SMC Networks 6724AL2 Management Manual
  1. Manuals
  2. Brands
  3. SMC Networks Manuals
  4. Switch
  5. 6724AL2
  6. Management manual

SMC Networks 6724AL2 Management Manual

Tigerswitch 10/100 24-port fast ethernet switch
Hide thumbs Also See for 6724AL2:
1
2
3
4
5
6
Table Of Contents
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
Table of Contents

Advertisement

Quick Links

See also: Installation Manual
TigerSwitch 10/100
24-Port Fast Ethernet Switch
◆ 24 10BASE-T/100BASE-TX ports
◆ Optional 1000BASE-X or 100BASE-FX modules
◆ 8.8 Gbps of aggregate bandwidth
◆ Non-blocking switching architecture
◆ Spanning Tree Protocol
◆ Up to 4 port trunks
◆ RADIUS and TACACS+ authentication
◆ Rate limiting for bandwidth management
◆ CoS support for four-level priority
◆ Full support for VLANs with GVRP
◆ IP Multicasting with IGMP Snooping
◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC6724AL2

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 6724AL2 and is the answer not in the manual?

Questions and answers

Related Manuals for SMC Networks 6724AL2

Summary of Contents for SMC Networks 6724AL2

  • Page 1: Management Guide

    TigerSwitch 10/100 24-Port Fast Ethernet Switch ◆ 24 10BASE-T/100BASE-TX ports ◆ Optional 1000BASE-X or 100BASE-FX modules ◆ 8.8 Gbps of aggregate bandwidth ◆ Non-blocking switching architecture ◆ Spanning Tree Protocol ◆ Up to 4 port trunks ◆ RADIUS and TACACS+ authentication ◆...
  • Page 3 TigerSwitch 10/100 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 38 Tesla Irvine, CA 92618 January 2004 Phone: (949) 679-8000 Pub. # 150200037700A...
  • Page 4 38 Tesla Irvine, CA 92618 All rights reserved. Trademarks: SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
  • Page 5 All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term.
  • Page 6 RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS. * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

  • Page 7: Table Of Contents

    ONTENTS Switch Management ..... . 1-1 Connecting to the Switch ........1-1 Configuration Options .
  • Page 8 ONTENTS Reset ........... . 2-28 Setting the System Clock .
  • Page 9 ONTENTS Spanning Tree Algorithm Configuration ..... . . 2-89 Displaying Global Settings ......2-90 Configuring Global Settings .
  • Page 10 ONTENTS Adding Multicast Addresses to VLANs ....2-153 Command Line Interface ....3-1 Using the Command Line Interface .
  • Page 11 ONTENTS hostname ......... . . 3-28 username .
  • Page 12 ONTENTS snmp-server community ....... 3-62 snmp-server contact ........3-63 snmp-server location .
  • Page 13 ONTENTS show interfaces switchport ......3-98 Address Table Commands ........3-101 mac-address-table static .
  • Page 14 ONTENTS switchport private-vlan host-association ....3-137 switchport private-vlan mapping ..... . . 3-138 show vlan private-vlan .
  • Page 15 ONTENTS dot1x timeout quiet-period ......3-167 dot1x timeout re-authperiod ......3-167 dot1x timeout tx-period .
  • Page 16 ONTENTS show map ip port ........3-202 show map ip precedence .

  • Page 17: Switch Management

    HAPTER WITCH ANAGEMENT Connecting to the Switch Configuration Options The SMC6724AL2 24-port, Layer 2 switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
  • Page 18 WITCH ANAGEMENT The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions: • Set user names and passwords • Set an IP interface for a management VLAN • Configure SNMP parameters • Enable/disable any port •...

  • Page 19: Required Connections

    ONNECTING TO THE WITCH Required Connections The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch.

  • Page 20: Remote Connections

    WITCH ANAGEMENT 2. Refer to “Line Commands” on page 3-74 for a complete description of console configuration options. 3. Once you have set up the terminal correctly, the console login screen will be displayed. For a description of how to use the CLI, see “Using the Command Line Interface”...

  • Page 21: Basic Configuration

    ASIC ONFIGURATION Basic Configuration Console Connection The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities.

  • Page 22: Setting An Ip Address

    WITCH ANAGEMENT 1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level. 2. Type “configure” and press <Enter>. 3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>. 4.

  • Page 23: Manual Configuration

    ASIC ONFIGURATION Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
  • Page 24 WITCH ANAGEMENT Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)# Dynamic Configuration If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart”...

  • Page 25: Enabling Snmp Management Access

    ASIC ONFIGURATION 4. Type “ip dhcp restart” to begin broadcasting service requests. Press <Enter>. 5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>. 6. Then save your configuration changes by typing “copy running-config startup-config.”...

  • Page 26: Trap Receivers

    WITCH ANAGEMENT from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level. The default strings are: • public - Specifies read-only access. Authorized management stations are only able to retrieve MIB objects. •...

  • Page 27: Saving Configuration Settings

    ASIC ONFIGURATION To configure a trap receiver, complete the following steps: 1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press <Enter>.

  • Page 28: Managing System Files

    WITCH ANAGEMENT Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.
  • Page 29 ANAGING YSTEM ILES Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.

  • Page 30: System Defaults

    WITCH ANAGEMENT System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file. (See “Setting the Startup Configuration File” on page 2-26.) The following table lists some of the basic system defaults. Function Parameter Default...
  • Page 31 YSTEM EFAULTS Function Parameter Default Console Port Baud Rate 9600 Connection Data bits Stop bits Parity none Local Console Timeout 0 (disabled) Admin Status Port Status Enabled Auto-negotiation Enabled Flow Control Disabled Capabilities 10BASE-T – 10 Mbps half duplex 10 Mbps full duplex Full-duplex flow control disabled 100BASE-TX/FX –...
  • Page 32 WITCH ANAGEMENT Function Parameter Default Spanning Tree Status Enabled Protocol (Defaults: All parameters based on IEEE 802.1w) Fast Forwarding Disabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Disabled GVRP (global) Disabled GVRP (port interface) Disabled Private VLAN...

  • Page 33: Configuring The Switch

    HAPTER ONFIGURING THE WITCH Using the Web Interface This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).
  • Page 34 ONFIGURING THE WITCH 3. After you enter a user name and password, you will have access to the system configuration program. Note: If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding to improve the switch’s response time to management commands issued through the Web...

  • Page 35: Navigating The Web Browser Interface

    AVIGATING THE ROWSER NTERFACE Navigating the Web Browser Interface To access the Web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”...

  • Page 36: Configuration Options

    ONFIGURING THE WITCH You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated. Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting.

  • Page 37: Main Menu

    Main Menu Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Menu Description Page System System Information Provides basic system description, including contact information Switch Information Shows the number of ports, hardware/firmware...
  • Page 38 ONFIGURING THE WITCH Menu Description Page HTTPS Settings Configures secure HTTP settings 2-40 SSH Settings Configures Secure Shell settings 2-43 Port Security Configures port security 2-45 Configuration dot1X (IEEE 2-48 802.1x) dot1X Information Displays general port authentication status 2-49 information dot1X Enables the changing of general port authentication 2-52...
  • Page 39 Menu Description Page Address Table 2-86 Static Addresses Displays entries for interface, address or VLAN 2-86 Dynamic Addresses Displays or edits static entries in the Address Table 2-87 Address Aging Sets timeout for dynamically learned entries 2-89 Spanning Tree 2-90 STA Information Displays STA values used for the bridge 2-91...
  • Page 40 ONFIGURING THE WITCH Menu Description Page Private VLAN Port/ Displays the interfaces associated with private 2-127 Trunk Information VLANs Private VLAN Port/ Sets the private VLAN interface type, and 2-128 Trunk Configuration associates the interfaces with a private VLAN Priority 2-131 Port Priority Sets the default priority for each port...

  • Page 41: Basic Configuration

    ASIC ONFIGURATION Menu Description Page IP Multicast Displays all multicast groups active on this switch, 2-153 Registration Table including multicast IP addresses and VLAN ID IGMP Member Indicates multicast addresses associated with the 2-154 Port Table selected VLAN Basic Configuration Displaying System Information You can easily identify the system by providing a descriptive name, location and contact information.
  • Page 42 ONFIGURING THE WITCH Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows you to access the Command Line Interface via Telnet.) 2-10...

  • Page 43: Displaying Switch Hardware/Software Versions

    Console(config)#snmp-server location TPS - 3rd Floor 3-62 Console(config)#snmp-server contact Chris 3-61 Console#show system 3-41 System description: TigerSwitch 10/100 6724AL2 System OID string: 1.3.6.1.4.1.202.20.31 System information System Up time: 0 days, 1 hours, 44 minutes, and 20.41 seconds System Name : SMC6724AL2...
  • Page 44 ONFIGURING THE WITCH • Internal Power Status – Displays the status of the internal power supply. • Redundant Power Status* – Displays the status of the redundant power supply. * CLI only. Management Software • Loader Version – Version number of loader code. •...
  • Page 45 ISPLAYING WITCH ARDWARE OFTWARE ERSIONS Web – Click System, Switch Information. CLI – Use the following command to display version information. Console#show version 3-43 Unit1 Serial number :ag1005 Service tag Hardware version Module A type :not present Module B type :not present Number of ports Main power status...

  • Page 46: Displaying Bridge Extension Capabilities

    ONFIGURING THE WITCH Displaying Bridge Extension Capabilities The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables, or to configure the global setting for GARP VLAN Registration Protocol (GVRP).
  • Page 47 ISPLAYING RIDGE XTENSION APABILITIES Management Protocol (IGMP) to provide automatic multicast filtering. • GVRP – GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports across the network. This function should be enabled to permit VLAN groups which extend beyond the local switch.

  • Page 48: Setting The Ip Address

    ONFIGURING THE WITCH Setting the IP Address An IP address may be used for management access to the switch over your network. By default, the switch uses DHCP to assign IP settings to VLAN 1 on the switch. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on.
  • Page 49 ISPLAYING RIDGE XTENSION APABILITIES • Gateway IP Address – IP address of the gateway router between this device and management stations that exist on other network segments. • MAC Address – The MAC address of this switch. Manual Configuration Web – Click System, IP Configuration. Specify the management interface, IP address and default gateway, then click Apply.
  • Page 50 ONFIGURING THE WITCH Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web – Click System, IP. Specify the Management VLAN, set the IP Address Mode to DHCP or BOOTP. Then click Apply to save your changes.

