Download Print this page

LG-Ericsson iPECS ES-4550G User Manual

LG-Ericsson iPECS ES-4550G User Manual

Managed layer 3 stackable ge switch

Hide thumbs Also See for iPECS ES-4550G:

Installation manual (98 pages)

Table of Contents

Advertisement

Quick Links

U

G

SER

UIDE

User Manual

ES-4550G / ES-4526G

Managed Layer 3 Stackable GE Switch

Table of Contents

Advertisement

Chapters

Table of Contents

Need help?

Need help?

Do you have a question about the iPECS ES-4550G and is the answer not in the manual?

Questions and answers

Summary of Contents for LG-Ericsson iPECS ES-4550G

Page 1 UIDE User Manual ES-4550G / ES-4526G Managed Layer 3 Stackable GE Switch...
Page 2 ANUAL ES-4500G Series ES-4550G M 48-P L3 S GE S ANAGED TACKABLE WITCH Layer 3 Stackable Gigabit Ethernet Switch with 44 10/100/1000BASE-T (RJ-45) Ports, 4 Gigabit Combination Ports (RJ-45/SFP), 2 10-Gigabit Extender Module Slots, and 2 Stacking Ports ES-4526G M 24-P L3 S GE S...
Page 3: About This Guide
AUTION damage the system or equipment. Alerts you to a potential hazard that could cause personal injury. ARNING LG-Ericsson reserves the right to change specifications at any time without OTICE OF HANGES notice. The following publication details the hardware features of the switch,...
Page 4 BOUT UIDE ES-4500G Series This section summarizes the changes in each revision of this guide. EVISION ISTORY 2011 R PRIL EVISION This is the first version of this guide. This guide is valid for software release v1.2.2.0. – 4 –...
Page 5: Table Of Contents
ONTENTS ES-4500G Series BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features System Defaults NITIAL WITCH ONFIGURATION Connecting to the Switch Configuration Options Required Connections Remote Connections Basic Configuration Console Connection Setting Passwords Setting an IP Address Enabling SNMP Management Access Managing System Files Saving or Restoring Configuration Settings...
Page 6 ONTENTS ES-4500G Series Configuration Options Panel Display Main Menu ASIC ANAGEMENT ASKS Displaying System Information Displaying Switch Hardware/Software Versions Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Managing System Files Copying Files via FTP/TFTP or HTTP Saving the Running Configuration to a Local File Setting The Start-Up File Showing System Files Setting the System Clock...
Page 7 ONTENTS ES-4500G Series Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Sampling Traffic Flows Configuring sFlow Parameters Traffic Segmentation Enabling Traffic Segmentation Configuring Uplink and Downlink Ports VLAN Trunking 6 VLAN C ONFIGURATION IEEE 802.1Q VLANs Configuring VLAN Groups...
Page 8 ONTENTS ES-4500G Series Configuring Interface Settings for STA Displaying Interface Settings for STA Configuring Multiple Spanning Trees Configuring Interface Settings for MSTP IMIT ONFIGURATION 10 S TORM ONTROL ONFIGURATION 11 C LASS OF ERVICE Layer 2 Queue Settings Setting the Default Priority for Interfaces Selecting the Queue Mode Mapping CoS Values to Egress Queues Layer 3/4 Priority Settings...
Page 9 ONTENTS ES-4500G Series Network Access (MAC Address Authentication) Configuring Global Settings for Network Access Configuring Network Access for Ports Configuring Port Link Detection Configuring a MAC Address Filter Displaying Secure MAC Address Information Configuring HTTPS Configuring Global Settings for HTTPS Replacing the Default Secure-site Certificate Configuring the Secure Shell Configuring the SSH Server...
Page 10 ONTENTS ES-4500G Series IP Source Guard Configuring Ports for IP Source Guard Configuring Static Bindings for IP Source Guard Displaying Information for Dynamic IP Source Guard Bindings DHCP Snooping DHCP Snooping Configuration DHCP Snooping VLAN Configuration Configuring Ports for DHCP Snooping Displaying DHCP Snooping Binding Information 15 B ASIC...
Page 11 ONTENTS ES-4500G Series 16 M ULTICAST ILTERING Overview IGMP Protocol Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters Specifying Static Interfaces for a Multicast Router Assigning Interfaces to Multicast Services Setting IGMP Snooping Status per Interface Filtering IGMP Query Packets and Multicast Data Displaying Multicast Groups Discovered by IGMP Snooping Filtering and Throttling IGMP Groups...
Page 12 ONTENTS ES-4500G Series 18 G IP R ENERAL OUTING Overview Initial Configuration IP Routing and Switching Routing Path Management Routing Protocols Configuring IP Routing Interfaces Configuring Local and Remote Interfaces Using the Ping Function Using the Trace Route Function Address Resolution Protocol Basic ARP Configuration Configuring Static ARP Addresses Displaying Dynamic or Local ARP Entries...
Page 13 ONTENTS ES-4500G Series Specifying The Target Server or Subnet 21 U NICAST OUTING Overview Configuring the Routing Information Protocol Configuring General Protocol Settings Clearing Entries from the Routing Table Specifying Network Interfaces Specifying Passive Interfaces Specifying Static Neighbors Configuring Route Redistribution Specifying an Administrative Distance Configuring Network Interfaces for RIP Displaying RIP Interface Settings...
Page 14 ONTENTS ES-4500G Series Configuring PIM for IPv4 Enabling PIM Globally Configuring PIM Interface Settings Displaying Neighbor Information Configuring Global PIM-SM Settings Configuring a BSR Candidate Configuring a Static Rendezvous Point Configuring an RP Candidate Displaying the BSR Router Displaying RP Mapping Configuring PIMv6 for IPv6 Enabling PIM Globally Configuring PIM Interface Settings...
Page 15 ONTENTS ES-4500G Series reload (Global Configuration) enable quit show history configure disable reload (Privileged Exec) show reload exit 25 S YSTEM ANAGEMENT OMMANDS Device Designation hostname switch all renumber System Status show access-list tcam-utilization show memory show process cpu show running-config show startup-config show system show tech-support...
Page 16 ONTENTS ES-4500G Series databits exec-timeout login parity password password-thresh silent-time speed stopbits timeout login response disconnect show line Event Logging logging facility logging history logging host logging on logging trap clear log show log show logging SMTP Alerts logging sendmail logging sendmail host logging sendmail level logging sendmail destination-email...
Page 17 ONTENTS ES-4500G Series Time Range time-range absolute periodic show time-range 26 SNMP C OMMANDS snmp-server snmp-server community snmp-server contact snmp-server location show snmp snmp-server enable traps snmp-server host snmp-server engine-id snmp-server group snmp-server user snmp-server view show snmp engine-id show snmp group show snmp user show snmp view snmp-server notify-filter...
Page 18 ONTENTS ES-4500G Series sflow max-datagram-size sflow max-header-size sflow owner sflow sample sflow source sflow timeout show sflow 29 A UTHENTICATION OMMANDS User Accounts enable password username Authentication Sequence authentication enable authentication login RADIUS Client radius-server acct-port radius-server auth-port radius-server host radius-server key radius-server retransmit radius-server timeout...
Page 19 ONTENTS ES-4500G Series accounting dot1x accounting exec authorization exec show accounting Web Server ip http port ip http server ip http secure-server ip http secure-port Telnet Server ip telnet max-sessions ip telnet port ip telnet server show ip telnet Secure Shell ip ssh authentication-retries ip ssh server ip ssh server-key size...
Page 20 ONTENTS ES-4500G Series dot1x timeout re-authperiod dot1x timeout supp-timeout dot1x timeout tx-period dot1x re-authenticate show dot1x Management IP Filter management show management 30 G ENERAL ECURITY EASURES Port Security mac-learning port security Network Access (MAC Address Authentication) network-access aging network-access mac-filter mac-authentication reauth-time network-access dynamic-qos network-access dynamic-vlan...
Page 21 ONTENTS ES-4500G Series web-auth web-auth re-authenticate (Port) web-auth re-authenticate (IP) show web-auth show web-auth interface show web-auth summary DHCP Snooping ip dhcp snooping ip dhcp snooping database flash ip dhcp snooping information option ip dhcp snooping information policy ip dhcp snooping verify mac-address ip dhcp snooping vlan ip dhcp snooping trust clear ip dhcp snooping database flash...
Page 22 ONTENTS ES-4500G Series 31 A CCESS ONTROL ISTS IPv4 ACLs access-list ip permit, deny (Standard IP ACL) permit, deny (Extended IPv4 ACL) ip access-group show ip access-group show ip access-list IPv6 ACLs access-list ipv6 permit, deny (Standard IPv6 ACL) permit, deny (Extended IPv6 ACL) show ipv6 access-list ipv6 access-group show ipv6 access-group...
Page 23 ONTENTS ES-4500G Series shutdown speed-duplex switchport mtu switchport packet-rate clear counters show interfaces counters show interfaces status show interfaces switchport show interfaces transceiver test cable-diagnostics dsp test loop internal show cable-diagnostics dsp show loop internal 33 L GGREGATION OMMANDS channel-group lacp lacp admin-key (Ethernet Interface) lacp port-priority...
Page 24 ONTENTS ES-4500G Series snmp-server enable port-traps atc broadcast-alarm-clear snmp-server enable port-traps atc broadcast-alarm-fire snmp-server enable port-traps atc broadcast-control-apply snmp-server enable port-traps atc broadcast-control-release snmp-server enable port-traps atc multicast-alarm-clear snmp-server enable port-traps atc multicast-alarm-fire snmp-server enable port-traps atc multicast-control-apply snmp-server enable port-traps atc multicast-control-release show auto-traffic-control show auto-traffic-control interface 37 A...
Page 25 ONTENTS ES-4500G Series spanning-tree edge-port spanning-tree link-type spanning-tree loopback-detection spanning-tree loopback-detection release-mode spanning-tree loopback-detection trap spanning-tree mst cost spanning-tree mst port-priority spanning-tree port-bpdu-flooding spanning-tree port-priority spanning-tree root-guard spanning-tree spanning-disabled spanning-tree loopback-detection release spanning-tree protocol-migration show spanning-tree show spanning-tree mst configuration 39 VLAN C OMMANDS GVRP and Bridge Extension Commands...
Page 26 ONTENTS ES-4500G Series Displaying VLAN Information show vlan Configuring IEEE 802.1Q Tunneling dot1q-tunnel system-tunnel-control switchport dot1q-tunnel mode switchport dot1q-tunnel service match cvid switchport dot1q-tunnel tpid show dot1q-tunnel Configuring Port-based Traffic Segmentation traffic-segmentation show traffic-segmentation Configuring Private VLANs private-vlan private vlan association switchport mode private-vlan switchport private-vlan host-association switchport private-vlan mapping...
Page 27 ONTENTS ES-4500G Series switchport voice vlan security show voice vlan 40 C LASS OF ERVICE OMMANDS Priority Commands (Layer 2) queue cos-map queue mode queue weight switchport priority default show queue cos-map show queue mode show queue weight Priority Commands (Layer 3 and 4) map ip dscp (Global Configuration) map ip port (Global Configuration) map ip precedence (Global Configuration)
Page 28 ONTENTS ES-4500G Series 42 M ULTICAST ILTERING OMMANDS IGMP Snooping ip igmp snooping ip igmp snooping proxy-reporting ip igmp snooping querier ip igmp snooping router-alert-option-check ip igmp snooping router-port-expire-time ip igmp snooping tcn-flood ip igmp snooping tcn-query-solicit ip igmp snooping unregistered-data-flood ip igmp snooping unsolicited-report-interval ip igmp snooping version ip igmp snooping version-exclusive...
Page 29 ONTENTS ES-4500G Series ip igmp query-drop 1014 ip multicast-data-drop 1015 show ip igmp filter 1015 show ip igmp profile 1016 show ip igmp query-drop 1016 show ip igmp throttle interface 1017 show ip multicast-data-drop 1018 Multicast VLAN Registration 1019 1019 mvr upstream-source-ip 1020 mvr immediate-leave...
Page 30 ONTENTS ES-4500G Series clear ipv6 mld group 1044 show ipv6 mld groups 1044 show ipv6 mld interface 1046 MLD Proxy Routing 1046 ipv6 mld proxy 1047 ipv6 mld proxy unsolicited-report-interval 1048 43 LLDP C 1049 OMMANDS lldp 1050 lldp holdtime-multiplier 1050 lldp notification-interval 1051...
Page 31 ONTENTS ES-4500G Series ip name-server 1071 ipv6 host 1072 clear dns cache 1072 clear host 1073 show dns 1073 show dns cache 1074 show hosts 1074 45 DHCP C 1077 OMMANDS DHCP Client 1077 ip dhcp client class-id 1078 ip dhcp restart client 1078 ipv6 dhcp client rapid-commit vlan 1079...
Page 32 ONTENTS ES-4500G Series vrrp ip 1096 vrrp preempt 1097 vrrp priority 1098 vrrp timers advertise 1099 clear vrrp interface counters 1100 clear vrrp router counters 1100 show vrrp 1100 show vrrp interface 1102 show vrrp interface counters 1103 show vrrp router counters 1104 47 IP I 1105...
Page 33 ONTENTS ES-4500G Series show ipv6 interface 1127 show ipv6 mtu 1129 show ipv6 traffic 1130 clear ipv6 traffic 1134 ping6 1135 ipv6 neighbor 1136 ipv6 hop-limit 1137 ipv6 nd dad attempts 1138 ipv6 nd ns-interval 1139 ipv6 nd reachable-time 1140 clear ipv6 neighbors 1141 show ipv6 neighbors...
Page 34 ONTENTS ES-4500G Series passive-interface 1165 redistribute 1166 timers basic 1167 version 1168 ip rip authentication mode 1169 ip rip authentication string 1170 ip rip receive version 1170 ip rip receive-packet 1171 ip rip send version 1172 ip rip send-packet 1173 ip rip split-horizon 1173 clear ip rip route...
Page 35 ONTENTS ES-4500G Series ip ospf message-digest-key 1200 ip ospf priority 1201 ip ospf retransmit-interval 1202 ip ospf transmit-delay 1203 passive-interface 1204 show ip ospf 1204 show ip ospf border-routers 1206 show ip ospf database 1207 show ip ospf interface 1213 show ip ospf neighbor 1215 show ip ospf route...
Page 36 ONTENTS ES-4500G Series show ipv6 ospf interface 1241 show ipv6 ospf neighbor 1242 show ipv6 ospf route 1243 show ipv6 ospf virtual-links 1244 49 M 1245 ULTICAST OUTING OMMANDS General Multicast Routing 1245 ip multicast-routing 1245 show ip mroute 1246 ipv6 multicast-routing 1248 show ipv6 mroute...
Page 37 ONTENTS ES-4500G Series ip pim join-prune-interval 1272 clear ip pim bsr rp-set 1273 show ip pim bsr-router 1273 show ip pim rp mapping 1274 show ip pim rp-hash 1275 IPv6 PIM Commands 1276 router pim6 1276 ipv6 pim dense-mode 1277 ipv6 pim graft-retry-interval 1278 ipv6 pim hello-holdtime...
Page 38 ONTENTS ES-4500G Series – 38 –...
Page 39: Figures
IGURES ES-4500G Series Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Figure 4: General Switch Information Figure 5: Configuring Support for Jumbo Frames Figure 6: Displaying Bridge Extension Configuration Figure 7: Copy Firmware Figure 8: Saving the Running Configuration Figure 9: Setting Start-Up Files Figure 10: Displaying System Files Figure 11: Manually Setting the System Clock...
Page 40 IGURES ES-4500G Series Figure 32: Performing Cable Tests Figure 33: Configuring Static Trunks Figure 34: Creating Static Trunks Figure 35: Adding Static Trunks Members Figure 36: Configuring Connection Parameters for a Static Trunk Figure 37: Displaying Connection Parameters for Static Trunks Figure 38: Configuring Dynamic Trunks Figure 39: Configuring the LACP Aggregator Admin Key Figure 40: Enabling LACP on a Port...
Page 41 IGURES ES-4500G Series Figure 68: Showing Associated VLANs Figure 69: Configuring Interfaces for Private VLANs Figure 70: QinQ Operational Concept Figure 71: Enabling QinQ Tunneling Figure 72: Adding an Interface to a QinQ Tunnel Figure 73: Configuring Protocol VLANs Figure 74: Displaying Protocol VLANs Figure 75: Assigning Interfaces to Protocol VLANs Figure 76: Showing the Interface to Protocol Group Mapping Figure 77: Configuring IP Subnet VLANs...
Page 42 IGURES ES-4500G Series Figure 104: Configuring MSTP Interface Settings Figure 105: Displaying MSTP Interface Settings Figure 106: Configuring Rate Limits Figure 107: Configuring Storm Control Figure 108: Setting the Default Port Priority Figure 109: Setting the Queue Mode (Strict) Figure 110: Setting the Queue Mode (WRR) Figure 111: Setting the Queue Mode (Strict and WRR) Figure 112: Mapping CoS Values to Egress Queues Figure 113: Mapping IP DSCP Priority Values...
Page 43 IGURES ES-4500G Series Figure 140: Configuring AAA Accounting Service for Exec Service Figure 141: Displaying a Summary of Applied AAA Accounting Methods Figure 142: Displaying Statistics for AAA Accounting Sessions Figure 143: Configuring AAA Authorization Methods Figure 144: Showing AAA Authorization Methods Figure 145: Configuring AAA Authorization Methods for Exec Service Figure 146: Displaying the Applied AAA Authorization Method Figure 147: Configuring User Accounts...
Page 44 IGURES ES-4500G Series Figure 176: Configuring a ARP ACL Figure 177: Binding a Port to an ACL Figure 178: Configuring Global Settings for ARP Inspection Figure 179: Configuring VLAN Settings for ARP Inspection Figure 180: Configuring Interface Settings for ARP Inspection Figure 181: Displaying Statistics for ARP Inspection Figure 182: Displaying the ARP Inspection Log Figure 183: Creating an IP Address Filter for Management Access...
Page 45 IGURES ES-4500G Series Figure 212: Configuring a Remote Engine ID for SNMP Figure 213: Showing Remote Engine IDs for SNMP Figure 214: Creating an SNMP View Figure 215: Showing SNMP Views Figure 216: Adding an OID Subtree to an SNMP View Figure 217: Showing the OID Subtree Configured for SNMP Views Figure 218: Creating an SNMP Group Figure 219: Showing SNMP Groups...
Page 46 IGURES ES-4500G Series Figure 248: Showing Current Interfaces Assigned to a Multicast Service Figure 249: Configuring IGMP Snooping on an Interface Figure 250: Showing Interface Settings for IGMP Snooping Figure 251: Dropping IGMP Query or Multicast Data Packets Figure 252: Showing Multicast Groups Learned by IGMP Snooping Figure 253: Enabling IGMP Filtering and Throttling Figure 254: Creating an IGMP Filtering Profile Figure 255: Showing the IGMP Filtering Profiles Created...
Page 47 IGURES ES-4500G Series Figure 284: Showing IPv6 Statistics (UDP) Figure 285: Showing Reported MTU Values Figure 286: Virtual Interfaces and Layer 3 Routing Figure 287: Pinging a Network Device Figure 288: Tracing the Route to a Network Device Figure 289: Proxy ARP Figure 290: Configuring General Settings for ARP Figure 291: Configuring Static ARP Entries Figure 292: Displaying Static ARP Entries...
Page 48 IGURES ES-4500G Series Figure 320: Configuring DHCP Relay Service Figure 321: DHCP Server Figure 322: Enabling the DHCP Server Figure 323: Configuring Excluded Addresses on the DHCP Server Figure 324: Showing Excluded Addresses on the DHCP Server Figure 325: Configuring DHCP Server Address Pools (Network) Figure 326: Configuring DHCP Server Address Pools (Host) Figure 327: Showing Configured DHCP Server Address Pools Figure 328: Shows Addresses Assigned by the DHCP Server...
Page 49 IGURES ES-4500G Series Figure 356: Showing OSPF Process Identifiers Figure 357: AS Boundary Router Figure 358: Configure General Settings for OSPF Figure 359: Showing General Settings for OSPF Figure 360: Adding an NSSA or Stub Figure 361: Showing NSSAs or Stubs Figure 362: OSPF NSSA Figure 363: Configuring Protocol Settings for an NSSA...
Page 50 IGURES ES-4500G Series Figure 392: Showing PIM Neighbors Figure 393: Configuring Global Settings for PIM-SM Figure 394: Configuring a BSR Candidate Figure 395: Configuring a Static Rendezvous Point Figure 396: Showing Static Rendezvous Points Figure 397: Configuring an RP Candidate Figure 398: Showing Settings for an RP Candidate Figure 399: Showing Information About the BSR Figure 400: Showing RP Mapping...
Page 51: Tables
ABLES ES-4500G Series Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Switch Main Menu Table 5: Port Statistics Table 6: LACP Port Counters Table 7: LACP Internal Configuration Information Table 8: LACP Internal Configuration Information Table 9: Recommended STA Path Cost Range Table 10: Default STA Path Costs Table 11: IEEE 802.1p Egress Queue Priority Mapping...
Page 52 ABLES ES-4500G Series Table 32: VRRP Group Statistics Table 33: OSPF System Information Table 34: General Command Modes Table 35: Configuration Command Modes Table 36: Keystroke Commands Table 37: Command Group Index Table 38: General Commands Table 39: System Management Commands Table 40: Device Designation Commands Table 41: System Status Commands Table 42: Frame Size Commands...
Page 53 ABLES ES-4500G Series Table 68: Web Server Commands Table 69: HTTPS System Support Table 70: Telnet Server Commands Table 71: Secure Shell Commands Table 72: show ssh - display description Table 73: 802.1X Port Authentication Commands Table 74: Management IP Filter Commands Table 75: General Security Commands Table 76: Management IP Filter Commands Table 77: Network Access Commands...
Page 54 ABLES ES-4500G Series Table 104: VLAN Commands Table 105: GVRP and Bridge Extension Commands Table 106: Commands for Editing VLAN Groups Table 107: Commands for Configuring VLAN Interfaces Table 108: Commands for Displaying VLAN Information Table 109: 802.1Q Tunneling Commands Table 110: Commands for Configuring Traffic Segmentation Table 111: Private VLAN Commands Table 112: Protocol-based VLAN Commands...
Page 55 ABLES ES-4500G Series Table 140: show dns cache - display description 1074 Table 141: show hosts - display description 1075 Table 142: DHCP Commands 1077 Table 143: DHCP Client Commands 1077 Table 144: DHCP Relay Commands 1080 Table 145: DHCP Server Commands 1082 Table 146: VRRP Commands 1095...
Page 56 ABLES ES-4500G Series Table 176: show ip ospf - display description 1239 Table 177: show ip ospf database - display description 1240 Table 178: show ip ospf interface - display description 1241 Table 179: show ipv6 ospf neighbor - display description 1243 Table 180: show ip ospf neighbor - display description 1244...
Page 57: Sectioni
ECTION ES-4500G Series ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 59 ◆...
Page 58 | Getting Started ECTION ES-4500G Series – 58 –...
Page 59: Key Features
NTRODUCTION ES-4500G Series This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 60 | Introduction HAPTER Key Features ES-4500G Series Table 1: Key Features (Continued) Feature Description Address Table Up to 16K MAC addresses in the forwarding table, 1024 static MAC addresses; Up to 8K IPv4 and 4K IPv6 entries in the host table; 8K entries in the ARP cache, 256 static ARP entries;...
Page 61: Description Of Software Features
| Introduction HAPTER Description of Software Features ES-4500G Series ESCRIPTION OF OFTWARE EATURES The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network.
Page 62 | Introduction HAPTER Description of Software Features ES-4500G Series dynamic configuration of local clients from a DHCP server located in a different network. You can manually configure the speed, duplex mode, and flow control used ONFIGURATION on specific ports, or use auto-negotiation to detect the connection settings used by the attached device.
Page 63 | Introduction HAPTER Description of Software Features ES-4500G Series addresses or source IP/MAC address pairs based on static entries or entries stored in the DHCP Snooping table. The switch supports IEEE 802.1D transparent bridging. The address table IEEE 802.1D B RIDGE facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information.
Page 64 | Introduction HAPTER Description of Software Features ES-4500G Series The switch supports up to 4093 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 65 | Introduction HAPTER Description of Software Features ES-4500G Series Differentiated Services (DiffServ) provides policy-based management UALITY OF ERVICE mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists.
Page 66 | Introduction HAPTER Description of Software Features ES-4500G Series The Virtual Router Redundancy Protocol (VRRP) uses a virtual IP address to OUTER EDUNDANCY support a primary router and multiple backup routers. The backups can be configured to take over the workload if the master fails or to load share the traffic.
Page 67: System Defaults
| Introduction HAPTER System Defaults ES-4500G Series YSTEM EFAULTS The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file. The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter...
Page 68 | Introduction HAPTER System Defaults ES-4500G Series Table 2: System Defaults (Continued) Function Parameter Default Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast: Enabled (500 packets/sec) Address Table...
Page 69 | Introduction HAPTER System Defaults ES-4500G Series Table 2: System Defaults (Continued) Function Parameter Default IP Settings Management. VLAN Any VLAN configured with an IP address IP Address DHCP assigned Default Gateway 0.0.0.0 DHCP Client: Enabled Relay: Disabled Server: Disabled Client/Proxy service: Disabled BOOTP Disabled...
Page 70 | Introduction HAPTER System Defaults ES-4500G Series – 70 –...
Page 71: Initial Switch Configuration
NITIAL WITCH ONFIGURATION ES-4500G Series This chapter includes information on connecting to the switch and basic configuration procedures. ONNECTING TO THE WITCH The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web- based interface.
Page 72: Required Connections
| Initial Switch Configuration HAPTER Connecting to the Switch ES-4500G Series Control port access through IEEE 802.1X security or static address ◆ filtering Filter packets using Access Control Lists (ACLs) ◆ Configure up to 4093 IEEE 802.1Q VLANs ◆ Enable GVRP automatic VLAN registration ◆...
Page 73: Remote Connections
| Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series Set flow control to none. ■ Set the emulation mode to VT100. ■ When using HyperTerminal, select Terminal keys, not Windows ■ keys. Once you have set up the terminal correctly, the console login screen will be displayed.
Page 74: Setting Passwords
| Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the Privileged Exec level. Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level.
Page 75: Setting An Ip Address
| Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series You must establish IP address information for the stack to obtain ETTING AN management access through the network. This can be done in either of the DDRESS following ways: Manual — You have to input the information, including IP address and ◆...
Page 76 | Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>. Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit...
Page 77 | Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series ND DAD is enabled, number of DAD attempts: 1. ND retransmit interval is 1000 milliseconds Console# Address for Multi-segment Network — Before you can assign an IPv6 address to the switch that will be used to connect to a multi-segment network, you must obtain the following information from your network administrator: ◆...
Page 78 | Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series Global unicast address(es): 2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64 2005::212:CFFF:FE0B:4600, subnet is :: Joined group address(es): FF02::1:2 FF02::1:FF00:0 FF02::1:FF93:82A0 FF02::1 IPv6 link MTU is 1280 bytes ND DAD is enabled, number of DAD attempts: 2. ND retransmit interval is 1000 milliseconds Console# YNAMIC...
Page 79 | Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>. Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: DHCP Console#copy running-config startup-config Startup configuration file name []: startup...
Page 80: Enabling Snmp Management Access
| Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series The switch can be configured to accept management commands from SNMP NABLING Simple Network Management Protocol (SNMP) applications. You can ANAGEMENT CCESS configure the switch to respond to SNMP requests or generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
Page 81 | Initial Switch Configuration HAPTER Basic Configuration ES-4500G Series If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.
Page 82: Managing System Files
| Initial Switch Configuration HAPTER Managing System Files ES-4500G Series For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to "Simple Network Management Protocol" on page 378, or refer to the specific CLI commands for SNMP starting on page 683 ANAGING YSTEM...
Page 83: Saving Or Restoring Configuration Settings
| Initial Switch Configuration HAPTER Managing System Files ES-4500G Series Configuration commands only modify the running configuration file and are AVING OR not saved when the switch is rebooted. To save all your configuration ESTORING changes in nonvolatile storage, you must copy the running configuration ONFIGURATION file to the start-up configuration file using the “copy”...
Page 84 | Initial Switch Configuration HAPTER Managing System Files ES-4500G Series Success. Console# – 84 –...
Page 85: Ection
ECTION ES-4500G Series ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 87 ◆ "Basic Management Tasks" on page 107 ◆...
Page 86 | Web Configuration ECTION ES-4500G Series "Multicast Filtering" on page 413 ◆ – 86 –...
Page 87: Using The Web Interface
SING THE NTERFACE ES-4500G Series This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above, Netscape 6.2 or above, or Mozilla Firefox 2.0.0.0 or above).
Page 88: Navigating The Web Browser Interface
| Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series forwarding (i.e., enable Admin Edge Port) to improve the switch’s response time to management commands issued through the web interface. See "Configuring Interface Settings for STA" on page 215.
Page 89: Configuration Options
| Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Configurable parameters have a dialog box or a drop-down list. Once a ONFIGURATION configuration change has been made on a page, be sure to click on the PTIONS Apply button to confirm the new setting.
Page 90: Main Menu
| Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 4: Switch Main Menu Menu Description...
Page 91 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Cable Test Performs cable diagnostics for selected port to diagnose any cable faults (short, open etc.) and report the cable length Trunk Static Configure Trunk...
Page 92 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page VLAN Virtual LAN Static Creates VLAN groups Show Displays configured VLAN groups Modify Configures group name and administrative status Edit Member by VLAN Specifies VLAN attributes per VLAN Edit Member by Interface...
Page 93 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Show Shows source MAC address to VLAN mapping MAC Address Learning Status Enables MAC address learning on selected interfaces Static Configures static entries in the address table Show...
Page 94 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Queue Sets queue mode for the switch; sets the service weight for each queue that will use a weighted or hybrid mode CoS to Queue Specifies the hardware output queues to use for CoS priority tagged traffic...
Page 95 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Configure Group Specifies a group of authentication servers and sets the priority sequence Show Shows the authentication server groups and priority sequence Accounting Enables accounting of requested services for billing or security purposes...
Page 96 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Link Detection Configures detection of changes in link status, and the response (i.e., send trap or shut down port) Configure MAC Filter Specifies MAC addresses exempt from authentication Show...
Page 97 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Configure Interface Sets the trust mode for ports, and sets the rate limit for packet inspection Show Information Show Statistics Displays statistics on the inspection process Show Log...
Page 98 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Port/Trunk Details Displays detailed information about a remote device connected to this switch Show Device Statistics General Displays statistics for all connected remote devices Port/Trunk Displays statistics for remote devices on a selected port or trunk SNMP...
Page 99 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Alarm Shows all configured alarms Event Shows all configured events Configure Interface History Periodically samples statistics on a physical interface Statistics Enables collection of statistics on a physical interface Show...
Page 100 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Configure ECMP Number Sets the maximum number of equal-cost paths to the same destination that can be installed in the routing table VRRP Virtual Router Redundancy Protocol Configure Group ID...
Page 101 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Static Host Table Configures static entries for domain name to address mapping Show Shows the list of static mapping entries Modify Modifies the static address mapped to the selected host name Cache...
Page 102 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Multicast IGMP Snooping General Enables multicast filtering; configures parameters for multicast snooping Multicast Router Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router Show Static Multicast Router Displays ports statically configured as attached to a neighboring...
Page 103 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Show Information Shows the current multicast groups learned through IGMP for each VLAN Show Detail Shows detailed information on each multicast group associated with a VLAN interface Multicast Routing General...
Page 104 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Redistribute Imports external routing information from other routing domains (that is, protocols) into the autonomous system Show Shows the external routing information to be imported from other routing domains Distance Defines an administrative distance for external routes learned from...
Page 105 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page Show Shows route summaries advertised at an area boundary Modify Modifies route summaries advertised at an area boundary Redistribute Redistributes routes from one routing domain to another Show...
Page 106 | Using the Web Interface HAPTER Navigating the Web Browser Interface ES-4500G Series Table 4: Switch Main Menu (Continued) Menu Description Page RP Candidate Advertises the switch as an RP candidate to the BSR for the specified multicast groups Show Shows the multicast groups for which this switch is advertising itself as an RP candidate to the BSR Show Information...
Page 107: Basic
ASIC ANAGEMENT ASKS ES-4500G Series This chapter describes the following topics: Displaying System Information – Provides basic system description, ◆ including contact information. Displaying Switch Hardware/Software Versions – Shows the hardware ◆ version, power status, and firmware versions Configuring Support for Jumbo Frames –...
Page 108 | Basic Management Tasks HAPTER Displaying System Information ES-4500G Series ARAMETERS These parameters are displayed in the web interface: System Description – Brief description of device type. ◆ System Object ID – MIB II object ID for switch’s network ◆ management subsystem.
Page 109: Displaying Switch Hardware/Software Versions
| Basic Management Tasks HAPTER Displaying Switch Hardware/Software Versions ES-4500G Series ISPLAYING WITCH ARDWARE OFTWARE ERSIONS Use the System > Switch page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. CLI R EFERENCES ◆...
Page 110: Configuring Support For Jumbo Frames
| Basic Management Tasks HAPTER Configuring Support for Jumbo Frames ES-4500G Series Figure 4: General Switch Information ONFIGURING UPPORT FOR UMBO RAMES Use the System > Capability page to configure support for layer 2 jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames of up to 9216 bytes for Gigabit and 10 Gigabit Ethernet ports or trunks.
Page 111: Displaying Bridge Extension Capabilities
| Basic Management Tasks HAPTER Displaying Bridge Extension Capabilities ES-4500G Series ARAMETERS The following parameters are displayed in the web interface: Jumbo Frame – Configures support for jumbo frames. ◆ (Default: Disabled) NTERFACE To configure support for jumbo frames: Click System, then Capability. Enable or disable support for jumbo frames.
Page 112 | Basic Management Tasks HAPTER Displaying Bridge Extension Capabilities ES-4500G Series VLAN Learning – This switch uses Independent VLAN Learning (IVL), ◆ where each port maintains its own filtering database. Local VLAN Capable – This switch does not support multiple local ◆...
Page 113: Managing System Files
| Basic Management Tasks HAPTER Managing System Files ES-4500G Series ANAGING YSTEM ILES This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files. Use the System > File (Copy) page to upload/download firmware or OPYING ILES VIA configuration settings using FTP, TFTP or HTTP.
Page 114 | Basic Management Tasks HAPTER Managing System Files ES-4500G Series Up to two copies of the system software (i.e., the runtime firmware) can be stored in the file directory on the switch. The maximum number of user-defined configuration files is limited only by available flash memory space.
Page 115: Saving The Running Configuration To A Local File
| Basic Management Tasks HAPTER Managing System Files ES-4500G Series Use the System > File (Copy) page to save the current configuration AVING THE UNNING settings to a local file on the switch. The configuration settings are not ONFIGURATION TO A automatically saved by the system for subsequent use when the switch is OCAL rebooted.
Page 116: Setting The Start-Up File
| Basic Management Tasks HAPTER Managing System Files ES-4500G Series If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu. Use the System > File (Set Start-Up) page to specify the firmware or ETTING TART configuration file to use for system initialization.
Page 117: Showing System Files
| Basic Management Tasks HAPTER Setting the System Clock ES-4500G Series Use the System > File (Show) page to show the files in the system HOWING YSTEM directory, or to delete a file. ILES Files designated for start-up, and the Factory_Default_Config.cfg file, cannot be deleted.
Page 118: Setting The Time Manually
| Basic Management Tasks HAPTER Setting the System Clock ES-4500G Series Use the System > Time (Configure General - Manual) page to set the ETTING THE system time on the switch manually without using SNTP. ANUALLY CLI R EFERENCES "calendar set" on page 678 ◆...
Page 119: Setting The Sntp Polling Interval
| Basic Management Tasks HAPTER Setting the System Clock ES-4500G Series Use the System > Time (Configure General - SNTP) page to set the polling SNTP ETTING interval at which the switch will query the time servers. OLLING NTERVAL CLI R EFERENCES "Time"...
Page 120: Specifying Sntp Time Servers
| Basic Management Tasks HAPTER Setting the System Clock ES-4500G Series Use the System > Time (Configure Time Server) page to specify the IP SNTP PECIFYING address for up to three SNTP time servers. ERVERS CLI R EFERENCES "sntp server" on page 676 ◆...
Page 121: Setting The Time Zone
| Basic Management Tasks HAPTER Setting the System Clock ES-4500G Series Use the System > Time (Configure Time Server) page to set the time zone. ETTING THE SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Page 122: Console Port Settings
| Basic Management Tasks HAPTER Console Port Settings ES-4500G Series ONSOLE ETTINGS Use the System > Console menu to configure connection parameters for the switch’s console port. You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port.
Page 123 | Basic Management Tasks HAPTER Console Port Settings ES-4500G Series The password for the console connection can only be configured through the CLI (see "password" on page 659). Password checking can be enabled or disabled for logging in to the console connection (see "login"...
Page 124: Telnet Settings
| Basic Management Tasks HAPTER Telnet Settings ES-4500G Series ELNET ETTINGS Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection. You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other parameters set, including the TCP port number, time outs, and a password.
Page 125: Displaying Cpu Utilization
| Basic Management Tasks HAPTER Displaying CPU Utilization ES-4500G Series Password checking can be enabled or disabled for login to the console connection (see "login" on page 657). You can select authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts.
Page 126: Displaying Memory Utilization
| Basic Management Tasks HAPTER Displaying Memory Utilization ES-4500G Series Change the update interval if required. Note that the interval is changed as soon as a new setting is selected. Figure 17: Displaying CPU Utilization ISPLAYING EMORY TILIZATION Use the System > Memory Status page to display memory utilization parameters.
Page 127: Renumbering The Stack
| Basic Management Tasks HAPTER Renumbering the Stack ES-4500G Series Figure 18: Displaying Memory Utilization ENUMBERING THE TACK If the units are no longer numbered sequentially after several topology changes or failures, use the System > Renumbering page to reset the unit numbers.
Page 128: Resetting The System
| Basic Management Tasks HAPTER Resetting the System ES-4500G Series ESETTING THE YSTEM Use the System > Reset menu to restart the switch immediately, at a specified time, after a specified delay, or at a periodic interval. CLI R EFERENCES "reload (Privileged Exec)"...
Page 129: Interface
| Basic Management Tasks HAPTER Resetting the System ES-4500G Series Regularly – Specifies a periodic interval at which to reload the ■ switch. Time HH - The hour at which to reload. (Range: 0-23) ■ MM - The minute at which to reload. (Range: 0-59) ■...
Page 130 | Basic Management Tasks HAPTER Resetting the System ES-4500G Series Figure 21: Restarting the Switch (In) Figure 22: Restarting the Switch (At) Figure 23: Restarting the Switch (Regularly) – 130 –...
