Alcatel OmniStack LS 6248 User Manual
  1. Manuals
  2. Brands
  3. Alcatel Manuals
  4. Switch
  5. OmniStack LS 6248
  6. User manual

Alcatel OmniStack LS 6248 User Manual

Os-ls-6200 series
Hide thumbs Also See for OmniStack LS 6248:
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
Table of Contents

Advertisement

Quick Links

Part No. 060202-10 , Rev. D
June 2007
Alcatel OS-LS-6200

User Guide

www.alcatel.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the OmniStack LS 6248 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Alcatel OmniStack LS 6248

Summary of Contents for Alcatel OmniStack LS 6248

  • Page 1: User Guide

    Part No. 060202-10 , Rev. D June 2007 Alcatel OS-LS-6200 User Guide www.alcatel.com...
  • Page 2 Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals.
  • Page 3 This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions in this guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense.

  • Page 5: Table Of Contents

    Static IP Address and Subnet Mask User Name SNMP Community Strings Advanced Configuration ..................21 Retrieving an IP Address From a DHCP Server Receiving an IP Address From a BOOTP Server Security Management and Password Configuration .......... 23 Configuring Security Passwords Introduction...
  • Page 6 Contents Stacking Members and Unit ID Removing and Replacing Stacking Members Exchanging Stacking Members Switching between the Stacking Master and the Secondary Master Configuring Stacking Resetting the Stack Managing System Logs ..................43 Enabling System Logs Viewing Memory Logs Viewing the Device FLASH Logs Remote Log Configuration Configuring SNTP ....................51...
  • Page 7 Defining RMON History Control Viewing the RMON History Table Defining RMON Events Control Viewing the RMON Events Logs Defining RMON Alarms Alcatel Mapping Adjacency Protocol (AMAP) ........... 128 Configuring AMAP Viewing Adjacent Devices Configuring LLDP ..................... 131 Defining LLDP Port Settings...
  • Page 8 Assigning ARP Inspection VLAN Settings IP Source Guard ....................184 Configuring IP Source Guard Properties Defining IP Source Guard Interface Settings Adding Interfaces to the IP Source Guard Database Defining the Forwarding Database ..............188 Defining Static Forwarding Database Entries Defining Dynamic Forwarding Database Entries Configuring Spanning Tree ................191...
  • Page 9 Defining GARP Defining GVRP Viewing GVRP Statistics Multicast Filtering .................... 223 Defining IGMP Snooping Specifying Static Interfaces for a Multicast Group Displaying Interfaces Attached to a Multicast Router Configuring Multicast TV Defining Multicast TV Membership Configuring Triple Play ..................230 Configuring Quality of Service ................
  • Page 10 Contents Partial Keyword Lookup Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands Configuration Commands Command Line Processing Command Groups ....................261 802.1x Commands ....................263 aaa authentication dot1x dot1x system-auth-control dot1x port-control dot1x re-authentication dot1x timeout re-authperiod...
  • Page 11 (IP) mac access-list permit (MAC) deny (MAC) service-acl show access-lists show interfaces access-lists Address Table Commands ................313 bridge address bridge multicast filtering bridge multicast address bridge multicast forbidden address bridge multicast forward-all bridge multicast forbidden forward-all bridge aging-time...
  • Page 12 (Interface) sntp unicast client enable sntp unicast client poll sntp server show clock show sntp configuration show sntp status Configuration and Image File Commands ............365 copy delete more rename boot system show running-config show startup-config show bootvar Ethernet Configuration Commands ..............376...
  • Page 13 IGMP Snooping Commands ................408 ip igmp snooping (Global) ip igmp snooping (Interface) ip igmp snooping host-time-out ip igmp snooping mrouter-time-out ip igmp snooping leave-time-out...
  • Page 14 Port Monitor Commands ...................458 port monitor show ports monitor Power over Ethernet Commands ..............460 power inline power inline powered-device power inline priority power inline usage-threshold power inline traps enable show power inline QoS Commands ....................467...
  • Page 15 (Global) qos trust (Interface) qos cos qos dscp-mutation qos map dscp-mutation show qos map RADIUS Commands ..................495 radius-server host radius-server key radius-server retransmit radius-server source-ip radius-server timeout radius-server deadtime show radius-servers RMON Commands ...................
  • Page 16 Contents rmon event show rmon events show rmon log rmon table-size SNMP Commands ....................518 snmp-server community snmp-server view snmp-server group snmp-server user snmp-server engineID local snmp-server enable traps snmp-server filter snmp-server host snmp-server v3-host snmp-server trap authentication snmp-server contact snmp-server location...
  • Page 17 Syslog Commands ................... 591 logging on logging logging console logging buffered logging buffered size clear logging...
  • Page 18 DHCP Snooping, IP Source Guard and ARP Inspection Commands ....631 ip dhcp snooping ip dhcp snooping vlan ip dhcp snooping trust...
  • Page 19 Contents ip arp inspection list create ip mac ip arp inspection list assign ip arp inspection logging interval show ip arp inspection show ip arp inspection list User Interface Commands ................652 enable disable login configure exit (Configuration) exit help...
  • Page 20 Appendix A. Configuration Examples Configuring QinQ ....................704 Configuring Customer VLANs using the CLI ............707 Configuring Multicast TV ..................709 Configuring Customer VLANs ................716 Configuring Customer VLANs Using the Web Interface ........716 Appendix B. Software Specifications Software Features ....................721 Management Features ..................722 Standards ......................722 Management Information Bases ...............723...
  • Page 21 Figure 3-35. SNMP Groups Page Figure 3-36. SNMP Views Page Figure 3-37. SNMP Communities Page Figure 3-38. SNMP Trap Station Management Page Figure 3-39. SNMP Global Trap Settings Page Figure 3-40. Trap Filter Settings Page Figure 3-41. Local Users Page...
  • Page 22 Figure 3-81. VLAN Settings Page Figure 3-82. Trusted Interface Page Figure 3-83. Binding Database Page Figure 3-84. DHCP Option 82 Page Figure 3-85. ARP Inspection Properties Page Figure 3-86. ARP Inspection Trusted Interface Page Figure 3-87. ARP Inspection List Page xxii...
  • Page 23 Figure 3-88. VLAN Settings Page Figure 3-89. IP Source Guard Properties Page Figure 3-90. Interface Settings Page Figure 3-91. IP Source Guard Binding Database Page Figure 3-92. Static Addresses Page Figure 3-93. Dynamic Addresses Page Figure 3-94. STP General Page Figure 3-95.
  • Page 24 Figures Figure 3. VLAN Interface Configuration Page Figure 4. Modify VLAN Interface Configuration Page Figure 5. VLAN Current Table Figure 6. QinQ Configuration Example Figure 7. Triple Play Configuration Figure 8. Add VLAN Membership Page Figure 9. CPE VLAN Mapping Page Figure 10.

  • Page 25: Chapter 1: Introduction

    The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
  • Page 26 Enables to add information for the DHCP server on request. IP Source Address Restricts IP traffic on non-routed, Layer 2 interfaces by filtering traffic. This feature Guard is based on the DHCP snooping binding database and on manually configured IP source bindings.

  • Page 27: Description Of Software Features

    Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings. Authentication – This switch authenticates management access via the console port, Telnet or web browser.
  • Page 28 Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
  • Page 29 BPDU is utilized when Fast Link ports is enabled and/or if the Spanning Tree Protocol is disabled on ports. If a BPDU message is sent to a port on which STP is disabled, BPDU Guard shuts down the port, and generates a SNMP message.
  • Page 30 ARP Inspec-tion List. Trusted packets are forward without ARP Inspection. • Untrusted — Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses. The packet is checked for: • Source MAC — Compares the packet’s source MAC address against the sender’s MAC address in the ARP request.
  • Page 31 GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: •...
  • Page 32 (Vlans) standard. 802.1p establishes eight levels of priority, similar to the IP Precedence IP Header bit-field. Quality of Service Basic Mode – In the Basic QoS mode, it is possible to activate a trust mode (to trust VPT, DSCP, TCP/UDP or none). In addition, a single Access Control List can be attached to an interface.

  • Page 33: System Defaults

    Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). System Defaults The device is configured with default settings. To reset the device to the default settings, delete the startup configuration. The following table lists some of the basic system defaults.
  • Page 34 300 sec. Discovery Phase Timeout Interval 30 sec. Rate Limiting Input and output limits disabled Port Trunking Static Trunks up to 8 port in 8 trunks can be defined LACP system priority LACP Port-priority LACP long Broadcast Storm Status disabled...
  • Page 35 Quality of Service QoS Mode disabled CoS Mapping Cos 0 - queue 1; CoS 1 - queue 1; Cos 2 - queue 1 Cos 3 - queue 1; CoS 4 - queue 2; Cos 5 - queue 2 Cos 6 - queue 3; CoS 7 - queue 3;...
  • Page 36 Introduction Table 1-2. System Defaults Function Parameter Default Server enabled RADIUS RADIUS server none defined TACACS+ TACACS+ server none defined...

  • Page 37: Chapter 2: Initial Configuration

    • Software Download and Reboot • Startup Menu Functions After completing all external connections, connect a terminal to the device to monitor the boot and other procedures. The order of installation and configuration procedures is illustrated in the following figure. For the initial configuration, the standard device configuration is performed.

  • Page 38: General Configuration Information

    Initial Configuration Figure 2-1. Installation and Configuration General Configuration Information Your device has predefined features and setup configuration.

  • Page 39: Auto-Negotiation

    Note: If the station on the other side of the link attempts to auto-negotiate with a port that is manually configured to full duplex, the auto-negotiation results in the station attempting to operate in half duplex. The resulting mismatch may lead to significant frame loss.

  • Page 40: Booting The Switch

    Initial Configuration The following is an example for enabling flow control on port e1 using CLI commands: interface ethernet Console (config)# 4-376 flowcontrol Console (config-if)# 4-383 The following is an example for enabling back pressure on port e1 using CLI commands.
  • Page 41 If the system boot is not interrupted by pressing <Esc> or <Enter>, the system continues operation by decompressing and loading the code into RAM. The code starts running from RAM and the list of numbered system ports and their states (up or down) are displayed.

  • Page 42: Configuration Overview

    To manage the switch from a remote network, a static route must be configured, which is an IP address to where packets are sent when no entries are found in the device tables. The configured IP address must belong to the same subnet as one of...

  • Page 43: User Name

    Initial Configuration To configure a static route, enter the command at the system prompt as shown in the following configuration example where 101.1.1.2 is the specific management station: configure Console# interface vlan Console(config)# 4-664 ip address Console(config-if)# 100.1.1.1 255.255.255.0 4-418...
  • Page 44 • Access rights options: ro (read only), rw (read-and-write) or su (super). • An option to configure IP address or not: If an IP address is not configured, it means that all community members having the same community name are granted the same access rights.

  • Page 45: Advanced Configuration

    DHCP client. To retrieve an IP address from a DHCP server, perform the following steps: Select and connect any port to a DHCP server or to a subnet that has a DHCP server on it, in order to retrieve the IP address.

  • Page 46: Receiving An Ip Address From A Bootp Server

    4-419 exit console(config-if)# 4-656 console(config)# The interface receives the IP address automatically. To verify the IP address, enter the show ip interface command at the system prompt as shown in the following example. show ip interface Console# Gateway IP Type...

  • Page 47: Security Management And Password Configuration

    (y/n)[n]? ****************************************************** /*the device reboots */ To verify the IP address, enter the show ip interface command. The device is now configured with an IP address. Security Management and Password Configuration System security is handled through the AAA (Authentication, Authorization, and Accounting) mechanism that manages user access rights, privileges, and management methods.

  • Page 48: Configuring An Initial Console Password

    Initial Configuration a password, it is recommended to always assign a password. If there is no specified password, privileged users can access the Web interface with any password. Configuring an Initial Console Password To configure an initial console password, enter the following commands:...

  • Page 49: Configuring An Initial Http Password

    Enter the following commands once when configuring to use a console, a Telnet, or an SSH session in order to use an HTTPS session. In the Web browser enable SSL 2.0 or greater for the content of the page to appear. rypto certificate generate key_generate...

  • Page 50: Software Download Through Tftp Server

    The switch boots and runs when decompressing the system image from the flash memory area where a copy of the system image is stored. When a new image is downloaded, it is saved in the other area allocated for the additional system image copy.

  • Page 51: Boot Image Download

    To download a boot file through the TFTP server: Ensure that an IP address is configured on one of the device ports and pings can be sent to a TFTP server. Ensure that the file to be downloaded (the .rfb file) is saved on the TFTP server.

  • Page 52: Startup Menu Functions

    Additional configuration functions can be performed from the Startup menu. To display the Startup menu: During the boot process, after the first part of the POST is completed press <Esc> or <Enter> within two seconds after the following message is displayed: Autoboot in 2 seconds -press RETURN or Esc.to abort and enter prom.

  • Page 53: Figure 2-2. Send File Window

    Startup Menu Functions The following sections describe the Startup menu options. If no selection is made within 25 seconds (default), the switch times out and the device continues to load normally. Only technical support personnel can operate the Diagnostics Mode. For this reason, the Enter Diagnostic Mode option of the Startup menu is not described in this guide.
  • Page 54 Write Flash file name (Up to 8 characters, Enter for none.):config File config (if present) will be erased after system initialization ========Press Enter To Continue ======== Enter config as the name of the flash file. The configuration is erased and the device reboots. Perform the switch’s initial configuration.
  • Page 55 Erasing flash blocks 1 -63: Done. Password Recovery If a password is lost, use the Password Recovery option on the Startup menu. The procedure enables the user to enter the device once without a password. To recover a lost password for the local terminal only: From the Startup menu, select “4”...
  • Page 56 Initial Configuration...

  • Page 57: Chapter 3: Configuring The Switch

    (Internet Explorer 6.0 or above, or Netscape Navigator 6.2 or above). Note: You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to Chapter 4: “Command Line Interface.”...

  • Page 58: Configuration Options

    Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply” or “Apply Changes” button to confirm the new setting. The following table summarizes the web page configuration buttons: Table 3-1.

  • Page 59: Panel Display

    Navigating the Web Browser Interface Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex, or Flow Control (i.e., with or without flow control). Clicking on the image of a port opens the Interface Configuration Page as described on page 3-71.

  • Page 60: Managing Device Information

    • System Location — Defines the location where the system is currently running. The field range is 0-160 characters. • System Contact — Defines the name of the contact person. The field range is 0-160 characters. • System Object ID — Displays the vendor’s authoritative identification of the network management subsystem contained in the entity.

  • Page 61: Managing Stacking

    Stacking provides multiple switch management through a single point as if all stack members are a single unit. All stack members are accessed through a single IP address through which the stack is managed. The stack is managed from the following: •...

  • Page 62: Understanding The Stack Topology

    The devices operate in a Ring topology. A stacked Ring topology is where all devices in the stack are connected to each other forming a circle. Each device in the stack accepts data and sends it to the device to which it is attached. The packet continues through the stack until it reaches its destination.

  • Page 63: Removing And Replacing Stacking Members

    Once the user selects a different Unit ID, it is not erased, and remains valid, even if the unit is reset. Unit ID 1 and Unit ID 2 are reserved for Master enabled units. Unit IDs 3 to 8 can be defined for stack members.

  • Page 64: Exchanging Stacking Members

    MAC addresses are not saved. Each port in the stack has a specific Unit ID, port type, and port number, which is part of both the configuration commands and the configuration files. Configuration files are managed only from the device Stacking Master, including: •...

  • Page 65: Configuring Stacking

    The Stack Management Topology Page allows network managers to either reset the entire stack or a specific device. Device configuration changes that are not saved before the device is reset are not saved. If the Stacking Master is reset, the entire stack is reset.

  • Page 66: Resetting The Stack

    Download the file Open the File Download Page. Select the Firmware Download field. Enter full path and file name of software to be downloaded to device. Select Download to all Units. Reset the stack. CLI – The following is an example of stack management commands:...

  • Page 67: Managing System Logs

    System Log (syslog) server, and displays a list of recent event messages. The default for all logs is information, with the exception of logs in the Remote Log Server, which are errors.

  • Page 68: Figure 3-8. Logs Settings Page

    • Alert — Indicates the second highest warning level. An alert log is saved, if there is a serious device malfunction; for example, all device features are down.

  • Page 69: Viewing Memory Logs

    • Emergency — The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location. • Alert — The second highest warning level. An alert log is saved, if there is a serious device malfunction; for example, all device features are down.

  • Page 70: Figure 3-9. Memory Page

    Configuring the Switch Figure 3-9. Memory Page...

  • Page 71: Viewing The Device Flash Logs

    Managing System Logs CLI – The following is an example of the CLI commands used to view memory logs: Console# show logging 4-599 Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max.

  • Page 72: Remote Log Configuration

    • Server — Specifies the IP address of the server to which logs can be sent. • UDP Port — Defines the UDP port to which the server logs are sent. The possible range is 1 - 65535. The default value is 514.

  • Page 73: Figure 3-11. Remote Log Page

    Managing System Logs is assigned, the first facility is overridden. All applications defined for a device utilize the same facility on a server. The field default is Local 7. The possible field values are Local 0 - Local 7. • Description— Displays the user-defined server description.

  • Page 74: Configuring The Switch

    Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications. File Messages: 0 Dropped (severity). Syslog server 192.180.2.27 logging: errors. Messages: 6 Dropped (severity).

  • Page 75: Configuring Sntp

    You can also manually set the clock using the CLI. If the clock is not set, the switch will only record the time from the factory default set at the last bootup.

  • Page 76: Polling For Broadcast Time Information

    Broadcast server. Message Digest 5 (MD5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.

  • Page 77: Defining Sntp Authentication

    Command Attributes • Enable SNTP Authentication — Indicates if authenticating an SNTP session between the device and an SNTP server is enabled on the device. The possible field values are: • Checked — Authenticates SNTP sessions between the device and SNTP server.

  • Page 78: Defining Sntp Servers

    SNTP traffic from a server. Command Attributes • SNTP Server — Displays user-defined SNTP server IP addresses. Up to eight SNTP servers can be defined. • Poll Interval — Indicates whether or not the device polls the selected SNTP server for system time information.

  • Page 79: Figure 3-14. Sntp Servers Page

    • Offset — Indicates the time difference between the device local clock and the acquired time from the SNTP server. • Delay — Indicates the amount of time it takes for a device request to reach the SNTP server. • Remove — Removes SNTP servers from the SNTP server list. The possible field values are: •...

  • Page 80: Defining Sntp Interface Settings

    The SNTP Interface Page contains fields for setting SNTP on different interfaces. Command Attributes • Interface — Indicates the interface on which SNTP can be enabled. The possible field values are: • Port — Indicates the specific port number on which SNTP is enabled.

  • Page 81: Configuring System Time

    Daylight Saving Time, Brazilian clocks go forward one hour in most of the Brazilian southeast. • Chile — In Easter Island, from March 9 until October 12. In the rest of the country, from the first Sunday in March or after 9th March.
  • Page 82 October. • Macedonia — From the last weekend of March until the last weekend of October. • Mexico — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00. • Moldova — From the last weekend of March until the last weekend of October.
  • Page 83 • United Kingdom — From the last weekend of March until the last weekend of October. • United States of America — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00. Command Attributes •...
  • Page 84 Mar/08 and 00:00. The possible field values are: • Date — The date on which DST ends. The possible field range is 1-31. • Month — The month of the year in which DST ends. The possible field range is Jan-Dec.

  • Page 85: Managing System Files

    You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can set the switch to use new firmware without overwriting the previous version.

  • Page 86: Downloading System Files

    (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”).

  • Page 87: Figure 3-17. File Download Page

    If Configuration Download is selected, the Firmware Download fields are grayed out. • Configuration TFTP Server IP Address — Specifies the TFTP Server IP Address from which the configuration files are downloaded. • Configuration Source File Name — Specifies the configuration files to be downloaded.

  • Page 88: Uploading System Files

    !!!!!!! [OK] Copy took 0:01:11 [hh:mm:ss] Uploading System Files The File Upload Page contains fields for uploading the software from the device to the TFTP server. Command Attributes • Firmware Upload — Specifies that the software image file is uploaded. If Firmware Upload is selected, the Configuration Upload fields are grayed out.

  • Page 89: Copying Files

    Stacking Master. The possible field values are selected from the following list boxes: • Source — Select if the Software Image or Bootcode file will be copied. • Destination Unit — Select the stacking member to which the firmware is copied, the possible field values are All, Backup, and stacking members 1-4.

  • Page 90: Active Image

    Configuring the Switch or the Backup file will be copied. • Destination — Specifies the usage for the source file after it is copied. It may be used as a Starting Configuration file, the Running Configuration file, the Backup file, or as a configuration file with a new name.

  • Page 91: Tcam Resources

    • Date – Version’s date • Status – Indicates Image status • Image After Reset – The Image file which is active on the unit after the device is reset. The possible field values are: • Image 1 — Activates Image file 1 after the device is reset.
  • Page 92 • Stack Unit – Indicates the stacking member for which TCAM resource usage is displayed. • TCAM Utilization – Percentage of the available TCAM resources which are used. For example, if more ACLs and policy maps are defined, the system will use more TCAM resources.

  • Page 93: Configuring Interfaces

    Interfaces can also be designated as PVE ports. PVE ports bypass the Forwarding Database (FDB), and forward all Unicast, Multicast and Broadcast traffic to an uplink. A single uplink can be defined for a protected port.
  • Page 94 • Max Capability — Indicates that all port speeds and duplex mode settings are accepted. • 10 Half — Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting. • 10 Full — Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting.

  • Page 95: Figure 3-22. Interface Configuration Page

    • LAG — Indicates the LAG of which the port is a member. • PVE — Enables a port to be a Private VLAN Edge (PVE) port. When a port is defined as PVE, it bypasses the Forwarding Database (FDB), and forwards all Unicast, Multicast and Broadcast traffic to an uplink (except MAC-to-me packets).

  • Page 96: Creating Trunks (Lags)

    • All ports in the LAG have the same transceiver type. • The device supports up to eight LAGs, and eight ports in each LAG. • Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG.

  • Page 97: Configuring Lacp

    Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed, set to full-duplex operations. LAG ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling Link Aggregation Control Protocol (LACP) on the relevant links.
  • Page 98 If the port channel admin key is not set (through the CLI) when a channel group is formed (i.e., it has a null value of 0), this key is set to the same value as the port admin key used by the interfaces that joined the group (lacp admin key).

  • Page 99: Displaying Port Statistics

    Displaying Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.

  • Page 100: Interface Statistics

    Configuring the Switch Interface Statistics Command Attributes • Unit No. — Displays the stacking member for which the Interface Statistics are displayed. • Interface — Indicates the device for which statistics are displayed. The possible field values are: • Port — Defines the specific port for which interface statistics are displayed.

