Page 1: Management Guide
TigerSwitch 10/100/1000 Gigabit Ethernet Switch ◆ 12 1000BASE-X SFP ports ◆ 4 RJ45 ports shared with 4 SFP transceiver slots ◆ Non-blocking switching architecture ◆ Support for a redundant power unit ◆ Spanning Tree Protocol ◆ Up to six LACP or static 4-port trunks ◆...
Page 3 TigerSwitch 10/100/1000 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 October 2003 Pub. # 150200039900A...
Page 4 Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or oth- erwise under any patent or patent rights of SMC.
Page 5 IMITED ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller.
Page 6 * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase. SMC Networks, Inc. 38 Tesla Irvine, CA 92618...
Page 7: Table Of Contents
Connecting to the Switch ........
Page 8 ONTENTS Using DHCP/BOOTP ......3-16 Managing Firmware ........3-17 Downloading System Software from a Server .
Page 9 Configuring a MAC ACL ......3-55 Configuring ACL Masks ....... 3-57 Specifying the Mask Type .
Page 10 ONTENTS Enabling or Disabling GVRP (Global Setting) ... 3-111 Displaying Basic VLAN Information ....3-111 Displaying Current VLANs .
Page 11 Configuring General DNS Server Parameters ... . 3-150 Configuring Static DNS Host to Address Entries ..3-152 Displaying the DNS Cache ......3-154 Dynamic Host Configuration Protocol .
Page 12 ONTENTS Displaying the Routing Table ......3-195 Configuring the Routing Information Protocol ... 3-196 Configuring General Protocol Settings .
Page 13 Accessing the CLI ........4-1 Console Connection .
Page 14 ONTENTS exit ..........4-23 quit .
Page 15 SMTP Alert Commands ....... 4-46 logging sendmail host ......4-47 logging sendmail level .
Page 16 ONTENTS radius-server retransmit ......4-69 radius-server timeout ......4-69 show radius-server .
Page 17 MAC ACLs ........4-97 access-list mac .
Page 18 ONTENTS dns-server ........4-121 next-server .
Page 19 port monitor ........4-147 show port monitor .
Page 20 ONTENTS spanning-tree portfast ....... . 4-175 spanning-tree link-type ....... 4-176 spanning-tree mst cost .
Page 21 Priority Commands (Layer 2) ......4-198 switchport priority default ......4-198 queue mode .
Page 22 ONTENTS ip igmp query-interval ......4-222 ip igmp max-resp-interval ......4-222 ip igmp last-memb-query-interval .
Page 23 ip rip authentication mode ......4-246 show rip globals ....... . . 4-247 show ip rip .
Page 24 ONTENTS General Multicast Routing Commands ....4-282 ip multicast-routing ......4-282 show ip mroute .
Page 25 show vrrp ........4-305 show vrrp interface .
Page 26 ONTENTS xxvi...
Page 27: Chapter 1: Introduction
Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 28 NTRODUCTION Feature Description Rate Limiting Input and output rate limiting per port Port Mirroring One or more ports mirrored to single analysis port Port Trunking Supports up to 6 trunks using either static or dynamic trunking (LACP) Broadcast Storm Supported Control Address Table Up to 16K MAC addresses in the forwarding table, 1024 static MAC...
Page 29 IEEE 802.1x protocol. This protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request a user name and password from the 802.1x client, and then uses the EAP between the switch and the authentication server to verify the client’s right to access the network via an authentication server.
Page 30 Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped. Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Page 31: Description Of Software Features
Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 32 VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP). Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network.
Page 33 IP Routing – The switch provides Layer 3 IP routing. To maintain a high rate of throughput, the switch forwards all traffic passing within the same segment, and routes only traffic that passes between different subnetworks.
Page 34 MAC address of a device on another network or subnet. When a host sends an ARP request for a remote network, the switch checks to see if it has the best route. If it does, it sends its own MAC address to the host. The host then sends traffic for the remote destination via the switch, which uses its own routing table to reach the destination on the other network.
Page 35 While Sparse mode is designed for network areas, such as the Wide Area Network, where the probability of multicast clients is low. This switch currently supports DVMRP and PIM-DM.
Page 36: System Defaults
NTRODUCTION System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-27). The following table lists some of the basic system defaults.
Page 37 Function Parameter SNMP Community Strings Traps IP Filtering Port Configuration Admin Status Auto-negotiation Flow Control Port Capability Rate Limiting Input and output limits Port Trunking Static Trunks LACP Broadcast Storm Status Protection Broadcast Limit Rate Spanning Tree Status Protocol Fast Forwarding (Edge Port) Disabled Address Table Aging Time YSTEM...
Page 38 NTRODUCTION Function Parameter Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Switchport Mode (Egress Mode) GVRP (global) GVRP (port interface) Traffic Ingress Port Priority Prioritization Weighted Round Robin IP Precedence Priority IP DSCP Priority IP Settings Management. VLAN IP Settings IP Address Subnet Mask...
Page 39 Function Parameter Router HSRP Redundancy VRRP Multicast Filtering IGMP Snooping (Layer 2) IGMP (Layer 3) Multicast Routing DVMRP PIM-DM System Log Status Messages Logged Messages Logged to Flash SMTP Email Alerts Event Handler SNTP Clock Synchronization YSTEM Default Disabled Disabled Snooping: Enabled Querier: Disabled Disabled...
Page 40 NTRODUCTION 1-14...
Page 41: Chapter 2: Initial Configuration
The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Page 42 NITIAL ONFIGURATION The switch’s web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions: • Set user names and passwords for up to 16 users • Set an IP interface for any VLAN •...
Page 43: Required Connections
Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch.
Page 44 NITIAL ONFIGURATION Windows 2000 service packs. 2. Refer to “Line Commands” on page 4-15 for a complete description of console configuration options. 3. Once you have set up the terminal correctly, the console login screen will be displayed. For a description of how to use the CLI, see “Using the Command Line Interface”...
Page 45: Remote Connections
The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using...
Page 46: Setting Passwords
Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps: 1.
Page 47: Setting An Ip Address
DHCP address allocation servers on the network. Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment (if routing is not enabled on this switch).
Page 48: Dynamic Configuration
Default gateway for the network • Network mask for this network To assign an IP address to the switch, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode.
Page 49 If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on. To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps: 1.
Page 50: Enabling Snmp Management Access
The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as HP OpenView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
Page 51: Trap Receivers
If there are no community strings, then SNMP management access to the switch is disabled. To prevent unauthorized access to the switch via SNMP, it is recommended that you change the default community strings. To configure a community string, complete the following steps: 1.
Page 52: Saving Configuration Settings
“community-string” is the string associated with that host. Press <Enter>. 2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down.
Page 53: Managing System Files
Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test). Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows.
Page 54 NITIAL ONFIGURATION Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.
Page 55: Chapter 3: Configuring The Switch
Telnet. For more information on using the CLI, refer to Chapter 4 “Command Line Interface.” Prior to accessing the switch from a web browser, be sure you have first performed the following tasks: 1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection, BOOTP or DHCP protocol.
Page 56 If you log in as “admin” (Privileged Exec level), you can change the settings on any page. 3. If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin...
Page 57: Navigating The Web Browser Interface
“admin.” Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side.
Page 58: Panel Display
Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control). Clicking on the image of a port opens the Port Configuration page as described on page 3-93.
Page 59 Shows the number of ports, hardware/firmware version numbers, and power status Shows the bridge extension parameters Manages code image files Manages switch configuration files Sends error messages to a logging process Stores and displays error messages Configures the logging of messages to a remote...
Page 60 ONFIGURING THE WITCH Menu Settings Host-Key Settings Port Security 802.1x Information Configuration Port Configuration Statistics Configuration Mask Configuration Port Binding IP Filter Port Port Information Trunk Information Port Configuration Trunk Configuration Trunk Membership LACP Configuration Aggregation Port Port Counters Description Configures Secure Shell server settings Generates the host key pair (public and private) Configures per port security, including status,...
Page 61 Menu Port Internal Information Port Neighbors Information Port Broadcast Control Mirror Port Configuration Rate Limit Input Port Configuration Input Trunk Configuration Output Port Configuration Output Trunk Configuration Port Statistics Address Table Static Addresses Dynamic Addresses Address Aging Spanning Tree Information Configuration Port Information Trunk Information...
Page 62 Enables GVRP VLAN registration protocol Displays information on the VLAN type supported by this switch Shows the current port members of each VLAN and whether or not the port is tagged or untagged Used to create or remove VLAN groups...
Page 63 Displays the ports that are attached to a neighboring multicast router for each VLAN ID Assigns ports that are attached to a neighboring multicast router Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID Indicates multicast addresses associated with the selected VLAN...
Page 64 Statically maps a physical address to an IP address Shows dynamically learned entries in the IP routing table Shows internal addresses used by the switch Shows statistics on ARP requests sent and received Configures Layer 3 IGMP for specific VLAN...
Page 65 Configures and display static routing entries Shows all routing entries, including local, static and dynamic routes Globally enables multicast routing Shows each multicast route this switch has learned Configures VRRP groups, including virtual interface address, advertisement interval, preemption, priority, and authentication...
Page 66 ONFIGURING THE WITCH Menu Interface Settings Statistics OSPF General Configuration Area Configuration Area Range Configuration Interface Configuration Virtual Link Configuration Network Area Address Configuration Summary Address Configuration Redistribute Configuration NSSA Settings Link State Database Information Border Router Information Neighbor Information 3-12 Description Configures RIP parameters for each interface,...
Page 67 Enables/disables DVMRP per interface and sets the route metric Displays neighboring DVMRP routers Displays DVMRP routing information Enables or disables PIM-DM globally for the switch Enables or disables PIM-DM per interface, configures protocol settings for hello, prune and graft messages...
Page 68: Basic Configuration
Field Attributes • System Name – Name assigned to the switch system. • Object ID – MIB II object ID for switch’s network management subsystem. • Location – Specifies the system location. • Contact – Administrator responsible for the system.
Page 69 ASIC ONFIGURATION 3-15...
Page 70: Displaying Switch Hardware/Software Versions
Console(config)#hostname R&D 53-34 Console(config)#snmp-server location WC 93-149 Console(config)#snmp-server contact Ted3-148 Console(config)#exit Console#show system3-82 System description: SMC Networks SMC8612XL3 System OID string: 1.3.6.1.4.1.202.20.33 System information System Up time: 0 days, 14 hours, 38 minutes, and 0.42 seconds System Name System Location...
Page 71 Boot-ROM Version – Version of Power-On Self-Test (POST) and boot code. • Operation Code Version – Version number of runtime code. • Role – Shows that this switch is operating as Master (i.e., operating stand-alone). Expansion Slots • Expansion Slot – Indicates any installed module type.
Page 72: Displaying Bridge Extension Capabilities
Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol). • Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 3-172.) •...
Page 73 • Local VLAN Capable – This switch supports multiple local bridges; i.e., multiple spanning trees. (Refer to “Configuring Multiple Spanning Trees” on page 3-101.) • GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP;...
Page 74: Setting The Switch's Ip Address
This section describes how to configure a single local interface for initial access to the switch. To configure multiple IP interfaces on this switch, you must set up an IP interface for each VLAN (page 3-252). • To enable routing between the different interfaces on this switch, you must enable IP routing (page 3-250).
Page 75: Manual Configuration
(DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for an IP address. (DHCP/BOOTP values can include the IP address, subnet mask, and default gateway.)
Page 76: Using Dhcp/Bootp
ONFIGURING THE WITCH Click IP, Global Setting. If this switch and management stations exist on other network segments, then specify the default gateway, and click Apply. CLI – Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.28.150 255.255.252.0...
Page 77 Console# Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service via the CLI.
Page 78: Managing Firmware
You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.
Page 79 ASIC ONFIGURATION to overwrite or specify a new file name, then click Transfer from Server. To start the new firmware, reboot the system via the System/Reset menu. If you download to a new destination file, then select the file from the drop-down box for the operation code used at startup, and click Apply Changes.
Page 80: Saving Or Restoring Configuration Settings
CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch. Console#copy tftp file3-85 TFTP server ip address: 10.1.0.19...
Page 81 Web – Click System, Configuration. Enter the IP address of the TFTP server, enter the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Transfer from Server.
Page 82: Configuring Event Logging
ONFIGURING THE WITCH If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch. Console#config Console(config)#boot system config: startup-new3-91 Console(config)#exit Console#reload3-30...
Page 83 * There are only Level 2, 5 and 6 error messages for the current firmware release. • RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM.
Page 84: Remote Log Configuration
The attribute specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to process messages, such as sorting or storing messages in the corresponding database.
Page 85 • Host IP Address – Specifies a new server IP address to add to the Host IP List. Web – Click System, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add IP Host.
Page 86: Displaying Log Messages
Displaying Log Messages Use the Logs page to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory.
Page 87: Resetting The System
You can also manually set the clock using the CLI. (See “calendar set” on page 3-76.) If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
Page 88: Configuring Sntp
The switch will attempt to poll each server in the configured sequence. Broadcast – The switch sets its clock from a time server in the same subnet that broadcasts time updates. If there is more than one SNTP server, the switch accepts the first broadcast it detects and ignores broadcasts from other servers.
Page 89: Setting The Time Zone
Web – Select SNTP, Configuration. Modify any of the required parameters, and click Apply. CLI – This example configures the switch to operate as an SNTP broadcast client. Console(config)#sntp client3-71 Console(config)#sntp poll 163-73 Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.23-72 Console(config)#sntp broadcast client3-74...
Page 90: Simple Network Management Protocol
The switch includes an onboard SNMP agent that continuously monitors the status of its hardware, as well as the traffic passing through its ports. A network management station can access this information using software such as HP OpenView.
Page 91: Setting Community Access Strings
For security reasons, you should consider removing the default strings. Command Attributes • SNMP Community Capability – Indicates that the switch supports up to five community strings. • Community String – A community string that acts like a password and permits access to the SNMP protocol.
Page 92 ONFIGURING THE WITCH CLI – The following example adds the string “spiderman” with read/write access. Console(config)#snmp-server community spiderman rw3-147 Console(config)# 3-38...
Page 93: Specifying Trap Managers And Trap Types
Specifying Trap Managers and Trap Types Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as HP OpenView).
Page 94 ONFIGURING THE WITCH CLI – This example adds a trap manager and enables both authentication and link-up, link-down traps. Console(config)#snmp-server host 10.1.28.150 private version 2c3-150 Console(config)#snmp-server enable traps3-151 3-40...
Page 95: Filtering Addresses For Snmp Client Access
Filtering Addresses for SNMP Client Access The switch allows you to create a list of up to 16 IP addresses or IP address groups that are allowed access to the switch via SNMP management software (also see page 3-69). Command Usage •...
Page 96: User Authentication
CLI – This example allows SNMP access for a specific client. Console(config)#snmp ip filter 10.1.2.3 255.255.255.2553-152 Console(config)# User Authentication You can restrict management access to this switch using the following options: • Passwords – Manually configure access rights on the switch for specified users.
Page 97: Configuring The Logon Password
• 802.1x – Use IEEE 802.1x port authentication to control access to specific ports. Configuring the Logon Password The guest only has read access for most configuration parameters. However, the administrator has write access for all parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and store it in a safe place.
Page 98: Configuring Local/Remote Logon Authentication
Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.
Page 99 • Authentication – Select the authentication, or authentication sequence required: - Local – User authentication is performed only locally by the switch. - Radius – User authentication is performed using a RADIUS server only. - TACACS – User authentication is performed using a TACACS+ server only.
Page 100 Do not use blank spaces in the string. (Maximum length: 20 characters) Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI. (See “username” on page 3-35.) Web –...
Page 101 CLI – Specify all the required parameters to enable logon authentication. Console(config)#authentication login radius3-93 Console(config)#radius-server host 192.168.1.253-95 Console(config)#radius-server port 1813-95 Console(config)#radius-server key green3-96 Console(config)#radius-server retransmit 53-96 Console(config)#radius-server timeout 103-97 Console#show radius-server3-97 Server IP address: 192.168.1.25 Communication key with radius server: Server port number: 181 Retransmit times: 5 Request timeout: 10...
Page 102: Configuring Https
ONFIGURING THE WITCH Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Command Usage • Both the HTTP and HTTPS service can be enabled independently on the switch.
Page 103: Replacing The Default Secure-Site Certificate
This is because the certificate has not been signed by an approved certification authority. If you want this warning to be replaced by a message confirming that the connection to the switch is secure, you must obtain a unique certificate and a private key and password from a recognized certification authority.
Page 104: Configuring The Secure Shell
Source certificate file name: <certificate file name> Source private file name: <private key file name> Private password: <password for private key> Note: The switch must be reset for the new certificate to be activated. To reset the switch, type “reload” at the command prompt: Console#reload...
Page 105 51941746772984865468615717739390164779355942303577413098022737087794545240839 71752646358058176716709574804776117 3. Import Client’s Public Key to the Switch – Use the copy tftp public-key command (page 3-85) to copy a file containing the public key for all the SSH client’s granted management access to the switch. The clients are subsequently authenticated using these keys.
Page 106 The client sends its public key to the switch. The switch compares the client's public key to those stored in memory. If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client.
Page 107: Generating The Host Key Pair
Generating the Host Key Pair A host public/private key pair is used to provide secure communications between an SSH client and the switch. After generating this key pair, you must provide the host public key to SSH clients and import the client’s public key to the switch as described in the preceeding section (Command Usage).
Page 108 ONFIGURING THE WITCH Web – Click Security, Host-Key Settings. Select the host-key type from the drop-down box, select the option to save the host key from memory to flash (if required) prior to generating the key, and then click Generate. CLI –...
Page 109: Configuring The Ssh Server
(Default: Enabled) • Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients. • SSH Authentication Timeout – Specifies the time interval in seconds that the SSH server waits for a response from a client during an authentication attempt.
Page 110: Configuring Port Security
Console#disconnect 03-25 Console# Configuring Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port.
Page 111 To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames received on a port for an initial training period, and then enable port security to stop address learning.
Page 112 ONFIGURING THE WITCH Shutdown: Disable the port. Trap and Shutdown: Send an SNMP trap message and disable the port. • Status – Enables or disables port security on the port. (Default: Disabled) • Max MAC Count – The maximum number of MAC addresses that can be learned on a port.
Page 113 CLI – This example sets the command mode to Port 5, sets the port security action to send a trap and disable the port, and specifies a maximum address count. Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap-and-shutdown3-101 Console(config-if)#port security max-mac-count 20 Console(config-if)# UTHENTICATION 3-59...
Page 114: Configuring 802.1X Port Authentication
RADIUS authentication server to verify user identity and access rights. When a client (i.e., Supplicant) connects to a switch port, the switch (i.e., Authenticator) responds with an EAPOL identity request. The client provides its identity (such as a user name) in an EAPOL response to the switch, which it forwards to the RADIUS server.
Page 115: Displaying 802.1X Global Settings
RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. • Each switch port that will be used must be set to dot1x “Auto” mode. • Each client that needs to be authenticated must have dot1x client software installed and properly configured.
Page 116 Supplicant timeout – The time the switch waits for a client response to an EAP request. • Server timeout – The time the switch waits for a response from the authentication server (RADIUS) to an authentication request. • Re-authentication Max Count – The number of times the switch will attempt to re-authenticate a connected client before the port becomes unauthorized.
Page 117 CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the CLI, see “show dot1x” on page 3-110. Console#show dot1x3-110 Global 802.1X Parameters reauth-enabled: yes reauth-period: quiet-period: tx-period: supp-timeout: server-timeout: 30 reauth-max: max-req: 802.1X Port Summary...
Page 118: Configuring 802.1X Global Settings
(Range: 1-10; Default 2) • Timeout for Quiet Period – Sets the time that a switch port waits after the dot1X Max Request Count has been exceeded before attempting to acquire a new client. (Range: 1-65535 seconds; Default: 60 seconds) •...
Page 119: Configuring Port Authorization Mode
Web – Select Security, 802.1x, Configuration. Enable dot1x globally for the switch, modify any of the parameters required, and then click Apply. CLI – This enables re-authentication and sets all of the global parameters for dot1x. Console(config)#dot1x re-authentication3-108 Console(config)#dot1x max-req 53-105...
Page 120 ONFIGURING THE WITCH Default: 5) • Mode – Sets the authentication mode to one of the following options: - Auto – Requires a dot1x-aware client to be authorized by the authentication server. Clients that are not dot1x-aware will be denied access.
Page 121: Displaying 802.1X Statistics
2, and allows up to ten clients to connect to this port. Console(config)#interface ethernet 1/23-1 Console(config-if)#dot1x port-control auto3-106 Console(config-if)#dot1x operation-mode multi-host max-count 103-107 Console(config-if)# Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values Parameter Rx EXPOL Start Rx EAPOL Logoff...
Page 122 ONFIGURING THE WITCH Parameter Tx EAP Req/Id Tx EAP Req/Oth 3-68 Description The number of EAP Req/Id frames that have been transmitted by this Authenticator. The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator.
Page 123: Filtering Management Access
Total Req/Id 2017 1005 Console# Filtering Management Access You can specify the client IP addresses that are allowed management access to the switch through the web interface, SNMP (also see page 3-41), or Telnet. EAPOL EAPOL Invalid Total 1007 Req/Oth...
Page 124 • If anyone tries to access a management interface on the switch from an invalid address, the switch will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.
Page 125 Web – Click Security, IP Filter. Enter the addresses that are allowed management access to an interface, and click Add IP Filtering Entry. CLI – This example restricts management access for Telnet clients. Console(config)#management telnet-client 192.168.1.193-38 Console(config)#management telnet-client 192.168.1.25 192.168.1.30 Console# UTHENTICATION 3-71...
Page 126 ACL must be deny rules. Otherwise, the bind operation will fail. • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in an ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
Page 127: Access Control Lists
1.User-defined rules in the Egress MAC ACL for egress ports. 2.User-defined rules in the Egress IP ACL for egress ports. 3.User-defined rules in the Ingress MAC ACL for ingress ports. 4.User-defined rules in the Ingress IP ACL for ingress ports. 5.Explicit default rule (permit any any) in the ingress IP ACL for ingress ports.
Page 128: Configuring A Standard Ip Acl
ONFIGURING THE WITCH CLI – This example creates a standard IP ACL named bill. Console(config)#access-list ip standard bill3-116 Console(config-std-acl)# Configuring a Standard IP ACL Command Attributes • Action – An ACL can contain all permit rules or all deny rules. (Default: Permit rules) •...
Page 129: Configuring An Extended Ip Acl
select “IP,” enter a subnet address and the mask for an address range. Then click Add. CLI – This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Console(config-std-acl)#permit host 10.1.1.213-117 Console(config-std-acl)#permit 168.92.16.0 255.255.240.0 Console(config-std-acl)#...
Page 130 ONFIGURING THE WITCH (See the description for SubMask on page 3-74.) • Service Type – Packet priority settings based on the following criteria: - Precedence – IP precedence level. (Range: 0-7) - TOS – Type of Service level. (Range: 0-15) - DSCP –...
Page 131 Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Set any other required criteria, such as service type, protocol type, or TCP control code.
Page 132: Configuring A Mac Acl
ONFIGURING THE WITCH (3)Permit all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit 10.7.1.1 255.255.255.0 any3-118 Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any dport 80 Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any tcp control-code 2 2 Console(config-std-acl)# Configuring a MAC ACL Command Attributes •...
Page 133 - Untagged-eth2 – Untagged Ethernet II packets. - Untagged-802.3 – Untagged Ethernet 802.3 packets. - Tagged-eth2 – Tagged Ethernet II packets. - Tagged-802.3 – Tagged Ethernet 802.3 packets. Command Usage • Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets.
Page 134 ONFIGURING THE WITCH Web – Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or MAC). If you select “Host,” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC,” enter a base address and a hexidecimal bitmask for an address range.
Page 135: Configuring Acl Masks
Configuring ACL Masks You can specify optional masks that control the order in which ACL rules are checked. The switch includes two system default masks that pass/filter packets matching the permit/deny rules specified in an ingress ACL. You can also configure up to seven user-defined masks for an ingress or egress ACL.
Page 136: Configuring An Ip Acl Mask
ONFIGURING THE WITCH Web – Click Security, ACL, ACL Mask Configuration. Click Edit for one of the basic mask types to open the configuration page. CLI – This example creates an IP ingress mask, and then adds two rules. Each rule is checked in order of precedence to look for a match in the ACL entries.
Page 137 match this bitmask. (See the description for SubMask on page 3-74.) • Protocol Bitmask – Check the protocol field. • Service Type – Check the rule for the specified priority type. (Options: Precedence, TOS, DSCP; Default: TOS) • Src/Dst Port Bitmask – Protocol port of rule must match this bitmask.
Page 138 ONFIGURING THE WITCH Web – Configure the mask to match the required rules in the IP ingress or egress ACLs. Set the mask to check for any source or destination address, a specific host address, or an address range. Include other criteria to search for in the rules, such as a protocol type or one of the service types.