  • Page 51: System Logs Configuration

    YSTEM ONFIGURATION System Logs Configuration The system can be configured to send debug and error messages to a logging process. This logging process controls the type of error messages that are stored in switch memory or sent to a remote syslog server. The system allows you to specify which levels are logged to RAM or flash memory.
  • Page 52 ONFIGURING THE WITCH Command Attributes • System Log Status – Enables/disables the logging of debug or error messages to the logging process. • Flash Level – Limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be logged to flash.

  • Page 53: Remote Logs Configuration

    YSTEM ONFIGURATION Remote Logs Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the error messages sent to only those messages of a specified level. Command Attributes •...
  • Page 54 ONFIGURING THE WITCH Web – Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add IP Host. To delete an IP address, click the entry in the Host IP List, and then click Remove Host IP.

  • Page 55: Managing Firmware

    ANAGING IRMWARE Managing Firmware You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version.
  • Page 56 ONFIGURING THE WITCH Web – Click System, File, Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, select a file on the switch to overwrite or specify a new file name, then click Transfer from Server.

  • Page 57: Saving Or Restoring Configuration Settings

    ANAGING IRMWARE To start the new firmware, enter the “reload” command or reboot the system. Saving or Restoring Configuration Settings You can upload/download configuration settings to/from a TFTP server. The configuration file can be later downloaded to restore the switch’s settings.

  • Page 58: Downloading Configuration Settings From A Server

    ONFIGURING THE WITCH Downloading Configuration Settings from a Server You can save the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg”...

  • Page 59: Copying The Running Configuration To A File

    ANAGING IRMWARE CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config 3-19 TFTP server ip address: 192.168.1.19 Source configuration file name: startup2.0 Startup configuration file name [startup] : startup2.0 Console#...

  • Page 60: Reset

    ONFIGURING THE WITCH Reset Web – Select System, Reset to reboot the switch. When prompted, confirm that you want reset the switch. CLI – Use the reload command to reboot the system. Console#reload 3-16 System will be restarted, continue <y/n>? y Console# Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal...

  • Page 61: Configuring Sntp

    ETTING THE YSTEM LOCK Configuring SNTP You can configure the switch to send time synchronization requests to specific time servers. Command Attributes • SNTP Client – Configures the switch to operate as an SNTP unicast client. This mode requires at least one time server to be specified in the SNTP Server field.

  • Page 62: Setting The Time Zone

    ONFIGURING THE WITCH Setting the Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.

  • Page 63: Configuring Snmp

    SNMP ONFIGURING Configuring SNMP Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.

  • Page 64: Specifying Trap Managers

    ONFIGURING THE WITCH • Access Mode - Read-Only – Specifies read-only access. Authorized management stations are only able to retrieve MIB objects. - Read/Write – Specifies read-write access. Authorized management stations are able to both retrieve and modify MIB objects. Web –...
  • Page 65 SNMP ONFIGURING Command Usage • You can enable or disable authentication messages via the Web interface. • You can enable or disable authentication messages, link-up-down messages, or all notification types via the CLI. Command Attributes • Trap Manager Capability – Indicates that the switch supports up to five trap managers.
  • Page 66 ONFIGURING THE WITCH Web – Click SNMP, Configuration. Fill in the Trap Manager IP Address box and the Trap Manager Community String box, mark Enable Authentication Traps if required, and then click Add. CLI – This example adds a trap manager and enables authentication traps. Console(config)#snmp-server host 10.1.19.23 batman 3-63 Console(config)#snmp-server enable traps authentication...

  • Page 67: Security

    ECURITY Security Use the Passwords or RADIUS/TACACS+ menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch (using the Passwords menu), or you can use a remote access authentication server based on the RADIUS/ TACACS+ protocol.

  • Page 68: Configuring Radius/Tacacs Logon Authentication

    ONFIGURING THE WITCH Web – Click Security, Passwords. Enter the old password, enter the new password, confirm it by entering it again, then click Apply. CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password. Console(config)#username bob access-level 15 3-28 Console(config)#username bob password 0 smith...
  • Page 69 ECURITY Command Usage • By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.
  • Page 70 ONFIGURING THE WITCH Command Attributes • Authentication – Select the authentication, or authentication sequence required: - RADIUS – User authentication is performed using a RADIUS server only. - TACACS – User authentication is performed using a TACACS+ server only. - Local – User authentication is performed only locally by the switch. - [authentication sequence] –...
  • Page 71 ECURITY TACACS+ Settings • Server IP Address – Address of the TACACS+ server. (Default: 10.1.0.1) • Server Port Number – Network (TCP) port of TACACS+ server used for authentication messages. (Range: 1-65535; Default: 49) • Secret Text String – Encryption key used to authenticate logon access for client.

  • Page 72: Configuring Https

    ONFIGURING THE WITCH CLI – Specify all the required parameters to enable login authentication. Console(config)#authentication login radius 3-156 Console(config)#radius-server host 192.168.1.25 3-157 Console(config)#radius-server port 181 3-158 Console(config)#radius-server key green 3-158 Console(config)#radius-server retransmit 5 3-159 Console(config)#radius-server timeout 10 3-160 Console#show radius-server 3-160 Server IP address: 192.168.1.25 Communication key with radius server: green...
  • Page 73 HTTPS ONFIGURING • When you start HTTPS, the connection is established in this way: - The client authenticates the server using the server’s digital certificate. - The client and server negotiate a set of security protocols to use for the connection. - The client and server generate session keys for encrypting and decrypting data.

  • Page 74: Replacing The Default Secure-Site Certificate

    ONFIGURING THE WITCH Web – Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply. CLI – This example enables the HTTP secure server and modifies the port number. Console(config)#ip http secure-server 3-46 Console(config)#ip http secure-port 441 3-47 Console(config)# Replacing the Default Secure-site Certificate...

  • Page 75: Configuring Ssh

    ONFIGURING When you have obtained these, place them on your TFTP server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one: Console#copy tftp https-certificate 3-19 TFTP server ip address: <server ip-address> Source certificate file name: <certificate file name>...
  • Page 76 ONFIGURING THE WITCH Command Attributes • SSH Server Status – Allows you to enable/disable the SSH server feature on the switch. (Default: Enabled) • SSH Authentication Timeout – Specifies the time interval in seconds that the SSH server waits for a response from a client during an authentication attempt.

  • Page 77: Configuring Port Security

    ONFIGURING ECURITY CLI – This example enables SSH, sets the authentication parameters, and displays the current configuration. It shows that the administrator has made a connection via SHH, and then disables this connection. Console(config)#ip ssh server 3-49 Console(config)#ip ssh timeout 100 3-50 Console(config)#ip ssh authentication-retries 5 3-50...
  • Page 78 ONFIGURING THE WITCH Command Usage • Note that a secure port has the following restrictions: - It should not be connected to a network interconnection device. - It cannot be configured as a member of a static trunk. - It can be configured as an LACP trunk port, but the switch does not allow the LACP trunk to be enabled.
  • Page 79 ONFIGURING ECURITY Web – Click Security, Port Security. In the Status column for a port, select Enabled, then set the required Max MAC Count and click Apply. CLI – This example selects the target port, then uses the port security max-mac-count command to set the maximum MAC addresses allowed on the port.

  • Page 80: Configuring 802.1X Port Authentication

    ONFIGURING THE WITCH Configuring 802.1x Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.

  • Page 81: Displaying 802.1X Global Settings

    802.1 ONFIGURING UTHENTICATION certificate. The RADIUS server verifies the client credentials and responds with an accept or reject packet. If authentication is successful, the switch allows the client to access the network. Otherwise, network access is denied and the port remains blocked. The operation of 802.1x on the switch requires the following: •...
  • Page 82 ONFIGURING THE WITCH Command Attributes • dot1x Re-authentication - Indicates if switch ports require a client to be re-authenticated after a certain period of time. • dot1x Max Request Count - The maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session.
  • Page 83 802.1 ONFIGURING UTHENTICATION Web - Click Security, 802.1X, Information. CLI – This example shows the default protocol settings for dot1x. For a description of the additional entries displayed in the CLI, see “show dot1x” on page 3-168. Console#show dot1x 3-168 Global 802.1X Parameters reauth-enabled: no reauth-period:...

  • Page 84: Configuring Global Dot1X Parameters

    ONFIGURING THE WITCH Configuring Global dot1x Parameters The dot1x protocol includes global parameters that control the client authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server. The configuration options for parameters are described in this section.

  • Page 85: Configuring Port Authorization Mode

    802.1 ONFIGURING UTHENTICATION Web - Click Security, 802.1X, Configuration. Enable dot1x globally for the switch, modify any of the parameters as required, and then click Apply. CLI – This example enables re-authentication and sets all of the global parameters for dot1x. Console(config)#dot1x max-req 5 3-164 Console(config)#dot1x re-authentication...
  • Page 86 ONFIGURING THE WITCH • Authorized – - Yes – Connected client is authorized. - No – Connected client is not authorized. - Blank – Displays nothing when dot1x is disabled on a port. • Supplicant – Indicates the MAC address of a connected client. •...

  • Page 87: Displaying 802.1X Statistics

    802.1 ONFIGURING UTHENTICATION Displaying 802.1x Statistics This switch can display statistics for dot1x protocol exchanges for any port. Statistical Values Parameter Description Rx EXPOL Start The number of EAPOL Start frames that have been received by this Authenticator. Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator.

  • Page 88: Access Control Lists

    ONFIGURING THE WITCH Web – Select Security, 802.1X, Statistics. Select the required port and then click Query. Click Refresh to update the statistics. CLI – This example displays the dot1x statistics for port 2. Console#show dot1x statistics 3-168 Eth 1/2 Rx: EXPOL EAPOL EAPOL...

  • Page 89: Configuring Access Control Lists

    CCESS ONTROL ISTS Configuring Access Control Lists An ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests incoming packets against the conditions in an ACL one by one. If a list contains all permit rules, a packet will be accepted as soon as it passes any of the rules.
  • Page 90 ONFIGURING THE WITCH • IP – Specifies the source IP address. Use “Any” to include all possible addresses, “Host” to specify a specific host address in the Address field, or “IP” to specify a range of addresses with the Address and SubMask fields.
  • Page 91 CCESS ONTROL ISTS • Control Flag – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63) • Control Bitmask – Decimal number representing the code bits to match. The control bitmask is a decimal number (for an equivalent binary bit mask) that is applied to the control code.
  • Page 92 ONFIGURING THE WITCH • VID – ID of VLAN. • Ethernet Type – This option can only be used to filter Ethernet II formatted packets. (A detailed listing of Ethernet protocol types can be found in RFC 1060.) A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX).
  • Page 93 CCESS ONTROL ISTS 4. Click Add. CLI – This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Console(config-std-acl)#permit host 10.1.1.21 3-174 Console(config-std-acl)#permit 168.92.16.0 255.255.240.0 Console(config-std-acl)# Extended IP ACL Web –...
  • Page 94 ONFIGURING THE WITCH CLI – This example adds three rules: 1. Accept any incoming packets if the source address is in subnet 10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.

