Download Print this page

Edge-Core ECS4660-28F Management Manual

Layer 3

Hide thumbs Also See for ECS4660-28F:

Installation manual (86 pages)

Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual

ECS4660-28F Layer 3

Gigabit Ethernet Switch

Ma nage me nt Gu ide

www.edge-core.com

Table of Contents

Advertisement

Chapters

Table of Contents

Need help?

Need help?

Do you have a question about the ECS4660-28F and is the answer not in the manual?

Questions and answers

Summary of Contents for Edge-Core ECS4660-28F

Page 1 ECS4660-28F Layer 3 Gigabit Ethernet Switch Ma nage me nt Gu ide www.edge-core.com...
Page 3 ANAGEMENT UIDE ECS4660-28F G IGABIT THERNET WITCH Layer 3 Switch with 24 Gigabit Ethernet Ports (SFP), 2 10G Ethernet Ports (XSFP), and 2 Slots for Optional 10G Modules ECS4660-28F E102013/ST-R03 149100000140A...
Page 5: About This Guide
BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Page 6 BOUT UIDE This section summarizes the changes in each revision of this guide. EVISION ISTORY 2013 R CTOBER EVISION This is the third release of this guide. This guide is valid for software release V1.2.2.0. It includes information on the following changes: Updated information in Parameters section under "Configuring the ◆...
Page 7 BOUT UIDE Updated Parameters section under "Using the Trace Route Function" on ◆ page 746. Added commands "show watchdog" on page 909 "watchdog ◆ software" on page 909. Updated syntax for command "delete" on page 917. ◆ Updated range for command "exec-timeout"...
Page 8 BOUT UIDE Updated command usage section for the command "negotiation" on ◆ page 1194. Removed the command “speed-duplex.” ◆ Moved the switchport packet-rate command from Interface Commands ◆ chapter to Congestion Control Commands on page 1241. Added the commands "transceiver-threshold-auto" on page 1205, and ◆...
Page 9 BOUT UIDE 2012 R OVEMBER EVISION This is the second release of this guide. This guide is valid for software release V1.2.0.0. It includes information on the following changes: Removed information on Option 43 in "Downloading a Configuration File ◆ Referenced by a DHCP Server"...
Page 10 BOUT UIDE Added parameters under "Configuring MVR6 Global Settings" on ◆ page 675. Added RA Mode under "Configuring IPv6 Interface Settings" on ◆ page 697. Updated Command Usage section under "Specifying a DHCP Client ◆ Identifier" on page 720. ◆ Added "Configuring the PPPoE Intermediate Agent"...
Page 11 BOUT UIDE Updated parameter description for "ethernet cfm cc ma interval" on ◆ page 1581. Updated Command Usage section for "ip dhcp client class-id" on ◆ page 1625. Added "ipv6 nd raguard" on page 1688. ◆ Added "IPv6 to IPv4 Tunnels" on page 1696.
Page 12 BOUT UIDE – 12 –...
Page 13: Table Of Contents
ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features IP Routing Equal-cost Multipath Load Balancing Address Resolution Protocol System Defaults NITIAL WITCH ONFIGURATION Connecting to the Switch Configuration Options Required Connections Remote Connections Basic Configuration Console Connection Setting Passwords...
Page 14 ONTENTS ECTION ONFIGURATION SING THE NTERFACE Connecting to the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu ASIC ANAGEMENT ASKS Displaying System Information Displaying Hardware/Software Versions Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Managing System Files Copying Files via FTP/TFTP or HTTP Saving the Running Configuration to a Local File...
Page 15 ONTENTS Configuring Local Port Mirroring Configuring Remote Port Mirroring Showing Port or Trunk Statistics Configuring History Sampling Displaying Transceiver Data Configuring Transceiver Thresholds Trunk Configuration Configuring a Static Trunk Configuring a Dynamic Trunk Displaying LACP Port Counters Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Configuring Load Balancing Traffic Segmentation...
Page 16 ONTENTS DDRESS ABLE ETTINGS Configuring MAC Address Learning Setting Static Addresses Changing the Aging Time Displaying the Dynamic Address Table Clearing the Dynamic Address Table PANNING LGORITHM Overview Configuring Loopback Detection Configuring Global Settings for STA Displaying Global Settings for STA Configuring Interface Settings for STA Displaying Interface Settings for STA Configuring Multiple Spanning Trees...
Page 17 ONTENTS Creating QoS Policies Attaching a Policy Map to a Port 12 V IP T RAFFIC ONFIGURATION Overview Configuring VoIP Traffic Configuring Telephony OUI Configuring VoIP Traffic Ports 13 S ECURITY EASURES AAA Authorization and Accounting Configuring Local/Remote Logon Authentication Configuring Remote Logon Authentication Servers Configuring AAA Accounting Configuring AAA Authorization...
Page 18 ONTENTS Configuring a Standard IPv6 ACL Configuring an Extended IPv6 ACL Configuring a MAC ACL Configuring an ARP ACL Binding a Port to an Access Control List Showing ACL Hardware Counters ARP Inspection Configuring Global Settings for ARP Inspection Configuring VLAN Settings for ARP Inspection Configuring Interface Settings for ARP Inspection Displaying ARP Inspection Statistics Displaying the ARP Inspection Log...
Page 19 ONTENTS Sending Simple Mail Transfer Protocol Alerts Link Layer Discovery Protocol Setting LLDP Timing Attributes Configuring LLDP Interface Attributes Configuring LLDP Interface Civic-Address Displaying LLDP Local Device Information Displaying LLDP Remote Device Information Displaying Device Statistics Simple Network Management Protocol Configuring Global Settings for SNMP Setting the Local Engine ID Specifying a Remote Engine ID...
Page 20 ONTENTS Configuring CFM Maintenance Domains Configuring CFM Maintenance Associations Configuring Maintenance End Points Configuring Remote Maintenance End Points Transmitting Link Trace Messages Transmitting Loop Back Messages Transmitting Delay-Measure Requests Displaying Local MEPs Displaying Details for Local MEPs Displaying Local MIPs Displaying Remote MEPs Displaying Details for Remote MEPs Displaying the Link Trace Cache...
Page 21 ONTENTS Displaying Multicast Groups Discovered by IGMP Snooping Displaying IGMP Snooping Statistics Filtering and Throttling IGMP Groups Enabling IGMP Filtering and Throttling Configuring IGMP Filter Profiles Configuring IGMP Filtering and Throttling for Interfaces MLD Snooping (Snooping and Query for IPv6) Configuring MLD Snooping and Query Parameters Setting Immediate Leave Status for MLD Snooping per Interface Specifying Static Interfaces for an IPv6 Multicast Router...
Page 22 ONTENTS Setting the Switch’s IP Address (IP Version 6) Configuring the IPv6 Default Gateway Configuring IPv6 Interface Settings Configuring an IPv6 Address Showing IPv6 Addresses Showing the IPv6 Neighbor Cache Showing IPv6 Statistics Showing the MTU for Responding Destinations 17 IP S ERVICES Domain Name Service Configuring General DNS Service Parameters...
Page 23 ONTENTS Using the Trace Route Function Address Resolution Protocol Basic ARP Configuration Configuring Static ARP Addresses Displaying Dynamic or Local ARP Entries Displaying ARP Statistics Configuring Static Routes Displaying the Routing Table Equal-cost Multipath Routing 19 C ONFIGURING OUTER EDUNDANCY Configuring VRRP Groups Displaying VRRP Global Statistics Displaying VRRP Group Statistics...
Page 24 ONTENTS Redistributing External Routes Configuring Summary Addresses (for External AS Routes) Configuring OSPF Interfaces Configuring Virtual Links Displaying Link State Database Information Displaying Information on Neighboring Routers 21 M ULTICAST OUTING Overview Configuring Global Settings for Multicast Routing Enabling Multicast Routing Globally Displaying the Multicast Routing Table Configuring PIM for IPv4 Enabling PIM Globally...
Page 25 ONTENTS ECTION OMMAND NTERFACE 22 U SING THE OMMAND NTERFACE Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands...
Page 26 ONTENTS banner configure company banner configure dc-power-info banner configure department banner configure equipment-info banner configure equipment-location banner configure ip-lan banner configure lp-number banner configure manager-info banner configure mux banner configure note show banner System Status show access-list tcam-utilization show alarm-status show memory show process cpu show running-config...
Page 27 ONTENTS Automatic Code Upgrade Commands upgrade opcode auto upgrade opcode path upgrade opcode reload show upgrade Line line databits exec-timeout login parity password password-thresh silent-time speed stopbits timeout login response disconnect show line Event Logging logging facility logging history logging host logging on logging trap clear log...
Page 28 ONTENTS Time SNTP Commands sntp client sntp poll sntp server show sntp NTP Commands ntp authenticate ntp authentication-key ntp client ntp server show ntp Manual Configuration Commands clock summer-time (date) clock summer-time (predefined) clock summer-time (recurring) clock timezone calendar set show calendar Time Range time-range...
Page 29 ONTENTS ptp log-min-pdelay-request-interval ptp log-sync-interval ptp port-enable ptp transport ptp port-release show ptp configuration show ptp foreign-master show ptp information Synchronous Ethernet synce synce ethernet synce ethernet clock-source synce auto-clock-source-selecting synce force-clock-source-selecting synce ssm ethernet synce clk-src-ssm show synce Switch Clustering cluster cluster commander cluster ip-pool...
Page 30 ONTENTS snmp-server enable port-traps mac-notification 1003 show snmp-server enable port-traps 1004 SNMPv3 Commands 1004 snmp-server engine-id 1004 snmp-server group 1006 snmp-server user 1007 snmp-server view 1008 show snmp engine-id 1009 show snmp group 1010 show snmp user 1011 show snmp view 1012 Notification Log Commands 1012...
Page 31 ONTENTS username 1033 Authentication Sequence 1034 authentication enable 1034 authentication login 1035 RADIUS Client 1036 radius-server acct-port 1036 radius-server auth-port 1037 radius-server host 1037 radius-server key 1038 radius-server retransmit 1039 radius-server timeout 1039 show radius-server 1040 TACACS+ Client 1040 tacacs-server host 1041 tacacs-server key 1041...
Page 32 ONTENTS Telnet Server 1055 ip telnet max-sessions 1055 ip telnet port 1056 ip telnet server 1056 show ip telnet 1057 Secure Shell 1057 ip ssh authentication-retries 1060 ip ssh server 1060 ip ssh server-key size 1061 ip ssh timeout 1062 delete public-key 1062 ip ssh crypto host-key generate...
Page 33 ONTENTS Management IP Filter 1078 management 1079 show management 1080 PPPoE Intermediate Agent 1081 pppoe intermediate-agent 1081 pppoe intermediate-agent format-type 1082 pppoe intermediate-agent port-enable 1083 pppoe intermediate-agent port-format-type 1083 pppoe intermediate-agent trust 1084 pppoe intermediate-agent vendor-tag strip 1085 clear pppoe intermediate-agent statistics 1085 show pppoe intermediate-agent info 1086...
Page 34 ONTENTS show network-access 1107 show network-access mac-address-table 1108 show network-access mac-filter 1109 Web Authentication 1109 web-auth login-attempts 1110 web-auth quiet-period 1111 web-auth session-timeout 1111 web-auth system-auth-control 1112 web-auth 1112 web-auth re-authenticate (Port) 1113 web-auth re-authenticate (IP) 1113 show web-auth 1114 show web-auth interface 1114 show web-auth summary...
Page 35 ONTENTS show ipv6 dhcp snooping statistics 1133 IPv4 Source Guard 1133 ip source-guard binding 1134 ip source-guard 1135 ip source-guard max-binding 1137 ip source-guard mode 1138 clear ip source-guard binding blocked 1138 show ip source-guard 1139 show ip source-guard binding 1139 IPv6 Source Guard 1140...
Page 36 ONTENTS traffic-segmentation session 1158 traffic-segmentation uplink/downlink 1159 traffic-segmentation uplink-to-uplink 1160 show traffic-segmentation 1161 30 A 1163 CCESS ONTROL ISTS IPv4 ACLs 1163 access-list ip 1164 permit, deny (Standard IP ACL) 1165 permit, deny (Extended IPv4 ACL) 1166 ip access-group 1168 show ip access-group 1169 show ip access-list...
Page 37 ONTENTS alias 1189 capabilities 1189 description 1190 discard 1191 flowcontrol 1191 history 1192 media-type 1193 negotiation 1194 shutdown 1194 switchport mtu 1195 clear counters 1196 show discard 1197 show interfaces brief 1197 show interfaces counters 1198 show interfaces history 1199 show interfaces status 1202 show interfaces switchport...
Page 38 ONTENTS lacp admin-key (Port Channel) 1222 lacp timeout 1223 Trunk Status Display Commands 1224 show lacp 1224 show port-channel load-balance 1228 33 P 1229 IRRORING OMMANDS Local Port Mirroring Commands 1229 port monitor 1229 show port monitor 1230 RSPAN Mirroring Commands 1231 rspan source 1233...
Page 39 ONTENTS snmp-server enable port-traps atc multicast-alarm-clear 1254 snmp-server enable port-traps atc multicast-alarm-fire 1254 snmp-server enable port-traps atc multicast-control-apply 1255 snmp-server enable port-traps atc multicast-control-release 1255 ATC Display Commands 1256 show auto-traffic-control 1256 show auto-traffic-control interface 1256 35 L 1259 OOPBACK ETECTION OMMANDS loopback-detection...
Page 40 ONTENTS spanning-tree system-bpdu-flooding 1284 spanning-tree transmission-limit 1284 max-hops 1285 mst priority 1286 mst vlan 1286 name 1287 revision 1288 spanning-tree bpdu-filter 1288 spanning-tree bpdu-guard 1289 spanning-tree cost 1290 spanning-tree edge-port 1291 spanning-tree link-type 1292 spanning-tree loopback-detection 1293 spanning-tree loopback-detection action 1293 spanning-tree loopback-detection release-mode 1294...
Page 41 ONTENTS mep-monitor 1312 node-id 1313 non-erps-dev-protect 1314 non-revertive 1315 propagate-tc 1319 raps-def-mac 1320 raps-without-vc 1320 ring-port 1322 rpl neighbor 1323 rpl owner 1324 version 1325 wtr-timer 1326 clear erps statistics 1326 erps clear 1327 erps forced-switch 1327 erps manual-switch 1329 show erps 1331 40 VLAN C...
Page 42 ONTENTS vlan-trunking 1350 Displaying VLAN Information 1352 show vlan 1352 Configuring IEEE 802.1Q Tunneling 1353 dot1q-tunnel system-tunnel-control 1354 switchport dot1q-tunnel mode 1355 switchport dot1q-tunnel service match cvid 1356 switchport dot1q-tunnel tpid 1358 show dot1q-tunnel 1359 Configuring L2CP Tunneling 1360 l2protocol-tunnel tunnel-dmac 1360 switchport l2protocol-tunnel 1363...
Page 43 ONTENTS voice vlan aging 1380 voice vlan mac-address 1381 switchport voice vlan 1382 switchport voice vlan priority 1383 switchport voice vlan rule 1383 switchport voice vlan security 1384 show voice vlan 1385 41 C 1387 LASS OF ERVICE OMMANDS Priority Commands (Layer 2) 1387 queue mode 1388...
Page 44 ONTENTS class 1412 police flow 1413 police srtcm-color 1415 police trtcm-color 1417 set cos 1419 set phb 1420 service-policy 1421 show class-map 1422 show policy-map 1422 show policy-map interface 1423 43 M 1425 ULTICAST ILTERING OMMANDS IGMP Snooping 1426 ip igmp snooping 1427 ip igmp snooping priority 1428...
Page 45 ONTENTS Static Multicast Routing 1446 ip igmp snooping vlan mrouter 1447 show ip igmp snooping mrouter 1447 IGMP Filtering and Throttling 1448 ip igmp filter (Global Configuration) 1449 ip igmp profile 1450 permit, deny 1450 range 1451 ip igmp authentication 1451 ip igmp filter (Interface Configuration) 1453...
Page 46 ONTENTS MLD Filtering and Throttling 1469 ipv6 mld filter (Global Configuration) 1470 ipv6 mld profile 1471 permit, deny 1471 range 1472 ipv6 mld filter (Interface Configuration) 1472 ipv6 mld max-groups 1473 ipv6 mld max-groups action 1474 ipv6 mld query-drop 1474 ipv6 multicast-data-drop 1475 show ipv6 mld filter...
Page 47 ONTENTS MVR for IPv6 1496 mvr6 associated-profile 1497 mvr6 domain 1498 mvr6 profile 1498 mvr6 proxy-query-interval 1499 mvr6 proxy-switching 1500 mvr6 robustness-value 1501 mvr6 source-port-mode dynamic 1501 mvr6 upstream-source-ip 1502 mvr6 vlan 1503 mvr6 immediate-leave 1503 mvr6 type 1504 mvr6 vlan group 1505 clear mvr6 groups 1506...
Page 48 ONTENTS MLD (Layer 3) 1525 ipv6 mld 1525 ipv6 mld last-member-query-response-interval 1526 ipv6 mld max-resp-interval 1527 ipv6 mld query-interval 1528 ipv6 mld robustval 1528 ipv6 mld static-group 1529 ipv6 mld version 1530 clear ipv6 mld group 1531 show ipv6 mld groups 1531 show ipv6 mld interface 1533...
Page 49 ONTENTS lldp med-notification 1551 lldp med-tlv inventory 1552 lldp med-tlv location 1553 lldp med-tlv med-cap 1553 lldp med-tlv network-policy 1554 lldp notification 1554 show lldp config 1555 show lldp info local-device 1556 show lldp info remote-device 1557 show lldp info statistics 1560 45 CFM C 1561...
Page 50 ONTENTS show ethernet cfm errors 1585 Cross Check Operations 1586 ethernet cfm mep crosscheck start-delay 1586 snmp-server enable traps ethernet cfm crosscheck 1587 mep crosscheck mpid 1588 ethernet cfm mep crosscheck 1589 show ethernet cfm maintenance-points remote crosscheck 1590 Link Trace Operations 1590 ethernet cfm linktrace cache 1590...
Page 51 ONTENTS show efm oam remote-loopback interface 1612 show efm oam status interface 1613 show efm oam status remote interface 1613 47 D 1615 OMAIN ERVICE OMMANDS ip domain-list 1615 ip domain-lookup 1616 ip domain-name 1617 ip host 1618 ip name-server 1619 ipv6 host 1620...
Page 52 ONTENTS dns-server 1637 domain-name 1637 hardware-address 1638 host 1638 lease 1639 netbios-name-server 1640 netbios-node-type 1641 network 1641 next-server 1642 clear ip dhcp binding 1643 show ip dhcp 1644 show ip dhcp binding 1644 show ip dhcp pool 1644 49 IP I 1647 NTERFACE OMMANDS...
Page 53 ONTENTS ipv6 address 1665 ipv6 address eui-64 1667 ipv6 address link-local 1669 ipv6 enable 1670 ipv6 mtu 1671 show ipv6 interface 1672 show ipv6 mtu 1674 show ipv6 traffic 1675 clear ipv6 traffic 1679 ping6 1679 traceroute6 1681 Neighbor Discovery 1682 ipv6 hop-limit 1682...
Page 54 ONTENTS ND Snooping 1704 ipv6 nd snooping 1705 ipv6 nd snooping auto-detect 1706 ipv6 nd snooping auto-detect retransmit count 1707 ipv6 nd snooping auto-detect retransmit interval 1707 ipv6 nd snooping prefix timeout 1708 ipv6 nd snooping max-binding 1709 ipv6 nd snooping trust 1709 clear ipv6 nd snooping binding 1710...
Page 55 ONTENTS IPv6 Commands 1730 ipv6 route 1730 show ipv6 route 1731 Routing Information Protocol (RIP) 1733 router rip 1734 default-information originate 1734 default-metric 1735 distance 1736 maximum-prefix 1736 neighbor 1737 network 1738 passive-interface 1738 redistribute 1739 timers basic 1740 version 1741 ip rip authentication mode 1742...
Page 56 ONTENTS auto-cost reference-bandwidth 1758 default-metric 1759 redistribute 1760 summary-address 1761 Area Configuration 1762 area nssa 1762 area stub 1764 area virtual-link 1765 network area 1768 Interface Configuration 1769 ip ospf authentication 1769 ip ospf authentication-key 1770 ip ospf cost 1771 ip ospf dead-interval 1772 ip ospf hello-interval...
Page 57 ONTENTS Route Metrics and Summaries 1797 area default-cost 1797 area range 1798 default-metric 1799 redistribute 1799 Area Configuration 1801 area stub 1801 area virtual-link 1802 ipv6 router ospf area 1804 ipv6 router ospf tag area 1805 Interface Configuration 1806 ipv6 ospf cost 1806 ipv6 ospf dead-interval 1807...
Page 58 ONTENTS ip extcommunity-list 1836 ip prefix-list 1838 aggregate-address 1839 bgp client-to-client reflection 1840 bgp cluster-id 1841 bgp confederation identifier 1842 bgp confederation peer 1843 bgp dampening 1844 bgp enforce-first-as 1845 bgp fast-external-failover 1845 bgp log-neighbor-changes 1846 bgp network import-check 1846 bgp router-id 1847 bgp scan-time...
Page 59 ONTENTS neighbor default-originate 1863 neighbor description 1864 neighbor distribute-list 1864 neighbor dont-capability-negotiate 1865 neighbor ebgp-multihop 1866 neighbor enforce-multihop 1866 neighbor filter-list 1867 neighbor interface 1868 neighbor maximum-prefix 1868 neighbor next-hop-self 1869 neighbor override-capability 1870 neighbor passive 1870 neighbor peer-group (Creating) 1871 neighbor peer-group (Group Members) 1872...
Page 60 ONTENTS show ip bgp community-list 1888 show ip bgp dampening 1888 show ip bgp filter-list 1890 show ip bgp neighbors 1890 show ip bgp paths 1892 show ip bgp prefix-list 1892 show ip bgp regexp 1893 show ip bgp route-map 1893 show ip bgp scan 1894...
Page 61 ONTENTS set extcommunity 1912 set ip next-hop 1913 set local-preference 1914 set metric 1914 set origin 1915 set originator-id 1916 set pathlimit ttl 1916 set weight 1917 show route-map 1917 52 M 1919 ULTICAST OUTING OMMANDS General Multicast Routing 1919 IPv4 Commands 1919 ip multicast-routing...
Page 62 ONTENTS ip pim max-graft-retries 1937 ip pim state-refresh origination-interval 1937 PIM-SM Commands 1938 ip pim bsr-candidate 1938 ip pim register-rate-limit 1939 ip pim register-source 1940 ip pim rp-address 1941 ip pim rp-candidate 1942 ip pim spt-threshold 1944 ip pim dr-priority 1945 ip pim join-prune-interval 1946...
Page 63 ONTENTS ipv6 pim rp-address 1964 ipv6 pim rp-candidate 1965 ipv6 pim spt-threshold 1967 ipv6 pim dr-priority 1968 ipv6 pim join-prune-interval 1969 clear ipv6 pim bsr rp-set 1970 show ipv6 pim bsr-router 1970 show ipv6 pim rp mapping 1971 show ipv6 pim rp-hash 1972 1973 ECTION...
Page 64 ONTENTS – 64 –...
Page 65: Figures
IGURES Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Figure 4: General Switch Information Figure 5: Configuring Support for Jumbo Frames Figure 6: Displaying Bridge Extension Configuration Figure 7: Copy Firmware Figure 8: Saving the Running Configuration Figure 9: Setting Start-Up Files Figure 10: Displaying System Files Figure 11: Configuring Automatic Code Upgrade...
Page 66 IGURES Figure 32: Configuring Local Port Mirroring Figure 33: Configuring Local Port Mirroring Figure 34: Displaying Local Port Mirror Sessions Figure 35: Configuring Remote Port Mirroring Figure 36: Configuring Remote Port Mirroring (Source) Figure 37: Configuring Remote Port Mirroring (Intermediate) Figure 38: Configuring Remote Port Mirroring (Destination) Figure 39: Showing Port Statistics (Table) Figure 40: Showing Port Statistics (Chart)
Page 67 IGURES Figure 68: Configuring VLAN Trunking Figure 69: VLAN Compliant and VLAN Non-compliant Devices Figure 70: Using GVRP Figure 71: Creating Static VLANs Figure 72: Modifying Settings for Static VLANs Figure 73: Showing Static VLANs Figure 74: Configuring Static Members by VLAN Index Figure 75: Configuring Static VLAN Members by Interface Figure 76: Configuring Static VLAN Members by Interface Range Figure 77: Configuring Global Status of GVRP...
Page 68 IGURES Figure 104: Displaying Static MAC Addresses Figure 105: Setting the Address Aging Time Figure 106: Displaying the Dynamic MAC Address Table Figure 107: Clearing Entries in the Dynamic MAC Address Table Figure 108: STP Root Ports and Designated Ports Figure 109: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree Figure 110: Common Internal Spanning Tree, Common Spanning Tree, Internal Spanning Tree...
Page 69 IGURES Figure 140: Configuring DSCP to DSCP Internal Mapping Figure 141: Showing DSCP to DSCP Internal Mapping Figure 142: Configuring CoS to DSCP Internal Mapping Figure 143: Showing CoS to DSCP Internal Mapping Figure 144: Configuring DSCP to CoS Egress Mapping Figure 145: Showing DSCP to CoS Egress Mapping Figure 146: Configuring IP Precedence to DSCP Internal Mapping Figure 147: Showing the IP Precedence to DSCP Internal Map...
Page 70 IGURES Figure 176: Configuring AAA Authorization Methods Figure 177: Showing AAA Authorization Methods Figure 178: Configuring AAA Authorization Methods for Exec Service Figure 179: Displaying the Applied AAA Authorization Method Figure 180: Configuring User Accounts Figure 181: Showing User Accounts Figure 182: Configuring Global Settings for Web Authentication Figure 183: Configuring Interface Settings for Web Authentication Figure 184: Configuring Global Settings for Network Access...
Page 71 IGURES Figure 212: Configuring Global Settings for ARP Inspection Figure 213: Configuring VLAN Settings for ARP Inspection Figure 214: Configuring Interface Settings for ARP Inspection Figure 215: Displaying Statistics for ARP Inspection Figure 216: Displaying the ARP Inspection Log Figure 217: Creating an IP Address Filter for Management Access Figure 218: Showing IP Addresses Authorized for Management Access Figure 219: Configuring Port Security Figure 220: Configuring Port Security...
Page 72 IGURES Figure 248: Displaying Remote Device Information for LLDP (Port Details) Figure 249: Displaying Remote Device Information for LLDP (End Node) Figure 250: Displaying LLDP Device Statistics (General) Figure 251: Displaying LLDP Device Statistics (Port) Figure 252: Configuring Global Settings for SNMP Figure 253: Configuring the Local Engine ID for SNMP Figure 254: Configuring a Remote Engine ID for SNMP Figure 255: Showing Remote Engine IDs for SNMP...
Page 73 IGURES Figure 284: Showing Collected RMON Statistical Samples Figure 285: Configuring a Switch Cluster Figure 286: Configuring a Cluster Members Figure 287: Showing Cluster Members Figure 288: Showing Cluster Candidates Figure 289: Managing a Cluster Member Figure 290: ERPS Ring Components Figure 291: Ring Interconnection Architecture (Multi-ring/Ladder Network) Figure 292: Setting ERPS Global Status Figure 293: Sub-ring with Virtual Channel...
Page 74 IGURES Figure 320: Showing Detailed Information on Remote MEPs Figure 321: Showing the Link Trace Cache Figure 322: Showing Settings for the Fault Notification Generator Figure 323: Showing Continuity Check Errors Figure 324: Enabling OAM for Local Ports Figure 325: Displaying Statistics for OAM Messages Figure 326: Displaying the OAM Event Log Figure 327: Displaying Status of Remote Interfaces Figure 328: Running a Remote Loop Back Test...
Page 75 IGURES Figure 356: Adding Multicast Groups to an IGMP Filtering Profile Figure 357: Showing the Groups Assigned to an IGMP Filtering Profile Figure 358: Configuring IGMP Filtering and Throttling Interface Settings Figure 359: Configuring General Settings for MLD Snooping Figure 360: Configuring Immediate Leave for MLD Snooping Figure 361: Configuring a Static Interface for an IPv6 Multicast Router Figure 362: Showing Static Interfaces Attached an IPv6 Multicast Router Figure 363: Showing Current Interfaces Attached an IPv6 Multicast Router...
Page 76 IGURES Figure 392: Displaying MVR6 Group Address Profiles Figure 393: Assigning an MVR6 Group Address Profile to a Domain Figure 394: Showing MVR6 Group Address Profiles Assigned to a Domain Figure 395: Configuring Interface Settings for MVR6 Figure 396: Assigning Static MVR6 Groups to a Port Figure 397: Showing the Static MVR6 Groups Assigned to a Port Figure 398: Displaying MVR6 Receiver Groups Figure 399: Displaying MVR6 Statistics –...
Page 77 IGURES Figure 428: Configuring Excluded Addresses on the DHCP Server Figure 429: Showing Excluded Addresses on the DHCP Server Figure 430: Configuring DHCP Server Address Pools (Network) Figure 431: Configuring DHCP Server Address Pools (Host) Figure 432: Showing Configured DHCP Server Address Pools Figure 433: Shows Addresses Assigned by the DHCP Server Figure 434: Enabling the UDP Helper Figure 435: Specifying UDP Destination Ports...
Page 78 IGURES Figure 464: Showing Counters for Errors Found in VRRP Packets Figure 465: Showing Counters for Errors Found in a VRRP Group Figure 466: Configuring RIP Figure 467: Configuring General Settings for RIP Figure 468: Clearing Entries from the Routing Table Figure 469: Adding Network Interfaces to RIP Figure 470: Showing Network Interfaces Using RIP Figure 471: Specifying a Passive RIP Interface...
Page 79 IGURES Figure 500: Configuring Route Summaries for an Area Range Figure 501: Showing Configured Route Summaries Figure 502: Redistributing External Routes Figure 503: Importing External Routes Figure 504: Showing Imported External Route Types Figure 505: Summarizing External Routes Figure 506: Showing Summary Addresses for External Routes Figure 507: Configuring Settings for All Interfaces Assigned to a VLAN Figure 508: Configuring Settings for a Specific Area Assigned to a VLAN Figure 509: Showing OSPF Interfaces...
Page 80 IGURES Figure 536: Enabling PIMv6 Multicast Routing Figure 537: Configuring PIMv6 Interface Settings (Dense Mode) Figure 538: Configuring PIMv6 Interface Settings (Sparse Mode) Figure 539: Showing PIMv6 Neighbors Figure 540: Configuring Global Settings for PIM6-SM Figure 541: Configuring a PIM6-SM BSR Candidate Figure 542: Configuring a PIM6 Static Rendezvous Point Figure 543: Showing PIM6 Static Rendezvous Points Figure 544: Configuring a PIM6 RP Candidate...
Page 81: Tables
ABLES Table 1: Key Features Table 2: System Defaults Table 3: Options 60, 66 and 67 Statements Table 4: Options 55 and 124 Statements Table 5: Web Page Configuration Buttons Table 6: Switch Main Menu Table 7: Port Statistics Table 8: LACP Port Counters Table 9: LACP Internal Configuration Information Table 10: LACP Remote Device Configuration Information Table 11: Traffic Segmentation Forwarding...
Page 82 ABLES Table 32: Remote Port Auto-Negotiation Advertised Capability Table 33: SNMPv3 Security Models and Levels Table 34: Supported Notification Messages Table 35: ERPS Request/State Priority Table 36: Remote MEP Priority Levels Table 37: MEP Defect Descriptions Table 38: OAM Operation State Table 39: OAM Operation State Table 40: Ethernet Multicast MAC Addresses Table 41: UDP/IPv4 Destination Port Numbers...
Page 83 ABLES Table 68: Event Logging Commands Table 69: Logging Levels Table 70: show logging flash/ram - display description Table 71: show logging trap - display description Table 72: Event Logging Commands Table 73: Time Commands Table 74: Predefined Summer-Time Parameters Table 75: Time Range Commands Table 76: PTP Commands Table 77: Ethernet Multicast MAC Addresses...
Page 84 ABLES Table 104: HTTPS System Support 1054 Table 105: Telnet Server Commands 1055 Table 106: Secure Shell Commands 1057 Table 107: show ssh - display description 1066 Table 108: 802.1X Port Authentication Commands 1067 Table 109: Management IP Filter Commands 1078 Table 110: PPPoE Intermediate Agent Commands 1081...
Page 85 ABLES Table 140: Port Mirroring Commands 1229 Table 141: Mirror Port Commands 1229 Table 142: RSPAN Commands 1231 Table 143: Congestion Control Commands 1239 Table 144: Rate Limit Commands 1239 Table 145: Rate Limit Commands 1241 Table 146: ATC Commands 1243 Table 147: Loopback Detection Commands 1259...
Page 86 ABLES Table 176: Mapping Per-hop Behavior to Drop Precedence 1394 Table 177: Mapping Internal PHB/Drop Precedence to CoS/CFI Values 1395 Table 178: Default Mapping of DSCP Values to Internal PHB/Drop Values 1397 Table 179: Default Mapping of IP Precedence to Internal PHB/Drop Values 1399 Table 180: Mapping Internal Per-hop Behavior to Hardware Queues 1399...
Page 87 ABLES Table 212: LLDP Commands 1537 Table 213: LLDP MED Location CA Types 1550 Table 214: CFM Commands 1561 Table 215: show ethernet cfm configuration traps - display description 1575 Table 216: show ethernet cfm maintenance-points local detail mep - display 1578 Table 217: show ethernet cfm maintenance-points remote detail - display 1580...
Page 88 ABLES Table 248: IP Routing Commands 1723 Table 249: Global Routing Configuration Commands 1723 Table 250: show ip host-route - display description 1726 Table 251: Routing Information Protocol Commands 1733 Table 252: Open Shortest Path First Commands 1750 Table 253: show ip ospf - display description 1778 Table 254: show ip ospf database - display description 1781...
Page 89 ABLES Table 284: show ip pim neighbor - display description 1936 Table 285: show ip pim bsr-router - display description 1948 Table 286: show ip pim rp mapping - display description 1949 Table 287: show ip pim rp-hash - display description 1949 Table 288: PIM-DM and PIM-SM Multicast Routing Commands 1950...
Page 90 ABLES – 90 –...
Page 91: Sectioni
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 93 ◆...
Page 92 | Getting Started ECTION – 92 –...
Page 93: Key Features
NTRODUCTION This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 94 | Introduction HAPTER Key Features Table 1: Key Features (Continued) Feature Description Address Table 32K MAC addresses in forwarding table, 1K static MAC addresses; 8K entries in ARP cache,256 static ARP entries; 512 static IP routes, 512 IP interfaces; 12K IPv4 entries in host table; 8K IPv4 entries in routing table;...
Page 95: Description Of Software Features
| Introduction HAPTER Description of Software Features ESCRIPTION OF OFTWARE EATURES The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network.
Page 96 | Introduction HAPTER Description of Software Features dynamic configuration of local clients from a DHCP server located in a different network. You can manually configure the speed, duplex mode, and flow control used ONFIGURATION on specific ports, or use auto-negotiation to detect the connection settings used by the attached device.
Page 97 | Introduction HAPTER Description of Software Features Access to insecure ports can be controlled using DHCP Snooping which IP A DDRESS filters ingress traffic based on static IP addresses and addresses stored in ILTERING the DHCP Snooping table. Traffic can also be restricted to specific source IP addresses or source IP/MAC address pairs based on static entries or entries stored in the DHCP Snooping table.
Page 98 | Introduction HAPTER Description of Software Features The switch provides connectivity fault monitoring for end-to-end ONNECTIVITY AULT connections within a designated service area by using continuity check ANAGEMENT messages which can detect faults in maintenance points, fault verification through loop back messages, and fault isolation with link trace messages. The switch supports up to 4094 VLANs.
Page 99: Ip Routing
| Introduction HAPTER Description of Software Features This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet using DSCP, or IP Precedence or TCP/UDP port numbers.
Page 100: Equal-Cost Multipath Load Balancing
| Introduction HAPTER Description of Software Features OSPF – This approach uses a link state routing protocol to generate a shortest-path tree, then builds up its routing table based on this tree. OSPF produces a more stable network because the participating routers act on network changes predictably and simultaneously, converging on the best route more quickly than RIP.
Page 101 | Introduction HAPTER Description of Software Features Specific multicast traffic can be assigned to its own VLAN to ensure that it ULTICAST ILTERING does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query for IPv4, MLD Snooping and Query for IPv6, and IGMP at Layer 3 to manage multicast group registration.
Page 102: System Defaults
| Introduction HAPTER System Defaults YSTEM EFAULTS The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file. The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter...
Page 103 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast: Enabled (500 packets/sec) Multicast: Disabled Unknown Unicast: Disabled...
Page 104 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default IP Settings Management. VLAN VLAN 1 IP Address DHCP assigned Subnet Mask 255.255.255.0 Default Gateway 0.0.0.0 DHCP Client: Enabled Client/Proxy service: Disabled BOOTP Disabled Enabled Cache Timeout: 20 minutes Proxy: Disabled Unicast Routing Disabled...
Page 105: Initial
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. ONNECTING TO THE WITCH The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web- based interface.
Page 106: Required Connections
| Initial Switch Configuration HAPTER Connecting to the Switch Control port access through IEEE 802.1X security or static address ◆ filtering Filter packets using Access Control Lists (ACLs) ◆ Configure up to 4094 IEEE 802.1Q VLANs ◆ Enable GVRP automatic VLAN registration ◆...
Page 107: Remote Connections
| Initial Switch Configuration HAPTER Connecting to the Switch Make sure the terminal emulation software is set as follows: Select the appropriate serial port (COM port 1 or COM port 2). ■ Set the baud rate to 115200 bps. ■ Set the data format to 8 data bits, 1 stop bit, and no parity.
Page 108: Basic Configuration
| Initial Switch Configuration HAPTER Basic Configuration default, but may be manually configured with an IPv4 or IPv6 address as described in the following sections. The Craft port can only be configured through the command line interface, and is specified with the name “craft” in the commands used to configure its IP address.
Page 109: Setting An Ip Address
Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>. Username: admin Password: CLI session with the ECS4660-28F is opened. To end the CLI session, enter [Exit]. Console#configure Console(config)#username guest password 0 [password]...
Page 110 | Initial Switch Configuration HAPTER Basic Configuration SSIGNING AN DDRESS Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: IP address for the switch ◆ ◆ Network mask for this network Default gateway for the network ◆...
Page 111 | Initial Switch Configuration HAPTER Basic Configuration To configure an IPv6 link local address for the switch, complete the following steps: From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>. Type “ipv6 address” followed by up to 8 colon-separated 16-bit hexadecimal values for the ipv6-address similar to that shown in the example, followed by the “link-local”...
Page 112 | Initial Switch Configuration HAPTER Basic Configuration To generate an IPv6 global unicast address for the switch, complete the following steps: From the global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>. From the interface prompt, type “ipv6 address ipv6-address” or “ipv6 address ipv6-address/prefix-length,”...
Page 113 | Initial Switch Configuration HAPTER Basic Configuration YNAMIC ONFIGURATION Obtaining an IPv4 Address If you select the “bootp” or “dhcp” option, the system will immediately start broadcasting service requests. IP will be enabled but will not function until a BOOTP or DHCP reply has been received. Requests are broadcast every few minutes using exponential backoff until IP configuration information is obtained from a BOOTP or DHCP server.
Page 114 | Initial Switch Configuration HAPTER Basic Configuration Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#show ip interface VLAN 1 is Administrative Up - Link Up Address is 00-E0-0C-00-00-FB Index: 1001, MTU: 1500 Address Mode is DHCP...
Page 115: Downloading A Configuration File Referenced By Adhcp Server
| Initial Switch Configuration HAPTER Basic Configuration Information passed on to the switch from a DHCP server may also include a OWNLOADING A configuration file to be downloaded and the TFTP servers where that file ONFIGURATION can be accessed. If the Factory Default Configuration file is used to EFERENCED BY A provision the switch at startup, in addition to requesting IP configuration DHCP S...
Page 116: Enabling Snmp Management Access
Simple Network Management Protocol (SNMP) applications such as ANAGEMENT CCESS Edge-Core ECView Pro. You can configure the switch to respond to SNMP requests or generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
Page 117 | Initial Switch Configuration HAPTER Basic Configuration configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred. The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients.
Page 118 | Initial Switch Configuration HAPTER Basic Configuration ECEIVERS You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, use the “snmp-server host” command. From the Privileged Exec level global configuration mode prompt, type: “snmp-server host host-address community-string [version {1 | 2c | 3 {auth | noauth | priv}}]”...
Page 119: Managing System Files
| Initial Switch Configuration HAPTER Managing System Files ANAGING YSTEM ILES The switch’s flash memory supports three types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
Page 120 | Initial Switch Configuration HAPTER Managing System Files contain slashes (\ or /), and the leading letter of the file name must not be a period (.). (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) There can be more than one user-defined configuration file saved in the switch’s flash memory, but only one is designated as the “startup”...