Page 139: Configuring A Mac Acl Mask
10.1.1.1 255.255.255.255” rule has the higher precedence according the “mask host any” entry. Console(config)#access-list ip standard A23-116 Console(config-std-acl)#permit 10.1.1.0 255.255.255.03-117 Console(config-std-acl)#deny 10.1.1.1 255.255.255.255 Console(config-std-acl)#exit Console(config)#access-list ip mask-precedence in3-121 Console(config-ip-mask-acl)#mask host any3-122 Console(config-ip-mask-acl)#mask 255.255.255.0 any Console(config-ip-mask-acl)# Configuring a MAC ACL Mask This mask defines the fields to check in the packet header.
Page 140 ONFIGURING THE WITCH specific VLAN ID(s) or Ethernet type(s). Or check for rules where a packet format was specified. Then click Add. 3-86...
Page 141: Binding A Port To An Access Control List
• This switch supports ACLs for both ingress and egress filtering. However, you can only bind one IP ACL and one MAC ACL to any port for ingress filtering, and one IP ACL and one MAC ACL to any port for egress filtering.
Page 142 WITCH • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in an ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
Page 143: Port Configuration
CLI – This examples assigns an IP and MAC ingress ACL to port 1, and an IP ingress ACL to port 2. Console(config)#interface ethernet 1/13-1 Console(config-if)#ip access-group david in3-127 Console(config-if)#mac access-group jerry in3-142 Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#ip access-group david in Console(config-if)# Port Configuration Displaying Connection Status...
Page 144 Port type – Indicates the port type. (1000BASE-T, 1000BASE-SX, 1000BASE-LX) • MAC address – The physical layer address for this port. (To access this item on the web, see “Setting the Switch’s IP Address” on page 3-20.) Configuration: • Name – Interface label.
Page 145 • Capabilities – Specifies the capabilities to be advertised for a port during auto-negotiation. (To access this item on the web, see “Configuring Interface Connections” on page 3-48.) The following capabilities are supported. • 10half - Supports 10 Mbps half-duplex operation •...
Page 146 ONFIGURING THE WITCH mode. • Flow control type – Indicates the type of flow control currently in use. (IEEE 802.3x, Back-Pressure or none) CLI – This example shows the connection status for Port 5. Console#show interfaces status ethernet 1/53-11 Information of Eth 1/13 Basic information: Port type: 1000T Mac address: 00-30-f1-47-58-46...
Page 147: Configuring Interface Connections
- Sym (Gigabit only) - Check this item to transmit and receive pause frames, or clear it to auto-negotiate the sender and receiver for asymmetric pause frames. (The current switch chip only supports symmetric pause frames.) - FC - Supports flow control Flow control can eliminate frame loss by “blocking”...
Page 148 ONFIGURING THE WITCH stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem.
Page 149 Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply. CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/133-1 Console(config-if)#description RD SW#133-2 Console(config-if)#shutdown3-9 Console(config-if)#no shutdown Console(config-if)#no negotiation3-4 Console(config-if)#speed-duplex 100half3-3 Console(config-if)#flowcontrol3-7 Console(config-if)#negotiation Console(config-if)#capabilities 100half3-5...
Page 150: Creating Trunk Groups
Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop. • You can create up to six trunks on the switch, with up to eight ports per trunk. • The ports at both ends of a connection must be configured as trunk ports.
Page 151: Statically Configuring A Trunk
Web – Click Trunk, Trunk Membership. Enter a trunk ID of 1-6 in the Trunk field, select any of the switch ports from the scroll-down port list, ONFIGURATION statically...
Page 152 ONFIGURING THE WITCH and click Add. After you have completed adding ports to the member list, click Apply. 3-98...
Page 153: Enabling Lacp On Selected Ports
CLI – This example creates trunk 2 with ports 9 and 10. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 23-1 Console(config-if)#exit Console(config)#interface ethernet 1/93-1 Console(config-if)#channel-group 13-21 Console(config-if)#exit Console(config)#interface ethernet 1/10...
Page 154 ID. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 155: Configuring Lacp Parameters
CLI – The following example enables LACP for ports 1 to 6. Just connect these ports to LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/13-1 Console(config-if)#lacp3-22 Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 13-11...
Page 156 - Ports must be configured with the same system priority to join the same LAG. - System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.
Page 157 ONFIGURATION Web – Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the administrative state of the partner, and will not take effect until the next time an aggregate link is formed with this device.) After you have completed setting the port LACP parameters, click Apply.
Page 158: Displaying Lacp Port Counters
ONFIGURING THE WITCH CLI – The following example configures LACP parameters for ports 1-6. Ports 1-4 are used as active members of the LAG; ports 5 and 6 are set to backup mode. Console(config)#interface ethernet 1/13-1 Console(config-if)#lacp actor system-priority 33-24 Console(config-if)#lacp actor admin-key 1203-25 Console(config-if)#lacp actor port-priority 1283-27 Console(config-if)#exit...
Page 159 Parameter LACPDUs Unknown Pkts Number of frames received that either (1) Carry the Slow LACPDUs Illegal Pkts Web – Click Port, LACP, Port Counters Information. Select a member port to display the corresponding information. CLI – The following example displays LACP counters for port channel 1. Console#show 1 lacp counters3-28 Channel group : 1 -------------------------------------------------------------------------...
Page 160: Displaying Lacp Settings And Status For The Local Side
ONFIGURING THE WITCH Displaying LACP Settings and Status for the Local Side You can display configuration settings and the operational state for the local side of an link aggregation. Internal Configuration Information Field Description Oper Key Current operational value of the key for the aggregation port. Admin Key Current administrative value of the key for the aggregation port.
Page 161 Field Description LACP Port Priority LACP port priority assigned to this interface within the channel group. Admin State, Administrative or operational values of the actor’s state parameters: Oper State • Expired – The actor’s receive machine is in the expired state; •...
Page 162: Displaying Lacp Settings And Status For The Remote Side
ONFIGURING THE WITCH CLI – The following example displays the LACP configuration settings and operational state for the local side of port channel 1. Console#show 1 lacp internal3-28 Channel group : 1 ------------------------------------------------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------------------------------------------------------------------- LACPDUs Internal : 30 sec...
Page 163: Neighbor Configuration Information
Neighbor Configuration Information Field Partner Admin System Partner Oper System Partner Admin Port Number Partner Oper Port Number Port Admin Priority Port Oper Priority Admin Key Oper Key Admin State Oper State Web – Click Port, LACP, Port Neighbors Information. Select a port channel to display the corresponding information.
Page 164 ONFIGURING THE WITCH CLI – The following example displays the LACP configuration settings and operational state for the remote side of port channel 1. Console#show 1 lacp neighbors3-28 Channel group 1 neighbors ------------------------------------------------------------------------- Eth 1/1 ------------------------------------------------------------------------- Partner Admin System ID : 32768, 00-00-00-00-00-00 Partner Oper System ID : 32768, 00-00-00-00-00-01 Partner Admin Port Number : 1 Partner Oper Port Number : 1...
Page 165: Setting Broadcast Storm Thresholds
The default threshold is 500 packets per second. • Broadcast control does not effect IP multicast traffic. • The specified threshold applies to all ports on the switch. Command Attributes • Protect Status – Shows whether or not broadcast storm control has been enabled.
Page 166 ONFIGURING THE WITCH CLI – Specify any interface, and then enter the threshold. The following disables broadcast storm control for port 1, and then sets broadcast suppression at 600 packets per second for port 2. Console(config)#interface ethernet 1/13-1 Console(config-if)#no switchport broadcast3-9 Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#switchport broadcast packet-rate 6003-9...
Page 167: Configuring Port Mirroring
Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.
Page 168 ONFIGURING THE WITCH CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port. Note that default mirroring under the CLI is for both received and transmitted packets. Console(config)#interface ethernet 1/103-1 Console(config-if)#port monitor ethernet 1/133-16 Console(config-if)# 3-114...
Page 169: Configuring Rate Limits
Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the switch. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
Page 170: Showing Port Statistics
RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). RMON statistics provide access to a broad range of statistics, including a total count of different frame types and sizes passing through each port.
Page 171: Statistical Values
since the last system reboot, and are shown as counts per second. Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as HP OpenView. Statistical Values Parameter Interface Statistics Received Octets...
Page 172 ONFIGURING THE WITCH Parameter Transmit Multicast Packets The total number of packets that higher-level protocols Transmit Broadcast Packets Transmit Discarded Packets Transmit Errors Etherlike Statistics Alignment Errors Late Collisions FCS Errors Excessive Collisions Single Collision Frames Internal MAC Transmit Errors Multiple Collision Frames A count of successfully transmitted frames for which 3-118 Description...
Page 173 Parameter Carrier Sense Errors SQE Test Errors Frames Too Long Deferred Transmissions Internal MAC Receive Errors RMON Statistics Drop Events Jabbers Received Bytes Collisions Received Frames Broadcast Frames Multicast Frames CRC/Alignment Errors Undersize Frames Description The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame.
Page 174 ONFIGURING THE WITCH Parameter Oversize Frames Fragments 64 Bytes Frames 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte Frames 1519-1536 Byte Frames Web – Click Port, Port Statistics. Select the required interface, and click Query.
Page 175 ONFIGURATION 3-121...
Page 176: Address Table Settings
Setting Static Addresses A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 177 Command Attributes • Static Address Counts* – The number of manually configured addresses. • Current Static Address Table – Lists all the static addresses. • Interface – Port or trunk associated with the device assigned a static address. • MAC Address – Physical address of a device mapped to this interface. •...
Page 178: Displaying The Address Table
Displaying the Address Table The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port.
Page 179: Changing The Aging Time
CLI – This example also displays the address table entries for port 1. Console#show mac-address-table interface ethernet 1/13-35 Interface Mac Address --------- ----------------- ---- ----------------- Eth 1/ 1 00-E0-29-94-34-DE Eth 1/ 1 00-20-9C-23-CD-60 Console# Changing the Aging Time You can set the aging time for entries in the dynamic address table. Command Attributes •...
Page 180: Spanning Tree Algorithm Configuration
The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure...
Page 181: Displaying Global Settings
STA Information screen. Field Attributes • Spanning Tree State – Shows if the switch is enabled to participate in an STA-compliant network. • Bridge ID – A unique identifier for this bridge, consisting of the bridge priority and MAC address (where the address is taken from the switch system).
Page 182 Spanning Tree that this switch has accepted as the root device. • Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.
Page 183 These additional parameters are only displayed for the CLI: • Spanning tree mode – Specifies the type of spanning tree used on this switch: STP: Spanning Tree Protocol (IEEE 802.1D) RSTP: Rapid Spanning Tree (IEEE 802.1w) • Instance* – •...
Page 184 ONFIGURING THE WITCH • Root Hold Time – The interval (in seconds) during which no more than two bridge configuration protocol data units shall be transmitted by this node. • Max hops – The max number of hop counts for the MST region. •...
Page 185: Configuring Global Settings
Path Cost Method Note: The current root port and current root cost display as zero when this device is not connected to the network. Configuring Global Settings Global settings apply to the entire switch. Command Usage • Spanning Tree Protocol •...
Page 186 ONFIGURING THE WITCH STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs. RSTP Mode – If RSTP is using 802.1D BPDUs on a port and...
Page 187 Root Device Configuration • Hello Time – Interval (in seconds) at which the root device transmits a configuration message. • Default: 2 • Minimum: 1 • Maximum: The lower of 10 or [(Max. Message Age / 2) -1] • Maximum Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure.
Page 188 ONFIGURING THE WITCH between devices. The path cost method is used to determine the range of values that can be assigned to each interface. • Long: Specifies 32-bit based values that range from 1-200,000,000. (This is the default.) • Short: Specifies 16-bit based values that range from 1-65535. •...
Page 189 PANNING LGORITHM ONFIGURATION Web – Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. 3-135...
Page 190: Displaying Interface Settings
A port on a network segment with no other STA compliant bridging device is always forwarding. If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
Page 191 All ports are discarding when the switch is booted, then some of them change state to learning, and then to forwarding. • Forward Transitions – The number of times this port has transitioned from the Learning state to the Forwarding state.
Page 192 Priority – Defines the priority used for this port in the Spanning Tree Algorithm. If the path cost for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as...
Page 193 • Designated root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. • Fast forwarding – This field provides the same information as Admin Edge port, and is only included for backward compatibility with earlier products.
Page 194: Configuring Interface Settings
ONFIGURING THE WITCH Web – Click Spanning Tree, STA, Port Information or STA Trunk Information. CLI – This example shows the STA attributes for port 5. Console#show spanning-tree ethernet 1/53-51 1/ 5 information -------------------------------------------------------------- Admin status Role State External path cost Internal path cost Priority Designated cost...
Page 195 Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 196 STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device. (Default: Disabled) • Migration – If at any time the switch detects STP BPDUs, including 3-142...
Page 197 Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the Protocol Migration button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the selected interfaces. (Default: Disabled) Web –...
Page 198 ONFIGURING THE WITCH 1-4094) Web – Click Spanning Tree, MSTP, VLAN Configuration. Select an instance identifier from the list, set the instance priority, and click Apply. To add the VLAN members to an MSTI instance, enter the instance identifier, the VLAN identifier, and click Add. 3-144...
Page 199 CLI – This displays STA settings for instance 1, followed by settings for each port. Console#show spanning-tree mst 23-51 Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Instance Vlans configuration Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.)
Page 200: Displaying Interface Settings For Mstp
ONFIGURING THE WITCH CLI – This example sets the priority for MSTI 1, and adds VLANs 1-5 to this MSTI. Console(config)#spanning-tree mst-configuration4-168 Console(config-mst)#mst 1 priority 40964-170 Console(config-mstp)#mst 1 vlan 1-54-169 Console(config-mst)# Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selected MST instance.
Page 201 IST (page 3-127), the settings for other instances only apply to the local spanning tree. Console#show spanning-tree mst 03-51 Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Instance Vlans configuration Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.)
Page 202: Configuring Interface Settings For Mstp
MST Instance ID – Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.
Page 203 the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.) Note that when the Path Cost Method is set to short (page 3-63), the maximum path cost is 65,535.
Page 204: Vlan Configuration
Overview In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks.
Page 205: Assigning Ports To Vlans
VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port).
Page 206 IEEE 802.1Q VLAN protocol, it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join. When this switch receives these messages, it will automatically place the receiving port in the specified VLANs, and then forward the message to all other ports.
Page 207: Forwarding Tagged/Untagged Frames
When forwarding a frame from this switch along a path that contains any VLAN-aware devices, the switch should include VLAN tags. When forwarding a frame from this switch along a path that does not contain any VLAN-aware devices (including the destination host), the switch must first strip off the VLAN tag before forwarding the frame.
Page 208: Enabling Or Disabling Gvrp (Global Setting)
GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. (Default: Disabled) Web – Click VLAN, 802.1Q VLAN, GVRP Status. Enable or disable GVRP, click Apply CLI –...
Page 209: Displaying Current Vlans
VLAN ID – ID of configured VLAN (1-4094). • Up Time at Creation – Time this VLAN was created (i.e., System Up Time). • Status – Shows how this VLAN was added to the switch. - Dynamic GVRP: Automatically learned via GVRP. VLAN C ONFIGURATION 3-155...
Page 210 Command Attributes (CLI) • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Type – Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. •...
Page 211 CLI – Current VLAN information can be displayed with the following command. Console#show vlan id 13-64 VLAN Type Name ---- ------- ----------- ------ Static DefaultVlan Console# Status Ports/Channel groups ------------------------------------ Active Eth1/1 Eth1/2 Eth1/6 Eth1/7 Eth1/11 Eth1/12 VLAN C ONFIGURATION Eth1/3 Eth1/4 Eth1/5...
Page 212: Creating Vlans
WITCH Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes •...
Page 213: Adding Static Members To Vlans (Vlan Index)
VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol. Notes: 1. You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index (page 3-161).
Page 214 ONFIGURING THE WITCH • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. Enable: VLAN is operational. Disable: VLAN is suspended; i.e., does not pass packets. • Port – Port identifier. •...
Page 215: Adding Static Members To Vlans (Port Index)
Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks. Click Apply. CLI –...
Page 216 ONFIGURING THE WITCH • Non-Member – VLANs for which the selected interface is not a tagged member. 3-162...
Page 217: Configuring Vlan Behavior For Interfaces
Web – Open VLAN, 802.1Q VLAN, Static Membership. Select an interface from the scroll-down box (Port or Trunk). Click Query to display membership information for the interface. Select a VLAN ID, and then click Add to add the interface as a tagged member, or click Remove to remove the interface.
Page 218 ONFIGURING THE WITCH bridged LAN. The default values for the GARP timers are independent of the media access method or data rate. These values should not be changed unless you are experiencing difficulties with GVRP registration/deregistration. Command Attributes • PVID – VLAN ID assigned to untagged frames received on the interface.
Page 219 (See “Displaying Bridge Extension Capabilities” on page 3-18.) When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.
Page 220 ONFIGURING THE WITCH * Timer settings must follow this rule: 2 x (join timer) < leave timer < leaveAll timer Web – Click VLAN, 802.1Q VLAN, Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply. CLI –...
Page 221: Configuring Private Vlans
VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) Enabling Private VLANs Use the Private VLAN Status page to enable/disable the Private VLAN function.
Page 222: Configuring Uplink And Downlink Ports
Use the Private VLAN Link Status page to set ports as downlink or uplink ports. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports. Uplink ports can communicate with any other ports on the switch and with any designated downlink ports.
Page 223: Configuring Protocol Groups
port, its VLAN membership can then be determined based on the protocol type being used by the inbound packets. Command Usage To configure protocol-based VLANs, follow these steps: 1. First configure VLAN groups for the protocols you want to use (page 3-158).
Page 224: Mapping Protocols To Vlans
ONFIGURING THE WITCH CLI – The following creates protocol group 1, and then specifies Ethernet frames with IP and ARP protocol types. Console(config)#protocol-vlan protocol-group 1 add frame-type ethernet protocol-type ip3-66 Console(config)#protocol-vlan protocol-group 1 add frame-type ethernet protocol-type arp Console(config)# Mapping Protocols to VLANs Map a protocol group to a VLAN for each interface that will participate in the group.
Page 225 Command Attributes • Interface – Port or trunk identifier. • Protocol Group ID – Group identifier of this protocol group. (Range: 1-2147483647) • VLAN ID – VLAN to which matching protocol traffic is forwarded. (Range: 1-4094) Web – Click VLAN, Protocol VLAN, Port Configuration. Select a a port or trunk, enter a protocol group ID, the corresponding VLAN ID, and click Apply.
Page 226: Class Of Service Configuration
Setting the Default Priority for Interfaces You can specify the default port priority for each interface on the switch. All untagged packets entering the switch are tagged with the specified default port priority, and then sorted into the appropriate priority queue at the output port.
Page 227 CLI displays this information as “Priority for untagged traffic.” Web – Click Priority, Default Port Priority or Default Trunk Priority. Modify the default priority for any interface, then click Apply. CLI – This example assigns a default priority of 5 to port 3. Console(config)#interface ethernet 1/33-1 Console(config-if)#switchport priority default 53-78 Console(config-if)#end...
Page 228: Mapping Cos Values To Egress Queues
The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network.
Page 229 Traffic Class : 0 1 2 3 4 5 6 7 Priority Queue: 0 1 2 3 4 5 6 7 Mapping specific values for CoS priorities is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch. LASS OF ERVICE...
Page 230: Selecting The Queue Mode
WITCH Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Page 231 described in “Mapping CoS Values to Egress Queues” on page 3-174, the traffic classes are mapped to one of the eight egress queues provided for each port. You can assign a weight to each of these queues (and thereby to the corresponding traffic priorities).
Page 232 ONFIGURING THE WITCH CLI – The following example shows how to assign WRR weights to each of the priority queues. Console(config)#queue bandwidth 1 3 5 7 9 11 13 153-81 Console(config)#exit Console#show queue bandwidth3-84 Information of Eth 1/1 Queue ID Weight -------- ------...
Page 233: Mapping Layer 3/4 Priorities To Cos Values
Because different priority information may be contained in the traffic, this switch maps priority values to the output queues in the following manner: • The precedence for priority mapping is IP Port Priority, IP Precedence or DSCP Priority, and then Default Port Priority.
Page 234 ONFIGURING THE WITCH CLI – The following example enables IP Precedence service on the switch. Console(config)#map ip precedence3-88 Console(config)# 3-180...
Page 235: Mapping Ip Precedence
Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
Page 236 Precedence Priority Table, enter a value in the Class of Service Value field, and then click Apply. CLI – The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays the IP Precedence settings. Console(config)#map ip precedence3-88...
Page 237: Mapping Dscp Priority
Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.
Page 238 ONFIGURING THE WITCH CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 0 to CoS value 1 (on port 1), and then displays the DSCP Priority settings. Console(config)#map ip dscp3-89 Console(config)#interface ethernet 1/13-1...
Page 239: Mapping Ip Port Priority
Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110.
Page 240: Mapping Cos Values To Acls
CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic (on port 1) to CoS value 0, and then displays the IP Port Priority settings.
Page 241 queue; it is not written to the packet itself. For information on mapping the CoS values to output queues, see page 3-174. Priority Queue Command Usage You must configure an ACL mask before you can map CoS values to the rule.
Page 242: Changing Priorities Based On Acl Rules
You can change traffic priorities for frames matching the defined ACL rule. (This feature is commonly referred to as ACL packet marking.) This switch can change the IEEE 802.1p priority, IP Precedence, or DSCP Priority of IP frames; or change the IEEE 802.1p priority of Layer 2 frames.
Page 243 Command Attributes • Port – Port identifier. • Name* – Name of ACL. • Type – Type of ACL (IP or MAC). • Precedence – IP Precedence value. (Range: 0-7) • DSCP – Differentiated Services Code Point value. (Range: 0-63) •...
Page 244: Multicast Filtering
It identifies the ports containing hosts requesting to join the service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will 3-190 Unicast...
Page 245: Igmp Protocol
A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/ switch on the LAN performing IP multicasting, one of these devices is elected “querier” and assumes the role of querying the LAN for group members.
Page 246: Layer 2 Igmp (Snooping And Query)
IP multicast packets across different subnetworks. Therefore, when DVMRP or PIM routing is enabled for a subnet on this switch, you also need to enable IGMP. Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query – If multicast routing is not supported on...
Page 247: Configuring Igmp Snooping And Query Parameters
Configuring IGMP Snooping and Query Parameters You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
Page 248 WITCH is also referred to as IGMP Snooping. (Default: Enabled) • Act as IGMP Querier — When enabled, the switch can serve as the Querier, which is responsible for asking hosts if they want to receive multicast traffic. (Default: Disabled) •...
Page 249: Displaying Interfaces Attached To A Multicast Router
Console# Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.
Page 250: Specifying Static Interfaces For A Multicast Router
VLAN ID – ID of configured VLAN (1-4094). • Multicast Router List – Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this switch. Web – Click IGMP Snooping, Multicast Router Port Information. Select the required VLAN ID from the scroll-down list to display the associated multicast routers.
Page 251 (port or trunk) on your switch, you can manually configure the interface (and a specified VLAN) to join all the current multicast groups supported by the attached router. This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch.
Page 252: Displaying Port Members Of Multicast Services
Web – Click IGMP Snooping, IP Multicast Registration Table. Select a VLAN ID and the IP address for a multicast service from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service. CLI – This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresponding services.
Page 253: Assigning Ports To Multicast Services
Query Parameters” on page 3-193. For certain applications that require tighter control, you may need to statically configure a multicast service on the switch. First add all the ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group.
Page 254: Layer 3 Igmp (Query Used With Multicast Routing)
IGMP Query – Multicast query is used to poll each known multicast group for active members, and dynamically configure the switch ports which need to forward multicast traffic. Although the implementation differs slightly, IGMP Query is used in conjunction with both Layer 2 IGMP Snooping and multicast routing.
Page 255: Configuring Igmp Interface Parameters
(Note that Layer 2 snooping and query is disabled if Layer 3 IGMP is enabled.) Configuring IGMP Interface Parameters This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. The hosts may respond with several types of IP multicast messages. Hosts respond to queries with report messages that indicate which groups they want to join or the groups to which they already belong.
Page 256 Max Query Response Time – Configures the maximum response time advertised in IGMP queries. (Range: 0-25 seconds; Default: 10 seconds) The switch must be using IGMPv2 for this command to take effect. This command defines how long any responder (i.e., client or router) still in the group has to respond to a query message before the router deletes the group.
Page 257 All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. The switch must be set to version 2 to enable the Max Query Response Time. •...
Page 258 ONFIGURING THE WITCH Web – Click IP, IGMP, Interface Settings. Specify each interface that will support IGMP (Layer 3), specify the IGMP parameters for each interface, then click Apply. CLI – This example configures the IGMP parameters for VLAN 1. Console(config)#interface vlan 13-57 Console(config-if)#ip igmp3-107 Console(config-if)#ip igmp last-memb-query-interval 103-111...
Page 259: Displaying Multicast Group Information
Expire – The time remaining before this entry will be aged out. (Default: 260 seconds) • V1 Timer – The time remaining until the switch assumes that there are no longer any IGMP Version 1 members on the IP subnet attached to this interface. (Default: 400 seconds)
Page 260: Configuring Domain Name Service
IP addresses using static table entries or by redirection to other name servers on the network. When a client device designates this switch as a DNS server, the client will attempt to resolve host names into IP addresses by forwarding DNS queries to the switch, and waiting for a response.