  • Page 95: Mac Acl

    CCESS ONTROL ISTS MAC ACL Web – 1. Specify the action (i.e., Permit or Deny). 2. Select the Source MAC address using a dash to separate each two digits (e.g., 11-22-33-44-55-66). Leave this field blank to specify any host address. 3.

  • Page 96: Binding A Port To An Access Control List

    ONFIGURING THE WITCH Binding a Port to an Access Control List After configuring Access Control Lists (ACL), you should bind them to the ports that need to filter traffic. You can only assign one IP access list and/or one MAC access list to any port. Command Attributes •...

  • Page 97: Port Configuration

    ONFIGURATION Port Configuration Displaying Connection Status You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/duplex mode, flow control, and auto-negotiation. Command Attributes • Name – Interface label. • Type – Indicates the port type (10BASE-T, 100BASE-TX, 100BASE-FX, 1000BASE-SX, 1000BASE-LX, or 1000BASE-GBIC).
  • Page 98 ONFIGURING THE WITCH Web – Click Port, Port Information or Trunk Information. Modify the required interface settings, and click Apply. CLI – This example shows the connection status for Port 13. Console#show interfaces status ethernet 1/13 3-94 Information of Eth 1/13 Basic information: Port type: 100tx Mac address: 00-30-f1-47-58-46...

  • Page 99: Configuring Interface Connections

    ONFIGURATION Configuring Interface Connections You can use the Port Configuration or Trunk Configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. Command Attributes • Name – Allows you to label an interface. (Range: 1-64 characters) •...
  • Page 100 ONFIGURING THE WITCH - FC - Supports flow control Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.

  • Page 101: Trunk Configuration

    RUNK ONFIGURATION CLI – Select the interface, and then enter the required settings. Console(config)#interface ethernet 1/13 Console(config-if)#description RD SW#13 3-86 Console(config-if)#shutdown 3-93 Console(config-if)#no shutdown Console(config-if)#no negotiation 3-88 Console(config-if)#speed-duplex 100half 3-87 Console(config-if)#flowcontrol 3-90 Console(config-if)#negotiation Console(config-if)#capabilities 100half 3-89 Console(config-if)#capabilities 100full Console(config-if)#capabilities flowcontrol Trunk Configuration You can create multiple links between devices that work as one virtual, aggregate link.
  • Page 102 ONFIGURING THE WITCH Command Usage Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, use the Web interface or CLI to specify the trunk on the devices at both ends.

  • Page 103: Statically Configuring A Trunk

    RUNK ONFIGURATION Statically Configuring a Trunk Command Usage • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.

  • Page 104: Dynamically Configuring A Trunk

    ONFIGURING THE WITCH CLI – This example creates trunk 1 with ports 11 and 12. Just connect these ports to two static trunk ports on another switch to form a trunk. Console(config)#interface port-channel 1 3-85 Console(config-if)#exit Console(config)#interface ethernet 1/11 Console(config-if)#channel-group 1 3-148 Console(config-if)#exit Console(config)#interface ethernet 1/12...
  • Page 105 RUNK ONFIGURATION • If more than four ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails. • All ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation.

  • Page 106: Setting Broadcast Storm Thresholds

    ONFIGURING THE WITCH CLI – The following example enables LACP for ports 17 and 18. Just connect these ports to two LACP-enabled trunk ports on another switch to form a trunk. Console(config)#interface ethernet 1/17 Console(config-if)#lacp 3-149 Console(config-if)#exit Console(config)#interface ethernet 1/18 Console(config-if)#lacp Console(config-if)#end Console#show interfaces status port-channel 1...
  • Page 107 RUNK ONFIGURATION Command Usage • Broadcast Control is disabled by default. • The default threshold is 32000 octets per second. • Broadcast control does not effect IP multicast traffic. • The specified threshold applies to all ports on the switch. Command Attributes •...

  • Page 108: Configuring Port Mirroring

    ONFIGURING THE WITCH Configuring Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.

  • Page 109: Configuring Rate Limits

    ONFIGURING IMITS Web – Click Port, Mirror Port Configuration. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add. CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port.

  • Page 110: Rate Limit Granularity

    ONFIGURING THE WITCH Rate Limit Granularity Rate limit granularity can be applied to both Fast Ethernet and Gigabit Ethernet interfaces. Command Usage • For Fast Ethernet interfaces, the rate limit granularity is 512 Kbps, 1 Mbps, or 3.3 Mbps. • For Gigabit Ethernet interfaces, the rate limit granularity is 33.3 Mbps.

  • Page 111: Rate Limit Port Configuration

    ONFIGURING IMITS Rate Limit Port Configuration Use the rate limit port configuration pages to apply rate limiting. Command Usage • Input and output rate limit can be enabled or disabled for individual interfaces. Command Attributes • Port/Trunk– Displays the port number. •...

  • Page 112: Showing Port Statistics

    ONFIGURING THE WITCH CLI - This example sets the rate limit level for input and output traffic passing through port 3 and 4. Console(config)#interface ethernet 1/3 3-85 Console(config-if)#rate-limit input level 3 3-151 Console(config-if)#rate-limit output level 3 3-151 Console(config-if)#exit Console(config)#interface ethernet 1/4 Console(config-if)#rate-limit input level 6 Console(config-if)#rate-limit output level 6 Console(config-if)#...
  • Page 113 ONFIGURING IMITS Parameter Description Received Broadcast The number of packets, delivered by this sub-layer to a Packets higher (sub-)layer, which were addressed to a broadcast address at this sub-layer. Received Discarded The number of inbound packets which were chosen to Packets be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol.
  • Page 114 ONFIGURING THE WITCH Parameter Description Late Collisions The number of times that a collision is detected later than 512 bit-times into the transmission of a packet. FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check.
  • Page 115 ONFIGURING IMITS Parameter Description Jabbers The total number of frames received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either an FCS or alignment error. Received Bytes Total number of bytes of data received on the network. This statistic can be used as a reasonable indication of Ethernet utilization.
  • Page 116 ONFIGURING THE WITCH Web – Click Port, Port Statistics. Select the required interface, and then click Query. You can also use the Refresh button at the bottom of the page to update the screen. 2-84...
  • Page 117 ONFIGURING IMITS CLI – This example shows statistics for port 13. Console#show interfaces counters ethernet 1/13 3-96 Ethernet 1/13 If table stats: Octets input: 868453, Octets output: 3492122 Unicast input: 7315, Unicast output: 6658 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended if table stats:...

  • Page 118: Address Table Settings

    ONFIGURING THE WITCH Address Table Settings Switches store the addresses for all known devices. This information is used to route traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table.

  • Page 119: Displaying The Address Table

    DDRESS ABLE ETTINGS Web – Click Address Table, Static Addresses. Specify the interface, the MAC address and VLAN, then click Add Static Address. CLI – This example adds an address to the static address table, but sets it to be deleted when the switch is reset. Console(config)#mac-address-table static 00-e0-29-94-34-de interface ethernet 1/1 vlan 1 delete-on-reset 3-100...
  • Page 120 ONFIGURING THE WITCH Command Attributes • Interface – Indicates a port or trunk. • MAC Address – Physical address associated with this interface. • VLAN – ID of configured VLAN (1-4094). • Address Table Sort Key – You can sort the information displayed based on interface (port or trunk) or MAC address.

  • Page 121: Changing The Aging Time

    DDRESS ABLE ETTINGS For example, the following screen shows the dynamic addresses for port 21. CLI – This example also displays the address table entries for port 11. Console#show mac-address-table ethernet 1/11 3-101 Interface Mac Address Vlan Type --------- ----------------- ---- ----------------- Eth 1/11 00-10-b5-62-03-74 1 Learned Console#...

  • Page 122: Spanning Tree Algorithm Configuration

    ONFIGURING THE WITCH CLI – This example sets the aging time to 300 seconds. Console(config)#mac-address-table aging-time 300 3-103 Console(config)# Console# Console#show mac-address-table aging-time 3-101 Aging time: 300 sec. Console# Spanning Tree Algorithm Configuration The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.

  • Page 123: Displaying Global Settings

    PANNING LGORITHM ONFIGURATION Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
  • Page 124 ONFIGURING THE WITCH • Hello Time – Interval (in seconds) at which the root device transmits a configuration message. • Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., discarding to learning to forwarding).
  • Page 125 PANNING LGORITHM ONFIGURATION information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. • Root Hold Time* –...

  • Page 126: Configuring Global Settings

    ONFIGURING THE WITCH CLI – This command displays global STA settings, followed by settings for each port. Console#show spanning-tree 3-118 Spanning-tree information -------------------------------------------------------------- Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.)
  • Page 127 PANNING LGORITHM ONFIGURATION • STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs. •...
  • Page 128 ONFIGURING THE WITCH Root Device Configuration • Hello Time – Interval (in seconds) at which this device transmits a configuration message. - Default: 2 - Minimum: 1 - Maximum: The lower of 10 or [(Max. Message Age / 2) -1] •...
  • Page 129 PANNING LGORITHM ONFIGURATION Advanced Configuration Settings for RSTP • Path Cost Method – The path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface. - Long: Specifies 32-bit based values that range from 1-200,000,000.

  • Page 130: Displaying Interface Settings

    ONFIGURING THE WITCH CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes. Console(config)#spanning-tree 3-105 Console(config)#spanning-tree mode stp 3-106 Console(config)#spanning-tree priority 40000 3-109 Console(config)#spanning-tree hello-time 5 3-108 Console(config)#spanning-tree max-age 38 3-108 Console(config)#spanning-tree forward-time 20 3-107 Console(config)#spanning-tree pathcost method long 3-110 Console(config)#spanning-tree transmission-limit 5 3-111...
  • Page 131 PANNING LGORITHM ONFIGURATION - All ports are discarding when the switch is booted, then some of them change state to learning, and then to forwarding. • Forward Transitions – The number of times this port has changed from the Learning state to the Forwarding state. •...
  • Page 132 ONFIGURING THE WITCH • Port Role – Roles are assigned according to whether the port is part of the active spanning tree topology: - Root: The port is connecting the bridge to the root bridge. - Designated: The port is connecting a LAN through the bridge to the root bridge.
  • Page 133 PANNING LGORITHM ONFIGURATION • Admin Link Type – The link type attached to this interface. - Point-to-Point – A connection to exactly one other bridge. - Shared – A connection to two or more bridges. - Auto – The switch automatically determines if the interface is attached to a point-to-point link or to shared media.

