page 91: Configuring A Standard Ip Acl
Web – Click ACL, ACL Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MAC), and click Add to open the configuration page for the new list. CLI – This example creates a standard IP ACL named bill. Console(config)#access-list ip standard bill Console(config-std-acl)# Configuring a Standard IP ACL...
Page 92: Configuring An Extended Ip Acl
ONFIGURING THE WITCH Web – Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Then click Add.
Page 93 • Src/Dst SubMask – Subnet mask for source or destination address. (See SubMask in the preceding section.) • Protocol – Specifies the protocol type to match as TCP, UDP or Others, where others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others; Default: TCP) •...
Page 94 ONFIGURING THE WITCH Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 95: Configuring A Mac Acl
3. Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any dport 80 Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any tcp control-code 2 2 Console(config-std-acl)# Configuring a MAC ACL Command Usage Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets.
Page 96 ONFIGURING THE WITCH Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Enter a specific address (e.g., 11-22-33-44-55-66). Or enter a base address and a hexadecimal bitmask for an address range. Set any other required criteria, such as Ethernet type, or packet format. Then click Add.
Page 97: Binding A Port To An Access Control List
Binding a Port to an Access Control List After configuring Access Control Lists (ACL), you can bind the ports that need to filter traffic to the appropriate ACLs. You can only assign one IP access list and/or one MAC access list to any port. Command Attributes •...
Page 98: Simple Network Management Protocol
For security reasons, you should consider removing the default strings. Command Attributes • SNMP Community Capability – Indicates that the switch supports up to five community strings. • Community String – A community string that acts like a password and permits access to the SNMP protocol.
Page 99: Specifying Trap Managers And Trap Types
Console(config)# Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as SMC’s EliteView).
Page 100 • You can enable or disable authentication messages or link-up-down messages via the CLI. Command Attributes • Trap Manager Capability – This switch supports up to five trap managers. • Trap Manager IP Address – Internet address of the host (the targeted recipient).
Page 101: Dynamic Host Configuration Protocol
IP address into the request so that the DHCP server will know the subnet where the client is located. Then, the switch forwards the packet to the DHCP server. When the server receives the DHCP request, it allocates a free IP address for the DHCP client from its defined scope for the DHCP client’s subnet, and sends a DHCP response back to the DHCP relay agent...
Page 102 WITCH Command Usage You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent will not forward client requests to a DHCP server. Command Attributes • VLAN ID – ID of configured VLAN.
Page 103: Configuring The Dhcp Server
Addresses can be assigned to clients from a common address pool configured for a specific IP interface on this switch, or fixed addresses can be assigned to hosts based on the client identifier code or MAC address.
Page 104: Enabling The Server, Setting Excluded Addresses
Enable the DHCP Server and specify the IP addresses that it should not be assigned to clients. Command Attributes • DHCP Server – Enables or disables the DHCP server on this switch. (Default: Disabled) • Excluded Addresses – Specifies IP addresses that the DHCP server should not assign to DHCP clients.
Page 105: Configuring Address Pools
32 manually bound host address pools (i.e., one address per host pool). • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server).
Page 106 ONFIGURING THE WITCH Command Attributes Creating a New Address Pool • Pool Name – A string or integer. (Range: 1-8 characters) Setting the Network Parameters • IP – The IP address of the DHCP address pool. • Subnet Mask – The bit combination that identifies the network (or subnet) and the host portion of the DHCP address pool.
Page 107 • Bootfile – The default boot image for a DHCP client. This file should placed on the Trivial File Transfer Protocol (TFTP) server specified as the Next Server. • Next Server – The IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server.
Page 108 ONFIGURING THE WITCH Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as default router and DNS server.
Page 109 YNAMIC ONFIGURATION ROTOCOL Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server.
Page 110: Displaying Address Bindings
• Lease time – Duration that this IP address can be used by the host. • Start time – Time this address was assigned by the switch. • Delete – Clears this binding to the host. This command is normally used after modifying the address pool, or after moving DHCP service to another device.
Page 111: Port Configuration
Web – Click DHCP, Server, IP Binding. You may use the Delete button to clear an address from the DHCP server’s database. CLI – This example displays the current binding, and then clears all automatic binding. Console#show ip dhcp binding --------------- ----------------- ------------ ----------- 10.1.0.20 00-00-e8-98-73-21 Console#clear ip dhcp binding *...
Page 112 • Port type – Indicates the port type. (1000BASE-T, 1000BASE-SX, 1000BASE-LX) • MAC Address – The physical layer address for this port. (To access this item on the Web, see “Setting the Switch’s IP Address” on page 3-17.) Configuration: • Name – Interface label.
Page 113 • Speed-duplex – Shows the current speed and duplex mode. (Auto, or fixed choice) • Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiation. (To access this item on the Web, see “Configuring Interface Connections” on page 3-48.) The following capabilities are supported.
Page 114 ONFIGURING THE WITCH CLI – This example shows the connection status for Port 13. Console#show interfaces status ethernet 1/13 Information of Eth 1/13 Basic information: Port type: 100tx Mac address: 00-30-f1-47-58-46 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, Broadcast storm: Enabled Broadcast storm limit: 500 packets/second Flow control: Disabled...
Page 115: Configuring Interface Connections
- FC - Supports flow control Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a...
Page 116 ONFIGURING THE WITCH port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.) (Default: Autonegotiation enabled; Advertised capabilities for 100BASE-TX – 10half, 10full, 100half, 100full; 1000BASE-T – 10half, 10full, 100half, 100full, 1000full;...
Page 117: Setting Broadcast Storm Thresholds
• The default threshold is 500 packets per second. • Broadcast control does not effect IP multicast traffic. • The specified threshold applies to all ports on the switch. Command Attributes • Threshold – Threshold as percentage of port bandwidth. (Options: 500-262143 packets per second;...
Page 118: Configuring Port Mirroring
ONFIGURING THE WITCH CLI – Specify any interface, and then enter the threshold. The following sets broadcast suppression at 600 packets per second. Console(config)#interface ethernet 1/1 Console(config-if)#switchport broadcast packet-rate 600 Console(config-if)#end Console#show interfaces switchport ethernet 1/12 Information of Eth 1/12 Broadcast threshold: Enabled, 600 packets/second Lacp status: Disabled VLAN membership mode: Hybrid...
Page 119: Showing Port Statistics
RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). RMON statistics provide access to a broad range...
Page 120: Statistical Values
ONFIGURING THE WITCH passing through each port. All values displayed have been accumulated since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as SMC’s EliteView.
Page 121 Parameter Transmit Multicast Packets Transmit Broadcast Packets Transmit Discarded Packets Transmit Errors Etherlike Statistics Alignment Errors Late Collisions FCS Errors Excessive Collisions Single Collision Frames The number of successfully transmitted frames for Internal MAC Transmit Errors Description The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent.
Page 122 ONFIGURING THE WITCH Parameter Multiple Collision Frames Carrier Sense Errors SQE Test Errors Frames Too Long Deferred Transmissions A count of frames for which the first transmission Internal MAC Receive Errors RMON Statistics Drop Events Jabbers Received Bytes Collisions Received Frames Broadcast Frames Multicast Frames 3-74...
Page 123 Parameter CRC/Alignment Errors The number of CRC/alignment errors (FCS or Undersize Frames Oversize Frames Fragments 64 Bytes Frames 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames Description alignment errors). The total number of frames received that were less than 64 octets long (excluding framing bits, but including FCS octets) and were otherwise well formed.
Page 124 ONFIGURING THE WITCH Web – Click Statistics, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. 3-76...
Page 125: Configuring Rate Limits
CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 Ethernet 1/13 Iftable stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unitcast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 17027...
Page 126 ONFIGURING THE WITCH Command Usage Due to a switch chip limitation, the input rate limit can only be enabled or disabled globally for all interfaces on the switch. However, the output rate limit can be enabled or disabled for individual interfaces.
Page 127: Trunk Configuration
EtherChannel standard. On the other hand, LACP configured ports can automatically negotiate a trunked link with LACP-configured ports on another device. You can configure any number of ports on the switch as LACP, as long as they are not already configured as part of a static trunk. If ports on another device are also configured as LACP, the switch and the other device will negotiate a trunk link between them.
Page 128: Dynamically Configuring A Trunk
• Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop. • You can create up to six trunks on the switch, with up to four ports per trunk. • The ports at both ends of a connection must be configured as trunk ports.
Page 129 • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 130: Statically Configuring A Trunk
ONFIGURING THE WITCH CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/17 Console(config-if)#lacp Console(config-if)#exit Console(config)#interface ethernet 1/18 Console(config-if)#lacp...
Page 131 Add. After you have completed adding ports to the member list, click Apply. CLI – This example creates trunk 2 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 2 Console(config-if)#exit...
Page 132: Address Table Settings
Setting Static Addresses A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 133: Displaying The Address Table
Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port.
Page 134 ONFIGURING THE WITCH • Address Table Sort Key – You can sort the information displayed based on interface (port or trunk) or MAC address. Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query.
Page 135: Changing The Aging Time
The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure...
Page 136 WITCH STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device.
Page 137: Displaying Global Settings
• Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. - Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port.
Page 138 ONFIGURING THE WITCH - Root Path Cost – The path cost from the root port on this switch to the root device. • Configuration Changes – The number of times the Spanning Tree has been reconfigured. • Last Topology Change – Time since the Spanning Tree was last reconfigured.
Page 139 • Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. Web – Click Spanning Tree, STA Information. CLI – This command displays global STA settings, followed by settings for each port.
Page 140: Configuring Global Settings
RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 141 device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.) Default: 32768 Range: 0-61440, in steps of 4096 Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 Root Device Configuration •...
Page 142 ONFIGURING THE WITCH Advanced Configuration Settings for RSTP • Path Cost Method – The path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface. Long: Specifies 32-bit based values that range from 1-200,000,000.
Page 143: Displaying Interface Settings
- A port on a network segment with no other STA compliant bridging device is always forwarding. - If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
Page 144 Spanning Tree. • Designated Port – The port priority and number of the port through which this switch, acting as a designated bridge, communicates with the attached LAN or host device. • Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.
Page 145 • Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 146 - Point-to-Point – A connection to exactly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media.
Page 147: Configuring Interface Settings
CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/5 1/ 1 information ------------------------------------------ Admin status Role State Path cost Priority Designated cost Designated port Designated root Designated bridge Forward transitions Fast forwarding Admin edge port Oper edge port Admin Link type Oper Link type...
Page 148 • Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 149 Port should only be enabled for ports connected to an end-node device. (Default: Disabled) • Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode.
Page 150: Vlan Configuration
Overview In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks.
Page 151: Assigning Ports To Vlans
• Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you...
Page 152 VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port).
Page 153 IEEE 802.1Q VLAN protocol, it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join. When this switch receives these messages, it will automatically place the receiving port in the specified VLANs, and then forward the message to all other ports.
Page 154: Forwarding Tagged/Untagged Frames
When forwarding a frame from this switch along a path that contains any VLAN-aware devices, the switch should include VLAN tags. When forwarding a frame from this switch along a path that does not contain any VLAN-aware devices (including the destination host), the switch must first strip off the VLAN tag before forwarding the frame.
Page 155: Enabling Or Disabling Gvrp (Global Setting)
The VLAN Basic Information page displays basic information on the VLAN type supported by the switch. Field Attributes • VLAN Version Number* – The VLAN version used by this switch as specified in the IEEE 802.1Q standard. • Maximum VLAN ID – Maximum VLAN ID recognized by this switch.
Page 156: Displaying Current Vlans
ONFIGURING THE WITCH • Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch. * Web Only Web – Click VLAN, VLAN Base Information. CLI – Enter the following command. Console#show bridge-ext Max support vlan numbers: 255...
Page 157 • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP. - Permanent: Added as a static entry. • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members.
Page 158: Creating Vlans
Console# Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes •...
Page 159: Adding Static Members To Vlans (Vlan Index)
VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol. Notes: 1. You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index (page 3-113).
Page 160 ONFIGURING THE WITCH 2. VLAN 1 is the default untagged VLAN containing all ports on the switch, and can only be modified by first reassigning the default port VLAN ID as described under “Configuring VLAN Behavior for Interfaces” on page 3-114.
Page 161: Adding Static Members To Vlans (Port Index)
Web – Click VLAN, VLAN Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks. Click Apply. CLI –...
Page 162: Configuring Vlan Behavior For Interfaces
ONFIGURING THE WITCH Web – Open VLAN, VLAN Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to display membership information for the interface. Select a VLAN ID, and then click Add to add the interface as a tagged member, or click Remove to remove the interface.
Page 163 BPDU frames, such as GMRP. • GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect. (See “Displaying Bridge Extension Capabilities” on page 3-16.) When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.
Page 164 ONFIGURING THE WITCH • GARP Join Timer* – The interval between transmitting requests/ queries to participate in a VLAN group. (Range: 20-1000 centiseconds; Default: 20) • GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time. This ensures that after a Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group.
Page 165: Vlan C Onfiguration
Web – Click VLAN, VLAN Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply. CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.
Page 166: Configuring Private Vlans
VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) Enabling Private VLANs Use the Private VLAN Status page to enable/disable the Private VLAN function.
Page 167: Configuring Uplink And Downlink Ports
Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports.
Page 168: Class Of Service Configuration
Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port.
Page 169 Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 Console(config-if)#end Console#show interfaces switchport ethernet 1/5 Information of Eth 1/5...
Page 170: Mapping Cos Values To Egress Queues
The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network.
Page 171 LASS OF ERVICE ONFIGURATION Command Attributes • Priority – CoS value. (Range: 0-7, where 7 is the highest priority) • Traffic Class* – Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) * CLI shows Queue ID. Web –...
Page 172: Setting The Service Weight For Traffic Classes
Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in “Mapping CoS Values to Egress Queues” on page 3-122, the traffic classes are mapped to one of the four egress queues provided for each port.
Page 173: Mapping Layer 3/4 Priorities To Cos Values
ToS octet may contain three bits for IP Precedence or six bits for Differentiated Services Code Point (DSCP) service. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue. LASS OF ERVICE...
Page 174: Selecting Ip Precedence/Dscp Priority
WITCH Because different priority information may be contained in the traffic, this switch maps priority values to the output queues in the following manner: • The precedence for priority mapping is IP Port Priority, IP Precedence or DSCP Priority, and then Default Port Priority.
Page 175: Mapping Ip Precedence
Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
Page 176 CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings.
Page 177: Mapping Dscp Priority
Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.
Page 178 CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings.
Page 179: Mapping Ip Port Priority
LASS OF ERVICE ONFIGURATION Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110.