Page 121: Eb Onfiguration
ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 123 ◆ "Basic Management Tasks" on page 149 ◆...
Page 122 | Web Configuration ECTION "Multicast Routing" on page 825 ◆ – 122 –...
Page 123: Sing The Web Nterface
SING THE NTERFACE This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 6, Mozilla Firefox 4, or Google Chrome 29, or more recent versions).
Page 124: Navigating The Web Browser Interface
System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics. Figure 1: Home Page You can open a connection to the vendor’s web site by clicking on the Edge-Core logo. – 124 –...
Page 125: Configuration Options
| Using the Web Interface HAPTER Navigating the Web Browser Interface Configurable parameters have a dialog box or a drop-down list. Once a ONFIGURATION configuration change has been made on a page, be sure to click on the PTIONS Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.
Page 126: Main Menu
| Using the Web Interface HAPTER Navigating the Web Browser Interface Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 6: Switch Main Menu Menu Description...
Page 127 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Information Displays port connection status Mirror Sets the source and target ports for mirroring Show Shows the configured mirror sessions Statistics Shows Interface, Etherlike, and RMON port statistics Chart...
Page 128 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Configure Trunk Configure Configures connection settings Show Displays port connection status Show Member Shows the active members in a trunk Statistics Shows Interface, Etherlike, and RMON port statistics Chart...
Page 129 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Display configured primary and community VLANs Add Community VLAN Associates a community VLAN with a primary VLAN Show Community VLAN Shows the community VLANs associated with a primary VLAN Configure Interface Sets the private VLAN interface type, and associates the...
Page 130 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Spanning Tree Algorithm Configure Global Configure Configures global bridge settings for STP, RSTP and MSTP Show Information Displays STA values used for the bridge Configure Interface Configure Configures interface settings for STA...
Page 131 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Shows the CoS to DSCP mapping list DSCP to CoS Maps internal per-hop behavior and drop precedence value pairs to CoS values used in tagged egress packets on a Layer 2 interface Show Shows the DSCP to CoS mapping list...
Page 132 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Configure Interface Configures VoIP traffic settings for ports, including the way in which a port is added to the Voice VLAN, filtering of non-VoIP packets, the method of detecting VoIP traffic, and the priority assigned to the voice traffic Security...
Page 133 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Configure Interface Enables Web Authentication for individual ports Network Access MAC address-based network access authentication Configure Global Enables aging for authenticated MAC addresses, and sets the time period after which a connected MAC address must be reauthenticated Configure Interface...
Page 134 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Add Rule Configures packet filtering based on IP or MAC addresses and other packet attributes Show Rule Shows the rules specified for an ACL Configure Interface Configure Binds a port to the specified ACL and time range...
Page 135 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Administration System Configure Global Stores error messages in local memory Show System Logs Shows logged error messages Remote Configures the logging of messages to a remote logging process SMTP Sends an SMTP client message to a participating server LLDP...
Page 136 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Community Shows community strings and access mode Add SNMPv3 Local User Configures SNMPv3 users on this switch Show SNMPv3 Local User Shows SNMPv3 users configured on this switch Change SNMPv3 Local User Group Assign a local user to a new group...
Page 137 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Candidate Shows candidate members Show Member Shows cluster switch member; managed switch members ERPS Ethernet Ring Protection Switching Configure Global Activates ERPS globally Configure Domain Creates an ERPS ring...
Page 138 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Information Show Local MEP Shows the MEPs configured on this device Show Local MEP Details Displays detailed CFM information about a specified local MEP in the continuity check database Show Local MIP Shows the MIPs on this device discovered by the CFM protocol...
Page 139 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Routing Static Routes Configures static routing entries Show Shows static routing entries Routing Table Show Information Shows all routing entries, including local, static and dynamic routes Configure ECMP Number Sets the maximum number of equal-cost paths to the same...
Page 140 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page IP Service Domain Name Service General Configure Global Enables DNS lookup; defines the default domain name appended to incomplete host names Add Domain Name Defines a list of domain names that can be appended to incomplete host names...
Page 141 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page UDP Helper General Enables UDP helper globally on the switch Forwarding Specifies the UDP destination ports for which broadcast traffic will be forwarded Show Shows the list of UDP ports to which broadcast traffic will be...
Page 142 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Shows configured IGMP filter profiles Add Multicast Group Range Assigns multicast groups to selected profile Show Multicast Group Range Shows multicast groups assigned to a profile Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling...
Page 143 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Multicast Routing General Globally enables IPv4 multicast routing Information Show Summary Shows each multicast route the switch has learned Show Details Shows additional information for each multicast route the switch has learned, including RP address, upstream router, and downstream interfaces...
Page 144 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Configure Domain Enables MVR for a domain, sets the MVR VLAN, forwarding priority, and upstream source IP Configure Profile Configures multicast stream addresses Show Shows multicast stream addresses Associate Profile...
Page 145 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Neighbor Address Configures the router to directly exchange routing information with a static neighbor Show Shows adjacent hosts or interfaces configured as a neighboring router Redistribute Imports external routing information from other routing domains...
Page 146 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page Show Information Shows statistics for each area, including SPF startups, ABR/ASBR count, LSA count, and LSA checksum Area Range Configures route summaries to advertise at an area boundary Show Shows route summaries advertised at an area boundary Modify...
Page 147 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 6: Switch Main Menu (Continued) Menu Description Page RP Address Sets a static address for an RP and the associated multicast group(s) Show Shows the static addresses configured for each RP and the associated multicast groups RP Candidate Advertises the switch as an RP candidate to the BSR for the...
Page 148 | Using the Web Interface HAPTER Navigating the Web Browser Interface – 148 –...
Page 149: Basic
ASIC ANAGEMENT ASKS This chapter describes the following topics: Displaying System Information – Provides basic system description, ◆ including contact information. Displaying Hardware/Software Versions – Shows the hardware version, ◆ power status, and firmware versions Configuring Support for Jumbo Frames –...
Page 150 | Basic Management Tasks HAPTER Displaying System Information ARAMETERS These parameters are displayed: System Description – Brief description of device type. ◆ System Object ID – MIB II object ID for switch’s network ◆ management subsystem. System Up Time – Length of time the management agent has been ◆...
Page 151: Displaying Hardware/Software Versions
| Basic Management Tasks HAPTER Displaying Hardware/Software Versions ISPLAYING ARDWARE OFTWARE ERSIONS Use the System > Switch page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. CLI R EFERENCES ◆...
Page 152: Configuring Support For Jumbo Frames
| Basic Management Tasks HAPTER Configuring Support for Jumbo Frames NTERFACE To view hardware and software version information. Click System, then Switch. Figure 4: General Switch Information ONFIGURING UPPORT FOR UMBO RAMES Use the System > Capability page to configure support for layer 2 jumbo frames.
Page 153: Displaying Bridge Extension Capabilities
| Basic Management Tasks HAPTER Displaying Bridge Extension Capabilities ARAMETERS The following parameters are displayed: Jumbo Frame – Configures support for jumbo frames. ◆ (Default: Disabled) NTERFACE To configure support for jumbo frames: Click System, then Capability. Enable or disable support for jumbo frames. Click Apply.
Page 154 | Basic Management Tasks HAPTER Displaying Bridge Extension Capabilities VLAN Learning – This switch uses Independent VLAN Learning (IVL), ◆ where each port maintains its own filtering database. Local VLAN Capable – This switch does not support multiple local ◆ bridges outside of the scope of 802.1Q defined VLANs.
Page 155: Managing System Files
| Basic Management Tasks HAPTER Managing System Files ANAGING YSTEM ILES This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files. Use the System > File (Copy) page to upload/download firmware or OPYING ILES VIA configuration settings using FTP, TFTP or HTTP.
Page 156 | Basic Management Tasks HAPTER Managing System Files File Name – The file name should not contain slashes (\ or /), the ◆ leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters for files on the switch or 128 characters for files on the server.
Page 157: Saving The Running Configuration To A Local File
| Basic Management Tasks HAPTER Managing System Files Figure 7: Copy Firmware If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu. Use the System > File (Copy) page to save the current configuration AVING THE UNNING settings to a local file on the switch.
Page 158: Setting The Start-Up File
| Basic Management Tasks HAPTER Managing System Files NTERFACE To save the running configuration file: Click System, then File. Select Copy from the Action list. Select Running-Config from the Copy Type list. Select the current startup file on the switch to overwrite or specify a new file name.
Page 159: Showing System Files
| Basic Management Tasks HAPTER Managing System Files Figure 9: Setting Start-Up Files To start using the new firmware or configuration settings, reboot the system via the System > Reset menu. Use the System > File (Show) page to show the files in the system HOWING directory, or to delete a file.
Page 160: Automatic Operation Code Upgrade
NetBSD, OpenBSD, and most Linux distributions, etc.) are case- sensitive, meaning that two files in the same directory, ecs4660-28f.bix and ECS4660-28F.BIX are considered to be unique files. Thus, if the upgrade file is stored as ECS4660-28F.BIX (or even Ecs4660-28f.bix) on a case-sensitive server, then the switch (requesting ECS4660- 28F.bix) will not be upgraded because the server does not recognize...
Page 161 Automatic Upgrade Location URL – Defines where the switch should ◆ search for the operation code upgrade file. The last character of this URL must be a forward slash (“/”). The ECS4660-28F.bix filename must not be included since it is automatically appended by the switch. (Options: ftp, tftp)
Page 162 | Basic Management Tasks HAPTER Managing System Files ftp://[username[:password@]]host[/filedir]/ ftp:// – Defines FTP protocol for the server connection. ■ username – Defines the user name for the FTP connection. If the ■ user name is omitted, then “anonymous” is the assumed user name for the connection.
Page 163 | Basic Management Tasks HAPTER Managing System Files ftp://switches:upgrade@192.168.0.1/switches/opcode/ ■ The user name is “switches” and the password is “upgrade”. The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the FTP root. NTERFACE To configure automatic code upgrade: Click System, then File.
Page 164: Setting The System Clock
| Basic Management Tasks HAPTER Setting the System Clock ETTING THE YSTEM LOCK Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.
Page 165: Setting The Sntp Polling Interval
| Basic Management Tasks HAPTER Setting the System Clock Figure 12: Manually Setting the System Clock Use the System > Time (Configure General - SNTP) page to set the polling SNTP ETTING THE interval at which the switch will query the specified time servers. OLLING NTERVAL CLI R...
Page 166: Configuring Ntp
| Basic Management Tasks HAPTER Setting the System Clock Figure 13: Setting the Polling Interval for SNTP Use the System > Time (Configure General - NTP) page to configure NTP ONFIGURING authentication and show the polling interval at which the switch will query the specified time servers.
Page 167: Configuring Time Servers
| Basic Management Tasks HAPTER Setting the System Clock Figure 14: Configuring NTP Use the System > Time (Configure Time Server) pages to specify the IP ONFIGURING address for NTP/SNTP time servers, or to set the authentication key for ERVERS NTP time servers.
Page 168 | Basic Management Tasks HAPTER Setting the System Clock Figure 15: Specifying SNTP Time Servers NTP T PECIFYING ERVERS Use the System > Time (Configure Time Server – Add NTP Server) page to add the IP address for up to 50 NTP time servers. CLI R EFERENCES "ntp server"...
Page 169 | Basic Management Tasks HAPTER Setting the System Clock Figure 16: Adding an NTP Time Server To show the list of configured NTP time servers: Click System, then Time. Select Configure Time Server from the Step list. Select Show NTP Server from the Action list. Figure 17: Showing the NTP Time Server List NTP A PECIFYING...
Page 170 | Basic Management Tasks HAPTER Setting the System Clock NTERFACE To add an entry to NTP authentication key list: Click System, then Time. Select Configure Time Server from the Step list. Select Add NTP Authentication Key from the Action list. Enter the index number and MD5 authentication key string.
Page 171: Setting The Time Zone
| Basic Management Tasks HAPTER Setting the System Clock Use the System > Time (Configure Time Zone) page to set the time zone. ETTING THE SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Page 172: Configuring The Console Port
| Basic Management Tasks HAPTER Configuring the Console Port ONFIGURING THE ONSOLE Use the System > Console menu to configure connection parameters for the switch’s console port. You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port.
Page 173 | Basic Management Tasks HAPTER Configuring the Console Port The password for the console connection can only be configured through the CLI (see "password" on page 928). Password checking can be enabled or disabled for logging in to the console connection (see "login"...
Page 174: Configuring Telnet Settings
| Basic Management Tasks HAPTER Configuring Telnet Settings ONFIGURING ELNET ETTINGS Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection. You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other parameters set, including the TCP port number, time outs, and a password.
Page 175: Displaying Cpu Utilization
| Basic Management Tasks HAPTER Displaying CPU Utilization authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch. NTERFACE To configure parameters for the console port: Click System, then Telnet.
Page 176: Displaying Memory Utilization
| Basic Management Tasks HAPTER Displaying Memory Utilization NTERFACE To display CPU utilization: Click System, then CPU Utilization. Change the update interval if required. Note that the interval is changed as soon as a new setting is selected. Figure 23: Displaying CPU Utilization ISPLAYING EMORY TILIZATION...
Page 177: Resetting The System
| Basic Management Tasks HAPTER Resetting the System NTERFACE To display memory utilization: Click System, then Memory Status. Figure 24: Displaying Memory Utilization ESETTING THE YSTEM Use the System > Reset menu to restart the switch immediately, at a specified time, after a specified delay, or at a periodic interval. CLI R EFERENCES "reload (Privileged Exec)"...
Page 178 | Basic Management Tasks HAPTER Resetting the System System Reload Configuration Reset Mode – Restarts the switch immediately or at the specified ◆ time(s). Immediately – Restarts the system immediately. ■ In – Specifies an interval after which to reload the switch. ■...
Page 179 | Basic Management Tasks HAPTER Resetting the System For any option other than to reset immediately, fill in the required parameters Click Apply. When prompted, confirm that you want reset the switch. Figure 25: Restarting the Switch (Immediately) Figure 26: Restarting the Switch (In) –...
Page 180 | Basic Management Tasks HAPTER Resetting the System Figure 27: Restarting the Switch (At) Figure 28: Restarting the Switch (Regularly) – 180 –...
Page 181: Interface
NTERFACE ONFIGURATION This chapter describes the following topics: Port Configuration – Configures connection settings, including auto- ◆ negotiation, or manual setting of speed, duplex mode, and flow control. Local Port Mirroring – Sets the source and target ports for mirroring on ◆...
Page 182: Port Configuration
| Interface Configuration HAPTER Port Configuration ONFIGURATION This section describes how to configure port connections, mirror traffic from one port to another, and run cable diagnostics. Use the Interface > Port > General (Configure by Port List) page to enable/ ONFIGURING BY disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
Page 183 | Interface Configuration HAPTER Port Configuration less than the configured port MTU, including the CRC at the end of the frame. For QinQ, the overall frame size is still calculated as described above, ◆ and does not add the length of the second tag to the frame. ARAMETERS These parameters are displayed: Port –...
Page 184: Configuring By Port Range
| Interface Configuration HAPTER Port Configuration 1000Base-SX/LX/LH (SFP) – 1000full 10GBase-SR/LR/ER (XFP/SFP+) - 10Gfull Speed/Duplex – Allows you to manually set the port speed and duplex ◆ mode. (i.e., with auto-negotiation disabled) Flow Control – Allows automatic or manual selection of flow control. ◆...
Page 185: Displaying Connection Status
| Interface Configuration HAPTER Port Configuration NTERFACE To configure port connection parameters: Click Interface, Port, General. Select Configure by Port Range from the Action List. Enter to range of ports to which your configuration changes apply. Modify the required interface settings. Click Apply.
Page 186 | Interface Configuration HAPTER Port Configuration Autonegotiation – Shows if auto-negotiation is enabled or disabled. ◆ Oper Speed Duplex – Shows the current speed and duplex mode. ◆ Oper Flow Control – Shows the flow control type used. ◆ MTU Size – The maximum transfer unit (MTU) allowed for layer 2 ◆...
Page 187 | Interface Configuration HAPTER Port Configuration destination port on this switch (remote port mirroring as described in "Configuring Remote Port Mirroring" on page 188). Monitor port speed should match or exceed source port speed, ◆ otherwise traffic may be dropped from the monitor port. When mirroring port traffic, the target port must be included in the ◆...
Page 188 | Interface Configuration HAPTER Port Configuration To display the configured mirror sessions: Click Interface, Port, Mirror. Select Show from the Action List. Figure 34: Displaying Local Port Mirror Sessions Use the Interface > RSPAN page to mirror traffic from remote switches for ONFIGURING EMOTE analysis at a destination port on the local switch.
Page 189 | Interface Configuration HAPTER Port Configuration OMMAND SAGE ◆ Traffic can be mirrored from one or more source ports to a destination port on the same switch (local port mirroring as described in "Configuring Local Port Mirroring" on page 186), or from one or more source ports on remote switches to a destination port on this switch (remote port mirroring as described in this section).
Page 190 | Interface Configuration HAPTER Port Configuration still be configured. When RSPAN uplink ports are enabled on the switch, 802.1X cannot be enabled globally. Port Security – If port security is enabled on any port, that port ■ cannot be set as an RSPAN uplink port, even though it can still be configured as an RSPAN source or destination port.
Page 191 | Interface Configuration HAPTER Port Configuration Type – Specifies the traffic type to be mirrored remotely. (Options: Rx, ◆ Tx, Both) Destination Port – Specifies the destination port to monitor the traffic ◆ mirrored from the source ports. Only one destination port can be configured on the same switch per session, but a destination port can be configured on more than one switch for the same session.
Page 192 | Interface Configuration HAPTER Port Configuration Figure 37: Configuring Remote Port Mirroring (Intermediate) Figure 38: Configuring Remote Port Mirroring (Destination) Use the Interface > Port/Trunk > Statistics or Chart page to display HOWING ORT OR standard statistics on network traffic from the Interfaces Group and RUNK TATISTICS Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the...
Page 193: Table 7: Port Statistics
| Interface Configuration HAPTER Port Configuration ARAMETERS These parameters are displayed: Table 7: Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface, including framing characters. Transmitted Octets The total number of octets transmitted out of the interface, including framing characters.
Page 194 | Interface Configuration HAPTER Port Configuration Table 7: Port Statistics (Continued) Parameter Description Frames Too Long A count of frames received on a particular interface that exceed the maximum permitted frame size. Alignment Errors The number of alignment errors (missynchronized data packets). FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check.
Page 195 | Interface Configuration HAPTER Port Configuration Table 7: Port Statistics (Continued) Parameter Description Utilization Statistics Input Octets in kbits per Number of octets entering this interface in kbits/second. second Input Packets per second Number of packets entering this interface per second. Input Utilization The input utilization rate for this interface.
Page 196 | Interface Configuration HAPTER Port Configuration To show a chart of port statistics: Click Interface, Port, Chart. Select the statistics mode to display (Interface, Etherlike, RMON or All). If Interface, Etherlike, RMON statistics mode is chosen, select a port from the drop-down list. If All (ports) statistics mode is chosen, select the statistics type to display.
Page 197 | Interface Configuration HAPTER Port Configuration OMMAND SAGE For a description of the statistics displayed on these pages, see "Showing Port or Trunk Statistics" on page 192. ARAMETERS These parameters are displayed: ◆ Port – Port number. (Range: 1-28) History Name – Name of sample interval. (Range: 1-32 characters) ◆...
Page 198 | Interface Configuration HAPTER Port Configuration Select an interface from the Port or Trunk list. Enter the sample name, the interval, and the number of buckets requested. Click Apply. Figure 41: Configuring a History Sample To show the configured entries for a history sample: Click Interface, Port, Statistics, or Interface, Trunk, Statistics.
Page 199 | Interface Configuration HAPTER Port Configuration Figure 43: Showing Status of Statistical History Sample To show statistics for the current interval of a sample entry: Click Interface, Port, Statistics, or Interface, Trunk, Statistics. Select Show Details from the Action menu. Select Current Entry from the options for Mode.
Page 200 | Interface Configuration HAPTER Port Configuration To show ingress or egress traffic statistics for a sample entry: Click Interface, Port, Statistics, or Interface, Trunk, Statistics. Select Show Details from the Action menu. Select Input Previous Entry or Output Previous Entry from the options for Mode.
Page 201 | Interface Configuration HAPTER Port Configuration for Optical Transceivers. This information allows administrators to remotely diagnose problems with optical devices. This feature, referred to as Digital Diagnostic Monitoring (DDM) provides information on transceiver parameters. NTERFACE To display identifying information and functional parameters for optical transceivers: Click Interface, Port, Transceiver.
Page 202 | Interface Configuration HAPTER Port Configuration "transceiver-threshold voltage" on page 1210 ◆ "show interfaces transceiver-threshold" on page 1212 ◆ ARAMETERS These parameters are displayed: Port – Port number. (Range: 1-28) ◆ General – Information on connector type and vendor-related ◆ parameters.
Page 203 | Interface Configuration HAPTER Port Configuration Threshold values for alarm and warning messages can be configured as described below. A high-threshold alarm or warning message is sent if the current ■ value is greater than or equal to the threshold, and the last sample value was less than the threshold.
Page 204 | Interface Configuration HAPTER Trunk Configuration RUNK ONFIGURATION This section describes how to configure static and dynamic trunks. You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two devices.
Page 205 | Interface Configuration HAPTER Trunk Configuration Use the Interface > Trunk > Static page to create a trunk, assign member ONFIGURING A ports, and configure the connection parameters. TATIC RUNK Figure 48: Configuring Static Trunks statically configured active links CLI R EFERENCES "Link Aggregation Commands"...
Page 206 | Interface Configuration HAPTER Trunk Configuration Set the unit and port for the initial trunk member. Click Apply. Figure 49: Creating Static Trunks To add member ports to a static trunk: Click Interface, Trunk, Static. Select Configure Trunk from the Step list. Select Add Member from the Action list.
Page 207 | Interface Configuration HAPTER Trunk Configuration Figure 51: Configuring Connection Parameters for a Static Trunk To display trunk connection parameters: Click Interface, Trunk, Static. Select Configure General from the Step list. Select Show Information from the Action list. Figure 52: Showing Information for Static Trunks Use the Interface >...
Page 208 | Interface Configuration HAPTER Trunk Configuration CLI R EFERENCES ◆ "Link Aggregation Commands" on page 1215 OMMAND SAGE To avoid creating a loop in the network, be sure you enable LACP before ◆ connecting the ports, and also disconnect the ports before disabling LACP.
Page 209 | Interface Configuration HAPTER Trunk Configuration the transmit LACPDU interval to 1 second. When it receives an LACPDU set with a long timeout from the actor, it adjusts the transmit LACPDU interval to 30 seconds. If the actor does not receive an LACPDU from its partner before the configured timeout expires, the partner port information will be deleted from the LACP group.
Page 210 | Interface Configuration HAPTER Trunk Configuration Configuring LACP settings for a port only applies to its administrative state, not its operational state, and will only take effect the next time an aggregate link is established with that port. Configuring the port partner sets the remote side of an aggregate link;...
Page 211 | Interface Configuration HAPTER Trunk Configuration Figure 55: Enabling LACP on a Port To configure LACP parameters for group members: Click Interface, Trunk, Dynamic. Select Configure Aggregation Port from the Step list. Select Configure from the Action list. Click Actor or Partner. Configure the required settings.
Page 212 | Interface Configuration HAPTER Trunk Configuration To show the active members of a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step List. Select Show Member from the Action List. Select a Trunk. Figure 57: Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic.
Page 213: Table 8: Lacp Port Counters
| Interface Configuration HAPTER Trunk Configuration Select Show from the Action List. Figure 59: Displaying Connection Parameters for Dynamic Trunks Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show LACP ISPLAYING Information - Counters) page to display statistics for LACP protocol OUNTERS messages.
Page 214: Table 9: Lacp Internal Configuration Information
| Interface Configuration HAPTER Trunk Configuration Figure 60: Displaying LACP Port Counters Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show LACP ISPLAYING Information - Internal) page to display the configuration settings and ETTINGS AND TATUS operational state for the local side of a link aggregation. FOR THE OCAL CLI R...
Page 215 | Interface Configuration HAPTER Trunk Configuration Table 9: LACP Internal Configuration Information (Continued) Parameter Description Aggregation – The system considers this link to be aggregatable; ◆ i.e., a potential candidate for aggregation. Long timeout – Periodic transmission of LACPDUs uses a slow ◆...
Page 216: Table 10: Lacp Remote Device Configuration Information
| Interface Configuration HAPTER Trunk Configuration Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show LACP ISPLAYING Information - Neighbors) page to display the configuration settings and ETTINGS AND TATUS operational state for the remote side of a link aggregation. FOR THE EMOTE CLI R...
Page 217 | Interface Configuration HAPTER Trunk Configuration Figure 62: Displaying LACP Port Remote Information Use the Interface > Trunk > Load Balance page to set the load-distribution ONFIGURING method used among ports in aggregated links. ALANCING CLI R EFERENCES "port channel load-balance" on page 992 ◆...
Page 218 | Interface Configuration HAPTER Trunk Configuration trunk. This mode works best for switch-to-router trunk links where traffic through the switch is received from and destined for many different hosts. Source and Destination MAC Address: All traffic with the same ■ source and destination MAC address is output on the same link in a trunk.
Page 219 | Interface Configuration HAPTER Traffic Segmentation Figure 63: Configuring Load Balancing RAFFIC EGMENTATION If tighter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider, port-based traffic segmentation can be used to isolate traffic for individual clients.
Page 220: Table 11: Traffic Segmentation Forwarding
| Interface Configuration HAPTER Traffic Segmentation Mark the Status check box, and set the required uplink-to-uplink mode. Click Apply. Figure 64: Enabling Traffic Segmentation Use the Interface > Traffic Segmentation (Configure Session) page to ONFIGURING PLINK assign the downlink and uplink ports to use in the segmented group. Ports OWNLINK ORTS designated as downlink ports can not communicate with any other ports on...
Page 221 | Interface Configuration HAPTER Traffic Segmentation A port can only be assigned to one traffic-segmentation session. ◆ A downlink port can only communicate with an uplink port in the same ◆ session. Therefore, if an uplink port is not configured for a session, the assigned downlink ports will not be able to communicate with any other ports.
Page 222 | Interface Configuration HAPTER VLAN Trunking To show the members of the traffic segmentation group: Click Interface, Traffic Segmentation. Select Configure Session from the Step list. Select Show from the Action list. Figure 66: Showing Traffic Segmentation Members VLAN T RUNKING Use the Interface >...
Page 223 | Interface Configuration HAPTER VLAN Trunking connecting VLANs 1 and 2, you only need to create these VLAN groups in switches A and B. Switches C, D and E automatically allow frames with VLAN group tags 1 and 2 (groups that are unknown to those switches) to pass through their VLAN trunking ports.
Page 224 | Interface Configuration HAPTER VLAN Trunking Figure 68: Configuring VLAN Trunking – 224 –...
Page 225: Vlan C Onfiguration
VLAN C ONFIGURATION This chapter includes the following topics: IEEE 802.1Q VLANs – Configures static and dynamic VLANs. ◆ Private VLANs – Configures private VLANs, using primary for ◆ unrestricted upstream access and community groups which are restricted to other local group members or to the ports in the associated primary group.
Page 226 | VLAN Configuration HAPTER IEEE 802.1Q VLANs VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.
Page 227 | VLAN Configuration HAPTER IEEE 802.1Q VLANs VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port).
Page 228 | VLAN Configuration HAPTER IEEE 802.1Q VLANs Figure 70: Using GVRP Port-based VLAN 10 11 15 16 Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you should create a VLAN for that group and enable tagging on all ports.
Page 229 | VLAN Configuration HAPTER IEEE 802.1Q VLANs Remote VLAN – Reserves this VLAN for RSPAN (see "Configuring ◆ Remote Port Mirroring" on page 188). L3 Interface – Sets the interface to support Layer 3 configuration, and ◆ reserves memory space required to maintain additional information about this interface type.
Page 230 | VLAN Configuration HAPTER IEEE 802.1Q VLANs Figure 71: Creating Static VLANs To modify the configuration settings for VLAN groups: Click VLAN, Static. Select Modify from the Action list. Select the identifier of a configured VLAN. Modify the VLAN name, operational status, or Layer 3 Interface status as required.
Page 231 | VLAN Configuration HAPTER IEEE 802.1Q VLANs To show the configuration settings for VLAN groups: Click VLAN, Static. Select Show from the Action list. Figure 73: Showing Static VLANs Use the VLAN > Static pages to configure port members for the selected DDING TATIC VLAN index, interface, or a range of interfaces.
Page 232 | VLAN Configuration HAPTER IEEE 802.1Q VLANs belonging to the port’s default VLAN (i.e., associated with the PVID) are also transmitted as tagged frames. PVID – VLAN ID assigned to untagged frames received on the interface. ◆ (Default: 1) If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN, the interface will automatically be added to VLAN 1 as an untagged member.
Page 233 | VLAN Configuration HAPTER IEEE 802.1Q VLANs VLAN 1 is the default untagged VLAN containing all ports on the switch. Edit Member by Interface All parameters are the same as those described under the preceding section for Edit Member by VLAN. Edit Member by Interface Range All parameters are the same as those described under the earlier section for Edit Member by VLAN, except for the items shown below.
Page 234 | VLAN Configuration HAPTER IEEE 802.1Q VLANs Figure 74: Configuring Static Members by VLAN Index To configure static members by interface: Click VLAN, Static. Select Edit Member by Interface from the Action list. Select a port or trunk configure. Modify the settings for any interface as required. Click Apply.
Page 235 | VLAN Configuration HAPTER IEEE 802.1Q VLANs Set the Interface type to display as Port or Trunk. Enter an interface range. Modify the VLAN parameters as required. Remember that the PVID, acceptable frame type, and ingress filtering parameters for each interface within the specified range must be configured on either the Edit Member by VLAN or Edit Member by Interface page.
Page 236 | VLAN Configuration HAPTER IEEE 802.1Q VLANs GVRP Status – Enables/disables GVRP for the interface. GVRP must be ◆ globally enabled for the switch before this setting can take effect (using the Configure General page). When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.
Page 237 | VLAN Configuration HAPTER IEEE 802.1Q VLANs Figure 77: Configuring Global Status of GVRP To configure GVRP status and timers on a port or trunk: Click VLAN, Dynamic. Select Configure Interface from the Step list. Set the Interface type to display as Port or Trunk. Modify the GVRP status or timers for any interface.
Page 238 | VLAN Configuration HAPTER Private VLANs Figure 79: Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN: Click VLAN, Dynamic. Select Show Dynamic VLAN from the Step list. Select Show VLAN Members from the Action list. Figure 80: Showing the Members of a Dynamic VLAN VLAN RIVATE...
Page 239 | VLAN Configuration HAPTER Private VLANs To configure primary/secondary associated groups, follow these steps: Use the Configure VLAN (Add) page to designate one or more community VLANs, and the primary VLAN that will channel traffic outside of the VLAN groups. Use the Configure VLAN (Add Community VLAN) page to map a community VLAN to the primary VLAN.
Page 240 | VLAN Configuration HAPTER Private VLANs Figure 81: Configuring Private VLANs To display a list of private VLANs in the web interface: Click VLAN, Private. Select Configure VLAN from the Step list. Select Show from the Action list. Figure 82: Showing Private VLANs All member ports must be removed from the VLAN before it can be deleted.
Page 241 | VLAN Configuration HAPTER Private VLANs NTERFACE To associate a community VLAN with a primary VLAN in the web interface: Click VLAN, Private. Select Configure VLAN from the Step list. Select Add Community VLAN from the Action list. Select an entry from the Primary VLAN list. Select an entry from the Community VLAN list to associate it with the selected primary VLAN.
Page 242 | VLAN Configuration HAPTER Private VLANs Use the VLAN > Private (Configure Interface) page to set the private VLAN ONFIGURING RIVATE interface type, and assign the interfaces to a private VLAN. VLAN I NTERFACES CLI R EFERENCES "switchport private-vlan mapping" on page 1370 ◆...
Page 243 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling Click Apply. Figure 85: Configuring Interfaces for Private VLANs IEEE 802.1Q T UNNELING IEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs.
Page 244 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling When a double-tagged packet enters another trunk port in an intermediate or core switch in the service provider’s network, the outer tag is stripped for packet processing. When the packet exits another trunk port on the same core switch, the same SPVLAN tag is again added to the packet.
Page 245 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling After packet classification through the switching process, the packet is written to memory with one tag (an outer tag) or with two tags (both an outer tag and inner tag). The switch sends the packet to the proper egress port. If the egress port is an untagged member of the SPVLAN, the outer tag will be stripped.
Page 246 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling The switch sends the packet to the proper egress port. If the egress port is an untagged member of the SPVLAN, the outer tag will be stripped. If it is a tagged member, the outgoing packet will have two tags.
Page 247 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling Configure the QinQ tunnel uplink port to Uplink mode (see "Adding an Interface to a QinQ Tunnel" on page 250). Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member (see "Adding Static Members to VLANs"...
Page 248 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling Figure 87: Enabling QinQ Tunneling Use the VLAN > Tunnel (Configure Service) page to create a CVLAN to REATING SPVLAN mapping entry. CVLAN SPVLAN APPING NTRIES CLI R EFERENCES "switchport dot1q-tunnel service match cvid" on page 1356 ◆...
Page 249 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling Service VLAN ID – VLAN ID for the outer VLAN tag. (Range: 1-4094) ◆ NTERFACE To configure a mapping entry: Click VLAN, Tunnel. Select Configure Service from the Step list. Select Add from the Action list. Select an interface from the Port list.
Page 250 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling The preceding example sets the SVID to 99 in the outer tag for egress packets exiting port 1 when the packet’s CVID is 2. For a more detailed example, see the switchport dot1q-tunnel service match cvid command.