  • Page 134: Configuring Interface Settings

    ONFIGURING THE WITCH CLI – This example shows general STA configuration and attributes for all ports. Console#show spanning-tree ethernet 1/5 3-118 Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.)
  • Page 135 PANNING LGORITHM ONFIGURATION connection, and edge port to indicate if the attached device can support fast forwarding. (References to “ports” in this section means “interfaces,” which includes both ports and trunks.) Command Attributes The following attributes are read-only and cannot be changed: •...
  • Page 136 ONFIGURING THE WITCH • Path Cost – This parameter is used by the STP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
  • Page 137 PANNING LGORITHM ONFIGURATION • Migration – If at any time the switch detects STP BPDUs, including Configuration or Topology Change Notification BPDUs, it will automatically set the selected interface to forced STP-compatible mode. However, you can also use the Protocol Migration button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the selected interfaces.

  • Page 138: Vlan Configuration

    ONFIGURING THE WITCH VLAN Configuration Overview In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.

  • Page 139: Assigning Ports To Vlans

    VLAN C ONFIGURATION • End stations can belong to multiple VLANs • Passing traffic between VLAN-aware and VLAN-unaware devices • Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports.
  • Page 140 ONFIGURING THE WITCH Untagged VLANs – Untagged (or static) VLANs are typically used to reduce broadcast traffic and to increase security. A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch. Packets are forwarded only between ports that are designated for the same VLAN.

  • Page 141: Forwarding Tagged/Untagged Frames

    VLAN C ONFIGURATION Members to VLANs (VLAN Index)” on page 2-115). But you can still enable GVRP on these edge switches, as well as on the core switches in the network. Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN.

  • Page 142: Displaying Basic Vlan Information

    ONFIGURING THE WITCH Web – Click System, Bridge Extension Configuration. Enable or disable GVRP, click Apply. CLI – This example enables GVRP for the switch. Console(config)#bridge-ext gvrp 3-142 Console(config)# Displaying Basic VLAN Information The VLAN Basic Information page displays basic information on the VLAN type supported by the switch.

  • Page 143: Displaying Current Vlans

    VLAN C ONFIGURATION Web – Click VLAN, 802.1Q VLAN, Basic Information. CLI – Enter the following command. Console#show bridge-ext 3-143 Max support vlan numbers: 255 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No...
  • Page 144 ONFIGURING THE WITCH • Egress Ports – Shows all the VLAN port members. • Untagged Ports – Shows the untagged VLAN port members. Web – Click VLAN, 802.1Q VLAN, Current Table. Select any ID from the scroll-down list. Command Attributes (CLI) •...

  • Page 145: Creating Vlans

    VLAN C ONFIGURATION • Name – Name of the VLAN (1 to 32 characters). • Status – Shows if this VLAN is enabled or disabled. - Active: VLAN is operational. - Suspend: VLAN is suspended; i.e., does not pass packets. •...
  • Page 146 ONFIGURING THE WITCH • Status (Web) – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended; i.e., does not pass packets. • State (CLI) – Enables or disables the specified VLAN. - Active: VLAN is operational. - Suspend: VLAN is suspended;...

  • Page 147: Adding Static Members To Vlans (Vlan Index)

    VLAN C ONFIGURATION CLI – This example creates a new VLAN. 3-121 Console(config)#vlan database 3-122 Console(config)#vlan 2 name R&D media ethernet state active Console(config)#end 3-130 Console#show vlan VLAN Type Name Status Ports/Channel groups ---- ------- ---------------- -------- --------------------------------- Static DefaultVlan Active Eth1/ 1 Eth1/ 2 Eth1/ 3 Eth1/ 4 Eth1/5 Eth1/ 6 Eth1/ 7 Eth1/ 8 Eth1/ 9 Eth1/10...
  • Page 148 ONFIGURING THE WITCH Command Attributes • VLAN – ID of configured VLAN (1-4094, no leading zeroes). • Name – Name of the VLAN (1 to 32 characters). • Status – Enables or disables the specified VLAN. - Enable: VLAN is operational. - Disable: VLAN is suspended;...

  • Page 149: Adding Static Members To Vlans (Port Index)

    VLAN C ONFIGURATION Web – Click VLAN, 802.1Q VLAN, Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks.

  • Page 150: Configuring Vlan Behavior For Interfaces

    ONFIGURING THE WITCH • Non-Member – VLANs for which the selected interface is not a tagged member. Web – Open VLAN, 802.1Q VLAN, Static Membership by Port. Select an interface from the scroll-down box (Port or Trunk). Click Query to display membership information for the interface.
  • Page 151 VLAN C ONFIGURATION Command Usage • GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. • GARP – Group Address Registration Protocol is used by GVRP to register or deregister client attributes for client services within a bridged LAN.
  • Page 152 ONFIGURING THE WITCH • Ingress Filtering – If ingress filtering is enabled, incoming frames for VLANs which do not include this ingress port in their member set will be discarded at the ingress port. (Default: Disabled) - Ingress filtering only affects tagged frames. - If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member, these frames will be flooded to all other ports (except for those VLANs explicitly forbidden on...
  • Page 153 VLAN C ONFIGURATION • GARP LeaveAll Timer* – The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group. This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group.

  • Page 154: Private Vlans

    ONFIGURING THE WITCH CLI – This example sets port 1 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid. Console(config)#interface ethernet 1/1 Console(config-if)#switchport acceptable-frame-types tagged 3-125 Console(config-if)#switchport ingress-filtering...

  • Page 155: Displaying Current Private Vlans

    VLAN RIVATE To configure private VLANs, follow these steps: 1. Use the Private VLAN Configuration menu (page 2-124) to designate one or more isolated and community VLANs, and the primary VLAN that will channel traffic outside of the VLAN groups. 2.

  • Page 156: Configuring Private Vlans

    ONFIGURING THE WITCH Web – Click VLAN, Private VLAN, Information. Select the desired port from the VLAN ID drop-down menu. CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as host ports and are associated with VLAN 6.
  • Page 157 VLAN RIVATE Command Attributes • VLAN ID – ID of configured VLAN (1-4094, no leading zeroes). • Type – There are three types of VLANs within a private VLAN: - Primary VLANs - Conveys traffic between promiscuous ports, and to community ports within secondary VLANs. - Isolated VLANs - Conveys traffic only between the VLAN’s isolated ports and promiscuous ports.

  • Page 158: Associating Vlans

    ONFIGURING THE WITCH Associating VLANs Each community or isolated VLAN must be associated with a primary VLAN. Command Attributes • Primary VLAN ID – ID of primary VLAN (1-4094, no leading zeroes). • Association – Community or isolated VLANs associated with the selected primary VLAN.

  • Page 159: Displaying Private Vlan Interface Information

    VLAN RIVATE CLI – This example associates community VLANs 6 and 7 with primary VLAN 5. Console(config)#vlan database 3-121 Console(config-vlan)#private-vlan 5 association 6 3-133 Console(config-vlan)#private-vlan 5 association 7 Console(config)# Displaying Private VLAN Interface Information Use the VLAN Port Information and VLAN Trunk Information menus to display the interfaces associated with private VLANs.

  • Page 160: Configuring Private Vlan Interfaces

    ONFIGURING THE WITCH Web – Click VLAN, Private VLAN, Port Information or Trunk Information. CLI – This example shows the switch configured with primary VLAN 5 and secondary VLAN 6. Port 3 has been configured as a promiscuous port and mapped to VLAN 5, while ports 4 and 5 have been configured as host ports and associated with VLAN 6.
  • Page 161 VLAN RIVATE Command Attributes • Port/Trunk – The switch interface. • PVLAN Port Type – Sets the private VLAN port types. - Normal – The port is not configured into a private VLAN. - Host – The port is a community port and can only communicate with other ports in its own community VLAN, and with the designated promiscuous port(s).
  • Page 162 ONFIGURING THE WITCH Web – Click VLAN, Private VLAN, Port Configuration or Trunk Configuration. Set the PVLAN Port Type for each port that will join a private VLAN. For promiscuous ports, set the associated primary VLAN. For host ports, set the associated secondary VLAN. For isolated ports, set the associated isolated VLAN.

  • Page 163: Class Of Service Configuration

    LASS OF ERVICE ONFIGURATION Class of Service Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four egress (output) queues for each port.
  • Page 164 ONFIGURING THE WITCH Command Attributes • Default Priority (0-7)* – The priority that is assigned to untagged frames received on the specified interface. (Range: 0 - 7, Default: 0) • Number of Egress Traffic Classes – The number of queue buffers provided for each port.

  • Page 165: Mapping Cos Values To Egress Queues

    LASS OF ERVICE ONFIGURATION Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by using four egress queues for each port, with service schedules based on Weighted Round Robin (WRR). Up to 8 separate traffic priorities are defined in IEEE 802.1p.
  • Page 166 ONFIGURING THE WITCH The priority levels recommended in the IEEE 80.1p standard for various network applications are shown in the following table. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network. Priority Level Traffic Type Background...
  • Page 167 LASS OF ERVICE ONFIGURATION Web – Click Priority, Traffic Classes. Mark an interface and click Select to display the current mapping of CoS values to output queues. Assign priorities to the traffic classes (i.e., output queues) for the selected interface, then click Apply. CLI –...

  • Page 168: Selecting The Queue Mode

    ONFIGURING THE WITCH Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.

  • Page 169: Setting The Service Weight For Traffic Classes

    LASS OF ERVICE ONFIGURATION Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each egress queue. As described in “Mapping CoS Values to Egress Queues” on page 2-133, the traffic classes are mapped to one of the four egress queues provided for each port.

  • Page 170: Mapping Layer 3/4 Priorities To Cos Values

    ONFIGURING THE WITCH CLI – The following example shows how to assign WRR weights of 1, 4, 16 and 64 to the CoS priority queues 0, 1, 2 and 3. Console(config)#queue bandwidth 1 4 16 64 3-191 Console(config)#exit Console#show queue bandwidth 3-194 Queue ID Weight -------- ------...