Page 131: Configuration
NTERFACE ONFIGURATION ES-4500G Series This chapter describes the following topics: Port Configuration – Configures connection settings, including auto- ◆ negotiation, or manual setting of speed, duplex mode, and flow control. Port Mirroring – Sets the source and target ports for mirroring on the ◆...
Page 132 | Interface Configuration HAPTER Port Configuration ES-4500G Series When using auto-negotiation, the optimal settings will be negotiated ◆ between the link partners based on their advertised capabilities. To set the speed, duplex mode, or flow control under auto-negotiation, the required operation modes must be specified in the capabilities list for an interface.
Page 133 | Interface Configuration HAPTER Port Configuration ES-4500G Series 100f - Supports 100 Mbps full-duplex operation ■ 1000f (Gigabit ports only) - Supports 1000 Mbps full-duplex ■ operation 10Gf (10 Gigabit ports only) - Supports 10 Gbps full-duplex ■ operation Sym - Check this item to transmit and receive pause frames. ■...
Page 134: Configuring By Port Range
| Interface Configuration HAPTER Port Configuration ES-4500G Series Figure 24: Configuring Connections by Port List Use the Interface > Port > General (Configure by Port Range) page to ONFIGURING BY enable/disable an interface, set auto-negotiation and the interface ANGE capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
Page 135: Displaying Connection Status
| Interface Configuration HAPTER Port Configuration ES-4500G Series Figure 25: Configuring Connections by Port Range Use the Interface > Port > General (Show Information) page to display the ISPLAYING current connection status, including link state, speed/duplex mode, flow ONNECTION TATUS control, and auto-negotiation.
Page 136: Configuring Port Mirroring
| Interface Configuration HAPTER Port Configuration ES-4500G Series NTERFACE To display port connection parameters: Click Interface, Port, General. Select Show Information from the Action List. Figure 26: Displaying Port Information Use the Interface > Port > Mirror page to mirror traffic from any source ONFIGURING port to a target port for real-time analysis.
Page 137 | Interface Configuration HAPTER Port Configuration ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Source Port – The port whose traffic will be monitored. ◆ (Range: 1-26/50) ◆ Target Port – The port that will mirror the traffic on the source port. (Range: 1-26/50) ◆...
Page 138: Showing Port Or Trunk Statistics
| Interface Configuration HAPTER Port Configuration ES-4500G Series Figure 29: Displaying Local Port Mirror Sessions Use the Interface > Port/Trunk > Statistics or Chart page to display HOWING ORT OR standard statistics on network traffic from the Interfaces Group and RUNK TATISTICS Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the...
Page 139 | Interface Configuration HAPTER Port Configuration ES-4500G Series Table 5: Port Statistics (Continued) Parameter Description Received Discarded The number of inbound packets which were chosen to be Packets discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space.
Page 140 | Interface Configuration HAPTER Port Configuration ES-4500G Series Table 5: Port Statistics (Continued) Parameter Description Drop Events The total number of events in which packets were dropped due to lack of resources. Jabbers The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either an FCS or alignment error.
Page 141 | Interface Configuration HAPTER Port Configuration ES-4500G Series NTERFACE To show a list of port statistics: Click Interface, Port, Statistics. Select the statistics mode to display (Interface, Etherlike or RMON). Select a port from the drop-down list. Use the Refresh button at the bottom of the page if you need to update the screen.
Page 142: Performing Cable Diagnostics
| Interface Configuration HAPTER Port Configuration ES-4500G Series Figure 31: Showing Port Statistics (Chart) Use the Interface > Port > Cable Test page to test the cable attached to a ERFORMING ABLE port. The cable test will check for any cable faults (short, open, etc.). If a IAGNOSTICS fault is found, the switch reports the length to the fault.
Page 143 | Interface Configuration HAPTER Port Configuration ES-4500G Series Not Supported: This message is displayed for any Gigabit Ethernet ■ ports linked up at a speed lower than 1000 Mbps, or for any 10G Ethernet ports. Impedance mismatch: Terminating impedance is not in the ■...
Page 144: Trunk Configuration
| Interface Configuration HAPTER Trunk Configuration ES-4500G Series RUNK ONFIGURATION This section describes how to configure static and dynamic trunks. You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two devices.
Page 145: Configuring A Static Trunk
| Interface Configuration HAPTER Trunk Configuration ES-4500G Series Use the Interface > Trunk > Static page to create a trunk, assign member ONFIGURING A ports, and configure the connection parameters. TATIC RUNK Figure 33: Configuring Static Trunks statically configured active links CLI R EFERENCES...
Page 146 | Interface Configuration HAPTER Trunk Configuration ES-4500G Series Set the unit and port for the initial trunk member. Click Apply. Figure 34: Creating Static Trunks To add member ports to a static trunk: Click Interface, Trunk, Static. Select Configure Trunk from the Step list. Select Add Member from the Action list.
Page 147: Configuring A Dynamic Trunk
| Interface Configuration HAPTER Trunk Configuration ES-4500G Series Figure 36: Configuring Connection Parameters for a Static Trunk To display trunk connection parameters: Click Interface, Trunk, Static. Select Configure General from the Step list. Select Show Information from the Action list. Figure 37: Displaying Connection Parameters for Static Trunks Use the Interface >...
Page 148 | Interface Configuration HAPTER Trunk Configuration ES-4500G Series OMMAND SAGE ◆ To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports before disabling LACP. If the target switch has also enabled LACP on the connected ports, the ◆...
Page 149 | Interface Configuration HAPTER Trunk Configuration ES-4500G Series By default, the Actor Admin Key is determined by port's link speed, and copied to Oper Key. The Partner Admin Key is assigned to zero, and the Oper Key is set based upon LACP PDUs received from the Partner. System Priority –...
Page 150 | Interface Configuration HAPTER Trunk Configuration ES-4500G Series To enable LACP for a port: Click Interface, Trunk, Dynamic. Select Configure Aggregation Port from the Step list. Select Configure from the Action list. Click General. Enable LACP on the required ports. Click Apply.
Page 151 | Interface Configuration HAPTER Trunk Configuration ES-4500G Series Figure 41: Configuring LACP Parameters on a Port To configure connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step List. Select Configure from the Action List. Modify the required interface settings.
Page 152: Displaying Lacp Port Counters
| Interface Configuration HAPTER Trunk Configuration ES-4500G Series Figure 43: Displaying Connection Parameters for Dynamic Trunks To show the active members of a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step List. Select Show Member from the Action List. Select a Trunk.
Page 153 | Interface Configuration HAPTER Trunk Configuration ES-4500G Series Table 6: LACP Port Counters (Continued) Parameter Description Marker Unknown Pkts Number of frames received that either (1) Carry the Slow Protocols Ethernet Type value, but contain an unknown PDU, or (2) are addressed to the Slow Protocols group MAC Address, but do not carry the Slow Protocols Ethernet Type.
Page 154: Displaying Lacp Settings And Status For The Local Side
| Interface Configuration HAPTER Trunk Configuration ES-4500G Series Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show LACP ISPLAYING Information - Internal) page to display the configuration settings and ETTINGS AND TATUS operational state for the local side of a link aggregation. FOR THE OCAL CLI R...
Page 155: Displaying Lacp Settings And Status For The Remote Side
| Interface Configuration HAPTER Trunk Configuration ES-4500G Series Figure 46: Displaying LACP Port Internal Information Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show LACP ISPLAYING Information - Neighbors) page to display the configuration settings and ETTINGS AND TATUS operational state for the remote side of a link aggregation.
Page 156: Sampling Traffic Flows
| Interface Configuration HAPTER Sampling Traffic Flows ES-4500G Series NTERFACE To display LACP settings and status for the remote side: Click Interface, Trunk, Dynamic. Select Configure Aggregation Port from the Step list. Select Show Information from the Action list. Click Neighbors. Select a group member from the Port list.
Page 157: Configuring Sflow Parameters
| Interface Configuration HAPTER Sampling Traffic Flows ES-4500G Series As the Collector receives streams from the various sFlow agents (other switches or routers) throughout the network, a timely, network-wide picture of utilization and traffic flows is created. Analysis of the sFlow stream(s) can reveal trends and information that can be leveraged in the following ways: Detecting, diagnosing, and fixing network problems...
Page 158 | Interface Configuration HAPTER Sampling Traffic Flows ES-4500G Series Max Datagram Size – Maximum size of the sFlow datagram payload. ◆ (Range: 200-1500 bytes; Default: 1400 bytes) Sample Rate – The number of packets out of which one sample will be ◆...
Page 159: Traffic Segmentation
| Interface Configuration HAPTER Traffic Segmentation ES-4500G Series RAFFIC EGMENTATION If tighter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider, port-based traffic segmentation can be used to isolate traffic between clients on different downlink ports.
Page 160: Configuring Uplink And Downlink Ports
| Interface Configuration HAPTER Traffic Segmentation ES-4500G Series Use the Interface > Traffic Segmentation (Configure Session) page to ONFIGURING PLINK assign the downlink and uplink ports to use in the segmented group. Ports OWNLINK ORTS designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports.
Page 161: Vlan Trunking
| Interface Configuration HAPTER VLAN Trunking ES-4500G Series VLAN T RUNKING Use the Interface > VLAN Trunking page to allow unknown VLAN groups to pass through the specified interface. CLI R EFERENCES "vlan-trunking" on page 929 ◆ OMMAND SAGE Use this feature to configure a tunnel across one or more intermediate ◆...
Page 162 | Interface Configuration HAPTER VLAN Trunking ES-4500G Series Trunk – Trunk Identifier. (Range: 1-32) ◆ VLAN Trunking Status – Enables VLAN trunking on the selected ◆ interface. NTERFACE To enable VLAN trunking on a port or trunk: Click Interface, VLAN Trunking. Click Port or Trunk to specify the interface type.
Page 163: Vlan Configuration
VLAN C ONFIGURATION ES-4500G Series This chapter includes the following topics: IEEE 802.1Q VLANs – Configures static and dynamic VLANs. ◆ Private VLANs – Configures private VLANs, using primary for ◆ unrestricted upstream access and community groups which are restricted to other local group members or to the ports in the associated primary group.
Page 164 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN. This switch supports the following VLAN features: Up to 4093 VLANs based on the IEEE 802.1Q standard ◆...
Page 165 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port).
Page 166: Configuring Vlan Groups
| VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series Figure 54: Using GVRP Port-based VLAN 10 11 15 16 Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you should create a VLAN for that group and enable tagging on all ports.
Page 167 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series Status – Enables or disables the specified VLAN. ◆ Show VLAN ID – ID of configured VLAN. ◆ VLAN Name – Name of the VLAN. ◆ Status – Operational status of configured VLAN. ◆...
Page 168: Adding Static Members To Vlans
| VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series To modify the configuration settings for VLAN groups: Click VLAN, Static. Select Modify from the Action list. Select the identifier of a configured VLAN. Modify the VLAN name or operational status as required. Click Apply.
Page 169 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol. CLI R EFERENCES "Configuring VLAN Interfaces"...
Page 170 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series If ingress filtering is disabled and a port receives frames tagged for ■ VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on this port).
Page 171 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series The PVID, acceptable frame type, and ingress filtering parameters for each interface within the specified range must be configured on either the Edit Member by VLAN or Edit Member by Interface page. NTERFACE To configure static members by the VLAN index: Click VLAN, Static.
Page 172 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series Figure 59: Configuring Static VLAN Members by Interface To configure static members by interface range: Click VLAN, Static. Select Edit Member by Interface Range from the Step list. Set the Interface type to display as Port or Trunk. Enter an interface range.
Page 173: Configuring Dynamic Vlan Registration
| VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series Use the VLAN > Dynamic page to enable GVRP globally on the switch, or to ONFIGURING enable GVRP and adjust the protocol timers per interface. VLAN YNAMIC EGISTRATION CLI R EFERENCES "GVRP and Bridge Extension Commands"...
Page 174 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series Show Dynamic VLAN – Show VLAN VLAN ID – Identifier of a VLAN this switch has joined through GVRP. VLAN Name – Name of a VLAN this switch has joined through GVRP. Status –...
Page 175 | VLAN Configuration HAPTER IEEE 802.1Q VLANs ES-4500G Series Figure 62: Configuring GVRP for an Interface To show the dynamic VLAN joined by this switch: Click VLAN, Dynamic. Select Show Dynamic VLAN from the Step list. Select Show VLAN from the Action list. Figure 63: Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN: Click VLAN, Dynamic.
Page 176: Private Vlans
| VLAN Configuration HAPTER Private VLANs ES-4500G Series VLAN RIVATE Private VLANs provide port-based security and isolation of local ports contained within different private VLAN groups. This switch supports two types of private VLANs – primary and community groups. A primary VLAN contains promiscuous ports that can communicate with all other ports in the associated private VLAN groups, while a community (or secondary) VLAN contains community ports that can only communicate with other...
Page 177 | VLAN Configuration HAPTER Private VLANs ES-4500G Series Community - Conveys traffic between community ports, and to ■ their promiscuous ports in the associated primary VLAN. NTERFACE To configure private VLANs: Click VLAN, Private. Select Configure VLAN from the Step list. Select Add from the Action list.
Page 178: Associating Private Vlans
| VLAN Configuration HAPTER Private VLANs ES-4500G Series Use the VLAN > Private (Configure VLAN - Add Community VLAN) page to SSOCIATING RIVATE associate each community VLAN with a primary VLAN. VLAN CLI R EFERENCES "private vlan association" on page 942 ◆...
Page 179: Configuring Private Vlan Interfaces
| VLAN Configuration HAPTER Private VLANs ES-4500G Series Figure 68: Showing Associated VLANs Use the VLAN > Private (Configure Interface) page to set the private VLAN ONFIGURING RIVATE interface type, and assign the interfaces to a private VLAN. VLAN I NTERFACES CLI R EFERENCES...
Page 180 | VLAN Configuration HAPTER Private VLANs ES-4500G Series NTERFACE To configure a private VLAN port or trunk: Click VLAN, Private. Select Configure Interface from the Step list. Set the Interface type to display as Port or Trunk. Set the Port Mode to Promiscuous. For an interface set the Promiscuous mode, select an entry from the Primary VLAN list.
Page 181: Ieee 802.1Q Tunneling
| VLAN Configuration HAPTER IEEE 802.1Q Tunneling ES-4500G Series IEEE 802.1Q T UNNELING IEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs.
Page 182 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling ES-4500G Series Figure 70: QinQ Operational Concept Customer A Customer A (VLANs 1-10) (VLANs 1-10) QinQ Tunneling Service Provider Service Provider VLAN 10 VLAN 10 (edge switch B) (edge switch A) Tunnel Access Port Tunnel Access...
Page 183 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling ES-4500G Series Layer 2 Flow for Packets Coming into a Tunnel Uplink Port An uplink port receives one of the following packets: Untagged ◆ One tag (CVLAN or SPVLAN) ◆ Double tag (CVLAN + SPVLAN) ◆...
Page 184 | VLAN Configuration HAPTER IEEE 802.1Q Tunneling ES-4500G Series Configuration Limitations for QinQ The native VLAN of uplink ports should not be used as the SPVLAN. If ◆ the SPVLAN is the uplink port's native VLAN, the uplink port must be an untagged member of the SPVLAN.
Page 185: Enabling Qinq Tunneling On The Switch
| VLAN Configuration HAPTER IEEE 802.1Q Tunneling ES-4500G Series Use the VLAN > Tunnel (Configure Global) page to configure the switch to NABLING operate in IEEE 802.1Q (QinQ) tunneling mode, which is used for passing UNNELING ON THE Layer 2 traffic across a service provider’s metropolitan area network. You WITCH can also globally set the Tag Protocol Identifier (TPID) value of the tunnel port if the attached client is using a nonstandard 2-byte ethertype to...
Page 186: Adding An Interface To A Qinq Tunnel
| VLAN Configuration HAPTER IEEE 802.1Q Tunneling ES-4500G Series Figure 71: Enabling QinQ Tunneling Follow the guidelines in the preceding section to set up a QinQ tunnel on DDING AN NTERFACE the switch. Then use the VLAN > Tunnel (Configure Interface) page to set TO A UNNEL the tunnel mode for any participating interface.
Page 187: Protocol Vlans
| VLAN Configuration HAPTER Protocol VLANs ES-4500G Series NTERFACE To add an interface to a QinQ tunnel: Click VLAN, Tunnel. Select Configure Interface from the Step list. Set the mode for any tunnel access port to Tunnel and the tunnel uplink port to Tunnel Uplink.
Page 188: Configuring Protocol Vlan Groups
| VLAN Configuration HAPTER Protocol VLANs ES-4500G Series Create a protocol group for each of the protocols you want to assign to a VLAN using the Configure Protocol (Add) page. Then map the protocol for each interface to the appropriate VLAN using the Configure Interface (Add) page.
Page 189: Mapping Protocol Groups To Interfaces
| VLAN Configuration HAPTER Protocol VLANs ES-4500G Series Enter an identifier for the protocol group. Click Apply. Figure 73: Configuring Protocol VLANs To configure a protocol group: Click VLAN, Protocol. Select Configure Protocol from the Step list. Select Show from the Action list. Figure 74: Displaying Protocol VLANs Use the VLAN >...
Page 190 | VLAN Configuration HAPTER Protocol VLANs ES-4500G Series When a frame enters a port that has been assigned to a protocol VLAN, ◆ it is processed in the following manner: If the frame is tagged, it will be processed according to the standard ■...
Page 191 | VLAN Configuration HAPTER Protocol VLANs ES-4500G Series Figure 75: Assigning Interfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk: Click VLAN, Protocol. Select Configure Interface from the Step list. Select Show from the Action list. Figure 76: Showing the Interface to Protocol Group Mapping –...
Page 192: Configuring Ip Subnet Vlans
| VLAN Configuration HAPTER Configuring IP Subnet VLANs ES-4500G Series IP S VLAN ONFIGURING UBNET Use the VLAN > IP Subnet page to configure IP subnet-based VLANs. When using port-based classification, all untagged frames received by a port are classified as belonging to the VLAN whose VID (PVID) is associated with that port.
Page 193 | VLAN Configuration HAPTER Configuring IP Subnet VLANs ES-4500G Series NTERFACE To map an IP subnet to a VLAN: Click VLAN, IP Subnet. Select Add from the Action list. Enter an address in the IP Address field. Enter a mask in the Subnet Mask field. Enter the identifier in the VLAN field.
Page 194: Configuring Mac-Based Vlans
| VLAN Configuration HAPTER Configuring MAC-based VLANs ES-4500G Series MAC- VLAN ONFIGURING BASED Use the VLAN > MAC-Based page to configure VLAN based on MAC addresses. The MAC-based VLAN feature assigns VLAN IDs to ingress untagged frames according to source MAC addresses. When MAC-based VLAN classification is enabled, untagged frames received by a port are assigned to the VLAN which is mapped to the frame’s source MAC address.
Page 195 | VLAN Configuration HAPTER Configuring MAC-based VLANs ES-4500G Series Click Apply. Figure 79: Configuring MAC-Based VLANs To show the MAC addresses mapped to a VLAN: Click VLAN, MAC-Based. Select Show from the Action list. Figure 80: Showing MAC-Based VLANs – 195 –...
Page 196 | VLAN Configuration HAPTER Configuring MAC-based VLANs ES-4500G Series – 196 –...
Page 197: Address
DDRESS ABLE ETTINGS ES-4500G Series Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 198 | Address Table Settings HAPTER Configuring MAC Address Learning ES-4500G Series Also note that MAC address learning cannot be disabled if any of the ◆ following conditions exist: 802.1X Port Authentication has been globally enabled on the switch ■ (see "Configuring 802.1X Global Settings"...
Page 199: Setting Static Addresses
| Address Table Settings HAPTER Setting Static Addresses ES-4500G Series ETTING TATIC DDRESSES Use the MAC Address > Static page to configure static MAC addresses. A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Page 200: Changing The Aging Time
| Address Table Settings HAPTER Changing the Aging Time ES-4500G Series Click Apply. Figure 82: Configuring Static MAC Addresses To show the static addresses in MAC address table: Click MAC Address, Static. Select Show from the Action list. Figure 83: Displaying Static MAC Addresses HANGING THE GING Use the MAC Address >...
Page 201: Displaying The Dynamic Address Table
| Address Table Settings HAPTER Displaying the Dynamic Address Table ES-4500G Series NTERFACE To set the aging time for entries in the dynamic address table: Click MAC Address, Dynamic. Select Configure Aging from the Action list. Modify the aging status if required. Specify a new aging time.
Page 202: Clearing The Dynamic Address Table
| Address Table Settings HAPTER Clearing the Dynamic Address Table ES-4500G Series NTERFACE To show the dynamic address table: Click MAC Address, Dynamic. Select Show Dynamic MAC from the Action list. Select the Sort Key (MAC Address, VLAN, or Interface). Enter the search parameters (MAC Address, VLAN, or Interface).
Page 203 | Address Table Settings HAPTER Clearing the Dynamic Address Table ES-4500G Series Select the method by which to clear the entries (i.e., All, MAC Address, VLAN, or Interface). Enter information in the additional fields required for clearing entries by MAC Address, VLAN, or Interface. Click Clear.
Page 204 | Address Table Settings HAPTER Clearing the Dynamic Address Table ES-4500G Series – 204 –...
Page 205: Spanning Tree Algorithm
PANNING LGORITHM ES-4500G Series This chapter describes the following basic topics: Loopback Detection – Configures detection and response to loopback ◆ BPDUs. Global Settings for STA – Configures global bridge settings for STP, ◆ RSTP and MSTP. Interface Settings for STA –...
Page 206 | Spanning Tree Algorithm HAPTER Overview ES-4500G Series lowest cost spanning tree, it enables all root ports and designated ports, and disables all other ports. Network packets are therefore only forwarded between root ports and designated ports, eliminating any possible network loops.
Page 207 | Spanning Tree Algorithm HAPTER Overview ES-4500G Series Figure 88: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including the Region Name, Revision Level and Configuration Digest –...
Page 208: Configuring Loopback Detection
| Spanning Tree Algorithm HAPTER Configuring Loopback Detection ES-4500G Series ONFIGURING OOPBACK ETECTION Use the Spanning Tree > Loopback Detection page to configure loopback detection on an interface. When loopback detection is enabled and a port or trunk receives it’s own BPDU, the detection agent drops the loopback BPDU, sends an SNMP trap, and places the interface in discarding mode.
Page 209: Configuring Global Settings For Sta
| Spanning Tree Algorithm HAPTER Configuring Global Settings for STA ES-4500G Series NTERFACE To configure loopback detection: Click Spanning Tree, Loopback Detection. Click Port or Trunk to display the required interface type. Modify the required loopback detection attributes. Click Apply Figure 90: Configuring Port Loopback Detection ONFIGURING LOBAL...
Page 210 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA ES-4500G Series connected to an 802.1D bridge and starts using only 802.1D BPDUs. RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives ■ an RSTP BPDU after the migration delay expires, RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port.
Page 211 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA ES-4500G Series device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.) Default: 32768 ■ Range: 0-61440, in steps of 4096 ■...
Page 212 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA ES-4500G Series becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network.
Page 213 | Spanning Tree Algorithm HAPTER Configuring Global Settings for STA ES-4500G Series Click Apply Figure 91: Configuring Global Settings for STA (STP) Figure 92: Configuring Global Settings for STA (RSTP) – 213 –...
Page 214: Displaying Global Settings For Sta
| Spanning Tree Algorithm HAPTER Displaying Global Settings for STA ES-4500G Series Figure 93: Configuring Global Settings for STA (MSTP) ISPLAYING LOBAL ETTINGS FOR Use the Spanning Tree > STA (Configure Global - Show Information) page to display a summary of the current bridge STA information that applies to the entire switch.
Page 215: Configuring Interface Settings For Sta
| Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA ES-4500G Series Root Port – The number of the port on this switch that is closest to the ◆ root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.
Page 216: Table 9: Recommended Sta Path Cost Range
| Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA ES-4500G Series CLI R EFERENCES ◆ "Spanning Tree Commands" on page 891 ARAMETERS These parameters are displayed in the web interface: Interface – Displays a list of ports or trunks. ◆...
Page 217: Table 10: Default Sta Path Costs
| Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA ES-4500G Series Table 10: Default STA Path Costs Port Type Short Path Cost (IEEE Long Path Cost 802.1D-1998) (802.1D-2004) Gigabit Ethernet 10,000 10,000 10G Ethernet 1,000 1,000 Admin Link Type – The link type attached to this interface. ◆...
Page 218 | Spanning Tree Algorithm HAPTER Configuring Interface Settings for STA ES-4500G Series An interface cannot function as an edge port under the following conditions: If spanning tree mode is set to STP (page 209), edge-port mode ■ cannot automatically transition to operational edge-port state using the automatic setting.
Page 219: Displaying Interface Settings For Sta
| Spanning Tree Algorithm HAPTER Displaying Interface Settings for STA ES-4500G Series Click Apply. Figure 95: Configuring Interface Settings for STA ISPLAYING NTERFACE ETTINGS FOR Use the Spanning Tree > STA (Configure Interface - Show Information) page to display the current status of ports or trunks in the Spanning Tree. CLI R EFERENCES "show spanning-tree"...
Page 220 | Spanning Tree Algorithm HAPTER Displaying Interface Settings for STA ES-4500G Series The rules defining port status are: A port on a network segment with no other STA compliant bridging ■ device is always forwarding. If two ports of a switch are connected to the same segment and ■...
Page 221 | Spanning Tree Algorithm HAPTER Displaying Interface Settings for STA ES-4500G Series Figure 96: STA Port Roles R: Root Port Alternate port receives more A: Alternate Port useful BPDUs from another D: Designated Port bridge and is therefore not B: Backup Port selected as the designated port.
Page 222: Configuring Multiple Spanning Trees
| Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees ES-4500G Series ONFIGURING ULTIPLE PANNING REES Use the Spanning Tree > MSTP (Configure Global) page to create an MSTP instance, or to add VLAN groups to an MSTP instance. CLI R EFERENCES "Spanning Tree Commands"...
Page 223 | Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees ES-4500G Series NTERFACE To create instances for MSTP: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add from the Action list. Specify the MST instance identifier and the initial VLAN member. Additional member can be added using the Spanning Tree >...
Page 224 | Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees ES-4500G Series To modify the priority for an MST instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Modify from the Action list. Modify the priority for an MSTP Instance. Click Apply.
Page 225 | Spanning Tree Algorithm HAPTER Configuring Multiple Spanning Trees ES-4500G Series To add additional VLAN groups to an MSTP instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add Member from the Action list. Select an MST instance from the MST ID list. Enter the VLAN group to add to the instance in the VLAN ID field.
Page 226: Configuring Interface Settings For Mstp
| Spanning Tree Algorithm HAPTER Configuring Interface Settings for MSTP ES-4500G Series MSTP ONFIGURING NTERFACE ETTINGS FOR Use the Spanning Tree > MSTP (Configure Interface - Configure) page to configure the STA interface settings for an MST instance. CLI R EFERENCES "Spanning Tree Commands"...
Page 227 | Spanning Tree Algorithm HAPTER Configuring Interface Settings for MSTP ES-4500G Series The recommended range is listed in Table 9 on page 216. The default path costs are listed in Table 10 on page 217. NTERFACE To configure MSTP parameters for a port or trunk: Click Spanning Tree, MSTP.
Page 228 | Spanning Tree Algorithm HAPTER Configuring Interface Settings for MSTP ES-4500G Series – 228 –...
Page 229: Rate Limit Configuration
IMIT ONFIGURATION ES-4500G Series Use the Traffic > Rate Limit page to apply rate limiting to ingress or egress ports. This function allows the network manager to control the maximum rate for traffic received or transmitted on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network.
Page 230 | Rate Limit Configuration HAPTER ES-4500G Series Figure 106: Configuring Rate Limits – 230 –...
Page 231: Storm Control Configuration
TORM ONTROL ONFIGURATION ES-4500G Series Use the Traffic > Storm Control page to configure broadcast, multicast, and unknown unicast storm control thresholds. Traffic storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much traffic on your network, performance can be severely degraded or everything can come to complete halt.
Page 232 | Storm Control Configuration HAPTER ES-4500G Series Multicast – Specifies storm control for multicast traffic. ◆ Broadcast – Specifies storm control for broadcast traffic. ◆ Status – Enables or disables storm control. (Default: Enabled for ◆ broadcast storm control, disabled for multicast and unknown unicast storm control) ◆...
Page 233: Class Of Service
LASS OF ERVICE ES-4500G Series Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 234: Selecting The Queue Mode
| Class of Service HAPTER Layer 2 Queue Settings ES-4500G Series If the output port is an untagged member of the associated VLAN, ◆ these frames are stripped of all VLAN tags prior to transmission. ARAMETERS These parameters are displayed in the web interface: Interface –...
Page 235 | Class of Service HAPTER Layer 2 Queue Settings ES-4500G Series WRR queuing specifies a relative weight for each queue. WRR uses a ◆ predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue.
Page 236 | Class of Service HAPTER Layer 2 Queue Settings ES-4500G Series NTERFACE To configure the queue mode: Click Traffic, Priority, Queue. Select the interface type to display (Port or Trunk). Set the queue mode. If any of the weighted queue modes is selected, the queue weight can be modified if required.
Page 237: Mapping Cos Values To Egress Queues
| Class of Service HAPTER Layer 2 Queue Settings ES-4500G Series Figure 111: Setting the Queue Mode (Strict and WRR) Use the Traffic > Priority > CoS to Queue page to specify the hardware APPING ALUES output queues to use for Class of Service (CoS) priority tagged traffic. GRESS UEUES The switch processes Class of Service (CoS) priority tagged traffic by using...
Page 238: Table 12: Cos Priority Levels
| Class of Service HAPTER Layer 2 Queue Settings ES-4500G Series Table 12: CoS Priority Levels Priority Level Traffic Type Background (Spare) 0 (default) Best Effort Excellent Effort Controlled Load Video, less than 100 milliseconds latency and jitter Voice, less than 10 milliseconds latency and jitter Network Control CLI R EFERENCES...
Page 239: Layer 3/4 Priority Settings
| Class of Service HAPTER Layer 3/4 Priority Settings ES-4500G Series Figure 112: Mapping CoS Values to Egress Queues 3/4 P AYER RIORITY ETTINGS Mapping Layer 3/4 Priorities to CoS Values The switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements.
Page 240: Table 13: Mapping Dscp Priority Values
| Class of Service HAPTER Layer 3/4 Priority Settings ES-4500G Series the three precedence bits so that non-DSCP compliant devices will not conflict with the DSCP mapping. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. DSCP priority values are mapped to default Class of Service values ◆...
Page 241: Mapping Ip Precedence
| Class of Service HAPTER Layer 3/4 Priority Settings ES-4500G Series Figure 113: Mapping IP DSCP Priority Values Use the Traffic > Priority > IP Precedence to CoS page to map IP APPING Precedence priorities found in ingress packets to CoS values for internal RECEDENCE priority processing.
Page 242: Mapping Ip Port Priority
| Class of Service HAPTER Layer 3/4 Priority Settings ES-4500G Series IP Precedence settings apply to all interfaces. ARAMETERS These parameters are displayed: IP Precedence Mapping Status – Enables or disables the use of IP ◆ Precedence priorities and the mapping of these priority values to CoS values.
Page 243 | Class of Service HAPTER Layer 3/4 Priority Settings ES-4500G Series OMMAND SAGE ◆ This mapping table is only used if the protocol type of the arriving packet is TCP or UDP. Some of the more common TCP service ports include: HTTP: 80, FTP: 21, Telnet: 23 and POP3: 110.
Page 244 | Class of Service HAPTER Layer 3/4 Priority Settings ES-4500G Series To show the TCP/UDP port number to CoS priority map: Click Traffic, Priority, IP Port to DSCP. Select Show from the Action list. Figure 116: Showing IP Port Number Priority Map –...
Page 245: Quality Of Service
UALITY OF ERVICE ES-4500G Series This chapter describes the following tasks required to apply QoS policies: Class Map – Creates a map which identifies a specific class of traffic. Policy Map – Sets the boundary parameters used for monitoring inbound traffic, and the action to take for conforming and non-conforming traffic.
Page 246: Configuring A Class Map
| Quality of Service HAPTER Configuring a Class Map ES-4500G Series OMMAND SAGE To create a service policy for a specific category or ingress traffic, follow these steps: Use the Configure Class (Add) page to designate a class name for a specific category of traffic.
Page 247 | Quality of Service HAPTER Configuring a Class Map ES-4500G Series Description – A brief description of a class map. (Range: 1-64 ◆ characters) Add Rule Class Name – Name of the class map. ◆ Type – Only one match command is permitted per class map, so the ◆...
Page 248 | Quality of Service HAPTER Configuring a Class Map ES-4500G Series To show the configured class maps: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show from the Action list. Figure 118: Showing Class Maps To edit the rules for a class map: Click Traffic, DiffServ.
Page 249: Creating Qos Policies
| Quality of Service HAPTER Creating QoS Policies ES-4500G Series To show the rules for a class map: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show Rule from the Action list. Figure 120: Showing the Rules for a Class Map REATING OLICIES Use the Traffic >...
Page 250 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series Policing is based on a token bucket, where bucket depth (that is, the maximum burst before the bucket overflows) is specified by the “burst” field (BC), and the average rate tokens are removed from the bucket is specified by the “rate”...
Page 251 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series if Te(t)-B ≥ 0, the packets is yellow and Te is decremented by B ■ down to the minimum value of 0, else the packet is red and neither Tc nor Te is decremented. ■...
Page 252 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series respectively. The maximum size of the token bucket P is BP and the maximum size of the token bucket C is BC. The token buckets P and C are initially (at time 0) full, that is, the token count Tp(0) = BP and the token count Tc(0) = BC.
Page 253 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series Add Rule Policy Name – Name of policy map. ◆ Class Name – Name of a class map that defines a traffic classification ◆ upon which a policy can act. Action –...
Page 254 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series Violate – Specifies whether the traffic that exceeds the ■ maximum rate (CIR) will be dropped or the DSCP service level will be reduced. Set IP DSCP – Decreases DSCP priority for out of ■...
Page 255 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series Drop – Drops out of conformance traffic. ■ Violate – Specifies whether the traffic that exceeds the excess ■ burst size (BE) will be dropped or the DSCP service level will be reduced.
Page 256 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series Transmit – Transmits in-conformance traffic without any ■ change to the DSCP service level. Exceed – Specifies whether traffic that exceeds the maximum ■ rate (CIR) but is within the peak information rate (PIR) will be dropped or the DSCP service level will be reduced.
Page 257 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series To show the configured policy maps: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show from the Action list. Figure 122: Showing Policy Maps To edit the rules for a policy map: Click Traffic, DiffServ.
Page 258 | Quality of Service HAPTER Creating QoS Policies ES-4500G Series Figure 123: Adding Rules to a Policy Map To show the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show Rule from the Action list. Figure 124: Showing the Rules for a Policy Map –...
Page 259: Attaching A Policy Map To A Port
| Quality of Service HAPTER Attaching a Policy Map to a Port ES-4500G Series TTACHING A OLICY AP TO A Use the Traffic > DiffServ (Configure Interface) page to bind a policy map to an ingress port. CLI R EFERENCES "Quality of Service Commands"...
Page 260 | Quality of Service HAPTER Attaching a Policy Map to a Port ES-4500G Series – 260 –...
Page 261: Oip Traffic Configuration
IP T RAFFIC ONFIGURATION ES-4500G Series This chapter covers the following topics: Global Settings – Enables VOIP globally, sets the Voice VLAN, and the ◆ aging time for attached ports. Telephony OUI List – Configures the list of phones to be treated as VOIP ◆...
Page 262 | VoIP Traffic Configuration HAPTER Configuring VoIP Traffic ES-4500G Series CLI R EFERENCES ◆ "Configuring Voice VLANs" on page 952 ARAMETERS These parameters are displayed in the web interface: Auto Detection Status – Enables the automatic detection of VoIP ◆ traffic on switch ports.
Page 263: Configuring Telephony Oui
| VoIP Traffic Configuration HAPTER Configuring Telephony OUI ES-4500G Series ONFIGURING ELEPHONY VoIP devices attached to the switch can be identified by the manufacturer’s Organizational Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses.
Page 264: Configuring Voip Traffic Ports
| VoIP Traffic Configuration HAPTER Configuring VoIP Traffic Ports ES-4500G Series Figure 127: Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment: Click Traffic, VoIP. Select Configure OUI from the Step list. Select Show from the Action list. Figure 128: Showing an OUI Telephony List IP T ONFIGURING...
Page 265 | VoIP Traffic Configuration HAPTER Configuring VoIP Traffic Ports ES-4500G Series Auto – The port will be added as a tagged member to the Voice ■ VLAN when VoIP traffic is detected on the port. You must select a method for detecting VoIP traffic, either OUI or 802.1ab (LLDP). When OUI is selected, be sure to configure the MAC address ranges in the Telephony OUI list.
Page 266 | VoIP Traffic Configuration HAPTER Configuring VoIP Traffic Ports ES-4500G Series Figure 129: Configuring Port Settings for a Voice VLAN – 266 –...
Page 267: Security Measures
ECURITY EASURES ES-4500G Series You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access to the data ports.
Page 268: Aaa Authorization And Accounting
| Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series DHCP Snooping – Filter IP traffic on insecure ports for which the source ◆ address cannot be identified via DHCP snooping. The priority of execution for the filtering commands is Port Security, Port Authentication, Network Access, Web Authentication, Access Control Lists, IP Source Guard, and then DHCP Snooping.
Page 269: Configuring Local/Remote Logon Authentication
| Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Define a method name for each service to which you want to apply accounting or authorization and specify the RADIUS or TACACS+ server groups to use. Apply the method names to port or line interfaces. This guide assumes that RADIUS and TACACS+ servers have already been configured to support AAA.
Page 270: Configuring Remote Logon Authentication Servers
| Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series [authentication sequence] – User authentication is performed by up ■ to three authentication methods in the indicated sequence. NTERFACE To configure the method(s) of controlling management access: Click Security, AAA, System Authentication. Specify the authentication sequence (i.e., one to three methods).
Page 271 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series CLI R EFERENCES ◆ "RADIUS Client" on page 722 "TACACS+ Client" on page 726 ◆ "AAA" on page 729 ◆ OMMAND SAGE If a remote authentication server is used, you must specify the ◆...
Page 272 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Set Key – Mark this box to set or modify the encryption key. ■ Authentication Key – Encryption key used to authenticate logon ■ access for client. Do not use blank spaces in the string. (Maximum length: 48 characters) Confirm Authentication Key –...
Page 273 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series When specifying the priority sequence for a sever, the server index must already be defined (see "Configuring Local/Remote Logon Authentication" on page 269). NTERFACE To configure the parameters for RADIUS or TACACS+ authentication: Click Security, AAA, Server.
Page 274 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Figure 133: Configuring Remote Authentication Server (TACACS+) To configure the RADIUS or TACACS+ server groups to use for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Add from the Action list.
Page 275: Configuring Aaa Accounting
| Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series To show the RADIUS or TACACS+ server groups used for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Show from the Action list. Figure 135: Showing AAA Server Groups Use the Security >...
Page 276 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Exec – Administrative accounting for local console, Telnet, or SSH ■ connections. Method Name – Specifies an accounting method for service requests. ◆ The “default” methods are used for a requested service if no other methods have been defined.
Page 277 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Show Information – Statistics User Name - Displays a registered user name. ◆ Accounting Type - Displays the accounting service. ◆ Interface - Displays the receive port number through which this user ◆...
Page 278 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Figure 137: Configuring AAA Accounting Methods To show the accounting method applied to various service types and the assigned server group: Click Security, AAA, Accounting. Select Configure Method from the Step list. Select Show from the Action list.
Page 279 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Figure 139: Configuring AAA Accounting Service for 802.1X Service Figure 140: Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types: Click Security, AAA, Accounting.
Page 280: Configuring Aaa Authorization
| Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Click Statistics. Figure 142: Displaying Statistics for AAA Accounting Sessions Use the Security > AAA > Authorization page to enable authorization of ONFIGURING requested services, and also to display the configured authorization UTHORIZATION methods, and the methods applied to specific interfaces.
Page 281 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Configure Service Console Method Name – Specifies a user defined method name to ◆ apply to console connections. Telnet Method Name – Specifies a user defined method name to ◆ apply to Telnet connections.
Page 282 | Security Measures HAPTER AAA Authorization and Accounting ES-4500G Series Select Show from the Action list. Figure 144: Showing AAA Authorization Methods To configure the authorization method applied to local console, Telnet, or SSH connections: Click Security, AAA, Authorization. Select Configure Service from the Step list. Enter the required authorization method.
Page 283: Configuring User Accounts
| Security Measures HAPTER Configuring User Accounts ES-4500G Series ONFIGURING CCOUNTS Use the Security > User Accounts page to control management access to the switch based on manually configured user names and passwords. CLI R EFERENCES "User Accounts" on page 717 ◆...
Page 284: Web Authentication
| Security Measures HAPTER Web Authentication ES-4500G Series Figure 147: Configuring User Accounts To show user accounts: Click Security, User Accounts. Select Show from the Action list. Figure 148: Showing User Accounts UTHENTICATION Web authentication allows stations to authenticate and access the network in situations where 802.1X or Network Access authentication are infeasible or impractical.
Page 285: Configuring Global Settings For Web Authentication
| Security Measures HAPTER Web Authentication ES-4500G Series RADIUS authentication must be activated and configured properly for the web authentication feature to work properly. (See "Configuring Local/Remote Logon Authentication" on page 269.) Web authentication cannot be configured on trunk ports. Use the Security >...
Page 286: Configuring Interface Settings For Web Authentication
| Security Measures HAPTER Web Authentication ES-4500G Series Figure 149: Configuring Global Settings for Web Authentication Use the Security > Web Authentication (Configure Interface) page to ONFIGURING enable web authentication on a port, and display information for any NTERFACE ETTINGS connected hosts.
Page 287: Network Access (Mac Address Authentication)
| Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Click Apply. Figure 150: Configuring Interface Settings for Web Authentication (MAC A ETWORK CCESS DDRESS UTHENTICATION Some devices connected to switch ports may not be able to support 802.1X authentication due to hardware or software limitations.
Page 288: Table 15: Dynamic Qos Profiles
| Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series must be configured in the MAC address format XX-XX-XX-XX-XX-XX (all in upper case). Authenticated MAC addresses are stored as dynamic entries in the ◆ switch secure MAC address table and are removed when the aging time expires.
Page 289: Configuring Global Settings For Network Access
| Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series If duplicate profiles are passed in the Filter-ID attribute, then only the ◆ first profile is used. For example, if the attribute is “service-policy-in=p1;service-policy- in=p2”, then the switch applies only the DiffServ profile “p1.” Any unsupported profiles in the Filter-ID attribute are ignored.
Page 290: Configuring Network Access For Ports
| Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series This parameter applies to authenticated MAC addresses configured by the MAC Address Authentication process described in this section, as well as to any secure MAC addresses authenticated by 802.1X, regardless of the 802.1X Operation Mode (Single-Host, Multi-Host, or MAC-Based authentication as described on page...
Page 291 | Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series ARAMETERS These parameters are displayed in the web interface: MAC Authentication ◆ Status – Enables MAC authentication on a port. (Default: Disabled) ■ Intrusion – Sets the port response to a host MAC authentication ■...
Page 292: Configuring Port Link Detection
| Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series exempt from authentication on the specified port (as described under "Configuring a MAC Address Filter"). (Range: 1-64; Default: None) NTERFACE To configure MAC authentication on switch ports: Click Security, Network Access. Select Configure Interface from the Step list.
Page 293: Configuring Amac Address Filter
| Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Link down – Only link down events will trigger the port action. ■ Link up and down – All link up and link down events will trigger ■ the port action. Action –...
Page 294 | Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series OMMAND SAGE ◆ Specified MAC addresses are exempt from authentication. Up to 65 filter tables can be defined. ◆ There is no limitation on the number of entries used in a filter table. ◆...
Page 295: Displaying Secure Mac Address Information
| Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Figure 155: Showing the MAC Address Filter Table for Network Access Use the Security > Network Access (Show Information) page to display the ISPLAYING ECURE authenticated MAC addresses stored in the secure MAC address table. MAC A DDRESS Information on the secure MAC entries can be displayed and selected...
Page 296: Configuring Https
| Security Measures HAPTER Configuring HTTPS ES-4500G Series Select Show Information from the Step list. Use the sort key to display addresses based MAC address, interface, or attribute. Restrict the displayed addresses by entering a specific address in the MAC Address field, specifying a port in the Interface field, or setting the address type to static or dynamic in the Attribute field.
Page 297: Table 16: Https System Support
| Security Measures HAPTER Configuring HTTPS ES-4500G Series If you enable HTTPS, you must indicate this in the URL that you specify ◆ in your browser: https://device[:port_number] When you start HTTPS, the connection is established in this way: ◆ The client authenticates the server using the server’s digital ■...
Page 298: Replacing The Default Secure-Site Certificate
| Security Measures HAPTER Configuring HTTPS ES-4500G Series Figure 157: Configuring HTTPS Use the Security > HTTPS (Copy Certificate) page to replace the default EPLACING THE secure-site certificate. EFAULT ECURE SITE ERTIFICATE When you log onto the web interface using HTTPS (for secure access), a Secure Sockets Layer (SSL) certificate appears for the switch.
Page 299 | Security Measures HAPTER Configuring HTTPS ES-4500G Series Private Key Source File Name – Name of private key file stored on ◆ the TFTP server. Private Password – Password stored in the private key file. This ◆ password is used to verify authorization for certificate use, and is verified when downloading the certificate to the switch.
Page 300: Configuring The Secure Shell
| Security Measures HAPTER Configuring the Secure Shell ES-4500G Series ONFIGURING THE ECURE HELL The Berkeley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 301 | Security Measures HAPTER Configuring the Secure Shell ES-4500G Series 79355942303577413098022737087794545240839717526463580581767167 09574804776117 Import Client’s Public Key to the Switch – See "Importing User Public Keys" on page 305, or use the copy tftp public-key command (page 649) to copy a file containing the public key for all the SSH client’s granted management access to the switch.
Page 302: Configuring The Ssh Server
| Security Measures HAPTER Configuring the Secure Shell ES-4500G Series If a match is found, the switch uses its secret key to generate a random 256-bit string as a challenge, encrypts this string with the user’s public key, and sends it to the client. The client uses its private key to decrypt the challenge string, computes the MD5 checksum, and sends the checksum back to the switch.
Page 303 | Security Measures HAPTER Configuring the Secure Shell ES-4500G Series Version – The Secure Shell version number. Version 2.0 is displayed, ◆ but the switch supports management access via either SSH Version 1.5 or 2.0 clients. Authentication Timeout – Specifies the time interval in seconds that ◆...
Page 304: Generating The Host Key Pair
| Security Measures HAPTER Configuring the Secure Shell ES-4500G Series Use the Security > SSH (Configure Host Key - Generate) page to generate ENERATING THE a host public/private key pair used to provide secure communications between an SSH client and the switch. After generating this key pair, you must provide the host public key to SSH clients and import the client’s public key to the switch as described in the section "Importing User Public...
Page 305: Importing User Public Keys
| Security Measures HAPTER Configuring the Secure Shell ES-4500G Series Figure 160: Generating the SSH Host Key Pair To display or clear the SSH host key pair: Click Security, SSH. Select Configure Host Key from the Step list. Select Show from the Action list. Select the host-key type to clear.
Page 306 | Security Measures HAPTER Configuring the Secure Shell ES-4500G Series ARAMETERS These parameters are displayed in the web interface: User Name – This drop-down box selects the user who’s public key ◆ you wish to manage. Note that you must first create users on the User Accounts page (see "Configuring User Accounts"...
Page 307: Access Control Lists
| Security Measures HAPTER Access Control Lists ES-4500G Series To display or clear the SSH user’s public key: Click Security, SSH. Select Configure User Key from the Step list. Select Show from the Action list. Select a user from the User Name list. Select the host-key type to clear.
Page 308: Settinga Time Range
| Security Measures HAPTER Access Control Lists ES-4500G Series OMMAND SAGE The following restrictions apply to ACLs: The maximum number of ACLs is 32. ◆ The maximum number of rules per ACL is 96. ◆ The maximum number of rules that can be bound to the ports is 96 for ◆...
Page 309 | Security Measures HAPTER Access Control Lists ES-4500G Series Periodic – Specifies a periodic interval. ■ Start/To – Specifies the days of the week, hours, and minutes ■ at which to start or end. NTERFACE To configure a time range: Click Security, ACL.
Page 310 | Security Measures HAPTER Access Control Lists ES-4500G Series Select Add Rule from the Action list. Select the name of time range from the drop-down list. Select a mode option of Absolute or Periodic. Fill in the required parameters for the selected mode. Click Apply.
Page 311: Showing Tcam Utilization
| Security Measures HAPTER Access Control Lists ES-4500G Series Use the Security > ACL (Configure ACL - Show TCAM) page to show TCAM HOWING utilization parameters for TCAM (Ternary Content Addressable Memory), TILIZATION including the number policy control entries in use, the number of free entries, and the overall percentage of TCAM in use.
Page 312: Setting The Acl Name And Type
| Security Measures HAPTER Access Control Lists ES-4500G Series Use the Security > ACL (Configure ACL - Add) page to create an ACL. ETTING THE AME AND CLI R EFERENCES "access-list ip" on page 814 ◆ "show ip access-list" on page 819 ◆...
Page 313: Configuring A Standard Ipv4 Acl
| Security Measures HAPTER Access Control Lists ES-4500G Series Figure 169: Creating an ACL To show a list of ACLs: Click Security, ACL. Select Configure ACL from the Step list. Select Show from the Action list. Figure 170: Showing a List of ACLs Use the Security >...
Page 314 | Security Measures HAPTER Access Control Lists ES-4500G Series Source IP Address – Source IP address. ◆ Source Subnet Mask – A subnet mask containing four integers from 0 ◆ to 255, each separated by a period. The mask uses 1 bits to indicate “match”...
Page 315: Configuring An Extended Ipv4 Acl
| Security Measures HAPTER Access Control Lists ES-4500G Series Use the Security > ACL (Configure ACL - Add Rule - IP Extended) page to ONFIGURING AN configure an Extended IPv4 ACL. 4 ACL XTENDED CLI R EFERENCES "permit, deny (Extended IPv4 ACL)" on page 816 ◆...
Page 316 | Security Measures HAPTER Access Control Lists ES-4500G Series where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. The following bits may be specified: 1 (fin) – Finish ■ 2 (syn) – Synchronize ■...
Page 317: Configuring A Standard Ipv6 Acl
| Security Measures HAPTER Access Control Lists ES-4500G Series Figure 172: Configuring an Extended IPv4 ACL Use the Security > ACL (Configure ACL - Add Rule - IPv6 Standard) page to ONFIGURING A configure a Standard IPv6ACL. 6 ACL TANDARD CLI R EFERENCES "permit, deny (Standard IPv6 ACL)"...
Page 318 | Security Measures HAPTER Access Control Lists ES-4500G Series Time Range – Name of a time range. ◆ NTERFACE To add rules to a Standard IPv6 ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add Rule from the Action list. Select IPv6 Standard from the Type list.
Page 319: Configuring An Extended Ipv6 Acl
| Security Measures HAPTER Access Control Lists ES-4500G Series Use the Security > ACL (Configure ACL - Add Rule - IPv6 Extended) page ONFIGURING AN to configure an Extended IPv6 ACL. 6 ACL XTENDED CLI R EFERENCES "permit, deny (Extended IPv6 ACL)" on page 822 ◆...
Page 320 | Security Measures HAPTER Access Control Lists ES-4500G Series Flow Label – A label for packets belonging to a particular traffic “flow” ◆ for which the sender requests special handling by IPv6 routers, such as non-default quality of service or “real-time” service (see RFC 2460). (Range: 0-1048575) A flow label is assigned to a flow by the flow's source node.
Page 321: Configuring Amac Acl
| Security Measures HAPTER Access Control Lists ES-4500G Series Figure 174: Configuring an Extended IPv6 ACL Use the Security > ACL (Configure ACL - Add Rule - MAC) page to ONFIGURING A configure a MAC ACL based on hardware addresses, packet format, and Ethernet type.
Page 322 | Security Measures HAPTER Access Control Lists ES-4500G Series Packet Format – This attribute includes the following packet types: ◆ Any – Any Ethernet packet type. ■ Untagged-eth2 – Untagged Ethernet II packets. ■ Untagged-802.3 – Untagged Ethernet 802.3 packets. ■...
Page 323: Configuring An Arp Acl
| Security Measures HAPTER Access Control Lists ES-4500G Series Figure 175: Configuring a MAC ACL Use the Security > ACL (Configure ACL - Add Rule - ARP) page to configure ONFIGURING AN ACLs based on ARP message addresses. ARP Inspection can then use these ACLs to filter suspicious traffic (see "Configuring Global Settings for ARP Inspection"...
Page 324 | Security Measures HAPTER Access Control Lists ES-4500G Series Source/Destination IP Subnet Mask – Subnet mask for source or ◆ destination address. (See the description for Subnet Mask on page 313.) Source/Destination MAC Address Type – Use “Any” to include all ◆...
Page 325: Binding A Port To An Access Control List
| Security Measures HAPTER Access Control Lists ES-4500G Series Figure 176: Configuring a ARP ACL After configuring ACLs, use the Security > ACL (Configure Interface) page INDING A ORT TO AN to bind the ports that need to filter traffic to the appropriate ACLs. You can CCESS ONTROL assign one IP access list and one MAC access list to any port.
Page 326: Arp Inspection
| Security Measures HAPTER ARP Inspection ES-4500G Series NTERFACE To bind an ACL to a port: Click Security, ACL. Select Configure Interface from the Step list. Select IP or MAC from the Type list. Select the name of an ACL from the ACL list. Click Apply.
Page 327: Configuring Global Settings For Arp Inspection
| Security Measures HAPTER ARP Inspection ES-4500G Series OMMAND SAGE Enabling & Disabling ARP Inspection ARP Inspection is controlled on a global and VLAN basis. ◆ By default, ARP Inspection is disabled both globally and on all VLANs. ◆ If ARP Inspection is globally enabled, then it becomes active only on ■...
Page 328 | Security Measures HAPTER ARP Inspection ES-4500G Series with different MAC addresses are classified as invalid and are dropped. IP – Checks the ARP body for invalid and unexpected IP addresses. ■ These addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses.
Page 329: Configuring Vlan Settings For Arp Inspection
| Security Measures HAPTER ARP Inspection ES-4500G Series Src-MAC – Validates the source MAC address in the Ethernet ■ header against the sender MAC address in the ARP body. This check is performed on both ARP requests and responses. Log Message Number – The maximum number of entries saved in a ◆...
Page 330 | Security Measures HAPTER ARP Inspection ES-4500G Series ARP Inspection ACLs can be applied to any configured VLAN. ◆ ARP Inspection uses the DHCP snooping bindings database for the list ◆ of valid IP-to-MAC address bindings. ARP ACLs take precedence over entries in the DHCP snooping bindings database.
Page 331: Configuring Interface Settings For Arp Inspection
| Security Measures HAPTER ARP Inspection ES-4500G Series Figure 179: Configuring VLAN Settings for ARP Inspection Use the Security > ARP Inspection (Configure Interface) page to specify ONFIGURING the ports that require ARP inspection, and to adjust the packet inspection NTERFACE ETTINGS rate.
Page 332: Displaying Arp Inspection Statistics
| Security Measures HAPTER ARP Inspection ES-4500G Series Specify any untrusted ports which require ARP inspection, and adjust the packet inspection rate. Click Apply. Figure 180: Configuring Interface Settings for ARP Inspection Use the Security > ARP Inspection (Show Information - Show Statistics) ISPLAYING page to display statistics about the number of ARP packets processed, or NSPECTION...
Page 333: Displaying The Arp Inspection Log
| Security Measures HAPTER ARP Inspection ES-4500G Series NTERFACE To display statistics for ARP Inspection: Click Security, ARP Inspection. Select Show Information from the Step list. Select Show Statistics from the Step list. Figure 181: Displaying Statistics for ARP Inspection Use the Security >...
Page 334: Filtering Ip Addresses For Management Access
| Security Measures HAPTER Filtering IP Addresses for Management Access ES-4500G Series NTERFACE To display the ARP Inspection log: Click Security, ARP Inspection. Select Show Information from the Step list. Select Show Log from the Step list. Figure 182: Displaying the ARP Inspection Log IP A ILTERING DDRESSES FOR...
Page 335 | Security Measures HAPTER Filtering IP Addresses for Management Access ES-4500G Series You can delete an address range just by specifying the start address, or ◆ by specifying both the start address and end address. ARAMETERS These parameters are displayed in the web interface: Mode ◆...
Page 336: Configuring Port Security
| Security Measures HAPTER Configuring Port Security ES-4500G Series To show a list of IP addresses authorized for management access: Click Security, IP Filter. Select Show from the Action list. Figure 184: Showing IP Addresses Authorized for Management Access ONFIGURING ECURITY Use the Security >...
Page 337 | Security Measures HAPTER Configuring Port Security ES-4500G Series OMMAND SAGE ◆ A secure port has the following restrictions: It cannot be used as a member of a static or dynamic trunk. ■ It should not be connected to a network interconnection device. ■...
Page 338: Configuring 802.1X Port Authentication
| Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series Figure 185: Configuring Port Security 802.1X P ONFIGURING UTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 339: Configuring 802.1X Global Settings
| Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series Figure 186: Configuring Port Security 802.1x client 1. Client attempts to access a switch port. 2. Switch sends client an identity request. RADIUS 3. Client sends back identity information. 4. Switch forwards this to authentication server. server 5.
Page 340: Configuring Port Settings For 802.1X
| Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series EAPOL Pass Through – Passes EAPOL frames through to all ports in ◆ STP forwarding state when dot1x is globally disabled. (Default: Disabled) When this device is functioning as intermediate node in the network and does not need to perform dot1x authentication, EAPOL Pass Through can be enabled to allow the switch to forward EAPOL frames from other switches on to the authentication servers, thereby allowing...
Page 341 | Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series parameters for the exchange of EAP messages between the authenticator and clients. ARAMETERS These parameters are displayed in the web interface: Port – Port number. ◆ ◆ Status – Indicates if authentication is enabled or disabled on the port. The status is disabled if the control mode is set to Force-Authorized.
Page 342 | Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series Max MAC Count – The maximum number of hosts that can connect to ◆ a port when the Multi-Host operation mode is selected. (Range: 1-1024; Default: 5) Max Request – Sets the maximum number of times the switch port ◆...
Page 343 | Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series State – Current state (including initialize, disconnected, connecting, ◆ authenticating, authenticated, aborting, held, force_authorized, force_unauthorized). Reauth Count – Number of times connecting state is re-entered. ◆ Current Identifier – Identifier sent in each EAP Success, Failure or ◆...
Page 344 | Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series Figure 188: Configuring Interface Settings for 802.1X Port Authenticator – 344 –...
Page 345: Displaying 802.1X Statistics
| Security Measures HAPTER Configuring 802.1X Port Authentication ES-4500G Series Use the Security > Port Authentication (Show Statistics) page to display 802.1X ISPLAYING statistics for dot1x protocol exchanges for any port. TATISTICS CLI R EFERENCES "show dot1x" on page 762 ◆...
Page 346: Ip Source Guard
| Security Measures HAPTER IP Source Guard ES-4500G Series NTERFACE To display port authenticator statistics for 802.1X: Click Security, Port Authentication. Select Show Statistics from the Step list. Click Authenticator. Figure 189: Showing Statistics for 802.1X Port Authenticator IP S OURCE UARD IP Source Guard is a security feature that filters IP traffic on network...
Page 347 | Security Measures HAPTER IP Source Guard ES-4500G Series OMMAND SAGE ◆ Setting source guard mode to SIP (Source IP) or SIP-MAC (Source IP and MAC) enables this function on the selected port. Use the SIP option to check the VLAN ID, source IP address, and port number against all entries in the binding table.
Page 348: Configuring Static Bindings For Ip Source Guard
| Security Measures HAPTER IP Source Guard ES-4500G Series SIP-MAC – Enables traffic filtering based on IP addresses and ■ corresponding MAC addresses stored in the binding table. Max Binding Entry – The maximum number of entries that can be ◆...
Page 349 | Security Measures HAPTER IP Source Guard ES-4500G Series If there is an entry with the same VLAN ID and MAC address, and ■ the type of entry is static IP source guard binding, then the new entry will replace the old one. If there is an entry with the same VLAN ID and MAC address, and ■...
Page 350: Displaying Information For Dynamic Ip Source Guard Bindings
| Security Measures HAPTER IP Source Guard ES-4500G Series To display static bindings for IP Source Guard: Click Security, IP Source Guard, Static Configuration. Select Show from the Action list. Figure 192: Displaying Static Bindings for IP Source Guard Use the Security > IP Source Guard > Dynamic Binding page to display the ISPLAYING source-guard binding table for a selected interface.
Page 351: Dhcp Snooping
| Security Measures HAPTER DHCP Snooping ES-4500G Series NTERFACE To display the binding table for IP Source Guard: Click Security, IP Source Guard, Dynamic Binding. Mark the search criteria, and enter the required values. Click Query Figure 193: Showing the IP Source Guard Binding Table DHCP S NOOPING The addresses assigned to DHCP clients on insecure ports can be carefully...
Page 352 | Security Measures HAPTER DHCP Snooping ES-4500G Series The rate limit for the number of DHCP messages that can be processed ◆ by the switch is 100 packets per second. Any DHCP packets in excess of this limit are dropped. When DHCP snooping is enabled, DHCP messages entering an ◆...
Page 353 | Security Measures HAPTER DHCP Snooping ES-4500G Series DHCP server, any packets received from untrusted ports are dropped. DHCP Snooping Option 82 DHCP provides a relay mechanism for sending information about its ◆ DHCP clients or the relay agent itself to the DHCP server. Also known as DHCP Option 82, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients.
Page 354: Dhcp Snooping Configuration
| Security Measures HAPTER DHCP Snooping ES-4500G Series Use the IP Service > DHCP > Snooping (Configure Global) page to enable DHCP S NOOPING DHCP Snooping globally on the switch, or to configure MAC Address ONFIGURATION Verification. CLI R EFERENCES "DHCP Snooping"...
Page 355: Dhcp Snooping Vlan Configuration
| Security Measures HAPTER DHCP Snooping ES-4500G Series Figure 194: Configuring Global Settings for DHCP Snooping Use the IP Service > DHCP > Snooping (Configure VLAN) page to enable or DHCP S NOOPING disable DHCP snooping on specific VLANs. VLAN ONFIGURATION CLI R EFERENCES...
Page 356: Configuring Ports For Dhcp Snooping
| Security Measures HAPTER DHCP Snooping ES-4500G Series Enable DHCP Snooping on any existing VLAN. Click Apply Figure 195: Configuring DHCP Snooping on a VLAN Use the IP Service > DHCP > Snooping (Configure Interface) page to ONFIGURING ORTS configure switch ports as trusted or untrusted. DHCP S NOOPING CLI R...
Page 357: Displaying Dhcp Snooping Binding Information
| Security Measures HAPTER DHCP Snooping ES-4500G Series Set any ports within the local network or firewall to trusted. Click Apply Figure 196: Configuring the Port Mode for DHCP Snooping Use the IP Service > DHCP > Snooping (Show Information) page to display DHCP ISPLAYING entries in the binding table.
Page 358 | Security Measures HAPTER DHCP Snooping ES-4500G Series NTERFACE To display the binding table for DHCP Snooping: Click Security, IP Source Guard, DHCP Snooping. Select Show Information from the Step list. Use the Store or Clear function if required. Figure 197: Displaying the Binding Table for DHCP Snooping –...
Page 359: Basic Administration Protocols
ASIC DMINISTRATION ROTOCOLS ES-4500G Series This chapter describes basic administration tasks including: Event Logging – Sets conditions for logging event messages to system ◆ memory or flash memory, configures conditions for sending trap messages to remote log servers, and configures trap reporting to remote hosts using Simple Mail Transfer Protocol (SMTP).
Page 360: Table 20: Logging Levels
| Basic Administration Protocols HAPTER Configuring Event Logging ES-4500G Series ARAMETERS These parameters are displayed in the web interface: System Log Status – Enables/disables the logging of debug or error ◆ messages to the logging process. (Default: Enabled) ◆ Flash Level – Limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level.
Page 361 | Basic Administration Protocols HAPTER Configuring Event Logging ES-4500G Series Figure 198: Configuring Settings for System Memory Logs To show the error messages logged to system memory: Click Administration, Log, System. Select Show System Logs from the Step list. Click RAM or Flash. This page allows you to scroll through the logged system and event messages.
Page 362: Remote Log Configuration
| Basic Administration Protocols HAPTER Configuring Event Logging ES-4500G Series Use the Administration > Log > Remote page to send log messages to EMOTE syslog servers or other management stations. You can also limit the event ONFIGURATION messages sent to only those messages below a specified level. CLI R EFERENCES "Event Logging"...
Page 363: Sending Simple Mail Transfer Protocol Alerts
| Basic Administration Protocols HAPTER Configuring Event Logging ES-4500G Series Figure 200: Configuring Settings for Remote Logging of Error Messages Use the Administration > Log > SMTP page to alert system administrators ENDING IMPLE of problems by sending SMTP (Simple Mail Transfer Protocol) email RANSFER ROTOCOL messages when triggered by logging events of a specified level.
Page 364: Link Layer Discovery Protocol
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series NTERFACE To configure SMTP alert messages: Click Administration, Log, SMTP. Enable SMTP, specify a source email address, and select the minimum severity level. Specify the source and destination email addresses, and one or more SMTP servers.
Page 365 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series ARAMETERS These parameters are displayed in the web interface: LLDP – Enables LLDP globally on the switch. (Default: Enabled) ◆ Transmission Interval – Configures the periodic transmit interval for ◆...
Page 366: Configuring Lldp Interface Attributes
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series NTERFACE To configure LLDP timing attributes: Click Administration, LLDP. Select Configure Global from the Step list. Enable LLDP, and modify any of the timing parameters as required. Click Apply. Figure 202: Configuring LLDP Timing Attributes Use the Administration >...
Page 367 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series For information on defining SNMP trap destinations, see "Specifying Trap Managers" on page 397. Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only state changes that exist at the time of a trap notification are included in the transmission.
Page 368 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series 802.1 Organizationally Specific TLVs – Configures IEEE 802.1 ◆ information included in the TLV field of advertised messages. Protocol Identity – The protocols that are accessible through this ■ interface (see "Protocol VLANs"...
Page 369: Displaying Lldp Local Device Information
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Figure 203: Configuring LLDP Interface Attributes Use the Administration > LLDP (Show Local Device Information) page to LLDP ISPLAYING display information about the switch, such as its MAC address, chassis ID, OCAL EVICE management IP address, and port information.
Page 370: Table 22: System Capabilities
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Chassis ID – An octet string indicating the specific identifier for the ◆ particular chassis in this system. System Name – A string that indicates the system’s administratively ◆ assigned name (see "Displaying System Information"...
Page 371: Displaying Lldp Remote Port Information
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Figure 204: Displaying Local Device Information for LLDP (General) Figure 205: Displaying Local Device Information for LLDP (Port) Use the Administration > LLDP (Show Remote Device Information) page to LLDP ISPLAYING display information about devices connected directly to the switch’s ports...
Page 372: Table 23: Port Id Subtype
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Port ID – A string that contains the specific identifier for the port from ◆ which this LLDPDU was transmitted. System Name – A string that indicates the system’s administratively ◆...
Page 373: Table 24: Remote Port Auto-Negotiation Advertised Capability
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series System Capabilities Supported – The capabilities that define the ◆ primary function(s) of the system. (See Table 22, "System Capabilities," on page 370.) System Capabilities Enabled – The primary function(s) of the ◆...
Page 374 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Table 24: Remote Port Auto-Negotiation Advertised Capability Capability Asymmetric and Symmetric PAUSE for full-duplex links 1000BASE-X, -LX, -SX, -CX half duplex mode 1000BASE-X, -LX, -SX, -CX full duplex mode 1000BASE-T half duplex mode 1000BASE-T full duplex mode ◆...
Page 375 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Remote Link Aggregation Port ID – This object contains the IEEE ◆ 802.3 aggregated port identifier, aAggPortID (IEEE 802.3-2002, 30.7.2.1.1), derived from the ifNumber of the ifIndex for the port component associated with the remote system.
Page 376: Displaying Device Statistics
| Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Figure 207: Displaying Remote Device Information for LLDP (Port Details) Use the Administration > LLDP (Show Device Statistics) page to display ISPLAYING EVICE statistics for LLDP-capable devices attached to the switch, and for LLDP TATISTICS protocol messages transmitted or received on all local interfaces.
Page 377 | Basic Administration Protocols HAPTER Link Layer Discovery Protocol ES-4500G Series Neighbor Entries Deleted Count – The number of LLDP neighbors ◆ which have been removed from the LLDP remote systems MIB for any reason. Neighbor Entries Dropped Count – The number of times which the ◆...
Page 378: Simple Network Management Protocol
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Figure 208: Displaying LLDP Device Statistics (General) Figure 209: Displaying LLDP Device Statistics (Port) IMPLE ETWORK ANAGEMENT ROTOCOL Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
Page 379: Table 25: Snmpv3 Security Models And Levels
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using network management software.
Page 380: Configuring Global Settings For Snmp
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series OMMAND SAGE Configuring SNMPv1/2c Management Access To configure SNMPv1 or v2c management access to the switch, follow these steps: Use the Administration > SNMP (Configure Global) page to enable SNMP on the switch, and to enable trap messages.
Page 381: Setting The Local Engine Id
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Agent Status – Enables SNMP on the switch. (Default: Enabled) ◆ Authentication Traps – Issues a notification message to specified IP ◆...
Page 382: Specifying A Remote Engine Id
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series ID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users. ARAMETERS These parameters are displayed in the web interface: Engine ID – A new engine ID can be specified by entering 9 to 64 ◆...
Page 383 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Remote Engine ID – The engine ID can be specified by entering 9 to ◆ 64 hexadecimal characters (5 to 32 octets in hexadecimal format). If an odd number of characters are specified, a trailing zero is added to the value to fill in the last octet.
Page 384: Setting Snmpv3 Views
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Figure 213: Showing Remote Engine IDs for SNMP Use the Administration > SNMP (Configure View) page to configure SNMP ETTING SNMPv3 views which are used to restrict user access to specified portions IEWS of the MIB tree.
Page 385 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Select Add View from the Action list. Enter a view name and specify the initial OID subtree in the switch’s MIB database to be included or excluded in the view. Use the Add OID Subtree page to add additional object identifier branches to the view.
Page 386 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Click Apply Figure 216: Adding an OID Subtree to an SNMP View To show the OID branches configured for the SNMP views of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list.
Page 387: Configuring Snmpv3 Groups
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Use the Administration > SNMP (Configure Group) page to add an SNMPv3 ONFIGURING group which can be used to set the access policy for its assigned users, SNMP ROUPS restricting them to specific read, write, and notify views.
Page 388 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Table 26: Supported Notification Messages (Continued) Model Level Group SNMPv2 Traps coldStart 1.3.6.1.6.3.1.1.5.1 A coldStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered.
Page 389 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Table 26: Supported Notification Messages (Continued) Model Level Group swAtcBcastStormAlarmFireTrap 1.3.6.1.4.1.572.17389.302.1.2.1.0.70 When broadcast traffic is detected as a storm, this trap is fired. swAtcBcastStormAlarmClearTrap 1.3.6.1.4.1.572.17389.302.1.2.1.0.71 When a broadcast storm is detected as normal traffic, this trap is fired.
Page 390: Setting Community Access Strings
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Figure 218: Creating an SNMP Group To show SNMP groups: Click Administration, SNMP. Select Configure Group from the Step list. Select Show from the Action list. Figure 219: Showing SNMP Groups Use the Administration >...
Page 391 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Community String – A community string that acts like a password ◆ and permits access to the SNMP protocol. Range: 1-32 characters, case sensitive Default strings: “public”...
Page 392: Configuring Local Snmpv3 Users
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Figure 221: Showing Community Access Strings Use the Administration > SNMP (Configure User - Add SNMPv3 Local User) ONFIGURING OCAL page to authorize management access for SNMPv3 clients, or to identify SNMP SERS the source of SNMPv3 trap messages sent from the local switch.
Page 393 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Privacy Protocol – The encryption algorithm use for data privacy; ◆ only 56-bit DES is currently available. Privacy Password – A minimum of eight plain text characters is ◆ required.
Page 394: Configuring Remote Snmpv3 Users
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Figure 223: Showing Local SNMPv3 Users Use the Administration > SNMP (Configure User - Add SNMPv3 Remote ONFIGURING EMOTE User) page to identify the source of SNMPv3 inform messages sent from SNMP SERS the local switch.
Page 395 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series AuthPriv – SNMP communications use both authentication and ■ encryption. Authentication Protocol – The method used for user authentication. ◆ (Options: MD5, SHA; Default: MD5) Authentication Password – A minimum of eight plain text characters ◆...
Page 396 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Figure 224: Configuring Remote SNMPv3 Users To show remote SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Remote User from the Action list. Figure 225: Showing Remote SNMPv3 Users –...