Page 180 CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS value 0, and then displays the IP Port Priority settings. Console(config)#map ip port...
Page 181: Copying Ip Settings To Another Interface
Copying IP Settings to Another Interface You can copy IP Precedence, DSCP priority, or IP port priority settings from one interface (port or trunk) to other interfaces on the switch. Command Attributes • Copy IP Precedence Priority Settings – Selects IP Precedence priority settings to be copied to other interfaces.
Page 182: Multicast Filtering
It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service. This procedure is called multicast filtering.
Page 183: Igmp Protocol
A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/ switch on the LAN performing IP multicasting, one of these devices is elected “querier” and assumes the role of querying the LAN for group members.
Page 184: Layer 2 Igmp (Snooping And Query)
IP multicast packets across different subnetworks. Therefore, when DVMRP or PIM routing is enabled for a subnet on this switch, you also need to enable IGMP. Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If multicast routing is not supported on...
Page 185: Configuring Igmp Snooping Parameters
Configuring IGMP Snooping Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
Page 186 ONFIGURING THE WITCH • Act as IGMP Querier — When enabled, the switch can serve as the Querier, which is responsible for asking hosts if they want to receive multicast traffic. (Default: Disabled) • IGMP Query Count — Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group.
Page 187: Displaying Interfaces Attached To A Multicast Router
VLAN ID. Command Attributes • VLAN ID – ID of configured VLAN (1-4094). • Multicast Router List – Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch. : Enabled : Enabled...
Page 188: Specifying Static Interfaces For A Multicast Router
IGMP querier. Therefore, if the IGMP querier is a known multicast router/ switch connected over the network to an interface (port or trunk) on your switch, you can manually configure the interface (and a specified VLAN) to join all the current multicast groups supported by the attached router.
Page 189 Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add. After you have finished adding interfaces to the list, click Apply. CLI –...
Page 190: Displaying Port Members Of Multicast Services
Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service. CLI – This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresponding services.
Page 191: Assigning Ports To Multicast Services
Parameters” on page 3-137. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
Page 192: Layer 3 Igmp (Query Used With Multicast Routing)
IGMP Query – Multicast query is used to poll each known multicast group for active members, and dynamically configure the switch ports which need to forward multicast traffic. Although the implementation differs slightly, IGMP Query is used in conjunction with both Layer 2 IGMP Snooping and multicast routing.
Page 193: Configuring Igmp Interface Parameters
Configuring IGMP Interface Parameters This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. The hosts may respond with several types of IP multicast messages. Hosts respond to queries with report messages that indicate which groups they want to join or the groups to which they already belong.
Page 194 - All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. - The switch must be set to version 2 to enable the Max Query Response Time.
Page 195 ULTICAST ILTERING • Querier – Device currently serving as the IGMP querier for this multicast service. Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parameters for each interface, then click Apply. 3-147...
Page 196: Displaying Multicast Group Information
• Group Address – IP multicast group address with subscribers directly attached or downstream from this switch. • Interface – The interface on this switch that has received traffic directed to the multicast group address. • Last Reporter – The IP address of the source of the last membership report received for this multicast group address on this interface.
Page 197: Ip Routing
• V1 Timer – The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface. (Default: 400 seconds) - If the switch receives an IGMP Version 1 Membership Report, it sets a timer to note that there are Version 1 hosts present which are members of the group for which it heard the report.
Page 198: Initial Configuration
ONFIGURING THE WITCH networks. However, when the switch is first booted, no default routing is defined. As with all traditional routers, the routing functions must first be configured to work. Initial Configuration In the default configuration, all ports belong to the same VLAN and the switch provides only Layer 2 functionality.
Page 199: Ip Switching
If the destination node is on the same subnetwork as the source network, then the packet can be transmitted directly without the help of a router. However, if the MAC address is not yet known to the switch, an Address Resolution Protocol (ARP) packet with the destination IP address is broadcast to get the destination MAC address from the destination node.
Page 200: Routing Path Management
ONFIGURING THE WITCH there, the switch broadcasts an ARP packet to all the ports on the destination VLAN to find out the destination MAC address. After the MAC address is discovered, the packet is reformatted and sent out to the destination.
Page 201 Non-IP Protocol Routing The switch supports IP routing only. Non-IP protocols such as IPX and Appletalk cannot be routed by this switch, and will be confined within their local VLAN group unless bridged by an external router.
Page 202: Basic Ip Interface Configuration
VLAN. Command Attributes • IP Routing Status – Configures the switch to operate as a Layer 2 switch or as a multilayer routing switch. (Options: Disable this field to restrict operation to Layer 2 switching; enable it to allow multilayer operation at either Layer 2 or 3 as required.)
Page 203: Configuring Ip Routing Interfaces
Web - Click IP, General, Global Settings. Set IP Routing Status to Disabled to restrict operation to Layer 2, or Enabled to allow multilayer switching, specify the default gateway which will be forwarded packets for all unknown subnets, and click Apply. CLI - This example enables IP routing, and sets the default gateway.
Page 204 ONFIGURING THE WITCH • Before you configure any network interfaces on this router, you should first create a VLAN for each unique user group, or for each network application and its associated users. Then assign the ports associated with each of these VLANs. Command Attributes •...
Page 205: Address Resolution Protocol
Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First specify a primary address, and click Set IP Configuration. If you need to assign secondary addresses, enter these addresses one at a time, and click Set IP Configuration after entering each address.
Page 206: Proxy Arp
ONFIGURING THE WITCH appropriate field in the frame header, and forwards the frame on to the next hop. IP traffic passes along the path to its final destination in this way, with each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient, until the packet is delivered to the final destination.
Page 207: Basic Arp Configuration
request by sending its own MAC address to the requesting node. That node then sends traffic to the router, which in turn uses its own routing table to forward the traffic to the remote destination. request no routing, no default gateway Basic ARP Configuration You can use the ARP General configuration menu to specify the timeout...
Page 208: Configuring Static Arp Addresses
ONFIGURING THE WITCH Web - Click IP, ARP, General. Set the timeout to a suitable value for the ARP cache, enable Proxy ARP for subnetworks that do not have routing or a default gateway, and click Apply. CLI - This example sets the ARP cache timeout for 15 minutes (i.e., 900 seconds), and enables Proxy ARP for VLAN 3.
Page 209: Displaying Dynamically Learned Arp Entries
• MAC Address – MAC address statically mapped to the corresponding IP address. (Valid MAC addresses are hexadecimal numbers in the format: xx-xx-xx-xx-xx-xx.) • Entry Count – The number of static entries in the ARP cache. Web - Click IP, ARP, Static Addresses. Enter the IP address, the corresponding MAC address, and click Apply.
Page 210 ONFIGURING THE WITCH • Dynamic to Static* – Changes a selected dynamic entry to a static entry. • Clear All* – Deletes all dynamic entries from the ARP cache. • Entry Count – The number of dynamic entries in the ARP cache. * These buttons take effect immediately.
Page 211: Displaying Local Arp Entries
Displaying Local ARP Entries The ARP cache also contains entries for local interfaces, including subnet, host, and broadcast addresses. Command Attributes • IP Address – IP address of a local entry in the cache. • MAC Address – MAC address mapped to the corresponding IP address. •...
Page 212: Displaying Arp Statistics
ONFIGURING THE WITCH Displaying ARP Statistics You can display statistics for ARP messages crossing all interfaces on this router. Statistical Values Parameter Received Request Received Reply Sent Request Sent Reply Web - Click IP, ARP, Statistics. 3-164 Description Number of ARP Request packets received by the router. Number of ARP Reply packets received by the router.
Page 213: Displaying Statistics For Ip Protocols
CLI - This example provides detailed statistics on common IP-related protocols. Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent: 9 generated 0 no route...
Page 214 ONFIGURING THE WITCH Statistical Values Parameter Packets Received Received Address Errors Received Packets Discarded Output Requests Output Packet No Route Datagrams Forwarded Reassembly Required Reassembly Failures Datagrams Failing Fragmentation Received Header Errors The number of input datagrams discarded due to errors 3-166 Description The total number of input datagrams received from...
Page 215 Parameter Unknown Protocols Received Received Packets Delivered Discarded Output Packets Fragments Created Routing Discards Reassembly Successful Datagrams Successfully Fragmented Web - Click IP, Statistics, IP. CLI - See the example on page 3-164. Description The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.
Page 216: Icmp Statistics
ONFIGURING THE WITCH ICMP Statistics Internet Control Message Protocol (ICMP) is a network layer protocol that transmits message packets to report errors in processing IP packets. ICMP is therefore an integral part of the Internet Protocol. ICMP messages may be used to report various situations, such as when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route.
Page 217 Parameter Timestamp Replies Address Masks Address Mask Replies Web - Click IP, Statistics, ICMP. CLI - See the example on page 3-164. Description The number of ICMP Timestamp Reply messages received/sent. The number of ICMP Address Mask Request messages received/sent. The number of ICMP Address Mask Reply messages received/sent.
Page 218: Udp Statistics
ONFIGURING THE WITCH UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets.
Page 219: Tcp Statistics
TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols. Statistical Values Parameter Segments Received Segments Sent Active Opens Failed Connection Attempts Current Connections Receive Errors...
Page 220: Configuring Static Routes
ONFIGURING THE WITCH Web - Click IP, Statistics, TCP. CLI - See the example on page 3-164. Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF). However, you can also manually enter static routes in the routing table.
Page 221: Displaying The Routing Table
Web - Click IP, Routing, Static Routes. CLI - This example forwards all traffic for subnet 192.168.1.0 to the router 192.168.5.254, using the default metric of 1. Console(config)#ip route 192.168.1.0 255.255.255.0 192.168.5.254 Console(config)# Displaying the Routing Table You can display all the routes that can be accessed via the local network interfaces, via static routes, or via a dynamically learned route.
Page 222 ONFIGURING THE WITCH • Netmask – Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • Next Hop – The IP address of the next hop (or gateway) in this route. •...
Page 223: Configuring The Routing Information Protocol
Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost. Each router broadcasts its advertisement every 30 seconds, together with any updates to its routing table.
Page 224: Configuring General Protocol Settings
ONFIGURING THE WITCH • There are several serious problems with RIP that you should consider. First of all, RIP (version 1) has no knowledge of subnets, both RIP versions can take a long time to converge on a new route after the failure of a link or router during which time routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks.
Page 225 Command Attributes Global Settings • RIP Routing Process – Enables RIP routing for all IP interfaces on the router. (Default: Disabled) • Global RIP Version – Specifies a RIP version used globally by the router. (Default: RIP Version 1) Timer Settings •...
Page 226: Specifying Network Interfaces For Rip
ONFIGURING THE WITCH CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds. Console(config)#router rip Console(config-router)#version 2 Console(config-router)#timers basic 15 Console(config-router)#end Console#show rip globals RIP Process: Enabled Update Time in Seconds: 15 Number of Route Change: 0 Number of Queries: 1 Console#...
Page 227: Configuring Network Interfaces For Rip
Web - Click Routing Protocol, RIP, Network Addresses. Add all interfaces that will participate in RIP, and click Apply. CLI - This example includes network interface 10.1.0.0 in the RIP routing process. Console(config)#router-rip Console(config-router)#network 10.1.0.0 Console(config-router)#end Console#show ip rip status Peer UpdateTime --------------- ------------ --------- --------------- --------------...
Page 228 ONFIGURING THE WITCH Command Usage Specifying Receive and Send Protocol Types • Setting the RIP Receive Version or Send Version for an interface overrides the global setting specified by the RIP / General Settings, Global RIP Version field. • You can specify the Receive Version based on these options: - Use “RIPv1”...
Page 229 three methods that can provide faster convergence when the network topology changes and prevent most loops from occurring: • Split Horizon – Never propagate routes back to an interface port from which they have been acquired. • Poison Reverse – Propagate routes back to an interface port from which they have been acquired, but set the distance-vector metrics to infinity.
Page 230 ONFIGURING THE WITCH - RIPv2: Sends only RIPv2 packets. - RIPv1 Compatible: Route information is broadcast to other routers with RIPv2. (Default) - Do Not Send: Does not transmit RIP updates. (The default depends on the setting specified under RIP / General Settings, Global RIP Version: RIPv1 - RIPv1 Compatible, RIPv2 - RIPv2 packets) •...
Page 231: Displaying Rip Information And Statistics
Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method used to provide faster convergence and prevent loopback (i.e., prevent instability in the network topology), and the authentication option and corresponding password.
Page 232: Rip Information And Statistics
ONFIGURING THE WITCH RIP Information and Statistics Parameter Globals RIP Routing Process Update Time in Seconds The interval at which RIP advertises known route Number of Route Changes Number of Queries Interface Information Interface SendMode ReceiveMode InstabilityPreventing AuthType RcvBadPackets RcvBadRoutes SendUpdates Peer Information PeerAddress...
Page 233 IP R OUTING Web - Click Routing Protocol, RIP, Statistics. 3-185...
Page 234: Configuring The Open Shortest Path First Protocol
ONFIGURING THE WITCH CLI - The information displayed by the RIP Statistics screen via the Web interface can be accessed from the CLI using the following commands. Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration Interface...
Page 235 OSPF routers exist; as well as the not-so-stubby area option (RFC 1587). stub NSSA ASBR Router external network Command Usage • OSPF looks at more than just the simple hop count. When adding the shortest path to any node into the tree, the optimal path is chosen on the basis of delay, throughput and connectivity.
Page 236: Configuring General Protocol Settings
ONFIGURING THE WITCH • OSPFv2 is a compatible upgrade to OSPF. It involves enhancements to protocol message authentication, and the addition of a point-to-multipoint interface which allows OSPF to run over non-broadcast networks, as well as support for overlapping area ranges. •...
Page 237 • OSPF Router ID – Assigns a unique router ID for this device within the autonomous system. (Default: The lowest interface address) • Version Number • Area Border Router if this router connect directly to networks in two or more areas. An area border router runs a separate copy of the Shortest Path First algorithm, maintaining a...
Page 238 ONFIGURING THE WITCH • SPF Hold Time (seconds) – The hold time between making two consecutive shortest path first (SPF) calculations. (Range: 0-65535; Default: 10) • Area Numbers router. Default Route Information – • Originate Default Route autonomous system. Note that the AS Boundary Router field must be enabled, and the Advertise Default Route field properly configured.
Page 239 Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. CLI - This example configures the router with the same settings as shown in the screen capture for the Web interface. Console(config)#router ospf Console(config-router)#router-id 10.1.1.253 Console(config-router)#no compatible rfc1583...