  • Page 101: Etherlike Statistics

    Figure 3-25. Statistics Interface Page Etherlike Statistics Command Attributes • Unit No. — Displays the stacking member for which the Etherlike Statistics are displayed. • Interface — Indicates the device for which statistics are displayed. The possible field values are: •...

  • Page 102: Figure 3-26. Statistics Etherlike Page

    Configuring the Switch • Late Collisions — Displays the number of late collision frames received on the selected interface. • Oversize Packets — Displays the number of oversized packet errors on the selected interface. • Received Pause Frames — Displays the number of received paused frames on the selected interface.
  • Page 103 65 to 127 Octets: 0 128 to 255 Octets: 0 256 to 511 Octets: 0 512 to 1023 Octets: 491 1024 to 1518 Octets: 389 CLI – The following is an example of the CLI commands displaying Etherlike statistics: show interfaces counters Console# Port...

  • Page 104: Configuring Ip Information

    The IP Interface Page contains fields for assigning IP parameters to interfaces, and for assigning gateway devices. Packets are forwarded to the default IP when frames are sent to a remote network. The configured IP address must belong to the same IP address subnet of one of the IP interfaces.

  • Page 105: Defining Default Gateways

    Configuring IP Information Figure 3-27. IP Interface Page CLI – The following is an example of the CLI commands for defining an IP interface: interface vlan Console(config)# 4-664 ip address Console(config-if)# 131.108.1.27 255.255.255.0 4-418 Defining Default Gateways Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway.

  • Page 106: Configuring Dhcp

    Configuring the Switch Figure 3-28. Default Gateway Page CLI – The following is an example of the CLI commands for defining a default gateway: ip default-gateway Console(config)# 192.168.1.1 4-420 Configuring DHCP The Dynamic Host Configuration Protocol (DHCP) assigns dynamic IP addresses to devices on a network.

  • Page 107: Configuring Arp

    • ARP Entry Age Out — Specifies the amount of time (in seconds) that passes between ARP Table entry requests. Following the ARP Entry Age period, the entry is deleted from the table. The range is 1 - 40000000. The default value is 60000 seconds.

  • Page 108: Figure 3-30. Arp Page

    • LAG — The LAG for which ARP parameters are defined. • VLAN — The VLAN for which ARP parameters are defined. • IP Address — Indicates the station IP address, which is associated with the MAC address filled in below.

  • Page 109: Configuring Domain Name Service

    (i.e., not formatted with dotted notation), you can specify a default domain name or a list of domain names to be tried in sequential order. • If there is no domain list, the default domain name is used. If there is a domain list, the default domain name is not used.

  • Page 110: Configuring Domain Name Service

    • Checked — Removes the selected DNS server • Unchecked — Maintains the current DNS server list. • DNS Server — Displays the DNS server IP address. DNS servers are added in the Add DNS Server Page. • Active Server— Specifies the DNS server that is currently active.

  • Page 111: Configuring Static Dns Host To Address Entries

    IP addresses. If more than one IP address is associated with a host name in the static table or via information returned from a name server, a DNS client can try each address in succession, until it establishes a connection with the target device.

  • Page 112: Configuring Snmp

    Managed devices supporting SNMP contain software, which runs locally on the device and is referred to as an agent. A defined set of variables, known as managed objects, is maintained by the SNMP agent and used to manage the device. These objects are defined in a Management Information Base (MIB) that provides a standard presentation of the information controlled by the agent.

  • Page 113: Enabling Snmp

    A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing users.

  • Page 114: Defining Snmp Users

    Users must be configured with a specific security level and assigned to a group. Command Attributes • User Name — Contains a list of user-defined user names. The field range is up to 30 alphanumeric characters. • Group Name — Contains a list of user-defined SNMP groups. SNMP groups are defined in the SNMP Group Profile Page.
  • Page 115 Web – Click System, SNMP, Security, Users. Click Add to configure a user name. In the New User page, define a name and assign it to a group, then click Apply to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.

  • Page 116: Defining Snmp Group Profiles

    Command Attributes • Group Name — Displays the user-defined group to which access control rules are applied. The field range is up to 30 characters. • Security Model — Defines the SNMP version attached to the group. The possible field values are: •...

  • Page 117: Defining Snmp Views

    Web – Click System, SNMP, Security, Groups. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, then click Delete.

  • Page 118: Figure 3-36. Snmp Views Page

    Web – Click System, SNMP, Security, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view. Click Back to save the new view and return to the SNMPv3 Views list.

  • Page 119: Defining Snmp Communities

    • Read Write — Management access is read-write and changes can be made to the device configuration, but not to the community. • SNMP Admin — User has access to all device configuration options, as well as permissions to modify the community.

  • Page 120: Defining Snmp Notification Recipients

    • Providing Access Control Checks Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management platforms such as HP OpenView).
  • Page 121 • SNMP V2c — Indicates that SNMP Version 2 traps are sent. • UDP Port — Displays the UDP port used to send notifications. The default is 162. • Filter Name — Indicates if the SNMP filter for which the SNMP Notification filter is defined.

  • Page 122: Defining Snmp Notification Global Parameters

    Configuring the Switch • Remove — Deletes the currently selected recipient. The possible field values are: • Checked — Removes the selected recipient from the list of recipients. • Unchecked — Maintains the list of recipients. Web – Click SNMP, Trap Management, Trap Station Management. Define the fields and click Add.

  • Page 123: Figure 3-39. Snmp Global Trap Settings Page

    Configuring SNMP fields and click Apply. Figure 3-39. SNMP Global Trap Settings Page CLI – The following is an example of the SNMP commands for enabling traps: Console(config)# snmp server enable traps 4-360...

  • Page 124: Defining Snmp Notification Filters

    • Object ID Subtree — Displays the OID for which notifications are sent or blocked. If a filter is attached to an OID, traps or informs are generated and sent to the trap recipients. OIDs are selected from either the Select from field or the Object ID field.

  • Page 125: Configuring Users Authentication

    • User Name — Displays the user name. • Access Level — Displays the user access level. The lowest user access level is 1 and the highest is 15. Users with access level 15 are Privileged Users, and only they can access and use the EWS.

  • Page 126: Defining Line Passwords

    Configuring the Switch Figure 3-41. Local Users Page CLI – The following is an example of the CLI commands used for configuring Local Users Passwords: username password level Console(config)# 4-297 Defining Line Passwords Network administrators can define line passwords in the Line Page. After the line password is defined, a management method is assigned to the password.

  • Page 127: Defining Enable Passwords

    Configuring User Authentication Web – Click System, WebViewMgmt, Passwords, Line, define the fields, and click Apply. Figure 3-42. Line Page CLI – The following is an example of the CLI commands used for configuring Line Passwords. line console Console(config)# 4-437...

  • Page 128: Configuring Authentication Methods

    Configuring the Switch Figure 3-43. Enable Page CLI – The following is an example of the CLI commands used for configuring Enable Passwords: enable password level Console(config)# 15 secret 4-296 Configuring Authentication Methods This section provides information for configuring device authentication methods, and includes the following topics: •...
  • Page 129 For example, if you select (1) RADIUS, (2) TACACS+ and (3) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted using the TACACS+ server, and finally the local user name and password is checked.
  • Page 130 Configuring the Switch • Unchecked — Maintains the access profiles. • Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.

  • Page 131: Defining Profile Rules

    Configuring Authentication Methods Figure 3-44. Access Profiles Page CLI – The following is an example of the CLI commands used for configuring Access Profiles: Console(config)# ip https port 100 4-694 Console(config)# ip http port 100 4-692 Defining Profile Rules Access profiles can contain up to 256 rules that determine which users can manage the switch module, and by which methods.
  • Page 132 Configuring the Switch • Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.

  • Page 133: Defining Authentication Profiles

    Configuring Authentication Methods Figure 3-45. Profiles Rules Page CLI – The following is an example of the CLI commands used for configuring Profile Rules: Console(config)# ip http server 4-691 Console(config)# ip https server 4-693 Defining Authentication Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication.

  • Page 134: Figure 3-46. Authentication Profiles Page

    • Enable — Specifies the user-define authentication profile list for enable passwords. Web – Click System, WebViewMgmt, Authentication, Authentication Profiles, define the fields, and click Apply. Figure 3-46. Authentication Profiles Page CLI – The following is an example of the CLI commands used for configuring...
  • Page 135 Configuring Authentication Methods Authentication Profiles: aaa authentication login default radius local Console(config)# enable none 4-288 ip http authentication radius local Console(config)# 4-293 ip https authentication radius local Console(config)# 4-294 line console Console(config)# 4-296 login authentication default Console(config-line)# 4-291...

  • Page 136: Mapping Authentication Methods

    If the RADIUS server cannot authenticate the management method, the session is permitted. • RADIUS, Local, None — Authentication first occurs at the RADIUS server. If authentication cannot be verified at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is permitted.

  • Page 137: Figure 3-47. Authentication Mapping Page

    If the session cannot be authenticated locally, the session is permitted. Web – Click System, WebViewMgmt, Authentication, Authentication Mapping, define the fields, and click Apply. Figure 3-47. Authentication Mapping Page CLI – The following is an example of the CLI commands used for mapping...

  • Page 138: Defining Tacacs+ Methods

    Default Parameters for the TACACS+ servers. Command Attributes • Source IP Address — Defines the default device source IP address used for the TACACS+ session between the device and the TACACS+ server. • Key String — Defines the default authentication and encryption key for TACACS+ communication between the device and the TACACS+ server.

  • Page 139: Defining Radius Settings

    Configuring Authentication Methods • Status — Indicates the connection status between the device and the TACACS+ server. The possible field values are: • Connected — Indicates there is currently a connection between the device and the TACACS+ server. • Not Connected — Indicates there is not currently a connection between the device and the TACACS+ server.
  • Page 140 RADIUS server before a failure occurs. The possible field values are 1-10. Three is the default value. • Timeout for Reply — Defines the amount of time (in seconds) the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server.

  • Page 141: Figure 3-49. Radius Page

    Web – Click System, WebViewMgmt, Authentication, RADIUS, define the fields, and click Apply. Figure 3-49. RADIUS Page CLI – The following is an example of the RADIUS CLI Commands: Console(config)# radius-server host 192.168.10.1 auth-port 20 timeout 20 4-495 Console(config)# radius-server key alcatel-server...

  • Page 142: Managing Rmon Statistics

    • Multicast Packets Received — Displays the number of good Multicast packets received on the interface since the device was last refreshed. • CRC & Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed.

  • Page 143: Figure 3-50. Rmon Statistics Page

    1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms.

  • Page 144: Defining Rmon History Control

    For example, the samples may include interface definitions or polling periods. Command Attributes • History Entry No. — Displays the entry number for the History Control Table page. • Source Interface — Displays the interface from which the history samples were taken.

  • Page 145: Viewing The Rmon History Table

    Managing RMON Statistics Figure 3-51. History Control Page CLI – The following is an example of the CLI commands used to view RMON History Control statistics: Console(config)# interface ethernet 1/e1 4-376 Console(config-if)# rmon collection history 1 interval 2400 4-506 Viewing the RMON History Table The History Table Page contains interface specific statistical network samplings.

  • Page 146: Figure 3-52. History Table Page

    • Multicast Packets — Displays the number of good Multicast packets received on the interface since the device was last refreshed. • CRC Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed.

  • Page 147: Table Statistics

    Managing RMON Statistics CLI – The following is an example of the CLI commands used to view RMON History Table statistics: show rmon history throughput Console# 4-507 Sample Set: 1 Owner: CLI Interface: 1/e1 Interval: 1800 Requested samples: 50 Granted samples: 50...

  • Page 148: Defining Rmon Events Control

    • Log — Indicates that the event is a log entry. • Trap — Indicates that the event is a trap. • Log and Trap — Indicates that the event is both a log entry and a trap. • None — Indicates that no event occurred.

  • Page 149: Viewing The Rmon Events Logs

    Managing RMON Statistics Figure 3-53. Events Control Page CLI – The following is an example of the CLI commands used to view RMON events Control statistics: Console(config)# rmon event 10 log 4-514 Viewing the RMON Events Logs The Events Logs Page contains a list of RMON events.

  • Page 150: Defining Rmon Alarms

    Configuring the Switch Figure 3-54. Events Logs Page CLI – The following is an example of the CLI commands used to view RMON events Logs: show rmon events Console> 4-514 Index Description Type Community Owner Last time sent ----- -----------...
  • Page 151 • Rising Event — Displays the mechanism in which the alarms are reported. The possible field values are: • LOG — Indicates there is not a saving mechanism for either the device or in the management system. If the device is not reset, the entry remains in the Log Table.

  • Page 152: Alcatel Mapping Adjacency Protocol (Amap)

    Configuring the Switch Figure 3-55. Alarm Page CLI – The following is an example of the CLI commands used to set RMON alarms: Console(config)# rmon alarm 1000 1.3.6.1.2.1.10.7.2.1.3.51 1000000 1000000 10 20 1 4-510 Alcatel Mapping Adjacency Protocol (AMAP) The AMAP protocol enables a switch to discover the topology of other AMAP-aware devices in the network.

  • Page 153: Figure 3-56. Amap Settings Page

    “Hello” packets to determine that it is still present. • Passive – A port enters this state if there is no response to a Discovery “hello” packet. This is a receive-only state and no “Hello” packets are transmitted. If a “Hello”...

  • Page 154: Viewing Adjacent Devices

    The AMAP Adjacencies Page provides network configuration information about the systems connected to the device. The table displays the IP and MAC addresses of the local port, and the IP and MAC addresses, and VLAN ID of the connected devices.

  • Page 155: Configuring Lldp

    The value represents a multiple of the Updates Interval. The possible field range is 2 - 10. The field default is 4. For example, if the Update Interval is 30 seconds and the Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds.

  • Page 156: Defining Lldp Port Settings

    Figure 3-58. LLDP Properties Page Defining LLDP Port Settings The LLDP Port Settings Page allows network administrators to define LLDP port settings, including the port type, the LLDP port state, and the type of port information advertised. To define LLDP Port Properties: Command Attributes •...

  • Page 157: Defining Media Endpoint Discovery Network Policy

    Detailed network topology information including which device are located on the network, and where these devices are located. For example, what IP phone is connect to what port, what software is running on what switch, and with port is connected to what PC.

  • Page 158: Defining Lldp Med Port Settings

    Streaming Video — Indicates that the network policy is defined for a Streaming Video application. • VLAN ID — Indicates the VLAN ID for which the Network policy is assigned. • VLAN Type — Indicates the VLAN type for which the network policy is defined.

  • Page 159: Viewing The Lldp Neighbor Information

    • Port Displays the port to which the network policy is attached. • LLDP MED Status — Indicates if LLDP is enabled on the device. The possible field values are: – Enable – Enables LLDP MED on the device. –...

  • Page 160: Viewing Neighbor Information Details

    Apply Figure 3-62. LLDP Neighbor Information Page Viewing Neighbor Information Details In the LLDP Neighbor Information Page, click the Details button to open the The Details Neighbor Information Page. The Details Neighbor Information Page displays the information advertised by neighboring ports when advertising LLDP information.
  • Page 161 • Power Value — Indicates the total power in watts required by a PD device from a PSE device, or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration.

  • Page 162: Figure 3-63. Details Neighbor Information Page

    Configuring the Switch Figure 3-63. Details Neighbor Information Page...

  • Page 163: Managing Power-Over-Ethernet Devices

    Guard Band protects the device from exceeding the maximum power level. For example, if 400W is maximum power level, and the Guard Band is 20W, if the total system power consumption exceeds 380W no additional PoE components can be added.

  • Page 164: Defining Poe Interfaces

    PoE operation status and the interface’s power consumption. Command Attributes • Port — Indicates the specific interface for which PoE parameters are defined and assigned to the powered interface connected the to selected port. • Admin Status — Indicates the device PoE mode. The possible field values are: •...
  • Page 165 • Never — Disables the Device Discovery protocol, and stops the power supply to the device using the PoE module. • Oper. Status — Indicates if the port is enabled to work on PoE. The possible field values are: • On — Indicates the device is delivering power to the interface.

  • Page 166: Device Diagnostic Tests

    Port mirroring can be used as a diagnostic tool as well as a debugging feature. Port mirroring also enables switch performance monitoring. You can mirror traffic from any source port to a target port for real-time analysis. You...
  • Page 167 Device Diagnostic Tests can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. When configuring port mirroring, ensure the following: • Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port.

  • Page 168: Viewing Integrated Cable Tests

    Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. Cables up to 120 meters long can be tested. Cables are tested when the ports are in the down state, with the exception of the Approximated Cable Length test.

  • Page 169: Viewing Optical Transceivers

    Web – Click Physical, Diagnostics, Copper Cable, define the fields, and click Test. Figure 3-67. Copper Cable Page CLI – The following is an example of the CLI commands used to test copper cables: Console# show copper-ports cable-length 4-452...

  • Page 170: Figure 3-68. Optical Transceiver Page

    • Unit No. — Indicates the stacking member for which the interface configuration information is displayed. • Port — Displays the IP address of the port on which the cable is tested. • Temperature — Displays the temperature (C) at which the cable is operating.

  • Page 171: Viewing Device Health

    • Not Present —The power supply is currently not present. • Fan Status — The fan status. The number of fans on the boards is provided based on the device type (number of ports) and PoE chips availability. Each fan is denoted as fan plus the fan number in the interface.

  • Page 172: Figure 3-69. Health Page

    Configuring the Switch Celsius Fahrenheit Web – Click Physical, Diagnostics, Health. Figure 3-69. Health Page CLI – The following is an example of the device Health CLI commands: Console# show system 4-618 Unit Type ---- ----------------- Alcatel...

  • Page 173: Configuring Traffic Control

    Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports. Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.

  • Page 174: Figure 3-70. Storm Control Page

    Configuring the Switch • Broadcast Rate Threshold — The maximum rate (kilobits per second) at which unknown packets are forwarded. Rate limitations are as follows: • The range for FE ports is 70 - 100000. Default is 3500. • The range for GE ports is 3500 - 1000000.

  • Page 175: Configuring Port Security

    MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a packet is received on a locked port, and the packet source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options.
  • Page 176 • Max Entries — Specifies the number of MAC address that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Set Port field. In addition, the Limited Dynamic Lock mode is selected. The default is 1.

  • Page 177: 802.1X Port-Based Authentication

    802.1X Port-Based Authentication Figure 3-71. Port Security Page CLI – The following is an example of the Port Security CLI commands: interface ethernet Console(config)# 1/e1 4-376 port security forward trap Console(config-if)# 4-321 port security mode Console(config-if)# 4-321 port security max...

  • Page 178: Advanced Port-Based Authentication

    • Single Host Mode — Only the authorized host can access the port. • Multiple Host Mode — Multiple hosts can be attached to a single port. Only one host must be authorized for all hosts to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are denied access to the network.

  • Page 179: Defining Network Authentication Properties

    VLAN List field. • Disable — . This is the Disables use of a Guest VLAN for unauthorized ports default. • Guest VLAN ID — Contains a list of VLANs. The Guest VLAN is selected from the VLAN list.

  • Page 180: Figure 3-72. System Information Page

    Configuring the Switch • EAP Frames — Determines how EAP packets are managed when port based authentication is disabled on the device. EAP packets are used to transmit authentication information. The possible field values are: • Filtering — Filters EAP packets when port based authentication is disabled globally.

  • Page 181: Defining Port Authentication

    • Current Port Control — Displays the current port authorization state. • Unauthorized — Indicates that the port control is ForceUnauthorized, the port link is down, or the port control is Auto, but a client has not been authenticated via the port.

  • Page 182: Modify Port Authentication Page

    • Current Port Control — Displays the current port authorization state. • Unauthorized — Indicates that the port control is ForceUnauthorized, the port link is down, or the port control is Auto, but a client has not been authenticated via the port.
  • Page 183 All selects all ports for reauthentication. • Authenticator State — Displays the current authenticator state. • Quiet Period — Displays the number of seconds that the device remains in the quiet state following a failed authentication exchange. The possible field range is 0-65535.

  • Page 184: Configuring Multiple Hosts

    4-273 Configuring Multiple Hosts The Multiple Hosts Page allows network managers to configure advanced port-based authentication settings for specific ports and VLANs. Command Attributes • Unit No. — Indicates the stacking member for which the Multiple Hosts information is displayed.
  • Page 185 • Multiple Host Mode — Multiple hosts can be attached to a single 802.1x-enabled port. Only one host must be authorized for all hosts to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are denied access to the network.

  • Page 186: Defining Authentication Hosts

    Defining Authentication Hosts The Authentication Host Page contains a list of authenticated users. Command Attributes • User Name — Lists the supplicants that were authenticated, and are permitted on each port. • Port — Displays the port number. • Session Time — Displays the amount of time (in seconds) the supplicant was logged on the port.

  • Page 187: Figure 3-75. Authentication Host Page

    802.1X Port-Based Authentication Figure 3-75. Authentication Host Page CLI – The following is an example of the Authentication Host CLI commands: show dot1x Console# 4-274 802.1x is enabled Port Admin Mode Oper Mode Reauth Reauth Username Control Period ---- ----------...

  • Page 188: Viewing Eap Statistics

    The Statistics Page contains information about EAP packets received on a specific port. Command Attributes • Unit No. — Indicates the stacking member for which the received EAP packets information is displayed. • Port — Indicates the port, which is polled for statistics.
  • Page 189 802.1X Port-Based Authentication • Refresh Rate — Indicates the amount of time that passes before the EAP statistics are refreshed. The possible field values are: • 15 Sec — Indicates that the EAP statistics are refreshed every 15 seconds. • 30 Sec — Indicates that the EAP statistics are refreshed every 30 seconds.

  • Page 190: Figure 3-76. Statistics Page

    Configuring the Switch Figure 3-76. Statistics Page CLI – The following is an example of the 802.1X Statistics CLI commands: Console# show dot1x statistics ethernet 1/e1 4-279 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 12 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3...

  • Page 191: Defining Access Control Lists

    • Each ACL can have up to 256 Access Control Elements (ACE rules). • The maximum number of ACLs is 894 per port. • You must configure a mask for an ACL rule before you can bind it to a port or set the queue or frame priorities associated with the rule.

  • Page 192: Binding Device Security Acls

    Configuring the Switch • The switch does not support the explicit “deny any” rule for the egress IP ACL or the egress MAC ACLs. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress checking, the bind operation will fail.