Page 261 • When an incomplete host name is received by the DNS server on this switch and a domain name list has been specified, the switch will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.
Page 262 ONFIGURING THE WITCH Web – Select DNS, General Configuration. Set the default domain name or list of domain names, specify one or more name servers to use to use for address resolution, enable domain lookup status, and click Apply. 3-208...
Page 263: Configuring Static Dns Host To Address Entries
CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specified, the default domain name is not used. Console(config)#ip domain-name sample.com3-178 Console(config)#ip domain-list sample.com.uk3-179 Console(config)#ip domain-list sample.com.jp Console(config)#ip domain-server 192.168.1.55 10.1.0.553-181 Console(config)#ip domain-lookup3-182 Console#show dns3-184 Domain Lookup Status:...
Page 264 ONFIGURING THE WITCH • Alias – Displays the host names that are mapped to the same address(es) as a previously configured entry. Web – Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. 3-210...
Page 265 CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses. Console(config)#ip host rd5 192.168.1.55 10.1.0.553-177 Console(config)#ip host rd6 10.1.0.55 Console#show host3-183 Hostname Inet address 10.1.0.55 192.168.1.55 Alias 1.rd6 ONFIGURING OMAIN ERVICE...
Page 266: Displaying The Dns Cache
ONFIGURING THE WITCH Displaying the DNS Cache You can display entries in the DNS cache that have been learned via the designated name servers. Field Attributes • No – The entry number for each resource record. • Flag – The flag is always “4” indicating a cache entry and therefore unreliable.
Page 267 If a subnet does not already include a BOOTP or DHCP server, you can relay DHCP client requests to a DHCP server on another subnet, or configure the DHCP server on this switch to support that subnet.
Page 268 DHCP request, it allocates a free IP address for the DHCP client from its defined scope for the DHCP client’s subnet, and sends a DHCP response back to the DHCP relay agent (i.e., this switch). This switch then broadcasts the DHCP response received from the server to the client.
Page 269: Dynamic Host Configuration Protocol
Internet Naming Service (WINS) name servers, or information on the bootup file for the host device to download. Addresses can be assigned to clients from a common address pool configured for a specific IP interface on this switch, or fixed addresses can YNAMIC ONFIGURATION...
Page 270: Enabling The Server, Setting Excluded Addresses
Excluded Addresses – Specifies IP addresses that the DHCP server should not assign to DHCP clients. You can specify a single address or an address range. Note: Be sure you exclude the address for this switch and other key network devices. 3-216...
Page 271: Configuring Address Pools
You can configure up to 8 network address pools, and up to 32 manually bound host address pools (i.e., one address per host pool). • When a client request is received, the switch first checks for a network YNAMIC ONFIGURATION ROTOCOL...
Page 272 If no manual binding has been specified for a host entry with a hardware address or client identifier, the switch will assign an address from the first matching network pool. • If the subnet mask is not specified for network or host address pools, the class A, B, or C natural mask is used (see page 3-276).
Page 273 • Subnet Mask – Specifies the network mask of the client. • Hardware Address – Specifies the MAC address and protocol used on the client. (Options: Ethernet, IEEE802, FDDI; Default: Ethernet) • Client-Identifier – A unique designation for the client device, either a text string (1-15 characters) or hexadecimal value.
Page 274 ONFIGURING THE WITCH Examples Creating a New Address Pool Web – Click DHCP, Server, Pool Configuration. Specify a pool name, then click Add. CLI – This example adds an address pool and enters DHCP pool configuration mode. Console(config)#ip dhcp pool mgr3-162 Console(config-dhcp)# 3-220...
Page 275 Configuring a Network Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Network.” Enter the IP address and subnet mask for the network pool. Configure the optional parameters such as gateway server and DNS server. Then click Apply. CLI –...
Page 276 ONFIGURING THE WITCH Configuring a Host Address Pool Web – Click DHCP, Server, Pool Configuration. Click the Configure button for any entry. Click the radio button for “Host.” Enter the IP address, subnet mask, and hardware address for the client device. Configure the optional parameters such as gateway server and DNS server.
Page 277: Displaying Address Bindings
• Lease time – Duration that this IP address can be used by the host. • Start time – Time this address was assigned by the switch. • Delete – Clears this binding to the host. This command is normally used after modifying the address pool, or after moving DHCP service to another device.
Page 278 ONFIGURING THE WITCH Web – Click DHCP, Server, IP Binding. You may use the Delete button to clear an address from the DHCP server’s database. CLI – This example displays the current binding, and then clears all automatic binding. Console#show ip dhcp binding3-175 --------------- ----------------- ------------ ----------- 10.1.0.20 00-00-e8-98-73-21 Console#clear ip dhcp binding *3-174...
Page 279: Configuring Router Redundancy
This switch supports both the Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router Protocol (HSRP). These protocols are very similar.
Page 280: Virtual Router Redundancy Protocol
ONFIGURING THE WITCH • Several virtual master routers using the same set of backup routers. Master Router VRID 23 IP(R1) = 192.168.1.3 IP(VR23) = 192.168.1.3 VR Priority = 255 Master Router VRID 25 IP(R2) = 192.168.2.17 IP(VR25) = 192.168.2.17 VR Priority = 255 •...
Page 281: Configuring Vrrp Groups
Configuring VRRP Groups To configure VRRP, select an interface on one router in the group to serve as the master virtual router. This physical interface is used as the virtual address for the router group. Now set the same virtual address and a priority on the backup routers, and configure an authentication string.
Page 282 ONFIGURING THE WITCH fails. However, because the priority of the virtual IP address Owner is the highest, the original master router will always become the active master router when it recovers. • If two or more routers are configured with the same VRRP priority, the router with the higher IP address is elected as the new master router if the current master fails.
Page 283 • Preemption – Shows if this router is allowed to preempt the acting master. • Priority – Priority of this router in the VRRP group. • AuthType – Authentication mode used to verify VRRP packets from other routers. ONFIGURING OUTER EDUNDANCY 3-229...
Page 284 Associated IP – IP address of the virtual router, or secondary IP addresses assigned to the current VLAN interface that are supported by this VRRP group. If this address matches a real interface on this switch, then this interface will become the virtual master router for this VRRP group. •...
Page 285 The priority for the VRRP group address owner is automatically set to 255. The priority for backup routers is used to determine which router will take over as the acting master router if the current master fails. • Authentication Type – Authentication mode used to verify VRRP packets received from other routers.
Page 286 ONFIGURING THE WITCH Web – Click IP, VRRP, Group Configuration. Select the VLAN ID, enter the VRID group number, and click Add. Click the Edit button for a group entry to open the detailed configuration window. Enter the IP address of a real interface on this router to make it the master virtual router for the group.
Page 287 IP address into the Associated IP Table. Then set any of the other parameters as required, and click Apply. CLI – This example creates VRRP group 1, sets this switch as the master virtual router by assigning the primary interface address for the selected VLAN to the virtual IP address.
Page 288: Displaying Vrrp Global Statistics
ONFIGURING THE WITCH VRRP group, sets all of the other VRRP parameters, and then displays the configured settings. Console(config)#interface vlan 13-57 Console(config-if)#vrrp 1 ip 192.168.1.63-212 Console(config-if)#vrrp 1 ip 192.168.2.6 secondary Console(config-if)#vrrp 1 timers advertise 53-216 Console(config-if)#vrrp 1 preempt delay 103-217 Console(config-if)#vrrp 1 priority 13-215 Console(config-if)#vrrp 1 authentication bluebird3-214 Console(config-if)#end...
Page 289: Displaying Vrrp Group Statistics
Web – Click IP, VRRP, Global Statistics. CLI – This example displays counters for protocol errors for all the VRRP groups configured on this switch. Console#show vrrp router counters3-222 VRRP Packets with Invalid Checksum : 0 VRRP Packets with Unknown Error...
Page 290 ONFIGURING THE WITCH not pass the authentication check. • Error IP TTL Packets – Number of VRRP packets received by the virtual router with IP TTL (Time-To-Live) not equal to 255. • Received Priority 0 Packets – Number of VRRP packets received by the virtual router with priority set to 0.
Page 291: Hot Standby Router Protocol
Web – Click IP, VRRP, Group Statistics. Select the VLAN and virtual router group. CLI – This example displays VRRP protocol statistics for group 1, VLAN Console#show vrrp 1 interface vlan 1 counters3-222 Total Number of Times Transitioned to MASTER Total Number of Received Advertisements Packets Total Number of Received Error Advertisement Interval Packets Total Number of Received Authentication Failures Packets...
Page 292: Configuring Hsrp Groups
ONFIGURING THE WITCH Configuring HSRP Groups To configure HSRP, assign the same virtual router address to each router in the group. Set the highest virtual router priority on the router that will serve as the master. Enable the preempt feature to allow a router to take over as the master when it comes on line (if it has a higher priority).
Page 293 for HSRP such as authentication, tracking, or advertisement interval, then first configure these parameters before enabling HSRP. • HSRP creates a virtual MAC address for the master router based on a standard prefix, with the last octet equal to the group ID. When a backup router takes over as the master, it continues to forward traffic addressed to this virtual MAC address.
Page 294 ONFIGURING THE WITCH sends other messages indicating that it is no longer acting as the designated router. • You can add a delay to the preempt function to give additional time to receive an advertisement message from the current master before taking control.
Page 295 HSRP advertisements from the master and standby virtual router include information about their priority, timer values, and current state as the master or standby router. Routers on which the timer settings have not been configured can learn the current timer values from the master or standby router. Timers configured on the master router always override any other timer settings.
Page 296 ONFIGURING THE WITCH to the string configured on this router. If the strings match, the message is accepted. Otherwise, the packet is discarded. Plain text authentication does not provide any real security. It is supported only to prevent a misconfigured router from participating in HSRP.
Page 297 ONFIGURING OUTER EDUNDANCY Click the Edit button for a group entry to open the detailed configuration window. Set the values for the advertisement interval, preemption, priority, and authentication as required. Enter the virtual IP address for the group. You can also enter secondary IP addresses that will be supported by the group.
Page 298 ONFIGURING THE WITCH the corresponding value by which to adjust the priority when the interface state changes. Then click Apply. 3-244...
Page 299 CLI – This example creates HSRP group 1, sets the virtual router’s address, adds a secondary IP address to the group, specifies an interface for tracking, sets all the other HSRP parameters, and then displays the configured settings. Console(config)#interface vlan 13-57 Console(config-if)#standby 1 ip 192.168.1.73-225 Console(config-if)#standby 1 ip 192.168.2.6 secondary Console(config-if)#standby 1 track vlan 3 1003-232...
Page 300: Ip Routing
3-274), this switch acts as a wire-speed router, passing traffic between VLANs using different IP interfaces, and routing traffic to external IP networks. However, when the switch is first booted, no default routing is defined. As with all traditional routers, the routing functions must first be configured to work.
Page 301: Ip Switching
Tagged or Untagged Tagged or Untagged IP Switching IP Switching (or packet forwarding) encompasses tasks required to forward packets for both Layer 2 and Layer 3, as well as traditional routing. These functions include: • Layer 2 forwarding (switching) based on the Layer 2 destination MAC address •...
Page 302 ONFIGURING THE WITCH However, if the MAC address is not yet known to the switch, an Address Resolution Protocol (ARP) packet with the destination IP address is broadcast to get the destination MAC address from the destination node. The IP packet can then be sent directly with the destination MAC address.
Page 303: Routing Path Management
Updating the Layer 3 switching database Routing Protocols The switch supports both static and dynamic routing. • Static routing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch. •...
Page 304: Basic Ip Interface Configuration
You also need to you define a VLAN for each IP subnet that will be connected directly to this switch. Note that you must first create a VLAN as described under “Creating VLANs” on page 3-158 before configuring the corresponding subnet.
Page 305 MAC addresses. • Default Gateway – The routing device to which the switch will pass packets for all unknown subnets; i.e., packets that do not match any routing table entry. (Valid IP addresses consist of four numbers, 0 to 255, separated by periods.)
Page 306: Configuring Ip Routing Interfaces
ONFIGURING THE WITCH Configuring IP Routing Interfaces You can specify the IP subnets connected to this router by manually assigning an IP address to each VLAN, or by using the RIP or OSPF dynamic routing protocol to identify routes that lead to other interfaces by exchanging protocol messages with other routers on the network.
Page 307 If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the address server. Requests will be broadcast periodically by the router for an IP address. (DHCP/ BOOTP values include the IP address and subnet mask.) •...
Page 308 ONFIGURING THE WITCH Web - Click IP, General, Routing Interface. Specify an IP interface for each VLAN that will support routing to other subnets. First specify a primary address, and click Set IP Configuration. If you need to assign secondary addresses, enter these addresses one at a time, and click Set IP Configuration after entering each address.
Page 309: Address Resolution Protocol
Address Resolution Protocol If IP routing is enabled (page 3-250), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next. ARP is used to map an IP address to a physical layer (i.e., MAC) address.
Page 310: Proxy Arp
ONFIGURING THE WITCH Proxy ARP When a node in the attached subnetwork does not have routing or a default gateway configured, Proxy ARP can be used to forward ARP requests to a remote subnetwork. When the router receives an ARP request for a remote network and Proxy ARP is enabled, it determines if it has the best route to the remote network, and then answers the ARP request by sending its own MAC address to the requesting node.
Page 311: Configuring Static Arp Addresses
Command Attributes • Timeout – Sets the aging time for dynamic entries in the ARP cache. (Range: 300 - 86400 seconds; Default: 1200 seconds or 20 minutes) • Proxy ARP – Enables or disables Proxy ARP for specified VLAN interfaces. Web - Click IP, ARP, General.
Page 312: Displaying Dynamically Learned Arp Entries
ONFIGURING THE WITCH can only remove a static entry via the configuration interface. Command Attributes • IP Address – IP address statically mapped to a physical MAC address. (Valid IP addresses consist of four numbers, 0 to 255, separated by periods.) •...
Page 313 Command Attributes • IP Address – IP address of a dynamic entry in the cache. • MAC Address – MAC address mapped to the corresponding IP address. • Interface – VLAN interface associated with the address entry. • Dynamic to Static* – Changes a selected dynamic entry to a static entry.
Page 314: Displaying Local Arp Entries
ONFIGURING THE WITCH CLI - This example shows all entries in the ARP cache. Console#show arp3-124 Arp cache timeout: 1200 (seconds) IP Address --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff 10.1.0.11 00-11-22-33-44-55 10.1.0.12 01-02-03-04-05-06 10.1.0.19 00-10-b5-62-03-74 10.1.0.253 00-00-ab-cd-00-00 10.1.0.255 ff-ff-ff-ff-ff-ff Total entry : 6 Console#clear arp-cache3-124 This operation will delete all the dynamic entries in ARP Cache.
Page 315: Displaying Arp Statistics
Web - Click IP, ARP, Other Addresses. CLI - This router uses the Type specification “other” to indicate local cache entries in the ARP cache. Console#show arp3-124 Arp cache timeout: 1200 (seconds) IP Address --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff 10.1.0.11 00-11-22-33-44-55 10.1.0.12 01-02-03-04-05-06 10.1.0.19 00-10-b5-62-03-74...
Page 316 ONFIGURING THE WITCH Parameter Sent Request Sent Reply Web - Click IP, ARP, Statistics. CLI - This example provides detailed statistics on common IP-related protocols. Console#show ip traffic3-130 IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent:...
Page 317: Displaying Statistics For Ip Protocols
Displaying Statistics for IP Protocols IP Statistics The Internet Protocol (IP) provides a mechanism for transmitting blocks of data (often called packets or frames) from a source to a destination, where these network devices (i.e., hosts) are identified by fixed length addresses.
Page 318 ONFIGURING THE WITCH Parameter Datagrams Failing Fragmentation Received Header Errors Unknown Protocols Received Received Packets Delivered Discarded Output Packets The number of output IP datagrams for which no problem Fragments Created Routing Discards Reassembly Successful Datagrams Successfully Fragmented 3-264 Description The number of datagrams that have been discarded because they needed to be fragmented at this entity but could not be, e.g., because their “Don't Fragment”...
Page 319: Icmp Statistics
Web - Click IP, Statistics, IP. CLI - See the example on page 3-261. ICMP Statistics Internet Control Message Protocol (ICMP) is a network layer protocol that transmits message packets to report errors in processing IP packets. ICMP is therefore an integral part of the Internet Protocol. ICMP messages may be used to report various situations, such as when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send...
Page 320 ONFIGURING THE WITCH Parameter Destination Unreachable Time Exceeded Parameter Problems Source Quenches Redirects Echos Echo Replies Timestamps Timestamp Replies Address Masks Address Mask Replies 3-266 Description The number of ICMP Destination Unreachable messages received/sent. The number of ICMP Time Exceeded messages received/ sent.
Page 321: Udp Statistics
Web - Click IP, Statistics, ICMP. CLI - See the example on page 3-261. UDP Statistics User Datagram Protocol (UDP) provides a datagram mode of packet-switched communications. It uses IP as the underlying transport mechanism, providing access to IP-like services. UDP packets are delivered just like IP packets –...
Page 322: Tcp Statistics
ONFIGURING THE WITCH Parameter Receive Errors No Ports Web - Click IP, Statistics, UDP. CLI - See the example on page 3-261. TCP Statistics The Transmission Control Protocol (TCP) provides highly reliable host-to-host connections in packet-switched networks, and is used in conjunction with IP to support a wide variety of Internet protocols.
Page 323: Configuring Static Routes
Parameter Failed Connection Attempts Current Connections Receive Errors Segments Retransmitted Passive Opens Reset Connections Web - Click IP, Statistics, TCP. CLI - See the example on page 3-261. Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF).
Page 324 ONFIGURING THE WITCH required to access network segments where dynamic routing is not supported, or can be set to force the use of a specific route to a subnet, rather than using dynamic routing. Static routes do not automatically change in response to changes in network topology, so you should only configure a small number of stable routes to ensure network accessibility.
Page 325: Displaying The Routing Table
Web - Click IP, Routing, Static Routes. CLI - This example forwards all traffic for subnet 192.168.1.0 to the router 192.168.5.254, using the default metric of 1. Console(config)#ip route 192.168.1.0 255.255.255.0 192.168.5.2543-128 Console(config)# Displaying the Routing Table You can display all the routes that can be accessed via the local network interfaces, via static routes, or via a dynamically learned route.
Page 326 ONFIGURING THE WITCH • Netmask – Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. • Next Hop – The IP address of the next hop (or gateway) in this route. •...
Page 327: Configuring The Routing Information Protocol
Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost. Each router broadcasts its advertisement every 30 seconds, together with any updates to its routing table.
Page 328: Configuring General Protocol Settings
ONFIGURING THE WITCH • There are several serious problems with RIP that you should consider. First of all, RIP (version 1) has no knowledge of subnets, both RIP versions can take a long time to converge on a new route after the failure of a link or router during which time routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks.
Page 329 The timers must be set to the same values for all routers in the network. Command Attributes Global Settings • RIP Routing Process – Enables RIP routing for all IP interfaces on the router. (Default: Disabled) • Global RIP Version – Specifies a RIP version used globally by the router.
Page 330: Specifying Network Interfaces For Rip
ONFIGURING THE WITCH Web - Click Routing Protocol, RIP, General Settings. Enable or disable RIP, set the RIP version used on previously unset interfaces to RIPv1 or RIPv2, set the basic update timer, and then click Apply. CLI - This example sets the router to use RIP Version 2, and sets the basic timer to 15 seconds.
Page 331: Configuring Network Interfaces For Rip
0 - 127 is class A, and only the first field in the network address is used. 128 - 19 is class B, and the first two fields in the network address are used. 192 - 223 is class C, and the first three fields in the network address are used.
Page 332 ONFIGURING THE WITCH message type sent (i.e., RIP version or compatibility mode), the method for preventing loopback of protocol messages, and whether or not authentication is used (i.e., authentication only applies if RIPv2 messages are being sent or received). Command Usage Specifying Receive and Send Protocol Types •...
Page 333 retransmission of data traffic. When protocol packets are caught in a loop, links will be congested, and protocol packets may be lost. However, the network will slowly converge to the new state. RIP utilizes the following three methods that can provide faster convergence when the network topology changes and prevent most loops from occurring: •...
Page 334 ONFIGURING THE WITCH • Send Version – The RIP version to send on an interface. RIPv1: Sends only RIPv1 packets. RIPv2: Sends only RIPv2 packets. RIPv1 Compatible: Route information is broadcast to other routers with RIPv2. (Default) Do Not Send: Does not transmit RIP updates. (The default depends on the setting specified under RIP / General Settings, Global RIP Version: RIPv1 - RIPv1 Compatible, RIPv2 - RIPv2 packets) •...
Page 335: Displaying Rip Information And Statistics
Web - Click Routing Protocol, RIP, Interface Settings. Select the RIP protocol message types that will be received and sent, the method used to provide faster convergence and prevent loopback (i.e., prevent instability in the network topology), and the authentication option and corresponding password.
Page 336 ONFIGURING THE WITCH RIP Information and Statistics Parameter Globals RIP Routing Process Update Time in Seconds Number of Route Changes Number of times routing information has changed. Number of Queries Interface Information Interface SendMode ReceiveMode InstabilityPreventing AuthType RcvBadPackets RcvBadRoutes SendUpdates Peer Information PeerAddress UpdateTime...
Page 337 IP R OUTING Web - Click Routing Protocol, RIP, Statistics. 3-283...
Page 338 ONFIGURING THE WITCH CLI - The information displayed by the RIP Statistics screen via the web interface can be accessed from the CLI using the following commands. Console#show rip globals3-142 RIP Process: Enabled Update Time in Seconds: 30 Number of Route Change: 4 Number of Queries: 0 Console#show ip rip configuration3-143 Interface...
Page 339: Configuring The Open Shortest Path First Protocol
Configuring the Open Shortest Path First Protocol Open Shortest Path First (OSPF) is more suited for large area networks which experience frequent changes in the links. It also handles subnets much better than RIP. OSPF protocol actively tests the status of each link to its neighbors to generate a shortest path tree, and builds a routing table based on this information.
Page 340 ONFIGURING THE WITCH Command Usage • OSPF looks at more than just the simple hop count. When adding the shortest path to any node into the tree, the optimal path is chosen on the basis of delay, throughput and connectivity. OSPF utilizes IP multicast to reduce the amount of routing traffic required when sending or receiving routing path updates.
Page 341: Configuring General Protocol Settings
And finally, you must specify a virtual link to any OSPF area that is not physically attached to the OSPF backbone. Virtual links can also be used to provide a redundant link between contiguous areas to prevent areas from being partitioned, or to merge backbone areas.
Page 342 ONFIGURING THE WITCH systems to which it may be attached. If a router is enabled as an ASBR, then every other router in the autonomous system can learn about external routes from this device. (Default: Disabled) • Rfc1583 Compatible – If one or more routers in a routing domain are using OSPF Version 1, this router should use RFC 1583 (OSPFv1) compatibility mode to ensure that all routers are using the same RFC for calculating summary route costs.
Page 343 or static configuration, and such a route is known. (See “Redistributing External Routes” on page 3-310.) • External Metric Type default route. Type 1 route advertisements add the internal cost to the external route metric. Type 2 routes do not add the internal cost metric. When comparing Type 2 routes, the internal cost is only used as a tie-breaker if several Type 2 routes have the same cost.
Page 344 ONFIGURING THE WITCH Web - Click Routing Protocol, OSPF, General Configuration. Enable OSPF, specify the Router ID, configure the other global parameters as required, and click Apply. CLI - This example configures the router with the same settings as shown in the screen capture for the web interface.
Page 345: Configuring Ospf Areas
Configuring OSPF Areas An autonomous system must be configured with a backbone area, designated by area identifier 0.0.0.0. By default, all other areas are created as normal transit areas. Routers in a normal area may import or export routing information about individual nodes.
Page 346 ONFIGURING THE WITCH • By default, a stub can only pass traffic to other areas in the autonomous system via the default external route. However, you also can configure an area border router to send Type 3 summary link advertisements into the stub.
Page 347 Command Usage • Before you create a stub or NSSA, first specify the address range for an area using the Network Area Address Configuration screen (page 3-305). • Stubs and NSSAs cannot be used as a transit area, and should therefore be placed at the edge of the routing domain.
Page 348 ONFIGURING THE WITCH Web - Click Routing Protocol, OSPF, Area Configuration. Set any area to a stub or NSSA as required, specify the cost for the default summary route sent into a stub, and click Apply. CLI - This example configures area 0.0.0.1 as a normal area, area 0.0.0.2 as a stub, and area 0.0.0.3 as an NSSA.
Page 349: Configuring Area Ranges (Route Summarization For Abrs)
Console# show ip ospf 3-170 Routing Process with ID 192.168.1.253 Supports only single TOS(TOS0) route Number of area in this router is 3 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 40 times Area 0.0.0.2 (STUB) Number of interfaces in this area is 1 SPF algorithm executed 8 times Area 0.0.0.3 (NSSA)
Page 350 ONFIGURING THE WITCH Command Attributes • Area ID – Identifies an area for which the routes are summarized. (The area ID must be in the form of an IP address.) • Range Network – Base address for the routes to summarize. •...