Page 240: Configuring Ospf Areas
ONFIGURING THE WITCH Configuring OSPF Areas An autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default, all other areas are created as normal transit areas. Routers in a normal area may import or export routing information about individual nodes.
Page 241 • By default, a stub can only pass traffic to other areas in the autonomous system via the default external route. However, you also can configure an area border router to send Type 3 summary link advertisements into the stub. NSSA –...
Page 242 ONFIGURING THE WITCH Command Usage • Before you create a stub or NSSA, first specify the address range for an area using the Network Area Address Configuration screen (page 3-206). • Stubs and NSSAs cannot be used as a transit area, and should therefore be placed at the edge of the routing domain.
Page 243 Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub, and area 0.0.0.3 as an NSSA.
Page 244: Configuring Area Ranges (Route Summarization For Abrs)
ONFIGURING THE WITCH Console# show ip ospf Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB) Number of interfaces in this area is 1 SPF algorithm executed 8 times...
Page 245 Command Attributes • Area ID – Identifies an area for which the routes are summarized. (The area ID must be in the form of an IP address.) • Range Network – Base address for the routes to summarize. • Range Netmask – Network mask for the summary route. •...
Page 246: Configuring Ospf Interfaces
ONFIGURING THE WITCH CLI - This example summarizes all the routes for area 1. Note that the default for the area range command is to advertise the route summary. The configured summary route is shown in the list of information displayed for area 1.
Page 247 Field Attributes OSPF Interface List • VLAN ID – The VLAN to which an IP interface has been assigned. • Interface IP – The IP interface associated with the selected VLAN. • Area ID – The area to which this interface has been assigned. •...
Page 248 ONFIGURING THE WITCH interface when estimating this delay. Set the transmit delay according to link speed, using larger values for lower-speed links. - The transmit delay must be the same for all routers in an autonomous system. - On slow links, the router may send packets more quickly than devices can receive them.
Page 249 • Authentication Type – Specifies the authentication type used for an interface. (Options: None, Simple password, MD5; Default: None) - Use authentication to prevent routers from inadvertently joining an unauthorized area. Configure routers in the same area with the same password or key.
Page 250 ONFIGURING THE WITCH - When changing to a new key, the router will send multiple copies of all protocol messages, one with the old key and another with the new key. Once all the neighboring routers start sending protocol messages back to this router with the new key, the router will stop using the old key.
Page 251 Change any of the interface-specific protocol parameters, and then click Apply CLI - This example configures the interface parameters for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 5 Console(config-if)#ip ospf transmit-delay 6 Console(config-if)#ip ospf retransmit-interval 7 Console(config-if)#ip ospf hello-interval 5 Console(config-if)#ip ospf dead-interval 50 Console(config-if)#ip ospf cost 10 Console(config-if)#ip ospf authentication message-digest...
Page 252: Configuring Virtual Links
ONFIGURING THE WITCH Configuring Virtual Links All OSPF areas must connect to the backbone. If an area does not have a direct physical connection to the backbone, you can configure a virtual link that provides a logical path to the backbone.
Page 253 Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set.
Page 254: Configuring Network Area Addresses
ONFIGURING THE WITCH Configuring Network Area Addresses OSPF protocol broadcast messages (i.e., Link State Advertisements or LSAs) are restricted by area to limit their impact on network performance. A large network should be split up into separate OSPF areas to increase network stability, and to reduce protocol traffic by summarizing routing information into more compact messages.
Page 255 Command Attributes • IP Address – Address of the interfaces to add to the area. • Netmask – Network mask of the address range to add to the area. • Area ID – Area to which the specified address or range is assigned. An OSPF area identifies a group of routers that share common routing information.
Page 256: Configuring Summary Addresses (For External As Routes)
ONFIGURING THE WITCH CLI - This example configures the backbone area and one transit area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.0 Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 8 times...
Page 257 Command Attributes • IP Address – Summary address covering a range of addresses. • Netmask – Network mask for the summary route. Note: This router supports up 16 Type-5 summary routes. Web - Click Routing Protocol, OSPF, Summary Address Configuration. Specify the base address and network mask, then click Add.
Page 258: Redistributing External Routes
ONFIGURING THE WITCH Redistributing External Routes You can configure this router to import external routing information from other routing protocols into the autonomous system. Command Usage • This router supports redistribution for both RIP and static routes. • When you redistribute external routes into an OSPF autonomous system (AS), the router automatically becomes an autonomous system boundary router (ASBR).
Page 259 Command Attributes • Redistribute Protocol – Specifies the external routing protocol type for which routing information is to be redistributed into the local routing domain. (Options: RIP, Static; Default: RIP) • Redistribute Metric Type – Indicates the method used to calculate external route costs.
Page 260: Configuring Nssa Settings
ONFIGURING THE WITCH Configuring NSSA Settings Use the OSPF / NSSA Settings page to configure a not-so-stubby area (NSSA), and to control the use of default routes for ABRs and ASBRs, or external routes learned from other routing domains and imported via an ABR.
Page 261: Displaying Link State Database Information
Web - Click Routing Protocol, OSPF, NSSA Settings. Create a new NSSA or modify the routing behavior for an existing NSSA, and click Apply. CLI - This example configures area 0.0.0.1 as a stub and sets the cost for the default summary route to 10. Console(config-router)#area 0.0.0.1 nssa default-information-originate Console(config-router)#area 0.0.0.2 nssa no-redistribution...
Page 262 ONFIGURING THE WITCH The full database is exchanged between neighboring routers as soon as a new router is discovered. Afterwards, any changes that occur in the routing tables are synchronized with neighboring routers through a process called reliable flooding. You can show information about different LSAs stored in this router’s database, which may include any of the following types: •...
Page 263 IP R OUTING • Adv Router – IP address of the advertising router. If not entered, information about all advertising routers is displayed. • Age* – Age of LSA (in seconds). • Seq* – Sequence number of LSA (used to detect older duplicate LSAs). •...
Page 264: Displaying Information On Border Routers
ONFIGURING THE WITCH Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR) known by this device. Field Attributes • Destination – Identifier for the destination router. •...
Page 265: Displaying Information On Neighbor Routers
Displaying Information on Neighbor Routers You can display about neighboring routers on each interface within an OSPF area. Field Attributes • ID – Neighbor’s router ID. • Priority – Neighbor’s router priority. • State – OSPF state and identification flag. States include: - Down –...
Page 266: Multicast Routing
ONFIGURING THE WITCH Web - Click Routing Protocol, OSPF, Neighbor Information. CLI - This shows a designated router and backup designated router as neighbors. Console#show ip ospf neighbor --------------- ------ ---------------- --------------- 10.2.44.5 10.2.44.6 Console# Multicast Routing This router can route multicast traffic to different subnetworks using either Distance Vector Multicast Routing Protocol (DVMRP) or Protocol-Independent Multicasting - Dense Mode (PIM-DM).
Page 267: Configuring Global Settings For Multicast Routing
If DVMRP and PIM-DM are not enabled on this router or another multicast routing protocol is used on your network, you can manually configure the switch ports attached to a multicast router (page 3-140). Configuring Global Settings for Multicast Routing...
Page 268 ONFIGURING THE WITCH routes to forward multicast traffic only if group members appear on directly-attached subnetworks or on subnetworks attached to downstream routers. Field Attributes • Group Address – IP group address for a multicast service. • Source Address – Subnetwork containing the IP multicast source. •...
Page 269 ULTICAST OUTING Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry. 3-221...
Page 270: Configuring Dvmrp
ONFIGURING THE WITCH CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast source routed by DVMRP, and another source routed via PIM. Console#show ip mroute IP Multicast Forwarding is enabled. IP Multicast Routing Table Flags: P - Prune, F - Forwarding...
Page 271: Configuring Global Dvmrp Settings
ULTICAST OUTING to build up a source-rooted multicast delivery tree that allows it to prevent looping and determine the shortest path to the source of this multicast traffic. source branch leaf leaf When this router receives the multicast message, it checks its unicast routing table to locate the port that provides the shortest path back to the source.
Page 272 ONFIGURING THE WITCH Command Usage Broadcasting periodically floods the network with traffic from any active multicast server. If IGMP snooping is disabled, multicast traffic is flooded to all ports on the router. However, if IGMP snooping is enabled, then the first packet for any source group pair is flooded to all DVMRP downstream neighbors.
Page 273 The global settings that control the prune and graft messages (i.e., prune lifetime) should be configured to the same values on all routers throughout the network to allow DVMRP to function properly. However, if you encounter problems in maintaining a multicast flow, then you may need to modify the protocol variables which control the exchange of topology information between DVMRP routers;...
Page 274 ONFIGURING THE WITCH to the router. When the router receives these messages, it records all the downstream routers for the default route. - When multicast traffic with an unknown source address (i.e., not found in the route table) is received on the default upstream route interface, the router forwards this traffic out through the other interfaces (with known downstream routers).
Page 275: Configuring Dvmrp Interface Settings
CLI – This sets the global parameters for DVMRP and displays the current settings. Console(config)#router dvmrp Console(config-router)#probe-interval 30 Console(config-router)#nbr-timeout 40 Console(config-router)#report-interval 90 Console(config-router)#flash-update-interval 10 Console(config-router)#prune-lifetime 5000 Console(config-router)#default-gateway 10.1.0.253 Console(config-router)#end Console#show router dvmrp Admin Status Probe Interval Nbr expire Minimum Flash Update Interval prune lifetime route report Default Gateway...
Page 276 ONFIGURING THE WITCH • Status – Enables or disables DVMRP. - If DVMRP is enabled on any interface, Layer 3 IGMP should also be enabled on the router (page 3-144). - If DVMRP is disabled, the interface cannot propagate IP multicast routing information.
Page 277: Displaying Neighbor Information
Displaying Neighbor Information You can display all the neighboring DVMRP routers. Command Attributes • Neighbor Address – The IP address of the network device immediately upstream for this multicast delivery tree. • Interface – The IP interface on this router that connects to the upstream neighbor.
Page 278: Displaying The Routing Table
ONFIGURING THE WITCH CLI – This example displays the only neighboring DVMRP router. Console#show ip dvmrp neighbor Address ---------------- --------------- -------- -------- ------------- 10.1.0.254 Console# Displaying the Routing Table The router learns source-routed information from neighboring DVMRP routers and also advertises learned routes to its neighbors. The router merely records path information it has learned on its own or from other routers.
Page 279: Configuring Pim-Dm
• Up time – The time elapsed since this entry was created. • Expire – The time remaining before this entry will be aged out. Web – Click Routing Protocol, DVMRP, DVMRP Routing Table. CLI – This example displays known DVMRP routes. Console#show ip dvmrp route Source --------------- --------------- --------------- --------- ------ ------ ------...
Page 280: Configuring Global Pim-Dm Settings
ONFIGURING THE WITCH network. If it is not, the router drops the packet and sends a prune message back out the source interface. If it is the same interface used by the unicast protocol, then the router forwards a copy of the packet to all the other interfaces for which is has not already received a prune message for this specific source-group pair.
Page 281: Configuring Pim-Dm Interface Settings
CLI – This example enables PIM-DM globally and displays the current status. Console(config)#router pim Console#show router pim Admin Status: Enabled Console# Configuring PIM-DM Interface Settings To fully enable PIM-DM, you need to enable multicast routing globally for the router (page 3-219), enable PIM-DM globally for the router (page 3-232), and also enable PIM-DM for each interface that will participate in multicast routing.
Page 282 ONFIGURING THE WITCH not these neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 30) • Hello Holdtime – Sets the interval to wait for hello messages from a neighboring PIM router before declaring it dead. Note that the hello holdtime should be 3.5 times the value of Hello Interval.
Page 283 Web – Click Routing Protocol, PIM-DM, Interface Settings. Select a VLAN, enable or disable PIM-DM for the selected interface, modify any of the protocol parameters as required, and click Apply. CLI – This example sets the PIM-DM protocol parameters for VLAN 2, and displays the current settings.
Page 284: Displaying Interface Information
ONFIGURING THE WITCH Displaying Interface Information You can display a summary of the current interface status for PIM-DM, including the number of neighboring PIM routers, and the address of the designated PIM router. Command Attributes • Interface – A VLAN interface on this router. •...
Page 285: Displaying Neighbor Information
Displaying Neighbor Information You can display all the neighboring PIM-DM routers. Command Attributes • Neighbor Address – IP address of the next-hop router. • Interface – VLAN that is attached to this neighbor. • Up time – The duration this entry has been active. •...
Page 286 ONFIGURING THE WITCH 3-238...
Page 287: Command Line Interface
Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
Page 288: Telnet Connection
After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the SMC6724L3 1 Intelligent Switch is opened. To end the CLI session, enter [Exit]. Console# Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address.
Page 289: Entering Commands
After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the SMC6724L3 1 Switch is opened. To end the CLI session, enter [Exit]. Vty-0# Note: You can open up to four sessions to the device via Telnet.
Page 290: Minimum Abbreviation
OMMAND NTERFACE You can enter commands as follows: • To enter a simple command, enter the command keyword. • To enter multiple commands, enter each command in the required order. For example, to enable Privileged Exec command mode, and display the startup configuration, enter: Console>enable Console#show startup-config...
Page 291: Showing Commands
Sntp Specify spanning-tree The system configuration of starting up Information of system Display information about terminal lines System hardware and software status Switch VLAN Virtual Interface Information of interfaces counters Information of interfaces status Information of interfaces switchport NTERING OMMANDS...
Page 292: Partial Keyword Lookup
OMMAND NTERFACE Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.”...
Page 293: Exec Commands
(page 4-34). To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the SMC6724L3 1 Switch is opened. To end the CLI session, enter [Exit]. Console# Mode Normal Privileged...
Page 294: Configuration Commands
OMMAND NTERFACE Username: guest Password: [guest login password] CLI session with the SMC6724L3 1 Switch is opened. To end the CLI session, enter [Exit]. Console#enable Password: [privileged level password] Console# Configuration Commands Configuration commands are privileged level commands used to modify switch settings.
Page 295 To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands. Console#configure Console(config)# To enter the other modes, at the configuration prompt type one of the following commands.
Page 296: Command Line Processing
OMMAND NTERFACE Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?”...
Page 297: Command Groups
CLI Controls system logs, system passwords, user name, browser management options, and a variety of other system information Manages code image or switch configuration files Configures logon access using local or RADIUS authentication; also configures IEEE 802.1x port access control...
Page 298 Configures IGMP multicast filtering, query parameters, and specifies ports attached to a multicast router Configures IP address for the switch interfaces; also configures ARP parameters and static entries Configures static and dynamic unicast routing Configures multicast routing protocols DVMRP and...