  • Page 193: Defining Ip Based Access Control Lists

    The possible field value is 1-2147483647. • Protocol — Creates an ACE based on a specific protocol. • Select from List — Selects a protocol from a list on which ACE can be based. Some of the possible field values are: •...
  • Page 194 • ICMP Type — Specifies an ICMP message type for filtering ICMP packets. • ICMP Code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

  • Page 195: Defining Mac Based Access Control Lists

    192.1.1.1 0.0.0.255 4-304 Defining MAC Based Access Control Lists The MAC Based ACL Page allows a MAC- based ACL to be defined. ACEs can be added only if the ACL is not bound to an interface. Command Attributes • ACL Name — Displays the user-defined MAC based ACLs.
  • Page 196 00:AB:22:11:33:00 and the wildcard mask is 00:00:00:00:00:FF, the first two bits of the MAC are used, while the last two bits are ignored. • VLAN ID — Matches the packet’s VLAN ID to the ACE. The possible field values are 1 to 4095.

  • Page 197: Dhcp Snooping

    DHCP Snooping Figure 3-79. MAC Based ACL Page CLI – The following is an example of the MAC Based ACL CLI commands: mac access-list Console(config)# macl-acl1 4-306 permit any vlan Console(config-mac-al)# 6:6:6:6:6:6 0:0:0:0:0:0 4-307 deny Console (config-mac-acl)# 66:66:66:66:66:66 4-308 DHCP Snooping DHCP Snooping expands network security by providing an extra layer of security between untrusted interfaces and DHCP servers.

  • Page 198: Dhcp Snooping Properties

    • Database Update Interval — Indicates how often the DHCP Snooping Data- base is updated. The possible field range is 600 – 86400 seconds. The field default is 1200 seconds. Web – Click Security, Traffic Control, DHCP Snooping, Properties. Define the fields...

  • Page 199: Defining Dhcp Snooping On Vlans

    VLANs. To enable DHCP Snooping on a VLAN, ensure DHCP Snooping is enabled on the device. Command Attributes • VLAN ID — Indicates the VLAN to be added to the Enabled VLAN list. • Enabled VLAN — Contains a list of VLANs for which DHCP Snooping is enabled.

  • Page 200: Defining Trusted Interfaces

    Trusted interfaces are connected to DHCP servers, switches, or hosts which do not require DHCP packet filtering. Trusted interfaces receive packets only from within the network or the network firewall, and are allowed to respond to DHCP requests. Packets sent from an interface outside the network, or from beyond the network firewall, are blocked by trusted interfaces.

  • Page 201: Binding Addresses To The Dhcp Snooping Database

    – LAG — Queries the VLAN database by LAG number. • VLAN ID — Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database. • Type — Displays the IP address binding type. The possible field values are: –...

  • Page 202: Configuring Option 82

    DHCP with Option 82 can be enabled only if DHCP snooping is enabled. Command Attributes • DHCP Option 82 Insertion — Indicates if DHCP Option 82 with data insertion is enabled on the device. The possible field values are: • Enable — Enables DHCP Option 82 with data insertion on the device. If DHCP Option 82 with data insertion is enabled the DHCP server can insert information into DHCP requests.

  • Page 203: Dynamic Arp Inspection

    • Permits two hosts on the same network to communicate and send packets. • Permits two hosts on different packets to communicate via a gateway. • Permits routers to send packets via a host to a different router on the same network.

  • Page 204: Arp Inspection Properties

    Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. If the packet’s IP address was not found in the ARP Inspection List, and DHCP snooping is enabled for a VLAN, a search of the DHCP Snooping Database is performed. If the IP address is found the packet is valid, and is forwarded. ARP...

  • Page 205: Arp Inspection Trusted Interface Settings

    ARP Inspec-tion List. Trusted packets are forward without ARP Inspection. • Untrusted — Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses. The packet is checked for: –...

  • Page 206: Defining Arp Inspection List

    • Units — Indicates the port on which ARP Inspection Trust mode is enabled. • LAGs — Indicates the LAG on which ARP Inspection Trust mode is enabled. • Trust — Indicates if the selected interface is trusted or untrusted. The possible field values are: •...

  • Page 207: Assigning Arp Inspection Vlan Settings

    The VLAN Settings Page assigns static ARP Inspection Lists to VLANs. Command Attributes • VLAN ID — A new VLAN ID that is defined by the user and added to the Enabled VLANs list. • Enabled VLANs — Contains a list of VLANs in which ARP Inspection is enabled.

  • Page 208: Ip Source Guard

    Figure 3-88. VLAN Settings Page IP Source Guard IP Source Guard is a security feature that restricts the client IP traffic to those source IP addresses configured in the binding. IP traffic restrictions are applied according to definitions in both the DHCP Snooping Binding Database and in manually configured IP source bindings.

  • Page 209: Configuring Ip Source Guard Properties

    DHCP Snooping. If source IP address filtering is enabled, packet transmission is permitted as follows: • IPv4 traffic — Only IPv4 traffic with a source IP address that is associated with the specific port is permitted. • Non IPv4 traffic — All non-IPv4 traffic is permitted.

  • Page 210: Adding Interfaces To The Ip Source Guard Database

    • Status — Indicates if IP Source Guard is enabled or disabled. • Enable — Indicates that IP Source Guard is enabled on the interface. • Disable — Indicates that IP Source Guard is disabled on the interface. This is the default value.

  • Page 211: Figure 3-91. Ip Source Guard Binding Database Page

    • Port — Queries the VLAN database by port number. • LAG — Queries the VLAN database by LAG number. • Interface — Displays the VLAN ID to which the IP address is attached in the IP Source Guard Database.

  • Page 212: Defining The Forwarding Database

    An address becomes associated with a port by learning the frame’s source address, but if a frame that is addressed to a destination MAC address is not associated with a port, that frame is flooded to all relevant VLAN ports. To prevent the bridging table from overflowing, a dynamic MAC address, from which no traffic arrives for a set period, is erased.

  • Page 213: Defining Dynamic Forwarding Database Entries

    Defining the Forwarding Database MAC address and VLAN, then click Apply. Figure 3-92. Static Addresses Page CLI – The following is an example of the CLI commands used to define static addresses: interface vlan Console(config)# 4-664 bridge address ethernet Console(config-if)# 3aa2.64b3.a245...

  • Page 214: Figure 3-93. Dynamic Addresses Page

    Command Attributes • Address Aging — Specifies the amount of time the MAC address remains in the Dynamic MAC Address table before it is timed out, if no traffic from the source is detected. The default value is 300 seconds.

  • Page 215: Configuring Spanning Tree

    STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device.

  • Page 216: Defining Spanning Tree

    When using STP or RSTP, it may be difficult to maintain a stable path between all VLAN members. Frequent changes in the tree structure can easily isolate some of the group members.
  • Page 217 Root Bridge. This field is significant when the bridge is not the Root Bridge. The default is zero. • Root Path Cost — The cost of the path from this bridge to the Root Bridge. • Topology Changes Counts — Specifies the total amount of STP state changes that have occurred.

  • Page 218: Defining Stp On Interfaces

    Configuring the Switch Figure 3-94. STP General Page CLI – This command displays global STA settings, followed by settings for each port. Console(config)# spanning-tree 4-540 console(config)# spanning-tree mode rstp 4-540 Console(config)# spanning-tree bpdu flooding 4-550 Console(config)# spanning-tree pathcost method long...
  • Page 219 • A port on a network segment with no other STP compliant bridging device is always forwarding. • If two ports of a switch are connected to the same segment and there is no other STP device attached to this segment, the port with the smaller ID forwards packets and the other is discarding.
  • Page 220 • Port Fast — Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up.

  • Page 221: Defining Rapid Spanning Tree

    • All LAGs — Enables RSTP on all LAGs. • Interface — Displays the port or LAG on which Rapid STP is enabled. • Role — Displays the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:...
  • Page 222 • Multiple STP — Multiple STP is enabled on the device. • Fast Link Status — Indicates whether Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is automatically placed in the forwarding state.

  • Page 223: Defining Multiple Spanning Tree

    Defining Multiple Spanning Tree Multiple Spanning Tree (MSTP) provides differing load balancing scenarios. For example, while port A is blocked in one STP instance, the same port can be placed in the Forwarding state in another STP instance. The MSTP General Page contains information for defining global MSTP settings, including region names, MSTP revisions, and maximum hops.

  • Page 224: Defining Mstp Instance Settings

    MSTP configuration. The revision number is required as part of the MSTP configuration. The possible field range is 0-65535. • Max Hops — Specifies the total number of hops that occur in a specific region before the BPDU is discarded. Once the BPDU is discarded, the port information is aged out.

  • Page 225: Defining Mstp Interface Settings

    • Bridge Priority — Specifies the selected spanning tree instance device priority. The field range is 0-61440. • Designated Root Bridge ID — Indicates the ID of the bridge with the lowest path cost to the instance ID. • Root Port — Indicates the selected instance’s root port.
  • Page 226 • Port — Specifies the port for which the MSTP settings are displayed. • LAG — Specifies the LAG for which the MSTP settings are displayed. • STP Port Status — Indicates if STP is enabled on the port. The possible field values are: •...

  • Page 227: Figure 3-99. Mstp Interface Settings Page

    • Path Cost — Indicates the port contribution to the Spanning Tree instance. The range should always be 1-200,000,000. • Designated Bridge ID — Displays the ID of the bridge that connects the link or shared LAN to the root.

  • Page 228: Configuring Vlans

    By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs.
  • Page 229 Configuring VLANs VLAN Classification When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port). But if the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.

  • Page 230: Tagged/Untagged Vlans

    Configuring the Switch Note: If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports connected to these devices. But you can still enable GVRP on these edge switches, as well as on the core switches in the network.

  • Page 231: Defining Vlan Membership

    Configuring VLANs Web – Click Layer 2, VLAN, VLAN, Basic Information. Figure 3-100. VLAN Basic Information Page CLI – The following is an example of the VLAN Basic Information CLI commands: show vlan Console# 4-682 VLAN Name Ports Type Authorization...
  • Page 232 Configuring the Switch information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. The Current Table Page contains parameters for defining VLAN groups: Command Attributes • Unit No. — Indicates the stacking member for which the Current Table information is displayed.

  • Page 233: Figure 3-101. Current Table Page

    Configuring VLANs Figure 3-101. Current Table Page CLI – The following is an example of the CLI commands used to create VLANs: Console(config)# vlan database 4-662 Console(config-vlan)# vlan 1972 4-663 Console(config-if)# exit 4-656 Console(config)# interface vlan 19 4-664 Console(config-if)# name Marketing...

  • Page 234: Defining Vlan Interface Settings

    • General — Indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode). • Access — Indicates a port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated.

  • Page 235: Defining Customer Mapping For Multicast Tv

    Console(config-if)# switchport access multicast-tv vlan 20 4-687 Defining Customer Mapping for Multicast TV The Customer Multicast TV VLAN Page assigns ports to a Multicast TV VLAN. This is required for configuring and implementing the Triple Play functionality. Command Attributes • Interface — Defines the VLAN to which the ports are assigned.

  • Page 236: Mapping Cpe Vlans

    Configure the port as Triple Play see Command Attributes • CPE VLAN — Indicates the CPE VLAN which is mapped to the Multicast TV VLAN. • Multicast TV VLAN — Indicates the CPE VLAN which is mapped to the Multicast TV VLAN.

  • Page 237: Defining Vlan Groups

    VLANs can be grouped by MAC address, Subnets, and Protocols. Once a user logs on, the system attempts to classify the user by MAC address. If the user cannot be classified by MAC address, the system attempts to classify the user by Subnet. If the subnet classification is unsuccessful, the system attempts to classify the user by protocol.

  • Page 238: Configuring Subnet Based Vlan Groups

    • MAC Address – Defines the MAC address assigned to the VLAN group. • Prefix – Defines the MAC address’s prefix. The possible field range is 0-32. • Group ID – Defines the MAC based VLAN ID. The possible field range is 1 - 2147483647.

  • Page 239: Configuring Protocol Based Vlan Groups

    The classification places the interface into a protocol group. Command Attributes • Protocol Value — User-defined protocol value. • Group ID – Defines the IP based VLAN ID. The possible field range is 1 - 2147483647. • Remove — If checked, deletes the Protocol Based VLAN Group.

  • Page 240: Mapping Groups To Vlans

    Configuring the Switch Figure 3-107. Protocol Based Groups Page CLI – The following is an example of the CLI commands used to create Protocol Based VLAN groups: console(config)# vlan database 4-662 console(config-vlan)# map protocol protocols-group 4-666 console(config-vlan)# switchport general map protocols-group vlan...

  • Page 241: Defining Garp

    • VLAN ID — Attaches the interface to a user-defined VLAN ID. VLAN group ports can either be attached to a VLAN ID or a VLAN name. The possible field range is 1-4093, and 4095 (4094 is not available for configuration).

  • Page 242: Figure 3-109. Garp Configuration Page

    GARP state. Leave time is activated by a Leave All Time message sent/received, and cancelled by the Join message received. Leave time must be greater than or equal to three times the join time. The default value is 60 centiseconds.

  • Page 243: Defining Gvrp

    The GVRP Parameters Page is divided into port and LAG parameters. The field definitions are the same. Command Attributes • GVRP Global Status — Indicates if GVRP is enabled on the device. The possible field values are: • Enable — Enables GVRP on the selected device.

  • Page 244: Viewing Gvrp Statistics

    Configuring the Switch Apply. Figure 3-110. GVRP Parameters Page CLI – The following is an example of the GVRP configuration commands: gvrp enable Console(config)# 4-399 interface ethernet Console(config)# 1/e6 4-376 gvrp enable Console(config-if)# 4-399 gvrp vlan-creation-forbid Console(config-if)# 4-402 gvrp registration-forbid...

  • Page 245: Figure 3-111. Gvrp Statistics Page

    • Invalid Attribute Length—Displays the device GVRP Invalid Attribute Length statistics. • Invalid Event—Displays the device GVRP Invalid Event statistics. Web – Click Layer 2, VLAN, VLAN, GVRP Statistics. Enable or disable GVRP, define the fields, and click Apply. Figure 3-111. GVRP Statistics Page CLI –...
  • Page 246 Configuring the Switch Legend: Join Empty Received rJIn: Join In Received rEmp : Empty Received rLIn: Leave In Received Leave Empty Received rLA : Leave All Received Join Empty Sent sJIn: Join In Sent sEmp : Empty Sent sLIn: Leave In Sent...

  • Page 247: Multicast Filtering

    (VLAN). The user can set the IGMP Querier mode to either V2 or V3. (Default is V2). When working in IGMPv3 mode and detecting an IGMPv2 message, the switch will automatically change its mode to IGMPv2.
  • Page 248 • Source IP address — Defines the interface source IP address from which queries are sent. • Auto Learn — Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the device automatically learns where other Multicast groups are located.

  • Page 249: Specifying Static Interfaces For A Multicast Group

    • D — Dynamically joins ports/LAG to the Multicast group in the Current Row. • S — Attaches the port to the Multicast group as static member in the Static Row. The port/LAG has joined the Multicast group statically in the Current Row.

  • Page 250: Figure 3-113. Multicast Group Page

    Multicast frames are flooded to all ports in the relevant VLAN. Disabled is the default value. • VLAN ID — Identifies a VLAN and contains information about the Multicast group address. • Bridge Multicast Address — Identifies the Multicast group MAC address/IP address.

  • Page 251: Displaying Interfaces Attached To A Multicast Router

    The following table summarizes the Multicast settings which can be assigned to ports in the Multicast Forward All Page: • D — Attaches the port to the Multicast router or switch as a dynamic port. • S — Attaches the port to the Multicast router or switch as a static port.

  • Page 252: Configuring Multicast Tv

    VLAN, eliminating television traffic duplication. Ports which receive Multicast Transmissions, or Receiver Ports, can be defined in any VLAN, and not just in the Multicast VLAN. Receiver ports can only receive Multicast transmissions, they cannot initiate a Multicast TV transmission.

  • Page 253: Defining Multicast Tv Membership

    Web – Click Layer 2, Multicast, Multicast TV, IGMP Snooping Mapping, click Add, define the fields, and click Apply. Figure 3-115. IGMP Snooping Mapping Page CLI – The following is an example of the Multicast Forward All CLI commands: console(config)# interface ethernet 1/e21 console(config-if)# switchport access multicast-tv vlan VLAN_ID VLAN ID...

  • Page 254: Configuring Triple Play

    Ports and trunks are assigned to Multicast VLAN in the Interface Configuration Page. Command Attributes • Multicast TV VLAN ID — Indicates the Multicast VLAN ID to which the source ports and receiver ports are members. • Receiver Ports — Indicates the port on which Multicast TV transmissions are received.

  • Page 255: Configuring Quality Of Service

    Each subscriber on a network maintains a Customer Premise Equipment Multi-Connect (CPE MUX) box. The MUX boxes directs network traffic from uplink ports to MUX access ports. MUX access ports are based on VLAN tags located in packet headers. Service provider’s packets are tagged twice. Each packet has an internal tag and an external tag.

  • Page 256: Access Control Lists

    (ACE) is composed of a single classification rule and its action. A single ACL may contain one or more ACEs. The order of the ACEs within an ACL is important, as they are applied in a first-fit manner. The ACEs are processed sequentially, starting with the first ACE. When a packet is matched to an ACE classification, the ACE action is performed and the ACL processing terminates.

  • Page 257: Mapping To Queues

    (see “Advanced QoS Mode”). • Simple — In the simple form, a single (MAC or IP) ACL is applied to an interface. Although a policy cannot be applied to an interface, it is possible to apply basic QoS rules that classify packets to output queues (see “Basic QoS Mode”).

  • Page 258: Qos Modes

    • Default CoS — Packets arriving untagged are assigned to a default VPT, which can be set by the user on a per port basis. Once the VPT is assigned, the packet is treated as if it had arrived with this tag. The VPT mapping to the output queue is based on the same user-defined 802.1p tag-based definitions.

  • Page 259: Enabling Qos

    VPT tag than that with which they ingressed. Packets are always assigned a VPT tag of 0 or 1 at the egress. When using trust VPT this caveat does not exist, and packets egress with the same VPT with which they ingressed.

  • Page 260: Defining Global Queue Settings

    • Default CoS — Determines the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0. • Restore Defaults — Restores the factory QoS default settings to the selected port.

  • Page 261: Defining Bandwidth Settings

    Configuring Quality of Service • WRR Weight — Assigns WRR weights to queues. This field shows the wrr weight assigned to the queue. This field can not be modified. • % of WRR Bandwidth — Indicates the amount of bandwidth assigned to the QoS queue.
  • Page 262 • Ingress Rate Limit — Indicates the traffic limit for ingress interfaces. The possible field values are: • Status — Enables or Disables rate limiting for ingress interfaces. Disable is the default value. • Rate Limit — Defines the rate limit for ingress ports. The possible field values are: Interface Rate 70 Kbps - 1 Gbps, depending on the maximum port speed.

  • Page 263: Configuring Vlan Rate Limit

    QoS rate limiting has priority over VLAN rate limiting. For example, if a packet is subject to QoS rate limits but is also subject to VLAN rate limiting, and the rate limits conflict, the QoS rate limits take precedence.

  • Page 264: Mapping Cos Values To Queues

    Command Attributes • Class of Service — Specifies the VLAN (CoS) priority tag values, where zero is the lowest and 8 is the highest. • Queue — Defines the traffic forwarding queue to which the CoS priority is mapped.

  • Page 265: Mapping Dscp Values To Queues

    Configuring Quality of Service Figure 3-121. CoS to Queue Page CLI – The following is an example of the CLI commands used to map CoS values to forwarding queues: Console(config)# wrr-queue cos-map 2 7 4-481 Mapping DSCP Values to Queues The DSCP Priority Page contains fields for classifying DSCP settings to traffic queues.

  • Page 266: Defining Basic Qos Settings

    Packets entering a QoS domain are classified at the edge of the QoS domain. Command Attributes • Trust Mode — Selects the trust mode. If a packet’s CoS tag and DSCP tag are mapped to different queues, the Trust mode determines the queue to which the packet is assigned.

  • Page 267: Defining Qos Dscp Rewriting Settings

    Configuring Quality of Service Figure 3-123. QoS General Page CLI – The following is an example of the CLI commands used to configure QoS Basic Mode’s general parameters: Console(config)# qos trust dscp 4-489 Defining QoS DSCP Rewriting Settings The DSCP Rewrite Page allows network administrators to rewrite DSCP values.

  • Page 268: Defining Qos Dscp Mapping Settings

    Configuring the Switch Figure 3-124. DSCP Rewrite Page CLI – The following is an example of the CLI commands used to rewrite DSCP values: qos dscp-mutation Console(config)# 4-491 Defining QoS DSCP Mapping Settings When traffic exceeds user-defined limits, use the DSCP Mapping Page to configure the DSCP tag to use in place of the incoming DSCP tags.

  • Page 269: Defining Qos Class Maps

    Command Attributes • Class-Map Name — Displays the user-defined name of the class map. • Preferred ACL — Indicates if packets are first matched to an IP based ACL or a MAC based ACL. • ACL 1 — Contains a list of the user defined ACLs.

  • Page 270: Defining Policies

    Console(config-cmap)# match access-group royrogers 4-471 Defining Policies A policy is a collection of classes, each of which is a combination of a class map and a QoS action to apply to matching traffic. Classes are applied in a first-fit manner within a policy.

  • Page 271: Figure 3-127. Aggregate Policer Page

    • Ingress Committed Information Rate (CIR) — CIR in bits per second. This field is only relevant when the Police value is Single. • Ingress Committed Burst Size (CBS) — CBS in bytes per second. This field is only relevant when the Police value is Single.

  • Page 272: Defining Tail Drop

    Tail drop is only configurable on Giga Ethernet ports. Tail Drop is configured per queue. Command Attributes • Queue No. — Indicates the traffic queue for which the tail drop settings are defined. • Threshold (0-100) — Defines the bandwidth amount after which packets are dropped.

  • Page 273: Figure 3-129. Policy Table Page

    Configuring Quality of Service Command Attributes • Policy Name — Contains a list of user-defined policies that can be attached to the interface. • Remove — Removes policies. • Checked — Removes the selected policies. • Unchecked — Maintains the policies.

  • Page 274: Viewing Policy Bindings

    LAGs — Displays the LAGs and their policy names. The Policy Binding table contains the following fields: • Interface — Selects an interface. • Policy Name — Contains a list of user-defined policies that can be attached to the interface. • Remove — Removes policies.

  • Page 275: Figure 3-130. Policy Binding Page

    Web – Click Policy, Advanced Mode, Policy Profile, Policy Binding. Define the fields, and click Apply. Figure 3-130. Policy Binding Page CLI – The following is an example of the CLI commands used to bind policies: Console# show policy-map 4-474...
  • Page 276 Configuring the Switch...