Page 397: Specifying Trap Managers
| Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series Use the Administration > SNMP (Configure Trap) page to specify the host PECIFYING devices to be sent traps and the types of traps to send. Traps indicating ANAGERS status changes are issued by the switch to the specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management software).
Page 398 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series ARAMETERS These parameters are displayed in the web interface: SNMP Version 1 IP Address – IP address of a new management station to receive ◆ notification message (i.e., the targeted recipient). Version –...
Page 399 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series SNMP Version 3 IP Address – IP address of a new management station to receive ◆ notification message (i.e., the targeted recipient). Version – Specifies whether to send notifications as SNMP v1, v2c, or ◆...
Page 400 | Basic Administration Protocols HAPTER Simple Network Management Protocol ES-4500G Series NTERFACE To configure trap managers: Click Administration, SNMP. Select Configure Trap from the Step list. Select Add from the Action list. Fill in the required parameters based on the selected SNMP version. Click Apply Figure 226: Configuring Trap Managers (SNMPv1) Figure 227: Configuring Trap Managers (SNMPv2c)
Page 401: Remote Monitoring
| Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Figure 228: Configuring Trap Managers (SNMPv3) To show configured trap managers: Click Administration, SNMP. Select Configure Trap from the Step list. Select Show from the Action list. Figure 229: Showing Trap Managers EMOTE ONITORING Remote Monitoring allows a remote device to collect information or...
Page 402: Configuring Rmon Alarms
| Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series The switch supports mini-RMON, which consists of the Statistics, History, Event and Alarm groups. When RMON is enabled, the system gradually builds up information about its physical interfaces, storing this information in the relevant RMON database group.
Page 403 | Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Rising Threshold – If the current value is greater than or equal to the ◆ rising threshold, and the last sample value was less than this threshold, then an alarm will be generated. After a rising event has been generated, another such event will not be generated until the sampled value has fallen below the rising threshold, reaches the falling threshold, and again moves back up to the rising threshold.
Page 404 | Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Figure 230: Configuring an RMON Alarm To show configured RMON alarms: Click Administration, RMON. Select Configure Global from the Step list. Select Show from the Action list. Click Alarm. Figure 231: Showing Configured RMON Alarms –...
Page 405: Configuring Rmon Events
| Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Use the Administration > RMON (Configure Global - Add - Event) page to RMON ONFIGURING set the action to take when an alarm is triggered. The response can include VENTS logging the alarm or sending a message to a trap manager. Alarms and corresponding events provide a way of immediately responding to critical network problems.
Page 406 | Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series NTERFACE To configure an RMON event: Click Administration, RMON. Select Configure Global from the Step list. Select Add from the Action list. Click Event. Enter an index number, the type of event to initiate, the community string to send with trap messages, the name of the person who created this event, and a brief description of the event.
Page 407: Configuring Rmon History Samples
| Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Figure 233: Showing Configured RMON Events Use the Administration > RMON (Configure Interface - Add - History) page RMON ONFIGURING to collect statistics on a physical interface to monitor network utilization, ISTORY AMPLES packet types, and errors.
Page 408 | Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Buckets - The number of buckets requested for this entry. ◆ (Range: 1-65536; Default: 50) The number of buckets granted are displayed on the Show page. Owner - Name of the person who created this entry. (Range: 1-127 ◆...
Page 409 | Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Figure 235: Showing Configured RMON History Samples To show collected RMON history samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show Details from the Action list. Select a port from the list. Click History.
Page 410: Configuring Rmon Statistical Samples
| Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Use the Administration > RMON (Configure Interface - Add - Statistics) RMON ONFIGURING page to collect statistics on a port, which can subsequently be used to TATISTICAL AMPLES monitor the network for common errors and overall traffic rates. CLI R EFERENCES "Remote Monitoring Commands"...
Page 411 | Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Figure 237: Configuring an RMON Statistical Sample To show configured RMON statistical samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show from the Action list. Select a port from the list. Click Statistics.
Page 412 | Basic Administration Protocols HAPTER Remote Monitoring ES-4500G Series Figure 239: Showing Collected RMON Statistical Samples – 412 –...
Page 413: Multicast Filtering
ULTICAST ILTERING ES-4500G Series This chapter describes how to configure the following multicast services: Layer 2 IGMP – Configures snooping and query parameters. ◆ Filtering and Throttling – Filters specified multicast service, or throttling ◆ the maximum of multicast groups allowed on an interface. Layer 3 IGMP –...
Page 414: Igmp Protocol
| Multicast Filtering HAPTER IGMP Protocol ES-4500G Series This switch can use Internet Group Management Protocol (IGMP) to filter multicast traffic. IGMP Snooping can be used to passively monitor or “snoop” on exchanges between attached hosts and an IGMP-enabled device, most commonly a multicast router. In this way, the switch can discover the ports that want to join a multicast group, and set its filters accordingly.
Page 415: Layer 2 Igmp (Snooping And Query)
| Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series across different subnetworks. Therefore, when PIM routing is enabled for a subnet on the switch, IGMP is automatically enabled. Figure 241: IGMP Protocol Network core (multicast routing) Edge switches (snooping and query) Switch to end nodes (snooping on IGMP clients)
Page 416 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series When the switch is configured to use IGMPv3 snooping, the snooping version may be downgraded to version 2 or version 1, depending on the version of the IGMP query packets detected on each VLAN. IGMP snooping will not function unless a multicast router port is enabled on the switch.
Page 417: Configuring Igmp Snooping And Query Parameters
| Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Use the Multicast > IGMP Snooping > General page to configure the switch IGMP ONFIGURING to forward multicast traffic intelligently. Based on the IGMP query and NOOPING AND UERY report messages, the switch forwards multicast traffic only to the ports ARAMETERS...
Page 418 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Proxy Reporting Status – Enables IGMP Snooping with Proxy ◆ Reporting. (Default: Disabled) When proxy reporting is enabled with this command, the switch performs “IGMP Snooping with Proxy Reporting” (as defined in DSL Forum TR-101, April 2006), including last leave, and query suppression.
Page 419 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series (or query solicitation). When a switch receives this solicitation, it floods it to all ports in the VLAN where the spanning tree change occurred. When an upstream multicast router receives this solicitation, it immediately issues an IGMP general query.
Page 420 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series This attribute configures the IGMP report/query version used by IGMP snooping. Versions 1 - 3 are all supported, and versions 2 and 3 are backward compatible, so the switch can operate with other devices, regardless of the snooping version employed.
Page 421: Specifying Static Interfaces For A Multicast Router
| Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Use the Multicast > IGMP Snooping > Multicast Router (Add Static PECIFYING TATIC Multicast Router) page to statically attach an interface to a multicast NTERFACES FOR A router/switch. ULTICAST OUTER Depending on network connections, IGMP snooping may not always be able...
Page 422 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Select Show Static Multicast Router from the Action list. Select the VLAN for which to display this information. Figure 244: Showing Static Interfaces Attached a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol (such as PIM) to support IP multicasting across the Internet.
Page 423: Assigning Interfaces To Multicast Services
| Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Use the Multicast > IGMP Snooping > IGMP Member (Add Static Member) SSIGNING page to statically assign a multicast service to an interface. NTERFACES TO ULTICAST ERVICES Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages (see "Configuring IGMP Snooping and Query Parameters"...
Page 424 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Figure 246: Assigning an Interface to a Multicast Service To show the static interfaces assigned to a multicast service: Click Multicast, IGMP Snooping, IGMP Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information.
Page 425: Setting Igmp Snooping Status Per Interface
| Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Figure 248: Showing Current Interfaces Assigned to a Multicast Service Use the Multicast > IGMP Snooping > Interface (Configure VLAN) page to IGMP ETTING configure IGMP snooping attributes for a VLAN interface. To configure NOOPING TATUS snooping globally, refer to...
Page 426 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series forwarding is enabled. They are sent upon the occurrence of these events: Upon the expiration of a periodic (randomized) timer. ■ As a part of a router's start up procedure. ■...
Page 427 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series When IGMP snooping is disabled globally, snooping can still be configured per VLAN interface, but the interface settings will not take effect until snooping is re-enabled globally. Version Exclusive – Discards any received IGMP messages (except for ◆...
Page 428 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series If proxy reporting is disabled, report suppression can still be configured by a separate attribute as described above. ◆ Interface Version – Sets the protocol version for compatibility with other devices on the network.
Page 429 | Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Proxy Query Address – A static source address for locally generated ◆ query and report messages used by IGMP Proxy Reporting. (Range: Any valid IP unicast address; Default: 0.0.0.0) IGMP Snooping uses a null IP address of 0.0.0.0 for the source of IGMP query messages which are proxied to downstream hosts to indicate that it is not the elected querier, but is only proxying these messages as...
Page 430: Filtering Igmp Query Packets And Multicast Data
| Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series To show the interface settings for IGMP snooping: Click Multicast, IGMP Snooping, Interface. Select Show VLAN Information from the Action list. Figure 250: Showing Interface Settings for IGMP Snooping Use the Multicast >...
Page 431: Displaying Multicast Groups Discovered By Igmp Snooping
| Multicast Filtering HAPTER Layer 2 IGMP (Snooping and Query) ES-4500G Series Figure 251: Dropping IGMP Query or Multicast Data Packets Use the Multicast > IGMP Snooping > Forwarding Entry page to display the ISPLAYING forwarding entries learned through IGMP Snooping. ULTICAST ROUPS IGMP...
Page 432: Filtering And Throttling Igmp Groups
| Multicast Filtering HAPTER Filtering and Throttling IGMP Groups ES-4500G Series Figure 252: Showing Multicast Groups Learned by IGMP Snooping IGMP G ILTERING AND HROTTLING ROUPS In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan.
Page 433: Configuring Igmp Filter Profiles
| Multicast Filtering HAPTER Filtering and Throttling IGMP Groups ES-4500G Series ARAMETERS These parameters are displayed in the web interface: IGMP Filter Status – Enables IGMP filtering and throttling globally for ◆ the switch. (Default: Disabled) NTERFACE To enables IGMP filtering and throttling on the switch: Click Multicast, IGMP Snooping, Filtering.
Page 434 | Multicast Filtering HAPTER Filtering and Throttling IGMP Groups ES-4500G Series When the access mode is set to deny, IGMP join reports are only processed when the multicast group is not in the controlled range. Add Multicast Group Range Profile ID – Selects an IGMP profile to configure. ◆...
Page 435 | Multicast Filtering HAPTER Filtering and Throttling IGMP Groups ES-4500G Series To add a range of multicast groups to an IGMP filter profile: Click Multicast, IGMP Snooping, Filtering. Select Add Multicast Group Range from the Action list. Select the profile to configure, and add a multicast group address or range of addresses.
Page 436: Configuring Igmp Filtering And Throttling For Interfaces
| Multicast Filtering HAPTER Filtering and Throttling IGMP Groups ES-4500G Series Use the Multicast > IGMP Snooping > Configure Interface page to assign IGMP ONFIGURING and IGMP filter profile to interfaces on the switch, or to throttle multicast ILTERING AND traffic by limiting the maximum number of multicast groups an interface HROTTLING FOR can join at the same time.
Page 437: Layer 3 Igmp (Query Used With Multicast Routing)
| Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series Select a profile to assign to an interface, then set the maximum number of allowed multicast groups and the throttling response. Click Apply. Figure 258: Configuring IGMP Filtering and Throttling Interface Settings 3 IGMP (Q AYER UERY USED WITH...
Page 438: Configuring Igmp Proxy Routing
| Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series Use the Multicast > IGMP > Proxy page to configure IGMP Proxy Routing. IGMP ONFIGURING ROXY OUTING In simple network topologies, it is sufficient for a device to learn multicast requirements from its downstream interfaces and proxy this group membership information to the upstream router.
Page 439 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series The IGMP proxy routing tree must be manually configured by designating one upstream interface and multiple downstream interfaces on each proxy device. No other multicast routers except for the proxy devices can exist within the tree, and the root of the tree must be connected to a wider multicast infrastructure.
Page 440: Configuring Igmp Interface Parameters
| Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series Multicast routing protocols are not supported when IGMP proxy service ◆ is enabled. Only one upstream interface is supported on the system. ◆ A maximum of 1024 multicast entries are supported. ◆...
Page 441 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series that interface from the multicast tree. A host can also submit a join message at any time without waiting for a query from the router. Hosts can also signal when they no longer want to receive traffic for a specific group by sending a leave-group message.
Page 442 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series Multicast routers send host query messages to determine the interfaces that are connected to downstream hosts requesting a specific multicast service. Only the designated multicast router for a subnet sends host query messages, which are addressed to the multicast address 224.0.0.1, and use a time-to-live (TTL) value of 1.
Page 443: Configuring Static Igmp Group Membership
| Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series Figure 261: Configuring IGMP Interface Settings Use the Multicast > IGMP > Static Group page to manually propagate ONFIGURING TATIC traffic from specific multicast groups onto the specified VLAN interface. IGMP G ROUP EMBERSHIP...
Page 444 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series Static Group Address – An IP multicast group address. (The group ◆ addresses specified cannot be in the range of 224.0.0.1 - 239.255.255.255.) Source Address – The source address of a multicast server ◆...
Page 445: Displaying Multicast Group Information
| Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series When IGMP (Layer 3) is enabled on the switch, use the Multicast > IGMP > ISPLAYING Group Information pages to display the current multicast groups learned ULTICAST ROUP through IGMP.
Page 446 | Multicast Filtering HAPTER Layer 3 IGMP (Query used with Multicast Routing) ES-4500G Series Show Detail The following additional information is displayed on this page: VLAN – VLAN identifier. The selected entry must be a configured IP ◆ interface. (Range: 1-4093) Group Address –...
Page 447: Multicast Vlan Registration
| Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series Figure 264: Displaying Multicast Groups Learned from IGMP (Information) To display detailed information about the current multicast groups learned through IGMP: Click Multicast, IGMP, Group Information. Select Show Detail from the Action list. Select a VLAN.
Page 448 | Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series Figure 266: MVR Concept Multicast Router Satellite Services Service Network Multicast Server Layer 2 Switch Source Port Receiver Ports Set-top Box Set-top Box OMMAND SAGE General Configuration Guidelines for MVR: ◆ Enable MVR globally on the switch, select the MVR VLAN, and add the multicast groups that will stream traffic to attached hosts (see "Configuring Global MVR Settings"...
Page 449: Configuring Global Mvr Settings
| Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series Use the Multicast > MVR (Configure General) page to enable MVR globally ONFIGURING LOBAL on the switch, and select the VLAN that will serve as the sole channel for MVR S ETTINGS common multicast streams supported by the service provider.
Page 450: Configuring The Mvr Group Range
| Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series Figure 267: Configuring Global Settings for MVR Use the Multicast > MVR (Configure Group Range) page to assign the ONFIGURING THE multicast group address for each service to the MVR VLAN. MVR G ROUP ANGE...
Page 451: Configuring Mvr Interface Status
| Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series NTERFACE To configure multicast groups for the MVR VLAN: Click Multicast, MVR. Select Configure Group Range from the Step list. Select Add from the Action list. Add the multicast groups that will stream traffic to participating hosts. Click Apply.
Page 452 | Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series OMMAND SAGE ◆ A port configured as an MVR receiver or source port can join or leave multicast groups configured under MVR. However, note that these ports can also use IGMP snooping to join or leave any other multicast groups using the standard rules for multicast filtering.
Page 453 | Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series designated multicast services supported by the MVR VLAN. Just remember that only IGMP version 2 or 3 hosts can issue multicast join or leave messages. If MVR must be configured for an IGMP version 1 host, the multicast groups must be statically assigned (see "Assigning Static Multicast Groups to Interfaces"...
Page 454: Assigning Static Multicast Groups To Interfaces
| Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series Use the Multicast > MVR (Configure Static Group Member) page to SSIGNING TATIC statically bind multicast groups to a port which will receive long-term ULTICAST ROUPS multicast streams associated with a stable set of hosts. NTERFACES CLI R EFERENCES...
Page 455: Showing Multicast Groups Assigned To Interfaces
| Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series Select the port for which to display this information. Figure 272: Showing the Static MVR Groups Assigned to a Port Use the Multicast > MVR (Show Member) page to show the multicast HOWING ULTICAST groups either statically or dynamically assigned to the MVR VLAN on each...
Page 456 | Multicast Filtering HAPTER Multicast VLAN Registration ES-4500G Series Figure 273: Showing All MVR Groups Assigned to a Port – 456 –...
Page 457: Ip Configuration
IP C ONFIGURATION ES-4500G Series This chapter describes how to configure an initial IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types. You can manually configure a specific IPv4 or IPv6 address or direct the switch to obtain an IPv4 address from a BOOTP or DHCP server when it is powered on.
Page 458: Setting The Switch's Ip Address (Ip Version 4)
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 4) ES-4500G Series To enable routing between interfaces defined on this switch and ◆ external network interfaces, you must configure static routes (page 491) or use dynamic routing; i.e., RIP, OSPFv2 or OSPFv3 (page 530, 1218...
Page 459 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 4) ES-4500G Series NTERFACE To set a static address for the switch: Click IP, General, Routing Interface. Select Add from the Action list. Select any configured VLAN, set IP Address Mode to “Static,” set IP Address Type to “Primary”...
Page 460 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 4) ES-4500G Series Figure 275: Configuring a Dynamic IPv4 Address The switch will also broadcast a request for IP configuration settings on each power reset. If you lose the management connection, make a console connection to the switch and enter “show ip interface”...
Page 461: Setting The Switch's Ip Address (Ip Version 6)
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Figure 276: Showing the Configured IP Address for an Interface ’ IP A (IP V ETTING THE WITCH DDRESS ERSION This section describes how to configure an initial IPv6 interface for management access over the network, or for creating an interface to multiple subnets.
Page 462: Configuring Ipv6 Interface Settings
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series If a routing protocol is enabled (page 529), you can still define a ■ static route (page 491) to ensure that traffic to the designated address or subnet passes through a preferred gateway. An IPv6 default gateway can only be successfully set when a ■...
Page 463 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series network segment, and the interval between neighbor solicitations used to verify reachability information. ARAMETERS These parameters are displayed in the web interface: VLAN – ID of a configured VLAN which is to be used for management ◆...
Page 464 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series While an interface is suspended, all unicast IPv6 addresses assigned to that interface are placed in a “pending” state. Duplicate address detection is automatically restarted when the interface is administratively re-activated.
Page 465: Configuring An Ipv6 Address
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series the MTU size, the maximum number of duplicate address detection messages, and the neighbor solicitation message interval. Click Apply. Figure 278: Configuring General Settings for an IPv6 Interface Use the IP >...
Page 466 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series identifier to automatically create the low-order 64 bits in the host portion of the address. You can also manually configure the global unicast address by ■ entering the full address and prefix length.
Page 467 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series 6-byte MAC address (also known as EUI-48 format), it must be converted into EUI-64 format by inverting the universal/local bit in the address and inserting the hexadecimal number FFFE between the upper and lower three bytes of the MAC address.
Page 468: Showing Ipv6 Addresses
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Use the IP > IPv6 Configuration (Show IPv6 Address) page to display the HOWING IPv6 addresses assigned to an interface. DDRESSES CLI R EFERENCES "show ipv6 interface" on page 1127 ◆...
Page 469: Showing The Ipv6 Neighbor Cache
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series NTERFACE To show the configured IPv6 addresses: Click IP, IPv6 Configuration. Select Show IPv6 Address from the Action list. Select a VLAN from the list. Figure 280: Showing Configured IPv6 Addresses Use the IP >...
Page 470 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Table 27: ShowIPv6 Neighbors - display description (Continued) Field Description State The following states are used for dynamic entries: Incomplete - Address resolution is being carried out on the entry. ◆...
Page 471: Showing Ipv6 Statistics
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Use the IP > IPv6 Configuration (Show Statistics) page to display statistics HOWING about IPv6 traffic passing through this switch. TATISTICS CLI R EFERENCES "show ipv6 traffic" on page 1130 ◆...
Page 472 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Table 28: Show IPv6 Statistics - display description (Continued) Field Description Address Errors The number of input datagrams discarded because the IPv6 address in their IPv6 header's destination field was not a valid address to be received at this entity.
Page 473 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Table 28: Show IPv6 Statistics - display description (Continued) Field Description Generated Fragments The number of output datagram fragments that have been generated as a result of fragmentation at this output interface. Fragment Succeeded The number of IPv6 datagrams that have been successfully fragmented at this output interface.
Page 474 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Table 28: Show IPv6 Statistics - display description (Continued) Field Description Destination Unreachable The number of ICMP Destination Unreachable messages sent Messages by the interface. Packet Too Big Messages The number of ICMP Packet Too Big messages sent by the interface.
Page 475 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Figure 282: Showing IPv6 Statistics (IPv6) Figure 283: Showing IPv6 Statistics (ICMPv6) – 475 –...
Page 476: Showing The Mtu For Responding Destinations
| IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Figure 284: Showing IPv6 Statistics (UDP) Use the IP > IPv6 Configuration (Show MTU) page to display the maximum HOWING THE transmission unit (MTU) cache for destinations that have returned an ICMP ESPONDING packet-too-big message along with an acceptable MTU to this switch.
Page 477 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series Figure 285: Showing Reported MTU Values – 477 –...
Page 478 | IP Configuration HAPTER Setting the Switch’s IP Address (IP Version 6) ES-4500G Series – 478 –...
Page 479: General Ip Routing
IP R ENERAL OUTING ES-4500G Series This chapter provides information on network functions including: Ping – Sends ping message to another node on the network. ◆ Trace – Sends ICMP echo request packets to another node on the ◆ network. Address Resolution Protocol –...
Page 480: Ip Routing And Switching
| General IP Routing HAPTER IP Routing and Switching ES-4500G Series Figure 286: Virtual Interfaces and Layer 3 Routing Inter-subnet traffic (Layer 3 switching) Routing Untagged Untagged VLAN 1 VLAN 2 Tagged or Untagged Tagged or Untagged Tagged or Untagged Tagged or Untagged Intra-subnet traffic (Layer 2 switching) IP R...
Page 481: Routing Path Management
| General IP Routing HAPTER IP Routing and Switching ES-4500G Series broadcast to get the destination MAC address from the destination node. The IP packet can then be sent directly with the destination MAC address. If the destination belongs to a different subnet on this switch, the packet can be routed directly to the destination node.
Page 482: Routing Protocols
| General IP Routing HAPTER Configuring IP Routing Interfaces ES-4500G Series The switch supports both static and dynamic routing. OUTING ROTOCOLS Static routing requires routing information to be stored in the switch ◆ either manually or when a connection is set up by an application outside the switch.
Page 483: Using The Ping Function
| General IP Routing HAPTER Configuring IP Routing Interfaces ES-4500G Series unknown destinations, i.e., packets that do not match any routing table entry. If another router is designated as the default gateway, then the switch will pass packets to this router for any unknown hosts or subnets. To configure a default gateway for IPv4, use the static routing table as described on page...
Page 484: Using The Trace Route Function
| General IP Routing HAPTER Configuring IP Routing Interfaces ES-4500G Series Click Apply. Figure 287: Pinging a Network Device Use the IP > General > Trace Route page to show the route packets take to SING THE RACE the specified destination. OUTE UNCTION CLI R...
Page 485: Address Resolution Protocol
| General IP Routing HAPTER Address Resolution Protocol ES-4500G Series NTERFACE To trace the route to another device on the network: Click IP, General, Trace Route. Specify the target device. Click Apply. Figure 288: Tracing the Route to a Network Device DDRESS ESOLUTION ROTOCOL...
Page 486: Basic Arp Configuration
| General IP Routing HAPTER Address Resolution Protocol ES-4500G Series If there is no entry for an IP address in the ARP cache, the router will broadcast an ARP request packet to all devices on the network. The ARP request contains the following fields similar to that shown in this example: Table 30: Address Resolution Protocol destination IP address 10.1.0.19...
Page 487 | General IP Routing HAPTER Address Resolution Protocol ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Timeout – Sets the aging time for dynamic entries in the ARP cache. ◆ (Range: 300 - 86400 seconds; Default: 1200 seconds or 20 minutes) The ARP aging timeout can be set for any configured VLAN.
Page 488: Configuring Static Arp Addresses
| General IP Routing HAPTER Address Resolution Protocol ES-4500G Series For devices that do not respond to ARP requests or do not respond in a ONFIGURING TATIC timely manner, traffic will be dropped because the IP address cannot be ARP A DDRESSES mapped to a physical address.
Page 489: Displaying Dynamic Or Local Arp Entries
| General IP Routing HAPTER Address Resolution Protocol ES-4500G Series Figure 291: Configuring Static ARP Entries To display static entries in the ARP cache: Click IP, ARP. Select Configure Static Address from the Step List. Select Show from the Action List. Figure 292: Displaying Static ARP Entries The ARP cache contains static entries, and entries for local interfaces, ISPLAYING...
Page 490: Displaying Arp Statistics
| General IP Routing HAPTER Address Resolution Protocol ES-4500G Series Figure 293: Displaying Dynamic ARP Entries To display all local entries in the ARP cache: Click IP, ARP. Select Show Information from the Step List. Click Other Address. Figure 294: Displaying Local ARP Entries Use the IP >...
Page 491: Configuring Static Routes
| General IP Routing HAPTER Configuring Static Routes ES-4500G Series NTERFACE To display ARP statistics: Click IP, ARP. Select Show Information from the Step List. Click Statistics. Figure 295: Displaying ARP Statistics ONFIGURING TATIC OUTES This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP or OSPF).
Page 492 | General IP Routing HAPTER Configuring Static Routes ES-4500G Series Static routes are included in RIP and OSPF updates periodically sent by ◆ the router if this feature is enabled by RIP or OSPF (see page 567, respectively). ARAMETERS These parameters are displayed in the web interface: Destination IP Address –...
Page 493: Displaying The Routing Table
| General IP Routing HAPTER Displaying the Routing Table ES-4500G Series Figure 297: Displaying Static Routes ISPLAYING THE OUTING ABLE Use the IP > Routing > Routing Table page to display all routes that can be accessed via local network interfaces, through static routes, or through a dynamically learned route.
Page 494: Equal-Cost Multipath Routing
| General IP Routing HAPTER Equal-cost Multipath Routing ES-4500G Series ARAMETERS These parameters are displayed in the web interface: VLAN – VLAN identifier (i.e., configure as a valid IP subnet). ◆ Destination IP Address – IP address of the destination network, ◆...
Page 495 | General IP Routing HAPTER Equal-cost Multipath Routing ES-4500G Series dynamically generated by the Open Shortest Path Algorithm (OSPF). In other words, it uses either static or OSPF entries, not both. Normal unicast routing simply selects the path to the destination that has the lowest cost. Multipath routing still selects the path with the lowest cost, but can forward traffic over multiple paths if they all have the same lowest cost.
Page 496 | General IP Routing HAPTER Equal-cost Multipath Routing ES-4500G Series Select Configure ECMP Number from the Action List. Enter the maximum number of equal-cost paths used to route traffic to the same destination that are permitted on the switch. Click Apply Figure 299: Setting the Maximum ECMP Number –...
Page 497: Configuring Router Redundancy
ONFIGURING OUTER EDUNDANCY ES-4500G Series Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load.
Page 498: Configuring Vrrp Groups
| Configuring Router Redundancy HAPTER Configuring VRRP Groups ES-4500G Series Figure 302: Several Virtual Master Routers Configured for Mutual Backup and Load Sharing Router 1 Router 2 VRID 23 (Master) VRID 23 (Backup) IP(R1) = 192.168.1.3 IP(R1) = 192.168.1.5 IP(VR23) = 192.168.1.3 IP(VR23) = 192.168.1.3 VR Priority = 255 VR Priority = 100...
Page 499 | Configuring Router Redundancy HAPTER Configuring VRRP Groups ES-4500G Series priority. In cases where the configured priority is the same on several group members, then the master router with the highest IP address is selected from this group. If you have multiple secondary addresses configured on the current ◆...
Page 500 | Configuring Router Redundancy HAPTER Configuring VRRP Groups ES-4500G Series VLAN – ID of a VLAN configured with an IP interface. (Range: 1-4093; ◆ Default: 1) Adding a Virtual IP Address VLAN ID – ID of a VLAN configured with an IP interface. ◆...
Page 501 | Configuring Router Redundancy HAPTER Configuring VRRP Groups ES-4500G Series Authentication Mode – Authentication mode used to verify VRRP ◆ packets received from other routers. (Options: None, Simple Text; Default: None) If simple text authentication is selected, then you must also enter an authentication string.
Page 502 | Configuring Router Redundancy HAPTER Configuring VRRP Groups ES-4500G Series Figure 303: Configuring the VRRP Group ID To show the configured VRRP groups: Click IP, VRRP. Select Configure Group ID from the Step List. Select Show from the Action List. Figure 304: Showing Configured VRRP Groups To configure the virtual router address for a VRRP group: Click IP, VRRP.
Page 503 | Configuring Router Redundancy HAPTER Configuring VRRP Groups ES-4500G Series Figure 305: Setting the Virtual Router Address for a VRRP Group To show the virtual IP address assigned to a VRRP group: Click IP, VRRP. Select Configure Group ID from the Step List. Select Show IP Addresses from the Action List.
Page 504: Displaying Vrrp Global Statistics
| Configuring Router Redundancy HAPTER Displaying VRRP Global Statistics ES-4500G Series Figure 307: Configuring Detailed Settings for a VRRP Group VRRP G ISPLAYING LOBAL TATISTICS Use the IP > VRRP (Show Statistics – Global Statistics) page to display counters for errors found in VRRP protocol packets. CLI R EFERENCES "show vrrp router counters"...
Page 505: Displaying Vrrp Group Statistics
| Configuring Router Redundancy HAPTER Displaying VRRP Group Statistics ES-4500G Series Figure 308: Showing Counters for Errors Found in VRRP Packets VRRP G ISPLAYING ROUP TATISTICS Use the IP > VRRP (Show Statistics – Group Statistics) page to display counters for VRRP protocol events and errors that have occurred on a specific VRRP interface.
Page 506 | Configuring Router Redundancy HAPTER Displaying VRRP Group Statistics ES-4500G Series Table 32: VRRP Group Statistics (Continued) Parameter Description Received Invalid Type Number of VRRP packets received by the virtual router with an VRRP Packets invalid value in the “type” field. Received Error Address Number of packets received for which the address list does not List VRRP Packets...
Page 507: Ip Services
IP S ERVICES ES-4500G Series This chapter describes the following IP services: – Configures default domain names, identifies servers to use for ◆ dynamic lookup, and shows how to configure static entries. DHCP Client – Specifies the DHCP client identifier for an interface. ◆...
Page 508: Configuring A List Of Domain Names
| IP Services HAPTER Domain Name Service ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Domain Lookup – Enables DNS host name-to-address translation. ◆ (Default: Disabled) ◆ Default Domain Name – Defines the default domain name appended to incomplete host names.
Page 509 | IP Services HAPTER Domain Name Service ES-4500G Series When an incomplete host name is received by the DNS service on this ◆ switch and a domain name list has been specified, the switch will work through the domain list, appending each domain name in the list to the host name, and checking with the specified name servers for a match (see "Configuring a List of Name Servers"...
Page 510: Configuring A List Of Name Servers
| IP Services HAPTER Domain Name Service ES-4500G Series Use the IP Service > DNS - General (Add Name Server) page to configure a ONFIGURING A list of name servers to be tried in sequential order. ERVERS CLI R EFERENCES "ip name-server"...
Page 511: Configuring Static Dns Host To Address Entries
| IP Services HAPTER Domain Name Service ES-4500G Series Figure 314: Showing the List of Name Servers for DNS Use the IP Service > DNS - Static Host Table (Add) page to manually ONFIGURING TATIC configure static entries in the DNS table that are used to map domain DNS H OST TO names to IP addresses.
Page 512: Displaying The Dns Cache
| IP Services HAPTER Domain Name Service ES-4500G Series Figure 315: Configuring Static Entries in the DNS Table To show static entries in the DNS table: Click IP Service, DNS, Static Host Table. Select Show from the Action list. Figure 316: Showing Static Entries in the DNS Table Use the IP Service >...
Page 513: Dynamic Host Configuration Protocol
| IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series Type – This field includes CNAME which specifies the host address for ◆ the owner, and ALIAS which specifies an alias. IP – The IP address associated with this record. ◆...
Page 514 | IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series OMMAND SAGE ◆ The class identifier is used identify the vendor class and configuration of the switch to the DHCP server, which then uses this information to decide on how to service the client or the type of information to return. The general framework for this DHCP option is set out in RFC 2132 ◆...
Page 515: Configuring Dhcp Relay Service
| IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series Use the IP Service > DHCP > Relay page to configure DHCP relay service DHCP ONFIGURING for attached host devices. If DHCP relay is enabled, and this switch sees a ELAY ERVICE DHCP request broadcast, it inserts its own IP address into the request so...
Page 516: Configuring The Dhcp Server
| IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series Figure 320: Configuring DHCP Relay Service This switch includes a Dynamic Host Configuration Protocol (DHCP) server ONFIGURING THE that can assign temporary IP addresses to any attached host requesting DHCP S ERVER service.
Page 517 | IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series CLI R EFERENCES ◆ "service dhcp" on page 1084 ARAMETERS These parameters are displayed in the web interface: DHCP Server – Enables or disables the DHCP server on this switch. ◆...
Page 518 | IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series NTERFACE To configure IP addresses excluded for DHCP clients: Click IP Service, DHCP, Server. Select Configure Excluded Addresses from the Step list. Select Add from the Action list. Enter a single address or an address range. Click Apply.
Page 519 | IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series OMMAND SAGE ◆ First configure address pools for the network interfaces. Then you can manually bind an address to a specific client if required. However, note that any static host address must fall within the range of an existing network address pool.
Page 520 | IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series Client-Identifier – A unique designation for the client device, either a ◆ text string (1-15 characters) or hexadecimal value. The information included in the identifier is based on RFC 2132 Option 60, and must be unique for all clients in the same administrative domain.
Page 521 | IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series Click Apply. Figure 325: Configuring DHCP Server Address Pools (Network) Figure 326: Configuring DHCP Server Address Pools (Host) To show the configured DHCP address pools: Click IP Service, DHCP, Server. Select Configure Pool from the Step list.