Page 299: Line Commands
Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal). Command line login password exec-timeout...
Page 300: Line
OMMAND NTERFACE line Use this command to identify a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line.
Page 301: Login
Command Mode Line Configuration Command Usage • There are three authentication modes provided by the switch at login: - login selects authentication by a single global password as specified by the password line configuration command. When using this method, the management interface starts in Normal Exec (NE) mode.
Page 302: Password
OMMAND NTERFACE Example Console(config-line)#login local Console(config-line)# Related Commands username (4-33) password (4-16) password Use this command to specify the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password • {0 | 7} - 0 means plain password, 7 means encrypted password •...
Page 303: Exec-Timeout
configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config-line)#password 0 secret Console(config-line)# Related Commands login (4-15) password-thresh (4-18) exec-timeout Use this command to set the interval that the system waits until user input is detected.
Page 304: Password-Thresh
OMMAND NTERFACE Example To set the timeout to two minutes, enter this command: Console(config-line)#exec-timeout 120 Console(config-line)# password-thresh Use this command to set the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value.
Page 305: Silent-Time
Related Commands silent-time (4-19) silent-time Use this command to set the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value. Syntax silent-time [seconds] no silent-time...
Page 306: Databits
OMMAND NTERFACE databits Use this command to set the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits •...
Page 307: Parity
parity Use this command to define generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode...
Page 308: Speed
OMMAND NTERFACE speed Use this command to set the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting. Syntax speed bps no speed bps - Baud rate in bits per second.
Page 309: Stopbits
stopbits Use this command to set the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} • 1 - One stop bit • 2 - Two stop bits Default Setting 1 stop bit Command Mode...
Page 310: General Commands
OMMAND NTERFACE Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 Vty configuration: Password threshold: 3 times Interactive timeout: 65535 General Commands Command Function...
Page 311: Enable
enable Use this command to activate Privileged Exec mode. In privileged mode, additional commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 4-6. Syntax enable [level] level - Privilege level to log into the device. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec.
Page 312: Disable
Use this command to return to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes”...
Page 313: Configure
Use this command to activate Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, and VLAN Database Configuration.
Page 314: Reload
OMMAND NTERFACE Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history...
Page 315: End
Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue <y/n>? y Use this command to return to Privileged Exec mode. Default Setting None Command Mode Global Configuration, Interface Configuration, Line Configuration,...
Page 316: Quit
OMMAND NTERFACE Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: quit Use this command to exit the configuration program. Default Setting None Command Mode...
Page 317: System Management Commands
Sets the system clock using SNTP and time zone commands Displays system configuration, active managers, and version information Function Specifies the host name for the switch Sets the system contact string Sets the system location string ANAGEMENT OMMANDS Mode Page...
Page 318: Hostname
User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 4-13), user authentication via a remote authentication server (page 4-60), and host access authentication for specific ports (page 4-66).
Page 319: Username
username Use this command to add named users, require authentication at login, specify or change a user's password (or specify that no password is required), or specify or change a user's access level. Use the no form to remove a user name. Syntax username name {access-level level | nopassword | password {0 | 7} password}...
Page 320: Enable Password
OMMAND NTERFACE Command Usage The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server. There is no need for you to manually configure encrypted passwords.
Page 321: Web Server Commands
- The TCP port to be used by the browser interface. (Range: 1-65535) YSTEM Function Specifies the port to be used by the Web browser interface Allows the switch to be monitored or configured from a browser ANAGEMENT OMMANDS Mode Page 4-35...
Page 322: Ip Http Server
OMMAND NTERFACE Default Setting Command Mode Global Configuration Example Console(config)#ip http port 769 Console(config)# Related Commands ip http server (4-36) ip http server Use this command to allow this device to be monitored or configured from a browser. Use the no form to disable this function. Syntax ip http server no ip http server...
Page 323: Event Logging Commands
Use this command to control logging of error messages. This command sends debug or error messages to switch memory. The no form disables the logging process. Syntax logging on no logging on...
Page 324: Logging History
OMMAND NTERFACE logging history Use this command to limit syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
Page 325: Clear Logging
Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority (i.e., numerically lower) than that specified for RAM. Example Console(config)#logging history ram 0 Console(config)# clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] •...
Page 326: Show Logging
OMMAND NTERFACE show logging Use this command to display the logging configuration, along with any system and event messages stored in memory. Syntax show logging {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). •...
Page 327: Time Commands
Specifies one or more time servers Sets the interval at which the client polls for time GC Accepts time from any time broadcast server Shows current SNTP configuration settings Sets the time zone for the switch’s internal clock GC ANAGEMENT OMMANDS Mode Page...
Page 328: Sntp Client
Command Usage • The time acquired from time servers is used to record accurate dates and times for log events. Without SNTP, the switch only records the time starting from the factory default set at the last bootup (i.e., 00:00:00, Jan. 1, 2001).
Page 329: Sntp Server
Example Console(config)#sntp server 10.1.0.19 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#end Console#show sntp Current time: Poll interval: 60 Current mode: unicast Console# Related Commands sntp server (4-43) sntp poll (4-44) sntp broadcast client (4-45) show sntp (4-45) sntp server Use this command to set the IP address of the servers to which SNTP time requests are issued.
Page 330: Sntp Poll
(4-44) show sntp (4-45) sntp poll Use this command to set the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
Page 331: Sntp Broadcast Client
Console# Related Commands sntp client (4-42) sntp broadcast client Use this command to synchronize the switch’s clock based on time broadcast from time servers (using the multicast address 224.0.1.1). Use the no form to disable SNTP broadcast client mode. Syntax...
Page 332: Clock Timezone
Poll interval: 16 Current mode: Console# clock timezone Use this command to set the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} • name - Name of timezone, usually an acronym. (Range: 1-29 characters) •...
Page 333: System Status Commands
a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC. Example Console(config)#clock timezone Japan hours 8 minute 0 after-UTC Console(config)# Related Commands show sntp (4-45) System Status Commands Command show...
Page 334: Snmp Community Strings
OMMAND NTERFACE Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...
Page 335: Show Running-Config
interface vlan 1 ip address 0.0.0.0 255.0.0.0 ip address dhcp line console line vty Console# Related Commands show running-config (4-49) show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage •...
Page 336: L Ine I Nterface
OMMAND NTERFACE - Routing protocol configuration settings - Spanning tree settings - Any configured settings for the console port and Telnet Example Console#show running-config building running-config, please wait... snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4...
Page 337: Show System
• The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: TigerSwitch 10/100 Managed 24+2 L3 Switch System OID string: 1.3.6.1.4.1.202.20.29 System information System Up time: 0 days, 1 hours, 23 minutes, and 44.61 seconds...
Page 338: Show Version
Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage See “Displaying Switch Hardware/Software Versions” on page -14 for detailed information on the items displayed by this command. 4-52 Username Idle time (h:m:s) Remote IP addr. admin 0:00:00...
Page 339: Flash/File Commands
TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation. The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection.
Page 340 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) • Due to the size limit of the flash memory, the switch supports only two operation code files. • The maximum number of user-defined configuration files depends on available memory.
Page 341 the download menu during a boot up to download the Boot ROM (or diagnostic) image. See “Upgrading Firmware via the Serial Port” on page B-1 for more details. Example The following example shows how to upload the configuration settings to a file on the TFTP server: Console#copy file tftp Choose file type:...
Page 342: Delete
OMMAND NTERFACE delete Use this command to delete a file or image. Syntax delete filename filename - Name of the configuration file or image name. Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted.
Page 343: Dir
The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file. • config - Switch configuration file. • opcode - Run-time operation code image file. • filename - Name of the file or image. If this file exists but contains errors, information on this file cannot be shown.
Page 344: Whichboot
OMMAND NTERFACE Example The following example shows how to display all file information: Console#dir -------------------------------- -------------- ------- ----------- Factory_Default_Config.cfg ------------------------------------------------------------------- Console# whichboot Use this command to display which files were booted when the system powered up. Default Setting None Command Mode Privileged Exec Example This example shows the information displayed by the whichboot...
Page 345: Boot System
boot system Use this command to specify the file or image used to start up the system. Syntax boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom - Boot ROM. •...
Page 346: Authentication Commands
OMMAND NTERFACE Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x. Command Group...
Page 347: Radius Client
RADIUS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch. Command radius-server host radius-server port...
Page 348: Radius-Server Host
OMMAND NTERFACE Command radius-server retransmit radius-server timeout Sets the interval between sending show radius-server radius-server host Use this command to specify the RADIUS server. Use the no form to restore the default. Syntax radius-server host host_ip_address no radius-server host host_ip_address - IP address of server. Default Setting 10.1.0.1 Command Mode...
Page 349: Radius-Server Port
radius-server port Use this command to set the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812 Command Mode Global Configuration...
Page 350: Radius-Server Retransmit
Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) Default Setting Command Mode Global Configuration...
Page 351: Radius-Server Timeout
RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) Default Setting Command Mode...
Page 352: 802.1X Port Authentication
OMMAND NTERFACE 802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first enter a user ID and password for authentication. Client authentication is controlled centrally by a RADIUS server using EAPOL (Extensible Authentication Protocol Over LAN).
Page 353: Authentication Dot1X Default
authentication dot1x default Sets the default authentication server type. Use the no form to restore the default. Syntax authentication dot1x default radius no authentication dot1x Default Setting RADIUS Command Mode Global Configuration Example Console(config)#authentication dot1x default radius Console(config)# dot1x default Sets all configurable dot1x global and port settings to their default values.
Page 354: Dot1X Max-Req
OMMAND NTERFACE dot1x max-req Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session. Use the no form to restore the default. Syntax dot1x max-req count no dot1x max-req count –...
Page 355: Dot1X Re-Authenticate
Default force-authorized Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# dot1x re-authenticate Forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Page 356: Dot1X Timeout Quiet-Period
Console(config)#dot1x re-authentication Console(config)# dot1x timeout quiet-period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form of this command to reset the default.
Page 357: Dot1X Timeout Tx-Period
Example Console(config)#dot1x timeout re-authperiod 300 Console(config)# dot1x timeout tx-period Sets the time that the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number of seconds.
Page 358: Show Dot1X
This command displays the following information: • Global 802.1X Parameters – Displays the global port access control parameters that can be configured for this switch as described in the preceding pages, including reauth-enabled (page 4-69), reauth-period (page 4-70), quiet-period (page 4-70), tx-period (page 4-71), and max-req (page 4-68).
Page 359 (page 4-71), and Port-control (page 4-68). It also displays the following information: - Status– Authorization status (authorized or unauthorized). - Supplicant– MAC address of authorized client. • Authenticator State Machine - State– Current state (including initialize, disconnected, connecting, authenticating, authenticated, aborting, held, force_authorized, force_unauthorized).
Page 360: Access Control List Commands
An ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests incoming packets against the conditions in an ACL one by one. If a list contains all permit rules, a packet will be accepted as soon as it passes any of the rules.
Page 361 • However, due to resource restrictions, the average number of rules bound to the ports should not exceed 20. • The switch does not support the explicit “deny any any” rule for the IP ACL or MAC ACL. If these rules are included in an ACL, and you attempt to bind the ACL to an interface, the bind operation will fail.
Page 362: Ip Acls
OMMAND NTERFACE Command Groups IP ACLs MAC ACLs ACL Information IP ACLs Command access-list ip permit, deny permit, deny ip access-group show ip access-group show ip access-list Displays the rules for configured IP ACLs access-list ip Use this command to add an IP access list and enter configuration mode for standard or extended IP ACLs.
Page 363: Default Setting
• extended – Specifies an ACL that filters packets based on the source or destination IP address, and other more specific criteria. • acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configuration Command Usage •...
Page 364: Permit, Deny (Standard Acl)
OMMAND NTERFACE permit, deny (Standard ACL) Use this command to add a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source. Use the no form to remove a rule. Syntax {permit | deny} {any | source bitmask | host source} no {permit | deny} {any | source bitmask | host source} •...
Page 365: Permit, Deny (Extended Acl)
Related Commands access-list ip (4-76) permit, deny (Extended ACL) Use this command to add a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source and destination IP addresses, protocol types, source and destination TCP/UDP ports, or TCP control codes.
Page 366 OMMAND NTERFACE • host – Keyword followed by a specific IP address. • source-port – TCP/UDP source port number. (Range: 0-65535) • destination-port – TCP/UDP destination port number. (Range: 0-65535) • protocol-number – A specific protocol number. (Range: 0-255) • control-code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header.
Page 367: Ip Access-Group
- Both SYN and ACK valid, use “control-code 18 18” - SYN valid and ACK invalid, use “control-code 2 18” Example This example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 &...
Page 368: Show Ip Access-Group
OMMAND NTERFACE Default Setting None Command Mode Interface Configuration (Ethernet) Example Console(config)#int eth 1/25 Console(config-if)#ip access-group standard david in Console(config-if)# Related Commands show ip access-list (4-83) show ip access-group Use this command to show the ports assigned to IP ACLs. Command Mode Privileged Exec Example...
Page 369: Show Ip Access-List
show ip access-list Use this command to display the rules for configured IP ACLs. Syntax show ip access-list {standard | extended} [acl_name] • standard – Specifies a standard IP ACL. • extended – Specifies an extended IP ACL. • acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example...
Page 370: Mac Acls
OMMAND NTERFACE MAC ACLs Command access-list mac permit, deny mac access-group show mac access-group show mac access-list access-list mac Use this command to add a MAC access list and enter MAC ACL configuration mode. Use the no form to remove the specified ACL. Syntax access-list mac acl_name no access-list mac acl_name...
Page 371: Permit, Deny (Mac Acl)
the bottom of the list. To create an ACL, you must add at least one rule to the list. • To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule. •...
Page 372 OMMAND NTERFACE • any – Any MAC source address, destination address, or Ethernet protocol. • source – Source MAC address. • source bitmask – Binary mask for the source MAC address. • destination – Destination MAC address. • destination bitmask – Binary mask for the destination MAC address. •...
Page 373: Mac Access-Group
• A port can only be bound to one ACL. • If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. Example...
Page 374: Show Mac Access-List
OMMAND NTERFACE Example Console#show mac access-group Interface ethernet 1/25 MAC access-list jerry Console# Related Commands mac access-group (4-87) show mac access-list Use this command to display the rules for configured MAC ACLs. Syntax show mac access-list [acl_name] acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example...