  • Page 277: Chapter 4: Command Line Interface

    IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion.
  • Page 278 Command Line Interface To access the switch through a Telnet session, you must first set the IP address for the switch, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0...

  • Page 279: Entering Commands

    Command Completion If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “logging history” example, typing log followed by a tab will result in printing the command up to “logging.”...

  • Page 280: Showing Commands

    Command Line Interface Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, Interface, Line, VLAN Database, or MSTP). You can also display a list of valid keywords for a specific command.

  • Page 281: Partial Keyword Lookup

    Available commands depend on the selected mode. You can always enter a question mark “?” at the prompt to display a list of the commands available for the current mode. The command classes and associated modes are displayed in the following table: Table 4-1.

  • Page 282: Exec Commands

    Command Line Interface Exec Commands When you open a new console session on the switch with the user name and password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>” command prompt. Only a limited number of the commands are available in this mode.

  • Page 283: Command Line Processing

    You can use the Tab key to complete partial commands, or enter a partial command followed by the “?” character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing: Table 4-3.
  • Page 284 Function Ctrl-F Shifts cursor to the right one character. Ctrl-K Deletes all characters from the cursor to the end of the line. Ctrl-L Repeats current command line on a new line. Ctrl-N Enters the next command line in the history buffer.

  • Page 285: Command Groups

    Command Groups Command Groups The system commands can be broken down into the functional groups shown below Table 4-4. Command Groups Command Group Description Page 802.1x Commands Configures Port based authentication for authenticating system users 4-263 on a per-port basis via a external server.
  • Page 286 Configures VLANS and displays VLAN information. 4-661 Web Server Commands Configures Web based access to the device. 4-691 The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration)

  • Page 287: 802.1X Commands

    Specifies one or more authentication, authorization, and 4-264 dot1x accounting (AAA) methods for use on interfaces running IEEE 802.1X. To return to the default configuration, use the no form of this command dot1x Enables 802.1x globally. To return to the default configuration, use...

  • Page 288: Aaa Authentication Dot1X

    VLAN, use the no form of this command. dot1x multiple-hosts Enables multiple hosts (clients) on an 802.1X-authorized port, 4-282 where the authorization state of the port is set to auto. To return to the default configuration, use the no form of this command dot1x...

  • Page 289: Dot1X System-Auth-Control

    Global Configuration Command Usage Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied. To ensure that authentication succeeds even if all methods return an error, specify none as the final method in the command line.

  • Page 290: Dot1X Port-Control

    Interface Configuration mode command enables manually dot1x port-control controlling the authorization state of the port. To return to the default configuration, use the form of this command. Syntax dot1x port-control auto...

  • Page 291: Dot1X Re-Authentication

    The dot1x re-authentication Interface Configuration mode command enables periodic re-authentication of the client. To return to the default configuration, use the form of this command. Syntax dot1x re-authentication no dot1x re-authentication Default Setting Periodic re-authentication is disabled.

  • Page 292: Dot1X Timeout Re-Authperiod

    Interface Configuration mode command sets the dot1x timeout re-authperiod number of seconds between re-authentication attempts. To return to the default configuration, use the form of this command. Syntax dot1x timeout re-authperiod seconds...

  • Page 293: Dot1X Re-Authenticate

    The dot1x timeout quiet-period Interface Configuration mode command sets the number of seconds that the device remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password). To return to the default configuration, use the no form of this command.

  • Page 294: Dot1X Timeout Tx-Period

    Command Line Interface Parameters • seconds — Specifies the time in seconds that the device remains in the quiet state following a failed authentication exchange with the client. (Range: 0 - 65535 seconds) Default Setting Quiet period is 60 seconds.

  • Page 295: Dot1X Max-Req

    802.1x Commands resending the request. To return to the default configuration, use the no form of this command. Syntax seconds dot1x timeout tx-period no dot1x timeout tx-period Parameters • seconds — Specifies the time in seconds that the device waits for a response to an EAP-request/identity frame from the client before resending the request.

  • Page 296: Dot1X Timeout Supp-Timeout

    The default number of times is 2. Command Mode Interface Configuration (Ethernet) mode Command Usage The default value of this command should be changed only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients. and authentication servers. Example The following example sets the number of times that the device sends an EAP-request/identity frame to 6 .

  • Page 297: Dot1X Timeout Server-Timeout

    802.1x Commands frame to the client. To return to the default configuration, use the no form of this command. Syntax seconds dot1x timeout supp-timeout no dot1x timeout supp-timeout Parameters • seconds — Time in seconds that the device waits for a response to an EAP-request frame from the client before resending the request.

  • Page 298: Show Dot1X

    Syntax seconds dot1x timeout server-timeout no dot1x timeout server-timeout Parameters • seconds — Time in seconds that the device waits for a response from the authentication server. (Range: 1-65535 seconds) Default Configuration The timeout period is 30 seconds. Command Mode...
  • Page 299 This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the status of 802.1X-enabled Ethernet ports. show dot1x Console# 802.1x is enabled Port Admin Mode...
  • Page 300 Username The username representing the identity of the Supplicant. This field shows the username in case the port control is auto. If the port is Authorized, it shows the username of the current user. If the port is unauthorized it shows the last user that was...

  • Page 301: Show Dot1X Users

    (for example, the client provided an invalid password). Tx period The number of seconds that the device waits for a response to an Extensible Authentication Protocol (EAP)-request/identity frame from the client before resending the request.
  • Page 302 Command Line Interface Syntax show dot1x users [username username] Parameters • username — Supplicant username (Range: 1-160 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.

  • Page 303: Show Dot1X Statistics

    The port number. Username The username representing the identity of the Supplicant. Session Time The period of time the Supplicant is connected to the system. Authentication Method Authentication method used by the Supplicant to open the session. MAC Address MAC address of the Supplicant.
  • Page 304 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 00:08:78:32:98:78 The following table describes the significant fields shown in the display: Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator.

  • Page 305: Advanced Features

    ADVANCED FEATURES dot1x auth-not-req Interface Configuration mode command enables dot1x auth-not-req unauthorized devices access to the VLAN. To disable access to the VLAN, use the form of this command. Syntax dot1x auth-not-req no dot1x auth-not-req Default Configuration Access is enabled.

  • Page 306: Dot1X Multiple-Hosts

    MAC address only. For unauthenticated VLANs multiple hosts are always enabled. Port security on a port cannot be enabled if the port if multiple hosts are disabled or multiple hosts are enabled with authentication per host.

  • Page 307: Dot1X Single-Host-Violation

    Interface Configuration mode command configures dot1x single-host-violation the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. Use the form of this command to return to default.

  • Page 308: Dot1X Guest-Vlan

    If the guest VLAN is defined and enabled, the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becomes authorized. To be able to join or leave the guest VLAN, the port should not be a static member of the guest VLAN.

  • Page 309: Dot1X Guest-Vlan Enable

    Default Setting Disabled. Command Mode Interface Configuration (Ethernet) mode Command Usage A device can have only one global guest VLAN. The guest VLAN is defined using the Interface Configuration mode command. dot1x guest-vlan Example The following example enables unauthorized users on Ethernet port 1/e1 to access the guest VLAN.

  • Page 310: Show Dot1X Advanced

    Interface configuration (Ethernet) Usage Guidelines Guest VLAN must be enabled when MAC authentication is enabled. Static MAC addresses cannot be authorized on a guest VLAN when MAC authentication is enabled. Do not change an authenticated MAC address to a static address.

  • Page 311: Related Commands

    ---------- --------------- 1/e12 Disabled Disabled Disabled Single host parameters Violation action: Discard Trap: Disabled Trap frequency: 10 Status: Not in auto mode Violations since last trap: 9 Related Commands dot1x auth-not-req dot1x multiple-hosts dot1x single-host-violation dot1x guest-vlan dot1x guest-vlan enable...

  • Page 312: Aaa Commands

    To return to the default configuration, use the no form of this command. login authentication Specifies the login authentication method list for a remote telnet or 4-291 console. To return to the default configuration specified by the aaa authentication login command, use the no form of this command.
  • Page 313 Uses the list of all TACACS+ servers for authentication. Default Setting The local user database is checked. This has the same effect as the command list-name local. aaa authentication login Note: On the console, login succeeds without any authentication check if the authentication method is not defined.

  • Page 314: Aaa Authentication Enable

    On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command default enable none.

  • Page 315: Login Authentication

    The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify as the final method in the none command line.

  • Page 316: Enable Authentication

    Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. To return to the default configuration specified by the aaa authentication enable command, use the form of this command.

  • Page 317: Ip Http Authentication

    Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Setting The local user database is checked. This has the same effect as the command local. ip http authentication Command Mode...

  • Page 318: Ip Https Authentication

    Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Setting The local user database is checked. This has the same effect as the command local. ip https authentication Command Mode...
  • Page 319 AAA Commands Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the authentication configuration. show authentication methods Console# Login Authentication Method Lists...

  • Page 320: Password

    Default Setting No password is defined. Command Mode Line Configuration mode Command Usage If a password is defined as encrypted, the required password length is 32 characters. Example The following example specifies password secret on a console. line console...

  • Page 321: Username

    AAA Commands • level — Level for which the password applies. If not specified the level is 15 (Range: 1-15). • — Encrypted password entered, copied from another device encrypted configuration. Default Setting No enable password is defined. Command Mode...

  • Page 322: Show Users Accounts

    This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the local users configured with access to the system. Console# show users accounts Username Privilege Password...
  • Page 323 AAA Commands Lockout If lockout control is enabled, specifies the number of failed authentication attempts since the user last logged in successfully. If the user account is locked, specifies LOCKOUT.

  • Page 324: Acl Commands

    • name — Specifies the name of the ACL. Default Setting The default for all ACLs is deny-all Command Mode Global Configuration mode Command Usage Up to 1018 rules can be defined on the device, depending on the type of rule defined.

  • Page 325: Permit (Ip)

    Parameters • source — Specifies the source IP address of the packet. Specify indicate IP address 0.0.0.0 and mask 255.255.255.255. • source-wildcard — Specifies wildcard to be applied to the source IP address. Use 1s in bit positions to be ignored. Specify to indicate IP address 0.0.0.0 and mask 255.255.255.255.
  • Page 326 Command Line Interface • protocol — Specifies the abbreviated name or number of an IP protocol. (Range: 0-255) The following table lists protocols that can be specified: IP Protocol Abbreviated Name Protocol Number Internet Control Message Protocol icmp Internet Group Management Protocol...
  • Page 327 • source-port — Specifies the UDP/TCP source port. (Range: 0-65535) • list-of-flags — Specifies a list of TCP flags that can be triggered. If a flag is set, it is prefixed by “+”. If a flag is not set, it is prefixed by “-”. Possible values:...

  • Page 328: Deny (Ip)

    Parameters • disable-port — Specifies the ethernet interface is disabled if the condition is matched. • source — Specifies the IP address or host name from which the packet was sent. Specify to indicate IP address 0.0.0.0 and mask 255.255.255.255.
  • Page 329 • flags list-of-flags — List of TCP flags that should occur. If a flag should be set it is prefixed by "+".If a flag should be unset it is prefixed by "-". Avaiable options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin.

  • Page 330: Mac Access-List

    After an ACE is added, an implied condition exists at deny-any-any the end of the list and those packets that do not match the defined conditions are denied. Examples The following example shows how to define a permit statement for an IP ACL.

  • Page 331: Permit (Mac)

    • source-wildcard — Specifies wildcard bits to be applied to the source MAC address. Use 1s in bit positions to be ignored. • destination — Specifies the MAC address of the host to which the packet is being sent. • destination-wildcard — Specifies wildcard bits to be applied to the destination MAC address.

  • Page 332: Deny (Mac)

    If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.
  • Page 333 • If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.

  • Page 334: Service-Acl

    Command Mode Interface (Ethernet, port-channel) Configuration mode. Command Usage In advanced mode, when an ACL is bound to an interface, the port trust mode is set to trust L2-L3 and not to L2. Example The following example, binds (services) an ACL to port 1/e16.

  • Page 335: Show Interfaces Access-Lists

    This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays ACLs applied to the interfaces of a device: show interfaces access-lists Console# Interface Input ACL ---------...
  • Page 336 Command Line Interface Related Commands service-acl...

  • Page 337: Address Table Commands

    Configures the maximum number of addresses that can be 4-322 learned on the port while the port is in port security mode. To return to the default configuration, use the no form of this command. port security routed Adds a MAC-layer secure address to a routed port.

  • Page 338: Bridge Address

    Displays the current dynamic addresses in locked ports. 4-331 addresses bridge address Interface Configuration (VLAN) mode command adds a bridge address MAC-layer station source address to the bridge table. To delete the MAC address, use the form of this command. Syntax mac-address { interface |...

  • Page 339: Bridge Multicast Filtering

    If multicast devices exist on the VLAN, do not change the unregistered multicast addresses state to drop on the switch ports. If multicast devices exist on the VLAN and IGMP-snooping is not enabled, the command should be used to enable forwarding all bridge multicast forward-all multicast packets to the multicast switches.

  • Page 340: Bridge Multicast Address

    {mac-multicast-address} no bridge multicast address Parameters • — Adds ports to the group. If no option is specified, this is the default option. • — Removes ports from the group. remove • mac-multicast-address — A valid MAC multicast address.

  • Page 341: Bridge Multicast Forbidden Address

    • interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; hyphen is used to designate a range of ports. • port-channel-number-list — Separate nonconsecutive valid port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels. Default Setting No forbidden addresses are defined.

  • Page 342: Bridge Multicast Forward-All

    • interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports. • port-channel-number-list — Separate nonconsecutive port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels. Default Setting This setting is disabled.

  • Page 343: Bridge Multicast Forbidden Forward-All

    • interface-list — Separates nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports. • port-channel-number-list — Separates nonconsecutive port-channels with a comma and no spaces; a hyphen is used to designate a range of port-channels. Default Setting This setting is disabled.

  • Page 344: Bridge Aging-Time

    The default is 300 seconds. Command Mode Global Configuration mode Command Usage There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. bridge aging-time Console(config)# Related Commands bridge address clear bridge...

  • Page 345: Port Security

    — Discards packets with unlearned source addresses. discard-shutdown The port is also shut down. • seconds — Sends SNMP traps and defines the minimum amount of time in seconds between consecutive traps. (Range: 1-1000000) Default Setting This setting is disabled.

  • Page 346: Port Security Max

    Interface Configuration (Ethernet, port-channel) mode port security max command configures the maximum number of addresses that can be learned on the port while the port is in port security mode. To return to the default configuration, use form of this command. Syntax...

  • Page 347: Port Security Routed Secure-Address

    The command enables adding secure MAC addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode. The address is deleted if the port exits the security mode...

  • Page 348: Show Bridge Address-Table

    Command Usage Internal usage VLANs (VLANs that are automatically allocated on ports with a defined Layer 3 interface) are presented in the VLAN column by a port number and not by a VLAN ID. "Special" MAC addresses that were not statically defined or dynamically learned are displayed in the MAC address table.

  • Page 349: Show Bridge Address-Table Static

    Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example In this example, all static entries in the bridge-forwarding database are displayed. show bridge address-table static Console# Aging time is 300 sec vlan mac address...

  • Page 350: Show Bridge Address-Table Count

    Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example In this example, the number of addresses present in all VLANs are displayed. show bridge address-table count Console# Capacity: 8192 Free: 8083 Used: 109...

  • Page 351: Show Bridge Multicast Address-Table

    This command has no default configuration. Command Mode Privileged EXEC mode Command Usage A MAC address can be displayed in IP format only if it is in the range of 0100.5e00.0000-0100.5e7f.ffff. Example In this example, multicast MAC address and IP address table information is displayed.

  • Page 352: Show Bridge Multicast Address-Table Static

    [vlan vlan-id] [address mac-multicast-address | ip-multicast-address] [source ip-address] Parameters • vlan-id — Indicates the VLAN ID. This has to be a valid VLAN ID value. • mac-multicast-address — A valid MAC multicast address. • ip-multicast-address — A valid IP multicast address.

  • Page 353: Show Bridge Multicast Filtering

    Syntax vlan-id show bridge multicast filtering Parameters • vlan-id — VLAN ID value. Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.

  • Page 354: Show Ports Security

    Command Line Interface Example In this example, the multicast configuration for VLAN 1 is displayed. show bridge multicast filtering Console# Filtering: Enabled VLAN: 1 Port Forward-Unregistered Forward-All Static Status Static Status ---- --------- --------- --------- ---------- 1/e1 Forbidden Filter Forbidden...

  • Page 355: Show Ports Security Addresses

    Address Table Commands Example In this example, all classes of entries in the port-lock status are displayed: show ports security Console# Port Status Learning Action Maximum Trap Frequency ---- ------- -------- ------- ------- ------- --------- 1/e1 Locked Dynamic Discard Enable...
  • Page 356 Port is a member in port-channel ch1 1/e5 Disabled Lock 1/e6 Enabled Max-addresses Enabled Max-addresses Enabled Max-addresses In this example, dynamic addresses in currently locked port 1/e1 are displayed. show ports security addresses ethernet 1/e1 Console# Port Status Learning Current Maximum ---- -------- --------...

  • Page 357: Lldp Commands

    EXEC mode. lldp optional-tlv The lldp optional-tlv Interface Configuration (Ethernet) mode command specifies which optional TLVs from the basic set should be transmitted. To revert to the default setting, use the no form of this command. Syntax lldp optional-tlv tlv1 [tlv2 …...

  • Page 358: Lldp Med Enable

    The lldp med enable Interface Configuration (Ethernet) mode command enables the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) on an interface. To disable LLDP MED on an interface, use the no form of this command. Syntax lldp med enable [tlv1 … tlv3]...

  • Page 359: Lldp Med Network-Policy (Interface)

    • vlan-type — Specifies if the application is using a 'tagged' or an 'untagged' VLAN. • up priority — User Priority (Layer 2 priority) to be used for the specified application. • dscp value — DSCP value to be used for the specified application.

  • Page 360: Clear Lldp Rx

    • civic-address — Displays the location is specified as civic address. • ecs-elin — Displays the location is specified as ECS ELIN. • data — Displays the data format is as defined in ANSI/TIA 1057. Specifies the location as dotted hexadecimal data: Each byte in hexadecimal character strings is two hexadecimal digits.

  • Page 361: Show Lldp Configuration

    LLDP Commands show lldp configuration The show lldp configuration Privileged EXEC mode command displays the Link Layer Discovery Protocol (LLDP) configuration. Syntax show lldp configuration [ethernet interface] Parameters interface — Ethernet port Command Mode Privileged EXEC User Guidelines There are no guidelines for this command.

  • Page 362: Show Lldp Local

    ---------- ---------- Network Policies: 1 show lldp local The show lldp local Privileged EXEC mode command in privileged EXEC mode displays the Link Layer Discovery Protocol (LLDP) information that is advertised from a specific port. Syntax show lldp local ethernet interface Parameters •...
  • Page 363 LLDP Commands Example Switch# show lldp local ethernet 1/1 Device ID: 0060.704C.73FF Port ID: 1 Capabilities: Bridge System Name: ts-7800-1 System description: Port description: Management address: 172.16.1.8 802.3 MAC/PHY Configuration/Status Auto-negotiation support: Supported Auto-negotiation status: Enabled Auto-negotiation Advertised Capabilities: 100BASE-TX full...

  • Page 364: Show Lldp Neighbors

    Command Line Interface show lldp neighbors The show lldp neighbors Privileged EXEC mode command displays information about neighboring devices discovered using Link Layer Discovery Protocol (LLDP). Syntax show lldp neighbors [ethernet interface] Parameters • interface — Ethernet port Default Configuration This command has no default configuration.
  • Page 365 LLDP Commands Example Switch# show lldp neighbors Port Device ID Port ID Hold Time Capabiliti System Name ---------- ---------- ---------- ---------- ---------- ---------- 0060.704C. ts-7800-2 73F E 0060.704C. ts-7800-2 73FD 0060.704C. B, R ts-7900-1 73F C 0060.704C. ts-7900-2 73FB...
  • Page 366 Command Line Interface Switch# show lldp neighbors ethernet 1/1 Device ID: 0060.704C.73FE Port ID: 1 Hold Time: 117 Capabilities: B System Name: ts-7800-2 System description: Port description: Management address: 172.16.1.1 802.3 MAC/PHY Configuration/Status Auto-negotiation support: Supported. Auto-negotiation status: Enabled. Auto-negotiation Advertised Capabilities: 100BASE-TX full duplex, 1000BASE-T full duplex.
  • Page 367 LLDP Commands Location information, if exists, should be displayed too. The following table describes significant LLDP fields: F ie l d D e s c r i p t i o n Port The port number. Device ID The configured ID (name) or MAC address of the neighbor device.
  • Page 368 Critical, High and Low. Power value Indicates the total power in watts required by a PD device from a PSE device, or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration.

  • Page 369: Amap Commands

    “Hello” packets to determine that it is still present. • Passive — A port enters this state if there is no response to a Discovery “hello” packet. This is a receive-only state and no “Hello” packets are transmitted. If a “Hello”...

  • Page 370: Amap Discovery Time

    Command Line Interface amap discovery time The time (in seconds) that switch ports in the Discovery state wait for a response to a “Hello” packet from an adjacent switch. Syntax amap discovery time seconds no amap discovery time Parameters • seconds — Discovery transmission timeout value in seconds...

  • Page 371: Default Setting

    AMAP Commands Syntax show amap Default Setting None Command Mode Priviledged Executive Example Console#sh amap AMAP is currently enabled AMAP Common Phase Timeout Interval (seconds) = 5000 AMAP Discovery Phase Timeout Interval (seconds) = 3000 Console#...

  • Page 372: Clock Commands

    Sets the polling time for the Simple Network Time Protocol 4-355 (SNTP) client. To return to default configuration, use the no form of this command.

  • Page 373: Clock Set

    (hh: 0 - 23, mm: 0 - 59, ss: 0 - 59). • day — Current day (by date) in the month (1 - 31). • month — Current month using the first three letters by name (Jan, …, Dec). • year — Current year (2000 - 2097).

  • Page 374: Clock Source

    Global Configuration mode command sets the time zone for display purposes. To set the time to the Coordinated Universal Time (UTC), use the form of this command. Syntax hours-offset [ minutes-offset] [...

  • Page 375: Clock Summer-Time

    Command Mode Global Configuration mode Command Usage The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set. Example The following example sets the timezone to 6 hours difference from UTC.
  • Page 376 All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is chronologically after the ending month, the system assumes that you are in the southern hemisphere.

  • Page 377: Sntp Authentication-Key

    Global Configuration mode command grants authentication sntp authenticate for received Simple Network Time Protocol (SNTP) traffic from servers. To disable the feature, use the form of this command. Syntax sntp authenticate...