Page 251 | VLAN Configuration HAPTER Protocol VLANs Click Apply. Figure 90: Adding an Interface to a QinQ Tunnel VLAN ROTOCOL The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 252 | VLAN Configuration HAPTER Protocol VLANs Use the VLAN > Protocol (Configure Protocol - Add) page to create protocol ONFIGURING groups. VLAN ROTOCOL ROUPS CLI R EFERENCES "protocol-vlan protocol-group (Configuring Groups)" on page 1372 ◆ ARAMETERS These parameters are displayed: ◆...
Page 253 | VLAN Configuration HAPTER Protocol VLANs Figure 91: Configuring Protocol VLANs To configure a protocol group: Click VLAN, Protocol. Select Configure Protocol from the Step list. Select Show from the Action list. Figure 92: Displaying Protocol VLANs Use the VLAN > Protocol (Configure Interface - Add) page to map a APPING protocol group to a VLAN for each interface that will participate in the ROTOCOL...
Page 254 | VLAN Configuration HAPTER Protocol VLANs When a frame enters a port that has been assigned to a protocol VLAN, ◆ it is processed in the following manner: If the frame is tagged, it will be processed according to the standard ■...
Page 255 | VLAN Configuration HAPTER Protocol VLANs Figure 93: Assigning Interfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk: Click VLAN, Protocol. Select Configure Interface from the Step list. Select Show from the Action list. Select a port or trunk.
Page 256 | VLAN Configuration HAPTER Configuring IP Subnet VLANs IP S VLAN ONFIGURING UBNET Use the VLAN > IP Subnet page to configure IP subnet-based VLANs. When using port-based classification, all untagged frames received by a port are classified as belonging to the VLAN whose VID (PVID) is associated with that port.
Page 257 | VLAN Configuration HAPTER Configuring IP Subnet VLANs NTERFACE To map an IP subnet to a VLAN: Click VLAN, IP Subnet. Select Add from the Action list. Enter an address in the IP Address field. Enter a mask in the Subnet Mask field. Enter the identifier in the VLAN field.
Page 258 | VLAN Configuration HAPTER Configuring MAC-based VLANs MAC- VLAN ONFIGURING BASED Use the VLAN > MAC-Based page to configure VLAN based on MAC addresses. The MAC-based VLAN feature assigns VLAN IDs to ingress untagged frames according to source MAC addresses. When MAC-based VLAN classification is enabled, untagged frames received by a port are assigned to the VLAN which is mapped to the frame’s source MAC address.
Page 259 | VLAN Configuration HAPTER Configuring VLAN Translation Click Apply. Figure 97: Configuring MAC-Based VLANs To show the MAC addresses mapped to a VLAN: Click VLAN, MAC-Based. Select Show from the Action list. Figure 98: Showing MAC-Based VLANs VLAN T ONFIGURING RANSLATION Use the VLAN >...
Page 260 | VLAN Configuration HAPTER Configuring VLAN Translation to 100 to map VLAN 10 to VLAN 100 for upstream traffic entering port 1, and VLAN 100 to VLAN 10 for downstream traffic leaving port 1 as shown below. Figure 99: Configuring VLAN Translation (VLAN 10) (VLAN 100) upstream...
Page 261 | VLAN Configuration HAPTER Configuring VLAN Translation Figure 100: Configuring VLAN Translation To show the mapping entries for VLANs translation: Click VLAN, Translation. Select Show from the Action list. Figure 101: Showing the Entries for VLAN Translation – 261 –...
Page 262 | VLAN Configuration HAPTER Configuring VLAN Translation – 262 –...
Page 263 DDRESS ABLE ETTINGS Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 264 | Address Table Settings HAPTER Configuring MAC Address Learning Also note that MAC address learning cannot be disabled if any of the ◆ following conditions exist: 802.1X Port Authentication has been globally enabled on the switch ■ (see "Configuring 802.1X Global Settings" on page 424).
Page 265 | Address Table Settings HAPTER Setting Static Addresses ETTING TATIC DDRESSES Use the MAC Address > Static page to configure static MAC addresses. A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 266 | Address Table Settings HAPTER Setting Static Addresses NTERFACE To configure a static MAC address: Click MAC Address, Static. Select Add from the Action list. Specify the VLAN, the port or trunk to which the address will be assigned, the MAC address, and the time to retain this entry. Click Apply.
Page 267 | Address Table Settings HAPTER Changing the Aging Time HANGING THE GING Use the MAC Address > Dynamic (Configure Aging) page to set the aging time for entries in the dynamic address table. The aging time is used to age out dynamically learned forwarding information. CLI R EFERENCES ◆...
Page 268 | Address Table Settings HAPTER Displaying the Dynamic Address Table ISPLAYING THE YNAMIC DDRESS ABLE Use the MAC Address > Dynamic (Show Dynamic MAC) page to display the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port.
Page 269 | Address Table Settings HAPTER Clearing the Dynamic Address Table Figure 106: Displaying the Dynamic MAC Address Table LEARING THE YNAMIC DDRESS ABLE Use the MAC Address > Dynamic (Clear Dynamic MAC) page to remove any learned entries from the forwarding database. CLI R EFERENCES "clear mac-address-table dynamic"...
Page 270 | Address Table Settings HAPTER Clearing the Dynamic Address Table Figure 107: Clearing Entries in the Dynamic MAC Address Table – 270 –...
Page 271 PANNING LGORITHM This chapter describes the following basic topics: Loopback Detection – Configures detection and response to loopback ◆ BPDUs. Global Settings for STA – Configures global bridge settings for STP, ◆ RSTP and MSTP. Interface Settings for STA – Configures interface settings for STA, ◆...
Page 272 | Spanning Tree Algorithm HAPTER Overview lowest cost spanning tree, it enables all root ports and designated ports, and disables all other ports. Network packets are therefore only forwarded between root ports and designated ports, eliminating any possible network loops. Figure 108: STP Root Ports and Designated Ports Designated Root...
Page 273 | Spanning Tree Algorithm HAPTER Overview Figure 109: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree MST 1 (for this Region) Region R MST 2 An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including the Region Name, Revision Level and Configuration Digest –...
Page 274 | Spanning Tree Algorithm HAPTER Configuring Loopback Detection ONFIGURING OOPBACK ETECTION Use the Spanning Tree > Loopback Detection page to configure loopback detection on an interface. When loopback detection is enabled and a port or trunk receives it’s own BPDU, the detection agent drops the loopback BPDU, sends an SNMP trap, and places the interface in discarding mode.
Page 275 | Spanning Tree Algorithm HAPTER Configuring Loopback Detection Shutdown Interval – The duration to shut down the interface. ◆ (Range: 60-86400 seconds; Default: 60 seconds) If an interface is shut down due to a detected loopback, and the release mode is set to “Auto,” the selected interface will be automatically enabled when the shutdown interval has expired.
Page 276 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA ONFIGURING LOBAL ETTINGS FOR Use the Spanning Tree > STA (Configure Global - Configure) page to configure global settings for the spanning tree that apply to the entire switch. CLI R EFERENCES ◆...
Page 277 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA Be careful when switching between spanning tree modes. Changing ■ modes stops all spanning-tree instances for the previous mode and restarts the system in the new mode, temporarily disrupting user traffic.
Page 278 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA Path Cost Method – The path cost is used to determine the best path ◆ between devices. The path cost method is used to determine the range of values that can be assigned to each interface. Long: Specifies 32-bit based values that range from 1-200,000,000.
Page 279 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA Configuration Settings for MSTP Max Instance Numbers – The maximum number of MSTP instances ◆ to which this switch can be assigned. Configuration Digest – An MD5 signature key that contains the VLAN ◆...
Page 280 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA Figure 112: Configuring Global Settings for STA (STP) Figure 113: Configuring Global Settings for STA (RSTP) – 280 –...
Page 281 | Spanning Tree Algorithm HAPTER Displaying Global Settings for STA Figure 114: Configuring Global Settings for STA (MSTP) ISPLAYING LOBAL ETTINGS FOR Use the Spanning Tree > STA (Configure Global - Show Information) page to display a summary of the current bridge STA information that applies to the entire switch.
Page 282 | Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA Root Port – The number of the port on this switch that is closest to the ◆ root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.
Page 283: Table 12: Recommended Sta Path Cost Range
| Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA CLI R EFERENCES ◆ "Spanning Tree Commands" on page 1277 ARAMETERS These parameters are displayed: Interface – Displays a list of ports or trunks. ◆ Spanning Tree – Enables/disables STA on this interface. ◆...
Page 284: Table 13: Default Sta Path Costs
| Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA Table 13: Default STA Path Costs Port Type Short Path Cost Long Path Cost (IEEE 802.1D-1998) (802.1D-2004) Ethernet 65,535 1,000,000 Fast Ethernet 65,535 100,000 Gigabit Ethernet 10,000 10,000 10G Ethernet 1,000 1,000 ◆...
Page 285 | Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA An interface cannot function as an edge port under the following conditions: If spanning tree mode is set to STP (page 276), edge-port mode ■ cannot automatically transition to operational edge-port state using the automatic setting.
Page 286 | Spanning Tree Algorithm HAPTER Displaying Interface Settings for STA Figure 116: Configuring Interface Settings for STA ISPLAYING NTERFACE ETTINGS FOR Use the Spanning Tree > STA (Configure Interface - Show Information) page to display the current status of ports or trunks in the Spanning Tree. CLI R EFERENCES "show spanning-tree"...
Page 287 | Spanning Tree Algorithm HAPTER Displaying Interface Settings for STA The rules defining port status are: A port on a network segment with no other STA compliant bridging ■ device is always forwarding. If two ports of a switch are connected to the same segment and ■...
Page 288 | Spanning Tree Algorithm HAPTER Displaying Interface Settings for STA Figure 117: STA Port Roles R: Root Port Alternate port receives more A: Alternate Port useful BPDUs from another D: Designated Port bridge and is therefore not B: Backup Port selected as the designated port.
Page 289 | Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees ONFIGURING ULTIPLE PANNING REES Use the Spanning Tree > MSTP (Configure Global) page to create an MSTP instance, or to add VLAN groups to an MSTP instance. CLI R EFERENCES "Spanning Tree Commands" on page 1277 ◆...
Page 290 | Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees NTERFACE To create instances for MSTP: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add from the Action list. Specify the MST instance identifier and the initial VLAN member. Additional member can be added using the Spanning Tree >...
Page 291 | Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees To modify the priority for an MST instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Modify from the Action list. Modify the priority for an MSTP Instance. Click Apply.
Page 292 | Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees To add additional VLAN groups to an MSTP instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add Member from the Action list. Select an MST instance from the MST ID list. Enter the VLAN group to add to the instance in the VLAN ID field.
Page 293 | Spanning Tree Algorithm HAPTER Configuring Interface Settings for MSTP MSTP ONFIGURING NTERFACE ETTINGS FOR Use the Spanning Tree > MSTP (Configure Interface - Configure) page to configure the STA interface settings for an MST instance. CLI R EFERENCES "Spanning Tree Commands" on page 1277 ◆...
Page 294 | Spanning Tree Algorithm HAPTER Configuring Interface Settings for MSTP The recommended range is listed in Table 12 on page 283. The default path costs are listed in Table 13 on page 284. NTERFACE To configure MSTP parameters for a port or trunk: Click Spanning Tree, MSTP.
Page 295 ONGESTION ONTROL The switch can set the maximum upload or download data transfer rate for any port. It can also control traffic storms by setting a maximum threshold for broadcast traffic or multicast traffic. It can also set bounding thresholds for broadcast and multicast storms which can be used to automatically trigger rate limits or to shut down a port.
Page 296 | Congestion Control HAPTER Storm Control Rate – Sets the rate limit level. ◆ (Range: 64 - 1,000,000 kbits per second for Gigabit Ethernet ports; 64 - 10,000,000 kbits per second for 10 Gigabit Ethernet ports) NTERFACE To configure rate limits: Click Traffic, Rate Limit.
Page 297 | Congestion Control HAPTER Storm Control When traffic exceeds the threshold specified for broadcast and ◆ multicast or unknown unicast traffic, packets exceeding the threshold are dropped until the rate falls back down beneath the threshold. Traffic storms can be controlled at the hardware level using Storm ◆...
Page 298 | Congestion Control HAPTER Automatic Traffic Control Click Apply. Figure 128: Configuring Storm Control UTOMATIC RAFFIC ONTROL Use the Traffic > Congestion Control > Auto Traffic Control pages to configure bounding thresholds for broadcast and multicast storms which can automatically trigger rate limits or shut down a port. CLI R EFERENCES ◆...
Page 299 | Congestion Control HAPTER Automatic Traffic Control The key elements of this diagram are described below: Alarm Fire Threshold – The highest acceptable traffic rate. When ◆ ingress traffic exceeds the threshold, ATC sends a Storm Alarm Fire Trap and logs it. When traffic exceeds the alarm fire threshold and the apply timer ◆...
Page 300 | Congestion Control HAPTER Automatic Traffic Control Use the Traffic > Auto Traffic Control (Configure Global) page to set the ETTING THE time at which to apply the control response after ingress traffic has ATC T IMERS exceeded the upper threshold, and the time at which to release the control response after ingress traffic has fallen beneath the lower threshold.
Page 301 | Congestion Control HAPTER Automatic Traffic Control Figure 131: Configuring ATC Timers Use the Traffic > Auto Traffic Control (Configure Interface) page to set the ONFIGURING storm control mode (broadcast or multicast), the traffic thresholds, the HRESHOLDS AND control response, to automatically release a response of rate limiting, or to ESPONSES send related SNMP trap messages.
Page 302 | Congestion Control HAPTER Automatic Traffic Control Auto Release Control – Automatically stops a traffic control response ◆ of rate limiting when traffic falls below the alarm clear threshold and the release timer expires as illustrated in Figure 129 on page 298.
Page 303 | Congestion Control HAPTER Automatic Traffic Control NTERFACE To configure the response timers for automatic storm control: Click Traffic, Automatic Traffic Control. Select Configure Interface from the Step field. Enable or disable ATC as required, set the control response, specify whether or not to automatically release the control response of rate limiting, set the upper and lower thresholds, and specify which trap messages to send.
Page 304 | Congestion Control HAPTER Automatic Traffic Control – 304 –...
Page 305 LASS OF ERVICE Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 306 | Class of Service HAPTER Layer 2 Queue Settings frames. If the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will be used. If the output port is an untagged member of the associated VLAN, ◆...
Page 307 | Class of Service HAPTER Layer 2 Queue Settings OMMAND SAGE ◆ Strict priority requires all traffic in a higher priority queue to be processed before lower priority queues are serviced. WRR queuing specifies a relative weight for each queue. WRR uses a ◆...
Page 308 | Class of Service HAPTER Layer 2 Queue Settings weighted service for the remaining queues. Use this parameter to specify the queues assigned to use strict priority. (Default: Disabled) Weight – Sets a weight for each queue which is used by the WRR ◆...
Page 309: Table 14: Ieee 802.1P Egress Queue Priority Mapping
| Class of Service HAPTER Layer 2 Queue Settings Figure 136: Setting the Queue Mode (Strict and WRR) Use the Traffic > Priority > PHB to Queue page to specify the hardware APPING ALUES output queues to use based on the internal per-hop behavior value. (For GRESS UEUES more information on exact manner in which the ingress priority tags are...
Page 310: Table 15: Cos Priority Levels
| Class of Service HAPTER Layer 2 Queue Settings Table 15: CoS Priority Levels Priority Level Traffic Type Background (Spare) 0 (default) Best Effort Excellent Effort Controlled Load Video, less than 100 milliseconds latency and jitter Voice, less than 10 milliseconds latency and jitter Network Control CLI R EFERENCES...
Page 311 | Class of Service HAPTER Layer 2 Queue Settings Map an internal PHB to a hardware queue. Depending on how an ingress packet is processed internally based on its CoS value, and the assigned output queue, the mapping done on this page can effectively determine the service priority for different traffic classes.
Page 312 | Class of Service HAPTER Layer 3/4 Priority Settings 3/4 P AYER RIORITY ETTINGS Mapping Layer 3/4 Priorities to CoS Values The switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet, or the number of the TCP/UDP port.
Page 313 | Class of Service HAPTER Layer 3/4 Priority Settings If the QoS mapping mode is set to CoS, and the ingress packet type is ◆ IPv4, then priority processing will be based on the CoS and CFI values in the ingress packet. For an untagged packet, the default port priority (see page 305) is used...
Page 314 | Class of Service HAPTER Layer 3/4 Priority Settings Use the Traffic > Priority > DSCP to DSCP page to map DSCP values in APPING NGRESS incoming packets to per-hop behavior and drop precedence values for DSCP V ALUES TO internal priority processing.
Page 315: Table 17: Default Mapping Of Dscp Values To Internal Phb/Drop Values
| Class of Service HAPTER Layer 3/4 Priority Settings Table 17: Default Mapping of DSCP Values to Internal PHB/Drop Values ingress- dscp1 ingress- dscp10 The ingress DSCP is composed of ingress-dscp10 (most significant digit in the left column) and ingress-dscp1 (least significant digit in the top row (in other words, ingress-dscp = ingress-dscp10 * 10 + ingress-dscp1);...
Page 316 | Class of Service HAPTER Layer 3/4 Priority Settings Select a port. Figure 141: Showing DSCP to DSCP Internal Mapping Use the Traffic > Priority > CoS to DSCP page to maps CoS/CFI values in APPING incoming packets to per-hop behavior and drop precedence values for RIORITIES priority processing.
Page 317: Table 18: Default Mapping Of Cos/Cfi To Internal Phb/Drop Precedence
| Class of Service HAPTER Layer 3/4 Priority Settings CFI – Canonical Format Indicator. Set to this parameter to “0” to ◆ indicate that the MAC address information carried in the frame is in canonical format. (Range: 0-1) PHB – Per-hop behavior, or the priority used for this router hop. ◆...
Page 318 | Class of Service HAPTER Layer 3/4 Priority Settings To show the CoS/CFI to internal PHB/drop precedence map: Click Traffic, Priority, CoS to DSCP. Select Show from the Action list. Select a port. Figure 143: Showing CoS to DSCP Internal Mapping Use the Traffic >...
Page 319: Table 19: Mapping Internal Phb/Drop Precedence To Cos/Cfi Values
| Class of Service HAPTER Layer 3/4 Priority Settings CoS – Class-of-Service value. (Range: 0-7) ◆ CFI – Canonical Format Indicator. Set to this parameter to “0” to ◆ indicate that the MAC address information carried in the frame is in canonical format.
Page 320: Table 20: Mapping Ip Precedence
| Class of Service HAPTER Layer 3/4 Priority Settings To show the DSCP to CoS egress map in the web interface: Click Traffic, Priority, DSCP to CoS. Select Show from the Action list. Select a port. Figure 145: Showing DSCP to CoS Egress Mapping Use the Traffic >...
Page 321: Table 21: Default Mapping Of Ip Precedence To Internal Phb/Drop Values
| Class of Service HAPTER Layer 3/4 Priority Settings CLI R EFERENCES ◆ "qos map ip-prec-dscp" on page 1398 OMMAND SAGE Enter per-hop behavior and drop precedence for any of the IP ◆ Precedence values 0 - 7. If the priority mapping mode is set the IP Precedence and the ingress ◆...
Page 322 | Class of Service HAPTER Layer 3/4 Priority Settings Figure 146: Configuring IP Precedence to DSCP Internal Mapping To show the IP Precedence to internal PHB/drop precedence map in the web interface: Click Traffic, Priority, IP Precedence to DSCP. Select Show from the Action list. Select a port.
Page 323 | Class of Service HAPTER Layer 3/4 Priority Settings Use the Traffic > Priority > IP Port to DSCP page to map network IP P APPING applications designated by a TCP/UDP destination port number in the frame RIORITY TO NTERNAL header to per-hop behavior and drop precedence values for internal DSCP V ALUES...
Page 324 | Class of Service HAPTER Layer 3/4 Priority Settings Figure 148: Configuring IP Port Number to DSCP Internal Mapping To show the TCP/UDP port number to per-hop behavior and drop precedence map in the web interface: Click Traffic, Priority, IP Port to DSCP. Select Show from the Action list.
Page 325: Q Uality Of S Ervice
UALITY OF ERVICE This chapter describes the following tasks required to apply QoS policies: Class Map – Creates a map which identifies a specific class of traffic. Policy Map – Sets the boundary parameters used for monitoring inbound traffic, and the action to take for conforming and non-conforming traffic. Binding to a Port –...
Page 326 | Quality of Service HAPTER Configuring a Class Map OMMAND SAGE To create a service policy for a specific category or ingress traffic, follow these steps: Use the Configure Class (Add) page to designate a class name for a specific category of traffic. Use the Configure Class (Add Rule) page to edit the rules for each class which specify a type of traffic based on an access list, a DSCP or IP Precedence value, a VLAN, or a CoS value.
Page 327 | Quality of Service HAPTER Configuring a Class Map Description – A brief description of a class map. (Range: 1-64 ◆ characters) Add Rule Class Name – Name of the class map. ◆ Type – Only one match command is permitted per class map, so the ◆...
Page 328 | Quality of Service HAPTER Configuring a Class Map To show the configured class maps: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show from the Action list. Figure 151: Showing Class Maps To edit the rules for a class map: Click Traffic, DiffServ.
Page 329 | Quality of Service HAPTER Creating QoS Policies To show the rules for a class map: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show Rule from the Action list. Figure 153: Showing the Rules for a Class Map REATING OLICIES Use the Traffic >...
Page 330 | Quality of Service HAPTER Creating QoS Policies conforming to the maximum throughput, or exceeding the maximum throughput. srTCM Police Meter – Defines an enforcer for classified traffic based on a single rate three color meter scheme defined in RFC 2697. This metering policy monitors a traffic stream and processes its packets according to the committed information rate (CIR, or maximum throughput), committed burst size (BC, or burst rate), and excess burst size (BE).
Page 331 | Quality of Service HAPTER Creating QoS Policies When a packet of size B bytes arrives at time t, the following happens if srTCM is configured to operate in Color-Aware mode: If the packet has been precolored as green and Tc(t)-B ≥ 0, the ■...
Page 332 | Quality of Service HAPTER Creating QoS Policies count Tp is incremented by one PIR times per second up to BP and the token count Tc is incremented by one CIR times per second up to BC. When a packet of size B bytes arrives at time t, the following happens if trTCM is configured to operate in Color-Blind mode: If Tp(t)-B <...
Page 333 | Quality of Service HAPTER Creating QoS Policies Class Name – Name of a class map that defines a traffic classification ◆ upon which a policy can act. Action – This attribute is used to set an internal QoS value in hardware ◆...
Page 334 | Quality of Service HAPTER Creating QoS Policies Set IP DSCP – Decreases DSCP priority for out of ■ conformance traffic. (Range: 0-63) Drop – Drops out of conformance traffic. ■ srTCM (Police Meter) – Defines the committed information rate ■...
Page 335 | Quality of Service HAPTER Creating QoS Policies Violate – Specifies whether the traffic that exceeds the excess ■ burst size (BE) will be dropped or the DSCP service level will be reduced. Set IP DSCP – Decreases DSCP priority for out of ■...
Page 336 | Quality of Service HAPTER Creating QoS Policies Exceed – Specifies whether traffic that exceeds the maximum ■ rate (CIR) but is within the peak information rate (PIR) will be dropped or the DSCP service level will be reduced. Set IP DSCP – Decreases DSCP priority for out of ■...
Page 337 | Quality of Service HAPTER Creating QoS Policies To show the configured policy maps: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show from the Action list. Figure 155: Showing Policy Maps To edit the rules for a policy map: Click Traffic, DiffServ.
Page 338 | Quality of Service HAPTER Creating QoS Policies Figure 156: Adding Rules to a Policy Map To show the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show Rule from the Action list. Figure 157: Showing the Rules for a Policy Map –...
Page 339 | Quality of Service HAPTER Attaching a Policy Map to a Port TTACHING A OLICY AP TO A Use the Traffic > DiffServ (Configure Interface) page to bind a policy map to a port. CLI R EFERENCES "Quality of Service Commands" on page 1407 ◆...
Page 340 | Quality of Service HAPTER Attaching a Policy Map to a Port – 340 –...
Page 341 IP T RAFFIC ONFIGURATION This chapter covers the following topics: Global Settings – Enables VOIP globally, sets the Voice VLAN, and the ◆ aging time for attached ports. Telephony OUI List – Configures the list of phones to be treated as VOIP ◆...
Page 342 | VoIP Traffic Configuration HAPTER Configuring VoIP Traffic IP T ONFIGURING RAFFIC Use the Traffic > VoIP (Configure Global) page to configure the switch for VoIP traffic. First enable automatic detection of VoIP devices attached to the switch ports, then set the Voice VLAN ID for the network. The Voice VLAN aging time can also be set to remove a port from the Voice VLAN when VoIP traffic is no longer received on the port.
Page 343 | VoIP Traffic Configuration HAPTER Configuring Telephony OUI Figure 159: Configuring a Voice VLAN ONFIGURING ELEPHONY VoIP devices attached to the switch can be identified by the vendor’s Organizational Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to vendors and form the first three octets of device MAC addresses.
Page 344 | VoIP Traffic Configuration HAPTER Configuring Telephony OUI Select a mask from the pull-down list to define a MAC address range. Enter a description for the devices. Click Apply. Figure 160: Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment: Click Traffic, VoIP.
Page 345 | VoIP Traffic Configuration HAPTER Configuring VoIP Traffic Ports IP T ONFIGURING RAFFIC ORTS Use the Traffic > VoIP (Configure Interface) page to configure ports for VoIP traffic, you need to set the mode (Auto or Manual), specify the discovery method to use, and set the traffic priority. You can also enable security filtering to ensure that only VoIP traffic is forwarded on the Voice VLAN.
Page 346 | VoIP Traffic Configuration HAPTER Configuring VoIP Traffic Ports LLDP – Uses LLDP (IEEE 802.1AB) to discover VoIP devices ■ attached to the port. LLDP checks that the “telephone bit” in the system capability TLV is turned on. See "Link Layer Discovery Protocol"...
Page 347 ECURITY EASURES You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access to the data ports.
Page 348 | Security Measures HAPTER AAA Authorization and Accounting IPv4 Source Guard – Filters IPv4 traffic on insecure ports for which the ◆ source address cannot be identified via DHCPv4 snooping nor static source bindings. IPv6 Source Guard – Filters IPv6 traffic on insecure ports for which the ◆...
Page 349 | Security Measures HAPTER AAA Authorization and Accounting To configure AAA on the switch, you need to follow this general process: Configure RADIUS and TACACS+ server access parameters. See "Configuring Local/Remote Logon Authentication" on page 349. Define RADIUS and TACACS+ server groups to support the accounting and authorization of services.
Page 350 | Security Measures HAPTER AAA Authorization and Accounting Local – User authentication is performed only locally by the switch. ■ RADIUS – User authentication is performed using a RADIUS server ■ only. TACACS – User authentication is performed using a TACACS+ ■...
Page 351 | Security Measures HAPTER AAA Authorization and Accounting RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a more reliable connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet.
Page 352 | Security Measures HAPTER AAA Authorization and Accounting Authentication Timeout – The number of seconds the switch ■ waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5) Authentication Retries – Number of times the switch tries to ■...
Page 353 | Security Measures HAPTER AAA Authorization and Accounting Configure Group Server Type – Select RADIUS or TACACS+ server. ◆ Group Name - Defines a name for the RADIUS or TACACS+ server ◆ group. (Range: 1-64 characters) Sequence at Priority - Specifies the server and sequence to use for ◆...
Page 354 | Security Measures HAPTER AAA Authorization and Accounting Figure 166: Configuring Remote Authentication Server (TACACS+) To configure the RADIUS or TACACS+ server groups to use for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Add from the Action list.
Page 355 | Security Measures HAPTER AAA Authorization and Accounting To show the RADIUS or TACACS+ server groups used for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Show from the Action list. Figure 168: Showing AAA Server Groups Use the Security >...
Page 356 | Security Measures HAPTER AAA Authorization and Accounting Method Name – Specifies an accounting method for service requests. ◆ The “default” methods are used for a requested service if no other methods have been defined. (Range: 1-64 characters) Note that the method name is only used to describe the accounting method configured on the specified RADIUS or TACACS+ servers.
Page 357 | Security Measures HAPTER AAA Authorization and Accounting Show Information – Statistics User Name - Displays a registered user name. ◆ Accounting Type - Displays the accounting service. ◆ Interface - Displays the receive port number through which this user ◆...
Page 358 | Security Measures HAPTER AAA Authorization and Accounting To configure the accounting method applied to various service types and the assigned server group: Click Security, AAA, Accounting. Select Configure Method from the Step list. Select Add from the Action list. Select the accounting type (802.1X, Exec).
Page 359 | Security Measures HAPTER AAA Authorization and Accounting To configure the accounting method applied to specific interfaces, console commands entered at specific privilege levels, and local console, Telnet, or SSH connections: Click Security, AAA, Accounting. Select Configure Service from the Step list. Select the accounting type (802.1X, Exec).
Page 360 | Security Measures HAPTER AAA Authorization and Accounting To display a summary of the configured accounting methods and assigned server groups for specified service types: Click Security, AAA, Accounting. Select Show Information from the Step list. Click Summary. Figure 174: Displaying a Summary of Applied AAA Accounting Methods To display basic accounting information and statistics recorded for user sessions: Click Security, AAA, Accounting.
Page 361 | Security Measures HAPTER AAA Authorization and Accounting AAA authentication through a RADIUS or TACACS+ server must be ◆ enabled before authorization is enabled. ARAMETERS These parameters are displayed: Configure Method ◆ Authorization Type – Specifies the service as Exec, indicating administrative authorization for local console, Telnet, or SSH connections.
Page 362 | Security Measures HAPTER AAA Authorization and Accounting NTERFACE To configure the authorization method applied to the Exec service type and the assigned server group: Click Security, AAA, Authorization. Select Configure Method from the Step list. Specify the name of the authorization method and server group name. Click Apply.
Page 363 | Security Measures HAPTER Configuring User Accounts Enter the required authorization method. Click Apply. Figure 178: Configuring AAA Authorization Methods for Exec Service To display a the configured authorization method and assigned server groups for The Exec service type: Click Security, AAA, Authorization. Select Show Information from the Step list.
Page 364 | Security Measures HAPTER Configuring User Accounts ARAMETERS These parameters are displayed: User Name – The name of the user. ◆ (Maximum length: 32 characters; maximum number of users: 16) ◆ Access Level – Specifies the user level. (Options: 0 - Normal, 15 - Privileged) The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the...
Page 365 | Security Measures HAPTER Web Authentication Figure 180: Configuring User Accounts To show user accounts: Click Security, User Accounts. Select Show from the Action list. Figure 181: Showing User Accounts UTHENTICATION Web authentication allows stations to authenticate and access the network in situations where 802.1X or Network Access authentication are infeasible or impractical.
Page 366 | Security Measures HAPTER Web Authentication RADIUS authentication must be activated and configured properly for the web authentication feature to work properly. (See "Configuring Local/Remote Logon Authentication" on page 349.) Web authentication cannot be configured on trunk ports. Use the Security > Web Authentication (Configure Global) page to edit the ONFIGURING LOBAL global parameters for web authentication.
Page 367 | Security Measures HAPTER Web Authentication Figure 182: Configuring Global Settings for Web Authentication Use the Security > Web Authentication (Configure Interface) page to ONFIGURING enable web authentication on a port, and display information for any NTERFACE ETTINGS connected hosts. UTHENTICATION CLI R EFERENCES...
Page 368 | Security Measures HAPTER Network Access (MAC Address Authentication) Mark the check box for any host addresses that need to be re- authenticated, and click Re-authenticate. Figure 183: Configuring Interface Settings for Web Authentication (MAC A ETWORK CCESS DDRESS UTHENTICATION Some devices connected to switch ports may not be able to support 802.1X authentication due to hardware or software limitations.
Page 369: Table 22: Dynamic Qos Profiles
| Security Measures HAPTER Network Access (MAC Address Authentication) authenticated. On the RADIUS server, PAP user name and passwords must be configured in the MAC address format XX-XX-XX-XX-XX-XX (all in upper case). Authenticated MAC addresses are stored as dynamic entries in the ◆...
Page 370 | Security Measures HAPTER Network Access (MAC Address Authentication) For example, the attribute “service-policy-in=pp1;rate-limit- input=100” specifies that the diffserv profile name is “pp1,” and the ingress rate limit profile value is 100 kbps. If duplicate profiles are passed in the Filter-ID attribute, then only the ◆...
Page 371 | Security Measures HAPTER Network Access (MAC Address Authentication) MAC address authentication is configured on a per-port basis, however ONFIGURING there are two configurable parameters that apply globally to all ports on LOBAL ETTINGS the switch. Use the Security > Network Access (Configure Global) page to ETWORK configure MAC address authentication aging and reauthentication time.
Page 372 | Security Measures HAPTER Network Access (MAC Address Authentication) Figure 184: Configuring Global Settings for Network Access Use the Security > Network Access (Configure Interface - General) page to ONFIGURING configure MAC authentication on switch ports, including enabling address ETWORK CCESS authentication, setting the maximum MAC count, and enabling dynamic ORTS...
Page 373 | Security Measures HAPTER Network Access (MAC Address Authentication) Dynamic VLAN – Enables dynamic VLAN assignment for an ◆ authenticated port. When enabled, any VLAN identifiers returned by the RADIUS server through the 802.1X authentication process are applied to the port, providing the VLANs have already been created on the switch.
Page 374 | Security Measures HAPTER Network Access (MAC Address Authentication) Figure 185: Configuring Interface Settings for Network Access Use the Security > Network Access (Configure Interface - Link Detection) ONFIGURING page to send an SNMP trap and/or shut down a port when a link event ETECTION occurs.
Page 375 | Security Measures HAPTER Network Access (MAC Address Authentication) NTERFACE To configure link detection on switch ports: Click Security, Network Access. Select Configure Interface from the Step list. Click the Link Detection button. Modify the link detection status, trigger condition, and the response for any port.
Page 376 | Security Measures HAPTER Network Access (MAC Address Authentication) MAC Address Mask – The filter rule will check for the range of MAC ◆ addresses defined by the MAC bit mask. If you omit the mask, the system will assign the default mask of an exact match. (Range: 000000000000 - FFFFFFFFFFFF;...
Page 377 | Security Measures HAPTER Network Access (MAC Address Authentication) Use the Security > Network Access (Show Information) page to display the ISPLAYING ECURE authenticated MAC addresses stored in the secure MAC address table. MAC A DDRESS Information on the secure MAC entries can be displayed and selected NFORMATION entries can be removed from the table.
Page 378 | Security Measures HAPTER Configuring HTTPS Figure 189: Showing Addresses Authenticated for Network Access HTTPS ONFIGURING You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Use the Security >...
Page 379: Table 23: Https System Support
| Security Measures HAPTER Configuring HTTPS The client and server establish a secure encrypted connection. ◆ A padlock icon should appear in the status bar for Internet Explorer 6, Mozilla Firefox 4, or Google Chrome 29, or more recent versions. The following web browsers and operating systems currently support ◆...
Page 380 | Security Measures HAPTER Configuring HTTPS Use the Security > HTTPS (Copy Certificate) page to replace the default EPLACING THE secure-site certificate. EFAULT ECURE SITE ERTIFICATE When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch. By default, the certificate that the web browser displays will be associated with a warning that the site is not recognized as a secure site.
Page 381 | Security Measures HAPTER Configuring the Secure Shell NTERFACE To replace the default secure-site certificate: Click Security, HTTPS. Select Copy Certificate from the Step list. Fill in the TFTP server, certificate and private key file name, and private password. Click Apply. Figure 191: Downloading the Secure-Site Certificate ONFIGURING THE ECURE...
Page 382 | Security Measures HAPTER Configuring the Secure Shell OMMAND SAGE The SSH server on this switch supports both password and public key authentication. If password authentication is specified by the SSH client, then the password can be authenticated either locally or via a RADIUS or TACACS+ remote authentication server, as specified on the System Authentication page (page...