Page 375: Acl Information
ACL Information Command show access-list show access-group Shows the ACLs assigned to each port show access-list Use this command to show all ACLs and associated rules. Command Mode Privileged Exec Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 0.0.15.255 IP extended access-list bob: permit 10.7.1.1 0.0.0.255 any...
Page 376: Snmp Commands
OMMAND NTERFACE SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. Command snmp-server community snmp-server contact snmp-server location snmp-server host snmp-server enable...
Page 377: Snmp-Server Contact
Default Setting • public - Read-only access. Authorized management stations are only able to retrieve MIB objects. • private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects. Command Mode Global Configuration Command Usage The first snmp-server community command you enter enables SNMP (SNMPv1).
Page 378: Snmp-Server Location
OMMAND NTERFACE Related Commands snmp-server location (4-92) snmp-server location Use this command to set the system location string. Use the no form to remove the location string. Syntax snmp-server location text no snmp-server location text - String that describes the system location. (Maximum length: 255 characters) Default Setting None...
Page 379: Snmp-Server Host
Command Usage • If you do not enter an snmp-server host command, no notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. In order to enable multiple hosts, you must issue a separate snmp-server host command for each host.
Page 380: Snmp-Server Enable Traps
OMMAND NTERFACE • However, some notification types cannot be controlled with the snmp-server enable traps command. For example, some notification types are always enabled. Example Console(config)#snmp-server host 10.1.19.23 batman Console(config)# Related Commands snmp-server enable traps (4-94) snmp-server enable traps Use this command to enable this device to send Simple Network Management Protocol traps (SNMP notifications).
Page 381: Show Snmp
notifications are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. • The snmp-server enable traps command is used in conjunction with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications.
Page 382 OMMAND NTERFACE Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2. public, and the privilege is read-only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables...
Page 383: Dhcp Commands
VLAN interface to be automatically assigned an IP address via DHCP. This switch can be configured to relay DHCP client configuration requests to a DHCP server on another network, or you can configure this switch to provide DHCP service directly to any client.
Page 384: Ip Dhcp Restart Client
OMMAND NTERFACE Default Setting None Command Mode Interface Configuration (VLAN) Command Usage This command is used to include a client identifier in all communications with the DHCP server. The identifier type depends on the requirements of your DHCP server. Example Console(config)#interface vlan 2 Console(config-if)#ip dhcp client-identifier hex 00-00-e8-66-65-72 Console(config-if)#...
Page 385: Dhcp Relay
• If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain. Example In the following example, the device is reassigned the same address. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit...
Page 386 This command is used to configure DHCP relay functions for host devices attached to the switch. If DHCP relay service is enabled, and this switch sees a DHCP request broadcast, it inserts its own IP address into the request so the DHCP server will know the subnet where the client is located.
Page 387: Ip Dhcp Relay Server
Use this command to specify the addresses of DHCP servers to be used by the switch’s DHCP relay agent. Use the no form to clear all addresses. Syntax ip dhcp relay server address1 [address2 [address3 ...]] no ip dhcp relay server address - IP address of DHCP server.
Page 388: Dhcp Server
Specifies the hardware address of a DHCP 4-102 Function Enables the DHCP server feature on this switch Specifies IP addresses that a DHCP server should not assign to DHCP clients Configures a DHCP address pool on a DHCP Server...
Page 389: Service Dhcp
* These commands are used for manually binding an address to a client. service dhcp Use this command to enable the DHCP server on this switch. Use the no form to disable the DHCP server. Syntax service dhcp...
Page 390: Ip Dhcp Excluded-Address
OMMAND NTERFACE ip dhcp excluded-address Use this command to specify IP addresses that the DHCP server should not assign to DHCP clients. Use the no form to remove the excluded IP addresses. Syntax ip dhcp excluded-address low-address [high-address] no ip dhcp excluded-address low-address [high-address] •...
Page 391: Network
Command Mode Global Configuration Usage Guidelines • After executing this command, the switch changes to DHCP Pool Configuration mode, identified by the (config-dhcp)# prompt. • From this mode, first configure address pools for the network interfaces (using the network command). You can also manually bind an address to a specific client (with the host command) if required.
Page 392: Default-Router
NTERFACE Usage Guidelines • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If there is no gateway in the client request (i.e., the request was not forwarded by a relay server),...
Page 393: Domain-Name
Command Mode DHCP Pool Configuration Usage Guidelines The IP address of the router should be on the same subnet as the client. You can specify up to two routers. Routers are listed in order of preference (starting with address1 as the most preferred router). Example Console(config-dhcp)#default-router 10.1.0.54 10.1.0.64 Console(config-dhcp)#...
Page 394: Dns-Server
OMMAND NTERFACE dns-server Use this command to specify the Domain Name System (DNS) IP servers available to a DHCP client. Use the no form to remove the DNS server list. Syntax dns-server address1 [address2] no dns-server • address1 - Specifies the IP address of the primary DNS server. •...
Page 395: Next-Server
next-server Use this command to configure the next server in the boot process of a DHCP client. Use the no form to remove the boot server list. Syntax next-server address no next-server address address - Specifies the IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server.
Page 396: Netbios-Name-Server
OMMAND NTERFACE Default Setting None Command Mode DHCP Pool Configuration Example Console(config-dhcp)#bootfile wme.bat Console(config-dhcp)# Related Commands next-server (4-109) netbios-name-server Use this command to configure NetBIOS Windows Internet Naming Service (WINS) name servers that are available to Microsoft DHCP clients. Use the no form to remove the NetBIOS name server list. Syntax netbios-name-server address1 [address2] no netbios-name-server...
Page 397: Netbios-Node-Type
Example Console(config-dhcp)#netbios-name-server 10.1.0.33 10.1.0.34 Console(config-dhcp)# Related Commands netbios-node-type (4-111) netbios-node-type Use this command to configure the NetBIOS node type for Microsoft DHCP clients. Use the no form to remove the NetBIOS node type. Syntax netbios-node-type type no netbios-node-type type - Specifies the NetBIOS node type: •...
Page 398: Lease
OMMAND NTERFACE lease Use this command to configure the duration that an IP address is assigned to a DHCP client. Use the no form to restore the default value. Syntax lease {days [hours][minutes] | infinite} no lease • days - Specifies the duration of the lease in numbers of days. (Range: 0-364) •...
Page 399: Host
• Host addresses must fall within the range specified for an existing network pool. • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If there is no gateway in the client request (i.e., the request was not forwarded by a relay server),...
Page 400: Client-Identifier
OMMAND NTERFACE is used (see page 3-178). This command is valid for manual bindings only. • The no host command only clears the address from the DHCP server database. It does not cancel the IP address currently in use by the host. Example Console(config-dhcp)#host 10.1.0.21 255.255.255.0 Console(config-dhcp)#...
Page 401: Hardware-Address
• BOOTP clients cannot transmit a client identifier. To bind an address to a BOOTP client, you must associate a hardware address with the host entry. Example Console(config-dhcp)#client-identifier text steve Console(config-dhcp)# Related Commands host (4-113) hardware-address Use this command to specify the hardware address of a DHCP client. This command is valid for manual bindings only.
Page 402: Clear Ip Dhcp Binding
OMMAND NTERFACE Command Usage This command identifies a DHCP or BOOTP client to bind to an address specified in the host command. BOOTP clients cannot transmit a client identifier. To bind an address to a BOOTP client, you must associate a hardware address with the host entry. Example.
Page 403: Show Ip Dhcp Binding
Example Console#clear ip dhcp binding * Console# Related Commands show ip dhcp binding (4-117) show ip dhcp binding Use this command to display address bindings on the DHCP server. Syntax show ip dhcp binding [address] address - Specifies the IP address of the DHCP client for which bindings will be displayed.
Page 404: Interface Commands
OMMAND NTERFACE Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Command interface description speed-duplex negotiation capabilities flowcontrol shutdown switchport broadcast packet-rate clear counters show interfaces status show interfaces counters show interfaces switchport...
Page 405: Interface
interface Use this command to configure an interface type and enter interface configuration mode. Use the no form to remove a trunk. Syntax interface interface no interface port-channel channel-id interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Page 406: Speed-Duplex
OMMAND NTERFACE Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 25. Console(config)#interface ethernet 1/25 Console(config-if)#description RD-SW#3 Console(config-if)# speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled.
Page 407: Negotiation
Command Usage • To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation command to disable auto-negotiation on the selected interface. • When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities command. To set the speed/duplex mode under auto-negotiation, the required mode must be specified in the capabilities list for an interface.
Page 408: Capabilities
OMMAND NTERFACE Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 409 Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 410: Flowcontrol
Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.
Page 411: Shutdown
Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (4-121) capabilities (flowcontrol, symmetric) (4-122) shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown...
Page 412: Switchport Broadcast Packet-Rate
• This command can enable or disable broadcast storm control for the selected interface. However, the specified threshold value applies to all ports on the switch. Example The following shows how to configure broadcast storm control at 600...
Page 413: Clear Counters
clear counters Use this command to clear statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset.
Page 414: Show Interfaces Status
OMMAND NTERFACE show interfaces status Use this command to display the status for an interface. Syntax show interfaces status [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) •...
Page 415: Show Interfaces Counters
Example Console#show interfaces status ethernet 1/5 Information of Eth 1/5 Basic information: Port type: 100TX Mac address: 00-00-AB-CD-00-01 Configuration: Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, Broadcast storm: Enabled Broadcast storm limit: 500 packets/second Flow control: Disabled Lacp: Disabled Current status: Link status: Up...
Page 416 OMMAND NTERFACE Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Showing Port Statistics” on page 3-71. Example Console#show interfaces counters ethernet 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5...
Page 417: Show Interfaces Switchport
show interfaces switchport Use this command to display the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows all interfaces.
Page 418 OMMAND NTERFACE Field Broadcast threshold Shows if broadcast storm suppression is enabled or disabled; Lacp status VLAN membership mode Ingress rule Acceptable frame type Native VLAN Priority for untagged traffic Gvrp status Allowed Vlan Forbidden Vlan 4-132 Description if enabled it also shows the threshold level (page 4-126). Shows if Link Aggregation Control Protocol has been enabled or disabled (page 4-139).
Page 419: Mirror Port Commands
[rx | tx | both] no port monitor interface • interface - ethernet unit/port (source port) - unit - Switch (unit 1). - port - Port number. • rx - Mirror received packets. • tx - Mirror transmitted packets.
Page 420: Show Port Monitor
However, you should avoid sending too much traffic to the destination port from multiple source ports. Example The following example configures the switch to mirror all packets from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 both...
Page 421: Rate Limit Commands
Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------- Destination port(listen port):Eth1/1 Source port(monitored port) Mode Console# Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface.
Page 422: Rate-Limit
- Fast Ethernet interface – 1 Mbps - Gigabit Ethernet interface – 8 Mbps • Due to a switch chip limitation, the input rate limit can only be enabled or disabled for all interfaces. In other words, the rate limit input and no rate limit input commands apply globally to the entire switch.
Page 423: Link Aggregation Commands
For static trunks, the switches have to comply with the Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP. This switch supports up to six trunks. For example, a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex.
Page 424: Channel-Group
• When configuring static trunks, the switches must comply with the Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk. • Use no interfaces port-channel to remove a trunk from the switch. Example The following example creates trunk 1 and then adds port 11:...
Page 425: Lacp
• A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 426 OMMAND NTERFACE Example The following shows LACP enabled on ports 11-13. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that Trunk1 has been established. Console(config)#interface ethernet 1/11 Console(config-if)#lacp Console(config-if)#exit...
Page 427: Address Table Commands
Address Table Commands These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Command mac-address-table static clear mac-address-table dynamic show mac-address-table mac-address-table aging-time show mac-address-table aging-time mac-address-table static Use this command to map a static address to a destination port in a VLAN.
Page 428: Clear Mac-Address-Table Dynamic
OMMAND NTERFACE • action - - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent. Command Mode Global Configuration Command Usage The static address for a host device can be assigned to a specific port within a specific VLAN.
Page 429: Show Mac-Address-Table
Command Mode Privileged Exec Example Console#clear mac-address-table dynamic Console# show mac-address-table Use this command to view classes of entries in the bridge-forwarding database. Syntax show mac-address-table [address mac-address [mask]] [interface interface] [vlan vlan-id] [sort {address | vlan | interface}] • mac-address - MAC address. •...
Page 430: Mac-Address-Table Aging-Time
OMMAND NTERFACE Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: - Learned - Dynamic address entries - Permanent - Static entry - Delete-on-reset - Static entry to be deleted when system is reset •...
Page 431: Show Mac-Address-Table Aging-Time
Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time Use this command to show the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Example Console#show mac-address-table aging-time...
Page 432: Spanning Tree Commands
OMMAND NTERFACE Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Command spanning-tree spanning-tree mode spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree priority Configures the spanning tree bridge priority GC...
Page 433: Spanning-Tree
The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your...
Page 434: Spanning-Tree Mode
RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 435: Spanning-Tree Forward-Time
Console(config)#spanning-tree mode rstp Console(config)# spanning-tree forward-time Use this command to configure the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4 - 30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
Page 436: Spanning-Tree Hello-Time
OMMAND NTERFACE spanning-tree hello-time Use this command to configure the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds).
Page 437: Spanning-Tree Priority
Console(config)#spanning-tree max-age 40 Console(config)# spanning-tree priority Use this command to configure the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range: 0 - 65535) (Range –...
Page 438: Spanning-Tree Pathcost Method
OMMAND NTERFACE Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Page 439: Spanning-Tree Transmission-Limit
Example Console(config)#spanning-tree pathcost method long Console(config)# spanning-tree transmission-limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds. (Range: 1-10) Default Setting Command Mode Global Configuration...
Page 440: Spanning-Tree Cost
OMMAND NTERFACE spanning-tree cost Use this command to configure the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 1-200,000,000)) The recommended range is: •...
Page 441: Spanning-Tree Port-Priority
• This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.
Page 442: Spanning-Tree Edge-Port
OMMAND NTERFACE spanning-tree edge-port Use this command to specify an interface as an edge port. Use the no form to restore the default. Syntax spanning-tree edge-port no spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 443: Spanning-Tree Portfast
spanning-tree portfast Use this command to set an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax spanning-tree portfast no spanning-tree portfast Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port.
Page 444: Spanning-Tree Link-Type
• When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link.
Page 445: Spanning-Tree Protocol-Migration
Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible).
Page 446: Show Spanning-Tree
Privileged Exec Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree. • Use the show spanning-tree interface command to display the spanning tree configuration for an interface.
Page 447 Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.) Root Forward Delay (sec.) Designated Root Current root port Current root cost Number of topology changes Last topology changes time (sec.):1718...