  • Page 378: Sntp Trusted-Key

    Global Configuration mode command authenticates the sntp trusted-key identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the form of this command.

  • Page 379: Sntp Client Poll Timer

    Command Mode Global Configuration mode Command Usage The command is relevant for both received unicast and broadcast. If there is at least 1 trusted key, then unauthenticated messages will be ignored. Examples The following example authenticates key 8. sntp authentication-key...

  • Page 380: Sntp Broadcast Client Enable

    Command Line Interface Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 120 seconds. sntp client poll timer Console(config)# Related Commands sntp authentication-key sntp authenticate sntp trusted-key sntp broadcast client enable sntp anycast client enable...

  • Page 381: Sntp Anycast Client Enable

    Interface Configuration (Ethernet, port-channel, VLAN) mode sntp client enabl command enables the Simple Network Time Protocol (SNTP) client on an interface. This applies to both receive broadcast and anycast updates. To disable the SNTP client, use the form of this command.

  • Page 382: Sntp Unicast Client Enable

    Global Configuration mode command enables the sntp unicast client enable device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. To disable requesting and accepting SNTP traffic from servers, use the form of this command.

  • Page 383: Sntp Unicast Client Poll

    Clock Commands Example The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. sntp unicast client enable Console(config)# Related Commands sntp authentication-key sntp authenticate sntp trusted-key sntp client poll timer...

  • Page 384: Sntp Server

    Global Configuration mode command configures the device to use sntp server the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from a specified server. To remove a server from the list of SNTP servers, use the form of this command.

  • Page 385: Show Clock

    (blank) Time is authoritative. Time is authoritative, but SNTP is not synchronized. Example The following example displays the time and date from the system clock. Console> show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP show clock detail Console>...

  • Page 386: Show Sntp Configuration

    Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the current SNTP configuration of the device. show sntp configuration Console# Polling interval: 7200 seconds MD5 Authentication keys: 8, 9 Authentication is required for synchronization.

  • Page 387: Show Sntp Status

    (Interface) sntp unicast client enable show sntp status Privileged EXEC mode command shows the status of the show sntp status Simple Network Time Protocol (SNTP). Syntax show sntp status Default Setting This command has no default configuration.

  • Page 388: Sntp Server

    Command Line Interface Server Status Last response Offset Delay [mSec] [mSec] ---------- ------- ---------------------------- ------ ------ 176.1.1.8 19:58:22.289 PDT Feb 19 2002 7.33 117.79 176.1.8.17 Unknown 12:17.17.987 PDT Feb 19 2002 8.98 189.19 Anycast server: Server Interfa Last response Offset Delay...

  • Page 389: Copy

    Displays the contents of the currently running configuration file. 4-373 show startup-config Displays the contents of the startup configuration file. 4-373 show startup-config Displays the active system image file that is loaded by the device 4-374 at startup. copy...
  • Page 390 Command Line Interface Source for the file from a serial connection that uses the Xmodem xmodem: protocol. Image file on one of the units. To copy from the master to all units, unit://member/ specify * in the member field. image Boot file on one of the units.
  • Page 391 For network transfers, indicates that the copy process timed out. Generally, many periods in a row means that the copy process may fail. Copying an Image File from a Server to Flash Memory To copy an image file from a server to flash memory, use the source-url copy command.

  • Page 392: Delete

    Privileged EXEC mode command deletes a file from a flash memory delete device. Syntax delete Parameters • url — The location URL or reserved keyword of the file to be deleted. (Range: 1-160 characters) The following table displays keywords and URL prefixes: Keyword Source or Destination flash: Source or destination URL for flash memory.
  • Page 393 Delete flash:test? [confirm] Related Commands copy show running-config show startup-config The dir Privileged EXEC mode command displays the list of files on a flash file system. Syntax Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.

  • Page 394: More

    The more Privileged EXEC mode command displays a file. Syntax more url Parameters • url — The location URL or reserved keyword of the source file to be copied. (Range: 1-160 characters) The following table displays keywords and URL prefixes: Keyword...

  • Page 395: Rename

    Configuration and Image File Commands Command Mode Privileged EXEC mode User Guidelines Files are displayed in ASCII format, except for the images, which are displayed in a hexadecimal format. Note: *.prv files cannot be displayed. Example The following example displays the contents of the running configuration file.

  • Page 396: Boot System

    • image-2 — Specifies image 2 as the system startup image. Default Setting If the unit number is unspecified, the default setting is the master unit number. Command Mode Privileged EXEC mode Command Usage Use the command to find out which image is the active image.

  • Page 397: Show Running-Config

    This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the contents of the running configuration file. show running-config Console# software version 1.1 hostname device interface ethernet 1/e1 ip address 176.242.100.100 255.255.255.0...

  • Page 398: Show Bootvar

    Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the contents of the running configuration file. Console# show startup-config software version 1.1 hostname device interface ethernet 1/e1 ip address 176.242.100.100 255.255.255.0...
  • Page 399 Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the active system image file that is loaded by the device at startup. show bootvar Console# Images currently available on the FLASH...

  • Page 400: Interface Ethernet

    Displays the storm control configuration. 4-397 interface ethernet Global Configuration mode command enters the interface interface ethernet configuration mode to configure an Ethernet type interface. The system supports up-to five IP addresses per device. Syntax interface interface ethernet...

  • Page 401: Interface Range Ethernet

    Parameters • port-range — List of valid ports. Where more than one port is listed, separate nonconsecutive ports with a comma and no spaces, use a hyphen to designate a range of ports and group a list separated by commas in brackets.

  • Page 402: Shutdown

    Command Usage Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.

  • Page 403: Description

    Parameters • string — Comment or a description of the port to enable the user to remember what is attached to the port. (Range: 1-64 characters) Default Setting The interface does not have a description. Command Mode...

  • Page 404: Speed

    Command Usage command in a port-channel context returns each port in the no speed port-channel to its maximum capability. Example The following example configures the speed operation of Ethernet port 1/e5 to 100 Mbps operation. interface ethernet Console(config)# 1/e5 speed 100...

  • Page 405: Duplex

    When configuring a particular duplex mode on the port operating at 10/100 Mbps, disable the auto-negotiation on that port. Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps. Example The following example configures the duplex operation of Ethernet port 1/e5 to full duplex operation.

  • Page 406: Negotiation

    • capability — Specifies the capabilities to advertise. (Possible values: 10h, 10f, 100h,100f, 1000f) Default Setting Auto-negotiation is enabled. If unspecified, the default setting is to enable all capabilities of the port. Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage...

  • Page 407: Flowcontrol

    Ethernet Configuration Commands flowcontrol Interface Configuration (Ethernet, port-channel) mode command flowcontrol configures flow control on a given interface. To disable flow control, use the form of this command. Syntax flowcontrol auto | on no flowcontrol Parameters • — Indicates auto-negotiation auto •...

  • Page 408: Back-Pressure

    : It is possible to connect to a PC only with a normal cable and to connect to another device only with a cross cable. No: It is possible to connect to a PC only with a cross cable and to connect to another device only with a normal cable.

  • Page 409: Clear Counters

    Interface Configuration (Ethernet) mode Command Usage The back pressure Interface Configuration mode command enables back pressure on half duplex mode only, therefore it can not be configured on a channel port. Example In the following example back pressure is enabled on port 1/e5.

  • Page 410: Set Interface Active

    This command has no default configuration. Command Mode Privileged EXEC mode Command Usage This command is used to activate interfaces that were configured to be active, but were shutdown by the system for some reason (e.g., port security) Example The following example reactivates interface 1/e5.
  • Page 411 Syntax interface | show interfaces advertise [ethernet port-channel port-channel-number] Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) • port-channel-number — Valid port-channel number. Default Setting This command has no default configuration. Command Modes Privileged EXEC mode Command Usage There are no user guidelines for this command.

  • Page 412: Show Interfaces Configuration

    This command has no default configuration. Command Modes Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the configuration of all configured interfaces: show interfaces configuration Console# Type Duple Spee Back...
  • Page 413 Ethernet Configuration Commands 100M-Coppe Full Enable Disable Auto 100M-Coppe Full Enable Disable Auto 100M-Coppe Full Enable Disable Auto 100M-Coppe Full Enable Disable Auto 100M-Coppe Full Enable Disable Auto 100M-Coppe Full Enable Disable Auto 100M-Coppe Full Enable Disable Auto 100M-Coppe Full...

  • Page 414: Show Interfaces Status

    Syntax interface| port-channel-number] show interfaces status [ethernet port-channel Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) • port-channel-number — A valid port-channel number. Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.
  • Page 415 Ethernet Configuration Commands 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down 100M-Coppe Down Related Commands shutdown speed duplex negotiation flowcontrol mdix back-pressure...

  • Page 416: Show Interfaces Description

    Syntax interface | show interfaces description [ethernet port-channel port-channel-number] Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) • port-channel-number — A valid port-channel number. Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.
  • Page 417 | show interfaces counters ethernet port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) • port-channel-number — A valid port-channel number. Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.
  • Page 418 Command Line Interface OutOctets OutUcastPkts OutMcastPkts OutBcastPkts --------- ------------ ------------ ------------ 23739 The following example displays counters for Ethernet port 1/e1. show interfaces counters ethernet Console# 1/e1 Port InOctets InUcastPkts InMcastPkts InBcastPkts ----- ----------- -------------- ----------- ----------- 1/e1 183892 Port...

  • Page 419: Port Storm-Control Broadcast Enable

    Counted received frames that are an integral number of octets in length but do not pass the FCS check. Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully. Late Collisions Number of times that a collision is detected later than one slotTime into the transmission of a packet.

  • Page 420: Port Storm-Control Broadcast Rate

    Syntax rate port storm-control broadcast rate no port storm-control broadcast rate Parameters • rate — Maximum kilobits per second of broadcast and multicast traffic on a port. Default Setting The default value is 3500 Kbits/Sec. Command Mode Interface Configuration (Ethernet) mode...

  • Page 421: Show Ports Storm-Control

    User/Privileged EXEC mode command displays the storm control configuration. Syntax [interface] show ports storm-control Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.
  • Page 422 Command Line Interface 2/g1 Disabled 3/g1 Disabled Related Commands port storm-control broadcast enable port storm-control broadcast rate...

  • Page 423: Gvrp Commands

    Table 4-14. GVRP Commands Command Function Mode Page gvrp enable (Global) Enables GVRP globally. To disable GVRP on the device, use the 4-399 no form of this command. gvrp enable Enables GVRP on an interface. To disable GVRP on an interface,...

  • Page 424: Gvrp Enable (Interface)

    Interface Configuration (Ethernet, port-channel) mode Command Usage An access port does not dynamically join a VLAN because it is always a member in only one VLAN. Membership in an untagged VLAN is propagated in the same way as in a tagged VLAN.

  • Page 425: Garp Timer

    The timer_value value must be a multiple of 10. You must maintain the following relationship for the various timer values: • Leave time must be greater than or equal to three times the join time. • Leave-all time must be greater than the leave time.

  • Page 426: Gvrp Vlan-Creation-Forbid

    Interface Configuration (Ethernet, port-channel) mode gvrp registration-forbid command deregisters all dynamic VLANs on a port and prevents VLAN creation or registration on the port. To allow dynamic registration of VLANs on a port, use the form of this...

  • Page 427: Clear Gvrp Statistics

    Dynamic registration of VLANs on the port is allowed. Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines for this command. Example The following example forbids dynamic registration of VLANs on Ethernet port 1/e6. interface ethernet Console(config)# 1/e6 gvrp registration-forbid Console(config-if)#...

  • Page 428: Show Gvrp Configuration

    Command Line Interface Command Usage There are no user guidelines for this command. Example The following example clears all GVRP statistical information on Ethernet port 1/e6. clear gvrp statistics ethernet Console# 1/e6 Related Commands show gvrp statistics show gvrp error-statistics...

  • Page 429: Show Gvrp Statistics

    | port-channel-number] show gvrp statistics ethernet port-channel Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) • port-channel-number — A valid port-channel number. Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.

  • Page 430: Show Gvrp Error-Statistics

    | show gvrp error-statistics ethernet port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) • port-channel-number — A valid port-channel number. Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.
  • Page 431 GVRP Commands show gvrp statistics...

  • Page 432: Igmp Snooping Commands

    4-410 host-time-out group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that multicast group. To return to the default configuration, use the no form of this command. ip igmp snooping Configures the mrouter-time-out.

  • Page 433: Ip Igmp Snooping (Interface)

    IGMP snooping is disabled. Command Mode Global Configuration mode Command Usage IGMP snooping can only be enabled on static VLANs. It must not be enabled on Private VLANs or their community VLANs. Example The following example enables IGMP snooping. ip igmp snooping...

  • Page 434: Ip Igmp Snooping Host-Time-Out

    If an IGMP report for a multicast group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that multicast group. To return to the default configuration, use the form of this command.

  • Page 435: Ip Igmp Snooping Leave-Time-Out

    If an IGMP report for a multicast group was not received for a leave-time-out period after an IGMP Leave was received from a specific port, this port is deleted from the member list of that multicast group. To return to the default configuration, use the form of this command.

  • Page 436: Ip Igmp Snooping Multicast-Tv

    Command Line Interface Command Usage The leave timeout should be set greater than the maximum time that a host is allowed to respond to an IGMP query. immediate leave only where there is just one host connected to a port.

  • Page 437: Ip Igmp Snooping Querier Enable

    Parameters • ip-address — Source IP address Default Configuration If an IP address is configured for the VLAN, it would be used as the source address of the IGMP Snooping querier.

  • Page 438: Ip Igmp Snooping Querier Version

    Command Mode Interface Configuration (VLAN) mode User Guidelines If an IP address is not configured by this command, and no IP address is configured for the IGMP querier VLAN interface, the querier would be disabled. ip igmp snooping querier version The ip igmp snooping querier version Interface Configuration (VLAN) mode command configures the IGMP version of an IGMP querier on a specific VLAN.

  • Page 439: Show Ip Igmp Snooping Interface

    IGMP Snooping Commands Command Mode User EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays multicast device interfaces in VLAN 1000. show ip igmp snooping mrouter interface Console> 1000 VLAN Ports ----...

  • Page 440: Show Ip Igmp Snooping Groups

    IGMP snooping querier address oper: 172.16.1.1 IGMP snooping querier version: 3 IGMP host timeout is 300 sec IGMP Immediate leave is disabled. IGMP leave timeout is 10 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enabled...
  • Page 441 IGMP Snooping Commands Command Usage To see the full multicast address table (including static addresses) use the Privileged EXEC command. show bridge multicast address-table Example The following example shows IGMP snooping information on multicast groups. show ip igmp snooping groups Console>...

  • Page 442: Ip Addressing Commands

    Table 4-16. IP Addressing Commands Command Function Mode Page ip address Sets an IP address. To remove an IP address, use the no form of 4-418 this command. ip address dhcp Acquires an IP address for an Ethernet interface from the 4-419 Dynamic Host Configuration Protocol (DHCP) server.

  • Page 443: Ip Address Dhcp

    Parameters • host-name — Specifies the name of the host to be placed in the DHCP option 12 field. This name does not have to be the same as the host name specified in the Global Configuration mode command.

  • Page 444: Ip Default-Gateway

    If the device is configured to obtain its IP address from a DHCP server, it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network.

  • Page 445: Show Ip Interface

    Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example the displays the configured IP interfaces and their types. show ip interface Console#...
  • Page 446 Parameters • ip_addr — Valid IP address or IP alias to map to the specified MAC address. • hw_addr — Valid MAC address to map to the specified IP address or IP alias. • interface-number — Valid Ethernet port.

  • Page 447: Arp Timeout

    Syntax seconds arp timeout no arp timeout Parameters • seconds — Time (in seconds) that an entry remains in the ARP cache. (Range: 1 - 40000000) Default Setting The default timeout is 60000 seconds. Command Mode Global Configuration mode Command Usage It is recommended not to set the timeout value to less than 3600.

  • Page 448: Clear Arp-Cache

    • ip-address — Displays the ARP entry of a specific IP address. • mac-address — Displays the ARP entry of a specific MAC address. • interface — Displays the ARP entry of a specific Ethernet port interface. • port-channel-number — Displays the ARP entry of a specific Port-channel number interface.

  • Page 449: Ip Domain-Lookup

    IP Domain Naming System (DNS)-based host name-to-address translation is enabled. Command Mode Global Configuration mode Command Usage There are no user guidelines for this command. Example The following example enables IP Domain Naming System (DNS)-based host name-to-address translation. Console(config)# ip domain-lookup Related Commands ip domain-name ip name-server...

  • Page 450: Ip Domain-Name

    Global Configuration mode command defines a default domain ip domain-name name used by the software to complete unqualified host names (names without a dotted-decimal domain name). To remove the default domain name, use the form of this command.
  • Page 451 No name server addresses are specified. Command Mode Global Configuration mode Command Usage The preference of the servers is determined by the order in which they were entered. Up to 8 servers can be defined using one command or using multiple commands.

  • Page 452: Clear Host

    Command Line Interface Command Usage There are no user guidelines for this command. Example The following example defines a static host name-to-address mapping in the host cache. ip host Console(config)# accounting.Alcatel.com 176.10.23.1 Related Commands ip domain-lookup ip domain-name ip name-server...

  • Page 453: Clear Host Dhcp

    Console# Related Commands ip host show hosts Privileged EXEC mode command displays the default domain show hosts name, a list of name server hosts, the static and the cached list of host names and addresses. Syntax [name] show hosts Parameters •...
  • Page 454 Command Line Interface Command Usage There are no user guidelines for this command. Example The following example displays host information. show hosts Console# Host name: Device Default domain is gm.com, sales.gm.com, usa.sales.gm.com(DHCP) Name/address lookup is enabled Name servers (Preference order): 176.16.1.18 176.16.1.19...

  • Page 455: Lacp Commands

    Table 4-17. LACP Commands Command Function Mode Page lacp system-priority Configures the system priority. To return to the default 4-431 configuration, use the no form of this command. lacp port-priority Configures physical port priority. To return to the default 4-432 configuration, use the no form of this command.

  • Page 456: Lacp Port-Priority

    The default port priority is 1. Command Mode Interface Configuration (Ethernet) mode Command Usage There are no user guidelines for this command. Example The following example defines the priority of Ethernet port 1/e6 as 247. interface ethernet Console(config)# 1/e6 lacp port-priority Console(config-if)#...

  • Page 457: Show Lacp Ethernet

    LACP Commands Command Mode Interface Configuration (Ethernet) mode Command Usage There are no user guidelines for this command. Example The following example assigns a long administrative LACP timeout to Ethernet port 1/e6 . interface ethernet Console(config)# 1/e6 lacp timeout long...

  • Page 458: Command Line Interface

    Oper number: port Admin priority: port Oper priority: port Oper timeout: LONG LACP Activity: PASSIVE Aggregation: AGGREGATABLE synchronization: FALSE collecting: FALSE distributing: FALSE expired: FALSE Port 1/e1 LACP Statistics: LACP PDUs sent: LACP PDUs received: Port 1/e1 LACP Protocol State:...

  • Page 459: Show Lacp Port-Channel

    Privileged EXEC mode command displays LACP information for a port-channel. Syntax [port_channel_number] show lacp port-channel Parameters • port_channel_number — Valid port-channel number. Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.
  • Page 460 Command Line Interface Example The following example displays LACP information about port-channel 1. show lacp port-channel Console# Port-Channel 1: Port Type 1000 Ethernet Actor System Priority: MAC Address: 00:02:85:0E:1C:00 Admin Key: Oper Key: Partner System Priority: MAC Address: 00:00:00:00:00:00 Oper Key:...

  • Page 461: Line Commands

    Identifies a specific line for configuration and enters the Line 4-437 Configuration command mode. speed Sets the line baud rate. To return to the default configuration, use 4-438 the no form of the command. autobaud Sets the line for automatic baud rate detection (autobaud). To...

  • Page 462: Speed

    Command Line Interface Command Usage There are no user guidelines for this command. Example The following example configures the device as a virtual terminal for remote console access. line telnet Console(config)# Console(config-line)# Related Commands show line speed speed Line Configuration mode command sets the line baud rate. To return to the default configuration, use the form of the command.

  • Page 463: Autobaud

    Console(config-line)# Related Commands show line exec-timeout Line Configuration mode command sets the interval that the exec-timeout system waits until user input is detected. To return to the default configuration, use form of this command. Syntax minutes [seconds] exec-timeout no exec-timeout Parameters •...

  • Page 464: History

    Line Configuration mode command configures the command history size history buffer size for a particular line. To reset the command history buffer size to the default configuration, use the form of this command.

  • Page 465: Terminal History

    To configure the command history buffer size for the current terminal session, use the User EXEC mode command. terminal history size Example The following example changes the command history buffer size to 100 entries for a particular line. Console(config-line)# history size 100 Related Commands history...

  • Page 466: Terminal History Size

    EXEC command configures the command history terminal history size buffer size for the current terminal session. To reset the command history buffer size to the default setting, use the form of this command.. Syntax...

  • Page 467: Show Line

    — Virtual terminal for remote console access (Telnet). telnet • — Virtual terminal for secured remote console access (SSH). Default Setting If the line is not specified, the default value is console. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.
  • Page 468 Command Line Interface Related Commands line speed autobaud exec-timeout history history size terminal historyterminal history size...

  • Page 469: Management Acl Commands

    Configures a management access list and enters the 4-445 access-list Management Access-list Configuration command mode. To delete an access list, use the no form of this command. permit Defines a permit rule. 4-446 (Management) deny (Management) Defines a deny rule.

  • Page 470: Permit (Management)

    Command Line Interface If you reenter an access list context, the new rules are entered at the end of the access list. Use the command to select the active access list. management access-class The active management list cannot be updated or removed.

  • Page 471: Deny (Management)

    • mask — A valid network mask of the source IP address. • prefix-length — Number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32) • service — Service type. Possible values:...

  • Page 472: Management Access-Class

    • mask — A valid network mask of the source IP address. • prefix-length — Specifies the number of bits that comprise the source mask IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0-32) • service — Service type. Possible values: telnet...

  • Page 473: Show Management Access-List

    Management ACL Commands (Range: 1-32 characters) If no access list is specified, an empty access list is used. Command Mode Global Configuration mode Command Usage There are no user guidelines for this command. Example The following example configures an access list called mlist as the management access list.

  • Page 474: Show Management Access-Class

    Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays information about the active management access list. show management access-class Console# Management access-class is enabled, using access list mlist Related Commands...

  • Page 475: Phy Diagnostics Commands

    Privileged EXEC mode Command Usage The port to be tested should be shut down during the test, unless it is a combination port with fiber port active. The maximum length of the cable for the TDR test is 120 meter.