Page 351: Configuring Ospf Interfaces
The configured summary route is shown in the list of information displayed for area 1. Console(config-router)#area 0.0.0.1 range 10.1.1.0 255.255.255.03-155 Console(config-router)#end Console#show ip ospf Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 0 SPF algorithm executed 47 times...
Page 352 ONFIGURING THE WITCH • Designated Router – Designated router for this area. • Backup Designated Router – Designated backup router for this area. • Entry Count – The number of IP interfaces assigned to this VLAN. Note: This router supports up 64 OSPF interfaces. Detail Interface Configuration •...
Page 353 The transmit delay must be the same for all routers in an autonomous system. On slow links, the router may send packets more quickly than devices can receive them. To avoid this problem, you can use the transmit delay to force the router to wait a specified interval between transmissions.
Page 354 ONFIGURING THE WITCH Routes are subsequently assigned a metric equal to the sum of all metrics for each interface link in the route. • Authentication Type – Specifies the authentication type used for an interface. (Options: None, Simple password, MD5; Default: None) Use authentication to prevent routers from inadvertently joining an unauthorized area.
Page 355 Normally, only one key is used per interface to generate authentication information for outbound packets and to authenticate incoming packets. Neighbor routers must use the same key identifier and key value. When changing to a new key, the router will send multiple copies of all protocol messages, one with the old key and another with the new key.
Page 356 ONFIGURING THE WITCH Change any of the interface-specific protocol parameters, and then click Apply. CLI - This example configures the interface parameters for VLAN 1. Console(config)#interface vlan 1 Console(config-if)#ip ospf priority 53-168 Console(config-if)#ip ospf transmit-delay 63-169 Console(config-if)#ip ospf retransmit-interval 73-169 Console(config-if)#ip ospf hello-interval 53-167 Console(config-if)#ip ospf dead-interval 503-166 Console(config-if)#ip ospf cost 103-166...
Page 357: Configuring Virtual Links
Configuring Virtual Links All OSPF areas must connect to the backbone. If an area does not have a direct physical connection to the backbone, you can configure a virtual link that provides a logical path to the backbone. To connect an isolated area to the backbone, the logical path can cross a single...
Page 358 ONFIGURING THE WITCH Note: This router supports up 64 virtual links. Web - Click Routing Protocol, OSPF, Virtual Link Configuration. To create a new virtual link, specify the Area ID and Neighbor Router ID, configure the link attributes, and click Add. To modify the settings for an existing link, click the Detail button for the required entry, modify the link settings, and click Set.
Page 359: Configuring Network Area Addresses
CLI - This example configures a virtual link from the ABR adjacent to area 0.0.0.4, through a transit area to the neighbor router 10.1.1.252 at the other end of the link which is adjacent to the backbone. Console(config-router)#area 0.0.0.0 virtual-link 10.1.1.2523-160 Console(config-router)# Configuring Network Area Addresses OSPF protocol broadcast messages (i.e., Link State Advertisements or...
Page 360 ONFIGURING THE WITCH • An area must be assigned a range of subnetwork addresses. This area and the corresponding address range forms a routing interface, and can be configured to aggregate LSAs from all of its subnetwork addresses and exchange this information with other routers in the network (page 3-295).
Page 361 IP R OUTING other areas in your network, configure an area for all of the other OSPF interfaces, then click Apply. 3-307...
Page 362: Configuring Summary Addresses (For External As Routes)
ONFIGURING THE WITCH CLI - This example configures the backbone area and one transit area. Console(config-router)#network 10.0.0.0 255.0.0.0 area 0.0.0.03-155 Console(config-router)#network 10.1.1.0 255.255.255.0 area 0.0.0.1 Console(config-router)#end Console#show ip ospf3-170 Routing Process with ID 10.1.1.253 Supports only single TOS(TOS0) route Number of area in this router is 4 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 1 SPF algorithm executed 8 times...
Page 363 • Netmask – Network mask for the summary route. Note: This router supports up 16 Type-5 summary routes. Web - Click Routing Protocol, OSPF, Summary Address Configuration. Specify the base address and network mask, then click Add. CLI - This example This example creates a summary address for all routes contained in 192.168.x.x.
Page 364: Redistributing External Routes
ONFIGURING THE WITCH Redistributing External Routes You can configure this router to import external routing information from other routing protocols into the autonomous system. Command Usage • This router supports redistribution for both RIP and static routes. • When you redistribute external routes into an OSPF autonomous system (AS), the router automatically becomes an autonomous system boundary router (ASBR).
Page 365: Configuring Nssa Settings
• Redistribute Metric Type – Indicates the method used to calculate external route costs. (Options: Type 1, Type 2; Default: Type 1) • Redistribute Metric – Metric assigned to all external routes for the specified protocol. (Range: 1-65535: Default: 10) Web - Click Routing Protocol, OSPF, Redistribute.
Page 366 ONFIGURING THE WITCH ABR. (For a detailed description of NSSA areas, refer to “Configuring OSPF Areas” on page 3-291.) Command Attributes • Area ID – Identifier for an not-so-stubby area (NSSA). • Default Information Originate – An NSSA ASBR originates and floods Type-7 external LSAs throughout its area for known network destination outside of the AS.
Page 367: Displaying Link State Database Information
Web - Click Routing Protocol, OSPF, NSSA Settings. Create a new NSSA or modify the routing behavior for an existing NSSA, and click Apply. CLI - This example configures area 0.0.0.1 as a stub and sets the cost for the default summary route to 10. Console(config-router)#area 0.0.0.1 nssa default-information- originate3-158 Console(config-router)#area 0.0.0.2 nssa no-redistribution 3-158...
Page 368 ONFIGURING THE WITCH The full database is exchanged between neighboring routers as soon as a new router is discovered. Afterwards, any changes that occur in the routing tables are synchronized with neighboring routers through a process called reliable flooding. You can show information about different LSAs stored in this router’s database, which may include any of the following types: •...
Page 369 A Router ID for Router, Network, and Type 4 AS Summary LSAs. • Self-Originate – Shows LSAs originated by this router. • LS Type – LSA Type (Options: Type 1-5, 7). See the preceding description. • Adv Router – IP address of the advertising router. If not entered, information about all advertising routers is displayed.
Page 370: Displaying Information On Border Routers
ONFIGURING THE WITCH Web - Click Routing Protocol, OSPF, Link State Database Information. Specify parameters for the LSAs you want to display, then click Query. CLI - The CLI provides a wider selection of display options for viewing the Link State Database. See “show ip ospf database” on page 3-172. Displaying Information on Border Routers You can display entries in the local routing table for Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR) known by this...
Page 371: Displaying Information On Neighbor Routers
• Type – Router type of the destination; either ABR, ASBR or both. • Rte Type – Route type; either intra-area or interarea route (INTRA or INTER). • Area – The area from which this route was learned. • SPF No – The number of times the shortest path first algorithm has been executed for this route.
Page 372 ONFIGURING THE WITCH • Priority – Neighbor’s router priority. • State – OSPF state and identification flag. States include: Down – Connection down Attempt – Connection down, but attempting contact (non-broadcast networks) Init – Have received Hello packet, but communications not yet established Two-way –...
Page 373: Multicast Routing
If DVMRP and PIM-DM are not enabled on this router or another multicast routing protocol is used on your network, you can manually configure the switch ports attached to a multicast router (page 3-196). Configuring Global Settings for Multicast Routing...
Page 374 ONFIGURING THE WITCH (page 3-324) or PIM (page 3-335), and specify the interfaces that will participate (page 3-329 or 3-336). Note that you can only enable one multicast routing protocol on any given interface. Web – Click IP, Multicast Routing, General Setting. Set Multicast Forwarding Status to Enabled, and click Apply.
Page 375: Displaying The Multicast Routing Table
Displaying the Multicast Routing Table You can display information on each multicast route this router has learned via DVMRP or PIM. The router learns multicast routes from neighboring routers, and also advertises these routes to its neighbors. The router stores entries for all paths learned by itself or from other routers, without considering actual group membership or prune messages.
Page 376 ONFIGURING THE WITCH Web – Click IP, Multicast Routing, Multicast Routing Table. Click Detail to display additional information for any entry. 3-322...
Page 377: Configuring Dvmrp
CLI – This example shows that multicast forwarding is enabled. The multicast routing table displays one entry for a multicast source routed by DVMRP, and another source routed via PIM. Console#show ip mroute3-188 IP Multicast Forwarding is enabled. IP Multicast Routing Table Flags: P - Prune, F - Forwarding (234.5.6.7, 10.1.0.0, 255.255.255.0)
Page 378: Configuring Global Dvmrp Settings
ONFIGURING THE WITCH looping and determine the shortest path to the source of this multicast traffic. leaf When this router receives the multicast message, it checks its unicast routing table to locate the port that provides the shortest path back to the source.
Page 379 ULTICAST OUTING Command Usage 3-325...
Page 380 ONFIGURING THE WITCH Broadcasting periodically floods the 3-326 source flooding potential hosts source pruning source grafting...
Page 381 network with traffic from any active multicast server. If IGMP snooping is disabled, multicast traffic is flooded to all ports on the router. However, if IGMP snooping is enabled, then the first packet for any source group pair is flooded to all DVMRP downstream neighbors. If a packet is received through an interface that the router determines to be the shortest path back to the source (based on interface metrics), then the router forwards the packet on all interfaces except for the incoming interface.
Page 382 ONFIGURING THE WITCH neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 10 seconds) • Neighbor Timeout Interval – Sets the interval to wait for messages from a DVMRP neighbor before declaring it dead. This command is used for timing out routes, and for setting the children and leaf flags.
Page 383: Configuring Dvmrp Interface Settings
Web – Click Routing Protocol, DVMRP, General Settings. Enable or disable DVMRP. Set the global parameters that control neighbor timeout, the exchange of routing information, or the prune lifetime, and click Apply. CLI – This sets the global parameters for DVMRP and displays the current settings.
Page 384 ONFIGURING THE WITCH (page 3-324), and also enable DVMRP for each interface that will participate in multicast routing. Command Attributes DVMRP Interface Information • Interface – VLAN interface on this router that has enabled DVMRP. • Address – IP address of this VLAN interface. •...
Page 385: Displaying Neighbor Information
Web – Click Routing Protocol, DVMRP, Interface Settings. Select a VLAN from the drop-down box under DVMRP Interface Settings, modify the Metric if required, set the Status to Enabled or Disabled, and click Apply. CLI – This example enables DVMRP and sets the metric for VLAN 1. Console(config)#interface vlan 13-1 Console(config-if)#ip dvmrp3-197 Console(config-if)#ip dvmrp metric 23-198...
Page 386 ONFIGURING THE WITCH upstream neighbor. • Up time – The time since this device last became a DVMRP neighbor to this router. • Expire – The time remaining before this entry will be aged out. • Capabilities – A hexadecimal value that indicates the neighbor’s capabilities.
Page 387: Displaying The Routing Table
CLI – This example displays the only neighboring DVMRP router. Console#show ip dvmrp neighbor3-201 Address Interface ---------------- --------------- -------- -------- ------------- 10.1.0.254 Console# Displaying the Routing Table The router learns source-routed information from neighboring DVMRP routers and also advertises learned routes to its neighbors. The router merely records path information it has learned on its own or from other routers.
Page 388: Configuring Pim-Dm
ONFIGURING THE WITCH • Expire – The time remaining before this entry will be aged out. Web – Click Routing Protocol, DVMRP, DVMRP Routing Table. CLI – This example displays known DVMRP routes. onsole#show ip dvmrp route3-200 Source Mask --------------- --------------- --------------- --------- ------ ------ ------ 10.1.0.0 255.255.255.0...
Page 389: Configuring Global Pim-Dm Settings
ULTICAST OUTING same interface used for routing unicast packets to the multicast source network. If it is not, the router drops the packet and sends a prune message back out the source interface. If it is the same interface used by the unicast protocol, then the router forwards a copy of the packet to all the other interfaces for which is has not already received a prune message for this specific source-group pair.
Page 390: Configuring Pim-Dm Interface Settings
ONFIGURING THE WITCH CLI – This example enables PIM-DM globally and displays the current status. Console(config)#router pim3-203 Console#show router pim3-209 Admin Status: Enabled Console# Configuring PIM-DM Interface Settings To fully enable PIM-DM, you need to enable multicast routing globally for the router (page 3-319), enable PIM-DM globally for the router (page 3-335), and also enable PIM-DM for each interface that will participate in multicast routing.
Page 391 transmitted. Hello messages are sent to neighboring PIM routers from which this device has received probes, and are used to verify whether or not these neighbors are still active members of the multicast tree. (Range: 1-65535 seconds; Default: 30) • Hello Holdtime –...
Page 392 ONFIGURING THE WITCH acknowledgement message is lost, the router that sent the graft message will resend it a maximum number of times as defined by Max Graft Retries. (Range: 1-65535 seconds; Default: 3) • Max Graft Retries – Configures the maximum number of times to resend a graft message if it has not been acknowledged.
Page 393: Displaying Interface Information
CLI – This example sets the PIM-DM protocol parameters for VLAN 2, and displays the current settings. Console(config)#interface vlan 23-57 Console(config-if)#ip pim dense-mode3-204 Console(config-if)#ip pim hello-interval 603-205 Console(config-if)#ip pim hello-holdtime 2103-206 Console(config-if)#ip pim trigger-hello-interval 103-206 Console(config-if)#ip pim join-prune-holdtime 603-207 Console(config-if)#ip pim graft-retry-interval 93-208 Console(config-if)#ip pim max-graft-retries 53-209 Console(config-if)#end Console#show ip pim interface 23-210...
Page 394: Displaying Neighbor Information
ONFIGURING THE WITCH Web – Click Routing Protocol, PIM-DM, Interface Information. CLI – This example shows the PIM-DM interface summary for VLAN 1. Console#show ip pim interface 13-210 Vlan 1 is up PIM is enabled, mode is Dense. Internet address is 10.1.0.253. Hello time interval is 30 sec, trigger hello time interval is 5 sec.
Page 395 Web – Click Routing Protocol, PIM-DM, Neighbor Information. CLI – This example displays the only neighboring PIM-DM router. Console#show ip pim neighbor3-210 Address VLAN Interface --------------- ---------------- -------- -------- ------- 10.1.0.253 Console# Uptime Expire ULTICAST OUTING Mode Dense 3-341...
Page 396 ONFIGURING THE WITCH 3-342...
Page 397: Chapter 4: Command Line Interface
Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.
Page 398: Telnet Connection
(1). Note: The IP address for this switch is unassigned by default. To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet.
Page 399: Using The Command Line Interface
After you configure the switch with an IP address, you can open a Telnet session by performing these steps: 1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2. At the prompt, enter the user name and system password. The CLI will display the “Vty-0#”...
Page 400: Keywords And Arguments
OMMAND NTERFACE Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
Page 401: Command Completion
Command Completion If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “logging history” example, typing log followed by a tab will result in printing the command up to “logging.”...
Page 402: Showing Commands
Router The system configuration of running SNMP statistics Sntp Specify spanning-tree Secure shell The system configuration of starting up Information of system Login by tacacs server Display information about terminal lines System hardware and software status Switch VLAN Virtual Interface...
Page 403: Partial Keyword Lookup
The command “show interfaces ?” will display the following information: Console#show interfaces ? counters Information of interfaces counters protocol-vlan Protocol-vlan information status Information of interfaces status switchport Information of interfaces switchport Console# Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided.
Page 404: Understanding Command Modes
You must be in Global Configuration mode to access any of the other configuration modes. Exec Commands When you open a new console session on the switch with the user name and password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>” command prompt.
Page 405: Configuration Commands
Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the copy running-config startup-config command.
Page 406 OMMAND NTERFACE packet filtering. • DHCP Configuration - These commands are used to configure the DHCP server. • Interface Configuration - These commands modify the port configuration such as speed-duplex and negotiation. • Line Configuration - These commands modify the console port and Telnet configuration, and include command such as parity and databits.
Page 407 To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode. Mode Command Line line {console | vty} Access access-list ip standard Control access-list ip extended List access-list ip mask-precedence...
Page 408: Command Line Processing
OMMAND NTERFACE Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?”...
Page 409: Command Groups
System Management Controls system logs, system passwords, user name, browser management options, and a variety of other system information Flash/File Manages code image or switch configuration files Authentication Configures logon access using local or remote authentication; also configures port security and IEEE 802.1x port access control...
Page 410 Multicast Filtering Configures IGMP multicast filtering, query parameters, and specifies ports attached to a multicast router IP Interface Configures IP address for the switch interfaces; also configures ARP parameters and static entries IP Routing Configures static and dynamic unicast routing...
Page 411 The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) PE (Privileged Exec) GC (Global Configuration) LC (Line Configuration) IC (Interface Configuration) RC (Router Configuration) Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port.
Page 412 OMMAND NTERFACE Command Function disconnect Terminates a line connection show line Displays a terminal line's parameters * These commands only apply to the serial port. line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} •...
Page 413: Line Commands
Command Mode Line Configuration Command Usage • There are three authentication modes provided by the switch itself at login: - login selects authentication by a single global password as specified by the password line configuration command. When using this method, the management interface starts in Normal Exec (NE) mode.
Page 414: Password
OMMAND NTERFACE • This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication servers, you must use the RADIUS or TACACS software installed on those servers. Example Console(config-line)#login local Console(config-line)# Related Commands...
Page 415: Exec-Timeout
password before the system terminates the line connection and returns the terminal to the idle state. • The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server.
Page 416: Password-Thresh
OMMAND NTERFACE • This command applies to both the local console and Telnet connections. • The timeout for Telnet cannot be disabled. Example To set the timeout to two minutes, enter this command: Console(config-line)#exec-timeout 120 Console(config-line)# password-thresh This command sets the password intrusion threshold which limits the number of failed logon attempts.
Page 417: Silent-Time
Example To set the password threshold to five attempts, enter this command: Console(config-line)#password-thresh 5 Console(config-line)# Related Commands silent-time (3-21) silent-time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command.
Page 418: Databits
OMMAND NTERFACE databits This command sets the number of data bits per character that are interpreted and generated by the console port. Use the no form to restore the default value. Syntax databits {7 | 8} no databits • 7 - Seven data bits per character. •...
Page 419: Parity
parity This command defines the generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode...
Page 420: Speed
Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported. If you select the “auto” option, the switch will automatically detect the baud rate configured on the attached terminal, and adjust the speed accordingly.
Page 421: Disconnect
Syntax stopbits {1 | 2} • 1 - One stop bit • 2 - Two stop bits Default Setting 1 stop bit Command Mode Line Configuration Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# disconnect Use this command to terminate an SSH, Telnet, or console connection. Syntax disconnect session-id session-id –...
Page 422: Show Line
OMMAND NTERFACE Related Commands show ssh (3-55) show users (3-83) show line This command displays the terminal line’s parameters. Syntax show line [console | vty] • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting Shows all lines Command Mode...
Page 423 General Commands Command Function enable Activates privileged mode disable Returns to normal mode from privileged mode configure Activates global configuration mode show history Shows the command history buffer reload Restarts the system Returns to Privileged Exec mode exit Returns to the previous configuration mode, or exits the CLI quit Exits a CLI session...
Page 424 This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes”...
Page 425: General Commands
This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration.
Page 426: Reload
OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands. Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config...
Page 427: End
None Command Mode Privileged Exec Command Usage This command resets the entire system. Example This example shows how to reset the switch: Console#reload System will be restarted, continue <y/n>? y This command returns to Privileged Exec mode. Default Setting None...
Page 428: Exit
OMMAND NTERFACE exit This command returns to the previous configuration mode or exit the configuration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session...
Page 429: Command Groups
These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information. Command Group Function Device Configures information that uniquely identifies this switch Designation User Access Configures the basic user names and passwords for management access...
Page 430: Device Designation Commands
OMMAND NTERFACE Device Designation Commands Command Function prompt Customizes the prompt used in PE and NE mode hostname Specifies the host name for the switch snmp-server Sets the system contact string contact snmp-server Sets the system location string location prompt This command customizes the CLI prompt.
Page 431: User Access Commands
User Access Commands The basic commands required for management access are listed in this section. This switch also includes other options for password checking via the console or a Telnet connection (page 3-15), user authentication via a remote authentication server (page 3-92), and host access authentication for specific ports (page 3-104).
Page 432 OMMAND NTERFACE Syntax username name {access-level level | nopassword | password {0 | 7} password} no username name • name - The name of the user. (Maximum length: 8 characters, case sensitive. Maximum users: 16) • access-level level - Specifies the user level. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec.
Page 433: Enable Password
Example This example shows how the set the access level and password for a user. Console(config)#username bob access-level 15 Console(config)#username bob password 0 smith Console(config)# enable password After initially logging onto the system, you should set the Privileged Exec password. Remember to record it in a safe place. This command controls access to the Privileged Exec level from the Normal Exec level.
Page 434: Ip Filter Commands
This command specifies the client IP addresses that are allowed management access to the switch through various protocols. Use the no form to restore the default setting. Syntax [no] management {all-client | http-client | snmp-client | telnet-client} start-address [end-address] •...
Page 435: Show Management
Global Configuration Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the switch will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.
Page 436 OMMAND NTERFACE • all-client - Adds IP address(es) to the SNMP, web and Telnet groups. • http-client - Adds IP address(es) to the web group. • snmp-client - Adds IP address(es) to the SNMP group. • telnet-client - Adds IP address(es) to the Telnet group. Command Mode Global Configuration Example...
Page 437: Web Server Commands
Function ip http port Specifies the port to be used by the web browser interface ip http server Allows the switch to be monitored or configured from a browser ip http Enables HTTPS/SSL for encrypted communications GC secure-server ip http secure-port Specifies the UDP port number for HTTPS/SSL...
Page 438: Ip Http Server
This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the no form to disable this function. Syntax [no] ip http secure-server...
Page 439 Command Usage • Both HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure the HTTP and HTTPS servers to use the same UDP port. • If you enable HTTPS, you must indicate this in the URL that you specify in your browser: https://device[:port_number] •...
Page 440: Ip Http Secure-Port
NTERFACE copy tftp https-certificate (3-85) ip http secure-port This command specifies the UDP port number used for HTTPS/SSL connection to the switch’s web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port port_number –...
Page 441: Secure Shell Commands
Telnet. When a client contacts the switch via the SSH protocol, the switch uses a public-key that the client must match along with a local user name and password for access authentication. SSH also encrypts all data...
Page 442 3-93. If public key authentication is specified by the client, then you must configure authentication keys on both the client and the switch as described in the following section. Note that regardless of whether you use public key or password authentication, you still have to generate authentication keys on the switch and enable the SSH server.
Page 443 76546801726272571413428762941301196195566782 59566410486957427888146206 51941746772984865468615717739390164779355942303577413098022737087794545240839 71752646358058176716709574804776117 3. Import Client’s Public Key to the Switch – Use the copy tftp public-key command to copy a file containing the public key for all the SSH client’s granted management access to the switch. The clients are subsequently authenticated using these keys.
Page 444: Ip Ssh Server
OMMAND NTERFACE If a match is found, the switch uses the public key to encrypt a random sequence of bytes, and sends this string to the client. The client uses its private key to decrypt the bytes, and sends the decrypted bytes back to the switch.
Page 445: Ip Ssh Timeout
Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase. Once an SSH session has been established, the timeout for user input is controlled by the exec-timeout command for vty sessions.
Page 446: Ip Ssh Authentication-Retries
OMMAND NTERFACE Example Console(config)#ip ssh timeout 60 Console(config)# Related Commands exec-timeout (3-19) show ip ssh (3-54) ip ssh authentication-retries Use this command to configure the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting.
Page 447: Ip Ssh Server-Key Size
Command Mode Global Configuration Command Usage • The server key is a private key that is never shared outside the switch. • The host key is shared with the SSH client, and is fixed at 1024 bits. Example Console(config)#ip ssh server-key size 512...
Page 448: Ip Ssh Crypto Host-Key Generate
OMMAND NTERFACE Command Mode Privileged Exec Example Console#delete public-key admin dsa Console# ip ssh crypto host-key generate Use this command to generate the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [dsa | rsa] • dsa – DSA key type. •...
Page 449: Ip Ssh Crypto Zeroize
Related Commands ip ssh crypto zeroize (3-53) ip ssh save host-key (3-54) ip ssh crypto zeroize Use this command to clear the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa] • dsa – DSA key type. •...
Page 450: Ip Ssh Save Host-Key
OMMAND NTERFACE ip ssh save host-key Use this command to save host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa] • dsa – DSA key type. • rsa – RSA key type. Default Setting Saves both the DSA and RSA key.
Page 451: Show Ssh
show ssh Use this command to display the current SSH server connections. Command Mode Privileged Exec Example Console#show ssh Connection Version State Session-Started Console# Field Description Session The session number. (Range: 0-3) Version The Secure Shell version number. State The authentication negotiation state. (Values: Negotiation-Started, Authentication-Started, Session-Started) Username...