  • Page 171: Selecting Ip Precedence/Dscp Priority

    LASS OF ERVICE ONFIGURATION Selecting IP Precedence/DSCP Priority The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes • Disabled – Disables both priority services. (This is the default setting.) •...

  • Page 172: Mapping Ip Precedence

    ONFIGURING THE WITCH Mapping IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth).
  • Page 173 LASS OF ERVICE ONFIGURATION Web – Click Priority, IP Precedence Priority. Select a port or trunk from the Interface field. Select an entry from the IP Precedence Priority Table, enter a value in the Class of Service Value field, and then click Apply. *Mapping specific values for IP Precedence is implemented as an interface configuration command, but any changes will apply to the all interfaces on the switch.

  • Page 174: Mapping Dscp Priority

    ONFIGURING THE WITCH Mapping DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, and it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping.
  • Page 175 LASS OF ERVICE ONFIGURATION Web – Click Priority, IP DSCP Priority. Select a port or trunk from the Interface field. Select an entry from the DSCP table, enter a value in the Class of Service Value field, then click Apply. *Mapping specific values for IP Precedence is implemented as an interface configuration command, but any changes will apply to all interfaces on the switch.

  • Page 176: Mapping Ip Port Priority

    ONFIGURING THE WITCH CLI – The following example globally enables DSCP Priority service on the switch, maps DSCP value 1 to CoS value 0 on port 5, and then displays all the DSCP Priority settings. Console(config)#map ip dscp 3-199 Console(config)#interface ethernet 1/5 Console(config-if)#map ip dscp 1 cos 0 3-200 Console(config-if)#end...
  • Page 177 LASS OF ERVICE ONFIGURATION • Class of Service Value – Sets a CoS value for a new IP port. Note that “0” represents low priority and “7” represent high priority. Note: IP Port Priority settings apply to all interfaces. Web – Click Priority, IP Port Priority Status. Set IP Port Priority Global Status to Enabled.

  • Page 178: Acl Cos Mapping

    ONFIGURING THE WITCH CLI – The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS value 0, and then displays all the IP Port Priority settings for that port. Console(config)#map ip port 3-195 Console(config)#interface ethernet 1/5 Console(config-if)#map ip port 80 cos 0...

  • Page 179: Multicast Filtering

    ULTICAST ILTERING Web – Click Priority, ACL CoS Mapping. Enable mapping for any port, select an ACL from the scroll-down list, then click Apply. CLI – This example assigns a CoS value of zero to packets matching rules within the specified ACL on port 25. Console(config)#interface ethernet 1/25 Console(config-if)#map access-list ip bill cos 0 3-180...

  • Page 180: Configuring Igmp Snooping Parameters

    ONFIGURING THE WITCH sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service. This procedure is called multicast filtering. The purpose of IP multicast filtering is to optimize a switched network’s performance, so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers/switches, instead of flooding traffic to all ports in the subnet (VLAN).
  • Page 181 ULTICAST ILTERING Note: Multicast routers use this information, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. Command Attributes • IGMP Status — When enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic. This is also referred to as IGMP Snooping.
  • Page 182 ONFIGURING THE WITCH Notes: 1. All systems on the subnet must support the same version. 2. Some attributes are only enabled for IGMPv2, including IGMP Report Delay and IGMP Query Timeout. Web – Click IGMP Snooping, IGMP Configuration. Adjust the IGMP settings as required, and then click Apply.

  • Page 183: Interfaces Attached To A Multicast Router

    ULTICAST ILTERING Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP, to support IP multicasting across the Internet. These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch.

  • Page 184: Specifying Interfaces Attached To A Multicast Router

    ONFIGURING THE WITCH CLI – This example shows that Port 11 has been statically configured as a port attached to a multicast router. Console#show ip igmp snooping mrouter vlan 1 3-214 VLAN M'cast Router Port Type ---- ------------------ ------- Eth 1/11 Static Specifying Interfaces Attached to a Multicast Router Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier.

  • Page 185: Displaying Port Members Of Multicast Services

    ULTICAST ILTERING Web – Click IGMP Snooping, Static Multicast Router Port Configuration. Specify the interfaces attached to a multicast router, indicate the VLAN which will forward all the corresponding multicast traffic, and then click Add. After you have completed adding interfaces to the list, click Apply. CLI –...

  • Page 186: Adding Multicast Addresses To Vlans

    ONFIGURING THE WITCH Web – Click IGMP Snooping , IP Multicast Registration Table. Select the VLAN ID and multicast IP address. The switch will display all the ports that are propagating this multicast service. CLI – This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresponding services.
  • Page 187 ULTICAST ILTERING Command Usage • Static multicast addresses are never aged out. • When a multicast address is assigned to specific VLAN, the corresponding traffic can only be forwarded to ports within that VLAN. Command Attributes • Interface – Activates the Port or Trunk scroll down list. •...
  • Page 188 ONFIGURING THE WITCH CLI – This example assigns a multicast address to VLAN 1, and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224.0.0.12 ethernet 1/12 3-206 Console(config)#exit Console#show mac-address-table multicast vlan 1 3-208 VLAN M'cast IP addr.

  • Page 189: Command Line Interface

    HAPTER OMMAND NTERFACE This chapter describes how to use the Command Line Interface (CLI). Using the Command Line Interface Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt.

  • Page 190: Telnet Connection

    OMMAND NTERFACE After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the SMC6724AL2 is opened. To end the CLI session, enter [Exit]. Console# Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address.

  • Page 191: Entering Commands

    NTERING OMMANDS After you configure the switch with an IP address, you can open a Telnet session by performing these steps. 1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2.

  • Page 192: Minimum Abbreviation

    OMMAND NTERFACE interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port. You can enter commands as follows: • To enter a simple command, enter the command keyword. • To enter multiple commands, enter each command in the required order.

  • Page 193: Showing Commands

    NTERING OMMANDS Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, Interface, Line, or VLAN Database).

  • Page 194: Partial Keyword Lookup

    OMMAND NTERFACE Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.”...

  • Page 195: Exec Commands

    NTERING OMMANDS The command classes and associated modes are displayed in the following table: Class Mode Exec Normal Privileged Configuration Global* Interface Line VLAN Database * You must be in Privileged Exec mode to access any of the configuration modes. You must be in Global Configuration mode to access any of the other configuration modes.

  • Page 196: Configuration Commands

    OMMAND NTERFACE Username: guest Password: [system login password] CLI session with the SMC6724AL2 is opened. To end the CLI session, enter [Exit]. Console#enable Password: [privileged level password if so configured] Console# Configuration Commands Configuration commands are privileged level commands used to modify switch settings.

  • Page 197: Command Line Processing

    NTERING OMMANDS • VLAN Configuration - Includes the command to create VLAN groups. To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands.

  • Page 198: Command Groups

    OMMAND NTERFACE followed by the “?” character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing: Keystroke Function Ctrl-A Shifts cursor to start of command line. Ctrl-B Shifts cursor to the left one character. Ctrl-E Shifts cursor to end of command line.
  • Page 199 OMMAND ROUPS Command Description Page Group Line Sets communication parameters for the serial port, 3-75 including baud rate and console time-out Interface Configures the connection parameters for all 3-85 Ethernet ports, aggregated links, and VLANs Address Table Configures the address table for filtering specified 3-100 addresses, displaying current entries, clearing the table, or setting the aging time...

  • Page 200: General Commands

    OMMAND NTERFACE The access mode shown in the following tables is indicated by these abbreviations: NE (Normal Exec) IC (Interface Configuration) PE (Privileged Exec) LC (Line Configuration) GC (Global Configuration) VC (VLAN Database Configuration) General Commands Command Function Mode Page enable Activates privileged mode 3-12...

  • Page 201: Disable

    ENERAL OMMANDS Syntax enable [level] level - Privilege level to log into the device. The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. Enter level 15 to access Privileged Exec mode. Default Setting Level 15 Command Mode Normal Exec Command Usage •...

  • Page 202: Configure

    OMMAND NTERFACE Default Setting None Command Mode Privileged Exec Command Usage The “>” character is appended to the end of the prompt to indicate that the system is in normal access mode. Example Console#disable Console> Related Commands enable (3-12) configure Use this command to activate Global Configuration mode.

  • Page 203: Show History

    ENERAL OMMANDS Related Commands end (3-17) show history Use this command to show the contents of the command history buffer. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands.

  • Page 204: Reload

    OMMAND NTERFACE in any of the configuration modes. In this example, the !2 command repeats the second command in the Execution history buffer (config). Console#!2 Console#config Console(config)# reload Use this command to restart the system. Note: When the system is restarted, it will always run the Power-On Self-Test.

  • Page 205: Prompt

    ENERAL OMMANDS prompt Use this command to customize the CLI prompt. Use the no form to revert to the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the command prompt. (Maximum length: 255 characters) Default Setting Console Command Mode...

  • Page 206: Exit

    OMMAND NTERFACE exit Use this command to return to the previous configuration mode or exit the configuration program. Default Setting None Command Mode Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session...
  • Page 207 LASH OMMANDS Example This example shows how to quit a CLI session: Console#quit Press ENTER to start session User Access Verification Username: Flash/File Commands These commands are used to manage the system code or configuration files. Command Function Mode Page copy Copies a code image or a switch configuration 3-19...
  • Page 208 OMMAND NTERFACE Syntax copy file {file | running-config | startup-config | tftp} copy running-config {file | startup-config | tftp} copy startup-config {file | running-config | tftp} copy tftp {file | running-config | startup-config} copy tftp {file | running-config | startup-config | https-certificate} •...

  • Page 209: Flash/File Commands

    LASH OMMANDS • To replace the startup configuration, you must use startup-config as the destination. • The Boot ROM image cannot be uploaded or downloaded from the TFTP server. You must use a direct console connection and access the download menu during a boot up to download the Boot ROM (or diagnostic) image.

  • Page 210: Delete

    OMMAND NTERFACE delete Use this command to delete a file or image. Syntax delete filename filename - Name of the configuration file or image name. Default Setting None Command Mode Privileged Exec Command Usage • If the file type is used for system startup, then this file cannot be deleted.

  • Page 211: Dir

    LASH OMMANDS Use this command to display a list of files in flash memory. Syntax dir [boot-rom | config | opcode [:filename]] The type of file or image to display includes: • boot-rom - Boot ROM (or diagnostic) image file •...