  • Page 476: Show Copper-Ports Tdr

    This command has no default configuration. Command Mode User EXEC mode Command Usage The maximum length of the cable for the TDR test is 120 meter. Example The following example displays information on the last TDR test performed on all copper ports.

  • Page 477: Show Fiber-Ports Optical-Transceiver

    This command has no default configuration. Command Mode User EXEC mode Command Usage The port must be active and working in 100M or 1000M mode. Example The following example displays the estimated copper cable length attached to all ports. show copper-ports cable-length Console>...
  • Page 478 Output Power – Measured TX output power. Input Power – Measured RX received power. Tx Fault – Transmitter fault LOS – Loss of signal N/A - Not Available, N/S - Not Supported, W - Warning, E - Error show fiber-ports optical-transceiver detailed Console# Power Port...

  • Page 479: Port Channel Commands

    This command has no default configuration. Command Mode Global Configuration mode Command Usage Eight aggregated links can be defined with up to eight member ports per port-channel. The aggregated links’ valid IDs are 1-8. Example The following example enters the context of port-channel number 1.

  • Page 480: Channel-Group

    • — Forces the port to join a channel without an LACP operation. • — Allows the port to join a channel as a result of an LACP operation. auto Default Setting The port is not assigned to a port-channel.

  • Page 481: Show Interfaces Port-Channel

    Port Channel Commands Command Usage There are no user guidelines for this command. Example The following example forces port 1/e1 to join port-channel 1 without an LACP operation. interface ethernet Console(config)# 1/e1 channel-group mode on Console(config-if)# Related Commands show interfaces port-channel...

  • Page 482: Port Monitor Commands

    • An IP interface is not configured on the port. • GVRP is not enabled on the port. • The port is not a member of a VLAN, except for the default VLAN (will automatically be removed from the default VLAN).

  • Page 483: Show Ports Monitor

    Port Monitor Commands Example The following example copies traffic on port 1/e8 (source port) to port 1/e1 (destination port). interface ethernet Console(config)# 1/e1 port monitor Console(config-if)# 1/e8 Related Commands show ports monitor show ports monitor show ports monitor User EXEC mode command displays the port show ports monitor monitoring status.

  • Page 484: Power Over Ethernet Commands

    Adds a comment or description of the powered device type to 4-459 powered-device enable the user to remember what is attached to the interface. To remove the description, use the no form of this command. power inline priority Configures the inline power management priority of the interface.

  • Page 485: Power Inline Powered-Device

    Interface Configuration (Ethernet) mode power inline powered-device command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface. To remove the description, use form of this command.

  • Page 486: Power Inline Priority

    Command Line Interface power inline priority Interface Configuration (Ethernet) mode command power inline priority configures the inline power management priority of the interface. To return to the default configuration, use the form of this command. Syntax power inline priority {critical | high | low}...

  • Page 487: Power Inline Traps Enable

    Inline power traps are disabled. Command Mode Global Configuration mode Command Usage There are no user guidelines for this command. Example The following example enables inline power traps to be sent when a power usage threshold is exceeded. Console(config)# power inline traps enable...

  • Page 488: Show Power Inline

    Syntax interface] show power inline [ethernet Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.
  • Page 489 Powered Device Description of the powered device type. State Indicates if the port is enabled to provide power. Can be: Auto or Never. Priority The priority of the port from the point of view of inline power management. Can be: Critical, High or Low.
  • Page 490 Command Line Interface Absent Counter Counts the number of times power has been removed because powered device dropout was detected. Invalid Signature Counts the number of times an invalid signature of a powered device was Counter detected. Related Commands power inline...

  • Page 491: Qos Commands

    Creates a policy map and enters the Policy-map Configuration 4-472 mode. To delete a policy map, use the no form of this command. class Defines a traffic classification and enters the Policy-map Class 4-472 Configuration mode.
  • Page 492 Modifies the policed-DSCP map for remarking purposes. To return 4-487 policed-dscp to the default map, use the no form of this command. qos map Modifies the DSCP to CoS map. To return to the default map, use 4-488 dscp-queue the no form of this command. qos trust (Global) Configures the system to the basic mode and trust state.

  • Page 493: Show Qos

    Qos: basic Basic tust: dscp Related Commands class-map Global Configuration mode command creates or modifies a class create-map map and enters the Class-map Configuration mode. To delete a class map, use the form of this command. Syntax class-map class-map-name [ match-all...

  • Page 494: Show Class-Map

    ACLs, an error message is generated. Note: A class map in match-all mode cannot be configured if it contains both an IP ACL and a MAC ACL with an ether type that is not 0x0800.

  • Page 495: Match

    Command Usage There are no user guidelines for this command. Example The following example defines the match criterion for classifying traffic as an access group called Alcatel in a class map called class1.. Console (config)# class-map class1 Console (config-cmap)# match access-group alcatel...

  • Page 496: Policy-Map

    • policy-map-name — Specifies the name of the policy map. Default Setting If the packet is an IP packet, the DCSP value of the policy map is 0. If the packet is tagged, the CoS value is 0. Command Mode...

  • Page 497: Rate-Limit

    No policy map is defined. Command Mode Policy-map Configuration mode Command Usage Before modifying a policy for an existing class or creating a policy for a new class, use the policy-map Global Configuration mode command to specify the name of the policy map to which the policy belongs and to enter the Policy-map Configuration mode.

  • Page 498: Rate-Limit (Vlan)

    Traffic policing in a policy map have precedence over VLAN rate limiting. I.e. if a packet is subject to traffic policing in a policy map and is associated with a VLAN that is rate limited, the packet would be counted only in the traffic policing of the policy map.

  • Page 499: Trust Cos-Dscp

    Syntax trust cos-dscp no trust cos-dscp Default Setting The port is not in the trust mode. If the port is in trust mode, the internal DSCP value is derived from the ingress packet. Command Mode Policy-map Class Configuration mode...
  • Page 500 Command Line Interface Command Usage Action serviced to a class, so that if an IP packet arrives, the queue is assigned per DSCP. If a non-IP packet arrives, the queue is assigned per CoS (VPT). Example The following example configures the trust state for a class called class1 in a policy map called policy1.

  • Page 501: Police

    GE ports. The command does not function an FE port. Example The following example sets the dscp value in the packet to 56 for classes in in policy map called policy1. policy-map Console (config)#...

  • Page 502: Service-Policy

    The following example defines a policer for classified traffic. When the traffic rate exceeds 124,000 bps or the normal burst size exceeds 96000 bps, the packet is dropped. The class is called class1 and is in a policy map called policy1..
  • Page 503 An aggregate policer cannot be applied across multiple policy maps. This policer can also be used in Cascade police to make a cascade policer. An aggregate policer cannot be deleted if it is being used in a policy map. The Policy-map Class Configuration command must first be no police aggregate used to delete the aggregate policer from all policy maps.

  • Page 504: Show Qos Aggregate-Policer

    Command Line Interface exceeds 124,000 bps or the normal burst size exceeds 96000 bps, the packet is dropped.. qos aggregate-policer Console (config)# policer1 124000 96000 exceed-action drop Related Commands police show qos aggregate-policer police aggregate show qos aggregate-policer User EXEC mode command displays the show qos aggregate-policer aggregate policer parameter.

  • Page 505: Police Aggregate

    QoS Commands police aggregate Policy-map Class Configuration mode command applies an police aggregate aggregate policer to multiple classes within the same policy map. To remove an existing aggregate policer from a policy map, use the form of this command. Syntax...

  • Page 506: Priority-Queue Out Num-Of-Queues

    Weighted Round Robin (WRR) and Weighted Random Early Detection (WRED) parameters. It is recommended to specifically map a single VPT to a queue, rather than mapping multiple VPTs to a single queue. Use the...

  • Page 507: Traffic-Shape

    The CIR and the CBS will be applied to the specified port. queue-id Example The following example sets a shaper on Ethernet port 1/g1 when the average traffic rate exceeds 124000 bps or the normal burst size exceeds 96000 bps. interface ethernet...

  • Page 508: Show Qos Interface

    — Display quality of service (QoS) shapers information at the shapers interface leve. • rate limit — Display quality of service (QoS) rate-limit information at the interface leve. • ethernet interface-number — Specify port for which QoS information will be displayed.
  • Page 509 QoS Commands Notify Q depth Size Threshold Prob Prob Prob Weight...

  • Page 510: Qos Wrr-Queue Threshold

    0 is exceeded, packets with the corresponding DP are dropped until the threshold is no longer exceeded. However, packets assigned to threshold 1 or 2 continue to be queued and sent as long as the second or third threshold is not exceeded.

  • Page 511: Qos Map Dscp-Dp

    Parameters • dscp-list — Specifies up to 8 DSCP values separated by a space. • dp — Enter the Drop Precedence value to which the DSCP value corresponds. (Possible values are 0 - 2 where 2 is the highest Drop Precedence) •...

  • Page 512: Qos Map Dscp-Queue

    Command Line Interface Parameters • dscp- list — Specifies up to 8 DSCP values separated by a space. (Range: 0-63) • dscp-mark-down — Specifies the DSCP value to mark down. (Range: 0-63) Default Setting The default map is the Null map, which means that each incoming DSCP value is mapped to the same DSCP value.

  • Page 513: Qos Trust (Global)

    Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. When packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every device in the domain.

  • Page 514: Qos Trust (Interface)

    1/e15 Console(config-if) qos trust 3 qos cos Interface Configuration (Ethernet, port-channel) mode command qos cos defines the default CoS value of a port. To return to the default configuration, use the form of this command. Syntax default-cos qos cos Parameters •...

  • Page 515: Qos Dscp-Mutation

    Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage If the port is trusted, the default CoS value of the port is used to assign a CoS value to all untagged packets entering the port. Example The following example configures port 1/e15 default CoS value to 3.

  • Page 516: Qos Map Dscp-Mutation

    Command Mode Global Configuration mode. Command Usage This is the only map that is not globally configured. it is possible to have several maps and assign each one to different ports. Example The following example changes DSCP values 1, 2, 4, 5 and 6 to DSCP mutation...

  • Page 517: Show Qos Map

    Powered Device Description of the powered device type. State Indicates if the port is enabled to provide power. Can be: Auto or Never. Priority The priority of the port from the point of view of inline power management. Can be: Critical, High or Low.
  • Page 518 • policed-dscp — Displays the DSCP to DSCP remark table. • dscp-mutation — Displays the DSCP-DSCP mutation table. • service-type-cos — Displays the Service type to CoS map (Service mode only). • service-type-dscp — Displays the Service type to DSCP map (Service mode only).

  • Page 519: Radius Commands

    (Range: 1-158 characters) • auth-port-number — Port number for authentication requests. The host is not used for authentication if the port number is set to 0. (Range: 0-65535) • timeout — Specifies the timeout value in seconds. (Range: 1-30) • retries — Specifies the retransmit value. (Range: 1-10)
  • Page 520 0.0.0.0 is interpreted as request to use the IP address of the outgoing IP interface. • priority — Determines the order in which servers are used, where 0 has the highest priority. (Range: 0-65535) • type — Specifies the usage type of the server. Possible values: login dot.1x...

  • Page 521: Radius-Server Key

    Global Configuration mode command specifies the radius-server retransmit number of times the software searches the list of RADIUS server hosts. To reset the default configuration, use the form of this command.

  • Page 522: Radius-Server Source-Ip

    Global Configuration mode Command Usage There are no user guidelines for this command. Example The following example configures the number of times the software searches the list of RADIUS server hosts to 5 times. console(config)# radius-server retransmit 5 Related Commands...

  • Page 523: Radius-Server Timeout

    Global Configuration mode command sets the interval radius-server timeout during which the device waits for a server host to reply. To return to the default configuration, use the form of this command. Syntax timeout...

  • Page 524: Radius-Server Deadtime

    Syntax deadtime radius-server deadtime no radius-server deadtime Parameters • deadtime — Length of time in minutes during which a RADIUS server is skipped over by transaction requests. (Range: 0 - 2000) Default Setting The deadtime setting is 0. Command Mode...

  • Page 525: Show Radius-Servers

    Syntax show radius-servers Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays RADIUS server settings. show radius-servers Console# TimeOu Retransm DeadTim...
  • Page 526 Command Line Interface radius-server source-ip radius-server timeout radius-server deadtime...

  • Page 527: Rmon Commands

    Displays the alarms table. 4-511 alarm-table show rmon alarm Displays alarm configuration. 4-512 rmon event Configures an event. To remove an event, use the no form of this 4-514 command. show rmon events Displays the RMON event table. 4-514 show rmon log Displays the RMON log table.
  • Page 528 The total number of packets received less than 64 octets in length (excluding framing bits but including FCS octets) and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).

  • Page 529: Rmon Collection History

    The total number of packets received longer than 1632 octets (excluding framing bits, but including FCS octets), and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).

  • Page 530: Show Rmon Collection History

    Cannot be configured for a range of interfaces (range context). Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on Ethernet port 1/e1 with index number 1 and a polling interval period of 2400 seconds. interface ethernet...

  • Page 531: Show Rmon History

    Syntax index { seconds] show rmon history throughput errors | other period Parameters • index — Specifies the requested set of samples. (Range: 1 - 65535) • — Indicates throughput counters. throughput • errors — Indicates error counters. • — Indicates drop and collision counters.
  • Page 532 Command Line Interface Examples The following examples displays RMON Ethernet history statistics for index 1. show rmon history throughput Console> Sample Set: 1 Owner: CLI Interface: 1/e1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time...
  • Page 533 Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval.

  • Page 534: Rmon Alarm

    FCS with a non-integral number of octets (Alignment Error). Dropped The total number of events in which packets were dropped by the probe due to lack of resources during this sampling interval. This number is not necessarily the number of packets dropped, it is just the number of times this condition has been detected.

  • Page 535: Show Rmon Alarm-Table

    RMON Commands - If the first sample (after this entry becomes valid) is greater than or equal to rthreshold and direction is equal to , a single rising rising rising-falling alarm is generated. If the first sample (after this entry becomes valid) is less...

  • Page 536: Show Rmon Alarm

    User EXEC mode command displays alarm configuration. show rmon alarm Syntax number show rmon alarm Parameters • number — Specifies the alarm index. (Range: 1 - 65535) Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage...
  • Page 537 Startup Alarm The alarm that may be sent when this entry is first set. If the first sample is greater than or equal to the rising threshold, and startup alarm is equal to rising or rising and falling, then a single rising alarm is generated.

  • Page 538: Rmon Event

    This command has no default configuration. Command Mode Global Configuration mode Command Usage is specified as the notification type, an entry is made in the log table for each event. If is specified, an SNMP trap is sent to one or more trap management stations.

  • Page 539: Show Rmon Log

    The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event. In the case of trap, an SNMP trap is sent to one or more management stations.
  • Page 540 Command Line Interface Syntax [event] show rmon log Parameters • event — Specifies the event index. (Range: 0 - 65535) Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.

  • Page 541: Rmon Table-Size

    RMON Commands Related Commands rmon alarm rmon table-size Global Configuration mode command configures the maximum rmon table-size size of RMON tables. To return to the default configuration, use the form of this command. Syntax rmon table-size history entries | entries}...

  • Page 542: Snmp Commands

    Defines the SNMP MIB value. 4-531 show snmp Displays the SNMP status. 4-531 show snmp engineid Displays the ID of the local Simple Network Management Protocol 4-533 (SNMP) engine. show snmp views Displays the configuration of views. 4-534 show snmp groups Displays the configuration of groups.

  • Page 543: Snmp-Server Community

    SNMP Commands snmp-server community The snmp-server community Global Configuration mode command configures the community access string to permit access to the SNMP protocol. To remove the specified community string, use the form of this command. Syntax community [ ] [ip-address][...

  • Page 544: Snmp-Server View

    [oid-tree] no snmp-server view Parameters • view-name — Specifies the label for the view record that is being created or updated. The name is used to reference the record. (Range: 1-30 characters) • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view.

  • Page 545: Snmp-Server Group

    SNMP Version 3 security model. • readview — Specifies a string that is the name of the view that enables only viewing the contents of the agent. If unspecified, all objects except for the community-table and SNMPv3 user and access tables are available.

  • Page 546: Snmp-Server User

    There are no user guidelines for this command. Example The following example attaches a group called user-group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view called user-view. snmp-server group v3 priv read...

  • Page 547: Snmp-Server Engineid Local

    When a Privileged EXEC mode command is entered, a show running-config line for this user will not be displayed. To see if this user has been added to the configuration, type the Privileged EXEC mode show snmp users command.
  • Page 548 If SNMPv3 is enabled using this command, and the default is specified, the default engine ID is defined per standard as: • First 4 octets — first bit = 1, the rest is IANA Enterprise number = 674. • Fifth octet — set to 3 to indicate the MAC address that follows.

  • Page 549: Snmp-Server Enable Traps

    Related Commands show snmp engineid snmp-server enable traps The snmp-server enable traps Global Configuration mode command enables the device to send SNMP traps. To disable SNMP traps, use the no form of the command. Syntax snmp-server enable traps no snmp-server enable traps Default Setting SNMP traps are enabled.

  • Page 550: Snmp-Server Host

    Example The following example creates a filter that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group. snmp-server filter included...
  • Page 551 • — Indicates that SNMPv2 traps will be used. If • port — Specifies the UDP port of the host to use. If unspecified, the default UDP port number is 162. (Range:1-65535) • filtername — Specifies a string that defines the filter for this host. If unspecified, nothing is filtered.

  • Page 552: Snmp-Server V3-Host

    — Indicates authentication of a packet with encryption. priv • port — Specifies the UDP port of the host to use. If unspecified, the default UDP port number is 162. (Range: 1-65535) • filtername — Specifies a string that defines the filter for this host. If unspecified, nothing is filtered.

  • Page 553: Snmp-Server Trap Authentication

    Related Commands show snmp snmp-server trap authentication Global Configuration mode command enables snmp-server trap authentication the device to send SNMP traps when authentication fails. To disable SNMP failed authentication traps, use the form of this command. Syntax snmp-server trap authentication...

  • Page 554: Snmp-Server Location

    This command has no default configuration. Command Mode Global Configuration mode Command Usage Do not include spaces in the text string or place text that includes spaces inside quotation marks. Example The following example configures the system contact point called...

  • Page 555: Snmp-Server Set

    • name value — List of name and value pairs. In the case of scalar MIBs, only a single pair of name values. In the case of an entry in a table, at least one pair of name and value followed by one or more fields.
  • Page 556 Command Line Interface Command Usage There are no user guidelines for this command. Example The following example displays the SNMP communications status. show snmp Console# Communit Community-Ac View name y-String cess address -------- ---------- --------- ------- public read only user-view...

  • Page 557: Show Snmp Engineid

    System Location: Marketing The following table describes significant fields shown above. Field Description Community-string Community access string to permit access to the SNMP protocol. Community-access Type of access - read-only, read-write, super access IP Address Management station IP Address. Trap-Rec-Address...

  • Page 558: Show Snmp Views

    Syntax viewname show snmp views [ Parameters • viewname — Specifies the name of the view. (Range: 1-30) Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.

  • Page 559: Show Snmp Groups

    Authentication of a packet with encryption. Applicable only to the SNMP v3 security model. Views Read Name of the view that enables only viewing the contents of the agent. If unspecified, all objects except the community-table and SNMPv3 user and access tables are available.

  • Page 560: Show Snmp Filters

    Write Name of the view that enables entering data and managing the contents of the agent. Notify Name of the view that enables specifying an inform or a trap. Related Commands snmp-server group show snmp filters Privileged EXEC mode command displays the configuration show snmp filters of filters.
  • Page 561 SNMP Commands Syntax username show snmp users [ Parameters • username—Specifies the name of the user. (Range: 1-30) Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.

  • Page 562: Spanning-Tree Commands

    4-544 disable on a port, use the no form of this command. spanning-tree costt Configures the spanning tree path cost for a port. To return to the 4-545 default configuration, use the no form of this command. spanning-tree Configures port priority. To return to the default configuration, use...

  • Page 563: Spanning-Tree

    Configures the number of hops in an MST region before the BPDU 4-552 max-hops is discarded and the port information is aged out. To return to the default configuration, use the no form of this command. spanning-tree mst Configures port priority for the specified MST instance. To return...

  • Page 564: Spanning-Tree Mode

    Global Configuration mode Command Usage In RSTP mode, the device uses STP when the neighbor device uses STP. In MSTP mode, the device uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP.

  • Page 565: Spanning-Tree Forward-Time

    Global Configuration mode command configures spanning-tree forward-time the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. To return to the default configuration, use the form of this command.

  • Page 566: Spanning-Tree Hello-Time

    Global Configuration mode command configures the spanning-tree hello-time spanning tree bridge hello time, which is how often the device broadcasts hello messages to other devices.To return to the default configuration, use the form of this command.

  • Page 567: Spanning-Tree Max-Age

    Spanning-Tree Commands spanning-tree link-type show spanning-tree spanning-tree max-age Global Configuration mode command configures the spanning-tree max-age spanning tree bridge maximum age. To return to the default configuration, use the form of this command. Syntax seconds spanning-tree max-age no spanning-tree max-age Parameters •...

  • Page 568: Spanning-Tree Priority

    Global Configuration mode command configures the spanning-tree priority spanning tree priority of the device. The priority value is used to determine which bridge is elected as the root bridge. To return to the default configuration, use the form of this command. Syntax...

  • Page 569: Spanning-Tree Cost

    Interface Configuration mode command configures the spanning-tree cost spanning tree path cost for a port. To return to the default configuration, use the form of this command. Syntax cost spanning-tree cost no spanning-tree cost Parameters •...

  • Page 570: Spanning-Tree Port-Priority

    Command Line Interface Default Setting Default path cost is determined by port speed and path cost method (long or short) as shown below: Interface Long Short Port-channel 20,000 Gigabit Ethernet (1000 Mbps) 20,000 Fast Ethernet (100 Mbps) 200,000 Ethernet (10 Mbps)

  • Page 571: Spanning-Tree Portfast

    Spanning-Tree Commands no spanning-tree port-priority Parameters • priority — The priority of the port. (Range: 0 - 240 in multiples of 16) Default Setting The default port priority for IEEE Spanning TreeProtocol (STP) is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines for this command.

  • Page 572: Spanning-Tree Link-Type

    Otherwise, an accidental topology loop could cause a data packet loop and disrupt device and network operations. An interface with PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting the standard forward-time delay.

  • Page 573: Spanning-Tree Pathcost Method

    — Indicates that the port link type is shared. shared Default Setting The device derives the port link type from the duplex mode. A full-duplex port is considered a point-to-point link and a half-duplex port is considered a shared link.