Page 452: Show Public-Key
OMMAND NTERFACE Field Description Encryption The encryption method is automatically negotiated between the client and server. Options for SSHv1.5 include: DES, 3DES Options for SSHv2.0 can include different algorithms for the client-to-server (ctos) and server-to-client (stoc): aes128-cbc-hmac-sha1 aes192-cbc-hmac-sha1 aes256-cbc-hmac-sha1 3des-cbc-hmac-sha1 blowfish-cbc-hmac-sha1 aes128-cbc-hmac-md5 aes192-cbc-hmac-md5...
Page 453: Command Mode
Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword is entered, but no user name is specified, then the public keys for all users are displayed. • When an RSA key is displayed, the first field indicates the size of the host key (e.g., 1024), the second field is the encoded public exponent (e.g., 35), and the last string is the encoded modulus.
Page 454: Event Logging Commands
Clears messages from the logging buffer show logging Displays the state of logging logging on This command controls logging of error messages, sending debug or error messages to switch memory. The no form disables the logging process. Syntax [no] logging on Default Setting None...
Page 455: Logging History
Related Commands logging history (3-59) clear logging (3-62) logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram} •...
Page 456: Logging Host
OMMAND NTERFACE • level - One of the level arguments listed below. Messages sent include the selected level down to level 0. (Range: 0-7) Level Argument debugging informational notifications warnings errors * There are only Level 2, 5 and 6 error messages for the current firmware release. critical alerts emergencies...
Page 457: Logging Facility
Syntax [no] logging host host_ip_address host_ip_address - The IP address of a syslog server. Default Setting None Command Mode Global Configuration Command Usage • By using this command more than once you can build up a list of host IP addresses. •...
Page 458: Logging Trap
The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database.
Page 459: Show Logging
Syntax clear logging [flash | ram] • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). Default Setting Flash and RAM Command Mode Privileged Exec Example Console#clear logging...
Page 460 OMMAND NTERFACE Default Setting None Command Mode Privileged Exec Example The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “debugging” (i.e., default level 7 - 0), and lists one sample error.
Page 461: Smtp Alert Commands
The following example displays settings for the trap function. Console#show logging trap Syslog logging: Enable REMOTELOG status: disable REMOTELOG facility type: local use 7 REMOTELOG level type: Debugging messages REMOTELOG server IP address: 1.2.3.4 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 REMOTELOG server IP address: 0.0.0.0 Console#...
Page 462: Logging Sendmail Host
• You can specify up to three SMTP servers for event handing. However, you must enter a separate command to specify each server. • To send email alerts, the switch first opens a connection, sends all the email alerts waiting in the queue one by one, and finally closes the connection.
Page 463: Logging Sendmail Level
Example Console(config)#logging sendmail host 192.168.1.19 Console(config)# logging sendmail level This command sets the severity threshold used to trigger alert messages. Syntax logging sendmail level level level - One of the system message levels (page 3-59). Messages sent include the selected level down to level 0.
Page 464: Logging Sendmail Source-Email
Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. Example This example will send email alerts for system errors from level 3 through Console(config)#logging sendmail source-email bill@this-company.com...
Page 465: Logging Sendmail
Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages. However, you must enter a separate command to specify each recipient. Example Console(config)#logging sendmail destination-email ted@this-company.com Console(config)# logging sendmail This command enables SMTP event handling. Use the no form to disable this function.
Page 466: Show Logging Sendmail
Sets the interval at which the client polls for time sntp broadcast Accepts time from any time broadcast server client show sntp Shows current SNTP configuration settings clock timezone Sets the time zone for the switch’s internal clock 4-70 Mode Page 3-71 3-72 3-73 3-74...
Page 467: Sntp Client
Command Usage • The time acquired from time servers is used to record accurate dates and times for log events. Without SNTP, the switch only records the time starting from the factory default set at the last bootup (i.e., 00:00:00, Jan. 1, 2001).
Page 468: Sntp Server
OMMAND NTERFACE Example Console(config)#sntp server 10.1.0.19 Console(config)#sntp poll 60 Console(config)#sntp client Console(config)#end Console#show sntp Current time: Dec 23 02:52:44 2002 Poll interval: 60 Current mode: unicast Console# Related Commands sntp server (3-72) sntp poll (3-73) sntp broadcast client (3-74) show sntp (3-75) sntp server This command sets the IP address of the servers to which SNTP time requests are issued.
Page 469: Sntp Poll
(3-73) show sntp (3-75) sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests.
Page 470: Sntp Broadcast Client
Console# Related Commands sntp client (3-71) sntp broadcast client This command synchronizes the switch’s clock based on time broadcast from time servers (using the multicast address 224.0.1.1). Use the no form to disable SNTP broadcast client mode. Syntax [no] sntp broadcast client...
Page 471: Show Sntp
Normal Exec, Privileged Exec Command Usage This command displays the current time, the poll interval used for sending time synchronization requests (when the switch is set to SNTP client mode), and the current SNTP mode (i.e., client or broadcast). Example...
Page 472: Calendar Set
OMMAND NTERFACE Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
Page 473: Show Calendar
Command Mode Privileged Exec Example This example shows how to set the system clock to 15:12:34, February 1st, 2002. Console#calendar set 15:12:34 1 February 2002 Console# show calendar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileged Exec Example Console#show calendar set 15:12:34 February 1 2002...
Page 474: System Status Commands
OMMAND NTERFACE System Status Commands Command Function show Displays the contents of the configuration file (stored startup-config in flash memory) that is used to start up the system show Displays the configuration data currently in use running-config show system Displays system information show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of...
Page 475: Show Running-Config
- VLAN database (VLAN ID, name and state) - VLAN configuration settings for each interface - Multiple spanning tree instances (name and interfaces) - IP address configured for VLANs - Routing protocol configuration settings - Spanning tree settings - Any configured settings for the console port and Telnet Example Console#show startup-config building startup-config, please wait...
Page 476 OMMAND NTERFACE Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory. • This command displays settings for key command modes. Each mode group is separated by “!”...
Page 477 Example Console#show running-config building running-config, please wait... snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active spanning-tree mst-configuration interface ethernet 1/1...
Page 478: Show System
• The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: SMC Networks SMC8612XL3 System OID string: 1.3.6.1.4.1.202.20.33 System information System Up time: 0 days, 0 hours, 12 minutes, and 49.7 seconds...
Page 479: Show Users
show users Shows all active console and Telnet sessions, including user name, idle time, and IP address of Telnet client. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number.
Page 480: Frame Size Commands
[no] jumbo frame Default Setting Disabled Command Mode Global Configuration Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared 4-84 : A322043872 : R01 : 2.0.2.3 : 2.0.2.1...
Page 481 This command moves (upload/download) a code image or configuration file between the switch’s flash memory and a TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation. The...
Page 482 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) • Due to the size limit of the flash memory, the switch supports only two operation code files. • The maximum number of user-defined configuration files depends on available memory.
Page 483: Flash/File Commands
the factory default configuration file, but you cannot use it as the destination. • To replace the startup configuration, you must use startup-config as the destination. • The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server. You must use a direct console connection and access the download menu during a boot up to download the Boot ROM (or diagnostic) image.
Page 484: Delete
\Write to FLASH finish. Success. Console# This example shows how to copy a secure-site certificate from an TFTP server. It then reboots the switch to activate the certificate: Console#copy tftp https-certificate TFTP server ip address: 10.1.0.19 Source certificate file name: SS-certificate...
Page 485: Dir
The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file. • config - Switch configuration file. • opcode - Run-time operation code image file. • filename - Name of the file or image. If this file exists but contains errors, information on this file cannot be shown.
Page 486: Whichboot
OMMAND NTERFACE • File information is shown below: Column Heading file name file type startup size Example The following example shows how to display all file information: Console#dir -------------------------------- -------------- ------- ----------- Factory_Default_Config.cfg ------------------------------------------------------------------- Console# whichboot This command displays which files were booted when the system powered Default Setting None Command Mode...
Page 487: Boot System
Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command. Console#whichboot file name ----------------- -------------- ------- ----------- diag_0060 Boot-Rom image run_0200 Operation Code startup Console# boot system...
Page 488: Authentication Commands
(3-89) whichboot (3-90) Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x.
Page 489: Authentication Sequence
Authentication Sequence Command authentication login authentication login This command defines the login authentication method and precedence. Use the no form to restore the default. Syntax authentication login {[local] [radius] [tacacs]} no authentication login • local - Use local password. • radius - Use RADIUS server password. •...
Page 490: Radius Client
RADIUS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch. Command radius-server host radius-server port...
Page 491: Radius-Server Host
radius-server host This command specifies the RADIUS server. Use the no form to restore the default. Syntax radius-server host host_ip_address no radius-server host host_ip_address - IP address of server. Default Setting 10.1.0.1 Command Mode Global Configuration Example Console(config)#radius-server host 192.168.1.25 Console(config)# radius-server port This command sets the RADIUS server network port.
Page 492: Radius-Server Key
This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1 - 30) 4-96...
Page 493: Radius-Server Timeout
RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) Default Setting Command Mode...
Page 494: Tacacs+ Client
TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch. Command tacacs-server host tacacs-server port...
Page 495: Tacacs-Server Port
Default Setting 10.11.12.13 Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25 Console(config)# tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages.
Page 496: Show Tacacs-Server
OMMAND NTERFACE Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default Setting None Command Mode Global Configuration Example Console(config)#tacacs-server key green Console(config)#...
Page 497: Port Security Commands
Port Security Commands These commands can be used to disable the learning function or manually specify secure addresses for a port. You may want to leave port security off for an initial training period (i.e., enable the learning function) to register all the current VLAN members on the selected port, and then enable port security to ensure that the port will drop any incoming frames with a source MAC address that is unknown or has been previously learned from...
Page 498 • To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames received on a port for an initial training period, and then enable port security to stop address learning.
Page 499 Example The following example enables port security for port 5, and sets the response to a security violation to issue a trap message: Console(config)#interface ethernet 1/5 Console(config-if)#port security action trap Related Commands shutdown (3-9) mac-address-table static (3-34) show mac-address-table (3-35) UTHENTICATION OMMANDS 4-103...
Page 500: 802.1X Port Authentication
OMMAND NTERFACE 802.1x Port Authentication The switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).
Page 501: Dot1X Default
Console(config)#dot1x default Console(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session. Use the no form to restore the default.
Page 502: Dot1X Port-Control
OMMAND NTERFACE count – The maximum number of requests (Range: 1-10) Default Command Mode Global Configuration Example Console(config)#dot1x max-req 2 Console(config)# dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default. Syntax dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control...
Page 503: Dot1X Operation-Mode
dot1x operation-mode This command allows single or multiple hosts (clients) to connect to an 802.1X-authorized port. Use the no form with no keywords to restore the default to single host. Use the no form with the multi-host max-count keywords to restore the default maximum count. Syntax dot1x operation-mode {single-host | multi-host [max-count count]}...
Page 504: Dot1X Re-Authentication
Console(config)#dot1x re-authentication Console(config)# dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default. Syntax...
Page 505: Dot1X Timeout Re-Authperiod
Example Console(config)#dot1x timeout re-authperiod 300 Console(config)# dot1x timeout tx-period This command sets the time that the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number of seconds.
Page 506: Show Dot1X
This command displays the following information: • Global 802.1X Parameters – Displays the global port access control parameters that can be configured for this switch as described in the preceding pages, including reauth-enabled (page 3-108), reauth-period (page 3-109), quiet-period (page 3-108), tx-period (page 3-109), and max-req (page 3-105).
Page 507 following global parameters which are set to a fixed value, including the following items: - supp-timeout – Supplicant timeout. - server-timeout– Server timeout. - reauth-max – Maximum number of reauthentication attempts. • 802.1X Port Summary – Displays the port access control parameters for each interface, including the following items: - Status –...
Page 508 OMMAND NTERFACE - State Example Console#show dot1x Global 802.1X Parameters reauth-enabled: no reauth-period: 3600 quiet-period: tx-period: supp-timeout: server-timeout: 10 reauth-max: max-req: 802.1X Port Summary Port Name Status disabled disabled disabled enabled 802.1X Port Details 802.1X is disabled on port 1 802.1X is enabled on port 12 Max request Quiet period...
Page 509 An ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress or egress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule.
Page 510 • The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.
Page 511: Access Control List Commands
IP ACL, Egress IP ACL, Ingress MAC ACL or Egress MAC ACL), but a mask can be bound to up to four ACLs of the same type. Command Groups Function IP ACLs Configures ACLs based on IP addresses, TCP/UDP port number, protocol type, and TCP control code MAC ACLs Configures ACLs based on hardware addresses, packet...
Page 512: Access-List Ip
OMMAND NTERFACE Command Function show map access-list Shows CoS value mapped to an access list for an interface match access-list ip Changes the 802.1p priority, IP Precedence, or DSCP Priority of a frame matching the defined rule (i.e., also called packet marking) show marking Displays the current configuration for packet marking...
Page 513: Permit, Deny (Standard Acl)
• To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule. • An ACL can contain up to 32 rules. Example Console(config)#access-list ip standard david Console(config-std-acl)# Related Commands permit, deny 3-117 ip access-group (3-127) show ip access-list (3-121)
Page 514: Permit, Deny (Extended Acl)
OMMAND NTERFACE to indicate “match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x –...
Page 515 • protocol-number – A specific protocol number. (Range: 0-255) • source – Source IP address. • destination – Destination IP address. • address-bitmask – Decimal number representing the address bits to match. • host – Keyword followed by a specific IP address. •...
Page 516 OMMAND NTERFACE • The control-code bitmask is a decimal number (representing an equivalent bit mask) that is applied to the control code. Enter a decimal number, where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. The following bits may be specified: - 1 (fin) –...
Page 517: Show Ip Access-List
This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit 192.168.1.0 255.255.255.0 any tcp control-code 2 2 Console(config-ext-acl)# Related Commands access-list ip (3-116) show ip access-list This command displays the rules for configured IP ACLs. Syntax show ip access-list {standard | extended} [acl_name] •...
Page 518: Mask (Ip Acl)
OMMAND NTERFACE Syntax [no] access-list ip mask-precedence {in | out} • in – Ingress mask for ingress ACLs. • out – Egress mask for egress ACLs. Default Setting Default system mask: Filter inbound packets according to specified IP ACLs. Command Mode Global Configuration Command Usage •...
Page 519 Syntax [no] mask [protocol] {any | host | source-bitmask} {any | host | destination-bitmask} [precedence] [tos] [dscp] [source-port [port-bitmask]] [destination-port [port-bitmask]] [control-flag [flag-bitmask]] • protocol – Check the protocol field. • any – Any address will be matched. • host – The address must be for a host device, not a subnetwork. •...
Page 520 OMMAND NTERFACE • First create the required ACLs and ingress or egress masks before mapping an ACL to an interface. • If you enter dscp, you cannot enter tos or precedence. You can enter both tos and precedence without dscp. •...
Page 521 This shows how to create a standard ACL with an ingress mask to deny access to the IP host 171.69.198.102, and permit access to any others. Console(config)#access-list ip standard A2 Console(config-std-acl)#permit any Console(config-std-acl)#deny host 171.69.198.102 Console(config-std-acl)#end Console#show access-list IP standard access-list A2: deny host 171.69.198.102 permit any Console#configure...
Page 522: Show Access-List Ip Mask-Precedence
ACL. Note that once the ACL is bound to an interface (i.e., the ACL is active), the order in which the rules are displayed is determined by the associated mask. Switch(config)#access-list ip extended 6 Switch(config-ext-acl)#permit any any Switch(config-ext-acl)#deny tcp any any control-flag 2 2 Switch(config-ext-acl)#end Console#show access-list IP extended access-list A6: permit any any...
Page 523: Ip Access-Group
• If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. • You must configure a mask for an ACL rule before you can bind it to a port.
Page 524: Show Ip Access-Group
OMMAND NTERFACE Example Console(config)#int eth 1/2 Console(config-if)#ip access-group standard david in Console(config-if)# Related Commands show ip access-list (3-121) show ip access-group This command shows the ports assigned to IP ACLs. Command Mode Privileged Exec Example Console#show ip access-group Interface ethernet 1/2 IP standard access-list david Console# Related Commands...
Page 525: Show Map Access-List Ip
Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage Command Usage • You must configure an ACL mask before you can map CoS values to the rule. • A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table.
Page 526: Match Access-List Ip
OMMAND NTERFACE • ethernet unit/port - unit - This is device 1. - port - Port number. Command Mode Privileged Exec Example Console#show map access-list ip Access-list to COS of Eth 1/4 Access-list ALS1 cos 0 Console# Related Commands map access-list ip (3-128) match access-list ip This command changes the IEEE 802.1p priority, IP Precedence, or DSCP Priority of a frame matching the defined ACL rule.
Page 527: Show Marking
To specify the DSCP priority, use the set dscp keywords. Note that the IP frame header can include either the IP Precedence or DSCP priority type. • The precedence for priority mapping by this switch is IP Precedence or DSCP Priority, and then 802.1p priority. Example...
Page 528 OMMAND NTERFACE Example Console#show marking Interface ethernet 1/12 match access-list IP bill set DSCP 0 match access-list MAC a set priority 0 Console# Related Commands match access-list ip (3-130) 4-132...
Page 529: Mac Acls
MAC ACLs Command Function access-list mac Creates a MAC ACL and enters configuration mode permit, deny Filters packets matching a specified source and destination address, packet format, and Ethernet type show mac access-list Displays the rules for configured MAC ACLs access-list mac Changes to the mode for configuring access mask-precedence...
Page 530: Permit, Deny (Mac Acl)
OMMAND NTERFACE acl_name – Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configuration Command Usage • An egress ACL must contain all deny rules. • When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list.
Page 531 [vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]] Note:- The default is for Ethernet II packets. [no] {permit | deny} tagged-eth2 {any | host source | source address-bitmask} {any | host destination | destination address-bitmask} [vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]] [no] {permit | deny} untagged-eth2 {any | host source | source address-bitmask} {any | host destination | destination address-bitmask} [ethertype protocol [protocol-bitmask]]...
Page 532: Show Mac Access-List
OMMAND NTERFACE Default Setting None Command Mode MAC ACL Command Usage • New rules are added to the end of the list. • The ethertype option can only be used to filter Ethernet II formatted packets. • A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include the following: - 0800 - IP - 0806 - ARP...
Page 533: Access-List Mac Mask-Precedence
Example Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands permit, deny 3-134 mac access-group (3-142) access-list mac mask-precedence This command changes to MAC Mask mode used to configure access control masks. Use the no form to delete the mask table. Syntax [no] access-list ip mask-precedence {in | out} •...
Page 534: Mask (Mac Acl)
OMMAND NTERFACE Example Console(config)#access-list mac mask-precedence in Console(config-mac-mask-acl)# Related Commands mask (MAC ACL) (3-138) mac access-group (3-142) mask (MAC ACL) This command defines a mask for MAC ACLs. This mask defines the fields to check in the packet header. Use the no form to remove a mask. Syntax [no] mask [pktformat] {any | host | source-bitmask} {any | host | destination-bitmask}...
Page 535 Command Usage • Up to seven masks can be assigned to an ingress or egress ACL. • Packets crossing a port are checked against all the rules in the ACL until a match is found. The order in which these packets are checked is determined by the mask, and not the order in which the ACL rules were entered.
Page 536 OMMAND NTERFACE Example This example shows how to create an Ingress MAC ACL and bind it to a port. You can then see that the order of the rules have been changed by the mask. Console(config)#access-list mac M4 Console(config-mac-acl)#permit any any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3 Console(config-mac-acl)#end...
Page 537: Show Access-List Mac Mask-Precedence
This example creates an Egress MAC ACL. Console(config)#access-list mac M5 Console(config-mac-acl)#deny tagged-802.3 host 00-11-11-11-11-11 any Console(config-mac-acl)#deny tagged-eth2 00-11-11-11-11-11 ff-ff-ff-ff-ff-ff any vid 3 ethertype 0806 Console(config-mac-acl)#end Console#show access-list MAC access-list M5: deny tagged-802.3 host 00-11-11-11-11-11 any deny tagged-eth2 host 00-11-11-11-11-11 any vid 3 ethertype 0806 Console(config)#access-list mac mask-precedence out Console(config-mac-mask-acl)#mask pktformat ff-ff-ff-ff-ff-ff any vid Console(config-mac-mask-acl)#exit...
Page 538: Mac Access-Group
• If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. • You must configure a mask for an ACL rule before you can bind it to a port.
Page 539: Show Mac Access-Group
show mac access-group This command shows the ports assigned to MAC ACLs. Command Mode Privileged Exec Example Console#show mac access-group Interface ethernet 1/5 MAC access-list M5 out Console# Related Commands mac access-group (3-142) map access-list mac This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue;...
Page 540: Show Map Access-List Mac
OMMAND NTERFACE the output queues as shown below. Priority Queue Example Console(config)#int eth 1/5 Console(config-if)#map access-list mac M5 cos 0 Console(config-if)# Related Commands queue cos-map (3-81) show map access-list mac (3-144) show map access-list mac This command shows the CoS value mapped to a MAC ACL for the current interface.
Page 541: Match Access-List Mac
Related Commands map access-list mac (3-143) match access-list mac This command changes the IEEE 802.1p priority of a Layer 2 frame matching the defined ACL rule. (This feature is commonly referred to as ACL packet marking.) Use the no form to remove the ACL marker. Syntax match access-list mac acl_name set priority priority no match access-list mac acl_name...
Page 542: Acl Information
OMMAND NTERFACE ACL Information Command Function show access-list Show all ACLs and associated rules show access-group Shows the ACLs assigned to each port show access-list This command shows all ACLs and associated rules, as well as all the user-defined masks. Command Mode Privileged Exec Command Usage...
Page 543: Snmp Commands
Interface ethernet 1/2 IP standard access-list david MAC access-list jerry Console# SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. Command Function...
Page 544: Snmp-Server Contact
OMMAND NTERFACE Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 32 characters, case sensitive; Maximum number of strings: 5) • ro - Specifies read-only access. Authorized management stations are only able to retrieve MIB objects.
Page 545: Snmp-Server Location
Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server contact Paul Console(config)# Related Commands snmp-server location (3-149) snmp-server location This command sets the system location string. Use the no form to remove the location string.
Page 546: Snmp-Server Host
OMMAND NTERFACE Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (3-148) snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host host-addr community-string [version {1 | 2c}] no snmp-server host host-addr •...
Page 547: Snmp-Server Enable Traps
For example, some notification types are always enabled. • The switch can send SNMP version 1 or version 2c notifications to a host IP address, depending on the SNMP version that the management station supports. If the snmp-server host command does not specify the SNMP version, the default is to send SNMP version 1 notifications.
Page 548: Snmp Ip Filter
(3-150) snmp ip filter This command sets the IP addresses of clients that are allowed management access to the switch via SNMP. Use the no form the remove an IP address. Syntax [no] snmp ip filter ip_address subnet_mask •...
Page 549 • The default setting is null, which allows all IP groups SNMP access to the switch. If one IP address is configured, IP filtering is enabled and only addresses in the specified IP group will have SNMP access.
Page 550: Show Snmp
OMMAND NTERFACE show snmp This command checks the status of SNMP communications. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.
Page 551: Dhcp Commands
VLAN interface to be automatically assigned an IP address via DHCP. This switch can be configured to relay DHCP client configuration requests to a DHCP server on another network, or you can configure this switch to provide DHCP service directly to any client.
Page 552: Ip Dhcp Restart Client
OMMAND NTERFACE • hex - The hexadecimal value. Default Setting None Command Mode Interface Configuration (VLAN) Command Usage This command is used to include a client identifier in all communications with the DHCP server. The identifier type depends on the requirements of your DHCP server. Example Console(config)#interface vlan 2 Console(config-if)#ip dhcp client-identifier hex 00-00-e8-66-65-72...
Page 553: Dhcp Relay
• If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain. Example In the following example, the device is reassigned the same address. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit...
Page 554: Ip Dhcp Relay Server
This command is used to configure DHCP relay functions for host devices attached to the switch. If DHCP relay service is enabled, and this switch sees a DHCP request broadcast, it inserts its own IP address into the request so the DHCP server will know the subnet where the client is located.
Page 555 Usage Guidelines • You must specify the IP address for at least one DHCP server. Otherwise, the switch’s DHCP relay agent will not forward client requests to a DHCP server. • To start DHCP relay service, enter the ip dhcp restart relay command.
Page 556: Dhcp Server
OMMAND NTERFACE DHCP Server Command Function service dhcp Enables the DHCP server feature on this switch ip dhcp Specifies IP addresses that a DHCP server should not excluded-address assign to DHCP clients ip dhcp pool Configures a DHCP address pool on a DHCP Server GC...
Page 557: Ip Dhcp Excluded-Address
Displays address bindings on the DHCP server binding *These commands are used for manually binding an address to a client. service dhcp Use this command to enable the DHCP server on this switch. Use the no form to disable the DHCP server. Syntax service dhcp...
Page 558 Command Mode Global Configuration Usage Guidelines • After executing this command, the switch changes to DHCP Pool Configuration mode, identified by the (config-dhcp)# prompt. • From this mode, first configure address pools for the network interfaces (using the network command). You can also manually bind an address to a specific client (with the host command) if required.