Page 522 | IP Services HAPTER Dynamic Host Configuration Protocol ES-4500G Series Select Show from the Action list. Figure 327: Showing Configured DHCP Server Address Pools ISPLAYING DDRESS INDINGS Use the IP Service > DHCP > Server (Show IP Binding) page display the host devices which have acquired an IP address from this switch’s DHCP server.
Page 523: Forwarding Udp Service Requests
| IP Services HAPTER Forwarding UDP Service Requests ES-4500G Series UDP S ORWARDING ERVICE EQUESTS This section describes how this switch can forward UDP broadcast packets originating from host applications to another part of the network when an local application server is not available. OMMAND SAGE ◆...
Page 524: Specifying Udp Destination Ports
| IP Services HAPTER Forwarding UDP Service Requests ES-4500G Series Figure 329: Enabling the UDP Helper Use the IP Service > UDP Helper > Forwarding page to specify the UDP PECIFYING destination ports for which broadcast traffic will be forwarded when the ESTINATION ORTS UDP helper is enabled.
Page 525: Specifying The Target Server Or Subnet
| IP Services HAPTER Forwarding UDP Service Requests ES-4500G Series Figure 330: Specifying UDP Destination Ports To show the configured UDP destination ports: Click IP Service, UDP Helper, Forwarding. Select Show from the Action list. Figure 331: Showing the UDP Destination Ports Use the IP Service >...
Page 526 | IP Services HAPTER Forwarding UDP Service Requests ES-4500G Series The IP time-to-live (TTL) value must be at least 2. ■ The IP protocol must be UDP (17). ■ The UDP destination port must be TFTP, Domain Name System ■ (DNS), Time, NetBIOS, BOOTP or DHCP packet, or a UDP port specified on the IP Service >...
Page 527 | IP Services HAPTER Forwarding UDP Service Requests ES-4500G Series Figure 333: Showing the Target Server or Subnet for UDP Requests – 527 –...
Page 528 | IP Services HAPTER Forwarding UDP Service Requests ES-4500G Series – 528 –...
Page 529: Unicast Routing
NICAST OUTING ES-4500G Series This chapter describes how to configure the following unicast routing protocols: – Configures Routing Information Protocol. OSPFv2 – Configures Open Shortest Path First (Version 2) for IPv4. VERVIEW This switch can route unicast traffic to different subnetworks using the Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) protocol.
Page 530: Configuring The Routing Information Protocol
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series To coexist with a network built on multilayer switches, the subnetworks for non-IP protocols must follow the same logical boundary as that of the IP subnetworks. A separate multi-protocol router can then be used to link the subnetworks by connecting to one port from each available VLAN on the network.
Page 531: Configuring General Protocol Settings
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series versions can take a long time to converge on a new route after the failure of a link or router during which time routing loops may occur, and its small hop count limitation of 15 restricts its use to smaller networks.
Page 532 | Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series RIP send/receive versions set on the RIP Interface settings screen (page 542) always take precedence over the settings for the Global RIP Version. However, when the Global RIP Version is set to “By Interface,” any VLAN interface not previously set to a specific receive or send version is set to the following default values: Receive: Accepts RIPv1 or RIPv2 packets.
Page 533 | Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series access list that filters networks according to the IP address of the router supplying the routing information. Number of Route Changes – The number of route changes made to ◆...
Page 534: Clearing Entries From The Routing Table
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Figure 335: Configuring General Settings for RIP Use the Routing Protocol > RIP > General (Clear Route) page to clear LEARING NTRIES entries from the routing table based on route type or a specific network FROM THE OUTING address.
Page 535: Specifying Network Interfaces
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Clear Route By Network – Clears a specific route based on its IP ◆ address and prefix length. Network IP Address – Deletes all related entries for the specified ■...
Page 536 | Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series ARAMETERS These parameters are displayed in the web interface: By Address – Adds a network to the RIP routing process. ◆ Subnet Address – IP address of a network directly connected to ■...
Page 537: Specifying Passive Interfaces
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Figure 338: Showing Network Interfaces Using RIP Use the Routing Protocol > RIP > Passive Interface (Add) page to stop RIP PECIFYING ASSIVE from sending routing updates on the specified interface. NTERFACES CLI R EFERENCES...
Page 538: Specifying Static Neighbors
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Figure 339: Specifying a Passive RIP Interface To show the passive RIP interfaces: Click Routing Protocol, RIP, Passive Interface. Select Show from the Action list. Figure 340: Showing Passive RIP Interfaces Use the Routing Protocol >...
Page 539: Configuring Route Redistribution
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Click Apply. Figure 341: Specifying a Static RIP Neighbor To show static RIP neighbors: Click Routing Protocol, RIP, Neighbor Address. Select Show from the Action list. Figure 342: Showing Static RIP Neighbors Use the Routing Protocol >...
Page 540 | Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics. When a metric value has not been configured on this page, the default- metric determines the metric value to be used for all imported external routes.
Page 541: Specifying An Administrative Distance
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Figure 344: Showing External Routes Redistributed into RIP Use the Routing Protocol > RIP > Distance (Add) page to define an PECIFYING AN administrative distance for external routes learned from other routing DMINISTRATIVE protocols.
Page 542: Configuring Network Interfaces For Rip
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series NTERFACE To define an administrative distance for external routes learned from other routing protocols: Click Routing Protocol, RIP, Distance. Select Add from the Action list. Enter the distance, the external route, and optionally enter the name of an ACL to filter networks according to the IP address of the router supplying the routing information.
Page 543 | Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series "ip rip authentication mode" on page 1169 ◆ ◆ "ip rip authentication string" on page 1170 "ip rip split-horizon" on page 1173 ◆ OMMAND SAGE Specifying Receive and Send Protocol Types ◆...
Page 544 | Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series password. If any incoming protocol messages do not contain the correct password, they are simply dropped. For authentication to function properly, both the sending and receiving interface must be configured with the same password or authentication key.
Page 545 | Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Authentication Type – Specifies the type of authentication required ◆ for exchanging RIPv2 protocol messages. (Default: No Authentication) No Authentication: No authentication is required. ■ Simple Password: Requires the interface to exchange routing ■...
Page 546: Displaying Rip Interface Settings
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Figure 347: Configuring a Network Interface for RIP To show the network interface settings configured for RIP: Click Routing Protocol, RIP, Interface. Select Show from the Action list. Figure 348: Showing RIP Network Interface Settings Use the Routing Protocol >...
Page 547: Displaying Peer Router Information
| Unicast Routing HAPTER Configuring the Routing Information Protocol ES-4500G Series Rcv Bad Routes – Number of bad routes received. ◆ Send Updates – Number of route changes. ◆ NTERFACE To display RIP interface configuration settings: Click Routing Protocol, RIP, Statistics. Select Show Interface Information from the Action list.
Page 548: Resetting Rip Statistics
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 350: Showing RIP Peer Information Use the Routing Protocol > RIP > Statistics (Reset Statistics) page to reset ESETTING all statistics for RIP protocol messages. TATISTICS CLI R EFERENCES...
Page 549 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 352: Configuring OSPF isolated stub area virtual link backbone normal area ASBR NSSA Autonomous System A ASBR ASBR Router external network Autonomous System B OMMAND SAGE OSPF looks at more than just the simple hop count.
Page 550: Defining Network Areas Based On Addresses
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series You can further optimize the exchange of OSPF traffic by specifying ■ an area range that covers a large number of subnetwork addresses. This is an important technique for limiting the amount of traffic exchanged between Area Border Routers (ABRs).
Page 551 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series CLI R EFERENCES ◆ "router ospf" on page 1178 "network area" on page 1194 ◆ OMMAND SAGE Specify an Area ID and the corresponding network address range for ◆...
Page 552 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series NTERFACE To define an OSPF area and the interfaces that operate within this area: Click Routing Protocol, OSPF, Network Area. Select Add from the Action list. Configure a backbone area that is contiguous with all the other areas in the network, and configure an area for all of the other OSPF interfaces.
Page 553: Configuring General Protocol Settings
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 356: Showing OSPF Process Identifiers To implement dynamic OSPF routing, first assign VLAN groups to each IP ONFIGURING subnet to which this router will be attached (as described in the preceding ENERAL ROTOCOL section), then use the Routing Protocol >...
Page 554 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Auto Cost – Calculates the cost for an interface by dividing the ◆ reference bandwidth by the interface bandwidth. The reference bandwidth is defined in Mbits per second. (Range: 1-4294967) By default, the cost is 0.1 for Gigabit ports, and 0.01 for 10 Gigabit ports.
Page 555 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 357: AS Boundary Router AS 1 AS 2 ASBR ASBR Advertise Default Route – The router can advertise a default ◆ external route into the autonomous system (AS). (Options: Not Always, Always;...
Page 556: Displaying Administrative Settings And Statistics
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 358: Configure General Settings for OSPF Use the Routing Protocol > OSPF > System (Show) page to display general ISPLAYING administrative settings and statistics for OSPF. DMINISTRATIVE ETTINGS AND CLI R...
Page 557 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Table 33: OSPF System Information (Continued) Parameter Description ABR Status Indicates if this router connects directly to networks in two or (Area Border Router) more areas. An area border router runs a separate copy of the Shortest Path First algorithm, maintaining a separate routing database for each area.
Page 558: Adding An Nssa Or Stub
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Use the Routing Protocol > OSPF > Area (Configure Area – Add Area) page NSSA DDING AN to add a not-so-stubby area (NSSA) or a stubby area (Stub). CLI R EFERENCES "router ospf"...
Page 559: Configuring Nssa Settings
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series To show the NSSA or stubs added to the specified OSPF domain: Click Routing Protocol, OSPF, Area. Select Configure Area from the Step list. Select Show Area from the Action list. Select a Process ID.
Page 560 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series CLI R EFERENCES ◆ "router ospf" on page 1178 "area default-cost" on page 1183 ◆ "area nssa" on page 1189 ◆ OMMAND SAGE Before creating an NSSA, first specify the address range for the area ◆...
Page 561 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Redistribute – Disable this option when the router is an NSSA Area ◆ Border Router (ABR) and routes only need to be imported into normal areas (see "Redistributing External Routes"...
Page 562: Configuring Stub Settings
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Click Apply Figure 363: Configuring Protocol Settings for an NSSA Use the Routing Protocol > OSPF > Area (Configure Area – Configure Stub ONFIGURING Area) page to configure protocol settings for a stub. ETTINGS A stub does not accept external routing information.
Page 563 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series A stub can have multiple ABRs or exit points. However, all of the exit ◆ points and local routers must contain the same external routing data so that the exit point does not need to be determined for each external destination.
Page 564: Displaying Information On Nssa And Stub Areas
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 365: Configuring Protocol Settings for a Stub Use the Routing Protocol > OSPF > Area (Show Information) page to ISPLAYING protocol information on NSSA and Stub areas. NFORMATION ON NSSA CLI R...
Page 565: Configuring Area Ranges (Route Summarization For Abrs)
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 366: Displaying Information on NSSA and Stub Areas An OSPF area can include a large number of nodes. If the Area Border ONFIGURING Router (ABR) has to advertise route information for each of these nodes, ANGES OUTE this wastes a lot of bandwidth and processor time.
Page 566 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Process ID – Process ID as configured in the Network Area ◆ configuration screen (see page 550).
Page 567: Redistributing External Routes
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Select the process ID. Figure 369: Showing Configured Route Summaries Use the Routing Protocol > OSPF > Redistribute (Add) page to import EDISTRIBUTING external routing information from other routing protocols, static routes, or XTERNAL OUTES directly connected routes into the autonomous system, and to generate...
Page 568 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Protocol Type – Specifies the external routing protocol type for which ◆ routing information is to be redistributed into the local routing domain. (Options: RIP, Static; Default: RIP) Metric Type –...
Page 569: Configuring Summary Addresses For External As Routes
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 371: Importing External Routes To show the imported external route types: Click Routing Protocol, OSPF, Redistribute. Select Show from the Action list. Select the process ID. Figure 372: Showing Imported External Route Types Redistributing routes from other protocols into OSPF normally requires the ONFIGURING...
Page 570 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series CLI R EFERENCES ◆ "router ospf" on page 1178 "summary-address" on page 1188 ◆ OMMAND SAGE If you are not sure what address ranges to consolidate, first enable ◆...
Page 571: Configuring Ospf Interfaces
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series To show the summary addresses for external routes: Click Routing Protocol, OSPF, Summary Address. Select Show from the Action list. Select the process ID. Figure 374: Showing Summary Addresses for External Routes You should specify a routing interface for any local subnet that needs to OSPF ONFIGURING...
Page 572 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series IP Address – Address of the interfaces assigned to a VLAN on the ◆ Network Area (Add) page. This parameter only applies to the Configure by Address page. Cost –...
Page 573 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Transmit Delay – Sets the estimated time to send a link-state update ◆ packet over an interface. (Range: 1-65535 seconds; Default: 1 second) LSAs have their age incremented by this delay before transmission. You should consider both the transmission and propagation delays for an interface when estimating this delay.
Page 574 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series the OSPF header when routing protocol packets are originated by this device. A different password can be assigned to each network interface, but the password must be used consistently on all neighboring routers throughout a network (that is, autonomous system).
Page 575 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 375: Configuring Settings for All Interfaces Assigned to a VLAN To configure interface settings for a specific area assigned to a VLAN: Click Routing Protocol, OSPF, Interface. Select Configure by Address from the Action list.
Page 576 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 376: Configuring Settings for a Specific Area Assigned to a VLAN To show the configuration settings for OSPF interfaces: Click Routing Protocol, OSPF, Interface. Select Show from the Action list.
Page 577: Configuring Virtual Links
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 378: Showing MD5 Authentication Keys Use the Routing Protocol > OSPF > Virtual Link (Add) and (Configure ONFIGURING IRTUAL Detailed Settings) pages to configure a virtual link from an area that does INKS not have a direct physical connection to the OSPF backbone.
Page 578 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series CLI R EFERENCES ◆ "router ospf" on page 1178 "area virtual-link" on page 1192 ◆ OMMAND SAGE Use the Add page to create a virtual link, and then use the Configure ◆...
Page 579 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series To show virtual links: Click Routing Protocol, OSPF, Virtual Link. Select Show from the Action list. Select the process ID. Figure 381: Showing Virtual Links To configure detailed settings for a virtual link: Click Routing Protocol, OSPF, Virtual Link.
Page 580: Displaying Link State Database Information
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 383: Showing MD5 Authentication Keys Use the Routing Protocol > OSPF > Information (LSDB) page to show the ISPLAYING Link State Advertisements (LSAs) sent by OSPF routers advertising routes. TATE ATABASE The full collection of LSAs collected by a router interface from the attached...
Page 581 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series ARAMETERS These parameters are displayed in the web interface: Process ID – Process ID as configured in the Network Area ◆ configuration screen (see page 550).
Page 582: Displaying Information On Neighboring Routers
| Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series Figure 384: Displaying Information in the Link State Database Use the Routing Protocol > OSPF > Information (Neighbor) page to display ISPLAYING information about neighboring routers on each interface. NFORMATION ON EIGHBORING CLI R...
Page 583 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series States include: Down – Connection down ■ Attempt – Connection down, but attempting contact (non-broadcast ■ networks) Init – Have received Hello packet, but communications not yet ■...
Page 584 | Unicast Routing HAPTER Configuring the Open Shortest Path First Protocol (Version 2) ES-4500G Series – 584 –...
Page 585: Multicast Routing
ULTICAST OUTING ES-4500G Series This chapter describes the following multicast routing topics: Enabling Multicast Routing Globally – Describes how to globally enable ◆ multicast routing. Displaying the Multicast Routing Table – Describes how to display the ◆ multicast routing table. Configuring PIM for IPv4 –...
Page 586 | Multicast Routing HAPTER Overview ES-4500G Series PIM-DM is a simple multicast routing protocol that uses flood and prune to build a source-routed multicast delivery tree for each multicast source- group pair. As mentioned above, it does not maintain it’s own routing table, but instead, uses the routing table provided by whatever unicast routing protocol is enabled on the router interface.
Page 587 | Multicast Routing HAPTER Overview ES-4500G Series group addresses. The BSR places information about all of the candidate RPs in subsequent bootstrap messages. The BSR and all the routers receiving these messages use the same hash algorithm to elect an RP for each multicast group.
Page 588: Configuring Global Settings For Multicast Routing
| Multicast Routing HAPTER Configuring Global Settings for Multicast Routing ES-4500G Series data transmission delays. The switch can also be configured to use SPT only for specific multicast groups, or to disable the change over to SPT for specific groups. ONFIGURING LOBAL ETTINGS FOR...
Page 589: Displaying The Multicast Routing Table
| Multicast Routing HAPTER Configuring Global Settings for Multicast Routing ES-4500G Series Use the Multicast > Multicast Routing > Information page to display ISPLAYING THE information on each multicast route it has learned through PIM. The router ULTICAST OUTING learns multicast routes from neighboring routers, and also advertises these ABLE routes to its neighbors.
Page 590 | Multicast Routing HAPTER Configuring Global Settings for Multicast Routing ES-4500G Series Show Details Group Address – IP group address for a multicast service. ◆ Source Address – Subnetwork containing the IP multicast source. ◆ Source Mask – Network mask for the IP multicast source. ◆...
Page 591 | Multicast Routing HAPTER Configuring Global Settings for Multicast Routing ES-4500G Series Pruned – This route has been terminated. ■ Registering - A downstream device is registering for a multicast ■ source. NTERFACE To display the multicast routing table: Click Multicast, Multicast Routing, Information. Select Show Summary from the Action List.
Page 592: Enabling Pim Globally
| Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series ONFIGURING This section describes how to configure PIM-DM and PIM-SM for IPv4. Use the Routing Protocol > PIM > General page to enable IPv4 PIM routing NABLING globally on the router. LOBALLY CLI R EFERENCES...
Page 593 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series PIM and IGMP proxy cannot be used at the same time. When an ◆ interface is set to use PIM Dense mode or Sparse mode, IGMP proxy cannot be enabled on any interface of the device (see "Configuring IGMP Snooping and Query Parameters"...
Page 594 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Hello messages are sent to neighboring PIM routers from which this device has received probes, and are used to verify whether or not these neighbors are still active members of the multicast tree. PIM-SM routers use these messages not only to inform neighboring routers of their presence, but also to determine which router for each LAN segment will serve as the Designated Router (DR).
Page 595 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series The override interval and the propagation delay are used to calculate the LAN prune delay. If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message, then the override interval represents the time required for the downstream router to process the message and then respond by sending a Join message back to the upstream router to ensure that the...
Page 596 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series of each router in the tree. This also enables PIM routers to recognize topology changes (sources joining or leaving a multicast group) before the default three-minute state timeout expires. This command is only effectively for interfaces of first hop, PIM-DM routers that are directly connected to the sources of multicast groups.
Page 597 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Figure 390: Configuring PIM Interface Settings (Dense Mode) Figure 391: Configuring PIM Interface Settings (Sparse Mode) – 597 –...
Page 598: Displaying Neighbor Information
| Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Use the Routing Protocol > PIM > Neighbor page to display all neighboring ISPLAYING EIGHBOR PIM routers. NFORMATION CLI R EFERENCES "show ip pim neighbor" on page 1262 ◆ ARAMETERS These parameters are displayed in the web interface: ◆...
Page 599 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series DR that leads back toward the RP. (Range: VLAN 1-4094; Default: The IP address of the DR’s outgoing interface that leads back to the RP) When the source address of a register message is filtered by intermediate network devices, or is not a uniquely routed address to which the RP can send packets, the replies sent from the RP to the source address will fail to reach the DR, resulting in PIM-SM protocol...
Page 600: Configuring Absr Candidate
| Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Figure 393: Configuring Global Settings for PIM-SM Use the Routing Protocol > PIM > SM (BSR Candidate) page to configure ONFIGURING A the switch as a Bootstrap Router (BSR) candidate. ANDIDATE CLI R EFERENCES...
Page 601: Configuring A Static Rendezvous Point
| Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series length is less than 32, then only the first portion of the hash is used, and a single RP will be defined for multiple groups. (Range: 0-32; Default: 10) Priority – Priority used by the candidate bootstrap router in the ◆...
Page 602 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series If an IP address is specified that was previously used for an RP, then ◆ the older entry is replaced. Multiple RPs can be defined for different groups or group ranges. If a ◆...
Page 603: Configuring An Rp Candidate
| Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Figure 395: Configuring a Static Rendezvous Point To display static rendezvous points: Click Multicast, Multicast Routing, SM. Select RP Address from the Step list. Select Show from the Action list. Figure 396: Showing Static Rendezvous Points Use the Routing Protocol >...
Page 604 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series The election process for each group is based on the following criteria: ◆ Find all RPs with the most specific group range. ■ Select those with the highest priority (lowest priority value). ■...
Page 605: Displaying The Bsr Router
| Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Figure 397: Configuring an RP Candidate To display settings for an RP candidate: Click Multicast, Multicast Routing, PIM-SM. Select RP Candidate from the Step list. Select Show from the Action list. Select an interface from the VLAN list.
Page 606 | Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Priority – Priority value used by this BSR candidate. ◆ Hash Mask Length – The number of significant bits used in the ◆ multicast group comparison mask by this BSR candidate. Expire –...
Page 607: Displaying Rp Mapping
| Multicast Routing HAPTER Configuring PIM for IPv4 ES-4500G Series Figure 399: Showing Information About the BSR Use the Routing Protocol > PIM > SM (Show Information – Show RP ISPLAYING Mapping) page to display active RPs and associated multicast routing APPING entries.
Page 608: Configuring Pimv6 For Ipv6
| Multicast Routing HAPTER Configuring PIMv6 for IPv6 ES-4500G Series Figure 400: Showing RP Mapping ONFIGURING This section describes how to configure PIM-DM for IPv6. Use the Routing Protocol > PIM6 > General page to enable IPv6 PIM NABLING routing globally on the router. LOBALLY CLI R EFERENCES...
Page 609: Configuring Pim Interface Settings
| Multicast Routing HAPTER Configuring PIMv6 for IPv6 ES-4500G Series Use the Routing Protocol > PIM6 > Interface page configure the routing ONFIGURING protocol’s functional attributes for each interface. NTERFACE ETTINGS CLI R EFERENCES "IPv6 PIM Commands" on page 1276 ◆...
Page 610 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 ES-4500G Series a router does not hear from a neighbor for the period specified by the Hello Holdtime, that neighbor is dropped. This hold time is included in each hello message received from a neighbor. Also note that hello messages also contain the DR priority of the router sending the message.
Page 611 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 ES-4500G Series Propagation Delay – The time required for a LAN prune delay ◆ message to reach downstream routers. (Range: 100-5000 milliseconds; Default: 500 milliseconds) The override interval and pro po gat ion delay are used to calculate the LAN prune delay.
Page 612: Displaying Neighbor Information
| Multicast Routing HAPTER Configuring PIMv6 for IPv6 ES-4500G Series NTERFACE To configure PIMv6 interface settings: Click Routing Protocol, PIM6, Interface. Modify any of the protocol parameters as required. Click Apply. Figure 402: Configuring PIMv6 Interface Settings (Dense Mode) Use the Routing Protocol > PIM6 > Neighbor page to display all ISPLAYING EIGHBOR neighboring PIMv6 routers.
Page 613 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 ES-4500G Series NTERFACE To display neighboring PIMv6 routers: Click Routing Protocol, PIM6, Neighbor. Figure 403: Showing PIMv6 Neighbors – 613 –...
Page 614 | Multicast Routing HAPTER Configuring PIMv6 for IPv6 ES-4500G Series – 614 –...
Page 615: Ection
ECTION ES-4500G Series OMMAND NTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: "General Commands" on page 629 ◆ "System Management Commands" on page 637 ◆...
Page 616 | Command Line Interface ECTION ES-4500G Series "VLAN Commands" on page 917 ◆ "Class of Service Commands" on page 959 ◆ "Quality of Service Commands" on page 973 ◆ "Multicast Filtering Commands" on page 989 ◆ "LLDP Commands" on page 1049 ◆...
Page 617: Using The Command Line Interface
SING THE OMMAND NTERFACE ES-4500G Series This chapter describes how to use the Command Line Interface (CLI). You can only access the console interface through the Master unit in the stack. CCESSING THE When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet or Secure Shell connection (SSH), the switch can be managed by entering command keywords and parameters at the prompt.
Page 618: Telnet Connection
| Using the Command Line Interface HAPTER Accessing the CLI ES-4500G Series Telnet operates over the IP transport protocol. In this environment, your ELNET ONNECTION management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
Page 619: Entering Commands
| Using the Command Line Interface HAPTER Entering Commands ES-4500G Series You can open up to four sessions to the device via Telnet or SSH. NTERING OMMANDS This section describes how to enter CLI commands. A CLI command is a series of keywords and arguments. Keywords identify EYWORDS AND a command, and arguments specify configuration parameters.
Page 620: Getting Help On Commands
| Using the Command Line Interface HAPTER Entering Commands ES-4500G Series You can display a brief description of the help system by entering the help ETTING ELP ON command. You can also display command syntax by using the “?” character OMMANDS to list keywords or parameters.
Page 621: Partial Keyword Lookup
| Using the Command Line Interface HAPTER Entering Commands ES-4500G Series Secure shell server connections startup-config Startup system configuration subnet-vlan IP subnet-based VLAN information system System information tacacs-server TACACS server information tech-support Technical information time-range Time range traffic-segmentation Traffic segmentation information users Information about users logged in version...
Page 622: Using Command History
| Using the Command Line Interface HAPTER Entering Commands ES-4500G Series The CLI maintains a history of commands that have been entered. You can SING OMMAND scroll back through the history of commands by pressing the up arrow key. ISTORY Any command displayed in the history list can be executed again, or first modified and then executed.
Page 623: Configuration Commands
| Using the Command Line Interface HAPTER Entering Commands ES-4500G Series To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the ES-4526G is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [guest login password]...
Page 624: Table 35: Configuration Command Modes
| Using the Command Line Interface HAPTER Entering Commands ES-4500G Series Multiple Spanning Tree Configuration - These commands configure ◆ settings for the selected multiple spanning tree instance. Policy Map Configuration - Creates a DiffServ policy map for multiple ◆ interfaces.
Page 625: Command Line Processing
| Using the Command Line Interface HAPTER Entering Commands ES-4500G Series For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mode Console(config)#interface ethernet 1/5 Console(config-if)#exit Console(config)# Commands are not case sensitive. You can abbreviate commands and OMMAND parameters as long as they contain enough letters to differentiate them ROCESSING...
Page 626: Cli Command Groups
| Using the Command Line Interface HAPTER CLI Command Groups ES-4500G Series CLI C OMMAND ROUPS The system commands can be broken down into the functional groups shown below Table 37: Command Group Index Command Group Description Page General Basic commands for entering privileged access mode, restarting the system, or quitting the CLI System Management Display and setting of system information, basic modes...
Page 627 | Using the Command Line Interface HAPTER CLI Command Groups ES-4500G Series Table 37: Command Group Index (Continued) Command Group Description Page Class of Service Sets port priority for untagged frames, selects strict priority or weighted round robin, relative weight for each priority queue, also sets priority for TCP/UDP traffic types, IP precedence, and DSCP Quality of Service...
Page 628 | Using the Command Line Interface HAPTER CLI Command Groups ES-4500G Series – 628 –...
Page 629: General Commands
ENERAL OMMANDS ES-4500G Series These commands are used to control the command access mode, configuration mode, and other basic functions. Table 38: General Commands Command Function Mode prompt Customizes the CLI prompt reload Restarts the system at a specified time, after a specified delay, or at a periodic interval enable Activates privileged mode...
Page 630: Reload (Global Configuration)
| General Commands HAPTER ES-4500G Series XAMPLE Console(config)#prompt RD2 RD2(config)# This command restarts the system at a specified time, after a specified reload (Global delay, or at a periodic interval. You can reboot the system immediately, or Configuration) you can configure the switch to reset after a specified amount of time. Use the cancel option to remove a configured setting.
Page 631: Enable
| General Commands HAPTER ES-4500G Series OMMAND SAGE ◆ This command resets the entire system. Any combination of reload options may be specified. If the same option ◆ is re-specified, the previous setting will be overwritten. ◆ When the system is restarted, it will always run the Power-On Self-Test. It will also retain all configuration information stored in non-volatile memory by the copy running-config startup-config...
Page 632: Quit
| General Commands HAPTER ES-4500G Series XAMPLE Console>enable Password: [privileged level password] Console# ELATED OMMANDS disable (634) enable password (718) This command exits the configuration program. quit EFAULT ETTING None OMMAND Normal Exec, Privileged Exec OMMAND SAGE The quit and exit commands can both exit the configuration program. XAMPLE This example shows how to quit a CLI session: Console#quit...
Page 633: Configure
| General Commands HAPTER ES-4500G Series XAMPLE In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console#...
Page 634: Disable
| General Commands HAPTER ES-4500G Series This command returns to Normal Exec mode from privileged mode. In disable normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode.
Page 635: Show Reload
| General Commands HAPTER ES-4500G Series This command displays the current reload settings, and the time at which show reload next scheduled reload will take place. OMMAND Privileged Exec XAMPLE Console#show reload Reloading switch in time: 0 hours 29 minutes. The switch will be rebooted at January 1 02:11:50 2001.
Page 636 | General Commands HAPTER ES-4500G Series XAMPLE This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: –...
Page 637: System Management Commands
YSTEM ANAGEMENT OMMANDS ES-4500G Series These commands are used to control system logs, passwords, user names, management options, and display or configure a variety of other system information. Table 39: System Management Commands Command Group Function Device Designation Configures information that uniquely identifies this switch System Status Displays system configuration, active managers, and version information...
Page 638: Hostname
| System Management Commands HAPTER Device Designation ES-4500G Series This command specifies or modifies the host name for this device. Use the hostname no form to restore the default host name. YNTAX hostname name no hostname name - The name of this host. (Maximum length: 255 characters) EFAULT ETTING None...
Page 639: System Status
| System Management Commands HAPTER System Status ES-4500G Series YSTEM TATUS This section describes commands used to display system information. Table 41: System Status Commands Command Function Mode show access-list tcam- Shows utilization parameters for TCAM utilization show memory Shows memory utilization parameters NE, PE show process cpu Shows CPU utilization parameters...
Page 640: Show Memory
| System Management Commands HAPTER System Status ES-4500G Series This command shows memory utilization parameters. show memory OMMAND Normal Exec, Privileged Exec OMMAND SAGE This command shows the amount of memory currently free for use, the amount of memory allocated to active processes, and the total amount of system memory.
Page 641 | System Management Commands HAPTER System Status ES-4500G Series OMMAND SAGE ◆ Use the interface keyword to display configuration data for the specified interface. Use this command in conjunction with the show startup-config ◆ command to compare the information in running memory to the information stored in non-volatile memory.
Page 642: Show Startup-Config
| System Management Commands HAPTER System Status ES-4500G Series interface vlan 1 ip address dhcp no ip igmp snooping proxy-reporting interface vlan 1 line console line vty Console#show running-config interface ethernet 1/1 interface ethernet 1/1 switchport allowed vlan add 1 untagged switchport native vlan 1 queue weight 1 2 4 6 8 10 12 14 Console#...
Page 643: Show System
| System Management Commands HAPTER System Status ES-4500G Series XAMPLE Refer to the example for the running configuration file. ELATED OMMANDS show running-config (640) This command displays system information. show system EFAULT ETTING None OMMAND Normal Exec, Privileged Exec OMMAND SAGE For a description of the items shown by this command, refer to ◆...
Page 644: Show Tech-Support
| System Management Commands HAPTER System Status ES-4500G Series Unit 1 Temperature 1: 28 degrees Temperature 2: 44 degrees Console# This command displays a detailed list of system settings designed to help show tech-support technical support resolve configuration or functional problems. OMMAND Normal Exec, Privileged Exec OMMAND...
Page 645: Show Version
| System Management Commands HAPTER System Status ES-4500G Series XAMPLE Console#show users User Name Accounts: User Name Privilege Public-Key --------- --------- ---------- admin 15 None guest 0 None steve Online Users: Line User Name Idle time (h:m:s) Remote IP addr ------- -------------------------------- ----------------- --------------- * Console admin 0:00:00...
Page 646: Frame Size
| System Management Commands HAPTER Frame Size ES-4500G Series RAME This section describes commands used to configure the Ethernet frame size on the switch. Table 42: Frame Size Commands Command Function Mode jumbo frame Enables support for jumbo frames This command enables support for layer 2 jumbo frames for Gigabit and jumbo frame 10 Gigabit Ethernet ports.
Page 647: Fan Control
| System Management Commands HAPTER Fan Control ES-4500G Series ELATED OMMANDS switchport mtu (843) show system (643) ONTROL This section describes the command used to force fan speed. Table 43: Fan Control Commands Command Function Mode fan-speed force-full Forces fans to full speed show system Shows if full fan speed is enabled NE, PE...
Page 648: Boot System
| System Management Commands HAPTER File Management ES-4500G Series Saving or Restoring Configuration Settings Configuration settings can be uploaded and downloaded to and from an FTP/TFTP server. The configuration file can be later downloaded to restore switch settings. The configuration file can be downloaded under a new file name and then set as the startup file, or the current startup configuration file can be specified as the destination file to directly replace it.
Page 649: Copy
| System Management Commands HAPTER File Management ES-4500G Series ELATED OMMANDS dir (653) whichboot (654) This command moves (upload/download) a code image or configuration file copy between the switch’s flash memory and an FTP/TFTP server. When you save the system code or configuration settings to a file on an FTP/TFTP server, that file can later be downloaded to the switch to restore system operation.
Page 650 | System Management Commands HAPTER File Management ES-4500G Series You can use “Factory_Default_Config.cfg” as the source to copy from ◆ the factory default configuration file, but you cannot use it as the destination. To replace the startup configuration, you must use startup-config as ◆...
Page 651 | System Management Commands HAPTER File Management ES-4500G Series The following example shows how to copy the running configuration to a startup file. Console#copy running-config file destination file name: startup Write to FLASH Programming. \Write to FLASH finish. Success. Console# The following example shows how to download a configuration file: Console#copy tftp startup-config TFTP server ip address: 10.1.0.99...