  • Page 574: Spanning-Tree Bpdu

    — When Spanning Tree is globally disabled, untagged or tagged bridging BPDU packets are flooded, and are subject to ingress and egress VLAN rules. This mode is not relevant if Spanning Tree is disabled only on a group of ports. Default Setting The default setting is flooding.

  • Page 575: Clear Spanning-Tree Detected-Protocols

    This command has no default configuration. Command Modes Privileged EXEC mode Command Usage This feature should be used only when working in RSTP or MSTP mode. Example The following example restarts the protocol migration process on Ethernet port 1/ e11.

  • Page 576: Spanning-Tree Mst Max-Hops

    The default bridge priority for IEEE Spanning Tree Protocol (STP) is 32768. Command Mode Global Configuration mode Command Usage The device with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096. spanning-tree mst...

  • Page 577: Spanning-Tree Mst Port-Priority

    Spanning-Tree Commands Parameters • hop-count — Number of hops in an MST region before the BPDU is discarded. (Range: 1-40) Default Setting The default number of hops is 20. Command Mode Global Configuration mode Command Usage There are no user guidelines for this command.

  • Page 578: Spanning-Tree Mst Cost

    Command Line Interface (Range: 1-Product Specific upper limit) • priority — The port priority. (Range: 0 - 240 in multiples of 16) Default Setting The default port priority for IEEE Multiple Spanning Tree Protocol (MSTP) is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines for this command.
  • Page 579 Command Modes Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines for this command. Example The following example configures the MSTP instance 1 path cost for Ethernet port 1/ e9 to 4. interface ethernet Console(config) # 1/e9...

  • Page 580: Spanning-Tree Mst Configuration

    Command Line Interface spanning-tree mst configuration Global Configuration mode command enables spanning-tree mst configuration configuring an MST region by entering the Multiple Spanning Tree (MST) mode. Syntax spanning-tree mst configuration Default Setting This command has no default configuration. Command Mode...
  • Page 581 (CIST) instance (instance 0) and cannot be unmapped from the CIST. For two or more devices to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name.

  • Page 582: Name (Mst)

    Command Line Interface name (mst) Configuration mode command defines the configuration name. To name MST return to the default setting, use the no form of this command. Syntax string name no name Parameters • string — MST configuration name. Case-sensitive (Range: 1-32 characters).

  • Page 583: Show (Mst)

    The default configuration revision number is 0. Command Mode MST Configuration mode Command Usage There are no user guidelines for this command. Example The following example sets the configuration revision to 1. spanning-tree mst configuration Console(config) # revision Console(config-mst) # Related Commands...
  • Page 584 Default Setting This command has no default configuration. Command Mode MST Configuration mode Command Usage The pending MST region configuration takes effect only after exiting the MST configuration mode. Example The following example displays a pending MST region configuration. show pending...

  • Page 585: Exit (Mst)

    This command has no default configuration. Command Mode MST Configuration mode Command Usage There are no user guidelines for this command. Example The following example exits the MST configuration mode and saves changes. spanning-tree mst configuration Console(config) # exit Console(config-mst) # Related Commands...

  • Page 586: Spanning-Tree Guard Root

    Root guard prevents the interface from becoming the root port of the device. To disable root guard on the interface, use the form of this command.

  • Page 587: Spanning-Tree Bpduguard

    PortFast mode) or disabled. dot1x bpdu Use the dot1x bpdu global configuration command to define 802.1x BPDU handling when 802.1x is globally disabled. Use the no form of this command to return to default. Syntax...

  • Page 588: Show Dot1X Bpdu

    802.1X is enabled on the ingress port, or discarded in all other cases. This feature enables to bridge 802.1X BPDUs packets as data packets. The feature can be enabled only when 802.1X is globally disabled (by the no dot1x system-auth-control global configuration command). If the port is disabled for 802.1X but 802.1X is enabled globally, 802.1X BPDUs would...
  • Page 589 • — Indicates the MST configuration identifier. mst-configuration • instance-id — Specifies the ID of the spanning tree instance (The range lower limit is 0. The upper limit is product-specific). Default Setting This command has no default configuration. Command Mode...
  • Page 590 128.4 20000 ALTN Shared (STP) 1/e5 Enabled 128.5 20000 how spanning-tree Console# s Spanning tree enabled mode RSTP Default port cost method: long Root Priority 36864 Address 00:02:4b:29:7a:00 This switch is the root. Hello Time 2 sec Max Age 20...
  • Page 591 Spanning-Tree Commands 1/e5 Enabled 128.5 20000 Console# show spanning-tree Spanning tree disabled (BPDU filtering) mode RSTP Default port cost method: long Root Priority Address Path Cost Root Port Hello Time N/A Max Age N/A Forward Delay N/A Brid Priority 36864...
  • Page 592 Command Line Interface show spanning-tree active Console# Spanning tree enabled mode RSTP Default port cost method: long Root Priority 32768 Address 00:01:42:97:e0:00 Path 20000 Cost Root 1 (1/ Port Hello Time 2 sec Max Age 20 Forward Delay 15 sec...
  • Page 593 Spanning-Tree Commands show spanning-tree blockedports Console# Spanning tree enabled mode RSTP Default port cost method: long Root Priority 32768 Address 00:01:42:97:e0:00 Path 20000 Cost Root 1 (1/ Port Hello Time 2 sec Max Age 20 Forward Delay 15 sec Brid...
  • Page 594 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Time hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/e1) enabled...
  • Page 595 Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 3 (1/e3) disabled State: N/A Role: N/A Port id: 128.3...
  • Page 596 Command Line Interface Number of transitions to forwarding state: N/A BPDU: sent N/A, received N/A Console# show spanning-tree ethernet 1/e1 Port 1 (1/e1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) RSTP Port Fast: No (configured:no)
  • Page 597 Hello Time 2 sec Max Age 20 Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:29 :7a:00 This switch is the IST master. Hello Time 2 sec Max Age 20 Forward Delay 15 sec Max hops Interfaces Name State Prio.Nbr...
  • Page 598 Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:29 :7a:00 This switch is the IST master. Hello Time 2 sec Max Age 20 Forward Delay 15 sec Max hops Number of topology changes 2 last change occurred 2d18h...
  • Page 599 Spanning-Tree Commands Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/e1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) Boundary RSTP Port Fast: No (configured:no)
  • Page 600 Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/e1) enabled State: Forwarding Role: Boundary Port id: 128.1...
  • Page 601 Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 3 (1/e3) disabled State: Blocking Role: Alternate Port id: 128.3...
  • Page 602 Console# Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 This switch is root for CST and IST master. Root 1 (1/ Port...
  • Page 603 Spanning-Tree Commands Hello Time 2 sec Max Age 20 Forward Delay 15 sec Max hops Related Commands spanning-tree spanning-tree mode spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree priority spanning-tree disable spanning-tree cost spanning-tree port-priority spanning-tree portfast spanning-tree link-type spanning-tree pathcost method...

  • Page 604: Ssh Commands

    Syntax port-number ip ssh port no ip ssh port Parameters • port-number — Port number for use by the SSH server (Range: 1 - 65535). Default Setting The default port number is 22. Command Mode Global Configuration mode...

  • Page 605: Ip Ssh Server

    SSH Commands Command Usage There are no user guidelines for this command. Example The following example specifies the port to be used by the SSH server as 8080. Console(config)# ip ssh port 8080 Related Commands ip ssh server show ip ssh...

  • Page 606: Crypto Key Generate Rsa

    Command Usage DSA keys are generated in pairs: one public DSA key and one private DSA key. If the device already has DSA keys, a warning and prompt to replace the existing keys with new keys are displayed. This command is not saved in the device configuration; however, the keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up on another device.

  • Page 607: Ip Ssh Pubkey-Auth

    Command Usage RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys are displayed. This command is not saved in the device configuration; however, the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another device.

  • Page 608: Crypto Key Pubkey-Chain Ssh

    Global Configuration mode command enters the crypto key pubkey-chain ssh SSH Public Key-chain Configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys. Syntax crypto key pubkey-chain ssh Default Setting No keys are specified.

  • Page 609: User-Key

    SSH Public Key-string Configuration mode command specifies which user-key SSH public key is manually configured. To remove an SSH public key, use the form of this command. Syntax username { user-key...

  • Page 610: Key-String

    Command Usage Follow this command with the SSH Public Key-String Configuration key-string mode command to specify the key. Example The following example enables manually configuring an SSH public key for SSH public key-chain crypto key pubkey-chain ssh Console(config)# user-key Console(config-pubkey-chain)#...

  • Page 611: Show Ip Ssh

    Use the SSH Public Key-string Configuration mode command key-string row to specify the SSH public key row by row. Each row must begin with a command. This command is useful for configuration files. key-string row Example...

  • Page 612: Show Crypto Key Mypubkey

    Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated.

  • Page 613: Show Crypto Key Pubkey-Chain Ssh

    Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the SSH public RSA keys on the device. show crypto key mypubkey rsa Console# RSA key data: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22...
  • Page 614 This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Examples The following example displays SSH public keys stored on the device. show crypto key pubkey-chain ssh Console# Username Fingerprint --------...

  • Page 615: Syslog Commands

    Limits syslog messages displayed from an internal buffer based 4-594 on severity. To cancel using the buffer, use the no form of this command. logging buffered Changes the number of syslog messages stored in the internal...

  • Page 616: Logging

    Global Configuration mode command logs messages to a syslog logging server. To delete the syslog server with the specified address from the list of syslogs, use the form of this command. Syntax {ip-address | hostname} [...

  • Page 617: Logging Console

    Global Configuration mode Command Usage Up to 8 syslog servers can be used. If no specific severity level is specified, the global values apply to each server. Example The following example limits logged messages sent to the syslog server with IP address 10.1.1.1 to severity level...

  • Page 618: Logging Buffered

    Related Commands logging show logging logging buffered Global Configuration mode command limits syslog messages logging buffered displayed from an internal buffer based on severity. To cancel using the buffer, use form of this command. Syntax level logging buffered no logging buffered Parameters •...

  • Page 619: Logging Buffered Size

    Syslog Commands logging buffered size Global Configuration mode command changes the logging buffered size number of syslog messages stored in the internal buffer. To return to the default configuration, use the form of this command. Syntax number logging buffered size...

  • Page 620: Logging File

    Global Configuration mode command limits syslog messages sent logging file to the logging file based on severity. To cancel using the buffer, use the form of this command. Syntax level logging file no logging file Parameters •...

  • Page 621: Clear Logging File

    — Indicates logging messages related to successful login events, login unsuccessful login events and other login-related events Default Setting Logging AAA login events is enabled. Command Mode Global Configuration mode Command Usage Other types of AAA events are not subject to this command.

  • Page 622: File-System Logging

    Command Line Interface Example The following example enables logging messages related to AAA login events. aaa logging login Console(config)# Related Commands show logging file-system logging Global Configuration mode command enables logging file file-system logging system events. To disable logging file system events, use the form of this command.

  • Page 623: Show Logging

    Logging management ACL events is enabled. Command Mode Global Configuration mode Command Usage Other types of management ACL events are not subject to this command. Example The following example enables logging messages related to deny actions of management ACLs. management logging deny...
  • Page 624 Command Line Interface Example The following example displays the state of logging and the syslog messages stored in the internal buffer. show logging Console# Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max.

  • Page 625: Show Logging File

    Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the logging state and the syslog messages stored in the logging file. show logging file Console# Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity).

  • Page 626: Logging Console

    11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/2, changed state to up 11-Aug-2004 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/3, changed state to up 11-Aug-2004 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2004 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up 11-Aug-2004 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface...

  • Page 627: Show Syslog-Servers

    This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the settings of the syslog servers. show syslog-servers Console# Device Configuration IP address Port...

  • Page 628: System Management Commands

    • ip-address — IP address to ping. • hostname — Host name to ping. (Range: 1-158 characters) • packet_size — Number of bytes in a packet. The actual packet size is eight bytes larger than the specified size specified because the device adds...
  • Page 629 System Management Commands • packet_count — Number of packets to send. If 0 is entered, it pings until stopped. (Range: 0-65535 packets) • time_out — Timeout in milliseconds to wait for each reply. (Range: 50 - 65535 milliseconds) Default Setting Default packet size is 56 bytes.

  • Page 630: Traceroute

    • packet_count — The number of probes to be sent at each TTL level. (Range:1-10) • time_out — The number of seconds to wait for a response to a probe packet. (Range:1-60) • ip-address — One of the device’s interface addresses to use as a source address for the probes.
  • Page 631 (TTL) value. traceroute command starts by sending probe datagrams with a TTL value of one. This causes the first device to discard the probe datagram and send back an error message. The command sends several probes at traceroute each TTL level and displays the round-trip time for each.

  • Page 632: Telnet

    • ip-address — IP address of the destination host. • hostname — Host name of the destination host. (Range: 1-158 characters) • port — A decimal TCP port number, or one of the keywords listed in the Ports table in the Command Usage.
  • Page 633 At any time during an active Telnet session, Telnet commands can be listed by pressing the Ctrl-shift-6-? keys at the system prompt. A sample of this list follows. Note that the Ctrl-shift-6 sequence appears as ^^ on the screen. Console> ‘Ctrl-shift-6’ ?
  • Page 634 Command Line Interface /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to-UNIX Copy Program (UUCP) and other non-Telnet protocols.

  • Page 635: Resume

    World Wide Web This command lists concurrent telnet connections to remote hosts that were opened by the current telnet session to the local device. It does not list telnet connections to remote hosts that were opened by other telnet sessions.

  • Page 636: Reload

    Privileged EXEC mode Command Usage Caution should be exercised when resetting the device, to ensure that no other activity is being performed. In particular, the user should verify that no configuration files are being downloaded at the time of reset. Example The following example reloads the operating system.

  • Page 637: Stack Master

    Command Usage The following algorithm is used to select a unit as the master: • If only one master-enabled unit is in the stack (1 or 2), it becomes the master. • If a unit configured as a forced master, it becomes the master.

  • Page 638: Stack Reload

    Command Line Interface • If both forced master units have the same up-time, Unit 1 is elected. Example The following example selects Unit 2 as the stack master. stack master unit Console(config)# Related Commands stack reload stack display-order show stack...

  • Page 639: Show Stack

    Command Modes Global Configuration mode Command Usage If the units are not adjacent in ring or chain topology, the units are not at the edge and the default display order is used. Example This example displays unit 8 at the top of the display and unit 1 at the bottom.
  • Page 640 Slave 00:00:b0:87:12:13 1.0.0.0 Enabled Master 00:00:b0:87:12:14 1.0.0.0 Slave 00:00:b0:87:12:15 1.0.0.0 Slave 00:00:b0:87:12:16 1.0.0.0 Slave Configured order: Unit 1 at Top, Unit 2 at bottom show stack Console> Unit Address Software Master Uplink Downlink Status ---- ----------------- -------- ------ ------ --------...

  • Page 641: Show Users

    System Management Commands Related Commands stack master stack reload stack display-order show users User EXEC mode command displays information about the active show users users. Syntax show users Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.

  • Page 642: Show System

    The following table describes significant fields shown above. Field Description Connection Connection number. Host Remote host to which the device is connected through a Telnet session. Address IP address of the remote host. Port Telnet TCP port number Byte Number of unread bytes for the user to see on the connection.

  • Page 643: Show Version

    Syntax unit] show version unit Parameters • unit — Specifies the number of the unit. (Range: 1-6) Default Setting This command has no default configuration. Command Mode User EXEC mode Command Usage There are no user guidelines for this command.

  • Page 644: Service Cpu-Utilization

    1.0.0.0 2.178 1.0.0 Related Commands service cpu-utilization service cpu-utilization Global Configuration mode command enables service cpu-utilization measuring CPU utilization. To return to the default configuration, use the form of this command. Syntax service cpu-utilization no service cpu-utilization Default Setting Disabled.

  • Page 645: Show Cpu Utilization

    Global Configuration mode command to enable service cpu-utilization measuring CPU utilization. Example The following example displays information about CPU utilization. show cpu utilization Console# CPU utilization service is on. CPU utilization -------------------------------------------------- five seconds: 5%; one minute: 3%; five minutes: 3%...

  • Page 646: Tacacs-Server Host

    • — Indicates a single-connection. Rather than have the single-connection device open and close a TCP connection to the daemon each time it must communicate, the single-connection option maintains a single open connection between the device and the daemon. • port-number — Specifies a server port number. (Range: 0 - 65535) •...

  • Page 647: Tacacs-Server Key

    TACACS+ Commands interface. • priority — Determines the order in which the TACACS+ servers are used, where 0 is the highest priority. (Range: 0 - 65535) Default Setting No TACACS+ host is specified. If no port number is specified, default port number 49 is used.

  • Page 648: Tacacs-Server Timeout

    Global Configuration mode command sets the interval tacacs-server timeout during which the device waits for a TACACS+ server to reply. To return to the default configuration, use the form of this command. Syntax tacacs-server timeout...

  • Page 649: Tacacs-Server Source-Ip

    The tacacs-server source-ip Global Configuration mode command configures the source IP address to be used for communication with TACACS+ servers. To return to the default configuration, use the form of this command. Syntax source...
  • Page 650 Command Line Interface Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays configuration and statistical information about a TACACS+ server. show tacacs Console# Device Configuration -------------------- Status Port Single...

  • Page 651: Switchport Customer Vlan

    The switchport customer vlan Interface Configuration (Ethernet, port-channel) mode command sets the port's VLAN when the interface is in customer mode. To restore the default configuration, use the no form of this command. Syntax switchport customer vlan vlan-id...

  • Page 652: Ip Igmp Snooping Map Cpe Vlan

    Use this command to associate CPE VLAN to a multicast-TV VLAN. If an IGMP message is received on a customer port tagged with a CPE VLAN, and there is a mapping from that CPE VLAN to a multicast-TV VLAN, the...

  • Page 653: Show Ip Igmp Snooping Cpe Vlans

    Triple Play Commands Example The following example maps an internal CPE VLAN number 4 to the Multicast TV VLAN number 300. Console (config)# ip igmp snooping map cpe vlan 4 multicast-tv vlan 300 Related Commands switchport customer multicast-tv vlan show ip igmp snooping cpe vlans...

  • Page 654: Default Configuration

    IGMP snooping querier version admin: 3 IGMP snooping querier version oper: 2 IGMP host timeout is 300 sec IGMP Immediate leave is disabled. IGMP leave timeout is 10 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enabled...

  • Page 655: Dhcp Snooping, Ip Source Guard And Arp Inspection Commands

    Use the ip dhcp snooping verify global configuration command to 4-635 verify configure the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. ip dhcp snooping...

  • Page 656: Ip Dhcp Snooping

    ARP binding list. ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. To return to the default configuration, use the no form of this command. Syntax ip dhcp snooping...

  • Page 657: Ip Dhcp Snooping Vlan

    Console # (config)# ip dhcp snooping vlan The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN. To disable DHCP snooping on a VLAN, use the no form of this command. Syntax ip dhcp snooping vlan vlan-id...

  • Page 658: Ip Dhcp Snooping Trust

    Command Line Interface ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration (Ethernet, Port-channel) mode command configures a port as trusted for DHCP snooping purposes. To return to the default configuration, use the no form of this command. Syntax...

  • Page 659: Ip Dhcp Information Option

    The ip dhcp snooping verify Global Configuration mode command configures the switch to verify, on an untrusted port, that the source MAC address in a DHCP packet matches the client hardware address. To configure the switch to not verify the MAC addresses, use the no form of this command.

  • Page 660: Ip Dhcp Snooping Database

    Console # (config)# ip dhcp snooping verify Console # (config)# ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file. To delete the binding file, use the no form of this command. Syntax ip dhcp snooping database...

  • Page 661: Ip Dhcp Snooping Binding

    The ip dhcp snooping binding Privileged EXEC mode command configures the DHCP snooping binding database and adds binding entries to the database. To delete entries from the binding database, use the no form of this command. Syntax ip dhcp snooping binding mac-address vlan-id ip-address {ethernet...

  • Page 662: Clear Ip Dhcp Snooping Database

    Command Line Interface User Guidelines After entering this command an entry would be added to the DHCP snooping database. If DHCP snooping binding file exists, the entry would be added to that file also. The entry would be displayed in the show commands as a “DHCP Snooping entry”.

  • Page 663: Show Ip Dhcp Snooping Binding

    Trusted ---------------------- ---------------------- show ip dhcp snooping binding The show ip dhcp snooping binding User EXEC mode command displays the DHCP snooping binding database and configuration information for all interfaces on a switch. Syntax show ip dhcp snooping binding [mac-address mac-address] [ip-address...

  • Page 664: Ip Source-Guard (Interface)

    (s) 3 1/22 ip source-guard (global) The ip source-guard Global Configuration mode command globally enables the IP source guard. To disable IP source guard, use the no form of this command. Syntax ip source-guard no ip source-guard Default Configuration IP source guard is disabled.

  • Page 665: Ip Source-Guard Binding

    Console # (config-if)# ip source-guard binding The ip source-guard binding Global Configuration mode command configures the static IP source bindings on the switch. To delete static bindings, use the no form of this command. Syntax ip source-guard binding mac-address vlan-id ip-address {ethernet interface...

  • Page 666: Ip Source-Guard Tcam Retries-Freq

    Command Line Interface Example The following example configures the static IP source bindings on the switch for port 1/e16. Console # (config)# ip source-guard binding 00:60:70:4C:73:FF 1 10.6.22.195 ethernet 1/e16 Console # (config)# ip source-guard tcam retries-freq The ip source-guard tcam retries-freq Global Configuration mode command configures the frequency of retries for TCAM resources for inactive IP source guard addresses.

  • Page 667: Ip Source-Guard Tcam Locate

    (TCAM) resources, there may be situations where IP source guard addresses are inactive because of lack of TCAM resources. By default, every minute the software conducts a search for available space in the TCAM for the inactive IP source guard addresses.

  • Page 668: Show Ip Source-Guard Inactive

    1/23 Active Deny All 1/24 Active 10.1.8.218 0060.704C. Static 7BAC 1/32 Inactive 10.1.8.32 0060.704C. DHCP 83FF show ip source-guard inactive The show ip source-guard inactive EXEC mode command displays the IP source guard inactive addresses. Syntax show ip source-guard inactive...

  • Page 669: Ip Arp Inspection

    (TCAM) resources, there may be situations where IP source guard addresses are inactive because of lack of TCAM resources. By default, every minute the software conducts a search for available space in the TCAM for the inactive IP source guard addresses.