Page 383 | Security Measures HAPTER Configuring the Secure Shell Enable SSH Service – On the SSH Settings page, enable the SSH server on the switch. Authentication – One of the following authentication methods is employed: Password Authentication (for SSH v1.5 or V2 Clients) The client sends its password to the server.
Page 384 | Security Measures HAPTER Configuring the Secure Shell checks whether the signature is correct. If both checks succeed, the client is authenticated. The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet sessions and SSH sessions.
Page 385 | Security Measures HAPTER Configuring the Secure Shell NTERFACE To configure the SSH server: Click Security, SSH. Select Configure Global from the Step list. Enable the SSH server. Adjust the authentication parameters as required. Click Apply. Figure 192: Configuring the SSH Server Use the Security >...
Page 386 | Security Measures HAPTER Configuring the Secure Shell client to select either DES (56-bit) or 3DES (168-bit) for data encryption. The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients. Save Host-Key from Memory to Flash – Saves the host key from ◆...
Page 387 | Security Measures HAPTER Configuring the Secure Shell To display or clear the SSH host key pair: Click Security, SSH. Select Configure Host Key from the Step list. Select Show from the Action list. Select the host-key type to clear. Click Clear.
Page 388 | Security Measures HAPTER Configuring the Secure Shell The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.
Page 389 | Security Measures HAPTER Access Control Lists To display or clear the SSH user’s public key: Click Security, SSH. Select Configure User Key from the Step list. Select Show from the Action list. Select a user from the User Name list. Select the host-key type to clear.
Page 390 | Security Measures HAPTER Access Control Lists OMMAND SAGE The following restrictions apply to ACLs: The maximum number of ACLs is 256. ◆ The maximum number of rules per ACL is 96. ◆ An ACL can have up to 96 rules. However, due to resource restrictions, ◆...
Page 391 | Security Measures HAPTER Access Control Lists Use the Security > ACL (Configure Time Range) page to sets a time range ETTING A during which ACL functions are applied. ANGE CLI R EFERENCES "Time Range" on page 957 ◆ OMMAND SAGE If both an absolute rule and one or more periodic rules are configured for the same time range (i.e., named entry), that entry will only take effect if...
Page 392 | Security Measures HAPTER Access Control Lists Figure 197: Setting the Name of a Time Range To show a list of time ranges: Click Security, ACL. Select Configure Time Range from the Step list. Select Show from the Action list. Figure 198: Showing a List of Time Ranges To configure a rule for a time range: Click Security, ACL.
Page 393 | Security Measures HAPTER Access Control Lists Figure 199: Add a Rule to a Time Range To show the rules configured for a time range: Click Security, ACL. Select Configure Time Range from the Step list. Select Show Rule from the Action list. Figure 200: Showing the Rules Configured for a Time Range –...
Page 394 | Security Measures HAPTER Access Control Lists Use the Security > ACL (Configure ACL - Show TCAM) page to show HOWING utilization parameters for TCAM (Ternary Content Addressable Memory), TCAM U TILIZATION including the number policy control entries in use, the number of free entries, and the overall percentage of TCAM in use.
Page 395 | Security Measures HAPTER Access Control Lists Figure 201: Showing TCAM Utilization Use the Security > ACL (Configure ACL - Add) page to create an ACL. ETTING THE AME AND CLI R EFERENCES "access-list ip" on page 1164 ◆ "show ip access-list" on page 1169 ◆...
Page 396 | Security Measures HAPTER Access Control Lists NTERFACE To configure the name and type of an ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add from the Action list. Fill in the ACL Name field, and select the ACL type. Click Apply.
Page 397 | Security Measures HAPTER Access Control Lists Use the Security > ACL (Configure ACL - Add Rule - IP Standard) page to ONFIGURING A configure a Standard IPv4 ACL. 4 ACL TANDARD CLI R EFERENCES "permit, deny (Standard IP ACL)" on page 1165 ◆...
Page 398 | Security Measures HAPTER Access Control Lists Click Apply. Figure 204: Configuring a Standard IPv4 ACL Use the Security > ACL (Configure ACL - Add Rule - IP Extended) page to ONFIGURING AN configure an Extended IPv4 ACL. 4 ACL XTENDED CLI R EFERENCES...
Page 399 | Security Measures HAPTER Access Control Lists Source/Destination Port Bit Mask – Decimal number representing ◆ the port bits to match. (Range: 0-65535) Protocol – Specifies the protocol type to match as TCP, UDP or Others, ◆ where others indicates a specific protocol number (0-255). (Options: TCP, UDP, Others;...
Page 400 | Security Measures HAPTER Access Control Lists Select the name of an ACL from the Name list. Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range.
Page 401 | Security Measures HAPTER Access Control Lists Source Address Type – Specifies the source IP address. Use “Any” to ◆ include all possible addresses, “Host” to specify a specific host address in the Address field, or “IPv6-Prefix” to specify a range of addresses. (Options: Any, Host, IPv6-Prefix;...
Page 402 | Security Measures HAPTER Access Control Lists Figure 206: Configuring a Standard IPv6 ACL Use the Security > ACL (Configure ACL - Add Rule - IPv6 Extended) page ONFIGURING AN to configure an Extended IPv6 ACL. 6 ACL XTENDED CLI R EFERENCES "permit, deny (Extended IPv6 ACL)"...
Page 403 | Security Measures HAPTER Access Control Lists Next Header – Identifies the type of header immediately following the ◆ IPv6 header. (Range: 0-255) Optional internet-layer information is encoded in separate headers that may be placed between the IPv6 header and the upper-layer header in a packet.
Page 404 | Security Measures HAPTER Access Control Lists Select the name of an ACL from the Name list. Specify the action (i.e., Permit or Deny). Select the address type (Any or IPv6-prefix). If you select “Host,” enter a specific address. If you select “IPv6-prefix,” enter a subnet address and prefix length.
Page 405 | Security Measures HAPTER Access Control Lists Source/Destination Address Type – Use “Any” to include all possible ◆ addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an address range with the Address and Bit Mask fields. (Options: Any, Host, MAC;...
Page 406 | Security Measures HAPTER Access Control Lists If you select “Host,” enter a specific address (e.g., 11-22-33-44-55- 66). If you select “MAC,” enter a base address and a hexadecimal bit mask for an address range. Set any other required criteria, such as VID, Ethernet type, or packet format.
Page 407 | Security Measures HAPTER Access Control Lists Source/Destination IP Address Type – Specifies the source or ◆ destination IPv4 address. Use “Any” to include all possible addresses, “Host” to specify a specific host address in the Address field, or “IP” to specify a range of addresses with the Address and Mask fields.
Page 408 | Security Measures HAPTER Access Control Lists Figure 209: Configuring a ARP ACL After configuring ACLs, use the Security > ACL (Configure Interface) page INDING A ORT TO AN to bind the ports that need to filter traffic to the appropriate ACLs. You can CCESS ONTROL assign one IP access list and one MAC access list to any port.
Page 409 | Security Measures HAPTER Access Control Lists Select a port. Select the name of an ACL from the ACL list. Click Apply. Figure 210: Binding a Port to an ACL Use the Security > ACL > Configure Interface (Show Hardware Counters) HOWING page to show statistics for ACL hardware counters.
Page 410 | Security Measures HAPTER ARP Inspection Clear Counter – Clears hit counter for rules in specified ACL. ◆ NTERFACE To show statistics for ACL hardware counters: Click Security, ACL. Select Configure Interface from the Step list. Select Show Hardware Counters from the Action list. Select a port.
Page 411 | Security Measures HAPTER ARP Inspection OMMAND SAGE Enabling & Disabling ARP Inspection ARP Inspection is controlled on a global and VLAN basis. ◆ By default, ARP Inspection is disabled both globally and on all VLANs. ◆ If ARP Inspection is globally enabled, then it becomes active only on ■...
Page 412 | Security Measures HAPTER ARP Inspection with different MAC addresses are classified as invalid and are dropped. IP – Checks the ARP body for invalid and unexpected IP addresses. ■ These addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses. Sender IP addresses are checked in all ARP requests and responses, while target IP addresses are checked only in ARP responses.
Page 413 | Security Measures HAPTER ARP Inspection Allow Zeros – Allows sender IP address to be 0.0.0.0. ■ Src-MAC – Validates the source MAC address in the Ethernet ■ header against the sender MAC address in the ARP body. This check is performed on both ARP requests and responses.
Page 414 | Security Measures HAPTER ARP Inspection ARP Inspection ACLs are configured within the ARP ACL configuration ◆ page (see page 406). ARP Inspection ACLs can be applied to any configured VLAN. ◆ ARP Inspection uses the DHCP snooping bindings database for the list ◆...
Page 415 | Security Measures HAPTER ARP Inspection Figure 213: Configuring VLAN Settings for ARP Inspection Use the Security > ARP Inspection (Configure Interface) page to specify ONFIGURING the ports that require ARP inspection, and to adjust the packet inspection NTERFACE ETTINGS rate.
Page 416: Table 24: Arp Inspection Statistics
| Security Measures HAPTER ARP Inspection NTERFACE To configure interface settings for ARP Inspection: Click Security, ARP Inspection. Select Configure Interface from the Step list. Specify any untrusted ports which require ARP inspection, and adjust the packet inspection rate. Click Apply. Figure 214: Configuring Interface Settings for ARP Inspection Use the Security >...
Page 417: Table 25: Arp Inspection Log
| Security Measures HAPTER ARP Inspection Table 24: ARP Inspection Statistics (Continued) Parameter Description ARP packets dropped by Count of ARP packets that failed the IP address test. additional validation (IP) ARP packets dropped by ARP Count of ARP packets that failed validation against ARP ACL ACLs rules.
Page 418 | Security Measures HAPTER Filtering IP Addresses for Management Access Table 25: ARP Inspection Log (Continued) Parameter Description Src. IP Address The source IP address in the packet. Dst. IP Address The destination IP address in the packet. Src. MAC Address The source MAC address in the packet.
Page 419 | Security Measures HAPTER Filtering IP Addresses for Management Access When entering addresses for the same group (i.e., SNMP, web or ◆ Telnet), the switch will not accept overlapping address ranges. When entering addresses for different groups, the switch will accept overlapping address ranges.
Page 420 | Security Measures HAPTER Configuring Port Security Figure 217: Creating an IP Address Filter for Management Access To show a list of IP addresses authorized for management access: Click Security, IP Filter. Select Show from the Action list. Figure 218: Showing IP Addresses Authorized for Management Access ONFIGURING ECURITY Use the Security >...
Page 421 | Security Measures HAPTER Configuring Port Security To configure the maximum number of address entries which can be ◆ learned on a port, specify the maximum number of dynamic addresses allowed. The switch will learn up to the maximum number of allowed address pairs <source MAC address, VLAN>...
Page 422 | Security Measures HAPTER Configuring Port Security Trap and Shutdown: Send an SNMP trap message and disable the ■ port. Max MAC Count – The maximum number of MAC addresses that can ◆ be learned on a port. (Range: 0-1024, where 0 means disabled) The maximum address count is effective when port security is enabled or disabled.
Page 423 | Security Measures HAPTER Configuring 802.1X Port Authentication 802.1X P ONFIGURING UTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 424 | Security Measures HAPTER Configuring 802.1X Port Authentication The operation of 802.1X on the switch requires the following: The switch must have an IP address assigned. ◆ RADIUS authentication must be enabled on the switch and the IP ◆ address of the RADIUS server specified. 802.1X must be enabled globally for the switch.
Page 425 | Security Measures HAPTER Configuring 802.1X Port Authentication Default – Sets all configurable 802.1X global and port settings to their ◆ default values. NTERFACE To configure global settings for 802.1X: Click Security, Port Authentication. Select Configure Global from the Step list. Enable 802.1X globally for the switch, and configure EAPOL Pass Through if required.
Page 426 | Security Measures HAPTER Configuring 802.1X Port Authentication ARAMETERS These parameters are displayed: Port – Port number. ◆ Status – Indicates if authentication is enabled or disabled on the port. ◆ The status is disabled if the control mode is set to Force-Authorized. Authorized –...
Page 427 | Security Measures HAPTER Configuring 802.1X Port Authentication Max Request – Sets the maximum number of times the switch port ◆ will retransmit an EAP request packet to the client before it times out the authentication session. (Range: 1-10; Default 2) Quiet Period –...
Page 428 | Security Measures HAPTER Configuring 802.1X Port Authentication Supplicant List Supplicant – MAC address of authorized client. ◆ Authenticator PAE State Machine State – Current state (including initialize, disconnected, connecting, ◆ authenticating, authenticated, aborting, held, force_authorized, force_unauthorized). Reauth Count – Number of times connecting state is re-entered. ◆...
Page 429: Table 26: 802.1X Statistics
| Security Measures HAPTER Configuring 802.1X Port Authentication Figure 222: Configuring Interface Settings for 802.1X Port Authenticator Use the Security > Port Authentication (Show Statistics) page to display ISPLAYING statistics for dot1x protocol exchanges for any port. 802.1X S TATISTICS CLI R EFERENCES "show dot1x"...
Page 430 | Security Measures HAPTER Configuring 802.1X Port Authentication Table 26: 802.1X Statistics (Continued) Parameter Description Rx Last EAPOLSrc The source MAC address carried in the most recent EAPOL frame received by this Authenticator. Rx EAP Resp/Id The number of EAP Resp/Id frames that have been received by this Authenticator.
Page 431 | Security Measures HAPTER DoS Protection NTERFACE To display port authenticator statistics for 802.1X: Click Security, Port Authentication. Select Show Statistics from the Step list. Figure 223: Showing Statistics for 802.1X Port Authenticator ROTECTION Use the Security > DoS Protection page to protect against denial-of-service (DoS) attacks.
Page 432 | Security Measures HAPTER IPv4 Source Guard port is closed, the target replies with a TCP RST (reset) packet. If the target TCP port is open, it simply discards the TCP NULL scan. (Default: Enabled) TCP SYN/FIN Scan – A TCP SYN/FIN scan message is used to identify ◆...
Page 433 | Security Measures HAPTER IPv4 Source Guard Use the Security > IP Source Guard > Port Configuration page to set the ONFIGURING filtering type based on source IP address, or source IP address and MAC ORTS FOR address pairs. IP S OURCE UARD IP Source Guard is used to filter traffic on an insecure port which receives...
Page 434 | Security Measures HAPTER IPv4 Source Guard ARAMETERS These parameters are displayed: Filter Type – Configures the switch to filter inbound traffic based ◆ source IP address, or source IP address and corresponding MAC address. (Default: None) None – Disables IP source guard filtering on the port. ■...
Page 435 | Security Measures HAPTER IPv4 Source Guard Use the Security > IP Source Guard > Static Configuration page to bind a ONFIGURING static address to a port. Table entries include a MAC address, IP address, TATIC INDINGS FOR lease time, entry type (Static, Dynamic), VLAN identifier, and port IP S OURCE UARD...
Page 436 | Security Measures HAPTER IPv4 Source Guard IP Address – IP address corresponding to the client. ◆ Lease Time – The time for which this IP address is leased to the client. ◆ (This value is zero for all static addresses.) NTERFACE To configure static bindings for IP Source Guard: Click Security, IP Source Guard, Static Configuration.
Page 437 | Security Measures HAPTER IPv4 Source Guard Use the Security > IP Source Guard > Dynamic Binding page to display the ISPLAYING source-guard binding table for a selected interface. NFORMATION FOR YNAMIC CLI R EFERENCES OURCE UARD "show ip dhcp snooping binding" on page 1126 ◆...
Page 438 | Security Measures HAPTER IPv6 Source Guard Figure 228: Showing the IP Source Guard Binding Table OURCE UARD IPv6 Source Guard is a security feature that filters IPv6 traffic on non- routed, Layer 2 network interfaces based on manually configured entries in the IPv6 Source Guard table, or dynamic entries in the Neighbor Discovery Snooping table or DHCPv6 Snooping table when either snooping protocol is enabled (see the...
Page 439 | Security Measures HAPTER IPv6 Source Guard snooping or DHCPv6 snooping, or static addresses configured in the source guard binding table. The port allows only IPv6 traffic with a matching entry in the binding table and denies all other IPv6 traffic. Table entries include a MAC address, IPv6 global unicast address, entry ◆...
Page 440 | Security Measures HAPTER IPv6 Source Guard This parameter sets the maximum number of IPv6 global unicast ■ source IPv6 address entries that can be mapped to an interface in the binding table, including both dynamic entries discovered by ND snooping, DHCPv6 snooping (see the DHCPv6 Snooping commands), and static entries set by IPv6 Source Guard (see...
Page 441 | Security Measures HAPTER IPv6 Source Guard OMMAND SAGE ◆ Traffic filtering is based only on the source IPv6 address, VLAN ID, and port number. Static addresses entered in the source guard binding table are ◆ automatically configured with an infinite lease time. When source guard is enabled, traffic is filtered based upon dynamic ◆...
Page 442 | Security Measures HAPTER IPv6 Source Guard IPv6 Address – IPv6 address corresponding to the client. ◆ Type – Shows the entry type: ◆ DHCP – Dynamic DHCPv6 binding, stateful address. ■ ND – Dynamic Neighbor Discovery binding, stateless address. ■...
Page 443 | Security Measures HAPTER IPv6 Source Guard Use the Security > IPv6 Source Guard > Dynamic Binding page to display ISPLAYING the source-guard binding table for a selected interface. NFORMATION YNAMIC CLI R EFERENCES OURCE UARD "show ipv6 source-guard binding" on page 1145 ◆...
Page 444 | Security Measures HAPTER DHCP Snooping DHCP S NOOPING The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard). DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port-related information to a DHCP server.
Page 445 | Security Measures HAPTER DHCP Snooping If the DHCP packet is from a client, such as a DECLINE or ■ RELEASE message, the switch forwards the packet only if the corresponding entry is found in the binding table. If the DHCP packet is from a client, such as a DISCOVER, ■...
Page 446 | Security Measures HAPTER DHCP Snooping the DHCP client request, including the port and VLAN ID. This allows DHCP client-server exchange messages to be forwarded between the server and client without having to flood them to the entire VLAN. If DHCP Snooping Information Option 82 is enabled on the switch, ◆...
Page 447 | Security Measures HAPTER DHCP Snooping string - An arbitrary string inserted into the remote identifier field. ■ (Range: 1-32 characters) DHCP Snooping Information Option Policy – Specifies how to ◆ handle DHCP client request packets which already contain Option 82 information.
Page 448 | Security Measures HAPTER DHCP Snooping Use the IP Service > DHCP > Snooping (Configure VLAN) page to enable or DHCP S NOOPING disable DHCP snooping on specific VLANs. VLAN ONFIGURATION CLI R EFERENCES "ip dhcp snooping vlan" on page 1121 ◆...
Page 449 | Security Measures HAPTER DHCP Snooping Use the IP Service > DHCP > Snooping (Configure Interface) page to ONFIGURING ORTS configure switch ports as trusted or untrusted. DHCP S NOOPING CLI R EFERENCES "ip dhcp snooping trust" on page 1123 ◆...
Page 450 | Security Measures HAPTER DHCP Snooping Figure 235: Configuring the Port Mode for DHCP Snooping Use the IP Service > DHCP > Snooping (Show Information) page to display DHCP ISPLAYING entries in the binding table. NOOPING INDING NFORMATION CLI R EFERENCES ◆...
Page 451 | Security Measures HAPTER DHCP Snooping NTERFACE To display the binding table for DHCP Snooping: Click IP Service, DHCP, Snooping. Select Show Information from the Step list. Use the Store or Clear function if required. Figure 236: Displaying the Binding Table for DHCP Snooping –...
Page 452 | Security Measures HAPTER DHCP Snooping – 452 –...
Page 453 ASIC DMINISTRATION ROTOCOLS This chapter describes basic administration tasks including: Event Logging – Sets conditions for logging event messages to system ◆ memory or flash memory, configures conditions for sending trap messages to remote log servers, and configures trap reporting to remote hosts using Simple Mail Transfer Protocol (SMTP).
Page 454: Table 27: Logging Levels
| Basic Administration Protocols HAPTER Configuring Event Logging ONFIGURING VENT OGGING The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages. Use the Administration >...
Page 455 | Basic Administration Protocols HAPTER Configuring Event Logging RAM Level – Limits log messages saved to the switch’s temporary RAM ◆ memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7) The Flash Level must be equal to or less than the RAM Level.
Page 456 | Basic Administration Protocols HAPTER Configuring Event Logging Figure 238: Showing Error Messages Logged to System Memory Use the Administration > Log > Remote page to send log messages to EMOTE syslog servers or other management stations. You can also limit the event ONFIGURATION messages sent to only those messages below a specified level.
Page 457 | Basic Administration Protocols HAPTER Configuring Event Logging NTERFACE To configure the logging of error messages to remote servers: Click Administration, Log, Remote. Enable remote logging, specify the facility type to use for the syslog messages. and enter the IP address of the remote servers. Click Apply.
Page 458 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Email Destination Address – Specifies the email recipients of alert ◆ messages. You can specify up to five recipients. Server IP Address – Specifies a list of up to three recipient SMTP ◆...
Page 459 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Link Layer Discovery Protocol - Media Endpoint Discovery (LLDP-MED) is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches. The LLDP-MED TLVs advertise information such as network policy, power, inventory, and device location details.
Page 460 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Notification Interval – Configures the allowed interval for sending ◆ SNMP notifications about LLDP MIB changes. (Range: 5-3600 seconds; Default: 5 seconds) This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management.
Page 461 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Use the Administration > LLDP (Configure Interface) page to specify the ONFIGURING message attributes for individual interfaces, including whether messages LLDP I NTERFACE are transmitted, received, or both transmitted and received, whether SNMP TTRIBUTES notifications are sent, and the type of information advertised.
Page 462 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Since there are typically a number of different addresses associated with a Layer 3 device, an individual LLDP PDU may contain more than one management address TLV. Every management address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier (VID) associated with the management...
Page 463 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Max Frame Size – The maximum frame size. (See "Configuring ■ Support for Jumbo Frames" on page 152 for information on configuring the maximum frame size for this switch MAC/PHY Configuration/Status – The MAC/PHY configuration ■...
Page 464 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol NTERFACE To configure LLDP interface attributes: Click Administration, LLDP. Select Configure Interface from the Step list. Set the LLDP transmit/receive mode, specify whether or not to send SNMP trap messages, and select the information to advertise in LLDP messages.
Page 465: Table 28: Lldp Med Location Ca Types
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol Table 28: LLDP MED Location CA Types CA Type Description CA Value Example National subdivisions (state, canton, province) California County, parish Orange City, township Irvine City division, borough, city district West Irvine Neighborhood, block Riverside Group of streets below the neighborhood level...
Page 466: Table 29: Chassis Id Subtype
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol Figure 243: Configuring the Civic Address for an LLDP Interface Use the Administration > LLDP (Show Local Device Information) page to LLDP ISPLAYING display information about the switch, such as its MAC address, chassis ID, OCAL EVICE management IP address, and port information.
Page 467: Table 30: System Capabilities
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol System Description – A textual description of the network entity. This ◆ field is also displayed by the show system command. System Capabilities Supported – The capabilities that define the ◆ primary function(s) of the system.
Page 468: Table 31: Port Id Subtype
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol Port/Trunk ID Type – There are several ways in which a port may be ◆ identified. A port ID subtype is used to indicate how the port is being referenced in the Port ID TLV. Table 31: Port ID Subtype ID Basis Reference...
Page 469 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Figure 244: Displaying Local Device Information for LLDP (General) Figure 245: Displaying Local Device Information for LLDP (Port) Figure 246: Displaying Local Device Information for LLDP (Port Details) – 469 –...
Page 470 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Use the Administration > LLDP (Show Remote Device Information) page to LLDP ISPLAYING display information about devices connected directly to the switch’s ports EMOTE EVICE which are advertising information through LLDP, or to display detailed NFORMATION information about an LLDP-enabled device connected to a specific port on the local switch.
Page 471: Table 32: Remote Port Auto-Negotiation Advertised Capability
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol Port ID – A string that contains the specific identifier for the port from ◆ which this LLDPDU was transmitted. System Capabilities Supported – The capabilities that define the ◆ primary function(s) of the system. (See Table 30, "System Capabilities,"...
Page 472 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Table 32: Remote Port Auto-Negotiation Advertised Capability Capability 100BASE-T4 100BASE-TX half duplex mode 100BASE-TX full duplex mode 100BASE-T2 half duplex mode 100BASE-T2 full duplex mode PAUSE for full-duplex links Asymmetric PAUSE for full-duplex links Symmetric PAUSE for full-duplex links Asymmetric and Symmetric PAUSE for full-duplex links 1000BASE-X, -LX, -SX, -CX half duplex mode...
Page 473 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol points and others, will be classified according to their power requirements. Port Details – 802.3 Extension Trunk Information Remote Link Aggregation Capable – Shows if the remote port is not ◆ in link aggregation state and/or it does not support link aggregation.
Page 474 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Current Capabilities – The set of capabilities that define the primary ◆ function(s) of the port which are currently enabled. Port Details – Network Policy Application Type – The primary application(s) defined for this ◆...
Page 475 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol the other items and described under “Configuring LLDP Interface Civic-Address.” ECS ELIN – Emergency Call Service Emergency Location ■ Identification Number supports traditional PSAP-based Emergency Call Service in North America. Country Code – The two-letter ISO 3166 country code in capital ASCII ◆...
Page 476 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol NTERFACE To display LLDP information for a remote port: Click Administration, LLDP. Select Show Remote Device Information from the Step list. Select Port, Port Details, Trunk, or Trunk Details. When the next page opens, select a port on this switch and the index for a remote device attached to this port.
Page 477 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Figure 248: Displaying Remote Device Information for LLDP (Port Details) – 477 –...
Page 478 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Additional information displayed by an end-point device which advertises LLDP-MED TLVs is shown in the following figure. Figure 249: Displaying Remote Device Information for LLDP (End Node) Use the Administration > LLDP (Show Device Statistics) page to display ISPLAYING statistics for LLDP-capable devices attached to the switch, and for LLDP EVICE...
Page 479 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol Neighbor Entries Dropped Count – The number of times which the ◆ remote database on this switch dropped an LLDPDU because of insufficient resources. Neighbor Entries Age-out Count – The number of times that a ◆...
Page 480 | Basic Administration Protocols HAPTER Simple Network Management Protocol Figure 250: Displaying LLDP Device Statistics (General) Figure 251: Displaying LLDP Device Statistics (Port) IMPLE ETWORK ANAGEMENT ROTOCOL Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
Page 481: Table 33: Snmpv3 Security Models And Levels
| Basic Administration Protocols HAPTER Simple Network Management Protocol as well as the traffic passing through its ports. A network management station can access this information using network management software. Access to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings.
Page 482 | Basic Administration Protocols HAPTER Simple Network Management Protocol OMMAND SAGE Configuring SNMPv1/2c Management Access To configure SNMPv1 or v2c management access to the switch, follow these steps: Use the Administration > SNMP (Configure Global) page to enable SNMP on the switch, and to enable trap messages. Use the Administration >...
Page 483 | Basic Administration Protocols HAPTER Simple Network Management Protocol ARAMETERS These parameters are displayed: Agent Status – Enables SNMP on the switch. (Default: Enabled) ◆ Authentication Traps – Issues a notification message to specified IP ◆ trap managers whenever an invalid community string is submitted during the SNMP access authentication process.
Page 484 | Basic Administration Protocols HAPTER Simple Network Management Protocol ID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users. ARAMETERS These parameters are displayed: Engine ID – A new engine ID can be specified by entering 9 to 64 ◆...
Page 485 | Basic Administration Protocols HAPTER Simple Network Management Protocol OMMAND SAGE ◆ SNMP passwords are localized using the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent. You therefore need to configure the remote agent’s SNMP engine ID before you can send proxy requests or informs to it.
Page 486 | Basic Administration Protocols HAPTER Simple Network Management Protocol Figure 255: Showing Remote Engine IDs for SNMP Use the Administration > SNMP (Configure View) page to configure ETTING SNMPv3 views which are used to restrict user access to specified portions SNMP IEWS of the MIB tree.
Page 487 | Basic Administration Protocols HAPTER Simple Network Management Protocol Select Add View from the Action list. Enter a view name and specify the initial OID subtree in the switch’s MIB database to be included or excluded in the view. Use the Add OID Subtree page to add additional object identifier branches to the view.
Page 488 | Basic Administration Protocols HAPTER Simple Network Management Protocol Click Apply Figure 258: Adding an OID Subtree to an SNMP View To show the OID branches configured for the SNMP views of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list. Select Show OID Subtree from the Action list.
Page 489 | Basic Administration Protocols HAPTER Simple Network Management Protocol Use the Administration > SNMP (Configure Group) page to add an SNMPv3 ONFIGURING group which can be used to set the access policy for its assigned users, SNMP ROUPS restricting them to specific read, write, and notify views. You can use the pre-defined default groups or create new groups to map a set of SNMP users to SNMP views.
Page 490: Table 34: Supported Notification Messages
| Basic Administration Protocols HAPTER Simple Network Management Protocol Table 34: Supported Notification Messages Model Level Group RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its election.
Page 491 | Basic Administration Protocols HAPTER Simple Network Management Protocol Table 34: Supported Notification Messages (Continued) Model Level Group swIpFilterRejectTrap 1.3.6.1.4.1.259.10.1.10.2.1.0.40 This trap is sent when an incorrect IP address is rejected by the IP Filter. swSmtpConnFailureTrap 1.3.6.1.4.1.259.10.1.10.2.1.0.41 This trap is triggered if the SMTP system cannot open a connection to the mail server successfully.
Page 492 * These are legacy notifications and therefore must be enabled in conjunction with the corresponding traps on the SNMP Configuration menu. † The MIB OID for ECS4660-28F is 1.3.6.1.4.1.259.10.1.10. – 492 –...
Page 493 | Basic Administration Protocols HAPTER Simple Network Management Protocol NTERFACE To configure an SNMP group: Click Administration, SNMP. Select Configure Group from the Step list. Select Add from the Action list. Enter a group name, assign a security model and level, and then select read, write, and notify views.
Page 494 | Basic Administration Protocols HAPTER Simple Network Management Protocol Use the Administration > SNMP (Configure User - Add Community) page to ETTING OMMUNITY configure up to five community strings authorized for management access CCESS TRINGS by clients using SNMP v1 and v2c. For security reasons, you should consider removing the default strings.
Page 495 | Basic Administration Protocols HAPTER Simple Network Management Protocol To show the community access strings: Click Administration, SNMP. Select Configure User from the Step list. Select Show Community from the Action list. Figure 263: Showing Community Access Strings Use the Administration > SNMP (Configure User - Add SNMPv3 Local User) ONFIGURING OCAL page to authorize management access for SNMPv3 clients, or to identify...
Page 496 | Basic Administration Protocols HAPTER Simple Network Management Protocol AuthPriv – SNMP communications use both authentication and ■ encryption. Authentication Protocol – The method used for user authentication. ◆ (Options: MD5, SHA; Default: MD5) Authentication Password – A minimum of eight plain text characters ◆...
Page 497 | Basic Administration Protocols HAPTER Simple Network Management Protocol To show local SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Local User from the Action list. Figure 265: Showing Local SNMPv3 Users Use the Administration > SNMP (Configure User - Add SNMPv3 Remote ONFIGURING EMOTE User) page to identify the source of SNMPv3 inform messages sent from...
Page 498 | Basic Administration Protocols HAPTER Simple Network Management Protocol Security Level – The following security levels are only used for the ◆ groups assigned to the SNMP security model: noAuthNoPriv – There is no authentication or encryption used in ■ SNMP communications.
Page 499 | Basic Administration Protocols HAPTER Simple Network Management Protocol Figure 266: Configuring Remote SNMPv3 Users To show remote SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Remote User from the Action list. Figure 267: Showing Remote SNMPv3 Users –...
Page 500 | Basic Administration Protocols HAPTER Simple Network Management Protocol Use the Administration > SNMP (Configure Trap) page to specify the host PECIFYING devices to be sent traps and the types of traps to send. Traps indicating ANAGERS status changes are issued by the switch to the specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management software).
Page 501 | Basic Administration Protocols HAPTER Simple Network Management Protocol ARAMETERS These parameters are displayed: SNMP Version 1 IP Address – IPv4 or IPv6 address of a new management station to ◆ receive notification message (i.e., the targeted recipient). Version – Specifies whether to send notifications as SNMP v1, v2c, or ◆...
Page 502 | Basic Administration Protocols HAPTER Simple Network Management Protocol SNMP Version 3 IP Address – IPv4 or IPv6 address of a new management station to ◆ receive notification message (i.e., the targeted recipient). Version – Specifies whether to send notifications as SNMP v1, v2c, or ◆...
Page 503 | Basic Administration Protocols HAPTER Simple Network Management Protocol NTERFACE To configure trap managers: Click Administration, SNMP. Select Configure Trap from the Step list. Select Add from the Action list. Fill in the required parameters based on the selected SNMP version. Click Apply Figure 268: Configuring Trap Managers (SNMPv1) Figure 269: Configuring Trap Managers (SNMPv2c)
Page 504 | Basic Administration Protocols HAPTER Simple Network Management Protocol Figure 270: Configuring Trap Managers (SNMPv3) To show configured trap managers: Click Administration, SNMP. Select Configure Trap from the Step list. Select Show from the Action list. Figure 271: Showing Trap Managers Use the Administration >...
Page 505 | Basic Administration Protocols HAPTER Simple Network Management Protocol The Notification Log MIB (NLM, RFC 3014) provides an infrastructure in which information from other MIBs may be logged. Given the service provided by the NLM, individual MIBs can now bear ◆...
Page 506 | Basic Administration Protocols HAPTER Simple Network Management Protocol Click Apply Figure 272: Creating SNMP Notification Logs To show configured SNMP notification logs: Click Administration, SNMP. Select Configure Notify Filter from the Step list. Select Show from the Action list. Figure 273: Showing SNMP Notification Logs Use the Administration >...
Page 507 | Basic Administration Protocols HAPTER Simple Network Management Protocol Illegal operation for community name supplied – The total ◆ number of SNMP messages delivered to the SNMP entity which represented an SNMP operation which was not allowed by the SNMP community named in the message.
Page 508 | Basic Administration Protocols HAPTER Remote Monitoring To show SNMP statistics: Click Administration, SNMP. Select Show Statistics from the Step list. Figure 274: Showing SNMP Statistics EMOTE ONITORING Remote Monitoring allows a remote device to collect information or respond to specified events on an independent basis. This switch is an RMON-capable device which can independently perform a wide range of tasks, significantly reducing network management traffic.
Page 509 | Basic Administration Protocols HAPTER Remote Monitoring Use the Administration > RMON (Configure Global - Add - Alarm) page to ONFIGURING define specific criteria that will generate response events. Alarms can be RMON A LARMS set to test data over any specified time interval, and can monitor absolute or changing values (such as a statistical counter reaching a specific value, or a statistic changing by a certain amount over the set interval).
Page 510 | Basic Administration Protocols HAPTER Remote Monitoring Falling Threshold – If the current value is less than or equal to the ◆ falling threshold, and the last sample value was greater than this threshold, then an alarm will be generated. After a falling event has been generated, another such event will not be generated until the sampled value has risen above the falling threshold, reaches the rising threshold, and again moves back down to the failing threshold.