Page 448: Vlan Commands
OMMAND NTERFACE VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 449: Vlan
Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN.
Page 450: Configuring Vlan Interfaces
• no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state returns the VLAN to the default state (i.e., active). • You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using VLAN ID 105 and name RD5.
Page 451: Interface Vlan
Command switchport allowed vlan switchport gvrp switchport forbidden vlan interface vlan Use this command to enter interface configuration mode for VLANs, and configure a physical interface. Syntax interface vlan vlan-id vlan-id - ID of the configured VLAN. (Range: 1-4094, no leading zeroes) Default Setting None Command Mode...
Page 452: Switchport Mode
OMMAND NTERFACE switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN.
Page 453: Switchport Acceptable-Frame-Types
switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port accepts all frames, tagged or untagged. •...
Page 454: Switchport Ingress-Filtering
OMMAND NTERFACE switchport ingress-filtering Use this command to enable ingress filtering for an interface. Use the no form to restore the default. Syntax switchport ingress-filtering no switchport ingress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 455: Switchport Native Vlan
switchport native vlan Use this command to configure the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1...
Page 456: Switchport Allowed Vlan
VLAN groups as a tagged member. • Frames are always tagged within the switch. The tagged/untagged parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress.
Page 457: Switchport Forbidden Vlan
• If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged...
Page 458: Displaying Vlan Information
OMMAND NTERFACE Example The following example shows how to prevent port 1 from being added to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport forbidden vlan add 3 Console(config-if)# Displaying VLAN Information Command show vlan show interfaces status vlan show interfaces switchport show vlan Use this command to show VLAN information.
Page 459: Pvlan
Example The following example shows how to display information for VLAN 1: Console#show vlan id 1 VLAN Type Name ---- ------- ---------------- --------- ---------------------------------- Static Console# Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This section describes commands used to configure private VlANs.
Page 460: Show Pvlan
VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the uplink port. • Private VLANs and normal VLANs can exist simultaneously within the same switch. • Entering the pvlan command without any parameters enables the private VLAN. Entering no pvlan disables the private VLAN.
Page 461: Gvrp And Bridge Extension Commands
Displays GVRP configuration for the garp timer show garp timer bridge-ext gvrp Use this command to enable GVRP globally for the switch. Use the no form to disable it. Syntax bridge-ext gvrp no bridge-ext gvrp Default Setting...
Page 462: Show Bridge-Ext
GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. Example Console(config)#bridge-ext gvrp...
Page 463: Switchport Gvrp
Example Console#show bridge-ext Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled Console# switchport gvrp...
Page 464: Show Gvrp Configuration
OMMAND NTERFACE show gvrp configuration Use this command to show if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows both global and interface-specific configuration.
Page 465 Default Setting • join: 20 centiseconds • leave: 60 centiseconds • leaveall: 1000 centiseconds Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN.
Page 466: Show Garp Timer
OMMAND NTERFACE show garp timer Use this command to show the GARP timers for the selected interface. Syntax show garp timer [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows all GARP timers.
Page 467: Priority Commands
Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 468: Switchport Priority Default
If the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. • This switch provides four priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the show queue bandwidth command.
Page 469: Queue Bandwidth
Example The following example shows how to set a default priority on port 3 to 5: Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 queue bandwidth Use this command to assign weighted round-robin (WRR) weights to the four class of service (CoS) priority queues. Use the no form to restore the default weights.
Page 470: Queue Cos-Map
7, where 7 is the highest priority. Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p...
Page 471: Show Queue Bandwidth
Command Usage CoS assigned at the ingress port is used to select a CoS priority at the egress port. Example The following example shows how to map CoS values 0, 1 and 2 to priority queue 0, value 3 to queue 1, values 4 and 5 to queue 2, and values 6 and 7 to queue 3: Console(config)#interface ethernet 1/1 Console(config-if)#queue cos-map 0 0 1 2...
Page 472: Show Queue Cos-Map
OMMAND NTERFACE show queue cos-map Use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...
Page 473: Priority Commands (Layer 3 And 4)
Priority Commands (Layer 3 and 4) Command map ip port map ip port map ip precedence Enables IP precedence class of service map ip precedence Maps IP precedence value to a class of map ip dscp map ip dscp show map ip port show map ip precedence show map ip dscp...
Page 474: Map Ip Port (Interface Configuration)
OMMAND NTERFACE Example The following example shows how to enable TCP/UDP port mapping globally: Console(config)#map ip port Console(config)# map ip port (Interface Configuration) Use this command to set IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number...
Page 475: Map Ip Precedence (Global Configuration)
map ip precedence (Global Configuration) Use this command to enable IP precedence mapping (i.e., IP Type of Service). Use the no form to disable IP precedence mapping. Syntax map ip precedence no map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage •...
Page 476 OMMAND NTERFACE Default Setting The list below shows the default priority mapping. IP Precedence Value Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. •...
Page 477: Map Ip Dscp (Global Configuration)
map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping). Use the no form to disable IP DSCP mapping. Syntax map ip dscp no map ip dscp Default Setting Disabled Command Mode Global Configuration Command Usage •...
Page 478 OMMAND NTERFACE Default Setting The DSCP default values are defined in the following table. Note that all the DSCP values that are not specified are mapped to CoS value 0. IP DSCP Value 10, 12, 14, 16 18, 20, 22, 24 26, 28, 30, 32, 34, 36 38, 40, 42 46, 56...
Page 479: Show Map Ip Port
show map ip port Use this command to show the IP port priority map. Syntax show map ip port [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...
Page 480: Show Map Ip Precedence
OMMAND NTERFACE show map ip precedence Use this command to show the IP precedence priority map. Syntax show map ip precedence [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...
Page 481: Show Map Ip Dscp
show map ip dscp Use this command to show the IP DSCP priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...
Page 482: Multicast Filtering Commands
OMMAND NTERFACE Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 483: Ip Igmp Snooping
Use this command to enable IGMP snooping on this switch. Use the no form to disable it. Syntax ip igmp snooping no ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping.
Page 484: Ip Igmp Snooping Version
• All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1. • Some commands are only enabled for IGMPv2, including ip igmp query-max-response-time and ip igmp query-timeout.
Page 485: Show Ip Igmp Snooping
Example The following configures the switch to use IGMP Version 1: Console(config)#ip igmp snooping version 1 Console(config)# show ip igmp snooping Use this command to show the IGMP snooping configuration. Default Setting None Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping Parameters” on page -137 for a description of the displayed items.
Page 486: Show Mac-Address-Table Multicast
OMMAND NTERFACE show mac-address-table multicast Use this command to show known multicast addresses. Syntax show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] • vlan-id - VLAN ID (1 to 4094) • user - Display only the user-configured multicast entries. • igmp-snooping - Display only entries learned through IGMP snooping.
Page 487: Igmp Query Commands (Layer 2)
Use this command to enable the switch as an IGMP querier. Use the no form to disable it. Syntax ip igmp snooping querier no ip igmp snooping querier Default Setting...
Page 488: Ip Igmp Snooping Query-Count
- The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group. (Range: 2-10) Default Setting...
Page 489: Ip Igmp Snooping Query-Interval
Use this command to configure the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds Command Mode...
Page 490: Ip Igmp Snooping Router-Port-Expire-Time
NTERFACE Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of...
Page 491: Igmp Commands (Layer 3)
Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds: Console(config)#ip igmp snooping router-port-expire-time 300 Console(config)# Related Commands ip igmp snooping version (4-198)
Page 492: Ip Igmp
OMMAND NTERFACE ip igmp Use this command to enable IGMP on a VLAN interface. Use the no form of this command to disable IGMP on the specified interface. Syntax ip igmp no ip igmp Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage IGMP query can be enabled globally at Layer 2 via the ip igmp snooping command, or enabled for specific VLAN interfaces at Layer...
Page 493: Ip Igmp Robustval
Use this command to configure the frequency at which host query messages are sent. Use the no form to restore the default. Syntax ip igmp query-interval seconds no ip igmp query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 1-255) ULTICAST ILTERING OMMANDS...
Page 494: Ip Igmp Max-Resp-Interval
OMMAND NTERFACE Default Setting 125 seconds Command Mode Interface Configuration (VLAN) Command Usage • Multicast routers send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service. Only the designated multicast router for a subnet sends host query messages, which are addressed to the multicast address 224.0.0.1.
Page 495: Ip Igmp Last-Memb-Query-Interval
Interface Configuration (VLAN) Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines how long any responder (i.e., client or router) still in the group has to respond to a query message before the router deletes the group.
Page 496: Ip Igmp Version
OMMAND NTERFACE Default Setting 1 second Command Mode Interface Configuration (VLAN) Command Usage • A multicast client sends an IGMP leave message when it leaves a group. The router then checks to see if this was the last host in the group by sending an IGMP query and starting a timer based on this command.
Page 497: Show Ip Igmp Interface
• All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. • The switch must be set to version 2 to enable the ip igmp max-resp-interval (page 4-208).
Page 498: Clear Ip Igmp Group
OMMAND NTERFACE Example The following example shows the IGMP configuration for VLAN 1, as well as the device currently serving as the IGMP querier for this multicast service. Console#show ip igmp interface vlan 1 Vlan 1 is up IGMP is enable, version is 2 Robustness variable is 2 Query interval is 125 sec Query Max Response Time is 10 sec,...
Page 499: Show Ip Igmp Groups
Version 1 hosts present which are members of the group for which it heard the report. • If there are Version 1 hosts present for a particular group, the switch will ignore any Leave Group messages that it receives for that group.
Page 500 Description IP multicast group address with subscribers directly attached or downstream from this switch. The interface on this switch that has received traffic directed to the multicast group address. The IP address of the source of the last membership report received for this multicast group address on this interface.
Page 501: Ip Interface Commands
IP Interface Commands There are no IP addresses assigned to this router by default. You must manually configure a new address to manage the router over your network or to connect the router to existing IP subnets. You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment (if routing is not enabled).
Page 502: Ip Address
OMMAND NTERFACE ip address Use this command to set the IP address for the currently selected VLAN interface. Use the no form to restore the default IP address. Syntax ip address {ip-address netmask | bootp | dhcp} [secondary] no ip address •...
Page 503 You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the configuration program.
Page 504: Ip Default-Gateway
OMMAND NTERFACE ip default-gateway Use this command to a establish a static route between this router and devices that exist on another network segment. Use the no form to remove the static route. Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established.
Page 505: Show Ip Interface
show ip interface Use this command to display the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Console#show ip interface Vlan 1 is up, addressing mode is User Interface address is 10.1.0.254, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled...
Page 506: Ping
OMMAND NTERFACE ping Use this command to send ICMP echo request packets to another node on the network. Syntax ping host [count count][size size] • host - IP address or IP alias of the host. • count - Number of packets to send. (Range: 1-16, default: 5) •...
Page 507: Address Resolution Protocol (Arp)
Example Console#ping 10.1.0.9 Type ESC to abort. PING to 10.1.0.9, by 5 32-byte payload ICMP packets, timeout is 5 seconds response time: 10 ms response time: 10 ms response time: 10 ms response time: 10 ms response time: 0 ms Ping statistics for 10.1.0.9: 5 packets transmitted, 5 packets received (100%), 0 packets lost (0%)
Page 508: Arp
OMMAND NTERFACE Use this command to add a static entry in the Address Resolution Protocol (ARP) cache. Use the no form to remove an entry from the cache. Syntax arp ip-address hardware-address no arp ip-address • ip-address - IP address to map to a specified hardware address. •...
Page 509: Arp-Timeout
arp-timeout Use this command to set the aging time for dynamic entries in the Address Resolution Protocol (ARP) cache. Use the no form to restore the default. Syntax arp-timeout seconds no arp-timeout seconds - The time a dynamic entry remains in the ARP cache. (Range: 300-86400;...
Page 510: Show Arp
OMMAND NTERFACE show arp Use this command to display entries in the Address Resolution Protocol (ARP) cache. Command Mode Normal Exec, Privileged Exec Command Usage This command displays information about the ARP cache. The first line shows the cache timeout. It also shows each cache entry, including the corresponding IP address, MAC address, type (static, dynamic, other), and VLAN interface.
Page 511: Ip Routing Commands
Command Mode Interface Configuration (VLAN) Command Usage Proxy ARP allows a non-routing device to determine the MAC address of a host on another subnet or network. Example Console(config)#interface vlan 3 Console(config-if)#ip proxy-arp Console(config-if)# IP Routing Commands After you configure network interfaces for this router, you must set the paths used to send traffic between different interfaces.
Page 512: Global Routing Configuration
OMMAND NTERFACE Global Routing Configuration Command ip routing ip route clear ip route show ip route show ip traffic ip routing Use this command to enable IP routing. Use the no form to disable IP routing. Syntax ip routing no ip routing Default Setting Enabled Command Mode...
Page 513: Ip Route
ip route Use this command to configure static routes. Use the no form to remove static routes. Syntax ip route {destination-ip netmask | default} {gateway} [metric metric] no ip route {destination-ip netmask | default | *} • destination-ip – IP address of the destination network, subnetwork, or host.
Page 514: Clear Ip Route
OMMAND NTERFACE clear ip route Use this command to remove dynamically learned entries from the IP routing table. Syntax clear ip route {network [netmask] | *} • network – Network or subnet address. • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets.
Page 515: Show Ip Traffic
Command Usage If the address is specified without the netmask parameter, the router displays all routes for the corresponding natural class address (page 4-233). Example Console#show ip route Ip Address --------------- --------------- --------------- ---------- ------ --------- 0.0.0.0 10.2.48.2 10.2.5.6 10.3.9.1 Total entry: 4 Console# Field...
Page 516 OMMAND NTERFACE Example Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent: 9 generated 0 no route ICMP statistics: Rcvd: 0 checksum errors, 0 redirects, 0 unreachable, 0 echo 5 echo reply, 0 mask requests, 0 mask replies, 0 quench...
Page 517: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) Command router rip timers basic network neighbor version ip rip receive version ip rip send version Sets the RIP send version to use on a network ip split-horizon ip rip authentication key ip rip authentication mode show rip globals show ip rip router rip...
Page 518: Timers Basic
OMMAND NTERFACE Command Mode Global Configuration Default Setting Disabled Command Usage • RIP is used to specify how routers exchange routing table information. • This command is also used to enter router configuration mode. Example Console(config)#router rip Console(config-router)# Related Commands network (4-233) timers basic Use this command to configure the RIP update timer, timeout timer, and...