Page 652: Delete
| System Management Commands HAPTER File Management ES-4500G Series This example shows how to copy a file to an FTP server. Console#copy ftp file FTP server IP address: 169.254.1.11 User[anonymous]: admin Password[]: ***** Choose file type: 1. config: 2. opcode: 2 Source file name: BLANC.BIX Destination file name: BLANC.BIX Console#...
Page 653: Dir
| System Management Commands HAPTER File Management ES-4500G Series This command displays a list of files in flash memory. YNTAX dir [unit:] {boot-rom: | config: | opcode:} [filename]} unit - Stack unit. (Range: 1-8) boot-rom - Boot ROM (or diagnostic) image file. config - Switch configuration file.
Page 654: Whichboot
| System Management Commands HAPTER Line ES-4500G Series This command displays which files were booted when the system powered whichboot YNTAX whichboot [unit] unit - Stack unit. (Range: 1-8) EFAULT ETTING None OMMAND Privileged Exec XAMPLE This example shows the information displayed by the whichboot command.
Page 655: Line
| System Management Commands HAPTER Line ES-4500G Series Table 46: Line Commands (Continued) Command Function Mode password-thresh Sets the password intrusion threshold, which limits the number of failed logon attempts Sets the amount of time the management console is silent-time inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-...
Page 656: Databits
| System Management Commands HAPTER Line ES-4500G Series This command sets the number of data bits per character that are databits interpreted and generated by the console port. Use the no form to restore the default value. YNTAX databits {7 | 8} no databits 7 - Seven data bits per character.
Page 657: Login
| System Management Commands HAPTER Line ES-4500G Series OMMAND SAGE ◆ If user input is detected within the timeout interval, the session is kept open; otherwise the session is terminated. This command applies to both the local console and Telnet connections. ◆...
Page 658: Parity
| System Management Commands HAPTER Line ES-4500G Series This command controls login authentication via the switch itself. To ◆ configure user names and passwords for remote authentication servers, you must use the RADIUS or TACACS software installed on those servers. XAMPLE Console(config-line)#login local Console(config-line)#...
Page 659: Password
| System Management Commands HAPTER Line ES-4500G Series This command specifies the password for a line. Use the no form to password remove the password. YNTAX password {0 | 7} password no password {0 | 7} - 0 means plain password, 7 means encrypted password password - Character string that specifies the line password.
Page 660: Password-Thresh
| System Management Commands HAPTER Line ES-4500G Series This command sets the password intrusion threshold which limits the password-thresh number of failed logon attempts. Use the no form to remove the threshold value. YNTAX password-thresh [threshold] no password-thresh threshold - The number of allowed password attempts. (Range: 1-120;...
Page 661: Speed
| System Management Commands HAPTER Line ES-4500G Series OMMAND Line Configuration (console only) XAMPLE To set the silent time to 60 seconds, enter this command: Console(config-line)#silent-time 60 Console(config-line)# ELATED OMMANDS password-thresh (660) This command sets the terminal line’s baud rate. This command sets both speed the transmit (to terminal) and receive (from terminal) speeds.
Page 662: Stopbits
| System Management Commands HAPTER Line ES-4500G Series This command sets the number of the stop bits transmitted per byte. Use stopbits the no form to restore the default setting. YNTAX stopbits {1 | 2} no stopbits 1 - One stop bit 2 - Two stop bits EFAULT ETTING...
Page 663: Disconnect
| System Management Commands HAPTER Line ES-4500G Series Using the command without specifying a timeout restores the default ◆ setting. XAMPLE To set the timeout to two minutes, enter this command: Console(config-line)#timeout login response 120 Console(config-line)# This command terminates an SSH, Telnet, or console connection. disconnect YNTAX disconnect session-id...
Page 664: Event Logging
| System Management Commands HAPTER Event Logging ES-4500G Series XAMPLE To show all lines, enter this command: Console#show line Console Configuration: Password Threshold : 3 times Inactive Timeout : Disabled Login Timeout : Disabled Silent Time : Disabled Baud Rate : 115200 Data Bits Parity...
Page 665: Logging Facility
| System Management Commands HAPTER Event Logging ES-4500G Series This command sets the facility type for remote logging of syslog messages. logging facility Use the no form to return the type to the default. YNTAX logging facility type no logging facility type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service.
Page 666: Logging Host
| System Management Commands HAPTER Event Logging ES-4500G Series Table 48: Logging Levels (Continued) Level Severity Name Description warnings Warning conditions (e.g., return false, unexpected return) errors Error conditions (e.g., invalid input, default used) critical Critical conditions (e.g., memory allocation, or free memory error - resource exhausted) alerts Immediate action needed...
Page 667: Logging On
| System Management Commands HAPTER Event Logging ES-4500G Series XAMPLE Console(config)#logging host 10.1.0.3 Console(config)# This command controls logging of error messages, sending debug or error logging on messages to a logging process. The no form disables the logging process. YNTAX [no] logging on EFAULT ETTING...
Page 668: Clear Log
| System Management Commands HAPTER Event Logging ES-4500G Series EFAULT ETTING Disabled Level 7 OMMAND Global Configuration OMMAND SAGE Using this command with a specified level enables remote logging and ◆ sets the minimum severity level to be saved. ◆ Using this command without a specified level also enables remote logging, but restores the minimum severity level to the default.
Page 669: Show Log
| System Management Commands HAPTER Event Logging ES-4500G Series This command displays the log messages stored in local memory. show log YNTAX show log {flash | ram} flash - Event history stored in flash memory (i.e., permanent memory). ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
Page 670: Table 49: Show Logging Flash/Ram - Display Description
| System Management Commands HAPTER Event Logging ES-4500G Series XAMPLE The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), and the message level for RAM is “debugging” (i.e., default level 7 - 0). Console#show logging flash Syslog logging: Enabled...
Page 671: Smtp Alerts
| System Management Commands HAPTER SMTP Alerts ES-4500G Series SMTP A LERTS These commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP servers and email recipients. Table 51: Event Logging Commands Command Function Mode logging sendmail Enables SMTP event handling logging sendmail host SMTP servers to receive alert messages...
Page 672: Logging Sendmail Level
| System Management Commands HAPTER SMTP Alerts ES-4500G Series OMMAND Global Configuration OMMAND SAGE You can specify up to three SMTP servers for event handing. However, ◆ you must enter a separate command to specify each server. To send email alerts, the switch first opens a connection, sends all the ◆...
Page 673: Logging Sendmail Destination-Email
| System Management Commands HAPTER SMTP Alerts ES-4500G Series XAMPLE This example will send email alerts for system errors from level 3 through Console(config)#logging sendmail level 3 Console(config)# This command specifies the email recipients of alert messages. Use the no logging sendmail form to remove a recipient.
Page 674: Show Logging Sendmail
| System Management Commands HAPTER Time ES-4500G Series OMMAND SAGE You may use an symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. XAMPLE Console(config)#logging sendmail source-email bill@this-company.com Console(config)# This command displays the settings for the SMTP event handler. show logging sendmail OMMAND...
Page 675: Sntp Client
| System Management Commands HAPTER Time ES-4500G Series Table 52: Time Commands (Continued) Command Function Mode Manual Configuration Commands clock timezone Sets the time zone for the switch’s internal clock calendar set Sets the system date and time show calendar Displays the current date and time setting NE, PE This command enables SNTP client requests for time synchronization from...
Page 676: Sntp Poll
| System Management Commands HAPTER Time ES-4500G Series This command sets the interval between sending time requests when the sntp poll switch is set to SNTP client mode. Use the no form to restore to the default. YNTAX sntp poll seconds no sntp poll seconds - Interval between time requests.
Page 677: Show Sntp
| System Management Commands HAPTER Time ES-4500G Series XAMPLE Console(config)#sntp server 10.1.0.19 Console# ELATED OMMANDS sntp client (675) sntp poll (676) show sntp (677) This command displays the current time and configuration settings for the show sntp SNTP client, and indicates whether or not the local time has been properly updated.
Page 678: Calendar Set
| System Management Commands HAPTER Time ES-4500G Series EFAULT ETTING None OMMAND Global Configuration OMMAND SAGE This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
Page 679: Show Calendar
| System Management Commands HAPTER Time Range ES-4500G Series XAMPLE This example shows how to set the system clock to 15:12:34, February 1st, 2002. Console#calendar set 15:12:34 1 February 2002 Console# This command displays the system clock. show calendar EFAULT ETTING None OMMAND...
Page 680: Absolute
| System Management Commands HAPTER Time Range ES-4500G Series EFAULT ETTING None OMMAND Global Configuration OMMAND SAGE This command sets a time range for use by other functions, such as Access Control Lists. XAMPLE Console(config)#time-range r&d Console(config-time-range)# ELATED OMMANDS Access Control Lists (813) This command sets the time range for the execution of a command.
Page 681: Periodic
| System Management Commands HAPTER Time Range ES-4500G Series XAMPLE This example configures the time for the single occur ran ce of an event. Console(config)#time-range r&d Console(config-time-range)#absolute start 1 1 1 april 2009 end 2 1 1 april 2009 Console(config-time-range)# This command sets the time range for the periodic execution of a periodic command.
Page 682: Show Time-Range
| System Management Commands HAPTER Time Range ES-4500G Series This command shows configured time ranges. show time-range YNTAX show time-range [name] name - Name of the time range. (Range: 1-30 characters) EFAULT ETTING None OMMAND Privileged Exec XAMPLE Console#show time-range r&d Time-range r&d: absolute start 01:01 01 April 2009 periodic...
Page 683: Snmp Commands
SNMP C OMMANDS ES-4500G Series Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers. SNMP Version 3 also provides security features that cover message integrity, authentication, and encryption;...
Page 684: Snmp-Server
| SNMP Commands HAPTER ES-4500G Series Table 54: SNMP Commands (Continued) Command Function Mode Notification Log Commands Enables the specified notification log snmp-server notify-filter Creates a notification log and specifies the target host show nlm oper-status Shows operation status of configured notification logs show snmp notify-filter Displays the configured notification logs...
Page 685: Snmp-Server Community
| SNMP Commands HAPTER ES-4500G Series XAMPLE Console(config)#snmp-server Console(config)# This command defines community access strings used to authorize snmp-server management access by clients using SNMP v1 or v2c. Use the no form to community remove the specified community string. YNTAX snmp-server community string [ro | rw] no snmp-server community string string - Community string that acts like a password and permits...
Page 686: Snmp-Server Location
| SNMP Commands HAPTER ES-4500G Series OMMAND Global Configuration XAMPLE Console(config)#snmp-server contact Paul Console(config)# ELATED OMMANDS snmp-server location (686) This command sets the system location string. Use the no form to remove snmp-server the location string. location YNTAX snmp-server location text no snmp-server location text - String that describes the system location.
Page 687: Snmp-Server Enable Traps
| SNMP Commands HAPTER ES-4500G Series XAMPLE Console#show snmp SNMP Agent : Enabled SNMP Traps : Authentication : Enabled Link-up-down : Enabled SNMP Communities : 1. public, and the access level is read-only 2. private, and the access level is read/write 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name...
Page 688: Snmp-Server Host
| SNMP Commands HAPTER ES-4500G Series snmp-server enable traps command. If you enter the command with no keywords, both authentication and link-up-down notifications are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. The snmp-server enable traps command is used in conjunction with ◆...
Page 689 | SNMP Commands HAPTER ES-4500G Series prior to using the snmp-server host command. (Maximum length: 32 characters) version - Specifies whether to send notifications as SNMP Version 1, 2c or 3 traps. (Range: 1, 2c, 3; Default: 1) auth | noauth | priv - This group uses SNMPv3 with authentication, no authentication, or with authentication and privacy.
Page 690 | SNMP Commands HAPTER ES-4500G Series To send an inform to a SNMPv2c host, complete these steps: Enable the SNMP agent (page 684). Create a view with the required notification messages (page 694). Create a group that includes the required notify view (page 692).
Page 691: Snmp-Server Engine-Id
| SNMP Commands HAPTER ES-4500G Series This command configures an identification string for the SNMPv3 engine. snmp-server Use the no form to restore the default. engine-id YNTAX snmp-server engine-id {local | remote {ip-address}} engineid-string no snmp-server engine-id {local | remote {ip-address}} local - Specifies the SNMP engine on this switch.
Page 692: Snmp-Server Group
| SNMP Commands HAPTER ES-4500G Series ELATED OMMANDS snmp-server host (688) This command adds an SNMP group, mapping SNMP users to SNMP views. snmp-server group Use the no form to remove an SNMP group. YNTAX snmp-server group groupname {v1 | v2c | v3 {auth | noauth | priv}} [read readview] [write writeview] [notify notifyview] no snmp-server group groupname groupname - Name of an SNMP group.
Page 693: Snmp-Server User
| SNMP Commands HAPTER ES-4500G Series XAMPLE Console(config)#snmp-server group r&d v3 auth write daily Console(config)# This command adds a user to an SNMP group, restricting the user to a snmp-server user specific SNMP Read, Write, or Notify View. Use the no form to remove a user from an SNMP group.
Page 694: Snmp-Server View
| SNMP Commands HAPTER ES-4500G Series Remote users (i.e., the command specifies a remote engine identifier) ◆ must be configured to identify the source of SNMPv3 inform messages sent from the local switch. The SNMP engine ID is used to compute the authentication/privacy ◆...
Page 695: Show Snmp Engine-Id
| SNMP Commands HAPTER ES-4500G Series OMMAND SAGE ◆ Views are used in the snmp-server group command to restrict user access to specified portions of the MIB tree. The predefined view “defaultview” includes access to the entire MIB ◆ tree. XAMPLES This view includes MIB-2.
Page 696: Show Snmp Group
| SNMP Commands HAPTER ES-4500G Series Table 55: show snmp engine-id - display description (Continued) Field Description Remote SNMP engineID String identifying an engine ID on a remote device. IP address IP address of the device containing the corresponding remote SNMP engine.
Page 697: Show Snmp User
| SNMP Commands HAPTER ES-4500G Series Table 56: show snmp group - display description Field Description Group Name Name of an SNMP group. Security Model The SNMP version. Read View The associated read view. Write View The associated write view. Notify View The associated notify view.
Page 698: Show Snmp View
| SNMP Commands HAPTER ES-4500G Series This command shows information on the SNMP views. show snmp view OMMAND Privileged Exec XAMPLE Console#show snmp view View Name : mib-2 Subtree OID : 1.2.2.3.6.2.1 View Type : included Storage Type : nonvolatile Row Status : active View Name...
Page 699: Snmp-Server Notify-Filter
| SNMP Commands HAPTER ES-4500G Series Disabling logging with this command does not delete the entries stored ◆ in the notification log. XAMPLE This example enables the notification log A1. Console(config)#nlm A1 Console(config)# This command creates an SNMP notification log. Use the no form to snmp-server notify- remove this log.
Page 700: Show Nlm Oper-Status
| SNMP Commands HAPTER ES-4500G Series To avoid this problem, notification logging should be configured and ◆ enabled using the snmp-server notify-filter command and command, and these commands stored in the startup configuration file. Then when the switch reboots, SNMP traps (such as warm start) can now be logged.
Page 701: Show Snmp Notify-Filter
| SNMP Commands HAPTER ES-4500G Series This command displays the configured notification logs. show snmp notify- filter OMMAND Privileged Exec XAMPLE This example displays the configured notification logs and associated target hosts. Console#show snmp notify-filter Filter profile name IP address ---------------------------- ---------------- 10.1.19.23...
Page 702 | SNMP Commands HAPTER ES-4500G Series – 702 –...
Page 703: Remote Monitoring Commands
EMOTE ONITORING OMMANDS ES-4500G Series Remote Monitoring allows a remote device to collect information or respond to specified events on an independent basis. This switch is an RMON-capable device which can independently perform a wide range of tasks, significantly reducing network management traffic. It can continuously run diagnostics and log information on network performance.
Page 704: Rmon Alarm
| Remote Monitoring Commands HAPTER ES-4500G Series This command sets threshold bounds for a monitored variable. Use the no rmon alarm form to remove an alarm. YNTAX rmon alarm index variable interval {absolute | delta} rising-threshold threshold [event-index] falling-threshold threshold [event-index] [owner name] no rmon alarm index index –...
Page 705: Rmon Event
| Remote Monitoring Commands HAPTER ES-4500G Series If the current value is less than or equal to the falling threshold, and ◆ the last sample value was greater than this threshold, then an alarm will be generated. After a falling event has been generated, another such event will not be generated until the sampled value has risen above the falling threshold, reaches the rising threshold, and again moves back down to the failing threshold.
Page 706: Rmon Collection History
| Remote Monitoring Commands HAPTER ES-4500G Series The specified events determine the action to take when an alarm ◆ triggers this event. The response to an alarm can include logging the alarm or sending a message to a trap manager. XAMPLE Console(config)#rmon event 2 log description urgent owner mike Console(config)#...
Page 707: Rmon Collection Rmon1
| Remote Monitoring Commands HAPTER ES-4500G Series XAMPLE Console(config)#interface ethernet 1/1 Console(config-if)#rmon collection history 21 buckets 24 interval 60 owner mike Console(config-if)# This command enables the collection of statistics on a physical interface. rmon collection Use the no form to disable statistics collection. rmon1 YNTAX rmon collection rmon1 controlEntry index [owner name]...
Page 708: Show Rmon Alarms
| Remote Monitoring Commands HAPTER ES-4500G Series This command shows the settings for all configured alarms. show rmon alarms OMMAND Privileged Exec XAMPLE Console#show rmon alarms Alarm 1 is valid, owned by Monitors 1.3.6.1.2.1.16.1.1.1.6.1 every 30 seconds Taking delta samples, last value was 0 Rising threshold is 892800, assigned to event 0 Falling threshold is 446400, assigned to event 0 This command shows the settings for all configured events.
Page 709: Show Rmon Statistics
| Remote Monitoring Commands HAPTER ES-4500G Series This command shows the information collected for all configured entries in show rmon the statistics group. statistics OMMAND Privileged Exec XAMPLE Console#show rmon statistics Interface 1 is valid, and owned by Monitors 1.3.6.1.2.1.2.2.1.1.1 which has Received 164289 octets, 2372 packets, 120 broadcast and 2211 multicast packets, 0 undersized and 0 oversized packets,...
Page 710 | Remote Monitoring Commands HAPTER ES-4500G Series – 710 –...
Page 711: Flow
AMPLING OMMANDS ES-4500G Series Flow sampling (sFlow) can be used with a remote sFlow Collector to provide an accurate, detailed and real-time overview of the types and levels of traffic present on the network. The sFlow Agent samples 1 out of n packets from all data traversing the switch, re-encapsulates the samples as sFlow datagrams and transmits them to the sFlow Collector.
Page 712: Sflow Max-Datagram-Size
| Flow Sampling Commands HAPTER ES-4500G Series One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. destination-udp-port - The UDP port on which the Collector is listening for sFlow streams. (Range: 0-65534) EFAULT ETTING IP Address: null...
Page 713: Sflow Max-Header-Size
| Flow Sampling Commands HAPTER ES-4500G Series This command configures the maximum size of the sFlow datagram header. sflow max-header- Use the no form to restore the default setting. size YNTAX sflow max-header-size max-header-size no max-header-size max-header-size - The maximum size of the sFlow datagram header.
Page 714: Sflow Sample
| Flow Sampling Commands HAPTER ES-4500G Series This command configures the packet sampling rate. Use the no form to sflow sample restore the default rate. YNTAX sflow sample rate no sflow sample rate - The packet sampling rate, or the number of packets out of which one sample will be taken.
Page 715: Sflow Timeout
| Flow Sampling Commands HAPTER ES-4500G Series This command configures the length of time samples are sent to the sflow timeout Collector before resetting all sFlow port parameters. Use the no form to restore the default time out. YNTAX sflow timeout seconds no sflow timeout seconds - The length of time the sFlow process continuously sends samples to the Collector before resetting all sFlow port parameters.
Page 716 | Flow Sampling Commands HAPTER ES-4500G Series OMMAND Privileged Exec XAMPLE Console#show sflow interface ethernet 1/9 Interface of Ethernet Interface status : Enabled Owner name : Lamar Owner destination : 192.168.0.4 Owner socket port : 6343 Time out : 9994 Maximum header size : 256 Maximum datagram size : 1500...
Page 717: Authentication
UTHENTICATION OMMANDS ES-4500G Series You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access the data ports.
Page 718: Enable Password
| Authentication Commands HAPTER User Accounts ES-4500G Series After initially logging onto the system, you should set the Privileged Exec enable password password. Remember to record it in a safe place. This command controls access to the Privileged Exec level from the Normal Exec level. Use the no form to reset the default password.
Page 719: Username
| Authentication Commands HAPTER User Accounts ES-4500G Series This command adds named users, requires authentication at login, username specifies or changes a user's password (or specify that no password is required), or specifies or changes a user's access level. Use the no form to remove a user name.
Page 720: Authentication Sequence
| Authentication Commands HAPTER Authentication Sequence ES-4500G Series UTHENTICATION EQUENCE Three authentication methods can be specified to authenticate users logging into the system for management access. The commands in this section can be used to define the authentication method and sequence. Table 64: Authentication Sequence Commands Command Function...
Page 721: Authentication Login
| Authentication Commands HAPTER Authentication Sequence ES-4500G Series If the TACACS+ server is not available, the local user name and password is checked. XAMPLE Console(config)#authentication enable radius Console(config)# ELATED OMMANDS enable password - sets the password for changing command modes (718) This command defines the login authentication method and precedence.
Page 722: Radius Client
| Authentication Commands HAPTER RADIUS Client ES-4500G Series XAMPLE Console(config)#authentication login radius Console(config)# ELATED OMMANDS username - for setting the local user names and passwords (719) RADIUS C LIENT Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network.
Page 723: Radius-Server Auth-Port
| Authentication Commands HAPTER RADIUS Client ES-4500G Series XAMPLE Console(config)#radius-server acct-port 181 Console(config)# This command sets the RADIUS server network port. Use the no form to radius-server auth- restore the default. port YNTAX radius-server auth-port port-number no radius-server auth-port port-number - RADIUS server UDP port used for authentication messages.
Page 724: Radius-Server Key
| Authentication Commands HAPTER RADIUS Client ES-4500G Series retransmit - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1-30) timeout - Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) EFAULT ETTING auth-port - 1812...
Page 725: Radius-Server Retransmit
| Authentication Commands HAPTER RADIUS Client ES-4500G Series This command sets the number of retries. Use the no form to restore the radius-server default. retransmit YNTAX radius-server retransmit number-of-retries no radius-server retransmit number-of-retries - Number of times the switch will try to authenticate logon access via the RADIUS server.
Page 726: Show Radius-Server
| Authentication Commands HAPTER TACACS+ Client ES-4500G Series This command displays the current settings for the RADIUS server. show radius-server EFAULT ETTING None OMMAND Privileged Exec XAMPLE Console#show radius-server Remote RADIUS Server Configuration: Global Settings: Authentication Port Number : 1812 Accounting Port Number : 1813 Retransmit Times...
Page 727: Tacacs-Server
| Authentication Commands HAPTER TACACS+ Client ES-4500G Series This command specifies the TACACS+ server and other optional tacacs-server parameters. Use the no form to remove the server, or to restore the default values. YNTAX tacacs-server index host host-ip-address [key key] [port port-number] no tacacs-server index index - The index for this server.
Page 728: Tacacs-Server Key
| Authentication Commands HAPTER TACACS+ Client ES-4500G Series This command sets the TACACS+ encryption key. Use the no form to tacacs-server key restore the default. YNTAX tacacs-server key key-string no tacacs-server key key-string - Encryption key used to authenticate logon access for the client.
Page 729: Show Tacacs-Server
| Authentication Commands HAPTER ES-4500G Series This command displays the current settings for the TACACS+ server. show tacacs-server EFAULT ETTING None OMMAND Privileged Exec XAMPLE Console#show tacacs-server Remote TACACS+ Server Configuration: Global Settings: Server Port Number: 49 Server 1: Server IP Address : 10.11.12.13 Server Port Number : 49 Tacacs Server Group:...
Page 730: Aaa Accounting Commands
| Authentication Commands HAPTER ES-4500G Series Table 67: AAA Commands (Continued) Command Function Mode authorization exec Applies an authorization method to local console, Line Telnet or SSH connections show accounting Displays all accounting information This command enables the accounting of Exec mode commands. Use the aaa accounting no form to disable the accounting service.
Page 731: Aaa Accounting Dot1X
| Authentication Commands HAPTER ES-4500G Series XAMPLE Console(config)#aaa accounting commands 15 default start-stop group tacacs+ Console(config)# This command enables the accounting of requested 802.1X services for aaa accounting network access. Use the no form to disable the accounting service. dot1x YNTAX aaa accounting dot1x {default | method-name} start-stop group {radius | tacacs+ |server-group}...
Page 732: Aaa Accounting Exec
| Authentication Commands HAPTER ES-4500G Series This command enables the accounting of requested Exec services for aaa accounting exec network access. Use the no form to disable the accounting service. YNTAX aaa accounting exec {default | method-name} start-stop group {radius | tacacs+ |server-group} no aaa accounting exec {default | method-name} default - Specifies the default accounting method for service requests.
Page 733: Aaa Accounting Update
| Authentication Commands HAPTER ES-4500G Series This command enables the sending of periodic updates to the accounting aaa accounting server. Use the no form to disable accounting updates. update YNTAX aaa accounting update [periodic interval] no aaa accounting update interval - Sends an interim accounting record to the server at this interval.
Page 734: Aaa Group Server
| Authentication Commands HAPTER ES-4500G Series EFAULT ETTING Authorization is not enabled No servers are specified OMMAND Global Configuration OMMAND SAGE This command performs authorization to determine if a user is allowed ◆ to run an Exec shell. ◆ AAA authentication must be enabled before authorization is enabled. If this command is issued without a specified named method, the ◆...
Page 735: Server
| Authentication Commands HAPTER ES-4500G Series This command adds a security server to an AAA server group. Use the no server form to remove the associated server from the group. YNTAX [no] server {index | ip-address} index - Specifies the server index. (Range: RADIUS 1-5, TACACS+ 1) ip-address - Specifies the host IP address of a server.
Page 736: Accounting Exec
| Authentication Commands HAPTER ES-4500G Series XAMPLE Console(config)#interface ethernet 1/2 Console(config-if)#accounting dot1x tps Console(config-if)# This command applies an accounting method to local console, Telnet or accounting exec SSH connections. Use the no form to disable accounting on the line. YNTAX accounting exec {default | list-name} no accounting exec default - Specifies the default method list created with the...
Page 737: Show Accounting
| Authentication Commands HAPTER ES-4500G Series OMMAND Line Configuration XAMPLE Console(config)#line console Console(config-line)#authorization exec tps Console(config-line)#exit Console(config)#line vty Console(config-line)#authorization exec default Console(config-line)# This command displays the current accounting settings per function and show accounting per port. YNTAX show accounting [commands [level]] | [[dot1x [statistics [username user-name | interface interface]] | exec [statistics] | statistics] commands - Displays command accounting information.
Page 738: Web Server
| Authentication Commands HAPTER Web Server ES-4500G Series Method List : tps Group List : radius Interface : Eth 1/2 Accounting Type : EXEC Method List : default Group List : tacacs+ Interface : vty Console# ERVER This section describes commands used to configure web browser management access to the switch.
Page 739: Ip Http Server
| Authentication Commands HAPTER Web Server ES-4500G Series ELATED OMMANDS ip http server (739) show system (643) This command allows this device to be monitored or configured from a ip http server browser. Use the no form to disable this function. YNTAX [no] ip http server EFAULT...
Page 740: Table 69: Https System Support
| Authentication Commands HAPTER Web Server ES-4500G Series When you start HTTPS, the connection is established in this way: ◆ The client authenticates the server using the server’s digital ■ certificate. The client and server negotiate a set of security protocols to use for ■...
Page 741: Ip Http Secure-Port
| Authentication Commands HAPTER Telnet Server ES-4500G Series This command specifies the UDP port number used for HTTPS connection to ip http secure-port the switch’s web interface. Use the no form to restore the default port. YNTAX ip http secure-port port_number no ip http secure-port port_number –...
Page 742: Ip Telnet Max-Sessions
| Authentication Commands HAPTER Telnet Server ES-4500G Series This switch also supports a Telnet client function. A Telnet connection can be made from this switch to another device by entering the telnet command at the Privileged Exec configuration level. This command specifies the maximum number of Telnet sessions that can ip telnet max- simultaneously connect to this system.
Page 743: Ip Telnet Server
| Authentication Commands HAPTER Telnet Server ES-4500G Series OMMAND Global Configuration XAMPLE Console(config)#ip telnet port 123 Console(config)# This command allows this device to be monitored or configured from ip telnet server Telnet. Use the no form to disable this function. YNTAX [no] ip telnet server EFAULT...
Page 744: Secure Shell
| Authentication Commands HAPTER Secure Shell ES-4500G Series ECURE HELL This section describes the commands used to configure the SSH server. Note that you also need to install a SSH client on the management station when using this protocol to configure the switch. The switch supports both SSH Version 1.5 and 2.0 clients.
Page 745 | Authentication Commands HAPTER Secure Shell ES-4500G Series To use the SSH server, complete these steps: Generate a Host Key Pair – Use the ip ssh crypto host-key generate command to create a host public/private key pair. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch.
Page 746 | Authentication Commands HAPTER Secure Shell ES-4500G Series To use SSH with only password authentication, the host public key must still be given to the client, either during initial connection or manually entered into the known host file. However, you do not need to configure the client's keys.
Page 747: Ip Ssh Authentication-Retries
| Authentication Commands HAPTER Secure Shell ES-4500G Series This command configures the number of times the SSH server attempts to ip ssh reauthenticate a user. Use the no form to restore the default setting. authentication- retries YNTAX ip ssh authentication-retries count no ip ssh authentication-retries count –...
Page 748: Ip Ssh Server-Key Size
| Authentication Commands HAPTER Secure Shell ES-4500G Series XAMPLE Console#ip ssh crypto host-key generate dsa Console#configure Console(config)#ip ssh server Console(config)# ELATED OMMANDS ip ssh crypto host-key generate (749) show ssh (753) This command sets the SSH server key size. Use the no form to restore the ip ssh server-key default setting.
Page 749: Delete Public-Key
| Authentication Commands HAPTER Secure Shell ES-4500G Series OMMAND Global Configuration OMMAND SAGE The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase. Once an SSH session has been established, the timeout for user input is controlled by the exec-timeout command for vty sessions.
Page 750: Ip Ssh Crypto Zeroize
| Authentication Commands HAPTER Secure Shell ES-4500G Series EFAULT ETTING Generates both the DSA and RSA key pairs. OMMAND Privileged Exec OMMAND SAGE The switch uses only RSA Version 1 for SSHv1.5 clients and DSA ◆ Version 2 for SSHv2 clients. This command stores the host key pair in memory (i.e., RAM).
Page 751: Ip Ssh Save Host-Key
| Authentication Commands HAPTER Secure Shell ES-4500G Series The SSH server must be disabled before you can execute this ◆ command. XAMPLE Console#ip ssh crypto zeroize dsa Console# ELATED OMMANDS ip ssh crypto host-key generate (749) ip ssh save host-key (751) no ip ssh server (747) This command saves the host key from RAM to flash memory.
Page 752: Show Public-Key
| Authentication Commands HAPTER Secure Shell ES-4500G Series This command shows the public key for the specified user or for the host. show public-key YNTAX show public-key [user [username]| host] username – Name of an SSH user. (Range: 1-8 characters) EFAULT ETTING Shows all public keys.
Page 753: Show Ssh
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series This command displays the current SSH server connections. show ssh OMMAND Privileged Exec XAMPLE Console#show ssh Connection Version State Username Encryption Session-Started admin ctos aes128-cbc-hmac-md5 stoc aes128-cbc-hmac-md5 Console# Table 72: show ssh - display description Field Description Session...
Page 754: Dot1X Default
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series Table 73: 802.1X Port Authentication Commands (Continued) Command Function Mode dot1x timeout quiet-period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client dot1x timeout re- Sets the time period after which a connected client...
Page 755: Dot1X System-Auth-Control
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series When this device is functioning as an edge switch but does not require ◆ any attached clients to be authenticated, the no dot1x eapol-pass- through command can be used to discard unnecessary EAPOL traffic. XAMPLE This example instructs the switch to pass all EAPOL frame through to any ports in STP forwarding state.
Page 756: Dot1X Max-Req
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series OMMAND SAGE For guest VLAN assignment to be successful, the VLAN must be configured and set as active (see the vlan database command) and assigned as the guest VLAN for the port (see the network-access guest-vlan command).
Page 757: Dot1X Operation-Mode
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series This command allows hosts (clients) to connect to an 802.1X-authorized dot1x operation- port. Use the no form with no keywords to restore the default to single mode host. Use the no form with the multi-host max-count keywords to restore the default maximum count.
Page 758: Dot1X Port-Control
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series This command sets the dot1x mode on a port interface. Use the no form to dot1x port-control restore the default. YNTAX dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control auto –...
Page 759: Dot1X Timeout Quiet-Period
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series XAMPLE Console(config)#interface eth 1/2 Console(config-if)#dot1x re-authentication Console(config-if)# ELATED OMMANDS dot1x timeout re-authperiod (759) This command sets the time that a switch port waits after the maximum dot1x timeout quiet- request count (see page 756) has been exceeded before attempting to period...
Page 760: Dot1X Timeout Supp-Timeout
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series XAMPLE Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout re-authperiod 300 Console(config-if)# This command sets the time that an interface on the switch waits for a dot1x timeout supp- response to an EAP request from a client before re-transmitting an EAP timeout packet.
Page 761: Dot1X Re-Authenticate
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series EFAULT 30 seconds OMMAND Interface Configuration XAMPLE Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout tx-period 300 Console(config-if)# This command forces re-authentication on all ports or a specific interface. dot1x re- authenticate YNTAX dot1x re-authenticate [interface] interface ethernet unit/port unit - Stack unit.
Page 762: Show Dot1X
| Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series This command shows general port authentication related settings on the show dot1x switch or a specific interface. YNTAX show dot1x [statistics] [interface interface] statistics - Displays dot1x status for each port. interface ethernet unit/port unit - Stack unit.
Page 763 | Authentication Commands HAPTER 802.1X Port Authentication ES-4500G Series Operation Mode– Shows if single or multiple hosts (clients) can ■ connect to an 802.1X-authorized port. Port Control–Shows the dot1x mode on a port as auto, force- ■ authorized, or force-unauthorized (page 758).
Page 764: Management Ip Filter
| Authentication Commands HAPTER Management IP Filter ES-4500G Series Quiet Period : 60 TX Period : 30 Supplicant Timeout : 30 Server Timeout : 10 Reauth Max Retries Max Request Operation Mode : Multi-host Port Control : Auto Intrusion Action : Block traffic Supplicant : 00-e0-29-94-34-65...
Page 765: Management
| Authentication Commands HAPTER Management IP Filter ES-4500G Series This command specifies the client IP addresses that are allowed management management access to the switch through various protocols. Use the no form to restore the default setting. YNTAX [no] management {all-client | http-client | snmp-client | telnet-client} start-address [end-address] all-client - Adds IP address(es) to all groups.
Page 766: Show Management
| Authentication Commands HAPTER Management IP Filter ES-4500G Series This command displays the client IP addresses that are allowed show management management access to the switch through various protocols. YNTAX show management {all-client | http-client | snmp-client | telnet-client} all-client - Displays IP addresses for all groups. http-client - Displays IP addresses for the web group.
Page 767: General Security Measures
ENERAL ECURITY EASURES ES-4500G Series This switch supports many methods of segregating traffic for clients attached to each of the data ports, and for ensuring that only authorized clients gain access to the network. Private VLANs and Port-based authentication using IEEE 802.1X are commonly used for these purposes. In addition to these method, several other options of providing client security are described in this chapter.
Page 768: Port Security
| General Security Measures HAPTER Port Security ES-4500G Series ECURITY These commands can be used to enable port security on a port. When MAC address learning is disabled on an interface, only incoming traffic with source addresses already stored in the dynamic or static address table for this port will be authorized to access the network.
Page 769: Port Security