Page 511 | Basic Administration Protocols HAPTER Remote Monitoring To show configured RMON alarms: Click Administration, RMON. Select Configure Global from the Step list. Select Show from the Action list. Click Alarm. Figure 276: Showing Configured RMON Alarms Use the Administration > RMON (Configure Global - Add - Event) page to ONFIGURING set the action to take when an alarm is triggered.
Page 512 | Basic Administration Protocols HAPTER Remote Monitoring Type – Specifies the type of event to initiate: ◆ None – No event is generated. ■ Log – Generates an RMON log entry when the event is triggered. ■ Log messages are processed based on the current configuration settings for event logging (see "System Log Configuration"...
Page 513 | Basic Administration Protocols HAPTER Remote Monitoring Figure 277: Configuring an RMON Event To show configured RMON events: Click Administration, RMON. Select Configure Global from the Step list. Select Show from the Action list. Click Event. Figure 278: Showing Configured RMON Events Use the Administration >...
Page 514 | Basic Administration Protocols HAPTER Remote Monitoring OMMAND SAGE ◆ Each index number equates to a port on the switch. If history collection is already enabled on an interface, the entry must ◆ be deleted before any changes can be made. ◆...
Page 515 | Basic Administration Protocols HAPTER Remote Monitoring Click Apply Figure 279: Configuring an RMON History Sample To show configured RMON history samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show from the Action list. Select a port from the list. Click History.
Page 516 | Basic Administration Protocols HAPTER Remote Monitoring Select a port from the list. Click History. Figure 281: Showing Collected RMON History Samples Use the Administration > RMON (Configure Interface - Add - Statistics) RMON ONFIGURING page to collect statistics on a port, which can subsequently be used to TATISTICAL AMPLES monitor the network for common errors and overall traffic rates.
Page 517 | Basic Administration Protocols HAPTER Remote Monitoring Select Add from the Action list. Click Statistics. Select a port from the list as the data source. Enter an index number, and the name of the owner for this entry Click Apply Figure 282: Configuring an RMON Statistical Sample To show configured RMON statistical samples: Click Administration, RMON.
Page 518 | Basic Administration Protocols HAPTER Switch Clustering To show collected RMON statistical samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show Details from the Action list. Select a port from the list. Click Statistics. Figure 284: Showing Collected RMON Statistical Samples WITCH LUSTERING Switch clustering is a method of grouping switches together to enable...
Page 519 | Basic Administration Protocols HAPTER Switch Clustering information between the Commander and potential Candidates or active Members through VLAN 4094. Once a switch has been configured to be a cluster Commander, it ◆ automatically discovers other cluster-enabled switches in the network. These “Candidate”...
Page 520 | Basic Administration Protocols HAPTER Switch Clustering Number of Members – The current number of Member switches in the ◆ cluster. Number of Candidates – The current number of Candidate switches ◆ discovered in the network that are available to become Members. NTERFACE To configure a switch cluster: Click Administration, Cluster.
Page 521 | Basic Administration Protocols HAPTER Switch Clustering NTERFACE To configure cluster members: Click Administration, Cluster. Select Configure Member from the Step list. Select Add from the Action list. Select one of the cluster candidates discovered by this switch, or enter the MAC address of a candidate.
Page 522 | Basic Administration Protocols HAPTER Switch Clustering To show cluster candidates: Click Administration, Cluster. Select Configure Member from the Step list. Select Show Candidate from the Action list. Figure 288: Showing Cluster Candidates Use the Administration > Cluster (Show Member) page to manage another ANAGING LUSTER switch in the cluster.
Page 523 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching NTERFACE To manage a cluster member: Click Administration, Cluster. Select Show Member from the Step list. Select an entry from the Cluster Member List. Click Operate. Figure 289: Managing a Cluster Member THERNET ROTECTION WITCHING...
Page 524 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching blocked to traffic. One designated node, the RPL owner, is responsible for blocking traffic over the RPL. When a ring failure occurs, the RPL owner is responsible for unblocking the RPL, allowing this link to be used for traffic. Ring nodes may be in one of two states: Idle –...
Page 525 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching by one or more interconnection points, and is based on the following criteria: ◆ The R-APS channels are not shared across Ethernet Ring interconnections. On each ring port, each traffic channel and each R-APS channel are ◆...
Page 526 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Figure 291: Ring Interconnection Architecture (Multi-ring/Ladder Network) Normal Condition Signal Fail Condition RPL Owner RPL Owner Node Node for ERP1 for ERP1 ring node B ring node A ring node B ring node A ERP1 ERP1...
Page 527 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Enable ERPS (Configure Global): Before enabling a ring as described in the next step, first globally enable ERPS on the switch. If ERPS has not yet been enabled or has been disabled, no ERPS rings will work. Enable an ERPS ring (Configure Domain –...
Page 528 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching NTERFACE To globally enable ERPS on the switch: Click Administration, ERPS. Select Configure Global from the Step list. Mark the ERPS Status check box. Click Apply. Figure 292: Setting ERPS Global Status Use the Administration >...
Page 529 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Show Domain Name – Name of a configured ERPS ring. ◆ ID – ERPS ring identifier used in R-APS messages. ◆ Admin Status – Shows whether ERPS is enabled on the switch. ◆...
Page 530 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Local FS – Shows if a forced switch command was issued on this ◆ interface. Local MS – Shows if a manual switch command was issued on this ◆ interface. MEP – The CFM MEP used to monitor the status on this link. ◆...
Page 531 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Version 2 is backward compatible with Version 1. If version 2 is specified, the inputs and commands are forwarded transparently. If set to version 1, MS and FS operator commands are filtered, and the switch set to revertive mode.
Page 532 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Only one RPL owner can be configured on a ring. The owner ■ blocks traffic on the RPL during Idle state, and unblocks it during Protection state (that is, when a signal fault is detected on the ring or the protection state is enabled with the Forced Switch or Manual Switch commands on the Configure Operation page).
Page 533 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching over both ring ports, informing that no request is present at this ring node and initiates a guard timer. When another recovered ring node (or nodes) holding the link block receives this message, it compares the Node ID information with its own Node ID.
Page 534 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Recovery for Forced Switching – A Forced Switch command is ■ removed by issuing the Clear command (Configure Operation page) to the same ring node where Forced Switch mode is in effect.
Page 535 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching The acceptance of the R-APS (NR, RB) message triggers all ring nodes to unblock any blocked non-RPL which does not have an SF condition. If it is an R-APS (NR, RB) message without a DNF indication, all ring nodes flush their FDB.
Page 536 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Recovery with non-revertive mode is handled as follows: ■ The RPL Owner Node, upon reception of an R-APS (NR) message and in the absence of any other higher priority request does not perform any action. Then, after the operator issues the Clear command (Configure Operation page) at the RPL Owner Node, this ring node blocks the ring port attached to the RPL,...
Page 537 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching A sub-ring may be attached to a primary ring with or without a ■ virtual channel. A virtual channel is used to connect two interconnection points on the sub-ring, tunneling R-APS control messages across an arbitrary Ethernet network topology.
Page 538 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching No R-APS messages are inserted or extracted by other rings or sub- rings at the interconnection nodes where a sub-ring is attached. Hence there is no need for either additional bandwidth or for different VIDs/Ring IDs for the ring interconnection.
Page 539 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching The RPL owner node detects a failed link when it receives R-APS ■ (SF - signal fault) messages from nodes adjacent to the failed link. The owner then enters protection state by unblocking the RPL. However, using this standard recovery procedure may cause a non- EPRS device to become isolated when the ERPS device adjacent to it detects a continuity check message (CCM) loss event and blocks the...
Page 540 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching that defect will be reported to the protection switching mechanism. The reported defect need not be the same one that started the timer. Guard Timer – The guard timer is used to prevent ring nodes from ◆...
Page 541 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching West/East – Connects to next ring node to the west/east. ◆ Each node must be connected to two neighbors on the ring. For convenience, the ports connected are referred to as east and west ports.
Page 542 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching NTERFACE To create an ERPS ring: Click Administration, ERPS. Select Configure Domain from the Step list. Select Add from the Action list. Enter a name and optional identifier for the ring. Click Apply.
Page 543 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Figure 296: Creating an ERPS Ring To show the configure ERPS rings: Click Administration, ERPS. Select Configure Domain from the Step list. Select Show from the Action list. Figure 297: Showing Configured ERPS Rings –...
Page 544 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching Use the Administration > ERPS (Configure Operation) page to block a ring ERPS F ORCED AND port using Forced Switch or Manual Switch commands. ANUAL PERATIONS CLI R EFERENCES "erps forced-switch" on page 1327 ◆...
Page 545: Table 35: Erps Request/State Priority
| Basic Administration Protocols HAPTER Ethernet Ring Protection Switching nodes where further forced switch commands are issued block the traffic channel and R-APS channel on the ring port at which the forced switch was issued. The ring node where the forced switch command was issued transmits an R-APS message over both ring ports indicating FS.
Page 546 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching under maintenance in order to avoid falling into the above mentioned unrecoverable situation. Manual Switch – Blocks specified ring port, in the absence of a ■ failure or an FS command. A ring with no request has a logical topology with the traffic ■...
Page 547 | Basic Administration Protocols HAPTER Ethernet Ring Protection Switching An ring node with a local manual switch command that receives an R-APS message or a local request of higher priority than R-APS (MS) clear its manual switch request. The ring node then processes the new higher priority request.
Page 548 | Basic Administration Protocols HAPTER Connectivity Fault Management Figure 298: Blocking an ERPS Ring Port ONNECTIVITY AULT ANAGEMENT Connectivity Fault Management (CFM) is an OAM protocol that includes proactive connectivity monitoring using continuity check messages, fault verification through loop back messages, and fault isolation by examining end-to-end connections between provider edge devices or between customer edge devices.
Page 549 | Basic Administration Protocols HAPTER Connectivity Fault Management A Maintenance Level allows maintenance domains to be nested in a ◆ hierarchical fashion, providing access to the specific network portions required by each operator. Domains at lower levels may be either hidden or exposed to operators managing domains at a higher level, allowing either course or fine fault resolution.
Page 550 | Basic Administration Protocols HAPTER Connectivity Fault Management Figure 300: Multiple CFM Maintenance Domains Customer MA Operator 1 MA Operator 2 MA Provider MA Note that the Service Instances within each domain shown above are based on a unique maintenance association for the specific users, distinguished by the domain name, maintenance level, maintenance association’s name, and assigned VLAN.
Page 551 | Basic Administration Protocols HAPTER Connectivity Fault Management SNMP traps can also be configured to provide an automated method of fault notification. If the fault notification generator detects one or more defects within the configured time period, and fault alarms are enabled, a corresponding trap will be sent.
Page 552 | Basic Administration Protocols HAPTER Connectivity Fault Management CLI R EFERENCES ◆ "CFM Commands" on page 1561 ARAMETERS These parameters are displayed: Global Configuration CFM Status – Enables CFM processing globally on the switch. ◆ (Default: Enabled) To avoid generating an excessive number of traps, the complete CFM maintenance structure and process parameters should be configured prior to enabling CFM processing globally on the switch.
Page 553 | Basic Administration Protocols HAPTER Connectivity Fault Management Link Trace Cache Hold Time – The hold time for CFM link trace cache ◆ entries. (Range: 1-65535 minutes; Default: 100 minutes) Before setting the aging time for cache entries, the cache must first be enabled in the Linktrace Cache attribute field.
Page 554 | Basic Administration Protocols HAPTER Connectivity Fault Management Cross Check MEP Unknown – Sends a trap if an unconfigured MEP ◆ comes up. A MEP Unknown trap is sent if cross-checking is enabled , and a CCM is received from a remote MEP that is not configured in the static list NTERFACE To configure global settings for CFM: Click Administration, CFM.
Page 555 | Basic Administration Protocols HAPTER Connectivity Fault Management CFM processes are enabled by default for all physical interfaces, both ports ONFIGURING and trunks. You can use the Administration > CFM (Configure Interface) NTERFACES FOR page to change these settings. CLI R EFERENCES "ethernet cfm port-enable"...
Page 556 | Basic Administration Protocols HAPTER Connectivity Fault Management CLI R EFERENCES ◆ "CFM Commands" on page 1561 OMMAND SAGE Configuring General Settings Where domains are nested, an upper-level hierarchical domain must ◆ have a higher maintenance level than the ones it encompasses. The higher to lower level domain types commonly include entities such as customer, service provider, and operator.
Page 557: Table 36: Remote Mep Priority Levels
| Basic Administration Protocols HAPTER Connectivity Fault Management The MIP creation method defined for an MA (see "Configuring CFM Maintenance Associations") takes precedence over the method defined on the CFM Domain List. Configuring Fault Notification A fault alarm can generate an SNMP notification. It is issued when the ◆...
Page 558 | Basic Administration Protocols HAPTER Connectivity Fault Management ARAMETERS These parameters are displayed: Creating a Maintenance Domain MD Index – Domain index. (Range: 1-65535) ◆ MD Name – Maintenance domain name. (Range: 1-43 alphanumeric ◆ characters) MD Level – Authorized maintenance level for this domain. ◆...
Page 559 | Basic Administration Protocols HAPTER Connectivity Fault Management Select Add from the Action list. Specify the maintenance domains and authorized maintenance levels (thereby setting the hierarchical relationship with other domains). Specify the manner in which MIPs can be created within each domain. Click Apply.
Page 560 | Basic Administration Protocols HAPTER Connectivity Fault Management To configure detailed settings for maintenance domains: Click Administration, CFM. Select Configure MD from the Step list. Select Configure Details from the Action list. Select an entry from the MD Index. Specify the MEP archive hold and MEP fault notification parameters. Click Apply Figure 305: Configuring Detailed Settings for Maintenance Domains Use the Administration >...
Page 561 | Basic Administration Protocols HAPTER Connectivity Fault Management Multiple domains at the same maintenance level cannot have an MA on ◆ the same VLAN (see "Configuring CFM Maintenance Domains" on page 555). Before removing an MA, first remove the MEPs assigned to it (see ◆...
Page 562 | Basic Administration Protocols HAPTER Connectivity Fault Management MIP Creation Type – Specifies the CFM protocol’s creation method for ◆ maintenance intermediate points (MIPs) in this MA: Default – MIPs can be created for this MA on any bridge port ■...
Page 563 | Basic Administration Protocols HAPTER Connectivity Fault Management AIS Transmit Level – Configure the AIS maintenance level in an MA. ◆ (Range: 0-7; Default is 0) AIS Level must follow this rule: AIS Level >= Domain Level AIS Suppress Alarm – Enables/disables suppression of the AIS. ◆...
Page 564 | Basic Administration Protocols HAPTER Connectivity Fault Management To show the configured maintenance associations: Click Administration, CFM. Select Configure MA from the Step list. Select Show from the Action list. Select an entry from the MD Index list. Figure 307: Showing Maintenance Associations To configure detailed settings for maintenance associations: Click Administration, CFM.
Page 565 | Basic Administration Protocols HAPTER Connectivity Fault Management Figure 308: Configuring Detailed Settings for Maintenance Associations Use the Administration > CFM (Configure MEP – Add) page to configure ONFIGURING Maintenance End Points (MEPs). MEPs, also called Domain Service Access AINTENANCE Points (DSAPs), must be configured at the domain boundary to provide OINTS management access for each maintenance association.
Page 566 | Basic Administration Protocols HAPTER Connectivity Fault Management and receives them from, the direction of the internal bridge relay mechanism. If the Up option is not selected, then the MEP is facing away from the switch, and transmits CFM messages towards, and receives them from, the direction of the physical medium.
Page 567 | Basic Administration Protocols HAPTER Connectivity Fault Management Select an entry from MD Index and MA Index. Figure 310: Showing Maintenance End Points Use the Administration > CFM (Configure Remote MEP – Add) page to ONFIGURING EMOTE specify remote maintenance end points (MEPs) set on other CFM-enabled AINTENANCE devices within a common MA.
Page 568 | Basic Administration Protocols HAPTER Connectivity Fault Management MA Index – MA identifier. (Range: 1-2147483647) ◆ MEP ID – Identifier for a maintenance end point which exists on ◆ another CFM-enabled device within the same MA. (Range: 1-8191) NTERFACE To configure a remote maintenance end point: Click Administration, CFM.
Page 569 | Basic Administration Protocols HAPTER Connectivity Fault Management Figure 312: Showing Remote Maintenance End Points Use the Administration > CFM (Transmit Link Trace) page to transmit link RANSMITTING trace messages (LTMs). These messages can isolate connectivity faults by RACE ESSAGES tracing the path through a network to the designated target node (i.e., a remote maintenance end point).
Page 570 | Basic Administration Protocols HAPTER Connectivity Fault Management ARAMETERS These parameters are displayed: MD Index – Domain index. (Range: 1-65535) ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ Source MEP ID – The identifier of a source MEP that will send the link ◆...
Page 571 | Basic Administration Protocols HAPTER Connectivity Fault Management Use the Administration > CFM (Transmit Loopback) page to transmit RANSMITTING Loopback Messages (LBMs). These messages can be used to isolate or ESSAGES verify connectivity faults by submitting a request to a target node (i.e., a remote MEP or MIP) to echo the message back to the source.
Page 572 | Basic Administration Protocols HAPTER Connectivity Fault Management NTERFACE To transmit loopback messages: Click Administration, CFM. Select Transmit Loopback from the Step list. Select an entry from MD Index and MA Index. Specify the source MEP, the target MEP using either its MEP identifier or MAC address, set the number of times the loopback message is to be sent.
Page 573 | Basic Administration Protocols HAPTER Connectivity Fault Management Frame delay measurement can be made only for two-way ◆ measurements, where the MEP transmits a frame with DM request information with the TxTimeStampf (Timestamp at the time of sending a frame with DM request information), and the receiving MEP responds with a frame with DM reply information with TxTimeStampf copied from the DM request information, RxTimeStampf (Timestamp at the time of receiving a frame with DM request information), and TxTimeStampb...
Page 574 | Basic Administration Protocols HAPTER Connectivity Fault Management NTERFACE To transmit delay-measure messages: Click Administration, CFM. Select Transmit Delay Measure from the Step list. Select an entry from MD Index and MA Index. Specify the source MEP, the target MEP using either its MEP identifier or MAC address, set the number of times the delay-measure message is to be sent, the interval, and the timeout.
Page 575 | Basic Administration Protocols HAPTER Connectivity Fault Management Level – Authorized maintenance level for this domain. ◆ Direction – Direction in which the MEP communicates CFM messages: ◆ Down indicates that the MEP is facing away from the switch, and ■...
Page 576 | Basic Administration Protocols HAPTER Connectivity Fault Management MD Name – The maintenance domain for this entry. ◆ MA Name – Maintenance association to which this remote MEP ◆ belongs. MA Name Format – The format of the Maintenance Association name, ◆...
Page 577 | Basic Administration Protocols HAPTER Connectivity Fault Management Select a MEP ID. Figure 317: Showing Detailed Information on Local MEPs Use the Administration > CFM > Show Information (Show Local MIP) page ISPLAYING to show the MIPs on this device discovered by the CFM protocol. (For a OCAL description of MIPs, refer to the Command Usage section under "Configuring CFM Maintenance...
Page 578 | Basic Administration Protocols HAPTER Connectivity Fault Management NTERFACE To show information for the MIPs discovered by the CFM protocol: Click Administration, CFM. Select Show Information from the Step list. Select Show Local MIP from the Action list. Figure 318: Showing Information on Local MIPs Use the Administration >...
Page 579 | Basic Administration Protocols HAPTER Connectivity Fault Management NTERFACE To show information for remote MEPs: Click Administration, CFM. Select Show Information from the Step list. Select Show Remote MEP from the Action list. Figure 319: Showing Information on Remote MEPs Use the Administration >...
Page 580 | Basic Administration Protocols HAPTER Connectivity Fault Management Age of Last CC Message – Length of time the last CCM message ◆ about this MEP has been in the CCM database. Frame Loss – Percentage of transmitted frames lost. ◆ CC Packet Statistics –...
Page 581 | Basic Administration Protocols HAPTER Connectivity Fault Management Figure 320: Showing Detailed Information on Remote MEPs Use the Administration > CFM > Show Information (Show Link Trace ISPLAYING THE Cache) page to show information about link trace operations launched from RACE ACHE this device.
Page 582 | Basic Administration Protocols HAPTER Connectivity Fault Management Ingress Action – Action taken on the ingress port: ◆ IngOk – The target data frame passed through to the MAC Relay ■ Entity. IngDown – The bridge port’s MAC_Operational parameter is false. ■...
Page 583 | Basic Administration Protocols HAPTER Connectivity Fault Management Figure 321: Showing the Link Trace Cache Use the Administration > CFM > Show Information (Show Fault Notification ISPLAYING AULT Generator) page to display configuration settings for the fault notification OTIFICATION generator. ETTINGS CLI R EFERENCES...
Page 584 | Basic Administration Protocols HAPTER Connectivity Fault Management NTERFACE To show configuration settings for the fault notification generator: Click Administration, CFM. Select Show Information from the Step list. Select Show Fault Notification Generator from the Action list. Figure 322: Showing Settings for the Fault Notification Generator Use the Administration >...
Page 585 | Basic Administration Protocols HAPTER OAM Configuration VIDS – MA x is associated with a specific VID list , an MEP is ■ configured facing inward (up) on this MA on the bridge port, and some other MA y, associated with at least one of the VID(s) also in MA x, also has an Up MEP configured facing inward (up) on some bridge port.
Page 586: Table 38: Oam Operation State
| Basic Administration Protocols HAPTER OAM Configuration CLI R EFERENCES ◆ "OAM Commands" on page 1603 ARAMETERS These parameters are displayed: Port – Port identifier. (Range: 1-28) ◆ Admin Status – Enables or disables OAM functions. ◆ (Default: Disabled) Operation State – Shows the operational state between the local and ◆...
Page 587 | Basic Administration Protocols HAPTER OAM Configuration Critical Link Event – Controls reporting of critical link events to its ◆ OAM peer. Dying Gasp – If an unrecoverable condition occurs, the local OAM ■ entity (i.e., this switch) indicates this by immediately sending a trap message.
Page 588 | Basic Administration Protocols HAPTER OAM Configuration reported by the switch. Specify whether errored frame link events will be reported, as well as the required window size and threshold. Click Apply. Figure 324: Enabling OAM for Local Ports Use the Administration > OAM > Counters page to display statistics for the ISPLAYING various types of OAM messages passed across each port.
Page 589 | Basic Administration Protocols HAPTER OAM Configuration NTERFACE To display statistics for OAM messages: Click Administration, OAM, Counters. Figure 325: Displaying Statistics for OAM Messages Use the Administration > OAM > Event Log page to display link events for ISPLAYING THE the selected port.
Page 590 | Basic Administration Protocols HAPTER OAM Configuration Figure 326: Displaying the OAM Event Log Use the Administration > OAM > Remote Interface page to display ISPLAYING information about attached OAM-enabled devices. TATUS OF EMOTE NTERFACES CLI R EFERENCES ◆ "show efm oam status remote interface" on page 1613 ARAMETERS These parameters are displayed: Port –...
Page 591 | Basic Administration Protocols HAPTER OAM Configuration NTERFACE To display information about attached OAM-enabled devices: Click Administration, OAM, Remote Interface. Figure 327: Displaying Status of Remote Interfaces Use the Administration > OAM > Remote Loopback (Remote Loopback ONFIGURING Test) page to initiate a loop back test to the peer device attached to the EMOTE selected port.
Page 592: Table 39: Oam Operation State
| Basic Administration Protocols HAPTER OAM Configuration ARAMETERS These parameters are displayed: Loopback Mode of Remote Device Port – Port identifier. (Range: 1-28) ◆ Loopback Mode – Shows if loop back mode is enabled on the peer. ◆ This attribute must be enabled before starting the loopback test. Loopback Status –...
Page 593 | Basic Administration Protocols HAPTER OAM Configuration NTERFACE To initiate a loop back test to the peer device attached to the selected port: Click Administration, OAM, Remote Loop Back. Select Remote Loopback Test from the Action list. Select the port on which to initiate remote loop back testing, enable the Loop Back Mode attribute, and click Apply.
Page 594 | Basic Administration Protocols HAPTER PTP Configuration NTERFACE To display the results of remote loop back testing for each port for which this information is available: Click Administration, OAM, Remote Loop Back. Select Show Test Result from the Action list. Figure 329: Displaying the Results of Remote Loop Back Testing PTP C ONFIGURATION...
Page 595 | Basic Administration Protocols HAPTER PTP Configuration Use the Sync > PTP (Configure Global) page to set the operating mode, ONFIGURING LOBAL adjustment to received Sync messages, the preference level used to select ETTINGS FOR the master clock, and clock synchronization domain to which the switch is assigned.
Page 596 | Basic Administration Protocols HAPTER PTP Configuration time are not necessarily the same for all paths through the switch or for successive messages crossing the same path. Setting the switch to end-to-end transparent mode makes it synchronize all ports with the grand master clock connected to the switch.
Page 597 | Basic Administration Protocols HAPTER PTP Configuration Variance – A clock's estimate of its stability based on ■ observation of its performance against the PTP reference. Quality – Clock quality based on expected timing deviation, ■ technology used to implement the clock, or location in a stratum schema.
Page 598 | Basic Administration Protocols HAPTER PTP Configuration Click Apply. Figure 330: Configuring Global Settings for PTP Use the Sync > PTP (Configure Interface) page to set the interface-level ONFIGURING administrative state, delay mechanism, transport mode, and timing NTERFACE ETTINGS attributes. CLI R EFERENCES "ptp port-enable"...
Page 599: Table 40: Ethernet Multicast Mac Addresses
| Basic Administration Protocols HAPTER PTP Configuration Delay Mechanism – Sets the delay measurement method for a ◆ boundary clock to one of the following options: End-to-End – This method measures the residence time required ■ for PTP event messages to cross from the input port to the output port, and adjusts the time stamp to compensate for this delay.
Page 600: Table 43: Udp/Ipv6 Destination Port Numbers
| Basic Administration Protocols HAPTER PTP Configuration IPv6 UDP – PTP messages are transmitted using UDP over IPv6. ■ When using UDP over IPv6 as a transport mechanism, the following UDP destination ports are reserved values assigned to PTP. Table 43: UDP/IPv6 Destination Port Numbers Message Types UDP Port Number Event message...
Page 601 | Basic Administration Protocols HAPTER PTP Configuration Announce Receipt Timeout – Sets the transmit timeout for PTP ◆ announcement messages. This parameter indicates the number of PTP announce message intervals which have to expire without the receipt of a announce message before the session times out. (Range: 2-10; Default: 3) Log Min Pdelay Req Interval –...
Page 602 | Basic Administration Protocols HAPTER PTP Configuration Select Port or Trunk from the Interface options. Set the operational state for each port, the message transport mechanism, and the timing attributes. Click Apply. Figure 331: Configuring Interface Settings for PTP Use the Sync > PTP (Show PTP Information) page to show the default data HOWING settings, current data set, parent data set, time properties, and port- NFORMATION...
Page 603 | Basic Administration Protocols HAPTER PTP Configuration Offset Scaled Log Variance – An attribute defining the stability of ■ the clock. Priority1 – A preference level used in selecting the master clock. ◆ Priority2 – A secondary preference level used in selecting the master ◆...
Page 604 | Basic Administration Protocols HAPTER PTP Configuration Grandmaster Priority2 – A secondary preference level used in selecting ◆ the grand master clock. Time Properties Current UTC Offset – Current offset between TAI (International Atomic ◆ Time) and UTC (Coordinated Universal Time). Current UTC Offset Valid –...
Page 605 | Basic Administration Protocols HAPTER PTP Configuration Log Announce Interval – Announcement message transmit interval ■ (log value). Log Sync Interval – Synchronization message transmit interval (log ■ value). Delay Mechanism – Time delay measurement method (end-to-end ■ or peer-to-peer). Log Min Pdelay Req.
Page 606 | Basic Administration Protocols HAPTER PTP Configuration Figure 333: Displaying PTP Information (Current Data) Figure 334: Displaying PTP Information (Parent Data) Figure 335: Displaying PTP Information (Time Properties) – 606 –...
Page 607 | Basic Administration Protocols HAPTER PTP Configuration Figure 336: Displaying PTP Information (Port Data) Use the Sync > PTP (Show PTP Foreign Master) page to show PTP HOWING announcements from neighbors. OREIGN ASTER CLI R EFERENCES ◆ "show ptp foreign-master" on page 974 ARAMETERS These parameters are displayed: Interface –...
Page 608 | Basic Administration Protocols HAPTER PTP Configuration NTERFACE To show PTP announcements from neighbors: Click Sync, PTP. Select Show PTP Foreign Master from the Step list. Figure 337: Displaying PTP Neighbor Information – 608 –...
Page 609: M Ulticast F Iltering
ULTICAST ILTERING This chapter describes how to configure the following multicast services: IGMP Snooping – Configures snooping and query parameters for IPv4. ◆ Filtering and Throttling – Filters specified multicast service, or throttling ◆ the maximum of multicast groups allowed on an interface for IPv4. MLD Snooping –...
Page 610 | Multicast Filtering HAPTER Overview Figure 338: Multicast Filtering Concept Unicast Flow Multicast Flow This switch can use Internet Group Management Protocol (IGMP) to filter multicast traffic. IGMP Snooping can be used to passively monitor or “snoop” on exchanges between attached hosts and an IGMP-enabled device, most commonly a multicast router.
Page 611 | Multicast Filtering HAPTER IGMP Protocol IGMP P ROTOCOL The Internet Group Management Protocol (IGMP) runs between hosts and their immediately adjacent multicast router/switch. IGMP is a multicast host registration protocol that allows any host to inform its local router that it wants to receive transmissions addressed to a specific multicast group.
Page 612 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) When using IGMPv3 snooping, service requests from IGMP Version 1, 2 or 3 hosts are all forwarded to the upstream router as IGMPv3 reports. The primary enhancement provided by IGMPv3 snooping is in keeping track of information about the specific multicast sources which downstream IGMPv3 hosts have requested or refused.
Page 613 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) IGMP Snooping with Proxy Reporting – The switch supports last leave, and query suppression (as defined in DSL Forum TR-101, April 2006): When proxy reporting is disabled, all IGMP reports received by the ◆...
Page 614 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Multicast routers use this information from IGMP snooping and query reports, along with a multicast routing protocol such as PIM, to support IP multicasting across the Internet. ARAMETERS These parameters are displayed: IGMP Snooping Status –...
Page 615 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) multicast traffic will be flooded to all VLAN ports. If many ports have subscribed to different multicast groups, flooding may cause excessive packet loss on the link between the switch and the end host. Flooding may be disabled to avoid this, causing multicast traffic to be delivered only to those ports on which multicast group members have been learned.
Page 616 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Forwarding Priority – Assigns a CoS priority to all multicast traffic. ◆ (Range: 0-7, where 7 is the highest priority) This parameter can be used to set a high priority for low-latency multicast traffic such as a video-conference, or to set a low priority for normal multicast traffic not sensitive to latency.
Page 617 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Figure 340: Configuring General Settings for IGMP Snooping Use the Multicast > IGMP Snooping > Multicast Router (Add Static PECIFYING TATIC Multicast Router) page to statically attach an IPv4 interface to a multicast NTERFACES FOR AN router/switch.
Page 618 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Type (Show Current Multicast Router) – Shows if this entry is static or ◆ dynamic. Expire (Show Current Multicast Router) – Time until this dynamic entry ◆ expires. NTERFACE To specify a static interface attached to a multicast router: Click Multicast, IGMP Snooping, Multicast Router.
Page 619 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Figure 342: Showing Static Interfaces Attached an IPv4 Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol (such as PIM) to support IP multicasting across the Internet.
Page 620 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) CLI R EFERENCES ◆ "ip igmp snooping vlan static" on page 1442 OMMAND SAGE Static multicast addresses are never aged out. ◆ When a multicast address is assigned to an interface in a specific VLAN, ◆...
Page 621 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) To show the static interfaces assigned to an IPv4 multicast service: Click Multicast, IGMP Snooping, IGMP Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information. Figure 345: Showing Static Interfaces Assigned to an IPv4 Multicast Service Use the Multicast >...
Page 622 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) The default values recommended in the MRD draft are implemented in the switch. Multicast Router Discovery uses the following three message types to discover multicast routers: Multicast Router Advertisement – Advertisements are sent by routers to ◆...
Page 623 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) ARAMETERS These parameters are displayed: VLAN – ID of configured VLANs. (Range: 1-4094) ◆ IGMP Snooping Status – When enabled, the switch will monitor ◆ network traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic.
Page 624 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Proxy Reporting – Enables IGMP Snooping with Proxy Reporting. ◆ (Default: Based on global setting) When proxy reporting is enabled with this command, the switch performs “IGMP Snooping with Proxy Reporting” (as defined in DSL Forum TR-101, April 2006), including last leave, and query suppression.
Page 625 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Last Member Query Count – The number of IGMP proxy group- ◆ specific or group-and-source-specific query messages that are sent out before the system assumes there are no more local members. (Range: 1-255;...
Page 626 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Figure 346: Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping: Click Multicast, IGMP Snooping, Interface. Select Show VLAN Information from the Action list. Figure 347: Showing Interface Settings for IGMP Snooping –...
Page 627 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Use the Multicast > IGMP Snooping > Interface page to configure an IGMP ILTERING interface to drop IGMP query packets or multicast data packets. UERY ACKETS AND ULTICAST CLI R EFERENCES "ip igmp query-drop"...
Page 628 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Use the Multicast > IGMP Snooping > Forwarding Entry page to display the ISPLAYING forwarding entries learned through IGMP Snooping. ULTICAST ROUPS ISCOVERED BY CLI R EFERENCES IGMP S NOOPING "show ip igmp snooping group"...
Page 629 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) NTERFACE To show multicast groups learned through IGMP snooping: Click Multicast, IGMP Snooping, Forwarding Entry. Select the VLAN for which to display this information. Figure 349: Showing Multicast Groups Learned by IGMP Snooping Use the Multicast >...