  • Page 212: Whichboot

    OMMAND NTERFACE Example Console#dir file name file type startup size (byte) -------------------------------- -------------- ------- ----------- LEO_X_Diag_v2.0.1.0.bix Boot-Rom image 169912 LEO_X_SMC_V2042.bix Operation Code 1319328 Factory_Default_Config.cfg Config File 2665 startup Config File 2835 ------------------------------------------------------------------- Total free space: 5505024 Console# whichboot Use this command to display which files were booted when the system powered up.

  • Page 213: Boot System

    LASH OMMANDS boot system Use this command to specify the file or image used to start up the system. Syntax boot system {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom - Boot ROM •...

  • Page 214: System Management Commands

    OMMAND NTERFACE System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information. Command Function Mode Page Device Designation Command hostname Specifies the host name for the switch 3-28 snmp-server Sets the system contact string...
  • Page 215 YSTEM ANAGEMENT OMMANDS Command Function Mode Page show Displays the configuration data currently in 3-40 running-config show system Displays system information 3-41 show users Shows all active console and Telnet sessions, 3-42 including user name, idle time, and IP address of Telnet client show version Displays version information for the system NE,...

  • Page 216: Hostname

    OMMAND NTERFACE hostname Use this command to specify or modify the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode...

  • Page 217: Enable Password

    YSTEM ANAGEMENT OMMANDS • The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. • nopassword - No password is required for this user to log in. • {0 | 7} - 0 means plain password, 7 means encrypted password. •...
  • Page 218 OMMAND NTERFACE Syntax enable password [level level] {0 | 7} password no enable password [level level] • level level - Level 15 for Privileged Exec. (Levels 0-14 are not used.) • {0 | 7} - 0 means plain password, 7 means encrypted password. •...

  • Page 219: Logging On

    YSTEM ANAGEMENT OMMANDS logging on Use this command to control logging of error messages. This command sends debug or error messages to a logging process. The no form disables the logging process. Syntax logging on no logging on Default Setting None Command Mode Global Configuration...

  • Page 220: Default Setting

    OMMAND NTERFACE Syntax logging history {flash | ram} level no logging history {flash | ram} • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). •...

  • Page 221: Logging Host

    YSTEM ANAGEMENT OMMANDS Example Console(config)#logging history ram 0 Console(config)# logging host Use this command to add a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax logging host host_ip_address no logging host host_ip_address host_ip_address - The IP address of a syslog server.

  • Page 222: Logging Facility

    OMMAND NTERFACE logging facility Use this command to set the facility type for remote logging of syslog messages. Use the no form to return the type to the default. Syntax logging facility type no logging facility type type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service.

  • Page 223: Logging Trap

    YSTEM ANAGEMENT OMMANDS logging trap Use this command to limit syslog messages saved to a remote server based on severity. Use the no form to return the remote logging of syslog messages to the default level. Syntax logging trap level no logging trap level level - One of the level arguments listed below.

  • Page 224: Clear Logging

    OMMAND NTERFACE Example Console(config)#logging trap 4 Console(config)# clear logging Use this command to clear messages from the log buffer. Syntax clear logging [flash | ram] • flash - Event history stored in flash memory (i.e., permanent memory). • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
  • Page 225 YSTEM ANAGEMENT OMMANDS • ram - Event history stored in temporary RAM (i.e., memory flushed on power reset). • trap - Messages sent to remote syslog servers. Default Setting None Command Mode Privileged Exec Command Usage This command shows the following information: •...

  • Page 226: Show Startup-Config

    OMMAND NTERFACE show startup-config Use this command to display the configuration file stored in non-volatile memory that is used to start up the system. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show running-config command to compare the information in running memory to the information stored in non-volatile memory.

  • Page 227: Related Commands

    YSTEM ANAGEMENT OMMANDS Example Console#show startup-config building startup-config, please wait..username admin access-level 15 username admin password 0 admin username guest access-level 0 username guest password 0 guest enable password level 15 0 super snmp-server community public ro snmp-server community private rw vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1/1...

  • Page 228: Show Running-Config

    OMMAND NTERFACE show running-config Use this command to display the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use this command in conjunction with the show startup-config command to compare the information in running memory to the information stored in non-volatile memory.

  • Page 229: Show System

    YSTEM ANAGEMENT OMMANDS Example Console#show running-config building running-config, please wait..snmp-server community private rw snmp-server community public ro username admin access-level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access-level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database vlan 1 name DefaultVlan media ethernet state active interface ethernet 1/1...

  • Page 230: Show Users

    • The POST results should all display “PASS.” If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System description: TigerSwitch 10/100 6724AL2 System OID string: 1.3.6.1.4.1.202.20.31 System information System Up time: 0 days, 1 hours, 1 minutes, and 1.93 seconds...

  • Page 231: Show Version

    YSTEM ANAGEMENT OMMANDS Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users Username accounts: Username Privilege -------- --------- guest admin Online users: Line Username Idle time (h:m:s) Remote IP addr.

  • Page 232: Web Server Commands

    OMMAND NTERFACE Example Console#show version Unit1 Serial number :1111111111 Service tag Hardware version :R0A Module A type :not present Module B type :not present Number of ports Main power status Redundant power status :not present Agent(master) Unit id Loader version :2.1.0.0 Boot rom version :2.0.0.7...

  • Page 233: Ip Http Port

    ERVER OMMANDS ip http port Use this command to specify the TCP port number used by the Web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default Setting Command Mode...

  • Page 234: Ip Http Secure-Server

    OMMAND NTERFACE Example Console(config)#ip http server Console(config)# Related Commands ip http port (3-45) ip http secure-server Use this command to enable the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s Web interface. Use the no form to disable this function.

  • Page 235: Ip Http Secure-Port

    ERVER OMMANDS • The client and server establish a secure encrypted connection. A padlock icon should appear in the status bar for Internet Explorer 5.x and Netscape Navigator 4.x or later versions. • The following Web browsers and operating systems currently support HTTPS: Web Browser Operating System...

  • Page 236: Secure Shell Commands

    OMMAND NTERFACE Default Setting Command Mode Global Configuration Command Usage • You cannot configure the HTTP and HTTPS servers to use the same port. • If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https://device:port_number Example...

  • Page 237: Ip Ssh Server

    ECURE HELL OMMANDS station clients, and ensures that data traveling over the network arrives unaltered. This section describes the commands used to configure the SSH server. However, note that you also need to install a SSH client on the management station when using this protocol to configure the switch. Note:The switch supports only SSH Version 1.5.

  • Page 238: Ip Ssh

    OMMAND NTERFACE • The SSH server uses RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption. Example Console(config)#ip ssh server Console(config)# Related Commands show ssh (3-52)

  • Page 239: Show Ip Ssh

    ECURE HELL OMMANDS Example Console(config)#ip ssh timeout 60 Console(config)#ip ssh authentication-retires 2 Console(config)# Related Commands show ip ssh (3-51) show ip ssh Use this command to display the connection settings used when authenticating client access to the Secure Shell (SSH) server. Command Mode Privileged Exec Example...

  • Page 240: Show Ssh

    OMMAND NTERFACE Example Console#disconnect ssh 0 Console# Related Commands show users (3-42) show ssh Use this command to display the current Secure Shell (SSH) server connections. Command Mode Privileged Exec Example Console#show ssh Information of secure shell Session Username Version Encrypt method Negotiation state ------- -------- ------- -------------- ----------------- admin cipher-3des...

  • Page 241: Port Security

    ECURE HELL OMMANDS Port Security Use this command to enable and configure port security on a port. Use the no form to disable port security and reset the maximum addresses to the default. Syntax port security [max-mac-count address-number] no port security [max-mac-count] address-number - Sets the maximum number of MAC addresses that can be learned on a port.

  • Page 242: Sntp Commands

    OMMAND NTERFACE • A secure port has the following restrictions: - Cannot be connected to a network interconnection device. - Cannot be a member of a static trunk. - It can be configured as an LACP trunk port, but the switch does not allow the LACP trunk to be enabled.

  • Page 243: Sntp Client

    SNTP C OMMANDS sntp client Use this command to enable SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp servers command. Use the no form of this command to disable SNTP client requests. Syntax [no] sntp client Default Setting...

  • Page 244: Sntp Server

    OMMAND NTERFACE sntp server Use this command to set the IP address of the servers to which SNTP time requests are issued. Use this command with no arguments to clear all time servers from the current list. Syntax sntp server [ip1 [ip2 [ip3]]] ip - IP address of a time server (NTP or SNTP).

  • Page 245: Sntp Broadcast Client

    SNTP C OMMANDS Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode Global Configuration Command Usage This command is only applicable when the switch is set to SNTP client mode.

  • Page 246: Clock Timezone

    OMMAND NTERFACE Example Console#show sntp Current time: Dec 23 05:13:28 2002 Poll interval: 16 Current mode: unicast Console# clock timezone Use this command to set the time zone for the switch’s internal clock. Syntax clock timezone name hour hours minute minutes {before-utc | after-utc} •...

  • Page 247: Calendar Set

    SNTP C OMMANDS Related Commands show sntp (3-58) calendar set Use this command to set the system clock. Syntax calendar set hour min sec {day month year | month day year} • hour - Hour in 24-hour format. (Range: 0 - 23) •...

  • Page 248: Snmp Commands

    OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Example Console#show calendar set 15:12:34 February 1 2004 Console# SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers.

  • Page 249: Snmp-Server Contact

    SNMP C OMMANDS Syntax snmp-server community string [ro|rw] no snmp-server community string • string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 32 characters, case sensitive; Maximum number of strings: 5) •...

  • Page 250: Snmp-Server Location

    OMMAND NTERFACE Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server contact Paul Console(config)# Related Commands snmp-server location (3-63) snmp-server location Use this command to set the system location string.

  • Page 251: Snmp-Server Host

    SNMP C OMMANDS Example Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact (3-63) snmp-server host Use this command to specify the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host. Syntax snmp-server host {host-addr community-string} [version 1 | 2c] no snmp-server host host-addr •...

  • Page 252: Snmp-Server Enable Traps

    OMMAND NTERFACE notifications are sent. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server host command. In order to enable multiple hosts, you must issue a separate snmp-server host command for each host. •...