Page 559: Ip Dhcp Pool
DHCP Pool Configuration Usage Guidelines • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If there is no gateway in the client request (i.e., the request was not forwarded by a relay server),...
Page 560: Default-Router
OMMAND NTERFACE • This command is valid for DHCP network address pools only. If the mask is not specified, the class A, B, or C natural mask is used (see page 3-276). The DHCP server assumes that all host addresses are available.
Page 561: Domain-Name
domain-name Use this command to specify the domain name for a DHCP client. Use the no form to remove the domain name. Syntax domain-name domain no domain-name domain - Specifies the domain name of the client. (Range: 1-32 characters) Default Setting None Command Mode DHCP Pool Configuration...
Page 562: Next-Server
OMMAND NTERFACE Command Mode DHCP Pool Configuration Usage Guidelines • If DNS IP servers are not configured for a DHCP client, the client cannot correlate host names to IP addresses. • Servers are listed in order of preference (starting with address1 as the most preferred server).
Page 563: Bootfile
bootfile Use this command to specify the name of the default boot image for a DHCP client. This file should placed on the Trivial File Transfer Protocol (TFTP) server specified with the next-server command. Use the no form to delete the boot image name. Syntax bootfile filename no bootfile...
Page 564: Netbios-Node-Type
OMMAND NTERFACE • address2 - Specifies IP address of alternate NetBIOS WINS name server. Default Setting None Command Mode DHCP Pool Configuration Usage Guidelines Servers are listed in order of preference (starting with address1 as the most preferred server). Example Console(config-dhcp)#netbios-name-server 10.1.0.33 10.1.0.34 Console(config-dhcp)# Related Commands...
Page 565 Command Mode DHCP Pool Configuration Example Console(config-dhcp)#netbios-node-type hybrid Console(config-dhcp)# Related Commands netbios-name-server (3-167) DHCP C OMMANDS 4-169...
Page 566: Lease
OMMAND NTERFACE lease Use this command to configure the duration that an IP address is assigned to a DHCP client. Use the no form to restore the default value. Syntax lease {days [hours][minutes] | infinite} no lease • days - Specifies the duration of the lease in numbers of days. (Range: 0-364) •...
Page 567 Syntax host address [mask] no host • address - Specifies the IP address of a client. • mask - Specifies the network mask of the client. Default Setting None Command Mode DHCP Pool Configuration DHCP C OMMANDS 4-171...
Page 568: Client-Identifier
• Host addresses must fall within the range specified for an existing network pool. • When a client request is received, the switch first checks for a network address pool matching the gateway where the request originated (i.e., if the request was forwarded by a relay server). If there is no gateway in the client request (i.e., the request was not forwarded by a relay server),...
Page 569: Hardware-Address
Syntax client-identifier {text text | hex hex} no client-identifier • text - A text string. (Range: 1-15 characters) • hex - The hexadecimal value. Default Setting None Command Mode DHCP Pool Configuration Command Usage • This command identifies a DHCP client to bind to an address specified in the host command.
Page 570: Clear Ip Dhcp Binding
OMMAND NTERFACE Syntax hardware-address hardware-address type no hardware-address • hardware-address - Specifies the MAC address of the client device. • type - Indicates the following protocol used on the client device: - ethernet - ieee802 - fddi Default Setting If no type is specified, the default protocol is Ethernet. Command Mode DHCP Pool Configuration Command Usage...
Page 571: Show Ip Dhcp Binding
• address - The address of the binding to clear. • * - Clears all automatic bindings. Default Setting None Command Mode Privileged Exec Usage Guidelines • An address specifies the client’s IP address. If an asterisk (*) is used as the address parameter, the DHCP server clears all automatic bindings.
Page 572: Dns Commands
OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Example. Console#show ip dhcp binding --------------- ----------------- ------------ ----------- 192.1.3.21 00-00-e8-98-73-21 Console# DNS Commands These commands are used to configure Domain Naming System (DNS) services. You can manually configure entries in the DNS domain name to IP address mapping table, configure default domain names, or specify one or more name servers to use for domain name to address translation.
Page 573: Ip Host
Command Function show hosts Displays the static host name-to-address mapping table show dns Displays the configuration for DNS services show dns cache Displays entries in the DNS cache clear dns cache Clears all entries from the DNS cache ip host This command creates a static entry in the DNS table that maps a host name to an IP address.
Page 574: Clear Host
OMMAND NTERFACE Example This example maps two address to a host name. Console(config)#ip host rd5 192.168.1.55 10.1.0.55 Console(config)#end Console#show hosts Hostname Inet address 10.1.0.55 192.168.1.55 Alias Console# clear host This command deletes entries from the DNS table. Syntax clear host {name | *} •...
Page 575: Ip Domain-List
with dotted notation). Use the no form to remove the current domain name. Syntax ip domain-name name no ip domain-name name - Name of the host. Do not include the initial dot that separates the host name from the domain name. (Range: 1-64 characters) Default Setting None...
Page 576 • Domain names are added to the end of the list one at a time. • When an incomplete host name is received by the DNS server on this switch, it will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match.
Page 577: Ip Name-Server
Related Commands ip domain-name (3-178) ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution. Use the no form to remove a name server from this list. Syntax [no] ip name-server server-address1 [server-address2 … server-address6] •...
Page 578: Ip Domain-Lookup
OMMAND NTERFACE Example This example adds two domain-name servers to the list and then displays the list. Console(config)#ip domain-server 192.168.1.55 10.1.0.55 Console(config)#end Console#show dns Domain Lookup Status: DNS disabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console#...
Page 579: Show Hosts
Example This example enables DNS and then displays the configuration. Console(config)#ip domain-lookup Console(config)#end Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: .sample.com Domain Name List: .sample.com.jp .sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# Related Commands ip domain-name (3-178) ip name-server (3-181) show hosts This command displays the static host name-to-address mapping table.
Page 580: Show Dns
OMMAND NTERFACE show dns This command displays the configuration of the DNS server. Command Mode Privileged Exec Example Console#show dns Domain Lookup Status: DNS enabled Default Domain Name: sample.com Domain Name List: sample.com.jp sample.com.uk Name Server List: 192.168.1.55 10.1.0.55 Console# show dns cache This command displays entries in the DNS cache.
Page 581: Clear Dns Cache
Field Description FLAG The flag is always “4” indicating a cache entry and therefore unreliable. TYPE This field includes CNAME which specifies the canonical or primary name for the owner, and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry. The IP address associated with this record.
Page 582 OMMAND NTERFACE 4-186...
Page 583: Interface Commands
Interface Commands These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN. Command Function interface Configures an interface type and enters interface configuration mode description Adds a description to an interface configuration speed-duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled...
Page 584: Description
Syntax interface interface no interface port-channel channel-id interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) • vlan vlan-id (Range: 1-4094) Default Setting None Command Mode Global Configuration Example To specify port 4, enter the following command: Console(config)#interface ethernet 1/4...
Page 585: Speed-Duplex
Command Mode Interface Configuration (Ethernet, Port Channel) Example The following example adds a description to port 4. Console(config)#interface ethernet 1/4 Console(config-if)#description RD-SW#3 Console(config-if)# speed-duplex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default. Syntax speed-duplex {1000full | 100full | 100half | 10full | 10half} no speed-duplex...
Page 586: Negotiation
Default Setting • Auto-negotiation is enabled by default. • When auto-negotiation is disabled, the default speed-duplex setting is 100half for 100BASE-TX ports and 1000full for Gigabit Ethernet ports. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • To force operation to the speed and duplex mode specified in a speed-duplex command, use the no negotiation command to disable auto-negotiation on the selected interface.
Page 587: Capabilities
Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 588 Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link attributes with the speed-duplex and flowcontrol commands.
Page 589: Flowcontrol
Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.
Page 590: Combo-Forced-Mode
Example The following example enables flow control on port 5. Console(config)#interface ethernet 1/5 Console(config-if)#flowcontrol Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (3-4) capabilities (flowcontrol, symmetric) (3-5) combo-forced-mode This command forces the port type selected for combination ports 8 - 12. Use the no form to restore the default mode. Syntax combo-forced-mode mode no combo-forced-mode...
Page 591: Shutdown
Example This forces the switch to use the built-in RJ-45 port for the combination port 8. Console(config)#interface ethernet 1/8 Console(config-if)#combo-forced-mode copper-forced Console(config-if)# shutdown This command disables an interface. To restart a disabled interface, use the no form. Syntax [no] shutdown Default Setting All interfaces are enabled.
Page 592: Clear Counters
• This command can enable or disable broadcast storm control for the selected interface. However, the specified threshold value applies to all ports on the switch. Example The following shows how to configure broadcast storm control at 600...
Page 593: Show Interfaces Status
- unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset. This command sets the base value for displayed statistics to zero for the current management session.
Page 594 Default Setting Shows the status for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Displaying Connection Status” on page 3-89. Example Console#show interfaces status ethernet 1/5 Information of Eth 1/5...
Page 595: Show Interfaces Counters
show interfaces counters This command displays interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage...
Page 596: Show Interfaces Switchport
Example Console#show interfaces counters ethernet 1/7 Ethernet 1/7 Iftable stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended iftable stats: Multi-cast input: 0, Multi-cast output: 3064 Broadcast input: 262, Broadcast output: 1...
Page 597 Default Setting Shows all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. Example This example shows the configuration setting for port 4. Console#show interfaces switchport ethernet 1/4 Broadcast threshold: Enabled, 500 packets/second Lacp status: Disabled Ingress rate limit: disable,1000M bits per second Egress rate limit: disable,1000M bits per second...
Page 598: Mirror Port Commands
[rx | tx | both] no port monitor interface • interface - ethernet unit/port (source port) - unit - Switch (unit 1). - port - Port number. • rx - Mirror received packets. • tx - Mirror transmitted packets.
Page 599: Show Port Monitor
However, you should avoid sending too much traffic to the destination port from multiple source ports. Example The following example configures the switch to mirror all packets from port 6 to 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 both...
Page 600: Rate Limit Commands
Default Setting Shows all sessions. Command Mode Privileged Exec Command Usage This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX, RX/TX). Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end...
Page 601: Rate-Limit
by the hardware to verify conformity. Non-conforming traffic is dropped, conforming traffic is forwarded without any changes. Command Function rate-limit Configures the maximum input or output rate for a port rate-limit This command defines the rate limit for a specific interface. Use this command without specifying a rate to restore the default rate.
Page 602: Link Aggregation Commands
For static trunks, the switches have to comply with the Cisco EtherChannel standard. For dynamic trunks, the switches have to comply with LACP. This switch supports up to six trunks. For example, a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex.
Page 603: Channel-Group
• A trunk can have up to eight ports. • The ports at both ends of a connection must be configured as trunk ports. • All ports in a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
Page 604: Lacp
• When configuring static trunks, the switches must comply with the Cisco EtherChannel standard. • Use no channel-group to remove a port group from a trunk. • Use no interfaces port-channel to remove a trunk from the switch. Example The following example creates trunk 1 and then adds port 11:...
Page 605 • A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID. • If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
Page 606: Lacp System-Priority
• Port must be configured with the same system priority to join the same LAG. • System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems.
Page 607: Lacp Admin-Key (Ethernet Interface)
state, and will only take effect the next time an aggregate link is established with the partner. Example Console(config)#interface ethernet 1/5 Console(config-if)#lacp actor system-priority 3 Console(config-if)# lacp admin-key (Ethernet Interface) This command configures a port's LACP administration key. Use the no form to restore the default setting.
Page 608: Lacp Admin-Key (Port Channel)
Syntax lacp admin-key key [no] lacp admin-key key - The port channel admin key is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch. (Range: 0-65535) Default Setting Command Mode Interface Configuration (Port Channel) Command Usage •...
Page 609: Lacp Port-Priority
that when the LAG is no longer used, the port channel admin key is reset to 0. Example Console(config)#interface port channel 1 Console(config-if)#lacp admin-key 3 Console(config-if)# lacp port-priority This command configures LACP port priority. Use the no form to restore the default setting.
Page 610: Show Lacp
state, and will only take effect the next time an aggregate link is established with the partner. Example Console(config)#interface ethernet 1/5 Console(config-if)#lacp actor port-priority 128 show lacp This command displays LACP information. Syntax show lacp [port-channel] {counters | internal | neighbors | sys-id} •...
Page 611 Example Console#show 1 lacp counters Channel group : 1 ------------------------------------------------------------------------- Eth 1/ 1 ------------------------------------------------------------------------- LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LACPDUs Illegal Pkts : 0 Field Description LACPDUs Sent...
Page 612 Console#show 1 lacp internal Channel group : 1 ------------------------------------------------------------------------- Oper Key : 4 Admin Key : 0 Eth 1/1 ------------------------------------------------------------------------- LACPDUs Internal : 30 sec LACP System Priority : 32768 LACP Port Priority : 32768 Admin Key : 4 Oper Key : 4 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State : distributing, collecting, synchronization, aggregation, long timeout, LACP-activity...
Page 613 Field Description LACP Port LACP port priority assigned to this interface within the channel group. Priority Admin State, Administrative or operational values of the actor’s state parameters: Oper State • Expired – The actor’s receive machine is in the expired state; •...
Page 614 Console#show 1 lacp neighbors Channel group 1 neighbors ------------------------------------------------------------------------- Eth 1/1 ------------------------------------------------------------------------- Partner Admin System ID : 32768, 00-00-00-00-00-00 Partner Oper System ID : 32768, 00-00-00-00-00-01 Partner Admin Port Number : 1 Partner Oper Port Number : 1 Port Admin Priority : 32768 Port Oper Priority : 32768 Admin Key : 0 Oper Key : 4...
Page 615 System MAC Address 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 32768 00-30-F1-8F-2C-A7 Description A link aggregation group configured on this switch. LACP system priority for this channel group. DDRESS ABLE OMMANDS Mode Page 3-34 3-35 3-35 3-36 3-37...
Page 616 • port-channel channel-id (Range: 1-6) • vlan-id - VLAN ID (Range: 1-4094) • action - - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent.
Page 617: Address Table Commands
• Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. • A static address cannot be learned on another port until the address is removed with the no form of this command.
Page 618: Mac-Address-Table Aging-Time
- port - Port number. • port-channel channel-id (Range: 1-6) • vlan-id - VLAN ID (Range: 1-4094) • sort - Sort by address, vlan or interface. Default Setting None Command Mode Privileged Exec Command Usage • The MAC Address Table contains the MAC addresses associated with each interface.
Page 619: Show Mac-Address-Table Aging-Time
Syntax mac-address-table aging-time seconds no mac-address-table aging-time seconds - Aging time. (Range: 10-1000000 seconds; 0 to disable aging) Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information. Example Console(config)#mac-address-table aging-time 100 Console(config)#...
Page 620: Spanning Tree Commands
Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Command spanning-tree spanning-tree mode spanning-tree forward-time spanning-tree hello-time spanning-tree max-age Configures the spanning tree bridge maximum...
Page 621: Spanning-Tree Mode
This example shows how to enable the Spanning Tree Algorithm for the switch: Console(config)#spanning-tree Console(config)# spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to restore the default. Syntax spanning-tree mode {stp | rstp} no spanning-tree mode...
Page 622 RSTP node transmits, as described below: - STP Mode – If the switch receives an 802.1D BPDU after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 623: Spanning-Tree Forward-Time
This command configures the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time seconds - Time in seconds. (Range: 4 - 30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
Page 624: Spanning-Tree Hello-Time
Console(config)#spanning-tree hello-time 5 Console(config)# spanning-tree max-age This command configures the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds. (Range: 6-40 seconds) The minimum value is the higher of 6 or [2 x (hello-time + 1)].
Page 625: Spanning-Tree Priority
Console(config)#spanning-tree max-age 40 Console(config)# spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range: 0 - 65535) (Range –...
Page 626: Spanning-Tree Pathcost Method
Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Page 627: Spanning-Tree Transmission-Limit
Example Console(config)#spanning-tree pathcost method long Console(config)# spanning-tree transmission-limit This command configures the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count - The transmission limit in seconds. (Range: 1-10) Default Setting Command Mode Global Configuration...
Page 628: Spanning-Tree Cost
This example disables the spanning tree algorithm for port 5. Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree spanning-disabled Console(config-if)# spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port.
Page 629: Spanning-Tree Port-Priority
• This command defines the priority for the use of a port in the Spanning Tree Algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.
Page 630: Spanning-Tree Edge-Port
spanning-tree edge-port This command specifies an interface as an edge port. Use the no form to restore the default. Syntax [no] spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node.
Page 631: Spanning-Tree Portfast
spanning-tree portfast This command sets an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax [no] spanning-tree portfast Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • This command is used to enable/disable the fast spanning-tree mode for the selected port.
Page 632: Spanning-Tree Link-Type
• When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link.
Page 633: Spanning-Tree Protocol-Migration
Command Mode Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the spanning-tree protocol-migration command at any time to manually re-check the appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible).
Page 634 Privileged Exec Command Usage • Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch and for every interface in the tree. • Use the show spanning-tree interface command to display the spanning tree configuration for an interface.
Page 635 Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning-tree information --------------------------------------------------------------- Spanning tree mode Spanning tree enable/disable Instance Vlans configuration Priority Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.) Root Forward Delay (sec.) Max hops Remaining hops Designated Root...
Page 636: Vlan Commands
VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 637: Vlan
Command Mode Global Configuration Command Usage • Use the VLAN database command mode to add, change, and delete VLANs. After finishing configuration changes, you can display the VLAN settings by entering the show vlan command. • Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN.
Page 638 • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state returns the VLAN to the default state (i.e., active). • You can configure up to 255 VLANs on the switch. Example The following example adds a VLAN, using VLAN ID 105 and name RD5.
Page 639: Configuring Vlan Interfaces
Configuring VLAN Interfaces Command interface vlan switchport mode switchport acceptable-frame-types switchport ingress-filtering switchport native vlan switchport allowed vlan Configures the VLANs associated with an switchport gvrp switchport forbidden vlan interface vlan This command enters interface configuration mode for VLANs, which is used to configure VLAN parameters for a physical interface.
Page 640: Switchport Mode
Example The following example shows how to set the interface configuration mode to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.254 255.255.255.0 Console(config-if)# Related Commands shutdown (3-9) switchport mode This command configures the VLAN membership mode for a port. Use the no form to restore the default.
Page 641: Switchport Acceptable-Frame-Types
Example The following shows how to set the configuration mode to port 1, and then set the switchport mode to hybrid: Console(config)#interface ethernet 1/1 Console(config-if)#switchport mode hybrid Console(config-if)# Related Commands switchport acceptable-frame-types (3-59) switchport acceptable-frame-types This command configures the acceptable frame types for a port. Use the no form to restore the default.
Page 642: Switchport Ingress-Filtering
Example The following example shows how to restrict the traffic received on port 1 to tagged frames: Console(config)#interface ethernet 1/1 Console(config-if)#switchport acceptable-frame-types tagged Console(config-if)# Related Commands switchport mode (3-58) switchport ingress-filtering This command enables ingress filtering for an interface. Use the no form to restore the default.
Page 643: Switchport Native Vlan
Example The following example shows how to set the interface to port 1 and then enable ingress filtering: Console(config)#interface ethernet 1/1 Console(config-if)#switchport ingress-filtering Console(config-if)# switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan...
Page 644: Switchport Allowed Vlan
• If a trunk has switchport mode set to trunk (i.e., 1Q Trunk), then you can only assign an interface to VLAN groups as a tagged member. • Frames are always tagged within the switch. The tagged/untagged parameter used when adding a VLAN to an interface tells the switch...
Page 645: Switchport Forbidden Vlan
whether to keep or remove the tag from a frame on egress. • If none of the intermediate network devices nor the host at the other end of the connection supports VLANs, the interface should be added to these VLANs as an untagged member. Otherwise, it is only necessary to add at most one VLAN as untagged, and this should correspond to the native VLAN for the interface.
Page 646: Displaying Vlan Information
Command Usage • This command prevents a VLAN from being automatically added to the specified interface via GVRP. • If a VLAN has been added to the set of allowed VLANs for an interface, then you cannot add it to the set of forbidden VLANs for that same interface.
Page 647: Configuring Protocol-Based Vlans
VLANs, including security and easy accessibility. To avoid these problems, you can configure this switch with protocol-based VLANs that divide the physical network into logical VLAN groups for each required protocol. When a frame is received at a port, its VLAN membership can then be determined based on the protocol type in use by the inbound packets.
Page 648: Protocol-Vlan Protocol-Group (Configuring Groups)
Command show protocol-vlan protocol-group show interfaces protocol-vlan protocol-group To configure protocol-based VLANs, follow these steps: 1. First configure VLAN groups for the protocols you want to use (page 3-55). Although not mandatory, we suggest configuring a separate VLAN for each major protocol running on your network. Do not add port members at this time.
Page 649: Protocol-Vlan Protocol-Group (Configuring Interfaces)
rarp. Default Setting No protocol groups are configured. Command Mode Global Configuration Example The following creates protocol group 1, and specifies Ethernet frames with IP and ARP protocol types: Console(config)#protocol-vlan protocol-group 1 add frame-type ethernet protocol-type ip Console(config)#protocol-vlan protocol-group 1 add frame-type ethernet protocol-type arp Console(config)# protocol-vlan protocol-group (Configuring Interfaces)
Page 650: Show Protocol-Vlan Protocol-Group
Command Usage • When creating a protocol-based VLAN, only assign interfaces via this command. If you assign interfaces using any of the other VLAN commands (such as vlan on page 3-55), these interfaces will admit traffic of any protocol type into the associated VLAN. •...
Page 651: Show Interfaces Protocol-Vlan Protocol-Group
Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet: Console#show protocol-vlan protocol-group ProtocolGroup ID Frame Type ------------------ ------------- --------------- Console# show interfaces protocol-vlan protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces.
Page 652: Configuring Private Vlans
Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2: Console#show interfaces protocol-vlan protocol-group Port ProtocolGroup ID ---------- ------------------ ----------- Eth 1/1 Console# Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN.
Page 653: Gvrp And Bridge Extension Commands
GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well GVRP RIDGE...
Page 654: Bridge-Ext Gvrp
Configures forbidden VLANs for an show gvrp configuration garp timer show garp timer bridge-ext gvrp This command enables GVRP globally for the switch. Use the no form to disable it. Syntax [no] bridge-ext gvrp Default Setting Disabled...
Page 655: Show Bridge-Ext
Example Console(config)#bridge-ext gvrp Console(config)# show bridge-ext This command shows the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 3-154 and “Displaying Bridge Extension Capabilities” on page 3-18 for a description of the displayed items.
Page 656: Show Gvrp Configuration
Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration This command shows if GVRP is enabled. Syntax show gvrp configuration [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Page 657: Garp Timer
garp timer This command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} •...
Page 658: Show Garp Timer
successfully. Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer (3-76) show garp timer This command shows the GARP timers for the selected interface. Syntax show garp timer [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number.
Page 659: Priority Commands
Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted...
Page 660: Priority Commands (Layer 2)
Command Groups Function Priority (Layer 2) Configures default priority for untagged frames, sets queue weights, and maps class of service tags to hardware queues...
Page 661 If the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. • This switch provides eight priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the show queue bandwidth command.
Page 662: Queue Mode
Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
Page 663: Queue Bandwidth
queue bandwidth This command assigns weighted round-robin (WRR) weights to the eight class of service (CoS) priority queues. Use the no form to restore the default weights. Syntax queue bandwidth weight1...weight4 no queue bandwidth weight1...weight4 - The ratio of weights for queues 0 - 3 determines the weights used by the WRR scheduler.
Page 664 7, where 7 is the highest priority. Default Setting This switch supports Class of Service by using eight priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p...
Page 665: Show Queue Mode
Example The following example shows how to change the CoS assignments to a one-to-one mapping: Console(config)#interface ethernet 1/1 Console(config-if)#queue cos-map 0 0 Console(config-if)#queue cos-map 1 1 Console(config-if)#queue cos-map 2 2 Console(config-if)#exit Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 Traffic Class : 0 1 2 3 4 5 6 7 Priority Queue: 0 1 2 3 4 5 6 7 Information of Eth 1/2...
Page 666: Show Queue Bandwidth
show queue bandwidth This command displays the weighted round-robin (WRR) bandwidth allocation for the eight priority queues. Default Setting None Command Mode Privileged Exec Example Console#show queue bandwidth Information of Eth 1/1 Queue ID Weight -------- ------ Console# show queue cos-map This command shows the class of service priority map.
Page 667: Priority Commands (Layer 3 And 4)
Default Setting None Command Mode Privileged Exec Example Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 CoS Value : 0 1 2 3 4 5 6 7 Priority Queue: 2 0 1 3 4 5 6 7 Console# Priority Commands (Layer 3 and 4) Command Function map ip port...
Page 668 Default Setting Disabled Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. Example The following example shows how to enable TCP/UDP port mapping globally: Console(config)#map ip port Console(config)#...