Page 519: Network
Command Usage • The update timer sets the rate at which updates are sent. This is the fundamental timer used to control all basic RIP processes. • The timeout timer is the time after which there have been no update messages that a route is declared dead.
Page 520: Neighbor
OMMAND NTERFACE Default Setting No networks are specified. Command Usage • RIP only sends updates to interfaces specified by this command. • Subnet addresses are interpreted as class A, B or C, based on the first field in the specified address. In other words, if a subnet address nnn.xxx.xxx.xxx is entered, the first field (nnn) determines the class: 0 - 127 is class A, and only the first field in the network address is used.
Page 521: Version
Command Usage This command can be used to configure a static neighbor with which this router will exchange information, rather than relying on broadcast messages generated by the RIP protocol. Example Console(config-router)#neighbor 10.2.0.254 Console(config-router)# version Use this command to specify a RIP version used globally by the router. Use the no form to restore the default value.
Page 522: Ip Rip Receive Version
OMMAND NTERFACE Example This example sets the global version for RIP to send and receive version 2 packets. Console(config-router)#version 2 Console(config-router)# Related Commands ip rip receive version (4-236) ip rip send version (4-237) ip rip receive version Use this command to specify a RIP version to receive on an interface. Use the no form to restore the default value.
Page 523: Ip Rip Send Version
• You can specify the receive version based on these options: - Use “none” if you do not want to add any dynamic entries to the routing table for an interface. (For example, you may only want to allow static routes for a specific interface.) - Use “1”...
Page 524 OMMAND NTERFACE Default Setting The default depends on the setting specified with the version command: Global RIPv1 - Routes broadcast to other routers with RIPv2 Global RIPv2 - RIPv2 packets Command Usage • Use this command to override the global setting specified by the RIP version command.
Page 525: Ip Split-Horizon
ip split-horizon Use this command to enable split-horizon or poison-reverse (a variation) on an interface. Use the no form to disable split-horizon. Syntax ip split-horizon [poison-reverse] no ip split-horizon poison-reverse - Enables poison-reverse on the current interface. Command Mode Interface Configuration (VLAN) Default Setting split-horizon Command Usage...
Page 526: Ip Rip Authentication Key
OMMAND NTERFACE ip rip authentication key Use this command to enable authentication for RIPv2 packets and to specify the key that must be used on an interface. Use the no form to prevent authentication. Syntax ip rip authentication key key-string no ip rip authentication key-string - A password used for authentication.
Page 527: Ip Rip Authentication Mode
ip rip authentication mode Use this command to specify the type of authentication that can be used on an interface. Note that the current firmware version only supports a simple password. Use the no form to restore the default value. Syntax ip rip authentication mode {text} no ip rip authentication mode...
Page 528: Show Rip Globals
OMMAND NTERFACE show rip globals Use this command to display global configuration settings for RIP. Command Mode Privileged Exec Example Console#show rip globals RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 0 Number of Queries: 1 Console# Field RIP Process...
Page 529: Privileged Exec
Command Mode Privileged Exec Example Console#show ip rip configuration Interface SendMode --------------- --------------- ------------- -------------- ------------------ 10.1.0.253 rip1Compatible 10.1.1.253 rip1Compatible Console#show ip rip status Interface RcvBadPackets --------------- --------------- -------------- --------------- 10.1.0.253 10.1.1.253 Console#show ip rip peer Peer UpdateTime --------------- ------------ --------- --------------- -------------- 10.1.0.254 10.1.1.254 Console#...
Page 530: Open Shortest Path First (Ospf)
OMMAND NTERFACE Field Version RcvBadPackets RcvBadRoutes Open Shortest Path First (OSPF) Command General Configuration router ospf router-id compatible rfc1583 Calculates summary route costs using RFC default- information originate timers spf Route Metrics and Summaries area range area default-cost summary-address Summarizes routes advertised by an ASBR redistribute Area Configuration network area...
Page 531 Command Function Interface Configuration ip ospf Specifies the authentication type for an authentication interface ip ospf Assigns a simple password to be used by authentication-key neighboring routers ip ospf Enables MD5 authentication and sets the key message-digest-key for an interface ip ospf cost Specifies the cost of sending a packet on an interface...
Page 532: Router Ospf
OMMAND NTERFACE Command show ip ospf summary-address show ip ospf virtual-links router ospf Use this command to enable Open Shortest Path First (OSPF) routing for all IP interfaces on the router. Use the no form to disable it. Syntax router ospf no router ospf Command Mode Global Configuration...
Page 533: Router-Id
router-id Use this command to assign a unique router ID for this device within the autonomous system. Use the no form to use the default router identification method (i.e., the lowest interface address). Syntax router-id ip-address no router-id ip-address - Router ID formatted as an IP address. Command Mode Router Configuration Default Setting...
Page 534: Compatible Rfc1583
OMMAND NTERFACE compatible rfc1583 Use this command to calculate summary route costs using RFC 1583 (OSPFv1). Use the no form to calculate costs using RFC 2328 (OSPFv2). Syntax compatible rfc1583 no compatible rfc1583 Command Mode Router Configuration Default Setting RFC 1583 compatible Command Usage All routers in an OSPF routing domain should use the same RFC for calculating summary routes.
Page 535 Command Mode Router Configuration Default Setting Disabled Command Usage • The metric for the default external route is used to calculate the path cost for traffic passed from other routers within the AS out through the ASBR. • When you use this command to redistribute routes into a routing domain (i.e., an Autonomous System, this router automatically becomes an Autonomous System Boundary Router (ASBR).
Page 536: Timers Spf
Command Usage • Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations. • Using a low value allows the router to switch to a new path faster, but uses more CPU processing time. Example...
Page 537: Area Range
area range Use this command to summarize the routes advertised by an Area Border Router (ABR). Use the no form to disable this function. Syntax area area-id range ip-address netmask [advertise | not-advertise] no area area-id range ip-address netmask [advertise | not-advertise] •...
Page 538: Area Default-Cost
OMMAND NTERFACE area default-cost Use this command to specify a cost for the default summary route sent into a stub or not-so-stubby area (NSSA) from an Area Border Router (ABR). Use the no form to remove the assigned default cost. Syntax area area-id default-cost cost no area area-id default-cost...
Page 539: Summary-Address
summary-address Use this command to aggregate routes learned from other protocols. Use the no form to remove a summary address. Syntax summary-address summary-address netmask no summary-address summary-address netmask • summary-address - Summary address covering a range of addresses. • netmask - Network mask for the summary route. Command Mode Router Configuration Default Setting...
Page 540: Redistribute
OMMAND NTERFACE redistribute Use this command to import external routing information from other routing domains (i.e., protocols) into the autonomous system. Use the no form to disable this feature. Syntax redistribute [rip | static] [metric metric-value] [metric-type type-value] no redistribute [rip | static] [metric metric-value] [metric-type type-value] •...
Page 541: Network Area
• Metric type specifies the way to advertise routes to destinations outside the AS via External LSAs. Specify Type 1 to add the internal cost metric to the external route metric. In other words, the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ASBR, plus the cost of the external route.
Page 542 OMMAND NTERFACE Command Usage • An area ID uniquely defines an OSPF broadcast area. The area ID 0.0.0.0 indicates the OSPF backbone for an autonomous system. Each router must be connected to the backbone via a direct connection or a virtual link.
Page 543: Area Stub
area stub Use this command to define a stub area. To remove a stub, use the no form without the optional keyword. To remove the summary attribute, use the no form with the summary keyword. Syntax area area-id stub [summary] no area area-id stub [summary] •...
Page 544: Area Nssa
OMMAND NTERFACE Related Commands area default-cost (4-252) area nssa Use this command to define a not-so-stubby area (NSSA). To remove an NSSA, use the no form without any optional keywords. To remove an optional attribute, use the no form without the relevant keyword. Syntax area area-id nssa [no-redistribution] [default-information-originate] no area area-id nssa [no-redistribution]...
Page 545 Command Usage • All routers in a NSSA must be configured with the same area ID. • An NSSA is similar to a stub, because when the router is an ABR, it can send a default route for other areas in the AS into the NSSA using the default- information-originate keyword.
Page 546: Area Virtual-Link
OMMAND NTERFACE area virtual-link Use this command to define a virtual link. To remove a virtual link, use the no form with no optional keywords. To restore the default value for an attribute, use the no form with the required keyword. Syntax area area-id virtual-link router-id [authentication [message-digest | null ]] [hello-interval seconds]...
Page 547 to an autonomous system. (Range: 1-65535 seconds; Default: 10 seconds) • retransmit-interval seconds - Specifies the interval at which the ABR retransmits link-state advertisements (LSA) over the virtual link. The retransmit interval should be set to a conservative value that provides an adequate flow of routing information, but does not produce unnecessary protocol traffic.
Page 548 OMMAND NTERFACE Default Setting area-id: None router-id: None hello-interval: 10 seconds retransmit-interval: 5 seconds transmit-delay: 1 second dead-interval: 40 seconds authentication-key: None message-digest-key: None Command Usage • All areas must be connected to a backbone area (0.0.0.0) to maintain routing connectivity throughout the autonomous system. If it not possible to physically connect an area to the backbone, you can use a virtual link.
Page 549: Ip Ospf Authentication
ip ospf authentication Use this command to specify the authentication type used for an interface. Enter this command without any optional parameters to specify plain text (or simple password) authentication. Use the no form to restore the default of no authentication. Syntax ip ospf authentication [message-digest | null] no ip ospf authentication...
Page 550: Ip Ospf Authentication-Key
OMMAND NTERFACE ip ospf authentication-key Use this command to assign a simple password to be used by neighboring routers. Use the no form to remove the password. Syntax ip ospf authentication-key key no ip ospf authentication-key key - Sets a plain text password. (Range: 1-8 characters) Command Mode Interface Configuration (VLAN) Default Setting...
Page 551: Ip Ospf Message-Digest-Key
ip ospf message-digest-key Use this command to enable message-digest (MD5) authentication on the specified interface and to assign a key-id and key to be used by neighboring routers. Use the no form to remove an existing key. Syntax ip ospf message-digest-key key-id md5 key no ip ospf message-digest-key key-id •...
Page 552: Ip Ospf Cost
OMMAND NTERFACE Related Commands ip ospf authentication (4-263) ip ospf cost Use this command to explicitly set the cost of sending a packet on an interface. Use the no form to restore the default value. Syntax ip ospf cost cost no ip ospf cost cost - Link metric for this interface.
Page 553: Ip Ospf Dead-Interval
ip ospf dead-interval Use this command to set the interval at which hello packets are not seen before neighbors declare the router down. Use the no form to restore the default value. Syntax ip ospf dead-interval seconds no ip ospf dead-interval seconds - The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down.
Page 554: Ip Ospf Hello-Interval
OMMAND NTERFACE ip ospf hello-interval Use this command to specify the interval between sending hello packets on an interface. Use the no form to restore the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval seconds - Interval at which hello packets are sent from an interface. This interval must be set to the same value for all routers on the network.
Page 555: Ip Ospf Retransmit-Interval
Command Mode Interface Configuration (VLAN) Default Setting Command Usage • Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to any value other than zero, the router with the highest priority will become the DR and the router with the next highest priority becomes the BDR.
Page 556: Ip Ospf Transmit-Delay
OMMAND NTERFACE Command Usage A router will resend an LSA to a neighbor if it receives no acknowledgment. The retransmit interval should be set to a conservative value that provides an adequate flow of routing information, but does not produce unnecessary protocol traffic. Note that this value should be larger for virtual links.
Page 557: Show Ip Ospf
show ip ospf Use this command to show basic information about the routing configuration. Command Mode Privileged Exec Example Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route It is an area border and autonomous system boundary router Redistributing External Routes from, rip with metric mapped to 10 Number of area in this router is 2...
Page 558: Show Ip Ospf Border-Routers
OMMAND NTERFACE show ip ospf border-routers Use this command to show entries in the routing table that lead to an Area Border Router (ABR) or Autonomous System Boundary Router (ASBR). Command Mode Privileged Exec Example Console#show ip ospf border-routers Destination --------------- --------------- ------ ----- -------- --------------- ------- 10.1.1.252 10.2.6.252...
Page 559: Show Ip Ospf Database
show ip ospf database Use this command to show information about different OSPF Link State Advertisements (LSAs) stored in this router’s database. Syntax show ip ospf [area-id] database [adv-router [ip-address]] show ip ospf [area-id] database [asbr-summary] [link-state-id] show ip ospf [area-id] database [asbr-summary] [link-state-id] [adv-router [ip-address]] show ip ospf [area-id] database [asbr-summary] [link-state-id] [self-originate] [link-state-id] show ip ospf [area-id] database [database-summary] show ip ospf [area-id] database [external] [link-state-id]...
Page 560 OMMAND NTERFACE Also, note that when an Type 5 ASBR External LSA is describing a default route, its link-state-id is set to the default destination (0.0.0.0). • self-originate - Shows LSAs originated by this router. • database-summary - Shows a count for each LSA type for each area stored in the database, and the total number of LSAs in the database.
Page 561 The following shows output when using the asbr-summary keyword. Console#show ip ospf database asbr-summary OSPF Router with id(10.1.1.253) Displaying Summary ASB Link States(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Router) Link State ID: 192.168.5.1 (AS Boundary Router's Router ID) Advertising Router: 192.168.1.5 LS Sequence Number: 80000002 LS Checksum: 0x51E2...
Page 562 OMMAND NTERFACE The following shows output when using the database-summary keyword. Console#show ip ospf database database-summary Area ID (10.1.0.0) Router Total LSA Counts : 4 Console# Field Area ID Router Network Sum-Net Sum-ASBR External-AS External-Nssa Total LSA Counts The following shows output when using the external keyword. Console#show ip ospf database external OSPF Router with id(192.168.5.1) (Autonomous system 5) Displaying AS External Link States...
Page 563 Field Description OSPF Router id Router ID LS age Age of LSA (in seconds) Options Optional capabilities associated with the LSA LS Type AS External Links - LSA describes routes to destinations outside the AS (including default external routes for the AS) Link State ID IP network number (External Network Number) Advertising Router...
Page 564 OMMAND NTERFACE The following shows output when using the network keyword. Console#show ip ospf database network OSPF Router with id(10.1.1.253) Displaying Net Link States(Area 10.1.0.0) Link State Data Network (Type 2) ------------------------------- LS age: 433 Options: Support External routing capability LS Type: Network Links Link State ID: 10.1.1.252 (IP interface address of the Designated Router)
Page 565 The following shows output when using the router keyword. Console#show ip ospf database router OSPF Router with id(10.1.1.253) Displaying Router Link States(Area 10.1.0.0) Link State Data Router (Type 1) ------------------------------- LS age: 233 Options: Support External routing capability LS Type: Router Links Link State ID: 10.1.1.252 (Originating Router's Router ID) Advertising Router: 10.1.1.252 LS Sequence Number: 80000011...