  • Page 670: Ip Arp Inspection Vlan

    The following example globally enables the ARP inspection. Console # (config)# ip arp inspection Console # (config)# 01-Jan-2000 23:07:53 %ARPINSP-I-PCKTLOG: ARP packet dropped from port g3 with VLAN tag 1 and reason: packet verification failed SRC MAC 00:00:5e:00:01:07 SRC IP 10.6.22.193 DST MAC 00:00:00:00:00:00 DST IP 10.6.22.195...

  • Page 671: Ip Arp Inspection Validate

    Command Mode Interface Configuration (Ethernet, Port-channel) mode User Guidelines The switch does not check ARP packets, which are received on the trusted interface; it simply forwards the packets. For untrusted interfaces, the switch intercepts all ARP requests and responses. It verifies that the intercepted packets have valid IP-to-MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination.

  • Page 672: Ip Arp Inspection List Create

    The ip arp inspection list create Global Configuration mode command creates a static ARP binding list and to enter the ARP list configuration mode. To delete the list, use the no form of this command.

  • Page 673: Ip Arp Inspection List Assign

    Console(config-ARP-list)# ip 172.16.1.2 mac 0060.704C.7322 ip arp inspection list assign The ip arp inspection list assign Global Configuration mode command assigns static ARP binding lists to a VLAN. To delete the assignment, use the no form of this command. Syntax...

  • Page 674: Ip Arp Inspection Logging Interval

    The ip arp inspection logging interval Global Configuration mode command configures the minimal interval between successive ARP SYSLOG messages. To return to the default configuration, use the no form of this command. Syntax ip arp inspection logging interval {seconds | infinite}...

  • Page 675: Show Ip Arp Inspection List

    Syslog messages interval: 5 seconds Interface Trusted ----------- ----------- show ip arp inspection list The show ip arp inspection list Priviledged EXEC mode command displays the static ARP binding list. Syntax show ip arp inspection list Default Configuration This command has no default configuration.

  • Page 676: User Interface Commands

    Changes a login username. 4-654 configure Enters the Global Configuration mode.t 4-655 exit (Configuration) Exits any configuration mode to the next highest mode in the CLI 4-655 mode hierarchy. Configur ation Modes exit Closes an active terminal session by logging off the device.

  • Page 677: Enable

    User EXEC mode command enters the Privileged EXEC mode. enable Syntax enable [privilege-level] Parameters • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Setting The default privilege level is 15. Command Mode User EXEC mode Command Usage...

  • Page 678: Disable

    Privileged EXEC mode command returns to the User EXEC mode. disable Syntax [privilege-level] disable Parameters • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Setting The default privilege level is 1. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.

  • Page 679: Configure

    There are no user guidelines for this command. Example The following example enters Global Configuration mode. configure Console# Console(config)# Related Commands enable disable exit (Configuration) command exits any configuration mode to the next highest mode in the CLI exit mode hierarchy. Syntax exit...

  • Page 680: Exit

    This command has no default configuration. Command Mode All configuration modes Command Usage There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to Privileged EXEC mode. Console(config-if)# exit Console(config)# exit Console# Related Commands...

  • Page 681: Help

    This command has no default configuration. Command Mode All configuration modes. Command Usage There are no user guidelines for this command. Example The following example changes from Global Configuration mode to Privileged EXEC mode. Console(config)# end Console# Related Commands exit help command displays a brief description of the help system.

  • Page 682: Terminal Datadump

    Help is provided when: 1. There is a valid command and a help request is made for entering a parameter or argument (e.g. 'show ?'). All possible parameters or arguments for the entered command are displayed.

  • Page 683: Show History

    Commands are listed from the first to the most recent command. The buffer remains unchanged when entering into and returning from configuration modes. Example The following example displays all the commands entered while in the current Privileged EXEC mode. Console# show version SW version 3.131 (date 23-Jul-2004 time 17:34:19) HW version 1.0.0...
  • Page 684 Command Mode Privileged and User EXEC modes Command Usage There are no user guidelines for this command. Example The following example displays the current privilege level for the Privileged EXEC mode. Console# show privilege Current privilege level is 15 Related Commands...

  • Page 685: Vlan Commands

    4-664 interface range vlan Enables simultaneously configuring multiple VLANs. 4-665 name Adds a name to a VLAN. To remove the VLAN name, use the no 4-666 form of this command. map protocol Maps a protocol to a group of protocols.

  • Page 686: Vlan Database

    Sets a subnet-based classification rule. 4-679 map subnets-group vlan switchport protected Overrides the FDB decision and sends all Unicast, Multicast and 4-680 Broadcast traffic to an uplink port. To return to the default configuration, use the no form of the command .

  • Page 687: Vlan

    Parameters • vlan-range — Specifies a list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs. Default Setting This command has no default configuration.

  • Page 688: Default-Vlan Vlan

    Command Line Interface default-vlan vlan Use the vlan VLAN Configuration mode command to create a VLAN. To restore the default configuration or delete a VLAN, use the no form of this command. Syntax default-vlan vlan vlan-id no default-vlan vlan Parameters •...

  • Page 689: Interface Range Vlan

    Command Usage Commands under the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution of the command continues on the other interfaces.

  • Page 690: Name

    Syntax protocol [encapsulation] group map protocol protocols-group protocol [encapsulation] no map protocol Parameters - protocol — The protocol is 16 bits protocol number or one of the reserved names that are defined in the usage guidelines. (Range: 0x0000 – 0x0600)

  • Page 691: Switchport General Map Protocols-Group Vlan

    The following protocol names are reserved for Ethernet Encapsulation: - ip-arp - ipx - ip Example The following example maps a protocol 0x0000 to protocol group 1000 for Ethernet port 1/e16 . Console(config-vlan)# map protocol 0x000 ethernet protocols-group 1000 access Console(config-if)# switchport mode...

  • Page 692: Switchport Mode

    • — Indicates a full 802-1q supported VLAN port. general Default Setting All ports are in access mode, and belong to the default VLAN (whose VID=1). Command Mode Interface Configuration (Ethernet, port-channel) mode Command Usage There are no user guidelines.

  • Page 693: Switchport Access Vlan

    Interface Configuration mode command configures the VLAN ID when the interface is in access mode. To return to the default configuration, use the form of this command. Syntax vlan-id |...

  • Page 694: Switchport Trunk Allowed Vlan

    Command Line Interface Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN Ethernet port 1/e16. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport access vlan 23 Related Commands switchport mode switchport trunk allowed vlan switchport trunk native vlan...

  • Page 695: Switchport Trunk Native Vlan

    VLAN Commands Example The following example adds VLANs 1, 2, 5 to 6 to the allowed list of Ethernet port 1/ e16. Console(config)# interface ethernet 1/e16 console(config-if)# switchport trunk allowed vlan add 1-2,5-6 Related Commands switchport mode switchport access vlan...

  • Page 696: Switchport General Allowed Vlan

    — Indicates that the port transmits tagged packets for the VLANs. tagged • — Indicates that the port transmits untagged packets for the untagged VLANs. Default Setting If the port is added to a VLAN without specifying tagged or untagged, the default setting is tagged.

  • Page 697: Switchport General Pvid

    This command enables changing the egress rule (e.g., from tagged to untagged) without first removing the VLAN from the list. Example The following example adds VLANs 2, 5, and 6 to the allowed list of Ethernet port 1/ e16 . Console(config)# interface ethernet 1/e16...

  • Page 698: Switchport General Ingress-Filtering Disable

    Command Line Interface Command Usage There are no user guidelines for this command. Example The following example configures the PVID for Ethernet port 1/e16, when the interface is in general mode. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport general pvid 234...

  • Page 699: Switchport General Acceptable-Frame-Type Tagged-Only

    Interface Configuration switchport general acceptable-frame-type tagged-only mode command discards untagged frames at ingress. To return to the default configuration, use the form of this command. Syntax switchport general acceptable-frame-type tagged-only...

  • Page 700: Switchport Forbidden Vlan

    Interface Configuration mode command forbids switchport forbidden vlan adding specific VLANs to a port. To return to the default configuration, use the parameter for this command. remove Syntax switchport forbidden vlan...

  • Page 701: Map Mac Macs-Group

    The map mac macs-group VLAN Configuration mode command maps a MAC address or range of MAC addresses to a group of MAC addresses. To delete the map, use the no form of this command. Syntax...

  • Page 702: Map Subnet Subnets-Group

    The map subnet subnets-group VLAN Configuration mode command maps the IP subnet to a group of IP subnets. To delete the map, use the no form of this command. Syntax map subnet ip-address prefix-mask subnets-group group...

  • Page 703: Switchport General Map Subnets-Group Vlan

    Parameters - group — Group number. (Range: 1 – 2147483647) - vlan-id — Define the VLAN ID that is associated with the rule. Default Setting There is no default setting for this command. Command Mode...

  • Page 704: Switchport Protected

    Command Mode Interface Configuration (Ethernet, port-channel) Command Usage Packets to the MAC address of the device are sent to the device and not forwarded to the uplink. IGMP snooping works on PVE protected ports; however forwarding of query/ reports is not limited to the PVE uplink.

  • Page 705: Ip Internal-Usage-Vlan

    IP interface, an unused VLAN is selected by the software. • If the software selected a VLAN for internal use and the user wants to use that VLAN as a static or dynamic VLAN, the user should do one of the following: •...

  • Page 706: Show Vlan

    Parameters • vlan-id — specifies a VLAN ID. • vlan-name — Specifies a VLAN name string. (Range: 1 - 32 characters) Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.

  • Page 707: Show Vlan Internal Usage

    This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays VLANs used internally by the device. show vlan internal usage Console# VLAN Usage IP address...

  • Page 708: Show Interfaces Switchport

    This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the switchport configuration for Ethernet port 1/e1. show interface switchport ethernet Console# 1/e1 Port 1/e1: VLAN Membership mode: General...
  • Page 709 VLAN Commands VLAN0072 untagged Static Static configuration: PVID: 1 (default) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/e1 is statically configured to: Vlan Name Egress rule ---- ------- ----------- default untagged VLAN011 tagged VLAN0072 untagged Forbidden VLANS: VLAN Name...
  • Page 710 Command Line Interface Static configuration: PVID: 8 Ingress Filtering: Disabled Acceptable Frame Type: All Port 1/e2 is statically confgiured to: Vlan Name Egress rule ---- ------------ ----------- VLAN0072 untagged IP Telephony tagged Forbidden VLANS: VLAN Name ---- ---- Port 2/e19...

  • Page 711: Switchport Access Multicast-Tv Vlan

    VLAN that is not the Access port VLAN, while keeping the L2 segregation with subscribers on different Access port VLANs. Use the no form of this command to disable receiving multicast transmissions.

  • Page 712: Show Vlan Protocols-Groups

    EXEC command displays protocols-groups show vlan protocols-groups information. Syntax show vlan protocols-groups Default Configuration There are no user default configuration for this command. Command Mode Priviledged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example configures displays IPMP Snooping configuration.

  • Page 713: Show Vlan Subnets-Groups

    ------------- -------- -------- 0060.704C.73FF FFFF.FFFF.0000 0060.704D.73FF FFFF.FFFF.0000 show vlan subnets-groups The show vlan subnets-groups Privileged EXEC mode command displays macs-groups information. Syntax show vlan subnets-groups Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.

  • Page 714: Show Vlan Multicast-Tv

    Command Line Interface show vlan multicast-tv Use the show multicast-tv command to display information on the source ports and receiver ports of multicast-tv vlan. Syntax show vlan multicast-tv vlan-id Parameters of the Multicast TV VLAN • vlan-id — VLAN ID Default Configuration This command has no default configuration.

  • Page 715: Web Server Commands

    Specifies the TCP port to be used by the Web browser interface. 4-692 To return to the default configuration, use the no form of this command. ip http exec-timeout Sets the interval, which the system waits to user input in http 4-693 sessions before automatic logoff. ip https server Enables configuring the device from a secured browser.

  • Page 716: Ip Http Port

    Global Configuration mode command specifies the TCP port to be ip http port used by the Web browser interface. To return to the default configuration, use the form of this command. Syntax ip http port...

  • Page 717: Ip Http Exec-Timeout

    The ip http exec-timeout Global Configuration mode command sets the interval, which the system waits to user input in http sessions before automatic logoff. To restore the default configuration, use the no form of this command. Syntax...

  • Page 718: Ip Https Port

    Global Configuration mode command specifies the TCP port used ip https port by the server to configure the device through the Web browser. To return to the default configuration, use the form of this command. Syntax...

  • Page 719: Ip Https Exec-Timeout

    The ip https exec-timeout Global Configuration mode command sets the interval that the system waits to user input in https sessions before automatic logoff. To restore the default configuration, use the no form of this command. Syntax...

  • Page 720: Crypto Certificate Request

    If no RSA key length is specified, the default length is 1024. If no URL or IP address is specified, the default common name is the lowest IP address of the device at the time that the certificate is generated.
  • Page 721 Web Server Commands • organization — Specifies the organization name. (Range: 1- 64) • location — Specifies the location or city name. (Range: 1- 64) • state — Specifies the state or province name. (Range: 1- 64) • country — Specifies the country name. (Range: 1- 2) Default Setting There is no default configuration for this command.

  • Page 722: Crypto Certificate Import

    The imported certificate must be based on a certificate request created by the Privileged EXEC mode command. crypto certificate request If the public key found in the certificate does not match the device's SSL RSA key, the command fails. This command is not saved in the device configuration; however, the certificate imported by this command is saved in the private configuration (which is never displayed to the user or backed up to another device).

  • Page 723: Ip Https Certificate

    Global Configuration mode command configures the active ip https certificate certificate for HTTPS. To return to the default configuration, use the form of this command. Syntax number ip https certificate...

  • Page 724: Show Ip Http

    Command Line Interface Syntax number show crypto certificate mycertificate [ Parameters • number — Specifies the certificate number. (Range: 1- 2) Default Setting This command has no default configuration. Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command.

  • Page 725: Show Ip Https

    Web Server Commands Command Mode Privileged EXEC mode Command Usage There are no user guidelines for this command. Example The following example displays the HTTP server configuration. Console# show ip http HTTP server enabled. Port: 80 Related Commands ip http server...
  • Page 726 Command Line Interface Related Commands ip https server ip https port ip https certificate...

  • Page 727: Appendix A. Configuration Examples

    Appendix A. Configuration Examples This appendix contains configuration example for the Customer VLANs, and Multicast TV, and contains the following sections: • Configuring QinQ • Configuring Multicast TV • Configuring Customer VLANs -703...

  • Page 728: Configuring Qinq

    QinQ. Adding additional tags to the packets helps create more VLAN space. The added tag provides an VLAN ID to each customer, this ensures private and segregated network traffic. The VLAN ID tag is assigned to a customer port in the service providers network. The designated port then provides additional services to the packets with the double-tags.

  • Page 729: Figure 2. Add 802.1Q Vlan Page

    Figure 2. Add 802.1q VLAN Page Define the VLAN ID and VLAN Name field. Click Click Layer 2 > VLAN > VLAN > Interface Configuration. The VLAN Interface Configuration Page opens. Figure 3. VLAN Interface Configuration Page Click on a previously defined customer VLAN row. The Modify VLAN Interface...

  • Page 730: Figure 4. Modify Vlan Interface Configuration Page

    Set the VLAN Interface Mode field to Customer. Define the remaining fields. 10. Click . The VLAN interface settings are saved, and the device is updated. 11. Click Layer 2 > VLAN > VLAN > Current Table. The VLAN Current Table opens. -706...

  • Page 731: Configuring Customer Vlans Using The Cli

    14. Click . The customer VLAN is defined, and the device is updated. Configuring Customer VLANs using the CLI As an example for configuring QinQ. The following figure illustrates the configuration example being described. Figure 6. QinQ Configuration Example To configure QinQ, perform the following: Enter the global configuration mode.
  • Page 732 Console (config-if)# switchport customer vlan 100 Console (config-if)# exit Console (config)# Configure port e10 as a trunked port, tagged for VLAN 100. Console (config)# interface ethernet e10 Console (config-if)# switchport mode trunk Console (config-if)# switchport trunk allowed vlan add 100...

  • Page 733: Figure 7. Triple Play Configuration

    A and B, to each of the CPE customers. For this purpose port e4 is configured as a trunked port, tagged for VLANs 1001, 1048, 3000, 3001, with port e1 and e48 configured as the triple play ports connected to the customer site.
  • Page 734 Console (config)# Enter the VLAN configuration mode. Console (config)# vlan database Console (config-vlan)# Create VLANs for customer port 1 and port 48 for QinQ. Each customer has separate VLAN. Console (config-vlan)# vlan 1001 Console (config-vlan)# vlan 1048 Create a VLAN for configuring Multicast TV provider A.
  • Page 735 12. To configure the QinQ uplink, configure port e4 as a trunked port, tagged for VLANs 1001, 1048, 3000 and 3001. Console (Config)# interface ethernet e4 Console (config-if)# switchport mode trunk Console (config-if)# switchport trunk allowed vlan add 1001 Console (config-if)# switchport trunk allowed vlan add 1048...

  • Page 736: Figure 8. Add Vlan Membership Page

    Figure 8. Add VLAN Membership Page Create VLANs for customer port 1 and port 48 for QinQ. Each customer has separate VLAN. For this example use 1001 and 1048. With the same screen create a VLAN for configuring Multicast TV provider A as 3000, and create a VLAN for configuring Multicast TV provider B as 3001.

  • Page 737: Figure 9. Cpe Vlan Mapping Page

    Figure 9. CPE VLAN Mapping Page Click The Add CPE VLAN Mapping Page opens: Map the internal CPE VLAN 3 to the Multicast TV VLAN 3001, and map the internal CPE VLAN 4 to the Multicast TV VLAN 3000. 10. Click 11.

  • Page 738: Figure 10. Cpe Vlan Mapping Page

    12. Click Layer 2 > VLAN > VLAN > Current Table. The VLAN Current Table Page opens. 13. Select VLAN ID number 1001 and double-click port e1. The VLAN Membership Settings page opens. Figure 10. CPE VLAN Mapping Page 14. In the...

  • Page 739: Figure 11. Vlan Interface Settings Page

    20. Click 21. Close the VLAN Interface Settings Page. 22. Repeat steps 18 to 21 configuring port e48 as a customer port on VLAN 1048. 23. Click Layer 2 > VLAN > VLAN > Customer Multicast TV VLAN. The Customer Multicast VLAN Page opens.

  • Page 740: Configuring Customer Vlans

    VLAN space. The added tag provides an VLAN ID to each customer, this ensures private and segregated network traffic. The VLAN ID tag is assigned to a customer port in the service providers network. The designated port then provides additional services to the packets with the double-tags.

  • Page 741: Figure 13. Vlan Basic Information Page

    To configure customer VLANs: Click Layer 2 > VLAN > VLAN > Basic Information. The VLAN Basic Information Page opens. Figure 13. VLAN Basic Information Page Click . The Add VLAN Page opens: Figure 14. Add VLAN Page Define the VLAN ID and VLAN Name field.

  • Page 742: Figure 15. Vlan Interface Configuration Page

    Click Layer 2 > VLAN > VLAN > Interface Configuration. The VLAN Interface Configuration Page opens. Figure 15. VLAN Interface Configuration Page Click on previously defined customer VLAN row. The Modify VLAN Interface Configuration Page opens: Figure 16. Modify VLAN Interface Configuration Page...

  • Page 743: Figure 17. Vlan Current Table

    10. Click . The VLAN interface settings are saved, and the device is updated. 11. Click Layer 2 > VLAN > VLAN > Current Table. The VLAN Current Table opens. Figure 17. VLAN Current Table 12. Select the VLAN ID.
  • Page 744 -720...

  • Page 745: Appendix B. Software Specifications

    Appendix B. Software Specifications Software Features Authentication Local, RADIUS, TACACS, Port (802.1x), HTTPS, SSH, Port Security Access Control Lists IP, MAC (up to 32 lists) AMAP Alcatel Mapping Adjacency Protocol SNMPv3 Management access via MIB database Trap management to specified hosts...

  • Page 746: Management Features

    Up to 255 groups; port-based, protocol-based, or tagged (802.1Q), GVRP for automatic VLAN learning, private VLANs Class of Service Supports eight levels of priority and Weighted Round Robin Queueing (which can be configured by VLAN tag or port), Layer 3/4 priority mapping: IP Precedence, IP DSCP...

  • Page 747: Management Information Bases

    Port Access Entity MIB (IEEE 802.1x) Private MIB Quality of Service MIB RADIUS Authentication Client MIB (RFC 2621) RMON MIB (RFC 2819) RMON II Probe Configuration Group (RFC 2021, partial implementation) SNMP framework MIB (RFC 2571) SNMP-MPD MIB (RFC 2572)
  • Page 748 SNMP Target MIB, SNMP Notification MIB (RFC 2573) SNMP User-Based SM MIB (RFC 2574) SNMP View Based ACM MIB (RFC 2575) SNMP Community MIB (RFC 2576) TACACS+ Authentication Client MIB TCP MIB (RFC 2013) Trap (RFC 1215) UDP MIB (RFC 2012)

  • Page 749: Appendix C. Troubleshooting

    • Be sure the management station has an IP address in the same subnet as the switch’s IP interface to which it is connected. • If you are trying to connect to the switch via the IP address for a tagged VLAN group, your management station, and the ports connecting intermediate switches in the network, must be configured with the appropriate tag.

  • Page 750: Using System Logs

    Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.

  • Page 751: Appendix D. Glossary

    DSCP priority bit. Differentiated Services Code Point Service (DSCP) DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.
  • Page 752 Spanning Tree network. Generic Attribute Registration Protocol (GARP) GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations.
  • Page 753 On each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
  • Page 754 MD5 Message Digest Algorithm An algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
  • Page 755 NTP servers. Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.
  • Page 756 Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN.
  • Page 757 802.1p 234 static entries 87 Domain Name Service 85 DSCP 234, 244 Access Control Element 232 Dynamic Host Configuration Access Control List See ACL Protocol 82 Access Control Lists 167, 232 ACE 232 ACEs 167, 232 E-911 133 ACL 234, 245...
  • Page 758 Index Line 110 Link Aggregation Control Protocol 73 RADIUS 109 Link Control Protocol 198 Rapid Spanning Tree Protocol 197 LLDP Media Endpoint Discovery 133 RSTP 197 LLDP-MED 133 Rules 107, 233 log-in, Web interface 33 logon authentication TACACS+ client 105...
  • Page 759 Index Web interface access requirements 33 Warm standby 39 configuration buttons 34 home page 33 menu list 35 panel display 35 Weighted Round Robin 234 WRR 234, 235...
  • Page 760 Index...

This manual is also suitable for:

Os-ls-6212Os-ls-6212pOs-ls-6224Os-ls-6224pOs-ls-6248Os-ls-6248p ... Show all

Table of Contents

Save PDF