Page 669: Map Ip Port (Interface Configuration)
map ip port (Interface Configuration) Use this command to set IP port priority (i.e., TCP/UDP port priority). Use the no form to remove a specific setting. Syntax map ip port port-number cos cos-value no map ip port port-number • port-number - 16-bit TCP/UDP port number. (Range: 0-65535) •...
Page 670: Map Ip Precedence (Global Configuration)
map ip precedence (Global Configuration) This command enables IP precedence mapping (i.e., IP Type of Service). Use the no form to disable IP precedence mapping. Syntax [no] map ip precedence Default Setting Disabled Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority.
Page 671: Map Ip Dscp (Global Configuration)
Default Setting The list below shows the default priority mapping. IP Precedence Val- CoS Value Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. •...
Page 672: Map Ip Dscp (Interface Configuration)
Command Mode Global Configuration Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • IP Precedence and IP DSCP cannot both be enabled. Enabling one of these priority types will automatically disable the other type. Example The following example shows how to enable IP DSCP mapping globally: Console(config)#map ip dscp...
Page 673: Show Map Ip Port
38, 40, 42 46, 56 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard, and then subsequently mapped to the eight hardware priority queues.
Page 674: Show Map Ip Precedence
Default Setting None Command Mode Privileged Exec Example The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port Port no. COS --------- -------- --- Eth 1/ 5 Console# Related Commands map ip port (Global Configuration) (3-85)
Page 675: Show Map Ip Dscp
Command Mode Privileged Exec Example Console#show map ip precedence ethernet 1/5 Precedence mapping status: disabled Port Precedence COS --------- ---------- --- Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Eth 1/ 5 Console# Related Commands...
Page 676 Command Mode Privileged Exec Example Console#show map ip dscp ethernet 1/1 DSCP mapping status: disabled Port DSCP COS --------- ---- --- Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Eth 1/ 1 Console# Related Commands map ip dscp (Global Configuration) (3-89)
Page 677: Multicast Filtering Commands
Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 678: Igmp Snooping Commands
Shows the IGMP snooping and query show mac-address-table multicast ip igmp snooping This command enables IGMP snooping on this switch. Use the no form to disable it. Syntax [no] ip igmp snooping Default Setting Enabled...
Page 679: Ip Igmp Snooping Version
Syntax [no] ip igmp snooping vlan vlan-id static ip-address interface • vlan-id - VLAN ID (Range: 1-4094) • ip-address - IP address for multicast group • interface • ethernet unit/port - unit - This is device 1. - port - Port number. •...
Page 680: Show Ip Igmp Snooping
• All systems on the subnet must support the same version. If there are legacy devices in your network that only support Version 1, you will also have to configure this switch to use Version 1. • Some commands are only enabled for IGMPv2, including ip igmp query-max-response-time and ip igmp query-timeout.
Page 681: Show Mac-Address-Table Multicast
Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Query count: 2 Query interval: 125 sec Query max response time: 10 sec Router port expire time: 300 sec IGMP snooping version: Version 2 Console# show mac-address-table multicast This command shows known multicast addresses.
Page 682: Igmp Query Commands (Layer 2)
This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [no] ip igmp snooping querier Default Setting Enabled Command Mode...
Page 683: Ip Igmp Snooping Query-Count
Command Usage If enabled, the switch will serve as querier if elected. The querier is responsible for asking hosts if they want to receive multicast traffic. Example Console(config)#ip igmp snooping querier Console(config)# ip igmp snooping query-count This command configures the query count. Use the no form to restore the default.
Page 684: Ip Igmp Snooping Query-Interval
This command configures the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds Command Mode...
Page 685 Global Configuration Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of...
Page 686: Ip Igmp Snooping Router-Port-Expire-Time
- The time the switch waits after the previous querier stops before it considers the router port (i.e., the interface which had been receiving query packets) to have expired.
Page 687: Static Multicast Routing Commands
Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Page 688: Show Ip Igmp Snooping Mrouter
Example The following shows how to configure port 11 as a multicast router port within VLAN 1: Console(config)#ip igmp snooping vlan 1 mrouter ethernet 1/11 Console(config)# show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094)
Page 689: Igmp Commands (Layer 3)
IGMP Commands (Layer 3) Command ip igmp ip igmp robustval ip igmp query-interval ip igmp max-resp-interval ip igmp last-memb-query-interv ip igmp version show ip igmp interface Displays the IGMP configuration for specified clear ip igmp group show ip igmp groups ip igmp Use this command to enable IGMP on a VLAN interface.
Page 690: Ip Igmp Robustval
Command Usage IGMP query can be enabled globally at Layer 2 via the ip igmp snooping command, or enabled for specific VLAN interfaces at Layer 3 via the ip igmp command. (Layer 2 query is disabled if Layer 3 query is enabled.) Example Console(config)#interface vlan 1...
Page 691: Ip Igmp Query-Interval
Use the no form to restore the default. Syntax ip igmp query-interval seconds no ip igmp query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 1-255) Default Setting 125 seconds Command Mode...
Page 692: Ip Igmp Max-Resp-Interval
Interface Configuration (VLAN) Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines how long any responder (i.e., client or router) still in the group has to respond to a query message before the router deletes the group.
Page 693: Ip Igmp Last-Memb-Query-Interval
• The number of seconds represented by the maximum response interval must be less than the Query Interval (page 3-109). Example The following shows how to configure the maximum response time to 20 seconds: Console(config-if)#ip igmp max-resp-interval 20 Console(config-if)# Related Commands ip igmp version (3-112) ip igmp query-interval (3-109) ip igmp last-memb-query-interval...
Page 694: Ip Igmp Version
• All routers on the subnet must support the same version. However, the multicast hosts on the subnet may support either IGMP version 1 or 2. • The switch must be set to version 2 to enable the ip igmp max-resp-interval (page 3-110).
Page 695: Show Ip Igmp Interface
Example The following configures the switch to use IGMP Version 1 on the selected interface: Console(config-if)#ip igmp version 1 Console(config-if)# show ip igmp interface Use this command to show the IGMP configuration for a specific VLAN interface or for all interfaces.
Page 696: Show Ip Igmp Groups
Console#clear ip igmp group interface vlan 1 Console# show ip igmp groups Use this command to display information on multicast groups active on this switch. Syntax show ip igmp groups [group-address | interface vlan vlan-id] • group-address - IP address of the multicast group.
Page 697 Version 1 hosts present which are members of the group for which it heard the report. • If there are Version 1 hosts present for a particular group, the switch will ignore any Leave Group messages that it receives for that group.
Page 698: Ip Interface Commands
IP Interface Commands There are no IP addresses assigned to this router by default. You must manually configure a new address to manage the router over your network or to connect the router to existing IP subnets. You may also need to a establish a default gateway between this device and management stations or other devices that exist on another network segment (if routing is not enabled).
Page 699 Syntax ip address {ip-address netmask | bootp | dhcp} [secondary] no ip address • ip-address - IP address • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. •...
Page 700: Ip Default-Gateway
Anything outside this format will not be accepted by the configuration program. • An interface can have only one primary IP address, but can have many secondary IP addresses. In other words, you will need to specify secondary addresses if more than one IP subnet can be accessed via this interface.
Page 701: Show Ip Interface
Syntax ip default-gateway gateway no ip default-gateway gateway - IP address of the default gateway Default Setting No static route is established. Command Mode Global Configuration Command Usage • The gateway specified in this command is only valid if routing is disabled with the no ip routing command.
Page 702: Show Ip Redirects
Example Console#show ip interface Vlan 1 is up, addressing mode is User Interface address is 10.1.0.254, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled Console# Related Commands show ip redirects (3-120) show ip redirects This command shows the default gateway configured for this device.
Page 703 • size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the router adds header information. Default Setting This command has no default for the host. Command Mode Normal Exec, Privileged Exec Command Usage...
Page 704: Address Resolution Protocol (Arp)
Address Resolution Protocol (ARP) Command Function Adds a static entry in the ARP cache arp-timeout Sets the time a dynamic entry remains in the ARP cache clear arp-cache Deletes all dynamic entries from the ARP cache show arp Displays entries in the ARP cache ip proxy-arp Enables proxy ARP service Use this command to add a static entry in the Address Resolution Protocol...
Page 705: Arp-Timeout
128. • You may need to enter a static entry in the cache if there is no response to an ARP broadcast message. For example, some applications may not respond to ARP requests or the response arrives too late, causing network operations to time out.
Page 706: Clear Arp-Cache
clear arp-cache Use this command to delete all dynamic entries from the Address Resolution Protocol (ARP) cache. Command Mode Privileged Exec Example This example clears all dynamic entries in the ARP cache. Console#clear arp-cache This operation will delete all the dynamic entries in ARP Cache. Are you sure to continue this operation (y/n)?y Console# show arp...
Page 707: Ip Proxy-Arp
Example This example displays all entries in the ARP cache. Console#show arp Arp cache timeout: 1200 (seconds) IP Address --------------- ----------------- --------- ----------- 10.1.0.0 ff-ff-ff-ff-ff-ff 10.1.0.254 00-00-ab-cd-00-00 10.1.0.255 ff-ff-ff-ff-ff-ff 123.20.10.123 02-10-20-30-40-50 345.30.20.23 09-50-40-30-20-10 Total entry : 5 Console# ip proxy-arp Use this command to enable proxy Address Resolution Protocol (ARP).
Page 708: Ip Routing Commands
IP Routing Commands After you configure network interfaces for this router, you must set the paths used to send traffic between different interfaces. If you enable routing on this device, traffic will automatically be forwarded between all of the local subnetworks. However, to forward traffic to devices on other subnetworks, you can either configure fixed paths with static routing commands, or enable a dynamic routing protocol that exchanges information with other routers on the network to automatically determine...
Page 709: Global Routing Configuration
Global Routing Configuration Command Function ip routing Enables static and dynamic IP routing ip route Configures static routes clear ip route Deletes specified entries from the routing table show ip route Displays specified entries in the routing table show ip traffic Displays statistics for IP, ICMP, UDP, TCP and ARP protocols ip routing...
Page 710: Ip Route
Example Console(config)#ip routing Console(config)# ip route Use this command to configure static routes. Use the no form to remove static routes. Syntax ip route {destination-ip netmask | default} {gateway} [metric metric] no ip route {destination-ip netmask | default | *} •...
Page 711: Clear Ip Route
clear ip route Use this command to remove dynamically learned entries from the IP routing table. Syntax clear ip route {network [netmask] | *} • network – Network or subnet address. • netmask - Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets.
Page 712: Show Ip Traffic
Command Usage If the address is specified without the netmask parameter, the router displays all routes for the corresponding natural class address (page 3-134). Example Console#show ip route Ip Address Netmask --------------- --------------- --------------- ---------- ------ --------- 0.0.0.0 10.2.48.2 255.255.252.0 10.2.5.6 255.255.255.0 10.3.9.1...
Page 713: Routing Information Protocol (Rip)
Example Console#show ip traffic IP statistics: Rcvd: 5 total, 5 local destination 0 checksum errors 0 unknown protocol, 0 not a gateway Frags: 0 reassembled, 0 timeouts 0 fragmented, 0 couldn't fragment Sent: 9 generated 0 no route ICMP statistics: Rcvd: 0 checksum errors, 0 redirects, 0 unreachable, 0 echo 5 echo reply, 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp...
Page 714: Router Rip
Command Function ip rip send version Sets the RIP send version to use on a network interface IC ip split-horizon Enables split-horizon or poison-reverse loop prevention ip rip authentication Enables authentication for RIP2 packets and specifies keys ip rip authentication Specifies the type of authentication used for RIP2 mode packets...
Page 715: Timers Basic
Related Commands network (3-134) timers basic Use this command to configure the RIP update timer, timeout timer, and garbage- collection timer. Use the no form to restore the defaults. Syntax timers basic update-seconds no timers basic update-seconds – Sets the update timer to the specified value, sets the timeout time value to 6 times the update time, and sets the garbage- collection timer to 4 times the update time.
Page 716: Network
network. Example This example sets the update timer to 40 seconds. The timeout timer is subsequently set to 240 seconds, and the garbage-collection timer to 160 seconds. Console(config-router)#timers basic 15 Console(config-router)# network Use this command to specify the network interfaces that will be included in the RIP routing process.
Page 717: Neighbor
Example This example includes network interface 10.1.0.0 in the RIP routing process. Console(config-router)#network 10.1.0.0 Console(config-router)# Related Commands router rip (3-132) neighbor Use this command to define a neighboring router with which this router will exchange routing information. Use the no form to remove an entry. Syntax neighbor ip-address no neighbor ip-address...
Page 718 Syntax version {1 | 2} no version • 1 - RIP Version 1 • 2 - RIP Version 2 Command Mode Router Configuration Default Setting RIP Version 1 Command Usage • When this command is used to specify a global RIP version, any VLAN interface not previously set by the ip rip receive version or ip rip send version command will be set to the following values: - RIP Version 1 configures the unset interfaces to send RIPv1...
Page 719: Ip Rip Receive Version
ip rip receive version Use this command to specify a RIP version to receive on an interface. Use the no form to restore the default value. Syntax ip rip receive version {none | 1 | 2 | 1 2} no ip rip receive version •...
Page 720: Ip Rip Send Version
Example This example sets the interface version for VLAN 1 to receive RIPv1 packets. Console(config)#interface vlan 1 Console(config-if)#ip rip receive version 1 Console(config-if)# Related Commands version (3-135) ip rip send version Use this command to specify a RIP version to send on an interface. Use the no form to restore the default value.
Page 721: Ip Split-Horizon
- Use “none” to passively monitor route information advertised by other routers attached to the network. - Use “1” or “2” if all routers in the local network are based on RIPv1 or RIPv2, respectively. - Use “v2-broadcast” to propagate route information by broadcasting to other routers on the network using RIPv2, instead of multicasting as normally required by RIPv2.
Page 722: Ip Rip Authentication Key
Command Usage • Split horizon never propagates routes back to an interface from which they have been acquired. • Poison reverse propagates routes back to an interface port from which they have been acquired, but sets the distance-vector metrics to infinity. (This provides faster convergence.) Example This example propagates routes back to the source using poison-reverse.
Page 723: Ip Rip Authentication Mode
Example This example sets an authentication password of “small” to verify incoming routing messages and to tag outgoing routing messages. Console(config)#interface vlan 1 Console(config-if)#ip rip authentication key small Console(config-if)# Related Commands ip rip authentication mode (3-141) ip rip authentication mode Use this command to specify the type of authentication that can be used on an interface.
Page 724: Show Rip Globals
Example This example sets the authentication mode to plain text. Console(config)#interface vlan 1 Console(config-if)#ip rip authentication mode text Console(config-if)# Related Commands ip rip authentication key (3-140) show rip globals Use this command to display global configuration settings for RIP. Command Mode Privileged Exec Example Console#show rip globals...
Page 725: Show Ip Rip
show ip rip Use this command to display information about interfaces configured for RIP. Syntax show ip rip {configuration | status | peer} • configuration - Shows RIP configuration settings for each interface. • status - Shows the status of routing messages on each interface. •...
Page 726: Open Shortest Path First (Ospf)
Field SendMode ReceiveMode Poison Authentication show ip rip status Interface RcvBadPackets RcvBadRoutes SendUpdates show ip rip peer Peer UpdateTime Version RcvBadPackets RcvBadRoutes Open Shortest Path First (OSPF) Command Function General Configuration router ospf Enables or disables OSPF router-id Sets the router ID for this device compatible rfc1583 Calculates summary route costs using RFC 1583 (OSPFv1) default-information...
Page 727 Command Function Route Metrics and Summaries area range Summarizes routes advertised by an ABR area default-cost Sets the cost for a default summary route sent into a stub or NSSA summary-address Summarizes routes advertised by an ASBR redistribute Redistribute routes from one routing domain to another Area Configuration network area...
Page 728: Router Ospf
Command Function ip ospf Specifies the time between resending a link-state retransmit-interval advertisement ip ospf Estimates time to send a link-state update packet over transmit-delay an interface Display Information show ip ospf Displays general information about the routing processes show ip ospf Displays routing table entries for Area Border Routers border-routers (ABR) and Autonomous System Boundary Routers...
Page 729: Router-Id
Command Usage • OSPF is used to specify how routers exchange routing table information. • This command is also used to enter router configuration mode. Example Console(config)#router ospf Console(config-router)# Related Commands network area (3-155) router-id Use this command to assign a unique router ID for this device within the autonomous system.
Page 730: Compatible Rfc1583
• If the priority values of the routers bidding to be the designated router or backup designated router for an area are equal, the router with the highest ID is elected. Example Console(config-router)#router-id 10.1.1.1 Console(config-router)# Related Commands router ospf (3-146) compatible rfc1583 Use this command to calculate summary route costs using RFC 1583 (OSPFv1).
Page 731: Default-Information Originate
default-information originate Use this command to generate a default external route into an autonomous system. Use the no form to disable this feature. Syntax default-information originate [always] [metric interface-metric] [metric-type metric-type] no default-information originate • always - Always advertise a default route to the local AS regardless of whether the router has a default route.
Page 732: Timers Spf
used to import external routes via RIP or static routing, and such a route is known. • Type 1 route advertisements add the internal cost to the external route metric. Type 2 routes do not add the internal cost metric. When comparing Type 2 routes, the internal cost is only used as a tie-breaker if several Type 2 routes have the same cost.
Page 733: Area Range
• Using a low value allows the router to switch to a new path faster, but uses more CPU processing time. Example Console(config-router)#timers spf 20 Console(config-router)# area range Use this command to summarize the routes advertised by an Area Border Router (ABR).
Page 734: Area Default-Cost
Example This example creates a summary address for all area routes in the range of 10.2.x.x. Console(config-router)#area 10.2.0.0 range 10.2.0.0 255.255.0.0 advertise Console(config-router)# area default-cost Use this command to specify a cost for the default summary route sent into a stub or not-so-stubby area (NSSA) from an Area Border Router (ABR).
Page 735: Summary-Address
summary-address Use this command to aggregate routes learned from other protocols. Use the no form to remove a summary address. Syntax summary-address summary-address netmask no summary-address summary-address netmask • summary-address - Summary address covering a range of addresses. • netmask - Network mask for the summary route. Command Mode Router Configuration Default Setting...
Page 736: Redistribute
redistribute Use this command to import external routing information from other routing domains (i.e., protocols) into the autonomous system. Use the no form to disable this feature. Syntax redistribute [rip | static] [metric metric-value] [metric-type type-value] no redistribute [rip | static] [metric metric-value] [metric-type type-value] •...
Page 737: Network Area
• Metric type specifies the way to advertise routes to destinations outside the AS via External LSAs. Specify Type 1 to add the internal cost metric to the external route metric. In other words, the cost of the route from any router within the AS is equal to the cost associated with reaching the advertising ASBR, plus the cost of the external route.
Page 738: Area Stub
Command Usage • An area ID uniquely defines an OSPF broadcast area. The area ID 0.0.0.0 indicates the OSPF backbone for an autonomous system. Each router must be connected to the backbone via a direct connection or a virtual link. •...
Page 739 • area-id - Identifies the stub area. (The area ID must be in the form of an IP address.) • summary - Makes an Area Border Router (ABR) send a summary link advertisement into the stub area. (Default: no summary) Command Mode Router Configuration Default Setting...
Page 740: Area Nssa
area nssa Use this command to define a not-so-stubby area (NSSA). To remove an NSSA, use the no form without any optional keywords. To remove an optional attribute, use the no form without the relevant keyword. Syntax area area-id nssa [no-redistribution] [default-information-originate] no area area-id nssa [no-redistribution] [default-information-originate] •...
Page 741 import a default external AS route (for routing protocol domains adjacent to the NSSA but not within the OSPF AS) into the NSSA using the default-information-originate keyword. • External routes advertised into an NSSA can include network destinations outside the AS learned via OSPF, the default route, static routes, routes imported from other routing protocols such as RIP, and networks directly connected to the router that are not running OSPF.
Page 742: Area Virtual-Link
area virtual-link Use this command to define a virtual link. To remove a virtual link, use the no form with no optional keywords. To restore the default value for an attribute, use the no form with the required keyword. Syntax area area-id virtual-link router-id [authentication [message-digest | null ]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds]...
Page 743 • retransmit-interval seconds - Specifies the interval at which the ABR retransmits link-state advertisements (LSA) over the virtual link. The retransmit interval should be set to a conservative value that provides an adequate flow of routing information, but does not produce unnecessary protocol traffic.
Page 744 Default Setting area-id: None router-id: None hello-interval: 10 seconds retransmit-interval: 5 seconds transmit-delay: 1 second dead-interval: 40 seconds authentication-key: None message-digest-key: None Command Usage • All areas must be connected to a backbone area (0.0.0.0) to maintain routing connectivity throughout the autonomous system. If it not possible to physically connect an area to the backbone, you can use a virtual link.
Page 745: Ip Ospf Authentication
ip ospf authentication Use this command to specify the authentication type used for an interface. Enter this command without any optional parameters to specify plain text (or simple password) authentication. Use the no form to restore the default of no authentication. Syntax ip ospf authentication [message-digest | null] no ip ospf authentication...
Page 746: Ip Ospf Authentication-Key
ip ospf authentication-key Use this command to assign a simple password to be used by neighboring routers. Use the no form to remove the password. Syntax ip ospf authentication-key key no ip ospf authentication-key key - Sets a plain text password. (Range: 1-8 characters) Command Mode Interface Configuration (VLAN) Default Setting...
Page 747: Ip Ospf Message-Digest-Key
ip ospf message-digest-key Use this command to enable message-digest (MD5) authentication on the specified interface and to assign a key-id and key to be used by neighboring routers. Use the no form to remove an existing key. Syntax ip ospf message-digest-key key-id md5 key no ip ospf message-digest-key key-id •...
Page 748: Ip Ospf Cost
Related Commands ip ospf authentication (3-163) ip ospf cost Use this command to explicitly set the cost of sending a packet on an interface. Use the no form to restore the default value. Syntax ip ospf cost cost no ip ospf cost cost - Link metric for this interface.
Page 749: Ip Ospf Hello-Interval
seconds - The maximum time that neighbor routers can wait for a hello packet before declaring the transmitting router down. This interval must be set to the same value for all routers on the network. (Range: 1-65535) Command Mode Interface Configuration (VLAN) Default Setting 40, or four times the interval specified by the ip ospf hello-interval command.
Page 750: Ip Ospf Priority
Example Console(config)#interface vlan 1 Console(config-if)#ip ospf hello-interval 5 Console(config-if)# ip ospf priority Use this command to set the router priority used when determining the designated router (DR) and backup designated router (BDR) for an area. Use the no form to restore the default value. Syntax ip ospf priority priority no ip ospf priority...
Page 751: Ip Ospf Retransmit-Interval
ip ospf retransmit-interval Use this command to specify the time between resending link-state advertisements (LSAs). Use the no form to restore the default value. Syntax ip ospf retransmit-interval seconds no ip ospf retransmit-interval seconds - Sets the interval at which LSAs are retransmitted from this interface.
Page 752: Show Ip Ospf
Command Mode Interface Configuration (VLAN) Default Setting 1 second Command Usage LSAs have their age incremented by this delay before transmission. When estimating the transmit delay, consider both the transmission and propagation delays for an interface. Set the transmit delay according to link speed, using larger values for lower-speed links.
Page 753: Show Ip Ospf Border-Routers
Field Routing Process with ID Supports only single TOS (TOS0) route It is an router type Number of areas in this router Area identifier Number of interfaces SPF algorithm executed show ip ospf border-routers Use this command to show entries in the routing table that lead to an Area Border Router (ABR) or Autonomous System Boundary Router (ASBR).
Page 754: Show Ip Ospf Database
Field Description Area The area from which this route was learned SPF No The number of times the shortest path first algorithm has been executed for this route show ip ospf database Use this command to show information about different OSPF Link State Advertisements (LSAs) stored in this router’s database.
Page 755 - An IP network number for Type 3 Summary and External LSAs - A Router ID for Router, Network, and Type 4 AS Summary LSAs Also, note that when an Type 5 ASBR External LSA is describing a default route, its link-state-id is set to the default destination (0.0.0.0). •...
Page 756 The following shows output when using the asbr-summary keyword. Console#show ip ospf database asbr-summary OSPF Router with id(10.1.1.253) Displaying Summary ASB Link States(Area 0.0.0.0) LS age: 433 Options: (No TOS-capability) LS Type: Summary Links (AS Boundary Router) Link State ID: 192.168.5.1 (AS Boundary Router's Router ID) Advertising Router: 192.168.1.5 LS Sequence Number: 80000002 LS Checksum: 0x51E2...
Page 757 The following shows output when using the database-summary keyword. Console#show ip ospf database database-summary Area ID (10.1.0.0) Router Network Total LSA Counts : 4 Console# Field Description Area ID Area identifier Router Number of router LSAs Network Number of network LSAs Sum-Net Number of summary LSAs Sum-ASBR...
Page 758 The following shows output when using the external keyword. Console#show ip ospf database external OSPF Router with id(192.168.5.1) (Autonomous system 5) Displaying AS External Link States LS age: 433 Options: (No TOS-capability) LS Type: AS External Link Link State ID: 10.1.1.253 (External Network Number) Advertising Router: 10.1.2.254 LS Sequence Number: 80000002 LS Checksum: 0x51E2...