| General Security Measures HAPTER Port Security ES-4500G Series The mac-learning commands cannot be used if 802.1X Port ◆ Authentication has been globally enabled on the switch with the dot1x system-auth-control command, or if MAC Address Security has been enabled by the port security command on the same interface.
Page 770 | General Security Measures HAPTER Port Security ES-4500G Series addresses when it reaches a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted. First use the port security max-mac-count command to set the ◆...
Page 771: Network Access (Mac Address Authentication)
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series (MAC A ETWORK CCESS DDRESS UTHENTICATION Network Access authentication controls access to the network by authenticating the MAC address of each host that attempts to connect to a switch port.
Page 772: Network-Access Aging
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Use this command to enable aging for authenticated MAC addresses stored network-access in the secure MAC address table. Use the no form of this command to aging disable address aging. YNTAX [no] network-access aging EFAULT...
Page 773: Mac-Authentication Reauth-Time
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series OMMAND Global Configuration OMMAND SAGE Specified addresses are exempt from network access authentication. ◆ This command is different from configuring static addresses with the ◆ mac-address-table static command in that it allows you configure a range of addresses when using a mask, and then to assign these addresses to one or more ports with the network-access port-mac-filter...
Page 774: Network-Access Dynamic-Qos
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Use this command to enable the dynamic QoS feature for an authenticated network-access port. Use the no form to restore the default. dynamic-qos YNTAX [no] network-access dynamic-qos EFAULT ETTING Disabled OMMAND...
Page 775: Network-Access Dynamic-Vlan
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series XAMPLE The following example enables the dynamic QoS feature on port 1. Console(config)#interface ethernet 1/1 Console(config-if)#network-access dynamic-qos Console(config-if)# Use this command to enable dynamic VLAN assignment for an network-access authenticated port.
Page 776: Network-Access Guest-Vlan
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Use this command to assign all traffic on a port to a guest VLAN when network-access 802.1x authentication is rejected. Use the no form of this command to guest-vlan disable guest VLAN assignment.
Page 777: Network-Access Link-Detection Link-Down
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Use this command to detect link-down events. When detected, the switch network-access can shut down the port, send an SNMP trap, or both. Use the no form of link-detection link- this command to disable this feature.
Page 778: Network-Access Link-Detection Link-Up-Down
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series XAMPLE Console(config)#interface ethernet 1/1 Console(config-if)#network-access link-detection link-up action trap Console(config-if)# Use this command to detect link-up and link-down events. When either network-access event is detected, the switch can shut down the port, send an SNMP trap, link-detection link- or both.
Page 779: Network-Access Mode Mac-Authentication
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series OMMAND Interface Configuration OMMAND SAGE The maximum number of MAC addresses per port is 1024, and the maximum number of secure MAC addresses supported for the switch system is 1024. When the limit is reached, all new MAC addresses are treated as authentication failures.
Page 780: Network-Access Port-Mac-Filter
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series When port status changes to down, all MAC addresses are cleared from ◆ the secure MAC address table. Static VLAN assignments are not restored. The RADIUS server may optionally return a VLAN identifier list. VLAN ◆...
Page 781: Mac-Authentication Intrusion-Action
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Use this command to configure the port response to a host MAC mac-authentication authentication failure. Use the no form of this command to restore the intrusion-action default. YNTAX mac-authentication intrusion-action {block traffic | pass traffic} no mac-authentication intrusion-action EFAULT...
Page 782: Show Network-Access
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Use this command to display the MAC authentication settings for port show network- interfaces. access YNTAX show network-access [interface interface] interface - Specifies a port interface. ethernet unit/port unit - Stack unit.
Page 783: Show Network-Access Mac-Address-Table
| General Security Measures HAPTER Network Access (MAC Address Authentication) ES-4500G Series Use this command to display secure MAC address table entries. show network- access mac- address-table YNTAX show network-access mac-address-table [static | dynamic] [address mac-address [mask]] [interface interface] [sort {address | interface}] static - Specifies static address entries.
Page 784: Show Network-Access Mac-Filter
| General Security Measures HAPTER Web Authentication ES-4500G Series Use this command to display information for entries in the MAC filter show network- tables. access mac-filter YNTAX show network-access mac-filter [filter-id] filter-id - Specifies a MAC address filter table. (Range: 1-64) EFAULT ETTING Displays all filters.
Page 785: Web-Auth Login-Attempts
| General Security Measures HAPTER Web Authentication ES-4500G Series Table 79: Web Authentication (Continued) Command Function Mode web-auth system-auth- Enables web authentication globally for the switch control web-auth Enables web authentication for an interface web-auth re-authenticate Ends all web authentication sessions on the port (Port) and forces the users to re-authenticate web-auth re-authenticate (IP)
Page 786: Web-Auth Quiet-Period
| General Security Measures HAPTER Web Authentication ES-4500G Series This command defines the amount of time a host must wait after exceeding web-auth quiet- the limit for failed login attempts, before it may attempt web period authentication again. Use the no form to restore the default. YNTAX web-auth quiet-period time no web-auth quiet period...
Page 787: Web-Auth System-Auth-Control
| General Security Measures HAPTER Web Authentication ES-4500G Series This command globally enables web authentication for the switch. Use the web-auth system- no form to restore the default. auth-control YNTAX [no] web-auth system-auth-control EFAULT ETTING Disabled OMMAND Global Configuration OMMAND SAGE Both web-auth system-auth-control for the switch and web-auth...
Page 788: Web-Auth Re-Authenticate (Port)
| General Security Measures HAPTER Web Authentication ES-4500G Series This command ends all web authentication sessions connected to the port web-auth re- and forces the users to re-authenticate. authenticate (Port) YNTAX web-auth re-authenticate interface interface interface - Specifies a port interface. ethernet unit/port unit - Stack unit.
Page 789: Show Web-Auth
| General Security Measures HAPTER Web Authentication ES-4500G Series This command displays global web authentication parameters. show web-auth OMMAND Privileged Exec XAMPLE Console#show web-auth Global Web-Auth Parameters System Auth Control : Enabled Session Timeout : 3600 Quiet Period : 60 Max Login Attempts Console# This command displays interface-specific web authentication parameters...
Page 790: Show Web-Auth Summary
| General Security Measures HAPTER DHCP Snooping ES-4500G Series This command displays a summary of web authentication port parameters show web-auth and statistics. summary OMMAND Privileged Exec XAMPLE Console#show web-auth summary Global Web-Auth Parameters System Auth Control : Enabled Port Status Authenticated Host Count ----...
Page 791: Ip Dhcp Snooping
| General Security Measures HAPTER DHCP Snooping ES-4500G Series This command enables DHCP snooping globally. Use the no form to restore ip dhcp snooping the default setting. YNTAX [no] ip dhcp snooping EFAULT ETTING Disabled OMMAND Global Configuration OMMAND SAGE Network traffic may be disrupted when malicious DHCP messages are ◆...
Page 792 | General Security Measures HAPTER DHCP Snooping ES-4500G Series If the DHCP packet is from a client, such as a DECLINE or ■ RELEASE message, the switch forwards the packet only if the corresponding entry is found in the binding table. If the DHCP packet is from client, such as a DISCOVER, ■...
Page 793: Ip Dhcp Snooping Database Flash
| General Security Measures HAPTER DHCP Snooping ES-4500G Series This command writes all dynamically learned snooping entries to flash ip dhcp snooping memory. database flash OMMAND Privileged Exec OMMAND SAGE This command can be used to store the currently learned dynamic DHCP snooping entries to flash memory.
Page 794: Ip Dhcp Snooping Information Policy
| General Security Measures HAPTER DHCP Snooping ES-4500G Series Use the ip dhcp snooping information option command to specify ◆ how to handle DHCP client request packets which already contain Option 82 information. XAMPLE This example enables the DHCP Snooping Information Option. Console(config)#ip dhcp snooping information option Console(config)# This command sets the DHCP snooping information option policy for DHCP...
Page 795: Ip Dhcp Snooping Verify Mac-Address
| General Security Measures HAPTER DHCP Snooping ES-4500G Series This command verifies the client’s hardware address stored in the DHCP ip dhcp snooping packet against the source MAC address in the Ethernet header. Use the no verify mac-address form to disable this function. YNTAX [no] ip dhcp binding verify mac-address EFAULT...
Page 796: Ip Dhcp Snooping Trust
| General Security Measures HAPTER DHCP Snooping ES-4500G Series When the DHCP snooping is globally disabled, DHCP snooping can still ◆ be configured for specific VLANs, but the changes will not take effect until DHCP snooping is globally re-enabled. When DHCP snooping is globally enabled, configuration changes for ◆...
Page 797: Clear Ip Dhcp Snooping Database Flash
| General Security Measures HAPTER DHCP Snooping ES-4500G Series When an untrusted port is changed to a trusted port, all the dynamic ◆ DHCP snooping bindings associated with this port are removed. Additional considerations when the switch itself is a DHCP client – The ◆...
Page 798: Show Ip Dhcp Snooping
| General Security Measures HAPTER DHCP Snooping ES-4500G Series This command shows the DHCP snooping configuration settings. show ip dhcp snooping OMMAND Privileged Exec XAMPLE Console#show ip dhcp snooping Global DHCP Snooping status: disable DHCP Snooping Information Option Status: disable DHCP Snooping Information Policy: replace DHCP Snooping is configured on the following VLANs: Verify Source Mac-Address: enable...
Page 799: Ip Source Guard
| General Security Measures HAPTER IP Source Guard ES-4500G Series IP S OURCE UARD IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table when enabled (see "DHCP Snooping"...
Page 800 | General Security Measures HAPTER IP Source Guard ES-4500G Series OMMAND Global Configuration OMMAND SAGE Table entries include a MAC address, IP address, lease time, entry type ◆ (Static-IP-SG-Binding, Dynamic-DHCP-Binding), VLAN identifier, and port identifier. All static entries are configured with an infinite lease time, which is ◆...
Page 801: Ip Source-Guard
| General Security Measures HAPTER IP Source Guard ES-4500G Series This command configures the switch to filter inbound traffic based source ip source-guard IP address, or source IP address and corresponding MAC address. Use the no form to disable this function. YNTAX ip source-guard {sip | sip-mac} no ip source-guard...
Page 802: Ip Source-Guard Max-Binding
| General Security Measures HAPTER IP Source Guard ES-4500G Series Filtering rules are implemented as follows: ◆ If DHCP snooping is disabled (see page 791), IP source guard will ■ check the VLAN ID, source IP address, port number, and source MAC address (for the sip-mac option).
Page 803: Show Ip Source-Guard
| General Security Measures HAPTER IP Source Guard ES-4500G Series OMMAND SAGE ◆ This command sets the maximum number of address entries that can be mapped to an interface in the binding table, including both dynamic entries discovered by DHCP snooping and static entries set by the source-guard command.
Page 804: Arp Inspection
| General Security Measures HAPTER ARP Inspection ES-4500G Series XAMPLE Console#show ip source-guard binding MacAddress IpAddress Lease(sec) Type VLAN Interface ----------------- --------------- ---------- -------------------- ---- -------- 11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5 Console# ARP I NSPECTION ARP Inspection validates the MAC-to-IP address bindings in Address Resolution Protocol (ARP) packets.
Page 805: Ip Arp Inspection
| General Security Measures HAPTER ARP Inspection ES-4500G Series Table 82: ARP Inspection Commands (Continued) Command Function Mode show ip arp inspection Shows statistics about the number of ARP packets statistics processed, or dropped for various reasons show ip arp inspection vlan Shows configuration setting for VLANs, including ARP Inspection status, the ARP ACL name, and if the DHCP Snooping database is used after ACL...
Page 806: Ip Arp Inspection Filter
| General Security Measures HAPTER ARP Inspection ES-4500G Series This command specifies an ARP ACL to apply to one or more VLANs. Use ip arp inspection the no form to remove an ACL binding. filter YNTAX ip arp inspection filter arp-acl-name vlan {vlan-id | vlan-range} [static] arp-acl-name - Name of an ARP ACL.
Page 807: Ip Arp Inspection Log-Buffer Logs
| General Security Measures HAPTER ARP Inspection ES-4500G Series This command sets the maximum number of entries saved in a log ip arp inspection message, and the rate at which these messages are sent. Use the no form log-buffer logs to restore the default settings.
Page 808: Ip Arp Inspection Validate
| General Security Measures HAPTER ARP Inspection ES-4500G Series This command specifies additional validation of address components in an ip arp inspection ARP packet. Use the no form to restore the default setting. validate YNTAX ip arp inspection validate {dst-mac [ip] [src-mac] | ip [src-mac] | src-mac} no ip arp inspection validate dst-mac - Checks the destination MAC address in the Ethernet...
Page 809: Ip Arp Inspection Limit
| General Security Measures HAPTER ARP Inspection ES-4500G Series EFAULT ETTING Disabled on all VLANs OMMAND Global Configuration OMMAND SAGE When ARP Inspection is enabled globally with the ip arp inspection ◆ command, it becomes active only on those VLANs where it has been enabled with this command.
Page 810: Ip Arp Inspection Trust
| General Security Measures HAPTER ARP Inspection ES-4500G Series OMMAND Interface Configuration (Port) OMMAND SAGE This command only applies to untrusted ports. ◆ When the rate of incoming ARP packets exceeds the configured limit, ◆ the switch drops all ARP packets in excess of the limit. XAMPLE Console(config)#interface ethernet 1/1 Console(config-if)#ip arp inspection limit 150...
Page 811: Show Ip Arp Inspection Interface
| General Security Measures HAPTER ARP Inspection ES-4500G Series XAMPLE Console#show ip arp inspection configuration ARP inspection global information: Global IP ARP Inspection status : disabled Log Message Interval : 10 s Log Message Number Need Additional Validation(s) : Yes Additional Validation Type : Destination MAC address Console#...
Page 812: Show Ip Arp Inspection Statistics
| General Security Measures HAPTER ARP Inspection ES-4500G Series This command shows statistics about the number of ARP packets show ip arp processed, or dropped for various reasons. inspection statistics OMMAND Privileged Exec XAMPLE Console#show ip arp inspection log Total log entries number is 1 Num VLAN Port Src IP Address Dst IP Address Src MAC Address...
Page 813: Lists
CCESS ONTROL ISTS ES-4500G Series Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames (based on address, DSCP traffic class, next header type, or flow label), or any frames (based on MAC address or Ethernet type).
Page 814: Access-List Ip
| Access Control Lists HAPTER IPv4 ACLs ES-4500G Series This command adds an IP access list and enters configuration mode for access-list ip standard or extended IPv4 ACLs. Use the no form to remove the specified ACL. YNTAX [no] access-list ip {standard | extended} acl-name standard –...
Page 815: Permit, Deny (Standard Ip Acl)
| Access Control Lists HAPTER IPv4 ACLs ES-4500G Series This command adds a rule to a Standard IPv4 ACL. The rule sets a filter permit, deny condition for packets emanating from the specified source. Use the no (Standard IP ACL) form to remove a rule.
Page 816: Permit, Deny (Extended Ipv4 Acl)
| Access Control Lists HAPTER IPv4 ACLs ES-4500G Series This command adds a rule to an Extended IPv4 ACL. The rule sets a filter permit, deny condition for packets with specific source or destination IP addresses, (Extended IPv4 ACL) protocol types, source or destination protocol ports, or TCP control codes. Use the no form to remove a rule.
Page 817 | Access Control Lists HAPTER IPv4 ACLs ES-4500G Series port-bitmask – Decimal number representing the port bits to match. (Range: 0-65535) control-flags – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63) flag-bitmask –...
Page 818: Ip Access-Group
| Access Control Lists HAPTER IPv4 ACLs ES-4500G Series XAMPLE This example accepts any incoming packets if the source address is within subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.
Page 819: Show Ip Access-Group
| Access Control Lists HAPTER IPv4 ACLs ES-4500G Series OMMAND SAGE ◆ Only one ACL can be bound to a port. If an ACL is already bound to a port and you bind a different ACL to it, ◆ the switch will replace the old binding with the new one. XAMPLE Console(config)#int eth 1/2 Console(config-if)#ip access-group david in...
Page 820: Ipv6 Acls
| Access Control Lists HAPTER IPv6 ACLs ES-4500G Series XAMPLE Console#show ip access-list standard IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 255.255.15.0 Console# ELATED OMMANDS permit, deny (815) ip access-group (818) 6 ACL The commands in this section configure ACLs based on IPv6 address, DSCP traffic class, next header type, or flow label.
Page 821: Permit, Deny (Standard Ipv6 Acl)
| Access Control Lists HAPTER IPv6 ACLs ES-4500G Series OMMAND Global Configuration OMMAND SAGE When you create a new ACL or enter configuration mode for an existing ◆ ACL, use the permit or deny command to add new rules to the bottom of the list.
Page 822: Permit, Deny (Extended Ipv6 Acl)
| Access Control Lists HAPTER IPv6 ACLs ES-4500G Series EFAULT ETTING None OMMAND Standard IPv6 ACL OMMAND SAGE New rules are appended to the end of the list. XAMPLE This example configures one permit rule for the specific address 2009:DB9:2229::79 and another rule for the addresses with the network prefix 2009:DB9:2229:5::/64.
Page 823 | Access Control Lists HAPTER IPv6 ACLs ES-4500G Series routers, such as non-default quality of service or “real-time” service (see RFC 2460). (Range: 0-16777215) next-header – Identifies the type of header immediately following the IPv6 header. (Range: 0-255) time-range-name - Name of the time range. (Range: 1-30 characters) EFAULT ETTING...
Page 824: Show Ipv6 Access-List
| Access Control Lists HAPTER IPv6 ACLs ES-4500G Series XAMPLE This example accepts any incoming packets if the destination address is 2009:DB9:2229::79/8. Console(config-ext-ipv6-acl)#permit 2009:DB9:2229::79/8 Console(config-ext-ipv6-acl)# This allows packets to any destination address when the DSCP value is 5. Console(config-ext-ipv6-acl)#permit any dscp 5 Console(config-ext-ipv6-acl)# This allows any packets sent to the destination 2009:DB9:2229::79/48 when the flow label is 43.”...
Page 825: Ipv6 Access-Group
| Access Control Lists HAPTER IPv6 ACLs ES-4500G Series This command binds a port to an IPv6 ACL. Use the no form to remove the ipv6 access-group port. YNTAX ipv6 access-group acl-name in [time-range time-range-name] no ipv6 access-group acl-name in acl-name –...
Page 826: Mac Acls
| Access Control Lists HAPTER MAC ACLs ES-4500G Series ELATED OMMANDS ipv6 access-group (825) MAC ACL The commands in this section configure ACLs based on hardware addresses, packet format, and Ethernet type. To configure MAC ACLs, first create an access list containing the required permit or deny rules, and then bind the access list to one or more ports.
Page 827: (Mac Acl)
| Access Control Lists HAPTER MAC ACLs ES-4500G Series XAMPLE Console(config)#access-list mac jerry Console(config-mac-acl)# ELATED OMMANDS permit, deny (827) mac access-group (829) show mac access-list (830) This command adds a rule to a MAC ACL. The rule filters packets matching permit, deny a specified MAC source or destination address (i.e., physical layer address), (MAC ACL)
Page 828 | Access Control Lists HAPTER MAC ACLs ES-4500G Series {permit | deny} tagged-802.3 {any | host source | source address-bitmask} {any | host destination | destination address-bitmask} [vid vid vid-bitmask] [time-range time-range-name] no {permit | deny} tagged-802.3 {any | host source | source address-bitmask} {any | host destination | destination address-bitmask} [vid vid vid-bitmask] {permit | deny} untagged-802.3...
Page 829: Mac Access-Group
| Access Control Lists HAPTER MAC ACLs ES-4500G Series OMMAND SAGE ◆ New rules are added to the end of the list. The ethertype option can only be used to filter Ethernet II formatted ◆ packets. ◆ A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include the following: 0800 - IP ■...
Page 830: Show Mac Access-Group
| Access Control Lists HAPTER MAC ACLs ES-4500G Series XAMPLE Console(config)#interface ethernet 1/2 Console(config-if)#mac access-group jerry in Console(config-if)# ELATED OMMANDS show mac access-list (830) Time Range (679) This command shows the ports assigned to MAC ACLs. show mac access- group OMMAND Privileged Exec XAMPLE...
Page 831: Arp Acls
| Access Control Lists HAPTER ARP ACLs ES-4500G Series ARP ACL The commands in this section configure ACLs based on the IP or MAC address contained in ARP request and reply messages. To configure ARP ACLs, first create an access list containing the required permit or deny rules, and then bind the access list to one or more VLANs using the ip arp inspection vlan...
Page 832: Permit, Deny (Arp Acl)
| Access Control Lists HAPTER ARP ACLs ES-4500G Series This command adds a rule to an ARP ACL. The rule filters packets matching permit, deny (ARP a specified source or destination address in ARP messages. Use the no ACL) form to remove a rule. YNTAX [no] {permit | deny} ip {any | host source-ip | source-ip ip-address-bitmask}...
Page 833: Show Arp Access-List
| Access Control Lists HAPTER ARP ACLs ES-4500G Series XAMPLE This rule permits packets from any source IP and MAC address to the destination subnet address 192.168.0.0. Console(config-arp-acl)#$permit response ip any 192.168.0.0 255.255.0.0 mac any any Console(config-mac-acl)# ELATED OMMANDS access-list arp (831) This command displays the rules for configured ARP ACLs.
Page 834: Acl Information
| Access Control Lists HAPTER ACL Information ES-4500G Series ACL I NFORMATION This section describes commands used to display ACL information. Table 88: ACL Information Commands Command Function Mode show access-group Shows the ACLs assigned to each port show access-list Show all ACLs and associated rules This command shows the port assignments of ACLs.
Page 835: Interface
NTERFACE OMMANDS ES-4500G Series These commands are used to display or set communication parameters for an Ethernet port, aggregated link, or VLAN; or perform cable diagnostics on the specified interface. Table 89: Interface Commands Command Function Mode Interface Configuration interface Configures an interface type and enters interface configuration mode alias...
Page 836: Interface
| Interface Commands HAPTER ES-4500G Series This command configures an interface type and enters interface interface configuration mode. Use the no form with a trunk to remove an inactive interface. Use the no form with a Layer 3 VLAN (normal type) to change it back to a Layer 2 interface.
Page 837: Capabilities
| Interface Commands HAPTER ES-4500G Series OMMAND SAGE The alias is displayed in the running-configuration file. An example of the value which a network manager might store in this object for a WAN interface is the (Telco's) circuit number/identifier of the interface. XAMPLE The following example adds an alias to port 4.
Page 838: Description
| Interface Commands HAPTER ES-4500G Series The 1000BASE-T and 10GBASE-T standard does not support forced ◆ mode. Auto-negotiation should always be used to establish a connection over any 1000BASE-T and 10GBASE-T port or trunk. When auto-negotiation is enabled with the negotiation command, the ◆...
Page 839: Flowcontrol
| Interface Commands HAPTER ES-4500G Series XAMPLE The following example adds a description to port 4. Console(config)#interface ethernet 1/4 Console(config-if)#description RD-SW#3 Console(config-if)# This command enables flow control. Use the no form to disable flow flowcontrol control. YNTAX [no] flowcontrol EFAULT ETTING Disabled OMMAND...
Page 840: Media-Type
| Interface Commands HAPTER ES-4500G Series Console(config-if)#no negotiation Console(config-if)# ELATED OMMANDS negotiation (840) capabilities (flowcontrol, symmetric) (837) This command forces the port type selected for combination ports 25-26. media-type Use the no form to restore the default mode. YNTAX media-type mode no media-type mode copper-forced - Always uses the built-in RJ-45 port.
Page 841: Shutdown
| Interface Commands HAPTER ES-4500G Series OMMAND Interface Configuration (Ethernet, Port Channel) OMMAND SAGE 1000BASE-T and 10GBASE-T do not support forced mode. Auto- ◆ negotiation should always be used to establish a connection over any 1000BASE-T and 10GBASE-T port or trunk. When auto-negotiation is enabled the switch will negotiate the best ◆...
Page 842: Speed-Duplex
| Interface Commands HAPTER ES-4500G Series XAMPLE The following example disables port 5. Console(config)#interface ethernet 1/5 Console(config-if)#shutdown Console(config-if)# This command configures the speed and duplex mode of a given interface speed-duplex when auto-negotiation is disabled. Use the no form to restore the default. YNTAX speed-duplex {1000full | 100full | 100half | 10full | 10half} no speed-duplex...
Page 843: Switchport Mtu
| Interface Commands HAPTER ES-4500G Series XAMPLE The following example configures port 5 to 100 Mbps, half-duplex operation. Console(config)#interface ethernet 1/5 Console(config-if)#speed-duplex 100half Console(config-if)#no negotiation Console(config-if)# ELATED OMMANDS negotiation (840) capabilities (837) This command configures the maximum transfer unit (MTU) allowed for switchport mtu layer 2 packets crossing a Gigabit or 10 Gigabit Ethernet port or trunk.
Page 844: Switchport Packet-Rate
| Interface Commands HAPTER ES-4500G Series For other traffic types, calculation of overall frame size is basically the ◆ same, including the additional header fields SA(6) + DA(6) + Type(2) + VLAN-Tag(4) (for tagged packets, for untaqged packets, the 4-byte field will not be added by switch), and the payload.
Page 845: Clear Counters
| Interface Commands HAPTER ES-4500G Series Traffic storms can be controlled at the hardware level using this ◆ command or at the software level using the auto-traffic-control command. However, only one of these control types can be applied to a port.
Page 846: Show Interfaces Counters
| Interface Commands HAPTER ES-4500G Series statistics displayed will show the absolute value accumulated since the last power reset. XAMPLE The following example clears statistics on port 5. Console#clear counters ethernet 1/5 Console# This command displays interface statistics. show interfaces counters YNTAX show interfaces counters [interface]...
Page 847: Show Interfaces Status
| Interface Commands HAPTER ES-4500G Series ===== Ether-like Stats ===== 0 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Internal Mac Transmit Errors 0 Internal Mac Receive Errors 0 Frames Too Long 0 Carrier Sense Errors...
Page 848: Show Interfaces Switchport
| Interface Commands HAPTER ES-4500G Series OMMAND Normal Exec, Privileged Exec OMMAND SAGE If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see "Displaying Connection Status" on page 135.
Page 849: Table 90: Show Interfaces Switchport - Display Description
| Interface Commands HAPTER ES-4500G Series OMMAND Normal Exec, Privileged Exec OMMAND SAGE If no interface is specified, information on all interfaces is displayed. XAMPLE This example shows the configuration setting for port 21. Console#show interfaces switchport ethernet 1/21 Information of Eth 1/1 Broadcast Threshold : Enabled, 500 packets/second LACP Status...
Page 850: Show Interfaces Transceiver
| Interface Commands HAPTER ES-4500G Series Table 90: show interfaces switchport - display description (Continued) Field Description Private-VLAN Shows the private VLAN mode as host, promiscuous, or none (942). Mode Private VLAN host- Shows the secondary (or community) VLAN with which this port is association associated (943).
Page 851: Test Cable-Diagnostics Dsp
| Interface Commands HAPTER ES-4500G Series Vendor Rev : 000 Vendor SN : 0000070904100004 Date Code : 07-03-02 Temperature : 56 degrees C : 3.33 V Bias Current : 25.34 mA TX Power : 270 uW RX Power : 0 uW Console#sh interfaces transceiver e 1/26 Information of Eth 1/26 Connector Type...
Page 852: Test Loop Internal
| Interface Commands HAPTER ES-4500G Series Potential conditions which may be listed by the diagnostics include: ◆ OK: Correctly terminated pair ■ Open: Open pair, no link partner ■ Short: Shorted pair ■ Not Supported: This message is displayed for any Gigabit Ethernet ■...
Page 853: Show Cable-Diagnostics Dsp
| Interface Commands HAPTER ES-4500G Series XAMPLE Console#test loop internal interface ethernet 1/1 Internal loopback test: succeeded Console# This command shows the results of a cable diagnostics test. show cable- diagnostics dsp YNTAX show cable-diagnostics dsp interface [interface] interface ethernet unit/port unit - Stack unit.
Page 854 | Interface Commands HAPTER ES-4500G Series XAMPLE Console#show loop internal interface ethernet 1/1 Port Test Result Last Update -------- -------------- -------------------- Eth 1/1 Succeeded 2024-07-15 15:26:56 Console# – 854 –...
Page 855: Link Aggregation Commands
GGREGATION OMMANDS ES-4500G Series Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Page 856: Channel-Group
| Link Aggregation Commands HAPTER ES-4500G Series Any of the Gigabit ports on the front panel can be trunked together, ◆ including ports of different media types. ◆ All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specified port-channel.
Page 857: Lacp
| Link Aggregation Commands HAPTER ES-4500G Series XAMPLE The following example creates trunk 1 and then adds port 11: Console(config)#interface port-channel 1 Console(config-if)#exit Console(config)#interface ethernet 1/11 Console(config-if)#channel-group 1 Console(config-if)# This command enables 802.3ad Link Aggregation Control Protocol (LACP) lacp for the current interface. Use the no form to disable it. YNTAX [no] lacp EFAULT...
Page 858: Lacp Admin-Key (Ethernet Interface)
| Link Aggregation Commands HAPTER ES-4500G Series Mac Address : 12-34-12-34-12-3F Configuration: Name Port Admin : Up Speed-duplex : Auto Capabilities : 10half, 10full, 100half, 100full, 1000full Broadcast Storm : Enabled Broadcast Storm Limit : 500 packets/second Flow Control : Disabled VLAN Trunking : Disabled Mac-Learning...
Page 859: Lacp Port-Priority
| Link Aggregation Commands HAPTER ES-4500G Series Once the remote side of a link has been established, LACP operational ◆ settings are already in use on that side. Configuring LACP settings for the partner only applies to its administrative state, not its operational state.
Page 860: Lacp System-Priority
| Link Aggregation Commands HAPTER ES-4500G Series This command configures a port's LACP system priority. Use the no form to lacp system-priority restore the default setting. YNTAX lacp {actor | partner} system-priority priority no lacp {actor | partner} system-priority actor - The local side an aggregate link. partner - The remote side of an aggregate link.
Page 861: Show Lacp
| Link Aggregation Commands HAPTER ES-4500G Series EFAULT ETTING OMMAND Interface Configuration (Port Channel) OMMAND SAGE Ports are only allowed to join the same LAG if (1) the LACP system ◆ priority matches, (2) the LACP port admin key matches, and (3) the LACP port channel key matches (if configured).
Page 862: Table 92: Show Lacp Counters - Display Description
| Link Aggregation Commands HAPTER ES-4500G Series XAMPLE Console#show lacp 1 counters Port Channel: 1 ------------------------------------------------------------------------- Eth 1/ 2 ------------------------------------------------------------------------- LACPDUs Sent : 12 LACPDUs Received Marker Sent Marker Received LACPDUs Unknown Pkts : 0 LACPDUs Illegal Pkts : 0 Table 92: show lacp counters - display description Field Description...
Page 863: Table 94: Show Lacp Neighbors - Display Description
| Link Aggregation Commands HAPTER ES-4500G Series Table 93: show lacp internal - display description (Continued) Field Description LACP Port Priority LACP port priority assigned to this interface within the channel group. Admin State, Administrative or operational values of the actor’s state parameters: Oper State Expired –...
Page 864: Table 95: Show Lacp Sysid - Display Description
| Link Aggregation Commands HAPTER ES-4500G Series Table 94: show lacp neighbors - display description (Continued) Field Description Port Oper Priority Priority value assigned to this aggregation port by the partner. Admin Key Current administrative value of the Key for the protocol partner. Oper Key Current operational value of the Key for the protocol partner.
Page 865: Port
IRRORING OMMANDS ES-4500G Series Data can be mirrored from a local port on the same switch or from a remote port on another switch for analysis at the target port using software monitoring tools or a hardware probe. This switch supports the following mirroring modes.
Page 866: Show Port Monitor
| Port Mirroring Commands HAPTER Local Port Mirroring Commands ES-4500G Series When enabled for an interface, default mirroring is for both received ◆ and transmitted packets. OMMAND Interface Configuration (Ethernet, destination port) OMMAND SAGE You can mirror traffic from any source port to a destination port for ◆...
Page 867 | Port Mirroring Commands HAPTER Local Port Mirroring Commands ES-4500G Series OMMAND SAGE This command displays the currently configured source port, destination port, and mirror mode (i.e., RX, TX, RX/TX). XAMPLE The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end...
Page 868 | Port Mirroring Commands HAPTER Local Port Mirroring Commands ES-4500G Series – 868 –...
Page 869: Rate
IMIT OMMANDS ES-4500G Series This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network.
Page 870 | Rate Limit Commands HAPTER ES-4500G Series command. It is therefore not advisable to use both of these commands on the same interface. XAMPLE Console(config)#interface ethernet 1/1 Console(config-if)#rate-limit input 64 Console(config-if)# ELATED OMMAND show interfaces switchport (848) – 870 –...
Page 871: Automatic Traffic Control Commands
UTOMATIC RAFFIC ONTROL OMMANDS ES-4500G Series Automatic Traffic Control (ATC) configures bounding thresholds for broadcast and multicast storms which can be used to trigger configured rate limits or to shut down a port. Table 99: ATC Commands Command Function Mode Threshold Commands auto-traffic-control Sets the time at which to apply the control...
Page 872 | Automatic Traffic Control Commands HAPTER ES-4500G Series Table 99: ATC Commands (Continued) Command Function Mode snmp-server enable Sends a trap when multicast traffic exceeds the IC (Port) port-traps atc upper threshold for automatic storm control and multicast-control- the apply timer expires apply snmp-server enable Sends a trap when multicast traffic falls beneath...
Page 873: Auto-Traffic-Control Apply-Timer
| Automatic Traffic Control Commands HAPTER ES-4500G Series expires. When ingress traffic falls below this threshold, ATC sends a Storm Alarm Clear Trap and logs it. When traffic falls below the alarm clear threshold after the release ◆ timer expires, traffic control will be stopped and a Traffic Control Release Trap sent and logged.
Page 874: Auto-Traffic-Control Release-Timer
| Automatic Traffic Control Commands HAPTER ES-4500G Series EFAULT ETTING 300 seconds OMMAND Global Configuration OMMAND SAGE After the apply timer expires, a control action may be triggered as specified by the auto-traffic-control action command and a trap message sent as specified by the snmp-server enable port-traps atc broadcast-control-apply command or...
Page 875: Auto-Traffic-Control
| Automatic Traffic Control Commands HAPTER ES-4500G Series XAMPLE This example sets the release timer to 800 seconds for all ports. Console(config)#auto-traffic-control broadcast release-timer 800 Console(config)# This command enables automatic traffic control for broadcast or multicast auto-traffic-control storms. Use the no form to disable this feature. YNTAX [no] auto-traffic-control {broadcast | multicast} broadcast - Specifies automatic storm control for broadcast traffic.
Page 876: Auto-Traffic-Control Action
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command sets the control action to limit ingress traffic or shut down auto-traffic-control the offending port. Use the no form to restore the default setting. action YNTAX auto-traffic-control {broadcast | multicast} action {rate-control | shutdown} no auto-traffic-control {broadcast | multicast} action broadcast - Specifies automatic storm control for broadcast traffic.
Page 877: Auto-Traffic-Control Alarm-Clear-Threshold
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command sets the lower threshold for ingress traffic beneath which a auto-traffic-control cleared storm control trap is sent. Use the no form to restore the default alarm-clear- setting. threshold YNTAX auto-traffic-control {broadcast | multicast} alarm-clear-threshold threshold no auto-traffic-control {broadcast | multicast} alarm-clear-threshold...
Page 878: Auto-Traffic-Control Alarm-Fire-Threshold
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command sets the upper threshold for ingress traffic beyond which a auto-traffic-control storm control response is triggered after the apply timer expires. Use the alarm-fire-threshold no form to restore the default setting. YNTAX auto-traffic-control {broadcast | multicast} alarm-fire-threshold threshold...
Page 879: Auto-Traffic-Control Auto-Control-Release
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command automatically releases a control response after the time auto-traffic-control specified in the auto-traffic-control release-timer command has expired. auto-control-release YNTAX auto-traffic-control {broadcast | multicast} auto-control-release broadcast - Specifies automatic storm control for broadcast traffic. multicast - Specifies automatic storm control for multicast traffic.
Page 880: Snmp-Server Enable Port-Traps Atc Broadcast-Alarm-Clear
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command sends a trap when broadcast traffic falls beneath the lower snmp-server enable threshold after a storm control response has been triggered. Use the no port-traps atc form to disable this trap. broadcast-alarm- clear YNTAX...
Page 881: Snmp-Server Enable Port-Traps Atc Broadcast-Control-Apply
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command sends a trap when broadcast traffic exceeds the upper snmp-server enable threshold for automatic storm control and the apply timer expires. Use the port-traps atc no form to disable this trap. broadcast-control- apply YNTAX...
Page 882: Snmp-Server Enable Port-Traps Atc Multicast-Alarm-Clear
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command sends a trap when multicast traffic falls beneath the lower snmp-server enable threshold after a storm control response has been triggered. Use the no port-traps atc form to disable this trap. multicast-alarm- clear YNTAX...
Page 883: Snmp-Server Enable Port-Traps Atc Multicast-Control-Apply
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command sends a trap when multicast traffic exceeds the upper snmp-server enable threshold for automatic storm control and the apply timer expires. Use the port-traps atc no form to disable this trap. multicast-control- apply YNTAX...
Page 884: Show Auto-Traffic-Control
| Automatic Traffic Control Commands HAPTER ES-4500G Series This command shows global configuration settings for automatic storm show auto-traffic- control. control OMMAND Privileged Exec XAMPLE Console#show auto-traffic-control Storm-control: Broadcast Apply-timer (sec) : 300 release-timer (sec) : 900 Storm-control: Multicast Apply-timer(sec) : 300 release-timer(sec) : 900...
Page 885: Address
DDRESS ABLE OMMANDS ES-4500G Series These commands are used to configure the address table for filtering specified addresses, displaying current entries, clearing the table, or setting the aging time. Table 100: Address Table Commands Command Function Mode mac-address-table Sets the aging time of the address table aging-time mac-address-table Maps a static address to a port in a VLAN...
Page 886: Mac-Address-Table Static