Page 630 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Specific Query Received – The number of specific queries received ◆ on this interface. Specific Query Sent – The number of specific queries sent from this ◆ interface. Number of Reports Sent –...
Page 631 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) NTERFACE To display statistics for IGMP snooping query-related messages: Click Multicast, IGMP Snooping, Statistics. Select Show Query Statistics from the Action list. Select a VLAN. Figure 350: Displaying IGMP Snooping Statistics – Query To display IGMP snooping protocol-related statistics for a VLAN: Click Multicast, IGMP Snooping, Statistics.
Page 632 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query for IPv4) Figure 351: Displaying IGMP Snooping Statistics – VLAN To display IGMP snooping protocol-related statistics for a port: Click Multicast, IGMP Snooping, Statistics. Select Show Port Statistics from the Action list. Select a Port.
Page 633 | Multicast Filtering HAPTER Filtering and Throttling IGMP Groups IGMP G ILTERING AND HROTTLING ROUPS In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan. The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port, and IGMP throttling limits the number of simultaneous multicast groups a port can join.
Page 634 | Multicast Filtering HAPTER Filtering and Throttling IGMP Groups Figure 353: Enabling IGMP Filtering and Throttling Use the Multicast > IGMP Snooping > Filter (Configure Profile – Add) page IGMP ONFIGURING to create an IGMP profile and set its access mode. Then use the (Add ILTER ROFILES Multicast Group Range) page to configure the multicast groups to filter.
Page 635 | Multicast Filtering HAPTER Filtering and Throttling IGMP Groups NTERFACE To create an IGMP filter profile and set its access mode: Click Multicast, IGMP Snooping, Filter. Select Configure Profile from the Step list. Select Add from the Action list. Enter the number for a profile, and set its access mode. Click Apply.
Page 636 | Multicast Filtering HAPTER Filtering and Throttling IGMP Groups Select the profile to configure, and add a multicast group address or range of addresses. Click Apply. Figure 356: Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an IGMP filter profile: Click Multicast, IGMP Snooping, Filter.
Page 637 | Multicast Filtering HAPTER Filtering and Throttling IGMP Groups reached on a port, the switch can take one of two actions; either “deny” or “replace.” If the action is set to deny, any new IGMP join reports will be dropped. If the action is set to replace, the switch randomly removes an existing group and replaces it with the new multicast group.
Page 638 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) Figure 358: Configuring IGMP Filtering and Throttling Interface Settings MLD S NOOPING NOOPING AND UERY FOR Multicast Listener Discovery (MLD) snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4. That is, MLD snooping dynamically configures switch ports to limit IPv6 multicast traffic so that it is forwarded only to ports with users that want to receive it.
Page 639 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) An IPv6 address must be configured on the VLAN interface from which the querier will act if elected. When serving as the querier, the switch uses this IPv6 address as the query source address. The querier will not start or will disable itself after having started if it detects an IPv6 multicast router on the network.
Page 640 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) Click Apply. Figure 359: Configuring General Settings for MLD Snooping Use the Multicast > MLD Snooping > Interface page to configure ETTING MMEDIATE Immediate Leave status for a VLAN. EAVE TATUS FOR MLD S...
Page 641 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) Figure 360: Configuring Immediate Leave for MLD Snooping Use the Multicast > MLD Snooping > Multicast Router (Add Static Multicast PECIFYING TATIC Router) page to statically attach an interface to an IPv6 multicast router/ NTERFACES FOR AN switch.
Page 642 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) Figure 361: Configuring a Static Interface for an IPv6 Multicast Router To show the static interfaces attached to a multicast router: Click Multicast, MLD Snooping, Multicast Router. Select Show Static Multicast Router from the Action list. Select the VLAN for which to display this information.
Page 643 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) Use the Multicast > MLD Snooping > MLD Member (Add Static Member) SSIGNING page to statically assign an IPv6 multicast service to an interface. NTERFACES TO ULTICAST ERVICES Multicast filtering can be dynamically configured using MLD snooping and query messages (see "Configuring MLD Snooping and Query Parameters"...
Page 644 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) Figure 364: Assigning an Interface to an IPv6 Multicast Service To show the static interfaces assigned to an IPv6 multicast service: Click Multicast, MLD Snooping, MLD Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information.
Page 645 | Multicast Filtering HAPTER MLD Snooping (Snooping and Query for IPv6) Figure 366: Showing Current Interfaces Assigned to an IPv6 Multicast Service Use the Multicast > MLD Snooping > Group Information page to display HOWING known multicast groups, member ports, the means by which each group NOOPING ROUPS was learned, and the corresponding source list.
Page 646 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) Exclude List – Sources included on the router’s exclude list. ◆ NTERFACE To display known MLD multicast groups: Click Multicast, MLD Snooping, Group Information. Select the port or trunk, and then select a multicast service assigned to that interface.
Page 647 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) Multicast Routing Discovery (MRD) is used to discover which interfaces are attached to multicast routers. (For a description of this protocol, see “Multicast Router Discovery” on page 621.) IGMP Proxy –...
Page 648 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) the proxy devices independent of the multicast routing protocols used by core routers. IGMP proxy routing uses a tree topology, where the root of the tree is connected to a complete multicast infrastructure (with the upstream interface connected to the Internet as shown in the figure above).
Page 649 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) The system periodically checks the multicast route table for (*,G) any- ◆ source multicast forwarding entries. When changes occur in the downstream IGMP groups, an IGMP state change report is created and sent to the upstream router.
Page 650 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) Use the Multicast > IGMP > Interface page to configure interface settings ONFIGURING for IGMP. IGMP I NTERFACE ARAMETERS The switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service.
Page 651 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) the QRV field does not contain a declared robustness value, the switch will set the robustness variable to the value statically configured by this command. If the QRV exceeds 7, the maximum value of the QRV field, the robustness value is set to zero, meaning that this device will not advertise a QRV in any query messages it subsequently sends.
Page 652 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) NTERFACE To configure IGMP interface settings: Click Multicast, IGMP, Interface. Select each interface that will support IGMP (Layer 3), and set the required IGMP parameters. Click Apply. Figure 370: Configuring IGMP Interface Settings Use the Multicast >...
Page 653 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) The switch supports a maximum of 64 static group entries. ◆ ARAMETERS These parameters are displayed: VLAN – VLAN interface to assign as a static member of the specified ◆...
Page 654 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) Figure 372: Showing Static IGMP Groups When IGMP (Layer 3) is enabled on the switch, use the Multicast > IGMP > ISPLAYING Group Information pages to display the current multicast groups learned ULTICAST ROUP through IGMP.
Page 655 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) V1 Timer – The time remaining until the switch assumes that there are ◆ no longer any IGMP Version 1 members on the IP subnet attached to this interface. If the switch receives an IGMP Version 1 Membership Report, it sets ■...
Page 656 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) NTERFACE To display the current multicast groups learned through IGMP: Click Multicast, IGMP, Group Information. Select Show Information from the Action list. Select a VLAN. The selected entry must be a configured IP interface. Figure 373: Displaying Multicast Groups Learned from IGMP (Information) To display detailed information about the current multicast groups learned through IGMP:...
Page 657 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 VLAN R ULTICAST EGISTRATION FOR Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN most commonly used for transmitting multicast traffic (such as television channels or video-on-demand) across a service provider’s network.
Page 658 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 group to the participating interfaces (see "Assigning Static MVR Multicast Groups to Interfaces" on page 667). Although MVR operates on the underlying mechanism of IGMP ◆ snooping, the two features operate independently of each other. One can be enabled or disabled without affecting the behavior of the other.
Page 659 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 When a source port receives a query message, it will be ■ forwarded to all downstream receiver ports. When a receiver port receives a query message, it will be ■ dropped. Robustness Value –...
Page 660 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 NTERFACE To configure global settings for MVR: Click Multicast, MVR. Select Configure Global from the Step list. Set the status for MVR proxy switching, the robustness value used for report and query messages, the proxy query interval, and source port mode.
Page 661 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 source port with a valid link has been configured (see "Configuring MVR Interface Status" on page 665). MVR Current Learned Groups – The number of MVR groups currently ◆ assigned to this domain. Forwarding Priority –...
Page 662 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 Use the Multicast > MVR (Configure Profile and Associate Profile) pages to ONFIGURING assign the multicast group address for required services to one or more ROUP DDRESS MVR domains. ROFILES CLI R EFERENCES "MVR for IPv4"...
Page 663 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 NTERFACE To configure an MVR group address profile: Click Multicast, MVR. Select Configure Profile from the Step list. Select Add from the Action list. Enter the name of a group profile to be assigned to one or more domains, and specify a multicast group that will stream traffic to participating hosts.
Page 664 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 To assign an MVR group address profile to a domain: Click Multicast, MVR. Select Associate Profile from the Step list. Select Add from the Action list. Select a domain from the scroll-down list, and enter the name of a group profile.
Page 665 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 Use the Multicast > MVR (Configure Interface) page to configure each ONFIGURING interface that participates in the MVR protocol as a source port or receiver NTERFACE TATUS port. If you are sure that only one subscriber attached to an interface is receiving multicast services, you can enable the immediate leave function.
Page 666 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 Type – The following interface types are supported: ◆ Source – An uplink port that can send and receive multicast data ■ for the groups assigned to the MVR VLAN. Note that the source port must be manually configured as a member of the MVR VLAN (see "Adding Static Members to VLANs"...
Page 667 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 Figure 382: Configuring Interface Settings for MVR Use the Multicast > MVR (Configure Static Group Member) page to SSIGNING statically bind multicast groups to a port which will receive long-term TATIC multicast streams associated with a stable set of hosts.
Page 668 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 NTERFACE To assign a static MVR group to an interface: Click Multicast, MVR. Select Configure Static Group Member from the Step list. Select Add from the Action list. Select an MVR domain. Select a VLAN and interface to receive the multicast stream, and then enter the multicast group address.
Page 669 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 Use the Multicast > MVR (Show Member) page to show the multicast ISPLAYING groups either statically or dynamically assigned to the MVR receiver groups ECEIVER ROUPS on each interface. CLI R EFERENCES "show mvr members"...
Page 670 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 Use the Multicast > MVR > Show Statistics pages to display MVR protocol- ISPLAYING related statistics for the specified interface. MVR S TATISTICS CLI R EFERENCES "show mvr statistics" on page 1494 ◆...
Page 671 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 G(-S)-S Query – The number of group specific or group-and-source ◆ specific query messages received on this interface. Drop – The number of times a report, leave or query was dropped. ◆...
Page 672 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 NTERFACE To display statistics for MVR query-related messages: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Query Statistics from the Action list. Select an MVR domain. Figure 386: Displaying MVR Statistics – Query –...
Page 673 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv4 To display MVR protocol-related statistics for a VLAN: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR domain. Select a VLAN. Figure 387: Displaying MVR Statistics –...
Page 674 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 To display MVR protocol-related statistics for a port: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR domain. Select a Port. Figure 388: Displaying MVR Statistics –...
Page 675 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bind the multicast group to the participating interfaces (see "Assigning Static MVR6 Multicast Groups to Interfaces"...
Page 676 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 groups, and the number of times group-specific queries are sent to downstream receiver ports. This parameter only takes effect when MVR6 proxy switching is ■ enabled. Proxy Query Interval – Configures the interval at which the receiver ◆...
Page 677 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Figure 389: Configuring Global Settings for MVR6 Use the Multicast > MVR6 (Configure Domain) page to enable MVR6 MVR6 ONFIGURING globally on the switch, and select the VLAN that will serve as the sole OMAIN ETTINGS channel for common multicast streams supported by the service provider.
Page 678 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Upstream Source IPv6 – The source IPv6 address assigned to all ◆ MVR6 control packets sent upstream on the specified domain. This parameter must be a full IPv6 address including the network prefix and host address bits.
Page 679 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 OMMAND SAGE ◆ Use the Configure Profile page to statically configure all multicast group addresses that will join the MVR6 VLAN. Any multicast data associated with an MVR6 group is sent from all source ports to all receiver ports that have registered to receive data from that multicast group.
Page 680 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Enter the name of a group profile to be assigned to one or more domains, and specify a multicast group that will stream traffic to participating hosts. Click Apply. Figure 391: Configuring an MVR6 Group Address Profile To show the configured MVR6 group address profiles: Click Multicast, MVR6.
Page 681 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Figure 393: Assigning an MVR6 Group Address Profile to a Domain To show the MVR6 group address profiles assigned to a domain: Click Multicast, MVR6. Select Associate Profile from the Step list. Select Show from the Action list.
Page 682 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Receiver ports should not be statically configured as a member of the MVR6 VLAN. If so configured, its MVR6 status will be inactive. Also, note that VLAN membership for MVR6 receiver ports cannot be set to access mode (see"Adding Static Members to VLANs"...
Page 683 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 MVR6 Status – Shows the MVR6 status. MVR6 status for source ports ◆ is “Active” if MVR6 is globally enabled on the switch. MVR6 status for receiver ports is “Active” only if there are subscribers receiving multicast traffic from one of the MVR6 groups, or a multicast group has been statically assigned to an interface.
Page 684 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Use the Multicast > MVR6 (Configure Static Group Member) page to SSIGNING TATIC statically bind multicast groups to a port which will receive long-term MVR6 M ULTICAST multicast streams associated with a stable set of hosts. ROUPS TO NTERFACES CLI R...
Page 685 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Figure 396: Assigning Static MVR6 Groups to a Port To show the static MVR6 groups assigned to an interface: Click Multicast, MVR6. Select Configure Static Group Member from the Step list. Select Show from the Action list.
Page 686 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 VLAN – The VLAN through which the service is received. Note that this ◆ may be different from the MVR6 VLAN if the group address has been statically assigned. Port – Indicates the source address of the multicast service, or ◆...
Page 687 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Port – Port identifier. (Range: 1-28) ◆ Trunk – Trunk identifier. (Range: 1-8) ◆ Query Statistics Querier IPv6 Address – The IP address of the querier on this ◆ interface. Querier Expire Time – The time after which this querier is assumed to ◆...
Page 688 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 Output Statistics Report – The number of MLD membership reports sent from this ◆ interface. Leave – The number of leave messages sent from this interface. ◆ G Query – The number of general query messages sent from this ◆...
Page 689 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a VLAN: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR6 domain. Select a VLAN. Figure 400: Displaying MVR6 Statistics –...
Page 690 | Multicast Filtering HAPTER Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a port: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR6 domain. Select a Port. Figure 401: Displaying MVR6 Statistics –...
Page 691: Ip C Onfiguration
IP C ONFIGURATION This chapter describes how to configure an initial IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types. You can manually configure a specific IPv4 or IPv6 address, or direct the switch to obtain an IPv4 address from a BOOTP or DHCP server.
Page 692 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 4) OMMAND SAGE ◆ This section describes how to configure a single local interface for initial access to the switch. To configure multiple IP interfaces, set up an IP interface for each VLAN.
Page 693 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 4) Subnet Mask – This mask identifies the host address bits used for ◆ routing to specific subnets. (Default: None) Restart DHCP – Requests a new IP address from the DHCP server. ◆...
Page 694 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 4) Figure 403: Configuring a Dynamic IPv4 Address The switch will also broadcast a request for IP configuration settings on each power reset. If you lose the management connection, make a console connection to the switch and enter “show ip interface”...
Page 695 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) To show the IPv4 address configured for an interface: Click IP, General, Routing Interface. Select Show Address from the Action list. Select an entry from the VLAN list. Figure 404: Showing the IPv4 Address for an Interface ’...
Page 696 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Use the IP > IPv6 Configuration (Configure Global) page to configure an ONFIGURING THE IPv6 default gateway for the switch. EFAULT ATEWAY CLI R EFERENCES "ipv6 default-gateway" on page 1664 ◆...
Page 697 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Use the IP > IPv6 Configuration (Configure Interface) page to configure ONFIGURING general IPv6 settings for the selected VLAN, including explicit configuration NTERFACE ETTINGS of a link local interface address, the MTU size, and neighbor discovery protocol settings for duplicate address detection and the neighbor solicitation interval.
Page 698 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) IPv6 routers do not fragment IPv6 packets forwarded from other ■ routers. However, traffic originating from an end-station connected to an IPv6 router may be fragmented. All devices on the same physical medium must use the same MTU in ■...
Page 699 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) When a non-default value is configured, the specified interval is used both for router advertisements and by the router itself. ND Reachable-Time – The amount of time that a remote IPv6 node is ◆...
Page 700 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Click Apply. Figure 406: Configuring General Settings for an IPv6 Interface To configure RA Guard for the switch: Click IP, IPv6 Configuration. Select Configure Interface from the Action list. Select RA Guard mode.
Page 701 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) OMMAND SAGE ◆ All IPv6 addresses must be formatted according to RFC 2373 “IPv6 Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields.
Page 702 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) by a forward slash, and a decimal value indicating how many contiguous bits (from the left) of the address comprise the prefix (i.e., the network portion of the address). EUI-64 (Extended Universal Identifier) –...
Page 703 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) NTERFACE To configure an IPv6 address: Click IP, IPv6 Configuration. Select Add IPv6 Address from the Action list. Specify the VLAN to configure, select the address type, and then enter an IPv6 address and prefix length.
Page 704 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) A node is also required to compute and join the associated solicited- node multicast addresses for every unicast and anycast address it is assigned. IPv6 addresses that differ only in the high-order bits, e.g. due to multiple high-order prefixes associated with different aggregations, will map to the same solicited-node address, thereby reducing the number of multicast addresses a node must join.
Page 705: Table 45: Show Ipv6 Neighbors - Display Description
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Use the IP > IPv6 Configuration (Show IPv6 Neighbor Cache) page to HOWING THE display the IPv6 addresses detected for neighbor devices. EIGHBOR ACHE CLI R EFERENCES "show ipv6 neighbors" on page 1694 ◆...
Page 706 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) NTERFACE To show neighboring IPv6 devices: Click IP, IPv6 Configuration. Select Show IPv6 Neighbors from the Action list. Figure 410: Showing IPv6 Neighbors Use the IP > IPv6 Configuration (Show Statistics) page to display statistics HOWING about IPv6 traffic passing through this switch.
Page 707: Table 46: Show Ipv6 Statistics - Display Description
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ARAMETERS These parameters are displayed: Table 46: Show IPv6 Statistics - display description Field Description IPv6 Statistics IPv6 Received Total The total number of input datagrams received by the interface, including those received in error.
Page 708 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Table 46: Show IPv6 Statistics - display description (Continued) Field Description IPv6 Transmitted Forwards Datagrams The number of output datagrams which this entity received and forwarded to their final destinations. In entities which do not act as IPv6 routers, this counter will include only those packets which were Source-Routed via this entity, and the Source-Route processing was successful.
Page 709 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Table 46: Show IPv6 Statistics - display description (Continued) Field Description Neighbor Advertisement The number of ICMP Neighbor Advertisement messages received Messages by the interface. Redirect Messages The number of Redirect messages received by the interface. Group Membership The number of ICMPv6 Group Membership Query messages Query Messages...
Page 710 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Table 46: Show IPv6 Statistics - display description (Continued) Field Description No Port Errors The total number of received UDP datagrams for which there was no application at the destination port. Other Errors The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the...
Page 711 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Figure 412: Showing IPv6 Statistics (ICMPv6) Figure 413: Showing IPv6 Statistics (UDP) – 711 –...
Page 712: Table 47: Show Mtu - Display Description
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) Use the IP > IPv6 Configuration (Show MTU) page to display the maximum HOWING THE transmission unit (MTU) cache for destinations that have returned an ICMP ESPONDING packet-too-big message along with an acceptable MTU to this switch. ESTINATIONS CLI R EFERENCES...
Page 713 IP S ERVICES This chapter describes the following IP services: – Configures default domain names, identifies servers to use for ◆ dynamic lookup, and shows how to configure static entries. DHCP Client – Specifies the DHCP client identifier for an interface. ◆...
Page 714 | IP Services HAPTER Domain Name Service OMMAND SAGE ◆ To enable DNS service on this switch, enable domain lookup status, and configure one or more name servers (see "Configuring a List of Name Servers" on page 716). ARAMETERS These parameters are displayed: Domain Lookup –...
Page 715 | IP Services HAPTER Domain Name Service If there is no domain list, the default domain name is used (see ◆ "Configuring General DNS Service Parameters" on page 713). If there is a domain list, the system will search it for a corresponding entry. If none is found, it will use the default domain name.
Page 716 | IP Services HAPTER Domain Name Service To show the list domain names: Click IP Service, DNS. Select Show Domain Names from the Action list. Figure 417: Showing the List of Domain Names for DNS Use the IP Service > DNS - General (Add Name Server) page to configure a ONFIGURING A list of name servers to be tried in sequential order.
Page 717 | IP Services HAPTER Domain Name Service Click Apply. Figure 418: Configuring a List of Name Servers for DNS To show the list name servers: Click IP Service, DNS. Select Show Name Servers from the Action list. Figure 419: Showing the List of Name Servers for DNS Use the IP Service >...
Page 718 | IP Services HAPTER Domain Name Service NTERFACE To configure static entries in the DNS table: Click IP Service, DNS, Static Host Table. Select Add from the Action list. Enter a host name and the corresponding address. Click Apply. Figure 420: Configuring Static Entries in the DNS Table To show static entries in the DNS table: Click IP Service, DNS, Static Host Table.
Page 719 | IP Services HAPTER Dynamic Host Configuration Protocol client can try each address in succession, until it establishes a connection with the target device. ARAMETERS These parameters are displayed: No. – The entry number for each resource record. ◆ ◆ Flag –...
Page 720: Table 48: Options 60, 66 And 67 Statements
| IP Services HAPTER Dynamic Host Configuration Protocol Use the IP Service > DHCP > Client page to specify the DHCP client DHCP PECIFYING A identifier for a VLAN interface. LIENT DENTIFIER CLI R EFERENCES "ip dhcp client class-id" on page 1625 ◆...
Page 721 ◆ Vendor Class ID – The following options are supported when the ◆ check box is marked to enable this feature: Default – The default string is ECS4660-28F. ■ Text – A text string. (Range: 1-32 characters) ■ Hex – A hexadecimal value. (Range: 1-64 characters) ■...
Page 722 | IP Services HAPTER Dynamic Host Configuration Protocol Figure 424: Layer 3 DHCP Relay Service DHCP Server Provides IP address compatible with switch segment to which client is attached CLI R EFERENCES "ip dhcp relay server" on page 1629 ◆ "ip dhcp restart relay"...
Page 723 | IP Services HAPTER Dynamic Host Configuration Protocol Figure 425: Configuring DHCP Relay Service This switch includes a Dynamic Host Configuration Protocol (DHCP) server ONFIGURING THE that can assign temporary IP addresses to any attached host requesting DHCP S ERVER service.
Page 724 | IP Services HAPTER Dynamic Host Configuration Protocol NABLING THE ERVER Use the IP Service > DHCP > Server (Configure Global) page to enable the DHCP Server. CLI R EFERENCES "service dhcp" on page 1634 ◆ ARAMETERS These parameters are displayed: DHCP Server –...
Page 725 | IP Services HAPTER Dynamic Host Configuration Protocol Be sure you exclude the address for this switch and other key network devices. NTERFACE To configure IP addresses excluded for DHCP clients: Click IP Service, DHCP, Server. Select Configure Excluded Addresses from the Step list. Select Add from the Action list.
Page 726 | IP Services HAPTER Dynamic Host Configuration Protocol ONFIGURING DDRESS OOLS Use the IP Service > DHCP > Server (Configure Pool – Add) page configure IP address pools for each IP interface that will provide addresses to attached clients via the DHCP server. CLI R EFERENCES "DHCP Server"...
Page 727 | IP Services HAPTER Dynamic Host Configuration Protocol Subnet Mask – The bit combination that identifies the network (or ◆ subnet) and the host portion of the DHCP address pool. Setting Parameters for a Static Host IP – The IP address to assign to the host. ◆...
Page 728 | IP Services HAPTER Dynamic Host Configuration Protocol Select Add from the Action list. Set the pool Type to Network or Host. Enter the IP address and subnet mask for a network pool or host. If configuring a static binding for a host, enter the client identifier or hardware address for the host device.
Page 729 | IP Services HAPTER Dynamic Host Configuration Protocol Figure 431: Configuring DHCP Server Address Pools (Host) To show the configured DHCP address pools: Click IP Service, DHCP, Server. Select Configure Pool from the Step list. Select Show from the Action list. Figure 432: Showing Configured DHCP Server Address Pools –...
Page 730 | IP Services HAPTER Forwarding UDP Service Requests ISPLAYING DDRESS INDINGS Use the IP Service > DHCP > Server (Show IP Binding) page display the host devices which have acquired an IP address from this switch’s DHCP server. CLI R EFERENCES "show ip dhcp binding"...
Page 731 | IP Services HAPTER Forwarding UDP Service Requests to forward broadcast packets for specified UDP application ports to remote servers located in another network segment. To configure UDP helper, enable it globally (see "Configuring General ◆ DNS Service Parameters" on page 713), specify the UDP destination ports for which broadcast traffic will be forwarded (see "Specifying UDP...
Page 732 | IP Services HAPTER Forwarding UDP Service Requests ARAMETERS These parameters are displayed: Destination UDP Port – UDP application port for which UDP service ◆ requests are forwarded. (Range: 1-65535) The following UDP ports are included in the forwarding list when the UDP helper is enabled, and a remote server address is configured: BOOTP client port 67...
Page 733 | IP Services HAPTER Forwarding UDP Service Requests Figure 436: Showing the UDP Destination Ports Use the IP Service > UDP Helper > Address page to specify the application PECIFYING server or subnet (indicated by a directed broadcast address) to which ARGET ERVER OR designated UDP broadcast packets are forwarded.
Page 734 | IP Services HAPTER Forwarding UDP Service Requests ARAMETERS These parameters are displayed: VLAN ID – VLAN identifier (Range: 1-4094) ◆ IP Address – Host address or directed broadcast address to which UDP ◆ broadcast packets are forwarded. (Range: 1-65535) NTERFACE To specify the target server or subnet for forwarding UDP request packets: Click IP Service, UDP Helper, Address.
Page 735 | IP Services HAPTER Configuring the PPPoE Intermediate Agent ONFIGURING THE NTERMEDIATE GENT This section describes how to configure the PPPoE Intermediate Agent (PPPoE IA) relay parameters required for passing authentication messages between a client and broadband remote access servers. Use the IP Service >...
Page 736 | IP Services HAPTER Configuring the PPPoE Intermediate Agent Operational Generic Error Message – The configured generic error ◆ message. NTERFACE To configure global settings for PPPoE IA: Click IP Service, PPPoE Intermediate Agent. Select Configure Global from the Step list. Enable the PPPoE IA on the switch, set the access node identifier, and set the generic error message.
Page 737 | IP Services HAPTER Configuring the PPPoE Intermediate Agent At least one trusted interface must be configured on the switch for ■ the PPPoE IA to function. Vendor Tag Strip – Enables the stripping of vendor tags from PPPoE ◆ Discovery packets sent from a PPPoE server.
Page 738 | IP Services HAPTER Configuring the PPPoE Intermediate Agent Figure 440: Configuring Interface Settings for PPPoE Intermediate Agent Use the IP Service > PPPoE Intermediate Agent (Show Statistics) page to E IA HOWING show statistics on PPPoE IA protocol messages. TATISTICS CLI R EFERENCES...
Page 739 | IP Services HAPTER Configuring the PPPoE Intermediate Agent NTERFACE To show statistics for PPPoE IA protocol messages: Click IP Service, PPPoE Intermediate Agent. Select Show Statistics from the Step list. Select Port or Trunk interface type. Figure 441: Showing PPPoE Intermediate Agent Statistics –...
Page 740 | IP Services HAPTER Configuring the PPPoE Intermediate Agent – 740 –...
Page 741 IP R ENERAL OUTING This chapter provides information on network functions including: Ping – Sends ping message to another node on the network. ◆ Trace – Sends ICMP echo request packets to another node on the ◆ network. Address Resolution Protocol –...
Page 742 | General IP Routing HAPTER IP Routing and Switching Each VLAN represents a virtual interface to Layer 3. You just need to provide the network address for each virtual interface, and the traffic between different subnetworks will be routed by Layer 3 switching. Figure 442: Virtual Interfaces and Layer 3 Routing Inter-subnet traffic (Layer 3 switching) Routing...
Page 743 | General IP Routing HAPTER IP Routing and Switching If the destination node is on the same subnetwork as the source network, then the packet can be transmitted directly without the help of a router. However, if the MAC address is not yet known to the switch, an Address Resolution Protocol (ARP) packet with the destination IP address is broadcast to get the destination MAC address from the destination node.
Page 744 | General IP Routing HAPTER Configuring IP Routing Interfaces The switch supports both static and dynamic routing. OUTING ROTOCOLS Static routing requires routing information to be stored in the switch ◆ either manually or when a connection is set up by an application outside the switch.
Page 745 | General IP Routing HAPTER Configuring IP Routing Interfaces If the switch is configured to advertise itself as the default gateway, a routing protocol must still be used to determine the next hop router for any unknown destinations, i.e., packets that do not match any routing table entry.
Page 746 | General IP Routing HAPTER Configuring IP Routing Interfaces the % delimiter. For example, FE80::7272%1 identifies VLAN 1 as the interface. NTERFACE To ping another device on the network: Click IP, General, Ping. Specify the target device and ping parameters. Click Apply.
Page 747 | General IP Routing HAPTER Configuring IP Routing Interfaces A trace terminates when the destination responds, when the maximum ◆ timeout (TTL) is exceeded, or the maximum number of hops is exceeded. The trace route function first sends probe datagrams with the TTL value ◆...
Page 748: Table 50: Address Resolution Protocol
| General IP Routing HAPTER Address Resolution Protocol DDRESS ESOLUTION ROTOCOL If IP routing is enabled (page 769), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next. ARP is used to map an IP address to a physical layer (i.e., MAC) address.
Page 749 | General IP Routing HAPTER Address Resolution Protocol When a node in the attached subnetwork does not have routing or a default gateway configured, Proxy ARP can be used to forward ARP requests to a remote subnetwork. When the router receives an ARP request for a remote network and Proxy ARP is enabled, it determines if it has the best route to the remote network, and then answers the ARP request by sending its own MAC address to the requesting node.
Page 750 | General IP Routing HAPTER Address Resolution Protocol Click Apply. Figure 446: Configuring General Settings for ARP For devices that do not respond to ARP requests or do not respond in a ONFIGURING TATIC timely manner, traffic will be dropped because the IP address cannot be ARP A DDRESSES mapped to a physical address.
Page 751 | General IP Routing HAPTER Address Resolution Protocol MAC Address – MAC address statically mapped to the corresponding ◆ IP address. (Valid MAC addresses are hexadecimal numbers in the format: xx-xx-xx-xx-xx-xx) NTERFACE To map an IP address to the corresponding physical address in the ARP cache using the web interface: Click IP, ARP.
Page 752 | General IP Routing HAPTER Address Resolution Protocol Use the IP > ARP (Show Information) page to display dynamic or local ISPLAYING entries in the ARP cache. The ARP cache contains static entries, and entries YNAMIC OR OCAL for local interfaces, including subnet, host, and broadcast addresses. ARP E NTRIES However, most entries will be dynamically learned through replies to...
Page 753: Table 51: Arp Statistics
| General IP Routing HAPTER Configuring Static Routes Use the IP > ARP (Show Information) page to display statistics for ARP ISPLAYING messages crossing all interfaces on this router. ARP S TATISTICS CLI R EFERENCES "show ip traffic" on page 1728 ◆...
Page 754 | General IP Routing HAPTER Configuring Static Routes changes in network topology, so you should only configure a small number of stable routes to ensure network accessibility. CLI R EFERENCES "ip route" on page 1724 ◆ OMMAND SAGE Up to 256 static routes can be configured. ◆...
Page 755 | General IP Routing HAPTER Displaying the Routing Table Figure 452: Configuring Static Routes To display static routes: Click IP, Routing, Static Routes. Select Show from the Action List. Figure 453: Displaying Static Routes ISPLAYING THE OUTING ABLE Use the IP > Routing > Routing Table (Show Information) page to display all routes that can be accessed via local network interfaces, through static routes, or through a dynamically learned route.
Page 756 | General IP Routing HAPTER Displaying the Routing Table network, the routing table is updated, and those changes are immediately reflected in the FIB. The FIB is distinct from the routing table (or, Routing Information Base – RIB), which holds all routing information received from routing peers.
Page 757 | General IP Routing HAPTER Equal-cost Multipath Routing Figure 454: Displaying the Routing Table QUAL COST ULTIPATH OUTING Use the IP > Routing > Routing Table (Configure ECMP Number) page to configure the maximum number of equal-cost paths that can transmit traffic to the same destination.