Page 759 Field Description Forward Address Forwarding address for data to be passed to the advertised destination (If set to 0.0.0.0, data is forwarded to the originator of the advertisement) External Route Tag 32-bit field attached to each external route (Not used by OSPF; may be used to communicate other information between boundary routers as defined by specific applications) The following shows output when using the network keyword.
Page 760 Field Description LS Sequence Sequence number of LSA (used to detect older duplicate LSAs) Number LS Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Network Mask Address mask for the network Attached Router List of routers attached to the network;...
Page 761 Field Description Link State ID Router ID of the router that originated the LSA Advertising Router Advertising router ID LS Sequence Sequence number of LSA (used to detect older duplicate LSAs) Number LS Checksum Checksum of the complete contents of the LSA Length The length of the LSA in bytes Router Role...
Page 762 The following shows output when using the summary keyword. Console#show ip ospf database summary OSPF Router with id(10.1.1.253) Displaying Summary Net Link States(Area 10.1.0.0) Link State Data Summary (Type 3) ------------------------------- LS age: 686 Options: Support External routing capability LS Type: Summary Links(Network) Link State ID: 10.2.6.0 (The destination Summary Network Number) Advertising Router: 10.1.1.252 LS Sequence Number: 80000003...
Page 763: Show Ip Ospf Interface
show ip ospf interface Use this command to display summary information for OSPF interfaces. Syntax show ip ospf interface [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Command Mode Privileged Exec Example Console#show ip ospf interface vlan 1 Vlan 1 is up Interface Address 10.1.1.253, Mask 255.255.255.0, Area 10.1.0.0 Router ID 10.1.1.253, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1...
Page 764: Show Ip Ospf Neighbor
Field Description State • Disabled – OSPF not enabled on this interface • Down – OSPF is enabled on this interface, but interface is down • Loopback – This is a loopback interface • Waiting – Router is trying to find the DR and BDR •...
Page 765: Show Ip Ospf Summary-Address
Field Description State OSPF state and identification flag States include: Down – Connection down Attempt – Connection down, but attempting contact (for non-broadcast networks) Init – Have received Hello packet, but communications not yet established Two-way – Bidirectional communications established ExStart –...
Page 766: Show Ip Ospf Virtual-Links
show ip ospf virtual-links Use this command to display detailed information about virtual links. Syntax show ip ospf virtual-links Command Mode Privileged Exec Example Console#show ip ospf virtual-links Virtual Link to router 10.1.1.253 is up Transit area 10.1.1.0 Transmit Delay is 1 sec Timer intervals configured, Hello 10, Dead 40, Retransmit 5 Console# Field...
Page 767: Static Multicast Routing Commands
Multicast routers use snooping and query messages, along with a multicast routing protocol to deliver IP multicast packets across different subnetworks. This router supports both the Distance-Vector Multicast Routing Protocol (DVMRP) and Protocol Independent Multicasting (PIM). (Note that you should enable IGMP for any interface that is using multicast routing.) Command Groups Static Multicast...
Page 768: Show Ip Igmp Snooping Mrouter
Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Page 769: General Multicast Routing Commands
Default Setting Displays multicast router ports for all configured VLANs. Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic. Example The following shows that port 11 in VLAN 1 is attached to a multicast router: Console#show ip igmp snooping mrouter vlan 1 VLAN M'cast Router Ports Type...
Page 770: Show Ip Mroute
Command Mode Global Configuration Command Usage This command is used to enable multicast routing globally for the router. You also need to globally enable a specific multicast routing protocol using the router dvmrp or router pim command, and then specify the interfaces that will support multicast routing using the ip dvmrp or ip pim dense-mode commands.
Page 771 and source pair, detailed information is displayed only for the specified entry. If the summary option is selected, an abbreviated list of information for each entry is displayed on a single line. Example This example shows detailed multicast information for a specified group/ source pair Console#show ip mroute 224.0.255.3 192.111.46.8 IP Multicast Forwarding is enabled.
Page 772 This example lists all entries in the multicast table in summary form: Console#show ip mroute summary IP Multicast Forwarding is enabled. IP Multicast Routing Table (Summary) Flags: P - Prune UP Group Source --------------- --------------- --------------- ---------- ------- ------ 224.1.1.1 224.2.2.2 Console# -190...
Page 773: Dvmrp Multicast Routing Commands
DVMRP Multicast Routing Commands Command router dvmrp probe-interval nbr-timeout report-interval flash-update-interval prune-lifetime default-gateway ip dvmrp ip dvmrp metric clear ip dvmrp route show router dvmrp show ip dvmrp route show ip dvmrp neighbor show ip dvmrp interface router dvmrp Use this command to enable Distance-Vector Multicast Routing (DVMRP) globally for the router and to enter router configuration mode.
Page 774: Probe-Interval
Syntax router dvmrp no router dvmrp Command Mode Global Configuration Command Usage This command enables DVMRP globally for the router and enters router configuration mode. Make any changes necessary to the global DVMRP parameters. Then specify the interfaces that will support DVMRP multicast routing using the ip dvmrp command, and set the metric for each interface.
Page 775: Nbr-Timeout
seconds - Interval between sending neighbor probe messages. (Range: 1-65535) Default Setting 10 seconds Command Mode Router Configuration Command Usage Probe messages are sent to neighboring DVMRP routers from which this device has received probes, and is used to verify whether or not these neighbors are still active members of the multicast tree.
Page 776: Report-Interval
Example Console(config-router)#nbr-timeout 40 Console(config-router)# report-interval Use this command to specify how often to propagate the complete set of routing tables to other neighbor DVMRP routers. Use the no form to restore the default value. Syntax report-interval seconds seconds - Interval between sending the complete set of routing tables.
Page 777: Prune-Lifetime
Default Setting 5 seconds Command Mode Router Configuration Example Console(config-router)#flash-update-interval 10 Console(config-router)# prune-lifetime Use this command to specify how long a prune state will remain in effect for a multicast tree. Use the no form to restore the default value. Syntax prune-lifetime seconds seconds - Prune state lifetime.
Page 778: Default-Gateway
default-gateway Use this command to specify the default DVMRP gateway for IP multicast traffic. Use the no form to remove the default gateway. Syntax default-gateway ip-address no default-gateway ip-address - IP address of the default DVMRP gateway. Default Setting None Command Mode Router Configuration Command Usage...
Page 779: Ip Dvmrp
ip dvmrp Use this command to enable DVMRP on the specified interface. Use the no form to disable DVMRP on this interface. Syntax ip dvmrp no ip dvmrp Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage To fully enable DVMRP, you need to enable multicast routing globally for the router with the ip multicast-routing command (page 3-187), enable DVMRP globally for the router with the router dvmrp command (page 3-191), and also enable DVMRP for each interface that...
Page 780: Ip Dvmrp Metric
ip dvmrp metric Use this command to configure the metric used in selecting the reverse path to networks connected directly to an interface on this router. Use the no form to restore the default value. Syntax ip dvmrp metric interface-metric no ip dvmrp metric interface-metric - Metric used to select the best reverse path.
Page 781: Show Router Dvmrp
As shown below, this command clears everything from the route table except for the default route. Console#clear ip dvmrp route clear all ip dvmrp route Console#show ip dvmrp route Source Mask --------------- --------------- --------------- --------- ------ ------ ------ 10.1.0.0 255.255.255.0 Console# show router dvmrp Use this command to display the global DVMRP configuration settings.
Page 782: Show Ip Dvmrp Route
The default settings are shown in the following example: Console#show route dvmrp Admin Status Probe Interval Nbr expire Minimum Flash Update Interval prune lifetime route report Default Gateway Metric of Default Gateway Console# show ip dvmrp route Use this command to display all entries in the DVMRP routing table. Command Mode Normal Exec, Privileged Exec Example...
Page 783: Show Ip Dvmrp Neighbor
Field Description UpTime The time elapsed since this entry was created. Expire The time remaining before this entry will be aged out. show ip dvmrp neighbor Use this command to display all of the DVMRP neighbor routers. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp neighbor Address...
Page 784: Show Ip Dvmrp Interface
show ip dvmrp interface Use this command to display the DVMRP configuration for interfaces which have enabled DVMRP. Command Mode Normal Exec, Privileged Exec Example Console#show ip dvmrp interface Vlan 1 is up DVMRP is enabled Metric is 1 Console# PIM-DM Multicast Routing Commands Command router pim...
Page 785: Router Pim
Command Function show ip pim interface Displays information about interfaces configured for PIM show ip pim neighbor Displays information about PIM neighbors router pim Use this command to enable Protocol-Independent Multicast - Dense Mode (PIM-DM) globally for the router and to enter router configuration mode.
Page 786: Ip Pim Dense-Mode
ip pim dense-mode Use this command to enable PIM-DM on the specified interface. Use the no form to disable PIM-DM on this interface. Syntax ip pim dense-mode no pim dense-mode Default Setting Disabled Command Mode Interface Configuration (VLAN) Command Usage •...
Page 787: Ip Pim Hello-Interval
Example Console(config)#interface vlan 1 Console(config-if)#ip pim dense-mode Console#show ip pim interface Vlan 1 is up PIM is enabled, mode is Dense. Internet address is 10.1.0.253. Hello time interval is 30 sec, trigger hello time interval is 5 sec. Hello holdtime is 105 sec. Join/Prune holdtime is 210 sec.
Page 788: Ip Pim Hello-Holdtime
ip pim hello-holdtime Use this command to configure the interval to wait for hello messages from a neighboring PIM router before declaring it dead. Use the no form to restore the default value. Syntax ip pim hello-holdtime seconds no ip pim hello-interval seconds - The hold time for PIM hello messages.
Page 789: Ip Pim Join-Prune-Holdtime
Default Setting 5 seconds Command Mode Interface Configuration (VLAN) Command Usage • When a router first starts or PIM is enabled on an interface, the hello-interval is set to random value between 0 and the trigger-hello-interval. This prevents synchronization of Hello messages on multi-access links if multiple routers are powered on simultaneously.
Page 790: Ip Pim Graft-Retry-Interval
Command Usage The multicast interface that first receives a multicast stream from a particular source forwards this traffic to all other PIM interfaces on the router. If there are no requesting groups on that interface, the leaf node sends a prune message upstream and enters a prune state for this multicast stream.
Page 791: Ip Pim Max-Graft-Retries
Example Console(config-if)#ip pim graft-retry-interval 9 Console(config-if)# ip pim max-graft-retries Use this command to configure the maximum number of times to resend a Graft message if it has not been acknowledged. Use the no form to restore the default value. Syntax ip pim max-graft-retries retries no ip pim graft-retry-interval retries - The maximum number of times to resend a Graft.
Page 792: Show Ip Pim Interface
show ip pim interface Use this command to display information about interfaces configured for PIM. Syntax show ip pim interface vlan-id vlan-id - VLAN ID (Range: 1-4094) Command Mode Normal Exec, Privileged Exec Command Usage This command displays the PIM settings for the specified interface as described in the preceding pages.
Page 793: Router Redundancy Commands
Command Mode Normal Exec, Privileged Exec Example Console#show ip pim neighbor Address VLAN Interface --------------- ---------------- -------- -------- ------- 10.1.0.254 Console# Field Description Address IP address of the next-hop router. VLAN Interface number that is attached to this neighbor. Interface Uptime The duration this entry has been active.
Page 794: Virtual Router Redundancy Protocol Commands
Virtual Router Redundancy Protocol Commands To configure VRRP, select an interface on one router in the group to serve as the master virtual router. This physical interface is used as the virtual address for the router group. Now set the same virtual address and a priority on the backup routers, and configure an authentication string.
Page 795 Use the no form to disable VRRP on an interface and remove the IP address from the virtual router. Syntax vrrp group ip ip-address [secondary] no vrrp group ip ip-address [secondary] • group - Identifies the virtual router group. (Range: 1-255) •...
Page 796: Vrrp Authentication
This example creates VRRP group 1 using the primary interface for VLAN 1 as the VRRP group Owner, and also adds a secondary interface as a member of the group. Console(config)#interface vlan 1 Console(config-if)#vrrp 1 ip 192.168.1.6 Console(config-if)#vrrp 1 ip 192.168.2.6 secondary Console(config-if)# vrrp authentication Use this command to specify the key used to authenticate VRRP packets...
Page 797: Vrrp Priority
Example Console(config-if)#vrrp 1 authentication bluebird Console(config-if)# vrrp priority Use this command to set the priority of this router in a VRRP group. Use the no form to restore the default setting. Syntax vrrp group priority level no vrrp group priority •...
Page 798: Vrrp Timers Advertise
Example Console(config-if)#vrrp 1 priority 1 Console(config-if)# Related Commands vrrp preempt (3-217) vrrp timers advertise Use this command to set the interval at which the master virtual router sends advertisements communicating its state as the master. Use the no form to restore the default interval. Syntax vrrp group timers advertise interval no vrrp group timers advertise...
Page 799: Vrrp Preempt
before attempting to take over as the master is three times the hello interval plus half a second Example Console(config-if)#vrrp 1 timers advertise 5 Console(config-if)# vrrp preempt Use this command to configure the router to take over as the master virtual router for a VRRP group if it has a higher priority than the current acting master router.
Page 800: Show Vrrp
Example Console(config-if)#vrrp 1 preempt delay 10 Console(config-if)# Related Commands vrrp priority (3-215) show vrrp Use this command to display status information for VRRP. Syntax show vrrp [brief | group] • brief - Displays summary information for all VRRP groups on this router.
Page 801 This example displays the full listing of status information for all groups. Console#show vrrp Vlan 1 - Group 1, state Virtual IP address Virtual MAC address Advertisement interval Preemption Min delay Priority Authentication Authentication key Master Router Master priority Master Advertisement interval Master down interval Console# Field...
Page 802: Show Vrrp Interface
Field Description Master The advertisement interval configured on the VRRP master. Advertisemen t interval Master down The down interval configured on the VRRP master interval (This interval is used by all the routers in the group regardless of their local settings) This example displays the brief listing of status information for all groups.
Page 803 Defaults None Command Mode Privileged Exec Example This example displays the full listing of status information for VLAN 1. Console#show vrrp interface vlan 1 Vlan 1 - Group 1, state Virtual IP address Virtual MAC address Advertisement interval Preemption Min delay Priority Authentication Authentication key...
Page 804: Show Vrrp Router Counters
show vrrp router counters Use this command to display counters for errors found in VRRP protocol packets. Command Mode Privileged Exec Example Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number. Console#show vrrp router counters Total Number of VRRP Packets with Invalid Checksum : 0 Total Number of VRRP Packets with Unknown Error Total Number of VRRP Packets with Invalid VRID...
Page 805: Clear Vrrp Router Counters
Example Console#show vrrp 1 interface vlan 1 counters Total Number of Times Transitioned to MASTER Total Number of Received Advertisements Packets Total Number of Received Error Advertisement Interval Packets Total Number of Received Authentication Failures Packets Total Number of Received Error IP TTL VRRP Packets Total Number of Received Priority 0 VRRP Packets Total Number of Sent Priority 0 VRRP Packets Total Number of Received Invalid Type VRRP Packets...
Page 806 Command Mode Privileged Exec Example Console#clear vrrp 1 interface 1 counters Console# -224...
Page 807: Hot Standby Router Protocol Commands
Hot Standby Router Protocol Commands To configure HSRP, add the interface for each router that will participate in the virtual router group, set the priorities, and configure an authentication string. The HSRP protocol will automatically select the master and standby router based on the priority settings. You can also enable the preempt feature which allows a router to take over as the master router when it comes on line.
Page 808 form to disable HSRP on an interface and remove the IP address for the virtual router. Syntax standby [group] ip [ip-address [secondary]] no standby [group] ip [ip-address] • group - Identifies the virtual router group. (Range: 0-255) • ip-address - The designated IP address of the virtual router. •...
Page 809: Standby Priority
• HSRP is enabled once the designated address and priority are configured, and the master and standby routers are elected based on highest priority. If you need to customize any of the other parameters for HSRP such as authentication, tracking, or advertisement interval, then first configure these parameters before enabling HSRP.
Page 810: Standby Preempt
become the active master router again if the configured priorities have not been changed. • If two or more routers are configured with the same HSRP priority, the router with the higher IP address is elected as the new master router if the current master fails.
Page 811 Default Setting Group number: 0 Preempt: Disabled Delay: 0 seconds Command Mode Interface (VLAN) Command Usage • If preempt is enabled, and this router has a priority higher than the current acting master, it will take over as the new master. If preempt is not enabled, this router will only take over if it has the highest priority in the group and the current master stops sending hello messages or sends other messages indicating that it is no longer acting as the...
Page 812: Standby Authentication
standby authentication Use this command to specify the key used to authenticate HSRP packets received from other routers. Use the no form to delete an authentication string. Syntax standby [group] authentication string no standby [group] authentication • group - Identifies the HSRP group. (Range: 0-255) •...
Page 813: Standby Timers
Example Console(config-if)#standby 1 authentication bluebird Console(config-if)# Related Commands standby priority (3-227) standby timers Use this command to set the time between the master and standby router sending hello packets, and the time before other routers declare the active master router or standby router down. Use the no form to restore the default timer values.
Page 814: Standby Track
• Routers on which the timer settings have not been configured can learn the current timer values from the master or standby router. Timers configured on the master router always override any other timer settings. All routers in an HSRP group should be configured with the same timer values.
Page 815 Default Setting Group number: 0 Interface priority: 10 Command Mode Interface (VLAN) Command Usage • This command adjusts the HSRP router priority based on the availability of its IP interfaces. When a tracked interface goes down, the HSRP router priority decreases by the specified value, and increases by the same value when it comes back up.
Page 816: Show Standby
show standby Use this command to display status information for HSRP. Syntax show standby [active | init | listen | standby] [brief] • active - Displays HSRP groups in the active state. • init - Displays HSRP groups in the initial state. •...
Page 817 Field Description Local state State of the local router: • • • • • • priority Priority of this router. may preempt Router will attempt to take over as the master router if its priority is higher. Preemption Delay before a router with higher priority can preempt the current acting delayed master Hellotime...
Page 818 Field Description Authenticatio Key used to authenticate HSRP packets received from other routers. n text Tracking List of interfaces that are being tracked and their corresponding states. interface states This example displays the brief listing of status information for all groups. Console#show vrrp brief Interface Grp Prio P State -------------------------------------------------------------------------...
Page 819: Show Standby Interface
show standby interface Use this command to display HSRP status information for the specified interface. Syntax show standby interface vlan vlan-id [group group] [active | init | listen | standby] [brief] • vlan-id - Identifier of configured VLAN interface. (Range: 1-4094) •...
Page 820 Example This example displays the full listing of status information for VLAN 1. Console#show standby interface vlan 1 group 1 Vlan 1 - Group 1 Local State is Active, priority 5 (confgd 10), may preempt Preemption delayed for 10 secs Hellotime 6 sec, holdtime 18 sec Next hello sent in 0: 0: 0 Host standby IP address is 192.168.1.7 configured...
Page 821: Appendix A: Software Specifications
OFTWARE Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) DHCP Client, Relay, Server DNS Server Port Configuration 1000BASE-T: 10/100/1000 Mbps, half/full duplex 1000BASE-SX/LX: 1000 Mbps, full duplex Flow Control Full Duplex: IEEE 802.3x Half Duplex: Back pressure...
Page 822: Management Features
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) VLAN Support Up to 255 groups; port-based, protocol-based, or tagged (802.1Q), GVRP for automatic VLAN learning, private VLANs Class of Service Supports eight levels of priority and Weighted Round Robin Queueing (which can be configured by VLAN tag or port), Layer 3/4 priority mapping: IP Port, IP Precedence, IP DSCP Multicast Filtering...
Page 823: Standards
SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event) Standards IEEE 802.3 Ethernet, IEEE 802.3u Fast Ethernet IEEE 802.3x Full-duplex flow control (ISO/IEC 8802-3) IEEE 802.3z Gigabit Ethernet, IEEE 802.3ab 1000BASE-T IEEE 802.3ac VLAN tagging IEEE 802.1Q VLAN...
Page 824: Management Information Bases
SNTP (RFC 2030) SSH (Version 2.0) VRRP (RFC 2338) Management Information Bases Bridge MIB (RFC 1493) DVMRP MIB Entity MIB (RFC 2737) Ethernet MIB (RFC 2665) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233)
Page 825 ANAGEMENT NFORMATION ASES TCP MIB (RFC 2013) Trap (RFC 1215) UDP MIB (RFC 2012) VRRP MIB (RFC 2787)
Page 827: Appendix B: Troubleshooting
IP address, subnet mask and default gateway. • If you are trying to connect to the switch via the IP address for a tagged VLAN group, your management station must include the appropriate tag in its transmitted frames.
Page 828 ROUBLESHOOTING...
Page 829 ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address. This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next.
Page 830 EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification.
Page 831 An IEEE standard for the Multiple Spanning Tree Protocol (MSTP) which provides independent spanning trees for VLAN groups. IEEE 802.1x Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication. IEEE 802.3ac Defines frame extensions for VLAN tagging.
Page 832 Internet Group Management Protocol (IGMP) A protocol through which hosts can register with their local router for multicast services. If there is more than one multicast switch/router on a given subnetwork, one of the devices is made the “querier” and assumes responsibility for keeping track of group membership.
Page 833: Link Aggregation
An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group.
Page 834: Port Mirroring
LOSSARY Out-of-Band Management Management of the network from a station not attached to the network. Port Authentication See IEEE 802.1x. Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target port to be studied unobstructively.
Page 835 A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Routing Information Protocol (RIP) The RIP protocol seeks to find the shortest route to another device by minimizing the distance-vector, or hop count, which serves as a rough estimate of transmission cost.
Page 836 LOSSARY data along the shortest available path, maximizing the performance and efficiency of the network. Terminal Access Controller Access Control System Plus (TACACS+) TACACS+ is a logon authentication protocol that uses software running on a central server to control access to TACACS-compliant devices on the network. Telnet Defines a remote communication facility for interfacing to a terminal device over TCP/IP.
Page 837 LOSSARY host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down. XModem A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected. Glossary-9...
Page 838 LOSSARY Glossary-10...
Page 839 Symbols 3-31 Numerics 802.1x, port authentication acceptable frame type 3-118 Access Control List See ACL Extended IP 3-51 4-82 3-51 4-82 4-97 Standard IP 3-51 4-82 Address Resolution Protocol See ARP address table 3-86 4-159 aging time 3-88 4-162 configuration 3-183 description 3-182...
Page 840 NDEX DVMRP configuring 3-234 4-285 global settings 3-234 interface settings 3-237 neighbor routers 3-239 routing table 3-240 4-292 dynamic addresses, displaying 4-160 Dynamic Host Configuration Protocol See DHCP edge port, STA 3-98 3-100 event logging 4-41 firmware displaying version 3-11 upgrading 3-17 4-61...
Page 841: Radius Client
IP routing 3-176 4-235 configuring interfaces enabling or disabling 3-179 status 3-179 4-235 unicast protocols 3-178 IP, statistics 3-189 4-238 jumbo frame 4-60 LACP configuration 4-150 local parameters 3-74 partner parameters 3-77 protocol message statistics protocol parameters 3-71 Link Aggregation Control Protocol See LACP link type, STA 3-98...
Page 842: Port Security
NDEX password, line 4-13 passwords administrator setting 3-30 path cost 3-90 3-98 method 3-94 4-167 3-90 3-98 4-167 PIM-DM 3-241 4-293 configuring 3-241 4-293 global configuration 3-241 interface settings 3-242 neighbor routers 3-245 port authentication 3-42 port priority configuring 3-124 4-198 default ingress 3-124...
Page 843 specifications, software SSH, configuring 3-35 4-35 3-88 4-162 edge port 3-98 3-100 global settings, configuring – 4-163 4-168 global settings, displaying interface settings 3-96 – 4-173 4-178 4-179 link type 3-98 3-100 path cost 3-90 3-98 path cost method 3-94 port priority 3-98 4-173...
Page 844 NDEX Web interface access requirements configuration buttons home page menu list panel display Index-6...
Page 846 Fax 7 (095) 789 35 73 86-10-6235-4958; Fax 86-10-6235-4962 886-2-8797-8006; Fax 886-2-8797-6288 (65) 6 238 6556; Fax (65) 6 238 6466 82-2-553-0860; Fax 82-2-553-7202 81-45-224-2332 ; Fax 81-45-224-2331 61-2-8875-7887; Fax 61-2-8875-7777 91-22-8204437 ; Fax 91-22-8204443 Model Number: SMC8612XL3 F 1.0.1.3 Pub.Number: 150200039900A E102003-R01...

This manual is also suitable for:

8612xl3 - annexe 1 Tigerswitch smc8612xl3

SMC Networks SMC8612XL3 F 1.0.1.3 Management Manual

Chapter 1: Introduction

Chapter 2: Initial Configuration

Chapter 3: Configuring the Switch

Chapter 4: Command Line Interface

Quick Links

Management Guide

Related Manuals for SMC Networks SMC8612XL3 F 1.0.1.3

Summary of Contents for SMC Networks SMC8612XL3 F 1.0.1.3