| Address Table Commands HAPTER ES-4500G Series XAMPLE Console(config)#mac-address-table aging-time 100 Console(config)# This command maps a static address to a destination port in a VLAN. Use mac-address-table the no form to remove an address. static YNTAX mac-address-table static mac-address interface interface vlan vlan-id [action] no mac-address-table static mac-address vlan vlan-id mac-address - MAC address.
Page 887: Clear Mac-Address-Table Dynamic
| Address Table Commands HAPTER ES-4500G Series XAMPLE Console(config)#mac-address-table static 00-e0-29-94-34-de interface ethernet 1/1 vlan 1 delete-on-reset Console(config)# This command removes any learned entries from the forwarding database. clear mac-address- table dynamic EFAULT ETTING None OMMAND Privileged Exec XAMPLE Console#clear mac-address-table dynamic Console# This command shows classes of entries in the bridge-forwarding database.
Page 888: Show Mac-Address-Table Aging-Time
| Address Table Commands HAPTER ES-4500G Series OMMAND SAGE ◆ The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: Learn - Dynamic address entries ■ Config - Static entry ■...
Page 889: Show Mac-Address-Table Count
| Address Table Commands HAPTER ES-4500G Series This command shows the number of MAC addresses used and the number show mac-address- of available MAC addresses for the overall system or for an interface. table count YNTAX show mac-address-table count [interface interface] interface ethernet unit/port unit - Stack unit.
Page 890 | Address Table Commands HAPTER ES-4500G Series – 890 –...
Page 891: Spanning Tree Commands
PANNING OMMANDS ES-4500G Series This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Table 101: Spanning Tree Commands Command Function Mode spanning-tree Enables the spanning tree protocol spanning-tree forward-time Configures the spanning tree bridge forward time spanning-tree hello-time...
Page 892: Spanning-Tree
| Spanning Tree Commands HAPTER ES-4500G Series Table 101: Spanning Tree Commands (Continued) Command Function Mode spanning-tree mst cost Configures the path cost of an instance in the MST spanning-tree mst port- Configures the priority of an instance in the MST priority spanning-tree port-bpdu- Floods BPDUs to other ports when global spanning tree...
Page 893: Spanning-Tree Forward-Time
| Spanning Tree Commands HAPTER ES-4500G Series XAMPLE This example shows how to enable the Spanning Tree Algorithm for the switch: Console(config)#spanning-tree Console(config)# This command configures the spanning tree bridge forward time globally spanning-tree for this switch. Use the no form to restore the default. forward-time YNTAX spanning-tree forward-time seconds...
Page 894: Spanning-Tree Max-Age
| Spanning Tree Commands HAPTER ES-4500G Series EFAULT ETTING 2 seconds OMMAND Global Configuration OMMAND SAGE This command sets the time interval (in seconds) at which the root device transmits a configuration message. XAMPLE Console(config)#spanning-tree hello-time 5 Console(config)# ELATED OMMANDS spanning-tree forward-time (893) spanning-tree max-age (894) This command configures the spanning tree bridge maximum age globally...
Page 895: Spanning-Tree Mode
| Spanning Tree Commands HAPTER ES-4500G Series ELATED OMMANDS spanning-tree forward-time (893) spanning-tree hello-time (893) This command selects the spanning tree mode for this switch. Use the no spanning-tree mode form to restore the default. YNTAX spanning-tree mode {stp | rstp | mstp} no spanning-tree mode stp - Spanning Tree Protocol (IEEE 802.1D) rstp - Rapid Spanning Tree Protocol (IEEE 802.1w)
Page 896: Spanning-Tree Pathcost Method
| Spanning Tree Commands HAPTER ES-4500G Series A spanning tree instance can exist only on bridges that have ■ compatible VLAN instance assignments. Be careful when switching between spanning tree modes. Changing ■ modes stops all spanning-tree instances for the previous mode and restarts the system in the new mode, temporarily disrupting user traffic.
Page 897: Spanning-Tree Priority
| Spanning Tree Commands HAPTER ES-4500G Series This command configures the spanning tree priority globally for this switch. spanning-tree Use the no form to restore the default. priority YNTAX spanning-tree priority priority no spanning-tree priority priority - Priority of the bridge. (Range – 0-61440, in steps of 4096; Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440) EFAULT...
Page 898: Spanning-Tree System-Bpdu-Flooding
| Spanning Tree Commands HAPTER ES-4500G Series revision (902) max-hops (899) This command configures the system to flood BPDUs to all other ports on spanning-tree the switch or just to all other ports in the same VLAN when spanning tree is system-bpdu- disabled globally on the switch or disabled on a specific port.
Page 899: Max-Hops
| Spanning Tree Commands HAPTER ES-4500G Series OMMAND SAGE This command limits the maximum transmission rate for BPDUs. XAMPLE Console(config)#spanning-tree transmission-limit 4 Console(config)# This command configures the maximum number of hops in the region max-hops before a BPDU is discarded. Use the no form to restore the default. YNTAX max-hops hop-number hop-number - Maximum hop number for multiple spanning tree.
Page 900: Mst Priority
| Spanning Tree Commands HAPTER ES-4500G Series This command configures the priority of a spanning tree instance. Use the mst priority no form to restore the default. YNTAX mst instance-id priority priority no mst instance-id priority instance-id - Instance identifier of the spanning tree. (Range: 0-4094) priority - Priority of the a spanning tree instance.
Page 901: Name
| Spanning Tree Commands HAPTER ES-4500G Series OMMAND MST Configuration OMMAND SAGE Use this command to group VLANs into spanning tree instances. MSTP ◆ generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 902: Revision
| Spanning Tree Commands HAPTER ES-4500G Series XAMPLE Console(config-mstp)#name R&D Console(config-mstp)# ELATED OMMANDS revision (902) This command configures the revision number for this multiple spanning revision tree configuration of this switch. Use the no form to restore the default. YNTAX revision number number - Revision number of the spanning tree.
Page 903: Spanning-Tree Bpdu-Guard
| Spanning Tree Commands HAPTER ES-4500G Series OMMAND SAGE ◆ This command filters all Bridge Protocol Data Units (BPDUs) received on an interface to save CPU processing time. This function is designed to work in conjunction with edge ports which should only connect end stations to the switch, and therefore do not need to process BPDUs.
Page 904: Spanning-Tree Cost
| Spanning Tree Commands HAPTER ES-4500G Series XAMPLE Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree edge-port Console(config-if)#spanning-tree bpdu-guard Console(config-if)# ELATED OMMANDS spanning-tree edge-port (905) spanning-tree spanning-disabled (912) This command configures the spanning tree path cost for the specified spanning-tree cost interface. Use the no form to restore the default auto-configuration mode. YNTAX spanning-tree cost cost no spanning-tree cost...
Page 905: Spanning-Tree Edge-Port
| Spanning Tree Commands HAPTER ES-4500G Series OMMAND SAGE ◆ This command is used by the Spanning Tree Algorithm to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
Page 906: Spanning-Tree Link-Type
| Spanning Tree Commands HAPTER ES-4500G Series This command configures the link type for Rapid Spanning Tree and spanning-tree link- Multiple Spanning Tree. Use the no form to restore the default. type YNTAX spanning-tree link-type {auto | point-to-point | shared} no spanning-tree link-type auto - Automatically derived from the duplex mode setting.
Page 907: Spanning-Tree Loopback-Detection Release-Mode
| Spanning Tree Commands HAPTER ES-4500G Series OMMAND SAGE ◆ If Port Loopback Detection is not enabled and a port receives it’s own BPDU, then the port will drop the loopback BPDU according to IEEE Standard 802.1W-2001 9.3.4 (Note 1). Port Loopback Detection will not be active if Spanning Tree is disabled ◆...
Page 908: Spanning-Tree Loopback-Detection Trap
| Spanning Tree Commands HAPTER ES-4500G Series When configured for manual release mode, then a link down / up event ◆ will not release the port from the discarding state. It can only be released using the spanning-tree loopback-detection release command.
Page 909: Spanning-Tree Mst Port-Priority
| Spanning Tree Commands HAPTER ES-4500G Series shown below. Path cost “0” is used to indicate auto-configuration mode. When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65,535, the default is set to 65,535.
Page 910: Spanning-Tree Port-Bpdu-Flooding
| Spanning Tree Commands HAPTER ES-4500G Series OMMAND SAGE ◆ This command defines the priority for the use of an interface in the multiple spanning-tree. If the path cost for all interfaces on a switch are the same, the interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.
Page 911: Spanning-Tree Port-Priority
| Spanning Tree Commands HAPTER ES-4500G Series This command configures the priority for the specified interface. Use the spanning-tree port- no form to restore the default. priority YNTAX spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port. (Range: 0-240, in steps of 16) EFAULT ETTING OMMAND...
Page 912: Spanning-Tree Spanning-Disabled
| Spanning Tree Commands HAPTER ES-4500G Series OMMAND SAGE ◆ A bridge with a lower bridge identifier (or same identifier and lower MAC address) can take over as the root bridge at any time. When Root Guard is enabled, and the switch receives a superior BPDU ◆...
Page 913: Spanning-Tree Loopback-Detection Release
| Spanning Tree Commands HAPTER ES-4500G Series This command manually releases a port placed in discarding state by spanning-tree loopback-detection. loopback-detection release YNTAX spanning-tree loopback-detection release interface interface ethernet unit/port unit - Stack unit. (Range: 1-8) port - Port number. (Range: 1-26/50) port-channel channel-id (Range: 1-32) OMMAND Privileged Exec...
Page 914: Show Spanning-Tree
| Spanning Tree Commands HAPTER ES-4500G Series XAMPLE Console#spanning-tree protocol-migration eth 1/5 Console# This command shows the configuration for the common spanning tree show spanning-tree (CST) or for an instance within the multiple spanning tree (MST). YNTAX show spanning-tree [interface | mst instance-id] interface ethernet unit/port unit - Stack unit.
Page 915 | Spanning Tree Commands HAPTER ES-4500G Series Instance VLANs Configuration : 1-4093 Priority : 32768 Bridge Hello Time (sec.) Bridge Max. Age (sec.) : 20 Bridge Forward Delay (sec.) : 15 Root Hello Time (sec.) Root Max. Age (sec.) : 20 Root Forward Delay (sec.) : 15 Max.
Page 916: Show Spanning-Tree Mst Configuration
| Spanning Tree Commands HAPTER ES-4500G Series This command shows the configuration of the multiple spanning tree. show spanning-tree mst configuration OMMAND Privileged Exec XAMPLE Console#show spanning-tree mst configuration Mstp Configuration Information -------------------------------------------------------------- Configuration Name : R&D Revision Level Instance VLANs -------------------------------------------------------------- 1-4093 Console#...
Page 917: Ommands
VLAN C OMMANDS ES-4500G Series A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 918: Gvrp And Bridge Extension Commands
| VLAN Commands HAPTER GVRP and Bridge Extension Commands ES-4500G Series GVRP RIDGE XTENSION OMMANDS GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB.
Page 919: Garp Timer
| VLAN Commands HAPTER GVRP and Bridge Extension Commands ES-4500G Series This command sets the values for the join, leave and leaveall timers. Use garp timer the no form to restore the timers’ default values. YNTAX garp timer {join | leave | leaveall} timer-value no garp timer {join | leave | leaveall} {join | leave | leaveall} - Timer to set.
Page 920: Switchport Forbidden Vlan
| VLAN Commands HAPTER GVRP and Bridge Extension Commands ES-4500G Series This command configures forbidden VLANs. Use the no form to remove the switchport list of forbidden VLANs. forbidden vlan YNTAX switchport forbidden vlan {add vlan-list | remove vlan-list} no switchport forbidden vlan add vlan-list - List of VLAN identifiers to add.
Page 921: Show Bridge-Ext
| VLAN Commands HAPTER GVRP and Bridge Extension Commands ES-4500G Series XAMPLE Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# This command shows the configuration for bridge extension commands. show bridge-ext EFAULT ETTING None OMMAND Privileged Exec OMMAND SAGE "Displaying Bridge Extension Capabilities" on page 111 for a description of the displayed items.
Page 922: Show Gvrp Configuration
| VLAN Commands HAPTER Editing VLAN Groups ES-4500G Series XAMPLE Console#show garp timer ethernet 1/1 Eth 1/ 1 GARP Timer Status: Join Timer : 20 centiseconds Leave Timer : 60 centiseconds Leave All Timer : 1000 centiseconds Console# ELATED OMMANDS garp timer (919) This command shows if GVRP is enabled.
Page 923: Vlan Database
| VLAN Commands HAPTER Editing VLAN Groups ES-4500G Series This command enters VLAN database mode. All commands in this mode vlan database will take effect immediately. EFAULT ETTING None OMMAND Global Configuration OMMAND SAGE Use the VLAN database command mode to add, change, and delete ◆...
Page 924: Configuring Vlan Interfaces
| VLAN Commands HAPTER Configuring VLAN Interfaces ES-4500G Series EFAULT ETTING By default only VLAN 1 exists and is active. OMMAND VLAN Database Configuration OMMAND SAGE no vlan vlan-id deletes the VLAN. ◆ no vlan vlan-id name removes the VLAN name. ◆...
Page 925: Interface Vlan
| VLAN Commands HAPTER Configuring VLAN Interfaces ES-4500G Series This command enters interface configuration mode for VLANs, which is interface vlan used to configure VLAN parameters for a physical interface. Use the no form to change a Layer 3 normal VLAN back to a Layer 2 interface. YNTAX [no] interface vlan vlan-id vlan-id - ID of the configured VLAN.
Page 926: Switchport Allowed Vlan
| VLAN Commands HAPTER Configuring VLAN Interfaces ES-4500G Series EFAULT ETTING All frame types OMMAND Interface Configuration (Ethernet, Port Channel) OMMAND SAGE When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN. XAMPLE The following example shows how to restrict the traffic received on port 1 to tagged frames:...
Page 927: Switchport Ingress-Filtering
| VLAN Commands HAPTER Configuring VLAN Interfaces ES-4500G Series Frames are always tagged within the switch. The tagged/untagged ◆ parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress. If none of the intermediate network devices nor the host at the other ◆...
Page 928: Switchport Mode
| VLAN Commands HAPTER Configuring VLAN Interfaces ES-4500G Series XAMPLE The following example shows how to set the interface to port 1 and then enable ingress filtering: Console(config)#interface ethernet 1/1 Console(config-if)#switchport ingress-filtering Console(config-if)# This command configures the VLAN membership mode for a port. Use the switchport mode no form to restore the default.
Page 929: Switchport Native Vlan
| VLAN Commands HAPTER Configuring VLAN Interfaces ES-4500G Series This command configures the PVID (i.e., default VLAN ID) for a port. Use switchport native the no form to restore the default. vlan YNTAX switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port.
Page 930 | VLAN Commands HAPTER Configuring VLAN Interfaces ES-4500G Series OMMAND SAGE ◆ Use this command to configure a tunnel across one or more intermediate switches which pass traffic for VLAN groups to which they do not belong. The following figure shows VLANs 1 and 2 configured on switches A and B, with VLAN trunking being used to pass traffic for these VLAN groups across switches C, D and E.
Page 931: Displaying Vlan Information
| VLAN Commands HAPTER Displaying VLAN Information ES-4500G Series VLAN I ISPLAYING NFORMATION This section describes commands used to display VLAN information. Table 108: Commands for Displaying VLAN Information Command Function Mode show interfaces status Displays status for the specified VLAN interface NE, PE vlan show interfaces...
Page 932: Configuring Ieee 802.1Q Tunneling
| VLAN Commands HAPTER Configuring IEEE 802.1Q Tunneling ES-4500G Series Eth1/26(S) Console# IEEE 802.1Q T ONFIGURING UNNELING IEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs. Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider’s network even when they use the same customer- specific VLAN IDs.
Page 933: Dot1Q-Tunnel System-Tunnel-Control
| VLAN Commands HAPTER Configuring IEEE 802.1Q Tunneling ES-4500G Series Configure the QinQ tunnel uplink port to dot1Q-tunnel uplink mode (switchport dot1q-tunnel mode). Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member (switchport allowed vlan). Limitations for QinQ The native VLAN for the tunnel uplink ports and tunnel access ports ◆...
Page 934: Switchport Dot1Q-Tunnel Mode
| VLAN Commands HAPTER Configuring IEEE 802.1Q Tunneling ES-4500G Series This command configures an interface as a QinQ tunnel port. Use the no switchport dot1q- form to disable QinQ on the interface. tunnel mode YNTAX switchport dot1q-tunnel mode {access | uplink} no switchport dot1q-tunnel mode access –...
Page 935: Switchport Dot1Q-Tunnel Service Match Cvid
| VLAN Commands HAPTER Configuring IEEE 802.1Q Tunneling ES-4500G Series This command creates a CVLAN to SPVLAN mapping entry. Use the no switchport dot1q- form to delete a VLAN mapping entry. tunnel service match cvid YNTAX switchport dot1q-tunnel service svid match cvid cvid [remove-ctag] svid - VLAN ID for the outer VLAN tag (Service Provider VID).
Page 936: Switchport Dot1Q-Tunnel Tpid
| VLAN Commands HAPTER Configuring IEEE 802.1Q Tunneling ES-4500G Series XAMPLE This example sets the SVID to 99 in the outer tag for egress packets exiting port 1 when the packet’s CVID is 2. Console(config)#interface ethernet 1/1 Console(config-if)#switchport dot1q-tunnel service 99 match cvid 2 Console(config-if)# In the following examples, ports 1 and 2 are configured as follows: Port 1 = Access, PVID = 100, VLAN = 100(u), 101(u)
Page 937: Show Dot1Q-Tunnel
| VLAN Commands HAPTER Configuring IEEE 802.1Q Tunneling ES-4500G Series OMMAND Interface Configuration (Ethernet, Port Channel) OMMAND SAGE Use the switchport dot1q-tunnel tpid command to set a custom ◆ 802.1Q ethertype value on the selected interface. This feature allows the switch to interoperate with third-party switches that do not use the standard 0x8100 ethertype to identify 802.1Q-tagged frames.
Page 938: Configuring Port-Based Traffic Segmentation
| VLAN Commands HAPTER Configuring Port-based Traffic Segmentation ES-4500G Series Console(config-if)#end Console#show dot1q-tunnel Current double-tagged status of the system is Enabled The dot1q-tunnel mode of the set interface 1/1 is Access mode, TPID is 0x8100. The dot1q-tunnel mode of the set interface 1/2 is Uplink mode, TPID is 0x8100. The dot1q-tunnel mode of the set interface 1/3 is Normal mode, TPID is 0x8100.
Page 939: Show Traffic-Segmentation
| VLAN Commands HAPTER Configuring Port-based Traffic Segmentation ES-4500G Series EFAULT ETTING Disabled globally No segmented port groups are defined. OMMAND Global Configuration OMMAND SAGE Traffic segmentation provides port-based security and isolation ◆ between ports within the VLAN. Data traffic on the downlink ports can only be forwarded to, and from, the designated uplink port(s).
Page 940: Configuring Private Vlans
| VLAN Commands HAPTER Configuring Private VLANs ES-4500G Series Ethernet 1/8 Console# VLAN ONFIGURING RIVATE Private VLANs provide port-based security and isolation of local ports contained within different private VLAN groups. This switch supports two types of private VLANs – primary and community groups. A primary VLAN contains promiscuous ports that can communicate with all other ports in the associated private VLAN groups, while a community (or secondary) VLAN contains community ports that can only communicate with other...
Page 941: Private-Vlan
| VLAN Commands HAPTER Configuring Private VLANs ES-4500G Series Use the switchport mode private-vlan command to configure ports as promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e., community port). Use the switchport private-vlan host-association command to assign a port to a community VLAN.
Page 942: Private Vlan Association
| VLAN Commands HAPTER Configuring Private VLANs ES-4500G Series XAMPLE Console(config)#vlan database Console(config-vlan)#private-vlan 2 primary Console(config-vlan)#private-vlan 3 community Console(config)# Use this command to associate a primary VLAN with a secondary (i.e., private vlan community) VLAN. Use the no form to remove all associations for the association specified primary VLAN.
Page 943: Switchport Private-Vlan Host-Association
| VLAN Commands HAPTER Configuring Private VLANs ES-4500G Series promiscuous – This port type can communicate with all other promiscuous ports in the same primary VLAN, as well as with all the ports in the associated secondary VLANs. EFAULT ETTING Normal VLAN OMMAND Interface Configuration (Ethernet, Port Channel)
Page 944: Switchport Private-Vlan Mapping
| VLAN Commands HAPTER Configuring Private VLANs ES-4500G Series Use this command to map an interface to a primary VLAN. Use the no form switchport private- to remove this mapping. vlan mapping YNTAX switchport private-vlan mapping primary-vlan-id no switchport private-vlan mapping primary-vlan-id –...
Page 945: Configuring Protocol-Based Vlans
| VLAN Commands HAPTER Configuring Protocol-based VLANs ES-4500G Series XAMPLE Console#show vlan private-vlan Primary Secondary Type Interfaces -------- ----------- ---------- ------------------------------ primary Eth1/ 3 community Eth1/ 4 Eth1/ 5 Console# VLAN ONFIGURING ROTOCOL BASED The network devices required to support multiple protocols cannot be easily grouped into a common VLAN.
Page 946: Protocol-Vlan Protocol-Group (Configuring Groups)
| VLAN Commands HAPTER Configuring Protocol-based VLANs ES-4500G Series This command creates a protocol group, or to add specific protocols to a protocol-vlan group. Use the no form to remove a protocol group. protocol-group (Configuring Groups) YNTAX protocol-vlan protocol-group group-id [{add | remove} frame-type frame protocol-type protocol] no protocol-vlan protocol-group group-id group-id - Group identifier of this protocol group.
Page 947: Show Protocol-Vlan Protocol-Group
| VLAN Commands HAPTER Configuring Protocol-based VLANs ES-4500G Series OMMAND Interface Configuration (Ethernet, Port Channel) OMMAND SAGE When creating a protocol-based VLAN, only assign interfaces via this ◆ command. If you assign interfaces using any of the other VLAN commands (such as the vlan command), these interfaces will admit traffic of any protocol type into the associated VLAN.
Page 948: Show Interfaces Protocol-Vlan Protocol-Group
| VLAN Commands HAPTER Configuring Protocol-based VLANs ES-4500G Series XAMPLE This shows protocol group 1 configured for IP over Ethernet: Console#show protocol-vlan protocol-group Protocol Group ID Frame Type Protocol Type ------------------ ------------- --------------- ethernet 08 00 Console# This command shows the mapping from protocol groups to VLANs for the show interfaces selected interfaces.
Page 949: Configuring Ip Subnet Vlans
| VLAN Commands HAPTER Configuring IP Subnet VLANs ES-4500G Series IP S VLAN ONFIGURING UBNET When using IEEE 802.1Q port-based VLAN classification, all untagged frames received by a port are classified as belonging to the VLAN whose VID (PVID) is associated with that port. When IP subnet-based VLAN classification is enabled, the source address of untagged ingress frames are checked against the IP subnet-to-VLAN mapping table.
Page 950: Show Subnet-Vlan
| VLAN Commands HAPTER Configuring IP Subnet VLANs ES-4500G Series mapping is found, the PVID of the receiving port is assigned to the frame. The IP subnet cannot be a broadcast or multicast IP address. ◆ When MAC-based, IP subnet-based, and protocol-based VLANs are ◆...
Page 951: Configuring Mac Based Vlans
| VLAN Commands HAPTER Configuring MAC Based VLANs ES-4500G Series MAC B VLAN ONFIGURING ASED When using IEEE 802.1Q port-based VLAN classification, all untagged frames received by a port are classified as belonging to the VLAN whose VID (PVID) is associated with that port. When MAC-based VLAN classification is enabled, the source address of untagged ingress frames are checked against the MAC address-to-VLAN mapping table.
Page 952: Show Mac-Vlan
| VLAN Commands HAPTER Configuring Voice VLANs ES-4500G Series When MAC-based, IP subnet-based, and protocol-based VLANs are ◆ supported concurrently, priority is applied in this sequence, and then port-based VLANs last. XAMPLE The following example assigns traffic from source MAC address 00-00-00- 11-22-33 to VLAN 10.
Page 953: Voice Vlan
| VLAN Commands HAPTER Configuring Voice VLANs ES-4500G Series Table 115: Voice VLAN Commands (Continued) Command Function Mode switchport voice vlan rule Sets the automatic VoIP traffic detection method for ports switchport voice vlan Enables Voice VLAN security on ports security show voice vlan Displays Voice VLAN settings...
Page 954: Voice Vlan Aging
| VLAN Commands HAPTER Configuring Voice VLANs ES-4500G Series This command sets the Voice VLAN ID time out. Use the no form to restore voice vlan aging the default. YNTAX voice vlan aging minutes no voice vlan minutes - Specifies the port Voice VLAN membership time out. (Range: 5-43200 minutes) EFAULT ETTING...
Page 955: Switchport Voice Vlan
| VLAN Commands HAPTER Configuring Voice VLANs ES-4500G Series OMMAND SAGE ◆ VoIP devices attached to the switch can be identified by the manufacturer’s Organizational Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses.
Page 956: Switchport Voice Vlan Priority
| VLAN Commands HAPTER Configuring Voice VLANs ES-4500G Series XAMPLE The following example sets port 1 to Voice VLAN auto mode. Console(config)#interface ethernet 1/1 Console(config-if)#switchport voice vlan auto Console(config-if)# This command specifies a CoS priority for VoIP traffic on a port. Use the no switchport voice form to restore the default priority on a port.
Page 957: Switchport Voice Vlan Security
| VLAN Commands HAPTER Configuring Voice VLANs ES-4500G Series EFAULT ETTING OUI: Enabled LLDP: Disabled OMMAND Interface Configuration OMMAND SAGE When OUI is selected, be sure to configure the MAC address ranges in ◆ the Telephony OUI list (see the voice vlan mac-address command.
Page 958: Show Voice Vlan
| VLAN Commands HAPTER Configuring Voice VLANs ES-4500G Series XAMPLE The following example enables security filtering on port 1. Console(config)#interface ethernet 1/1 Console(config-if)#switchport voice vlan security Console(config-if)# This command displays the Voice VLAN settings on the switch and the OUI show voice vlan Telephony list.
Page 959: Class Of Service Commands
LASS OF ERVICE OMMANDS ES-4500G Series The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port.
Page 960: Queue Cos-Map
| Class of Service Commands HAPTER Priority Commands (Layer 2) ES-4500G Series This command assigns class of service (CoS) values to the priority queues queue cos-map (i.e., hardware output queues 0 - 7). Use the no form set the CoS map to the default values.
Page 961: Queue Mode
| Class of Service Commands HAPTER Priority Commands (Layer 2) ES-4500G Series ELATED OMMANDS show queue cos-map (964) This command sets the scheduling mode used for processing each of the queue mode class of service (CoS) priority queues. The options include strict priority, Weighted Round-Robin (WRR), or a combination of strict and weighted queuing.
Page 962: Queue Weight
| Class of Service Commands HAPTER Priority Commands (Layer 2) ES-4500G Series A weight can be assigned to each of the weighted queues (and thereby ◆ to the corresponding traffic priorities). This weight sets the frequency at which each queue is polled for service, and subsequently affects the response time for software applications assigned a specific priority value.
Page 963: Switchport Priority Default
| Class of Service Commands HAPTER Priority Commands (Layer 2) ES-4500G Series XAMPLE The following example shows how to assign round-robin weights of 1 - 8 to the CoS priority queues 0 - 7. Console(config)#interface ge1/1 Console(config-if)#queue weight 1 2 3 4 5 6 7 8 Console(config-if)# ELATED OMMANDS...
Page 964: Show Queue Cos-Map
| Class of Service Commands HAPTER Priority Commands (Layer 2) ES-4500G Series XAMPLE The following example shows how to set a default priority on port 3 to 5: Console(config)#interface ethernet 1/3 Console(config-if)#switchport priority default 5 Console(config-if)# ELATED OMMANDS show interfaces switchport (848) This command shows the class of service priority map.
Page 965: Show Queue Weight
| Class of Service Commands HAPTER Priority Commands (Layer 2) ES-4500G Series OMMAND Privileged Exec XAMPLE Console#show queue mode ethernet 1/1 Unit Port queue mode ---- ---- --------------- Weighted Round Robin Console# This command displays the weights used for the weighted queues. show queue weight YNTAX show queue mode interface...
Page 966: Priority Commands (Layer 3 And 4)
| Class of Service Commands HAPTER Priority Commands (Layer 3 and 4) ES-4500G Series RIORITY OMMANDS AYER This section describes commands used to configure Layer 3 and 4 traffic priority mapping on the switch. Table 119: Priority Commands (Layer 3 and 4) Command Function Mode...
Page 967: Map Ip Port (Global Configuration)
| Class of Service Commands HAPTER Priority Commands (Layer 3 and 4) ES-4500G Series This command enables IP port mapping (i.e., class of service mapping for map ip port (Global TCP/UDP sockets). Use the no form to disable IP port mapping. Configuration) YNTAX [no] map ip port...
Page 968: Map Ip Dscp (Interface Configuration)
| Class of Service Commands HAPTER Priority Commands (Layer 3 and 4) ES-4500G Series XAMPLE The following example shows how to enable IP precedence mapping globally: Console(config)#map ip precedence Console(config)# This command sets IP DSCP priority (i.e., Differentiated Services Code map ip dscp Point priority).
Page 969: Map Ip Port (Interface Configuration)
| Class of Service Commands HAPTER Priority Commands (Layer 3 and 4) ES-4500G Series XAMPLE The following example shows how to map IP DSCP value 1 to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip dscp 1 cos 0 Console(config-if)# This command sets IP port priority (i.e., TCP/UDP port priority).
Page 970: Map Ip Precedence (Interface Configuration)
| Class of Service Commands HAPTER Priority Commands (Layer 3 and 4) ES-4500G Series This command sets IP precedence priority (i.e., IP Type of Service priority). map ip precedence Use the no form to restore the default table. (Interface Configuration) YNTAX map ip precedence ip-precedence-value cos cos-value no map ip precedence...
Page 971: Show Map Ip Dscp
| Class of Service Commands HAPTER Priority Commands (Layer 3 and 4) ES-4500G Series This command shows the IP DSCP priority map. show map ip dscp YNTAX show map ip dscp [interface] interface ethernet unit/port unit - Stack unit. (Range: 1-8) port - Port number.
Page 972: Show Map Ip Precedence
| Class of Service Commands HAPTER Priority Commands (Layer 3 and 4) ES-4500G Series XAMPLE The following shows that HTTP traffic has been mapped to CoS value 0: Console#show map ip port TCP port mapping status: disabled Port IP Port --------- -------- --- Eth 1/ 5 Console#...
Page 973: Quality Of Service Commands
UALITY OF ERVICE OMMANDS ES-4500G Series The commands described in this section are used to configure Differentiated Services (DiffServ) classification criteria and service policies. You can classify traffic based on access lists, IP Precedence or DSCP values, or VLANs. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet.
Page 974: Class-Map
| Quality of Service Commands HAPTER ES-4500G Series To create a service policy for a specific category of ingress traffic, follow these steps: Use the class-map command to designate a class name for a specific category of traffic, and enter the Class Map configuration mode. Use the match command to select a specific type of traffic based on an...
Page 975: Description
| Quality of Service Commands HAPTER ES-4500G Series One or more class maps can be assigned to a policy map (page 977). ◆ The policy map is then bound by a service policy to an interface (page 986). A service policy defines packet classification, service tagging, and bandwidth policing.
Page 976: Match
| Quality of Service Commands HAPTER ES-4500G Series This command defines the criteria used to classify traffic. Use the no form match to delete the matching criteria. YNTAX [no] match {access-list acl-name | ip dscp dscp | ip precedence ip-precedence | ipv6 dscp dscp | vlan vlan} acl-name - Name of the access control list.
Page 977: Rename
| Quality of Service Commands HAPTER ES-4500G Series This example creates a class map call “rd-class#2,” and sets it to match packets marked for IP Precedence service value 5. Console(config)#class-map rd-class#2 match-any Console(config-cmap)#match ip precedence 5 Console(config-cmap)# This example creates a class map call “rd-class#3,” and sets it to match packets marked for VLAN 1.
Page 978: Class
| Quality of Service Commands HAPTER ES-4500G Series OMMAND SAGE ◆ Use the policy-map command to specify the name of the policy map, and then use the class command to configure policies for traffic that matches the criteria defined in a class map. A policy map can contain multiple class statements that can be applied ◆...
Page 979: Police Flow
| Quality of Service Commands HAPTER ES-4500G Series Up to 16 classes can be included in a policy map. ◆ XAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the previously defined “rd-class,” uses the command to classify the service that incoming packets will receive, and then uses the police flow...
Page 980: Police Srtcm-Color
| Quality of Service Commands HAPTER ES-4500G Series Policing is based on a token bucket, where bucket depth (i.e., the ◆ maximum burst before the bucket overflows) is by specified the committed-burst field, and the average rate tokens are added to the bucket is by specified by the committed-rate option.
Page 981 | Quality of Service Commands HAPTER ES-4500G Series committed-rate - Committed information rate (CIR) in kilobits per second. (Range: 64-1000000 kbps at a granularity of 64 kbps or maximum port speed, whichever is lower) committed-burst - Committed burst size (BC) in bytes. (Range: 4000-16000000 at a granularity of 4k bytes) excess-burst - Excess burst size (BE) in bytes.
Page 982 | Quality of Service Commands HAPTER ES-4500G Series maximum size of the token bucket C is BC and the maximum size of the token bucket E is BE. The token buckets C and E are initially full, that is, the token count Tc(0) = BC and the token count Te(0) = BE.
Page 983: Police Trtcm-Color
| Quality of Service Commands HAPTER ES-4500G Series This command defines an enforcer for classified traffic based on a two rate police trtcm-color three color meter (trTCM). Use the no form to remove a policer. YNTAX [no] police {trtcm-color-blind | trtcm-color-aware} committed-rate committed-burst peak-rate peak-burst exceed-action {drop | new-dscp} violate action {drop | new-dscp}...
Page 984 | Quality of Service Commands HAPTER ES-4500G Series The trTCM as defined in RFC 2698 meters a traffic stream and ◆ processes its packets based on two rates – Committed Information Rate (CIR) and Peak Information Rate (PIR), and their associated burst sizes - Committed Burst Size (BC) and Peak Burst Size (BP).
Page 985: Set
| Quality of Service Commands HAPTER ES-4500G Series the service that incoming packets will receive, and then uses the police trtcm-color-blind command to limit the average bandwidth to 100,000 Kbps, the committed burst rate to 4000 bytes, the peak information rate to 1,000,000 kbps, the peak burst size to 6000, to remark any packets exceeding the committed burst size, and to drop any packets exceeding the peak information rate.
Page 986: Service-Policy
| Quality of Service Commands HAPTER ES-4500G Series XAMPLE This example creates a policy called “rd-policy,” uses the class command to specify the previously defined “rd-class,” uses the set cos command to classify the service that incoming packets will receive, and then uses the police flow command to limit the average bandwidth to 100,000 Kbps, the burst rate to 4000 bytes, and configure the response to drop any violating...
Page 987: Show Class-Map
| Quality of Service Commands HAPTER ES-4500G Series This command displays the QoS class maps which define matching criteria show class-map used for classifying traffic. YNTAX show class-map [class-map-name] class-map-name - Name of the class map. (Range: 1-32 characters) EFAULT ETTING Displays all class maps.
Page 988: Show Policy-Map Interface
| Quality of Service Commands HAPTER ES-4500G Series Description: class rd-class set cos 3 Console#show policy-map rd-policy class rd-class Policy Map rd-policy class rd-class set cos 3 Console# This command displays the service policy assigned to the specified show policy-map interface.
Page 989: Multicast Filtering Commands
ULTICAST ILTERING OMMANDS ES-4500G Series This switch uses IGMP (Internet Group Management Protocol) to check for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 990: Igmp Snooping
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series IGMP S NOOPING This section describes commands used to configure IGMP snooping on the switch. Table 124: IGMP Snooping Commands Command Function Mode ip igmp snooping Enables IGMP snooping ip igmp snooping proxy- Enables IGMP Snooping with Proxy Reporting reporting ip igmp snooping querier...
Page 991: Ip Igmp Snooping
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series Table 124: IGMP Snooping Commands (Continued) Command Function Mode ip igmp snooping Configures the IGMP version for snooping vlan version ip igmp snooping Discards received IGMP messages which use a version different to that currently configured vlan version-exclusive show ip igmp snooping...
Page 992: Ip Igmp Snooping Proxy-Reporting
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series This command enables IGMP Snooping with Proxy Reporting. Use the no ip igmp snooping form to restore the default setting. proxy-reporting YNTAX [no] ip igmp snooping proxy-reporting ip igmp snooping vlan vlan-id proxy-reporting {enable | disable} no ip igmp snooping vlan vlan-id proxy-reporting vlan-id - VLAN ID (Range: 1-4093) enable - Enable on the specified VLAN.
Page 993: Ip Igmp Snooping Router-Alert-Option-Check
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series OMMAND Global Configuration OMMAND SAGE IGMP snooping querier is not supported for IGMPv3 snooping (see ◆ igmp snooping version). If enabled, the switch will serve as querier if elected. The querier is ◆...
Page 994: Ip Igmp Snooping Router-Port-Expire-Time
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series This command configures the querier timeout. Use the no form to restore ip igmp snooping the default. router-port-expire- time YNTAX ip igmp snooping router-port-expire-time seconds no ip igmp snooping router-port-expire-time seconds - The time the switch waits after the previous querier stops before it considers it to have expired.
Page 995: Ip Igmp Snooping Tcn-Query-Solicit
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series If a topology change notification (TCN) is received, and all the uplink ◆ ports are subsequently deleted, a timeout mechanism is used to delete all of the currently learned multicast channels. When a new uplink port starts up, the switch sends unsolicited reports ◆...
Page 996: Ip Igmp Snooping Unregistered-Data-Flood
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series tree change occurred. When an upstream multicast router receives this solicitation, it will also immediately issues an IGMP general query. The ip igmp snooping tcn query-solicit command can be used to ◆...
Page 997: Ip Igmp Snooping Unsolicited-Report-Interval
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series This command specifies how often the upstream interface should transmit ip igmp snooping unsolicited IGMP reports when report suppression/proxy reporting is unsolicited-report- enabled. Use the no form to restore the default value. interval YNTAX ip igmp snooping unsolicited-report-interval seconds...
Page 998: Ip Igmp Snooping Version-Exclusive
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series OMMAND SAGE ◆ This command configures the IGMP report/query version used by IGMP snooping. Versions 1 - 3 are all supported, and versions 2 and 3 are backward compatible, so the switch can operate with other devices, regardless of the snooping version employed.
Page 999: Ip Igmp Snooping Vlan General-Query-Suppression
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series This command suppresses general queries except for ports attached to ip igmp snooping downstream multicast hosts. Use the no form to flood general queries to vlan general-query- all ports except for the multicast router port. suppression YNTAX [no] ip igmp snooping vlan vlan-id general-query-suppression...
Page 1000: Ip Igmp Snooping Vlan Last-Memb-Query-Count
| Multicast Filtering Commands HAPTER IGMP Snooping ES-4500G Series If immediate-leave is enabled, the switch assumes that only one host is ◆ connected to the interface. Therefore, immediate leave should only be enabled on an interface if it is connected to only one IGMP-enabled device, either a service host or a neighbor running IGMP snooping.

This manual is also suitable for:

Ipecs es-4526g

Save PDF