  • Page 253: Show Snmp

    SNMP C OMMANDS • link-up-down - Keyword to issue link-up or link-down traps. The link-up-down trap can only be enabled/disabled via the CLI. Default Setting Issue authentication and link-up-down traps. Command Mode Global Configuration Command Usage • If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent.
  • Page 254 OMMAND NTERFACE Command Mode Normal Exec, Privileged Exec Command Usage This command provides information on the community access strings, counter information for SNMP input and output protocol data units, and whether or not SNMP logging has been enabled with the snmp-server enable traps command.

  • Page 255: Ip Interface Commands

    IP I NTERFACE OMMANDS Example Console#show snmp SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege is read-write 2. public, and the privilege is read-only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables...

  • Page 256: Ip Address

    OMMAND NTERFACE Command Function Mode Page ip address Sets the IP address for the current interface 3-69 ip dhcp restart Submits a BOOTP or DCHP client request 3-70 Defines the default gateway through which an 3-71 default-gateway in-band management station can reach this device show ip Displays the IP settings for this device...

  • Page 257: Ip Dhcp Restart

    IP I NTERFACE OMMANDS Command Usage • You must assign an IP address to this device to gain management access over the network. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.

  • Page 258: Ip Default-Gateway

    OMMAND NTERFACE Command Mode Privileged Exec Command Usage • This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command. • DHCP requires the server to reassign the client’s last address if available.

  • Page 259: Show Ip Interface

    IP I NTERFACE OMMANDS Default Setting No static route is established. Command Mode Global Configuration Command Usage A gateway must be defined if the management station is located in a different IP segment. Example The following example defines a default gateway for this device: Console(config)#ip default-gateway 10.1.0.254 Console(config)# Related Commands...

  • Page 260: Ping

    OMMAND NTERFACE show ip redirects Use this command to show the default gateway configured for this device. Default Setting None Command Mode Privileged Exec Example Console#show ip redirects ip default gateway 10.1.0.254 Console# Related Commands ip default-gateway (3-71) ping Use this command to send ICMP echo request packets to another node on the network.
  • Page 261 IP I NTERFACE OMMANDS Command Usage • Use the ping command to see if another site on the network can be reached. • Following are some results of the ping command: -Normal response -The normal response occurs in one to ten seconds, depending on network traffic.

  • Page 262: Line Commands

    OMMAND NTERFACE Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal). Command Function Mode Page...

  • Page 263: Login

    OMMANDS Syntax line {console | vty} • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line. Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as “Vty”...
  • Page 264 OMMAND NTERFACE local - Selects local password checking. Authentication is based on the user name specified with the username command. Default Setting login local Command Mode Line Configuration Command Usage • There are three authentication modes provided by the switch itself at login: -login selects authentication by a single global password as specified by the password line configuration command.

  • Page 265: Password

    OMMANDS password Use this command to specify the password for a line. Use the no form to remove the password. Syntax password {0 | 7} password no password • {0 | 7} - 0 means plain password, 7 means encrypted password •...

  • Page 266: Exec-Timeout

    OMMAND NTERFACE Example Console(config-line)#password 0 secret Console(config-line)# Related Commands login (3-76) password-thresh (3-80) exec-timeout Use this command to set the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout seconds no exec-timeout seconds - Integer that specifies the number of seconds.

  • Page 267: Password-Thresh

    OMMANDS password-thresh Use this command to set the password intrusion threshold which limits the number of failed logon attempts. Use the no form to remove the threshold value. Syntax password-thresh threshold no password-thresh threshold - The number of allowed password attempts. (Range: 1-120;...

  • Page 268: Silent-Time

    OMMAND NTERFACE silent-time Use this command to set the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command. Use the no form to remove the silent time value. Syntax silent-time seconds no silent-time...

  • Page 269: Parity

    OMMANDS • 7 - Seven data bits per character. • 8 - Eight data bits per character. Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity.

  • Page 270: Speed

    OMMAND NTERFACE Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting. Example To specify no parity, enter this command: Console(config-line)#parity none Console(config-line)# speed Use this command to set the terminal line's baud rate.

  • Page 271: Stopbits

    OMMANDS Command Usage Set the speed to match the baud rate of the device connected to the serial port. Some baud rates available on devices connected to the port might not be supported. The system indicates if the speed you selected is not supported.

  • Page 272: Interface Commands

    OMMAND NTERFACE Syntax show line [console | vty] • console - Console terminal line. • vty - Virtual terminal for remote console access. Default Setting Shows all lines Command Mode Normal Exec, Privileged Exec Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times...

  • Page 273: Interface

    NTERFACE OMMANDS Command Function Mode Page negotiation Enables autonegotiation of a given interface 3-89 capabilities Advertises the capabilities of a given interface for 3-90 use in autonegotiation flowcontrol Enables flow control on a given interface 3-91 clear counters Clears the statistics on a given interface 3-93 shutdown Disables an interface...

  • Page 274: Description

    OMMAND NTERFACE Default Setting None Command Mode Global Configuration Example To specify the port 25, enter the following command: Console(config)#interface ethernet 1/25 Console(config-if)# description Use this command to add a description to an interface. Use the no form to remove the description. Syntax description string no description...

  • Page 275: Speed-Duplex

    NTERFACE OMMANDS speed-duplex Use this command to configure the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default. Syntax speed-duplex {1000full | 100full | 100half | 10full | 10half} no speed-duplex •...

  • Page 276: Negotiation

    OMMAND NTERFACE Example The following example configures port 5 to 100 Mbps, half-duplex operation. Console(config)#interface ethernet 1/5 Console(config-if)#speed-duplex 100half Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation (3-89) capabilities (3-90) negotiation Use this command to enable autonegotiation for a given interface. Use the no form to disable autonegotiation.

  • Page 277: Capabilities

    NTERFACE OMMANDS Example The following example configures port 11 to use autonegotiation. Console(config)#interface ethernet 1/11 Console(config-if)#negotiation Console(config-if)# Related Commands negotiation (3-89) speed-duplex (3-88) capabilities Use this command to advertise the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capability, or the no form without parameters to restore the default values.

  • Page 278: Flowcontrol

    OMMAND NTERFACE Default Setting • 100BASE-TX: 10half, 10full, 100half, 100full • 1000BASE-T: 10half, 10full, 100half, 100full, 1000full • 1000BASE-SX/LX/LH: 1000full Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage When auto-negotiation is enabled with the negotiation command, the switch will negotiate the best settings for a link based on the capabilities command.
  • Page 279 NTERFACE OMMANDS Default Setting Flow control enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation.

  • Page 280: Clear Counters

    OMMAND NTERFACE clear counters Use this command to clear statistics on an interface. Syntax clear counters interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec...

  • Page 281: Shutdown

    NTERFACE OMMANDS shutdown Use this command to disable an interface. To restart a disabled interface, use the no form. Syntax shutdown no shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved.

  • Page 282: Show Interfaces Status

    OMMAND NTERFACE Default Setting Enabled for all ports Octet-rate limit: 32000 octets per second Command Mode Interface Configuration (Ethernet) Command Usage • When broadcast traffic exceeds the specified threshold, octets above that threshold are dropped. • This command can enable or disable broadcast storm control for the selected interface.
  • Page 283 NTERFACE OMMANDS Default Setting Shows the status for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Displaying Connection Status”...

  • Page 284: Show Interfaces Counters

    OMMAND NTERFACE show interfaces counters Use this command to display interface statistics. Syntax show interfaces counters [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting Shows the counters for all interfaces.

  • Page 285: Show Interfaces Switchport

    NTERFACE OMMANDS Example Console#show interfaces counters ethernet 1/7 Ethernet 1/7 If table stats: Octets input: 30658, Octets output: 196550 Unicast input: 6, Unicast output: 5 Discard input: 0, Discard output: 0 Error input: 0, Error output: 0 Unknown protos input: 0, QLen output: 0 Extended if table stats: Multi-cast input: 0, Multi-cast output: 3064 Broadcast input: 262, Broadcast output: 1...
  • Page 286 OMMAND NTERFACE Default Setting Shows all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. Example This example shows the configuration setting for port 22. Console#show interfaces switchport ethernet 1/22 Information of Eth 1/22 Broadcast threshold: Enabled, 32000 octets/second Lacp status: Disabled...

  • Page 287: Address Table Commands

    DDRESS ABLE OMMANDS Field Description Priority for Indicates the default priority for untagged frames (page untagged traffic 3-189). Gvrp status Shows if GARP VLAN Registration Protocol is enabled or disabled (page 3-140). Allowed Vlan Shows the VLANs this interface has joined, where “(u)” indicates untagged and “(t)”...

  • Page 288: Mac-Address-Table Static

    OMMAND NTERFACE mac-address-table static Use this command to map a static address to a destination port in a VLAN. Use the no form to remove an address. Syntax mac-address-table static mac-address interface interface vlan vlan-id [action] no mac-address-table static mac-address vlan vlan-id •...

  • Page 289: Show Mac-Address-Table

    DDRESS ABLE OMMANDS • Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. •...

  • Page 290: Clear Mac-Address-Table Dynamic

    OMMAND NTERFACE Command Usage • The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: - Learned - Dynamic address entries - Permanent - Static entry - Delete-on-reset - Static entry to be deleted when system is reset •...

  • Page 291: Mac-Address-Table Aging-Time

    DDRESS ABLE OMMANDS mac-address-table aging-time Use this command to set the aging time for entries in the address table. Use the no form to restore the default aging time. Syntax mac-address-table aging-time seconds seconds - Time in number of seconds (10-30000). Default Setting 300 seconds Command Mode...

  • Page 292: Spanning Tree Commands

    OMMAND NTERFACE Spanning Tree Commands This section includes commands that configure the Spanning Tree Algorithm (STA) globally for the switch, and commands that configure STA for the selected interface. Command Function Mode Page spanning-tree Enables the spanning tree protocol 3-106 spanning-tree mode Configures STP or RSTP mode 3-107...

  • Page 293: Spanning-Tree

    PANNING OMMANDS spanning-tree Use this command to enable the Spanning Tree Algorithm globally for the switch. Use the no form to disable it. Syntax spanning-tree no spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.

  • Page 294: Spanning-Tree Mode

    OMMAND NTERFACE spanning-tree mode Use this command to select the spanning tree mode for this switch. Use the no form to restore the default. Syntax spanning-tree mode {stp | rstp} no spanning-tree mode • stp - Spanning Tree Protocol (IEEE 802.1D) •...