Page 566 OMMAND NTERFACE Field Link ID Link Data Link Type Number of TOS metrics Metrics The following shows output when using the summary keyword. Console#show ip ospf database summary OSPF Router with id(10.1.1.253) Displaying Summary Net Link States(Area 10.1.0.0) Link State Data Summary (Type 3) ------------------------------- LS age: 686 Options: Support External routing capability...
Page 567: Show Ip Ospf Interface
Field LS Sequence Number LS Checksum Length Network Mask Metrics show ip ospf interface Use this command to display summary information for OSPF interfaces. Syntax show ip ospf interface [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up...
Page 568: Show Ip Ospf Neighbor
OMMAND NTERFACE Field Cost Transmit Delay State State (continued) Priority Designated Router Backup Designated Router Timer intervals show ip ospf neighbor Use this command to display information about neighboring routers on each interface within an OSPF area. Syntax show ip ospf neighbor Command Mode Privileged Exec Example...
Page 569: Show Ip Ospf Summary-Address
Field State Address show ip ospf summary-address Use this command to display all summary address information. Syntax show ip ospf summary-address Command Mode Privileged Exec Example This example shows a summary address and associated network mask. Console#show ip ospf summary-address 10.1.0.0/255.255.0.0 Console# Description...
Page 570: Show Ip Ospf Virtual-Links
OMMAND NTERFACE Related Commands summary-address (4-253) show ip ospf virtual-links Use this command to display detailed information about virtual links. Syntax show ip ospf virtual-links Command Mode Privileged Exec Example Console#show ip ospf virtual-links Virtual Link to router 10.1.1.253 is up Transit area 10.1.1.0 Transmit Delay is 1 sec Timer intervals configured, Hello 10, Dead 40, Retransmit 5...
Page 571: Multicast Routing Commands
Multicast Routing Commands This router uses IGMP snooping and query to determine the ports connected to downstream multicast hosts, and to propagate this information back up through the multicast tree to ensure that requested services are forwarded through each intermediate node between the multicast server and its hosts, and also to filter traffic from all of the other interfaces that do not require these services.
Page 572: Ip Igmp Snooping Vlan Mrouter
Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Page 573: Show Ip Igmp Snooping Mrouter
show ip igmp snooping mrouter Use this command to display information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage...
Page 574: Ip Multicast-Routing
OMMAND NTERFACE ip multicast-routing Use this command to enable IP multicast routing. Use the no form to disable IP multicast routing. Syntax ip multicast-routing no ip multicast-routing Default Setting Disabled Command Mode Global Configuration Command Usage This command is used to enable multicast routing globally for the router.
Page 575 Command Mode Privileged Exec Command Usage This command displays information for multicast routing. If no optional parameters are selected, detailed information for each entry in the multicast address table is displayed. If you select a multicast group and source pair, detailed information is displayed only for the specified entry.
Page 576: Dvmrp Multicast Routing Commands
OMMAND NTERFACE This example lists all entries in the multicast table in summary form: Console#show ip mroute summary IP Multicast Forwarding is enabled. IP Multicast Routing Table (Summary) Flags: P - Prune UP Group --------------- --------------- --------------- ---------- ------- ------ 224.1.1.1 224.2.2.2 Console#...
Page 577: Router Dvmrp
Command show ip dvmrp route Displays DVMRP routing information show ip dvmrp neighbor show ip dvmrp interface router dvmrp Use this command to enable Distance-Vector Multicast Routing (DVMRP) globally for the router and to enter router configuration mode. Use the no form to disable DVMRP multicast routing.
Page 578: Probe-Interval
OMMAND NTERFACE Related Commands ip dvmrp (4-296) show router dvmrp (4-298) probe-interval Use this command to set the interval for sending neighbor probe messages to the multicast group address for all DVMRP routers. Use the no form to restore the default value. Syntax probe-interval seconds seconds - Interval between sending neighbor probe messages.
Page 579: Nbr-Timeout
nbr-timeout Use this command to set the interval to wait for messages from a DVMRP neighbor before declaring it dead. Use the no form to restore the default value. Syntax nbr-timeout seconds seconds - Interval before declaring a neighbor dead. (Range: 1-65535) Default Setting 35 seconds Command Mode...
Page 580: Flash-Update-Interval
OMMAND NTERFACE Command Mode Router Configuration Example Console(config-router)#report-interval 90 Console(config-router)# flash-update-interval Use this command to specify how often to send trigger updates, which reflect changes in the network topology. Use the no form to restore the default value. Syntax flash-update-interval seconds seconds - Interval between sending flash updates when network topology changes have occurred.
Page 581: Default-Gateway
Default Setting 7200 seconds Command Mode Router Configuration Command Usage This command sets the prune state lifetime. After the prune state expires, the router will resume flooding multicast traffic from the multicast source device. Example Console(config-router)#prune-lifetime 5000 Console(config-router)# default-gateway Use this command to specify the default DVMRP gateway for IP multicast traffic.
Page 582: Ip Dvmrp
OMMAND NTERFACE to the router. When the router receives these messages, it records all the downstream routers for the default route. • When multicast traffic with an unknown source address (i.e., not found in the route table) is received on the default upstream route interface, the router forwards this traffic out through the other interfaces (with known downstream routers).
Page 583: Ip Dvmrp Metric
Example Console(config)#interface vlan 1 Console(config-if)#ip dvmrp Console(config-if)#end Console#show ip dvmrp interface Vlan 1 is up DVMRP is enabled Metric is 1 Console# ip dvmrp metric Use this command to configure the metric used in selecting the reverse path to networks connected directly to an interface on this router. Use the no form to restore the default value.
Page 584: Clear Ip Dvmrp Route
OMMAND NTERFACE clear ip dvmrp route Use this command to clear all dynamic routes learned by DVMRP. Command Mode Privileged Exec Example As shown below, this command clears everything from the route table except for the default route. Console#clear ip dvmrp route clear all ip dvmrp route Console#show ip dvmrp route Source...
Page 585: Show Ip Dvmrp Route
Example The default settings are shown in the following example: Console#show route dvmrp Admin Status Probe Interval Nbr expire Minimum Flash Update Interval prune lifetime route report Default Gateway Metric of Default Gateway Console# show ip dvmrp route Use this command to display all entries in the DVMRP routing table. Command Mode Normal Exec, Privileged Exec Example...
Page 586: Show Ip Dvmrp Neighbor
OMMAND NTERFACE Field Description UpTime The time elapsed since this entry was created. Expire The time remaining before this entry will be aged out. show ip dvmrp neighbor Use this command to display all of the DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp neighbor...
Page 587: Show Ip Dvmrp Interface
show ip dvmrp interface Use this command to display the DVMRP configuration for interfaces which have enabled DVMRP. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp interface Vlan 1 is up DVMRP is enabled Metric is 1 Console# PIM-DM Multicast Routing Commands Command router pim...
Page 588: Router Pim
OMMAND NTERFACE Command show ip pim interface Displays information about interfaces show ip pim neighbor router pim Use this command to enable Protocol-Independent Multicast - Dense Mode (PIM-DM) globally for the router and to enter router configuration mode. Use the no form to disable PIM-DM multicast routing. Syntax router pim no router pim...
Page 589: Ip Pim Dense-Mode
ip pim dense-mode Use this command to enable PIM-DM on the specified interface. Use the no form to disable PIM-DM on this interface. Syntax ip pim dense-mode no pim dense-mode Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage •...
Page 590: Ip Pim Hello-Interval
OMMAND NTERFACE Example Console(config)#interface vlan 1 Console(config-if)#ip pim dense-mode Console#show ip pim interface Vlan 1 is up PIM is enabled, mode is Dense. Internet address is 10.1.0.253. Hello time interval is 30 sec, trigger hello time interval is 5 sec. Hello holdtime is 105 sec.
Page 591: Ip Pim Hello-Holdtime
ip pim hello-holdtime Use this command to configure the interval to wait for hello messages from a neighboring PIM router before declaring it dead. Use the no form to restore the default value. Syntax ip pim hello-holdtime seconds no ip pim hello-interval seconds - The hold time for PIM hello messages.
Page 592: Ip Pim Join-Prune-Holdtime
OMMAND NTERFACE Default Setting 5 seconds Command Mode Interface Configuration (VLAN) Command Usage • When a router first starts or PIM is enabled on an interface, the hello-interval is set to random value between 0 and the trigger-hello-interval. This prevents synchronization of Hello messages on multi-access links if multiple routers are powered on simultaneously.
Page 593: Ip Pim Graft-Retry-Interval
Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces on the router. If there are no requesting groups on that interface, the leaf node sends a prune message upstream and enters a prune state for this multicast stream.
Page 594: Ip Pim Max-Graft-Retries
OMMAND NTERFACE Example Console(config-if)#ip pim graft-retry-interval 9 Console(config-if)# ip pim max-graft-retries Use this command to configure the maximum number of times to resend a Graft message if it has not been acknowledged. Use the no form to restore the default value. Syntax ip pim max-graft-retries retries no ip pim graft-retry-interval...
Page 595: Show Ip Pim Interface
show ip pim interface Use this command to display information about interfaces configured for PIM. Syntax show ip pim interface vlan-id vlan-id - VLAN ID (Range: 1-4094) Command Mode Normal Exec, Privileged Exec Command Usage This command displays the PIM settings for the specified interface as described in the preceding pages.
Page 596 OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Example Console#show ip pim neighbor Address --------------- ---------------- -------- -------- ------- 10.1.0.254 Console# Field Description Address IP address of the next-hop router. VLAN Interface number that is attached to this neighbor. Interface Uptime The duration this entry has been active.
Page 597: Troubleshooting
• Check that you have a valid network connection to the switch and that the port you are using has not been disabled. • Check network cabling between the management station and the switch.
Page 598 ROUBLESHOOTING...
Page 599: Upgrading Firmware Via The Serial Port
TFTP. Downloading large runtime code files via TFTP is normally much faster than downloading via the switch’s serial port. You can upgrade switch firmware by connecting a PC directly to the serial Console port on the switch’s front panel and using VT100 terminal emulation software that supports the XModem protocol.
Page 600 [R]eturn to Factory Default Select> 5. Press <c> to change the baud rate of the switch’s serial connection. 6. Press <b> to select the option for 115200 baud. 7. There are two baud rate settings available, 9600 and 115200. Using the higher baud rate minimizes the time required to download firmware code files.
Page 601 <D> for diagnostic code, or <L> for loader code. Note: If you select <L> for loader code, be sure the file is a valid loader code file for the switch. If you download an invalid file, the switch will not be able to boot. Unless absolutely necessary, do not attempt to download loader code files.
Page 602 Startup File menu option. 17. When you have finished downloading code files, use the [C]hange Baudrate menu option to change the baud rate of the switch’s serial connection back to 9600 baud. 18. Set your PC’s terminal emulation software baud rate back to 9600 baud.
Page 603: Glossary
ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address. This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next.
Page 604 EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification.
Page 605 The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.1x Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication. IEEE 802.3ac Defines frame extensions for VLAN tagging.
Page 606: Ip Multicast Filtering
In-Band Management Management of the network from a station attached directly to the network. IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Page 607: Multicast Switching
An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group.
Page 608: Private Vlans
LOSSARY Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. Protocol-Independent Multicasting (PIM) This multicast routing protocol floods multicast traffic downstream, and calculates the shortest-path back to the multicast source network via reverse path forwarding.
Page 609 Simple Network Time Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server. Updates can be requested from a specific NTP server, or can be received via broadcasts sent by NTP servers. Spanning Tree Protocol (STP) A technology that checks your network for any loops.
Page 610 LOSSARY XModem A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected. Glossary-8...
Page 611: Index
acceptable frame type 3-115 Access Control List See ACL Extended IP 3-42 4-75 MAC 3-42 4-75 4-84 Standard IP 3-42 4-75 Address Resolution Protocol See ARP address table 3-84 4-141 aging time 3-87 4-145 configuration 3-159 description 3-157 proxy 3-158 4-224 statistics 3-164 4-229...
Page 612 NDEX firmware displaying version 3-14 upgrading 3-22 4-53 GARP VLAN Registration Protocol See GVRP gateway, default 3-154 4-218 GVRP global setting 3-107 4-175 interface configuration 3-115 hardware version, displaying 3-14 IEEE 802.1D 3-87 4-148 IEEE 802.1w 3-87 4-148 IEEE 802.1x 3-32 4-66 IEEE 802.1x, port authentication 3-32 4-66...
Page 613 routing table 3-219 4-288 multicast services configuring 3-143 4-197 displaying 3-142 4-200 multicast, static router port 3-140 OSPF 3-186 4-244 area border router 3-189 AS summary route 3-208 autonomous system boundary router 3-189 4-249 backbone 3-192 4-256 default external route 3-190 general settings 3-188 normal area 3-192 4-255...
Page 614 NDEX serial port configuring 4-13 XModem downloads B-1 Simple Network Management Protocol See SNMP SNMP 3-50 community string 3-50 enabling traps 3-51 4-94 trap manager 3-51 4-93 software displaying version 3-14 downloading 3-22 4-53 Spanning Tree Protocol See STA STA 3-87 4-146 edge port 3-97 3-101...
Page 615 Web interface access requirements 3-1 configuration buttons 3-4 home page 3-3 menu list 3-5 panel display 3-4 XModem downloads B-1 NDEX Index-5...
Page 616 NDEX Index-6...
Page 618 Fax 7 (095) 789 357 86-10-6235-4958 Fax 86-10-6235-4962 886-2-87978006 Fax 886-2-87976288 (65) 238 6556 Fax (65) 238 6466 82-2-553-0860 Fax 82-2-553-7202 81-45-224-2332 Fax 81-45-224-2331 61-2-8875-7887 Fax 61-2-8875-7777 91-22-8204437 Fax 91-22-8204443 Model Number: SMC6724L3 Publication Number: 150200033700A Revision Number: F1.2.0.4 E102003-R01...

SMC Networks SMC6724L3 Management Manual

1 Introduction

2 Initial Configuration

3 Configuring the Switch

4 Command Line Interface

Quick Links

Management Guide

Related Manuals for SMC Networks SMC6724L3

Summary of Contents for SMC Networks SMC6724L3