Page 758 | General IP Routing HAPTER Equal-cost Multipath Routing The routing table can only have up to 8 equal-cost multipaths for static ◆ routing and 8 for dynamic routing for a common destination. However, the system supports up to 256 total ECMP entries in ASIC for fast switching, with any additional entries handled by software routing.
Page 759 ONFIGURING OUTER EDUNDANCY Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load.
Page 760 | Configuring Router Redundancy HAPTER Configuring VRRP Groups Figure 458: Several Virtual Master Routers Configured for Mutual Backup and Load Sharing Router 1 Router 2 VRID 23 (Master) VRID 23 (Backup) IP(R1) = 192.168.1.3 IP(R1) = 192.168.1.5 IP(VR23) = 192.168.1.3 IP(VR23) = 192.168.1.3 VR Priority = 255 VR Priority = 100...
Page 761 | Configuring Router Redundancy HAPTER Configuring VRRP Groups priority. In cases where the configured priority is the same on several group members, then the master router with the highest IP address is selected from this group. If you have multiple secondary addresses configured on the current ◆...
Page 762 | Configuring Router Redundancy HAPTER Configuring VRRP Groups VLAN – ID of a VLAN configured with an IP interface. (Range: 1-4094; ◆ Default: 1) Adding a Virtual IP Address VLAN ID – ID of a VLAN configured with an IP interface. ◆...
Page 763 | Configuring Router Redundancy HAPTER Configuring VRRP Groups Authentication Mode – Authentication mode used to verify VRRP ◆ packets received from other routers. (Options: None, Simple Text; Default: None) If simple text authentication is selected, then you must also enter an authentication string.
Page 764 | Configuring Router Redundancy HAPTER Configuring VRRP Groups Figure 459: Configuring the VRRP Group ID To show the configured VRRP groups: Click IP, VRRP. Select Configure Group ID from the Step List. Select Show from the Action List. Figure 460: Showing Configured VRRP Groups To configure the virtual router address for a VRRP group: Click IP, VRRP.
Page 765 | Configuring Router Redundancy HAPTER Configuring VRRP Groups Figure 461: Setting the Virtual Router Address for a VRRP Group To show the virtual IP address assigned to a VRRP group: Click IP, VRRP. Select Configure Group ID from the Step List. Select Show IP Addresses from the Action List.
Page 766 | Configuring Router Redundancy HAPTER Displaying VRRP Global Statistics Figure 463: Configuring Detailed Settings for a VRRP Group VRRP G ISPLAYING LOBAL TATISTICS Use the IP > VRRP (Show Statistics – Global Statistics) page to display counters for errors found in VRRP protocol packets. CLI R EFERENCES "show vrrp router counters"...
Page 767: Table 52: Vrrp Group Statistics
| Configuring Router Redundancy HAPTER Displaying VRRP Group Statistics Figure 464: Showing Counters for Errors Found in VRRP Packets VRRP G ISPLAYING ROUP TATISTICS Use the IP > VRRP (Show Statistics – Group Statistics) page to display counters for VRRP protocol events and errors that have occurred on a specific VRRP interface.
Page 768 | Configuring Router Redundancy HAPTER Displaying VRRP Group Statistics Table 52: VRRP Group Statistics (Continued) Parameter Description Received Invalid Type Number of VRRP packets received by the virtual router with an VRRP Packets invalid value in the “type” field. Received Error Address Number of packets received for which the address list does not List VRRP Packets match the locally configured list for the virtual router.
Page 769 NICAST OUTING This chapter describes how to configure the following unicast routing protocols: – Configures Routing Information Protocol. OSPFv2 – Configures Open Shortest Path First (Version 2) for IPv4. VERVIEW This switch can route unicast traffic to different subnetworks using the Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) protocol.
Page 770 | Unicast Routing HAPTER Configuring the Routing Information Protocol subnetworks by connecting to one port from each available VLAN on the network. ONFIGURING THE OUTING NFORMATION ROTOCOL The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing.
Page 771 | Unicast Routing HAPTER Configuring the Routing Information Protocol networks. Moreover, RIP (version 1) wastes valuable network bandwidth by propagating routing information via broadcasts; it also considers too few network variables to make the best routing decision. Use the Routing Protocol > RIP > General (Configure) page to configure ONFIGURING general settings and the basic timers.
Page 772 | Unicast Routing HAPTER Configuring the Routing Information Protocol any VLAN interface not previously set to a specific receive or send version is set to the following default values: Receive: Accepts RIPv1 or RIPv2 packets. ■ Send: Route information is broadcast to other routers with RIPv2. ■...
Page 773 | Unicast Routing HAPTER Configuring the Routing Information Protocol Number of Route Changes – The number of route changes made to ◆ the IP route database by RIP. Number of Queries – The number of responses sent to RIP queries ◆...
Page 774 | Unicast Routing HAPTER Configuring the Routing Information Protocol Figure 467: Configuring General Settings for RIP Use the Routing Protocol > RIP > General (Clear Route) page to clear LEARING entries from the routing table based on route type or a specific network NTRIES FROM THE address.
Page 775 | Unicast Routing HAPTER Configuring the Routing Information Protocol Clear Route By Network – Clears a specific route based on its IP ◆ address and prefix length. Network IP Address – Deletes all related entries for the specified ■ network address. Prefix Length –...
Page 776 | Unicast Routing HAPTER Configuring the Routing Information Protocol ARAMETERS These parameters are displayed: By Address – Adds a network to the RIP routing process. ◆ Subnet Address – IP address of a network directly connected to ■ this router. (Default: No networks are specified) Prefix Length –...
Page 777 | Unicast Routing HAPTER Configuring the Routing Information Protocol Figure 470: Showing Network Interfaces Using RIP Use the Routing Protocol > RIP > Passive Interface (Add) page to stop RIP PECIFYING from sending routing updates on the specified interface. ASSIVE NTERFACES CLI R EFERENCES...
Page 778 | Unicast Routing HAPTER Configuring the Routing Information Protocol Figure 471: Specifying a Passive RIP Interface To show the passive RIP interfaces: Click Routing Protocol, RIP, Passive Interface. Select Show from the Action list. Figure 472: Showing Passive RIP Interfaces Use the Routing Protocol >...
Page 779 | Unicast Routing HAPTER Configuring the Routing Information Protocol Add the address of any static neighbors which may not readily to discovered through RIP. Click Apply. Figure 473: Specifying a Static RIP Neighbor To show static RIP neighbors: Click Routing Protocol, RIP, Neighbor Address. Select Show from the Action list.
Page 780 | Unicast Routing HAPTER Configuring the Routing Information Protocol Metric – Metric assigned to all external routes for the specified ◆ protocol. (Range: 0-16; Default: the default metric as described under "Configuring General Protocol Settings" on page 771.) A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics.
Page 781 | Unicast Routing HAPTER Configuring the Routing Information Protocol Figure 476: Showing External Routes Redistributed into RIP Use the Routing Protocol > RIP > Distance (Add) page to define an PECIFYING AN administrative distance for external routes learned from other routing DMINISTRATIVE protocols.
Page 782 | Unicast Routing HAPTER Configuring the Routing Information Protocol Click Apply. Figure 477: Setting the Distance Assigned to External Routes To show the distance assigned to external routes learned from other routing protocols: Click Routing Protocol, RIP, Distance. Select Show from the Action list. Figure 478: Showing the Distance Assigned to External Routes Use the Routing Protocol >...
Page 783 | Unicast Routing HAPTER Configuring the Routing Information Protocol The Send Version can be specified based on these options: ◆ Use “RIPv1” or “RIPv2” if all routers in the local network are based ■ on RIPv1 or RIPv2, respectively. Use “RIPv1 Compatible” to propagate route information by ■...
Page 784 | Unicast Routing HAPTER Configuring the Routing Information Protocol ARAMETERS These parameters are displayed: VLAN ID – Layer 3 VLAN interface. This interface must be configured ◆ with an IP address and have an active link. (Range: 1-4094) ◆ Send Version – The RIP version to send on an interface. RIPv1: Sends only RIPv1 packets.
Page 785 | Unicast Routing HAPTER Configuring the Routing Information Protocol Authentication Key – Specifies the key to use for authenticating ◆ RIPv2 packets. For authentication to function properly, both the sending and receiving interface must use the same password. (Range: 1-16 characters, case sensitive) Instability Prevention –...
Page 786 | Unicast Routing HAPTER Configuring the Routing Information Protocol To show the network interface settings configured for RIP: Click Routing Protocol, RIP, Interface. Select Show from the Action list. Figure 480: Showing RIP Network Interface Settings Use the Routing Protocol > RIP > Statistics (Show Interface Information) ISPLAYING page to display information about RIP interface configuration settings.
Page 787 | Unicast Routing HAPTER Configuring the Routing Information Protocol Figure 481: Showing RIP Interface Settings Use the Routing Protocol > RIP > Statistics (Show Peer Information) page ISPLAYING to display information on neighboring RIP routers. OUTER NFORMATION CLI R EFERENCES "show ip protocols rip"...
Page 788 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Use the Routing Protocol > RIP > Statistics (Reset Statistics) page to reset ESETTING all statistics for RIP protocol messages. RIP S TATISTICS CLI R EFERENCES no comparable command ◆...
Page 789 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Figure 484: Configuring OSPF isolated stub area virtual link backbone normal area ASBR NSSA Autonomous System A ASBR ASBR Router external network Autonomous System B OMMAND SAGE OSPF looks at more than just the simple hop count.
Page 790 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) You can further optimize the exchange of OSPF traffic by specifying ■ an area range that covers a large number of subnetwork addresses. This is an important technique for limiting the amount of traffic exchanged between Area Border Routers (ABRs).
Page 791 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) CLI R EFERENCES ◆ "router ospf" on page 1751 "network area" on page 1768 ◆ OMMAND SAGE Specify an Area ID and the corresponding network address range for ◆...
Page 792 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) NTERFACE To define an OSPF area and the interfaces that operate within this area: Click Routing Protocol, OSPF, Network Area. Select Add from the Action list. Configure a backbone area that is contiguous with all the other areas in the network, and configure an area for all of the other OSPF interfaces.
Page 793 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Figure 488: Showing OSPF Process Identifiers To implement dynamic OSPF routing, first assign VLAN groups to each IP ONFIGURING subnet to which this router will be attached (as described in the preceding ENERAL ROTOCOL section), then use the Routing Protocol >...
Page 794 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Auto Cost – Calculates the cost for an interface by dividing the ◆ reference bandwidth by the interface bandwidth. The reference bandwidth is defined in Mbits per second. (Range: 1-4294967) By default, the cost is 0.1 for Gigabit ports, and 0.01 for 10 Gigabit ports.
Page 795 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Figure 489: AS Boundary Router AS 1 AS 2 ASBR ASBR Advertise Default Route – The router can advertise a default ◆ external route into the autonomous system (AS). (Options: Not Always, Always;...
Page 796: Table 53: Ospf System Information
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Figure 490: Configure General Settings for OSPF Use the Routing Protocol > OSPF > System (Show) page to display general ISPLAYING administrative settings and statistics for OSPF. DMINISTRATIVE ETTINGS AND CLI R...
Page 797 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Table 53: OSPF System Information (Continued) Parameter Description ABR Status Indicates if this router connects directly to networks in two or (Area Border Router) more areas. An area border router runs a separate copy of the Shortest Path First algorithm, maintaining a separate routing database for each area.
Page 798 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Use the Routing Protocol > OSPF > Area (Configure Area – Add Area) page DDING AN to add a not-so-stubby area (NSSA) or a stubby area (Stub). NSSA CLI R EFERENCES...
Page 799 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) To show the NSSA or stubs added to the specified OSPF domain: Click Routing Protocol, OSPF, Area. Select Configure Area from the Step list. Select Show Area from the Action list. Select a Process ID.
Page 800 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) CLI R EFERENCES ◆ "router ospf" on page 1751 "area default-cost" on page 1756 ◆ "area nssa" on page 1762 ◆ OMMAND SAGE Before creating an NSSA, first specify the address range for the area ◆...
Page 801 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Redistribute – Disable this option when the router is an NSSA Area ◆ Border Router (ABR) and routes only need to be imported into normal areas (see "Redistributing External Routes"...
Page 802 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Click Apply Figure 495: Configuring Protocol Settings for an NSSA Use the Routing Protocol > OSPF > Area (Configure Area – Configure Stub ONFIGURING Area) page to configure protocol settings for a stub. ETTINGS A stub does not accept external routing information.
Page 803 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) A stub can have multiple ABRs or exit points. However, all of the exit ◆ points and local routers must contain the same external routing data so that the exit point does not need to be determined for each external destination.
Page 804 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Figure 497: Configuring Protocol Settings for a Stub Use the Routing Protocol > OSPF > Area (Show Information) page to ISPLAYING protocol information on NSSA and Stub areas. NFORMATION ON NSSA CLI R...
Page 805 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Figure 498: Displaying Information on NSSA and Stub Areas An OSPF area can include a large number of nodes. If the Area Border ONFIGURING Router (ABR) has to advertise route information for each of these nodes, ANGES this wastes a lot of bandwidth and processor time.
Page 806 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ARAMETERS These parameters are displayed: Process ID – Process ID as configured in the Network Area ◆ configuration screen (see page 790). ◆ Area ID – Identifies an area for which the routes are summarized. The area ID can be in the form of an IPv4 address, or also as a four octet unsigned integer ranging from 0-4294967295.
Page 807 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Select the process ID. Figure 501: Showing Configured Route Summaries Use the Routing Protocol > OSPF > Redistribute (Add) page to import EDISTRIBUTING external routing information from other routing protocols, static routes, or XTERNAL OUTES directly connected routes into the autonomous system, and to generate...
Page 808 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Protocol Type – Specifies the external routing protocol type for which ◆ routing information is to be redistributed into the local routing domain. (Options: RIP, Static; Default: RIP) Metric Type –...
Page 809 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Figure 503: Importing External Routes To show the imported external route types: Click Routing Protocol, OSPF, Redistribute. Select Show from the Action list. Select the process ID. Figure 504: Showing Imported External Route Types Redistributing routes from other protocols into OSPF normally requires the ONFIGURING...
Page 810 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) CLI R EFERENCES ◆ "router ospf" on page 1751 "summary-address" on page 1761 ◆ OMMAND SAGE If you are not sure what address ranges to consolidate, first enable ◆...
Page 811 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) To show the summary addresses for external routes: Click Routing Protocol, OSPF, Summary Address. Select Show from the Action list. Select the process ID. Figure 506: Showing Summary Addresses for External Routes You should specify a routing interface for any local subnet that needs to ONFIGURING communicate with other network segments located on this router or...
Page 812 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) IP Address – Address of the interfaces assigned to a VLAN on the ◆ Network Area (Add) page. This parameter only applies to the Configure by Address page. Cost –...
Page 813 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Transmit Delay – Sets the estimated time to send a link-state update ◆ packet over an interface. (Range: 1-65535 seconds; Default: 1 second) LSAs have their age incremented by this delay before transmission. You should consider both the transmission and propagation delays for an interface when estimating this delay.
Page 814 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) the OSPF header when routing protocol packets are originated by this device. A different password can be assigned to each network interface, but the password must be used consistently on all neighboring routers throughout a network (that is, autonomous system).
Page 815 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) NTERFACE To configure OSPF interface for all areas assigned to a VLAN: Click Routing Protocol, OSPF, Interface. Select Configure by VLAN from the Action list. Specify the VLAN ID, and configure the required interface settings. Click Apply.
Page 816 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) To configure interface settings for a specific area assigned to a VLAN: Click Routing Protocol, OSPF, Interface. Select Configure by Address from the Action list. Specify the VLAN ID, enter the address assigned to an area, and configure the required interface settings.
Page 817 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) To show the configuration settings for OSPF interfaces: Click Routing Protocol, OSPF, Interface. Select Show from the Action list. Select the VLAN ID. Figure 509: Showing OSPF Interfaces To show the MD5 authentication keys configured for an interface: Click Routing Protocol, OSPF, Interface.
Page 818 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) to the common transit area, and specify a neighboring ABR at the other endpoint connecting the common transit area to the backbone itself. (Note that you cannot configure a virtual link that runs through a stub or NSSA.) Figure 511: OSPF Virtual Link isolated area...
Page 819 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) One of the ABRs must be next to the isolated area and the transit area at one end of the link, while the other ABR must be next to the transit area and backbone at the other end of the link.
Page 820 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Specify the process ID, then modify the protocol timers and authentication settings as required. Click Apply. Figure 514: Configuring Detailed Settings for a Virtual Link To show the MD5 authentication keys configured for a virtual link: Click Routing Protocol, OSPF, Interface.
Page 821 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) reliable flooding. You can show information about different LSAs stored in this router’s database, which may include any of the following types: Router (Type 1) – All routers in an OSPF area originate Router LSAs ◆...
Page 822 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Adv Router – IP address of the advertising router. ◆ Age – Age of LSA (in seconds). ◆ Sequence – Sequence number of LSA (used to detect older duplicate ◆...
Page 823 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Use the Routing Protocol > OSPF > Information (Neighbor) page to display ISPLAYING information about neighboring routers on each interface. NFORMATION ON EIGHBORING CLI R EFERENCES OUTERS "show ip ospf neighbor"...
Page 824 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) Select the process identifier. Figure 517: Displaying Neighbor Routers Stored in the Link State Database – 824 –...
Page 825: M Ulticast R Outing
ULTICAST OUTING This chapter describes the following multicast routing topics: Enabling Multicast Routing Globally – Describes how to globally enable ◆ multicast routing. Displaying the Multicast Routing Table – Describes how to display the ◆ multicast routing table. Configuring PIM for IPv4 –...
Page 826 | Multicast Routing HAPTER Overview PIM-DM is a simple multicast routing protocol that uses flood and prune to build a source-routed multicast delivery tree for each multicast source- group pair. As mentioned above, it does not maintain it’s own routing table, but instead, uses the routing table provided by whatever unicast routing protocol is enabled on the router interface.
Page 827 | Multicast Routing HAPTER Overview group addresses. The BSR places information about all of the candidate RPs in subsequent bootstrap messages. The BSR and all the routers receiving these messages use the same hash algorithm to elect an RP for each multicast group.
Page 828 | Multicast Routing HAPTER Configuring Global Settings for Multicast Routing data transmission delays. The switch can also be configured to use SPT only for specific multicast groups, or to disable the change over to SPT for specific groups. ONFIGURING LOBAL ETTINGS FOR ULTICAST OUTING...
Page 829 | Multicast Routing HAPTER Configuring Global Settings for Multicast Routing NTERFACE To enable IPv6 multicast routing: Click Multicast, IPv6 Multicast Routing, General. Enable Multicast Forwarding Status. Click Apply. Figure 519: Enabling IPv6 Multicast Routing Use the Multicast > Multicast Routing > Information page or the IPv6 ISPLAYING Multicast >...
Page 830 | Multicast Routing HAPTER Configuring Global Settings for Multicast Routing that a pseudo interface is being used to receive PIM-SM register packets. This can occur for the Rendezvous Point (RP), which is the root of the Reverse Path Tree (RPT). In this case, any VLAN receiving register packets will be converted into the register interface.
Page 831 | Multicast Routing HAPTER Configuring Global Settings for Multicast Routing Join SPT – The rate of traffic arriving over the shared tree has ■ exceeded the SPT-threshold for this group. If the SPT flag is set for (*,G) entries, the next (S,G) packet received will cause the router to join the shortest path tree.
Page 832 | Multicast Routing HAPTER Configuring Global Settings for Multicast Routing Figure 521: Displaying Detailed Entries from IPv4 Multicast Routing Table NTERFACE To display the multicast routing table: Click Multicast, IPv6 Multicast Routing, Information. Select Show Summary from the Action List. Figure 522: Displaying the IPv6 Multicast Routing Table To display detailed information on a specific flow in multicast routing table: Click Multicast, IPv6 Multicast Routing, Information.
Page 833 | Multicast Routing HAPTER Configuring PIM for IPv4 Figure 523: Displaying Detailed Entries from IPv6 Multicast Routing Table ONFIGURING This section describes how to configure PIM-DM and PIM-SM for IPv4. Use the Routing Protocol > PIM > General page to enable IPv4 PIM routing NABLING globally on the router.
Page 834 | Multicast Routing HAPTER Configuring PIM for IPv4 Figure 524: Enabling PIM Multicast Routing Use the Routing Protocol > PIM > Interface page configure the routing ONFIGURING protocol’s functional attributes for each interface. NTERFACE ETTINGS CLI R EFERENCES "IPv4 PIM Commands" on page 1927 ◆...
Page 835 | Multicast Routing HAPTER Configuring PIM for IPv4 ARAMETERS These parameters are displayed: Common Attributes VLAN – Layer 3 VLAN interface. (Range: 1-4094) ◆ Mode – PIM routing mode. (Options: Dense, Sparse, None) ◆ IP Address – Primary IP address assigned to the selected VLAN. ◆...
Page 836 | Multicast Routing HAPTER Configuring PIM for IPv4 state and the pending RPT prune state for this (source, group) pair until the join/prune interval timer expires. LAN Prune Delay – Causes this device to inform downstream routers ◆ of how long it will wait before pruning a flow after receiving a prune request.
Page 837 | Multicast Routing HAPTER Configuring PIM for IPv4 Dense-Mode Attributes Graft Retry Interval – The time to wait for a Graft acknowledgement ◆ before resending a Graft message. (Range: 1-10 seconds; Default: 3 seconds) A graft message is sent by a router to cancel a prune state. When a router receives a graft message, it must respond with an graft acknowledgement message.
Page 838 | Multicast Routing HAPTER Configuring PIM for IPv4 By default, the switch sends join/prune messages every 60 seconds to inform other PIM-SM routers about clients who want to join or leave a multicast group. Use the same join/prune message interval on all PIM-SM routers in the same PIM-SM domain, otherwise the routing protocol’s performance will be adversely affected.
Page 839 | Multicast Routing HAPTER Configuring PIM for IPv4 Figure 526: Configuring PIM Interface Settings (Sparse Mode) Use the Routing Protocol > PIM > Neighbor page to display all neighboring ISPLAYING PIM routers. PIM N EIGHBOR NFORMATION CLI R EFERENCES "show ip pim neighbor" on page 1936 ◆...
Page 840 | Multicast Routing HAPTER Configuring PIM for IPv4 NTERFACE To display neighboring PIM routers: Click Routing Protocol, PIM, Neighbor. Figure 527: Showing PIM Neighbors Use the Routing Protocol > PIM > SM (Configure Global) page to configure ONFIGURING LOBAL the rate at which register messages are sent, the source of register PIM-SM S ETTINGS messages, and switchover to the Shortest Path Tree (SPT).
Page 841 | Multicast Routing HAPTER Configuring PIM for IPv4 first packet from a new multicast group to its receivers. Afterwards, it calculates the shortest path tree (SPT) directly between the receiver and source, and then uses the SPT to send all subsequent packets from the source to the receiver instead of using the shared tree.
Page 842 | Multicast Routing HAPTER Configuring PIM for IPv4 Use the Routing Protocol > PIM > SM (BSR Candidate) page to configure ONFIGURING A the switch as a Bootstrap Router (BSR) candidate. PIM BSR C ANDIDATE CLI R EFERENCES "ip pim bsr-candidate" on page 1938 ◆...
Page 843 | Multicast Routing HAPTER Configuring PIM for IPv4 NTERFACE To configure the switch as a BSR candidate: Click Routing Protocol, PIM, PIM-SM. Select BSR Candidate from the Step list. Specify the VLAN interface for which this router is bidding to become the BSR, the hash mask length that will subsequently be used for RP selection if this router is selected as the BSR, and the priority for BSR selection.
Page 844 | Multicast Routing HAPTER Configuring PIM for IPv4 All routers within the same PIM-SM domain must be configured with the ◆ same RP(s). Selecting an RP through the dynamic election process is therefore preferable for most situations. Using the dynamic RP election process also allows a backup RP to automatically take over if the active RP router becomes unavailable.
Page 845 | Multicast Routing HAPTER Configuring PIM for IPv4 Figure 531: Showing PIM Static Rendezvous Points Use the Routing Protocol > PIM > SM (RP Candidate) page to configure the ONFIGURING A switch to advertise itself as a Rendezvous Point (RP) candidate to the PIM RP C ANDIDATE bootstrap router (BSR).
Page 846 | Multicast Routing HAPTER Configuring PIM for IPv4 ARAMETERS These parameters are displayed: VLAN – Identifier of configured VLAN interface. (Range: 1-4094) ◆ Interval – The interval at which this device advertises itself as an RP ◆ candidate. (Range: 60-16383 seconds; Default: 60 seconds) Priority –...
Page 847 | Multicast Routing HAPTER Configuring PIM for IPv4 To display settings for an RP candidate: Click Routing Protocol, PIM, PIM-SM. Select RP Candidate from the Step list. Select Show from the Action list. Select an interface from the VLAN list. Figure 533: Showing Settings for a PIM RP Candidate Use the Routing Protocol >...
Page 848 | Multicast Routing HAPTER Configuring PIM for IPv4 Accept Any – The router does not know of an active BSR, and will ■ accept the first bootstrap message it sees as giving the new BSR's identity and the RP-set. Accept Preferred – The router knows the identity of the current ■...
Page 849 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 RP Address – IP address of the RP for the listed multicast group. ◆ Information Source – RP that advertised the mapping, how the RP ◆ was selected (Static or Bootstrap), and the priority used in the bidding process.
Page 850 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 To use multicast routing, MLD proxy cannot be enabled on any interface ◆ of the device (see "MLD Proxy Routing" on page 1533). NTERFACE To enable PIMv6 multicast routing: Click Routing Protocol, PIM6, General. Enable PIM6 Routing Protocol.
Page 851 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 determines that there are no group members or downstream routers, or when a prune message is received from a downstream router. PIM6-SM A PIM6-SM interface is used to forward multicast traffic only if a join ◆...
Page 852 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 If the hello holdtime is already configured, and the hello interval is set to a value longer than the hello holdtime, this command will fail. Join/Prune Holdtime – Sets the hold time for the prune state. ◆...
Page 853 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 want to continue receiving the flow referenced in a LAN prune delay message, then the propagation delay represents the time required for the LAN prune delay message to be propagated down from the upstream router to all downstream routers attached to the same VLAN interface.
Page 854 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 the LAN, then only one of these routers is elected as the DR, and acts on behalf of these hosts, sending periodic Join/Prune messages toward a group-specific RP for each group. A single DR is elected per interface (LAN or otherwise) using a simple election process.
Page 855 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Figure 537: Configuring PIMv6 Interface Settings (Dense Mode) Figure 538: Configuring PIMv6 Interface Settings (Sparse Mode) – 855 –...
Page 856 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Use the Routing Protocol > PIM6 > Neighbor page to display all ISPLAYING neighboring PIMv6 routers. PIM6 N EIGHBOR NFORMATION CLI R EFERENCES "show ipv6 pim neighbor" on page 1958 ◆ ARAMETERS These parameters are displayed: ◆...
Page 857 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 exceeding the limit are dropped, some receivers may experience data packet loss within the first few seconds in which register messages are sent from bursty sources. Register Source – Configures the IP source address of a register ◆...
Page 858 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Figure 540: Configuring Global Settings for PIM6-SM Use the Routing Protocol > PIM6 > SM (BSR Candidate) page to configure ONFIGURING the switch as a Bootstrap Router (BSR) candidate. PIM6 BSR ANDIDATE CLI R EFERENCES "ipv6 pim bsr-candidate"...
Page 859 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 length is less than 32, then only the first portion of the hash is used, and a single RP will be defined for multiple groups. (Range: 0-32; Default: 10) Priority – Priority used by the candidate bootstrap router in the ◆...
Page 860 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 If an IP address is specified that was previously used for an RP, then ◆ the older entry is replaced. Multiple RPs can be defined for different groups or group ranges. If a ◆...
Page 861 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Figure 542: Configuring a PIM6 Static Rendezvous Point To display static rendezvous points: Click Routing Protocol, PIM6, PIM6-SM. Select RP Address from the Step list. Select Show from the Action list. Figure 543: Showing PIM6 Static Rendezvous Points Use the Routing Protocol >...
Page 862 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Select those with the highest priority (lowest priority value). ■ Compute hash value based on the group address, RP address, ■ priority, and hash mask included in the bootstrap messages. If there is a tie, use the candidate RP with the highest IP address. ■...
Page 863 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Figure 544: Configuring a PIM6 RP Candidate To display settings for an RP candidate: Click Routing Protocol, PIM6, PIM6-SM. Select RP Candidate from the Step list. Select Show from the Action list. Select an interface from the VLAN list.
Page 864 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Expire – The time before the BSR is declared down. ◆ Role – Candidate or non-candidate BSR. ◆ State – Operation state of BSR includes: ◆ No information – No information is stored for this device. ■...
Page 865 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 Use the Routing Protocol > PIM6 > SM (Show Information – Show RP ISPLAYING Mapping) page to display active RPs and associated multicast routing RP M APPING entries. CLI R EFERENCES "show ipv6 pim rp mapping" on page 1971 ◆...
Page 866 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 – 866 –...
Page 867 ECTION OMMAND NTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: "Using the Command Line Interface" on page 869 ◆ "General Commands" on page 883 ◆...
Page 868 | Command Line Interface ECTION "VLAN Commands" on page 1337 ◆ "Class of Service Commands" on page 1387 ◆ "Quality of Service Commands" on page 1407 ◆ "Multicast Filtering Commands" on page 1425 ◆ "LLDP Commands" on page 1537 ◆ "CFM Commands"...
Page 869 When finished, exit the session with the “quit” or “exit” command. After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the ECS4660-28F is opened. To end the CLI session, enter [Exit]. Console# – 869 –...
Page 870 When finished, exit the session with the “quit” or “exit” command. After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the ECS4660-28F is opened. To end the CLI session, enter [Exit]. Vty-0# – 870 –...
Page 871 | Using the Command Line Interface HAPTER Entering Commands You can open up to eight sessions to the device via Telnet or SSH. NTERING OMMANDS This section describes how to enter CLI commands. A CLI command is a series of keywords and arguments. Keywords identify EYWORDS AND a command, and arguments specify configuration parameters.
Page 872: Using The Command Line Interface
| Using the Command Line Interface HAPTER Entering Commands You can display a brief description of the help system by entering the help ETTING command. You can also display command syntax by using the “?” character OMMANDS to list keywords or parameters. HOWING OMMANDS If you enter a “?”...
Page 873 | Using the Command Line Interface HAPTER Entering Commands pppoe Displays PPPoE configuration process Device process protocol-vlan Protocol-VLAN information Displays PTP information public-key Public key information Quality of Service queue Priority queue information radius-server RADIUS server information reload Shows the reload settings rmon Remote Monitoring Protocol route-map...
Page 874 | Using the Command Line Interface HAPTER Entering Commands If you terminate a partial keyword with a question mark, alternatives that ARTIAL EYWORD match the initial letters are provided. (Remember not to leave a space OOKUP between the command and question mark.) For example “s?” shows all the keywords starting with “s.”...
Page 875: Table 54: General Command Modes
“super.” To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the ECS4660-28F is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [guest login password] CLI session with the ECS4660-28F is opened.
Page 876 | Using the Command Line Interface HAPTER Entering Commands Configuration commands are privileged level commands used to modify ONFIGURATION switch settings. These commands modify the running configuration only OMMANDS and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the copy running-config startup-config command.
Page 877: Table 55: Configuration Command Modes
| Using the Command Line Interface HAPTER Entering Commands VLAN Configuration - Includes the command to create VLAN groups. ◆ To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#”...
Page 878: Table 56: Keystroke Commands
| Using the Command Line Interface HAPTER Entering Commands For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mode Console(config)#interface ethernet 1/5 Console(config-if)#exit Console(config)# Commands are not case sensitive. You can abbreviate commands and OMMAND parameters as long as they contain enough letters to differentiate them ROCESSING...
Page 879: Table 57: Command Group Index
| Using the Command Line Interface HAPTER CLI Command Groups CLI C OMMAND ROUPS The system commands can be broken down into the functional groups shown below Table 57: Command Group Index Command Group Description Page General Basic commands for entering privileged access mode, restarting the system, or quitting the CLI System Management Display and setting of system information, basic modes...
Page 880 | Using the Command Line Interface HAPTER CLI Command Groups Table 57: Command Group Index (Continued) Command Group Description Page Spanning Tree Configures Spanning Tree settings for the switch 1277 ERPS Configures Ethernet Ring Protection Switching for 1305 increased availability of Ethernet rings commonly used in service provider networks VLANs Configures VLAN settings, and defines port membership...
Page 881 | Using the Command Line Interface HAPTER CLI Command Groups IPC (IGMP Profile Configuration) LC (Line Configuration) MST (Multiple Spanning Tree) NE (Normal Exec) PE (Privileged Exec) PM (Policy Map Configuration) RC (Router Configuration) RM (Route Map Configuration) VC (VLAN Database Configuration) –...
Page 882 | Using the Command Line Interface HAPTER CLI Command Groups – 882 –...
Page 883: Table 58: General Commands
ENERAL OMMANDS The general commands are used to control the command access mode, configuration mode, and other basic functions. Table 58: General Commands Command Function Mode prompt Customizes the CLI prompt reload Restarts the system at a specified time, after a specified delay, or at a periodic interval enable Activates privileged mode...
Page 884 | General Commands HAPTER XAMPLE Console(config)#prompt RD2 RD2(config)# This command restarts the system at a specified time, after a specified reload delay, or at a periodic interval. You can reboot the system immediately, or (Global Configuration) you can configure the switch to reset after a specified amount of time. Use the cancel option to remove a configured setting.
Page 885 | General Commands HAPTER OMMAND SAGE ◆ This command resets the entire system. Any combination of reload options may be specified. If the same option ◆ is re-specified, the previous setting will be overwritten. ◆ When the system is restarted, it will always run the Power-On Self-Test. It will also retain all configuration information stored in non-volatile memory by the copy running-config startup-config...
Page 886 | General Commands HAPTER XAMPLE Console>enable Password: [privileged level password] Console# ELATED OMMANDS disable (888) enable password (1032) This command exits the configuration program. quit EFAULT ETTING None OMMAND Normal Exec, Privileged Exec OMMAND SAGE The quit and exit commands can both exit the configuration program. XAMPLE This example shows how to quit a CLI session: Console#quit...
Page 887 | General Commands HAPTER XAMPLE In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history...
Page 888 | General Commands HAPTER This command returns to Normal Exec mode from privileged mode. In disable normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See "Understanding Command Modes"...
Page 889 | General Commands HAPTER This command displays the current reload settings, and the time at which show reload next scheduled reload will take place. OMMAND Privileged Exec XAMPLE Console#show reload Reloading switch in time: 0 hours 29 minutes. The switch will be rebooted at January 1 02:11:50 2001.
Page 890 | General Commands HAPTER XAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: – 890 –...
Page 891: Table 59: System Management Commands
YSTEM ANAGEMENT OMMANDS The system management commands are used to control system logs, passwords, user names, management options, and display or configure a variety of other system information. Table 59: System Management Commands Command Group Function Device Designation Configures information that uniquely identifies this switch Banner Information Configures administrative contact, device identification and location...
Page 892: Table 61: Banner Commands
| System Management Commands HAPTER Banner Information This command specifies or modifies the host name for this device. Use the hostname no form to restore the default host name. YNTAX hostname name no hostname name - The name of this host. (Maximum length: 255 characters) EFAULT ETTING None...
Page 893: Banner Configure
If, for example, a mistake is made in the company name, it can be corrected with the banner configure company command. XAMPLE Console(config)#banner configure Company: Edge-Core Networks Responsible department: R&D Dept Name and telephone to Contact the management people Manager1 name: Sr. Network Admin phone number: 123-555-1212 Manager2 name: Jr.
Page 894 | System Management Commands HAPTER Banner Information Row: 7 Rack: 29 Shelf in this rack: 8 Information about DC power supply. Floor: 2 Row: 7 Rack: 25 Electrical circuit: : ec-177743209-xb Number of LP:12 Position of the equipment in the MUX:1/23 IP LAN:192.168.1.1 Note: This is a random note about this managed switch and can contain miscellaneous information.
Page 895 | System Management Commands HAPTER Banner Information This command is use to configure DC power information displayed in the banner configure banner. Use the no form to restore the default setting. dc-power-info YNTAX banner configure dc-power-info floor floor-id row row-id rack rack-id electrical-circuit ec-id no banner configure dc-power-info [floor | row | rack | electrical-circuit]...
Page 896 | System Management Commands HAPTER Banner Information OMMAND Global Configuration OMMAND SAGE Input strings cannot contain spaces. The banner configure department command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where white space is necessary for clarity.
Page 897 HAPTER Banner Information XAMPLE Console(config)#banner configure equipment-info manufacturer-id ECS4660-28F floor 3 row 10 rack 15 shelf-rack 12 manufacturer Edge-Core Console(config)# This command is used to configure the equipment location information banner configure displayed in the banner. Use the no form to restore the default setting.
Page 898 | System Management Commands HAPTER Banner Information OMMAND Global Configuration OMMAND SAGE Input strings cannot contain spaces. The banner configure ip-lan command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where white space is necessary for clarity.
Page 899 | System Management Commands HAPTER Banner Information This command is used to configure the manager contact information banner configure displayed in the banner. Use the no form to restore the default setting. manager-info YNTAX banner configure manager-info name mgr1-name phone-number mgr1-number [name2 mgr2-name phone-number mgr2-number | name3 mgr3-name phone-number mgr3-number] no banner configure manager-info [name1 | name2 | name3]...
Page 900 | System Management Commands HAPTER Banner Information EFAULT ETTING None OMMAND Global Configuration OMMAND SAGE Input strings cannot contain spaces. The banner configure mux command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where white space is necessary for clarity.
Page 901: Table 62: System Status Commands
R&D Albert_Einstein - 123-555-1212 Lamar - 123-555-1219 Station's information: 710_Network_Path,_Indianapolis Edge-Core - ECS4660-28F Floor / Row / Rack / Sub-Rack 3/ 10 / 15 / 12 DC power supply: Power Source A: Floor / Row / Rack / Electrical circuit 3/ 15 / 24 / 48v-id_3.15.24.2...
Page 902 | System Management Commands HAPTER System Status Table 62: System Status Commands (Continued) Command Function Mode show watchdog Shows if watchdog debugging is enabled watchdog software Monitors key processes, and automatically reboots the system if any of these processes are not responding correctly This command shows utilization parameters for TCAM (Ternary Content show access-list...
Page 903 | System Management Commands HAPTER System Status switch through hard-wired connections described in the Installation Guide. Refer to the Installation Guide for information on how to use the alarm relay contacts and external site alarm inputs. Major alarms include the failure of all fans, both thermal detectors ◆...
Page 904 | System Management Commands HAPTER System Status This command shows the CPU utilization parameters, alarm status, and show process cpu alarm configuration. OMMAND Normal Exec, Privileged Exec XAMPLE Console#show process cpu CPU Utilization in the past 5 seconds : 7% CPU Utilization in the past 60 seconds Average Utilization : 8%...
Page 905: Interface Settings
| System Management Commands HAPTER System Status Multiple spanning tree instances (name and interfaces) ■ IP address configured for management VLAN ■ Interface settings ■ Any configured settings for the console port and Telnet ■ XAMPLE Console#show running-config Building startup configuration. Please wait... !<stackingDB>00</stackingDB>...
Page 906 | System Management Commands HAPTER System Status This command displays the configuration file stored in non-volatile memory show startup-config that is used to start up the system. OMMAND Privileged Exec OMMAND SAGE Use this command in conjunction with the show running-config ◆...
Page 907 ◆ the air flow intake vents. The second detector is near the switch ASIC and CPU. XAMPLE Console#show system System Description : ECS4660-28F System OID String : 1.3.6.1.4.1.259.10.1.10 System Information System Up Time : 0 days, 5 hours, 44 minutes, and 42.28 seconds...
Page 908 | System Management Commands HAPTER System Status System Name: [NONE] System Location: [NONE] System Contact: [NONE] MAC Address (Unit1): 00-12-CF-61-24-2F Web Server: Enabled Web Server Port: Web Secure Server: Enabled Web Secure Server Port: Telnet Server: Enable Telnet Server Port: Jumbo Frame: Disabled Shows all active console and Telnet sessions, including user name, idle...
Page 909: Show Version
| System Management Commands HAPTER System Status This command displays hardware and software version information for the show version system. OMMAND Normal Exec, Privileged Exec OMMAND SAGE "Displaying Hardware/Software Versions" on page 151 for detailed information on the items displayed by this command. XAMPLE Console#show version Unit 1...
Page 910: Table 63: Fan Control Commands
| System Management Commands HAPTER Fan Control OMMAND Privileged Exec XAMPLE Console#watchdog Console# ONTROL This section describes the command used to force fan speed. Table 63: Fan Control Commands Command Function Mode fan-speed force-full Forces fans to full speed show system Shows if full fan speed is enabled NE, PE This command sets all fans to full speed.
Page 911 | System Management Commands HAPTER Frame Size This command enables support for layer 2 jumbo frames for Gigabit and jumbo frame 10 Gigabit Ethernet ports. Use the no form to disable it. YNTAX [no] jumbo frame EFAULT ETTING Disabled OMMAND Global Configuration OMMAND SAGE...
Page 912: Table 65: Flash/File Commands
| System Management Commands HAPTER File Management ANAGEMENT Managing Firmware Firmware can be uploaded and downloaded to or from an FTP/TFTP server. By saving runtime code to a file on an FTP/TFTP server, that file can later be downloaded to the switch to restore operation. The switch can also be set to use new firmware without overwriting the previous version.
Page 913 | System Management Commands HAPTER General Commands General Commands This command specifies the file or image used to start up the system. boot system YNTAX boot system {boot-rom | config | opcode}: filename boot-rom* - Boot ROM. config* - Configuration file. opcode* - Run-time operation code.
Page 914 | System Management Commands HAPTER General Commands This command moves (upload/download) a code image or configuration file copy between the switch’s flash memory and an FTP/TFTP server. When you save the system code or configuration settings to a file on an FTP/TFTP server, that file can later be downloaded to the switch to restore system operation.
Page 915 | System Management Commands HAPTER General Commands You can use “Factory_Default_Config.cfg” as the source to copy from ◆ the factory default configuration file, but you cannot use it as the destination. To replace the startup configuration, you must use startup-config as ◆...
Page 916 | System Management Commands HAPTER General Commands The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name: startup Write to FLASH Programming. \Write to FLASH finish. Success. Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99 Source configuration file name: startup.01...
Page 917 | System Management Commands HAPTER General Commands This example shows how to copy a file to an FTP server. Console#copy ftp file FTP server IP address: 169.254.1.11 User[anonymous]: admin Password[]: ***** Choose file type: 1. config: 2. opcode: 2 Source file name: BLANC.BIX Destination file name: BLANC.BIX Console# This command deletes a file, image, or public key.
Page 918: Table 66: File Directory Information
| System Management Commands HAPTER General Commands XAMPLE This example shows how to delete the test2.cfg configuration file from flash memory. Console#delete file name test2.cfg Console# ELATED OMMANDS dir (918) delete public-key (1062) This command displays a list of files in flash memory. YNTAX dir {boot-rom: | config: | opcode: | usbdisk:} [filename]} boot-rom - Boot ROM (or diagnostic) image file.
Page 919 | System Management Commands HAPTER General Commands XAMPLE The following example shows how to display all file information: Console#dir File Name Type Startup Modify Time Size(bytes) -------------------------- -------------- ------- ------------------- ---------- Unit 1: ECS4660-28F_V1.2.1.4.bix OpCode 2012-06-25 10:40:53 21627592 ECS4660-28F_V1.2.1.5.bix OpCode 2001-01-06 14:35:12 21627592 Factory_Default_Config.cfg...
Page 920 | System Management Commands HAPTER Automatic Code Upgrade Commands XAMPLE This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command. Console#whichboot File Name Type Startup Modify Time Size(bytes)
Page 921 The name for the new image stored on the TFTP server must be ◆ ecs4660-28f.bix. However, note that file name is not to be included in this command. – 921 –...
Page 922 | System Management Commands HAPTER Automatic Code Upgrade Commands When specifying a TFTP server, the following syntax must be used, ◆ where filedir indicates the path to the directory containing the new image: tftp://192.168.0.1[/filedir]/ When specifying an FTP server, the following syntax must be used, ◆...
Page 923: Table 67: Line Commands
| System Management Commands HAPTER Line This command shows the opcode upgrade configuration settings. show upgrade OMMAND Privileged Exec XAMPLE Console#show upgrade Auto Image Upgrade Global Settings: Status : Disabled Reload Status : Disabled Path File Name : ECS4600_28F.bix Console# You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port.
Page 924 | System Management Commands HAPTER Line Table 67: Line Commands (Continued) Command Function Mode disconnect Terminates a line connection show line Displays a terminal line's parameters NE, PE * These commands only apply to the serial port. This command identifies a specific line for configuration, and to process line subsequent line configuration commands.
Page 925 | System Management Commands HAPTER Line This command sets the number of data bits per character that are databits interpreted and generated by the console port. Use the no form to restore the default value. YNTAX databits {7 | 8} no databits 7 - Seven data bits per character.
Page 926 | System Management Commands HAPTER Line OMMAND SAGE ◆ If user input is detected within the timeout interval, the session is kept open; otherwise the session is terminated. This command applies to both the local console and Telnet connections. ◆ ◆...
Page 927 | System Management Commands HAPTER Line This command controls login authentication via the switch itself. To ◆ configure user names and passwords for remote authentication servers, you must use the RADIUS or TACACS software installed on those servers. XAMPLE Console(config-line)#login local Console(config-line)# ELATED OMMANDS...
Page 928 | System Management Commands HAPTER Line This command specifies the password for a line. Use the no form to password remove the password. YNTAX password {0 | 7} password no password {0 | 7} - 0 means plain password, 7 means encrypted password password - Character string that specifies the line password.
Page 929 | System Management Commands HAPTER Line This command sets the password intrusion threshold which limits the password-thresh number of failed logon attempts. Use the no form to remove the threshold value. YNTAX password-thresh [threshold] no password-thresh threshold - The number of allowed password attempts. (Range: 1-120;...
Page 930 | System Management Commands HAPTER Line OMMAND Line Configuration XAMPLE To set the silent time to 60 seconds, enter this command: Console(config-line)#silent-time 60 Console(config-line)# ELATED OMMANDS password-thresh (929) This command sets the terminal line’s baud rate. This command sets both speed the transmit (to terminal) and receive (from terminal) speeds.
Page 931 | System Management Commands HAPTER Line This command sets the number of the stop bits transmitted per byte. Use stopbits the no form to restore the default setting. YNTAX stopbits {1 | 2} no stopbits 1 - One stop bit 2 - Two stop bits EFAULT ETTING...
Page 932 | System Management Commands HAPTER Line Using the command without specifying a timeout restores the default ◆ setting. XAMPLE To set the timeout to two minutes, enter this command: Console(config-line)#timeout login response 120 Console(config-line)# This command terminates an SSH, Telnet, or console connection. disconnect YNTAX disconnect session-id...
Page 933: Table 68: Event Logging Commands
| System Management Commands HAPTER Event Logging XAMPLE To show all lines, enter this command: Console#show line Console Configuration: Password Threshold : 3 times Inactive Timeout : Disabled Login Timeout : Disabled Silent Time : Disabled Baud Rate : Auto Data Bits Parity : None...
Page 934: Table 69: Logging Levels
| System Management Commands HAPTER Event Logging This command sets the facility type for remote logging of syslog messages. logging facility Use the no form to return the type to the default. YNTAX logging facility type no logging facility type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service.
Page 935 | System Management Commands HAPTER Event Logging Table 69: Logging Levels (Continued) Level Severity Name Description warnings Warning conditions (e.g., return false, unexpected return) errors Error conditions (e.g., invalid input, default used) critical Critical conditions (e.g., memory allocation, or free memory error - resource exhausted) alerts Immediate action needed...
Page 936 | System Management Commands HAPTER Event Logging XAMPLE Console(config)#logging host 10.1.0.3 Console(config)# This command controls logging of error messages, sending debug or error logging on messages to a logging process. The no form disables the logging process. YNTAX [no] logging on EFAULT ETTING None...
Page 937 | System Management Commands HAPTER Event Logging EFAULT ETTING Disabled Level 7 OMMAND Global Configuration OMMAND SAGE Using this command with a specified level enables remote logging and ◆ sets the minimum severity level to be saved. ◆ Using this command without a specified level also enables remote logging, but restores the minimum severity level to the default.
Page 938 | System Management Commands HAPTER Event Logging This command displays the log messages stored in local memory. show log YNTAX show log {flash | ram} flash - Event history stored in flash memory (i.e., permanent memory). ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
Page 939: Table 70: Show Logging Flash/Ram - Display Description
| System Management Commands HAPTER Event Logging trap - Displays settings for the trap function. EFAULT ETTING None OMMAND Privileged Exec XAMPLE The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), and the message level for RAM is “debugging”...
Page 940: Table 72: Event Logging Commands
| System Management Commands HAPTER SMTP Alerts Table 71: show logging trap - display description (Continued) Field Description REMOTELOG facility type The facility type for remote logging of syslog messages as specified in the logging facility command. REMOTELOG level type The severity threshold for syslog messages sent to a remote server as specified in the logging trap...
Page 941 | System Management Commands HAPTER SMTP Alerts This command specifies SMTP servers that will be sent alert messages. Use logging sendmail the no form to remove an SMTP server. host YNTAX [no] logging sendmail host ip-address ip-address - IPv4 or IPv6 address of an SMTP server that will be sent alert messages for event handling.
Page 942 | System Management Commands HAPTER SMTP Alerts OMMAND Global Configuration OMMAND SAGE The specified level indicates an event threshold. All events at this level or higher will be sent to the configured email recipients. (For example, using Level 7 will report all events from level 7 to level 0.) XAMPLE This example will send email alerts for system errors from level 3 through Console(config)#logging sendmail level 3...
Page 943 | System Management Commands HAPTER SMTP Alerts This command sets the email address used for the “From” field in alert logging sendmail messages. Use the no form to restore the default value. source-email YNTAX logging sendmail source-email email-address no logging sendmail source-email email-address - The source email address used in alert messages.
Page 944: Table 73: Time Commands
| System Management Commands HAPTER Time The system clock can be dynamically set by polling a set of specified time servers (NTP or SNTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. If the clock is not set, the switch will only record the time from the factory default set at the last bootup.
Page 945 | System Management Commands HAPTER SNTP Commands SNTP Commands This command enables SNTP client requests for time synchronization from sntp client NTP or SNTP time servers specified with the sntp server command. Use the no form to disable SNTP client requests. YNTAX [no] sntp client EFAULT...
Page 946 | System Management Commands HAPTER SNTP Commands This command sets the interval between sending time requests when the sntp poll switch is set to SNTP client mode. Use the no form to restore to the default. YNTAX sntp poll seconds no sntp poll seconds - Interval between time requests.
Page 947 | System Management Commands HAPTER NTP Commands XAMPLE Console(config)#sntp server 10.1.0.19 Console# ELATED OMMANDS sntp client (945) sntp poll (946) show sntp (947) This command displays the current time and configuration settings for the show sntp SNTP client, and indicates whether or not the local time has been properly updated.
Page 948 | System Management Commands HAPTER NTP Commands their associated key number must be centrally managed and manually distributed to NTP servers and clients. The key numbers and key values must match on both the server and client. XAMPLE Console(config)#ntp authenticate Console(config)# ELATED OMMANDS...
Page 949 | System Management Commands HAPTER NTP Commands XAMPLE Console(config)#ntp authentication-key 45 md5 thisiskey45 Console(config)# ELATED OMMANDS ntp authenticate (947) This command enables NTP client requests for time synchronization from ntp client NTP time servers specified with the ntp servers command. Use the no form to disable NTP client requests.
Page 950 | System Management Commands HAPTER NTP Commands This command sets the IP addresses of the servers to which NTP time ntp server requests are issued. Use the no form of the command to clear a specific time server or all servers from the current list. YNTAX ntp server ip-address [key key-number] no ntp server [ip-address]...
Page 951 | System Management Commands HAPTER Manual Configuration Commands This command displays the current time and configuration settings for the show ntp NTP client, and indicates whether or not the local time has been properly updated. OMMAND Normal Exec, Privileged Exec OMMAND SAGE This command displays the current time, the poll interval used for sending...
Page 952 | System Management Commands HAPTER Manual Configuration Commands e-date - Day of the month when summer time will end. (Range: 1-31) e-month - The month when summer time will end. (Options: january | february | march | april | may | june | july | august | september | october | november | december) e-year - The year summer time will end.
Page 953: Table 74: Predefined Summer-Time Parameters
| System Management Commands HAPTER Manual Configuration Commands This command configures the summer time (daylight savings time) status clock summer-time and settings for the switch using predefined configurations for several (predefined) major regions in the world. Use the no form to disable summer time. YNTAX clock summer-time name predefined [australia | europe | new- zealand | usa]...
Page 954 | System Management Commands HAPTER Manual Configuration Commands This command allows the user to manually configure the start, end, and clock summer-time offset times of summer time (daylight savings time) for the switch on a (recurring) recurring basis. Use the no form to disable summer-time. YNTAX clock summer-time name recurring b-week b-day b-month b-hour b-minute e-week e-day e-month e-hour e-minute [offset]...
Page 955 | System Management Commands HAPTER Manual Configuration Commands Typically, clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn. This command sets the summer-time time zone relative to the ◆ currently configured time zone. To display a time corresponding to your local time when summer time is in effect, you must indicate the number of minutes your summer-time time zone deviates from your regular time zone.
Page 956 | System Management Commands HAPTER Manual Configuration Commands XAMPLE Console(config)#clock timezone Japan hours 8 minute 0 after-UTC Console(config)# ELATED OMMANDS show sntp (947) This command sets the system clock. It may be used if there is no time calendar set server on your network, or if you have not configured the switch to receive signals from a time server.
Page 957: Table 75: Time Range Commands
| System Management Commands HAPTER Time Range This command displays the system clock. show calendar EFAULT ETTING None OMMAND Normal Exec, Privileged Exec XAMPLE Console#show calendar 14:13:38 August 19 2011 Console# ANGE This section describes the commands used to sets a time range for use by other functions, such as Access Control Lists.
Page 958 | System Management Commands HAPTER Time Range XAMPLE Console(config)#time-range r&d Console(config-time-range)# ELATED OMMANDS Access Control Lists (1163) This command sets the time range for the execution of a command. Use absolute the no form to remove a previously specified time. YNTAX absolute start hour minute day month year [end hour minutes day month year]...
Page 959 | System Management Commands HAPTER Time Range This command sets the time range for the periodic execution of a periodic command. Use the no form to remove a previously specified time range. YNTAX [no] periodic {daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend} hour minute to {daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend |...
Page 960: Table 76: Ptp Commands
| System Management Commands HAPTER Precision Time Protocol This command shows configured time ranges. show time-range YNTAX show time-range [name] name - Name of the time range. (Range: 1-30 characters) EFAULT ETTING None OMMAND Privileged Exec XAMPLE Console#show time-range r&d Time-range r&d: absolute start 01:01 01 April 2009 periodic...
Page 961 | System Management Commands HAPTER Precision Time Protocol Table 76: PTP Commands (Continued) Command Function Mode ptp log-min-delay- Sets the delay request message transmit interval request-interval ptp log-min-pdelay- Sets the peer delay request message transmit interval IC request-interval ptp log-sync-interval Sets the synchronization message transmit interval ptp port-enable Enables PTP capability on a port...
Page 962 | System Management Commands HAPTER Precision Time Protocol This command specifies the PTP clock synchronization domain to which the ptp domain-number switch belongs. Use the no form to restore the default setting. YNTAX ptp domain-number domain-number no ptp domain-number domain-number – The PTP domain number. (Range: 0-255) EFAULT ETTING OMMAND...
Page 963 | System Management Commands HAPTER Precision Time Protocol XAMPLE Console(config)#ptp e-latency 10 Console(config)# This command specifies the ingress latency added to the timestamp. Use ptp in-latency the no form to restore the default setting. YNTAX ptp in-latency latency no ptp in-latency latency –...
Page 964 | System Management Commands HAPTER Precision Time Protocol the output port, and adjusts the time stamp to compensate for this delay. The value of the correction update and checksums are specific to each output port and message since the residence time are not necessarily the same for all paths through the switch or for successive messages crossing the same path.
Page 965 | System Management Commands HAPTER Precision Time Protocol This command sets a preference level used in selecting the master clock. ptp priority1 Use the no form to restore the default setting. YNTAX ptp priority1 priority-value no ptp priority1 priority-value – Slave devices use the priority1 value when selecting a master clock.
Page 966 | System Management Commands HAPTER Precision Time Protocol XAMPLE Console(config)#ptp priority1 64 Console(config)# This command sets a secondary preference level used in selecting the ptp priority2 master clock. Use the no form to restore the default setting. YNTAX ptp priority2 priority-value no ptp priority2 priority-value –...
Page 967 | System Management Commands HAPTER Precision Time Protocol XAMPLE Console(config)#ptp announce-receipt-timeout 10 Console(config)# ELATED OMMANDS ptp log-announce-interval (968) This command sets the delay measurement method for a boundary clock to ptp delay- peer-to-peer or end-to-end mode. Use the no form to restore the default mechanism setting.
Page 968 | System Management Commands HAPTER Precision Time Protocol This command sets the announcement message transmit interval. Use the ptp log-announce- no form to restore the default setting. interval YNTAX ptp log-announce-interval interval-value no ptp log-announce-interval interval-value – The interval for PTP announcement messages. (Range: 0-4 in log base 2) EFAULT ETTING...
Page 969 | System Management Commands HAPTER Precision Time Protocol This command sets the delay request message transmit interval. Use the ptp log-min-delay- no form to restore the default setting. request-interval YNTAX ptp log-min-delay-request-interval interval-value no ptp log-min-delay-request-interval interval-value – The minimum interval between delay request messages sent by a slave clock to a specific port on the master clock.
Page 970 | System Management Commands HAPTER Precision Time Protocol EFAULT ETTING 0 (1 second) OMMAND Interface Configuration (Ethernet, Port Channel) OMMAND SAGE The log base 2 settings equate to the following values: ◆ 0 – 1 packet every second ■ 1 – 1 packet every 2 seconds ■...
Page 971 | System Management Commands HAPTER Precision Time Protocol Synchronization messages are used to synchronize clocks within the ◆ same PTP domain. A boundary or transparent clock in slave state will synchronize to its master in the synchronization hierarchy established by the best master clock algorithm. XAMPLE Console(config)#interface ethernet 1/1 Console(config-if)#ptp log-sync-interval 1...
Page 972: Table 77: Ethernet Multicast Mac Addresses
| System Management Commands HAPTER Precision Time Protocol OMMAND Interface Configuration (Ethernet, Port Channel) OMMAND SAGE When using Ethernet as the transport mechanism, PTP messages use ◆ Ethernet formatted packets with the 88F7 Ethertype. PTP messages use MAC addresses as specified below. Table 77: Ethernet Multicast MAC Addresses Message Types Address (hex)
Page 973: Table 81: Udp/Ipv6 Multicast Addresses
| System Management Commands HAPTER Precision Time Protocol When using UDP over IPv6 as a transport mechanism, PTP messages use the multicast addresses as specified below. Table 81: UDP/IPv6 Multicast Addresses Message Types Address All except peer delay mechanism messages FF0X:0:0:0:0:0:0:183 Peer delay mechanism messages FF02:0:0:0:0:0:0:6B...
Page 974 | System Management Commands HAPTER Precision Time Protocol This command shows PTP configuration settings. show ptp configuration YNTAX show ptp configuration [interface] interface ethernet unit/port-list unit - Stack unit. (Range: 1) port-list - Physical port number or list of port numbers. Separate nonconsecutive port numbers with a comma and no spaces;...
Page 975: Table 82: Show Ptp Foreign-Mater - Display Description
| System Management Commands HAPTER Precision Time Protocol XAMPLE Console#show ptp foreign-master ethernet 1/1 Port Master Identity Master Clock Quality Pri1 Pri2 Valid Best -------- -------------------------- ---------------------- ---- ---- ----- ---- Eth 1/ 1 00:00:22:00:13:23:00:00 2 C1: 251 Ac: 254 Va:-1 0 Yes Pch 2 00:00:22:00:13:23:00:00...
Page 976 | System Management Commands HAPTER Precision Time Protocol no spaces; or use a hyphen to designate a range of port numbers. (Range: 1-28) port-channel channel-id (Range: 1-8) OMMAND Privileged Exec XAMPLE This example shows PTP configuration settings, negotiated settings, and default values for a boundary clock.
Page 977: Table 83: Show Ptp Information - Display Description For Boundary Clock
| System Management Commands HAPTER Precision Time Protocol Boundary Clock Port State : Master Log Min Delay Req. Interval Peer Mean Path Delay : 0 sec. 0 nano sec. Announce Receipt Timeout Log Announce Interval Log Sync Interval Delay Mechanism : Peer to Peer Log Min Pdelay Req.
Page 978 | System Management Commands HAPTER Precision Time Protocol Table 83: show ptp information - display description for boundary clock Field Description Grandmaster Identity A unique 8-octet array based on the IEEE EUI-64 assigned numbers Grandmaster Clock Quality Clock Class An attribute defining the clock’s International Atomic Time (TAI) traceability.
Page 979: Table 84: Show Ptp Information - Display Description For Transparent Clock
| System Management Commands HAPTER Synchronous Ethernet This example shows PTP configuration settings, negotiated settings, and default values for a transparent clock. Console#show ptp information transparent Transparent Default Data Set: Clock Identify : 0x00000CFFFE00FDFD Number Ports : 40 Delay Mechanism : End to End Primary Domain Number : 0 Console#...
Page 980: Table 86: Synchronous Ethernet Standards
| System Management Commands HAPTER Synchronous Ethernet This command enables SyncE on all ports that support SyncE. Use the no synce form to disable SyncE on all ports that support SyncE. YNTAX [no] synce EFAULT ETTING Disabled OMMAND Global Configuration OMMAND SAGE This command enables SyncE on ports 25-28.
Page 981 | System Management Commands HAPTER Synchronous Ethernet XAMPLE Console(config)#synce Console(config)#exit Console#show synce SyncE Status: Port Status Clock Source --------- -------- ------------ 1/25 Enabled 1/26 Enabled 1/27 Enabled 1/28 Enabled This command enables SyncE on a port that supports SyncE. Use the no synce ethernet form to disable SyncE on a port.
Page 982 | System Management Commands HAPTER Synchronous Ethernet This command manually sets a port as a clock source, or as a candidate synce ethernet clock source at the specified priority when using automatic clock source clock-source selection. Use the no form to remove a port as a clock source. YNTAX synce ethernet unit/port clock-source [priority priority] no synce synce ethernet unit/port clock-source...
Page 983 | System Management Commands HAPTER Synchronous Ethernet XAMPLE Console(config)#synce ethernet 1/25 clock-source priority 1 Console(config)# This command automatically selects the clock source port with the highest synce auto-clock- priority. Use the no form to disable automatic clock source selection. source-selecting YNTAX [no] synce auto-clock-source-selecting [revertive-switching] auto-clock-source-selecting - Chooses the clock source port...
Page 984 | System Management Commands HAPTER Synchronous Ethernet XAMPLE Console(config)#synce auto-clock-source-selecting revertive-switching Console(config)#end Console#show synce SyncE Status: Port Status Clock Source --------- -------- ------------ 1/25 Enabled 1/26 Disabled 1/27 Disabled 1/28 Disabled SyncE Clock Source Selection Mode: Auto SyncE Active Clock Source Locked: No SyncE Clock Source Status: Port Priority...
Page 985 | System Management Commands HAPTER Synchronous Ethernet This command configures a port to receive/send Synchronization Status synce ssm ethernet Messages (SSM), and sets the priority used for this port in clock source port selection. Use the no form to stop using clock selection based on SSM. YNTAX synce ssm ethernet unit/port [priority priority] no synce ssm [ethernet unit/port]...
Page 986 | System Management Commands HAPTER Synchronous Ethernet If the switch is changed from SSM mode to Manual mode, and a port ◆ has been chosen as the active clock source in SSM mode, this port will still be the active clock source in Manual mode. If no clock source port has been selected in SSM mode, the local clock will be used as the active clock source.
Page 987 | System Management Commands HAPTER Synchronous Ethernet OMMAND Global Configuration OMMAND SAGE Use this command to configure the clock source according to the SSM ◆ Quality Level (QL), port priority (as defined under the synce ssm ethernet command), and port number. If the SSM QL received on more than one port is the same, the clock source port is selected according to priority.
Page 988: Table 87: Show Sync - Display Description For Sync
| System Management Commands HAPTER Synchronous Ethernet Table 87: show sync - display description for sync Field Description SyncE Status Port Port identifier Status Shows if SyncE is enabled or disabled Clock Source Shows if port is configured as a clock source candidate SyncE Clock Source Selection Mode Shows the clock source selection method:...
Page 989: Table 88: Switch Cluster Commands
| System Management Commands HAPTER Switch Clustering WITCH LUSTERING Switch Clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Page 990 | System Management Commands HAPTER Switch Clustering This command enables clustering on the switch. Use the no form to disable cluster clustering. YNTAX [no] cluster EFAULT ETTING Disabled OMMAND Global Configuration OMMAND SAGE To create a switch cluster, first be sure that clustering is enabled on the ◆...
Page 991 | System Management Commands HAPTER Switch Clustering OMMAND SAGE ◆ Once a switch has been configured to be a cluster Commander, it automatically discovers other cluster-enabled switches in the network. These “Candidate” switches only become cluster Members when manually selected by the administrator through the management station.
Page 992 | System Management Commands HAPTER Switch Clustering This command configures a Candidate switch as a cluster Member. Use the cluster member no form to remove a Member switch from the cluster. YNTAX cluster member mac-address mac-address id member-id no cluster member id member-id mac-address - The MAC address of the Candidate switch.
Page 993: Show Cluster
| System Management Commands HAPTER Switch Clustering XAMPLE Console#rcommand id 1 CLI session with the ECS4660-28F is opened. To end the CLI session, enter [Exit]. Vty-0# This command shows the switch clustering configuration. show cluster OMMAND Privileged Exec XAMPLE Console#show cluster...
Page 994: Show Cluster Candidates
This command shows the discovered Candidate switches in the network. show cluster candidates OMMAND Privileged Exec XAMPLE Console#show cluster candidates Cluster Candidates: Role MAC Address Description --------------- ----------------- ---------------------------------------- Active member 00-E0-0C-00-00-FE ECS4660-28F CANDIDATE 00-12-CF-0B-47-A0 ECS4660-28F Console# – 994 –...
Page 995: Table 89: Snmp Commands
SNMP C OMMANDS SNMP commands control access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption;...
Page 996 | SNMP Commands HAPTER Table 89: SNMP Commands (Continued) Command Function Mode show snmp view Shows the SNMP views Notification Log Commands Enables the specified notification log snmp-server notify-filter Creates a notification log and specifies the target host GC show nlm oper-status Shows operation status of configured notification logs PE show snmp notify-filter Displays the configured notification logs...
Page 997 | SNMP Commands HAPTER General SNMP Commands Table 89: SNMP Commands (Continued) Command Function Mode Additional Trap Commands memory Sets the rising and falling threshold for the memory utilization alarm process cpu Sets the rising and falling threshold for the CPU utilization alarm show memory Shows memory utilization parameters...
Page 998 | SNMP Commands HAPTER General SNMP Commands EFAULT ETTING ◆ public - Read-only access. Authorized management stations are only able to retrieve MIB objects. private - Read/write access. Authorized management stations are able ◆ to both retrieve and modify MIB objects. OMMAND Global Configuration XAMPLE...
Page 999: Global Configuration
| SNMP Commands HAPTER General SNMP Commands EFAULT ETTING None OMMAND Global Configuration XAMPLE Console(config)#snmp-server location WC-19 Console(config)# ELATED OMMANDS snmp-server contact (998) This command can be used to check the status of SNMP communications. show snmp EFAULT ETTING None OMMAND Normal Exec, Privileged Exec OMMAND...
Page 1000 | SNMP Commands HAPTER SNMP Target Host Commands 0 SNMP packets output 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP Logging: Disabled Console# SNMP Target Host Commands This command enables this device to send Simple Network Management snmp-server Protocol traps or informs (i.e., SNMP notifications).
Page 1001 | SNMP Commands HAPTER SNMP Target Host Commands send notifications, you must configure at least one snmp-server host command. The authentication, link-up, and link-down traps are legacy ◆ notifications, and therefore when used for SNMP Version 3 hosts, they must be enabled in conjunction with the corresponding entries in the Notify View assigned by the snmp-server group command.
Page 1002 | SNMP Commands HAPTER SNMP Target Host Commands page 480 for further information about these authentication and encryption options. port - Host UDP port to use. (Range: 1-65535; Default: 162) EFAULT ETTING Host Address: None Notification Type: Traps SNMP Version: 1 UDP Port: 162 OMMAND Global Configuration...