  • Page 295: Spanning-Tree Forward-Time

    PANNING OMMANDS Example The following example configures the switch to use the Rapid Spanning Tree Protocol. Console(config)#spanning-tree mode rstp Console(config)# spanning-tree forward-time Use this command to configure the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree forward-time...

  • Page 296: Spanning-Tree Hello-Time

    OMMAND NTERFACE spanning-tree hello-time Use this command to configure the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds, (Range: 1 - 10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].

  • Page 297: Spanning-Tree Priority

    PANNING OMMANDS Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.

  • Page 298: Spanning-Tree Pathcost Method

    OMMAND NTERFACE Command Mode Global Configuration Command Usage Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.

  • Page 299: Spanning-Tree Transmission-Limit

    PANNING OMMANDS Example Console(config)#spanning-tree pathcost method long Console(config)# spanning-tree transmission-limit Use this command to configure the minimum interval between the transmission of consecutive RSTP BPDUs. Use the no form to restore the default. Syntax spanning-tree transmission-limit count no spanning-tree transmission-limit count -The transmission limit in seconds.

  • Page 300: Spanning-Tree Cost

    OMMAND NTERFACE spanning-tree cost Use this command to configure the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost cost - The path cost for the port. (Range: 1-200,000,000)) The recommended range is: •...

  • Page 301: Spanning-Tree Port-Priority

    PANNING OMMANDS Example Console(config)#interface ethernet 1/5 Console(config-if)#spanning-tree cost 50 Console(config-if)# spanning-tree port-priority Use this command to configure the priority for the specified interface. Use the no form to restore the default. Syntax spanning-tree port-priority priority no spanning-tree port-priority priority - The priority for a port. (Range: 0-240, in steps of 16) Default Setting Command Mode Interface Configuration (Ethernet, Port Channel)

  • Page 302: Spanning-Tree Portfast

    OMMAND NTERFACE spanning-tree portfast Use this command to set an interface to fast forwarding. Use the no form to disable fast forwarding. Syntax spanning-tree portfast no spanning-tree portfast Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...

  • Page 303: Spanning-Tree Edge-Port

    PANNING OMMANDS spanning-tree edge-port Use this command to specify an interface as an edge port. Use the no form to restore the default. Syntax spanning-tree edge-port no spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...

  • Page 304: Spanning-Tree Protocol-Migration

    OMMAND NTERFACE spanning-tree protocol-migration Use this command to re-check the appropriate BPDU format to send on the selected interface. Syntax spanning-tree protocol-migration interface interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Command Mode Privileged Exec Command Usage...

  • Page 305: Spanning-Tree Link-Type

    PANNING OMMANDS spanning-tree link-type Use this command to configure the link type for Rapid Spanning Tree. Use the no form to restore the default. Syntax spanning-tree link-type {auto | point-to-point | shared} no spanning-tree link-type • auto - Automatically derived from the duplex mode setting. •...

  • Page 306: Show Spanning-Tree

    OMMAND NTERFACE show spanning-tree Use this command to show the spanning tree configuration. Syntax show spanning-tree [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode Privileged Exec...
  • Page 307 PANNING OMMANDS Example Console#show spanning-tree Spanning-tree information --------------------------------------------------------------- Spanning tree mode :RSTP Spanning tree enable/disable :enable Priority :32768 Bridge Hello Time (sec.) Bridge Max Age (sec.) Bridge Forward Delay (sec.) Root Hello Time (sec.) Root Max Age (sec.) Root Forward Delay (sec.) Designated Root :32768.0000ABCD0000 Current root port...

  • Page 308: Vlan Commands

    OMMAND NTERFACE VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.

  • Page 309: Vlan Database

    VLAN C OMMANDS Command Function Mode Page show interfaces Displays status for the specified VLAN 3-95 status vlan interface show interfaces Displays the administrative and operational 3-98 switchport status of an interface vlan database Use this command to enter VLAN database mode. All commands in this mode will take effect immediately.

  • Page 310: Vlan

    OMMAND NTERFACE vlan Use this command to configure a VLAN. Use the no form to restore the default settings or delete a VLAN. Syntax vlan vlan-id [name vlan-name] media ethernet [state {active | suspend}] no vlan vlan-id [name | state] •...

  • Page 311: Interface Vlan

    VLAN C OMMANDS Example The following example adds a VLAN, using VLAN ID 105 and name RD5. The VLAN is activated by default. Console(config)#vlan database Console(config-vlan)#vlan 105 name RD5 media ethernet Console(config-vlan)# Related Commands show vlan (3-131) interface vlan Use this command to enter interface configuration mode for VLANs, and configure a physical interface.

  • Page 312: Switchport Mode

    OMMAND NTERFACE switchport mode Use this command to configure the VLAN membership mode for a port. Use the no form to restore the default. Syntax switchport mode {trunk | hybrid} no switchport mode • trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN.

  • Page 313: Switchport Acceptable-Frame-Types

    VLAN C OMMANDS switchport acceptable-frame-types Use this command to configure the acceptable frame types for a port. Use the no form to restore the default. Syntax switchport acceptable-frame-types {all | tagged} no switchport acceptable-frame-types • all - The port accepts all frames, tagged or untagged. •...

  • Page 314: Switchport Ingress-Filtering

    OMMAND NTERFACE switchport ingress-filtering Use this command to enable ingress filtering for an interface. Use the no form to restore the default. Syntax switchport ingress-filtering no switchport ingress-filtering Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...

  • Page 315: Switchport Native Vlan

    VLAN C OMMANDS switchport native vlan Use this command to configure the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading zeroes) Default Setting VLAN 1...

  • Page 316: Switchport Allowed Vlan

    OMMAND NTERFACE switchport allowed vlan Use this command to configure VLAN groups on the selected interface. Use the no form to restore the default. Syntax switchport allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list} no switchport allowed vlan •...

  • Page 317: Switchport Forbidden Vlan

    VLAN C OMMANDS • If a VLAN on the forbidden list for an interface is manually added to that interface, the VLAN is automatically removed from the forbidden list for that interface. Example The following example shows how to add VLANs 1, 2, 5 and 6 to the allowed list as tagged VLANs for port 1: Console(config)#interface ethernet 1/1 Console(config-if)#switchport allowed vlan add 1,2,5,6 tagged...

  • Page 318: Show Vlan

    OMMAND NTERFACE Example The following example shows how to prevent port 1 from being added to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport forbidden vlan add 3 Console(config-if)# show vlan Use this command to show VLAN information. Syntax show vlan [id vlan-id | name vlan-name] •...

  • Page 319: Private Vlan Commands

    VLAN C RIVATE OMMANDS Private VLAN Commands Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports three types of private VLAN ports: promiscuous, isolated, and community ports. A promiscuous port can communicate with all interfaces within a private VLAN. An isolated port can only communicate with promiscuous ports within its own VLAN.

  • Page 320: Private-Vlan

    OMMAND NTERFACE 2. Use the private-vlan association command to map the secondary (i.e., isolated or community) VLAN(s) to the primary VLAN. 3. Use the switchport mode private-vlan command to configure ports as promiscuous (i.e., having access to all ports in the primary VLAN), isolated (i.e., having access only to promiscuous ports in its own VLAN), or host (i.e., having access restricted to community VLAN members, and channeling all other traffic through a...

  • Page 321: Private-Vlan Association

    VLAN C RIVATE OMMANDS Command Mode VLAN Configuration Command Usage • Private VLANs are used to restrict traffic to ports within the same VLAN “community,” and channel traffic passing outside the community through promiscuous ports that have been mapped to the associated “primary”...

  • Page 322: Switchport Mode Private-Vlan

    OMMAND NTERFACE Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members. The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN (e.g., servers configured with promiscuous ports) and to resources outside of the primary VLAN (via promiscuous ports).

  • Page 323: Switchport Private-Vlan Host-Association

    VLAN C RIVATE OMMANDS Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage Promiscuous ports assigned to a primary VLAN can communicate with all other promiscuous ports in the same VLAN, as well as with all the ports in the associated secondary VLANs. Example Console(config)#interface ethernet 1/2 Console(config-if)#switchport mode private-vlan promiscuous...

  • Page 324: Switchport Private-Vlan Mapping

    OMMAND NTERFACE Example Console(config)#interface ethernet 1/3 Console(config-if)#switchport private-vlan host-association 3 Console(config)# switchport private-vlan mapping Use this command to map an interface to a primary VLAN. Use the no form to remove this mapping. Syntax switchport private-vlan mapping primary-vlan-id no switchport private-vlan mapping primary-vlan-id –...

  • Page 325: Show Vlan Private-Vlan

    VLAN C RIVATE OMMANDS show vlan private-vlan Use this command to show the private VLAN configuration settings on this switch. Syntax show vlan private-vlan [community | primary] • community – Displays all community VLANs, along with their associate primary VLAN and assigned host interfaces. •...

  • Page 326: Gvrp And Bridge Extension Commands

    OMMAND NTERFACE GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB.

  • Page 327: Switchport Gvrp

    GVRP RIDGE XTENSION OMMANDS switchport gvrp Use this command to enable GVRP for a port. Use the no form to disable Syntax switchport gvrp no switchport gvrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport gvrp Console(config-if)# show gvrp configuration...

  • Page 328: Garp Timer

    OMMAND NTERFACE Example Console#show gvrp configuration ethernet 1/7 Eth 1/ 7: Gvrp configuration: Disabled Console# garp timer Use this command to set the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall}...

  • Page 329: Show Garp Timer

    GVRP RIDGE XTENSION OMMANDS • Timer values must meet the following restrictions: - leave >= (2 x join) - leaveall > leave Note: Set GVRP timers on all Layer 2 devices connected in the same network to the same values. Otherwise, GVRP may not operate successfully.

  • Page 330: Garp Timer

    OMMAND NTERFACE Example Console#show garp timer ethernet 1/1 Eth 1/ 1 GARP timer status: Join timer: 20 centiseconds Leave timer: 60 centiseconds Leaveall timer: 1000 centiseconds Console# Related Commands garp timer (3-141) bridge-ext gvrp Use this command to enable GVRP globally for the switch. Use the no form to disable it.

  • Page 331: Show Bridge-Ext

    GVRP RIDGE XTENSION OMMANDS show bridge-ext Use this command to show the configuration for bridge extension commands. Default Setting None Command Mode Privileged Exec Command Usage See “Displaying Basic VLAN Information” on page 2-110 and “Displaying Bridge Extension Capabilities” on page 2-14 for a description of the displayed items.

  • Page 332: Mirror Port Commands

    OMMAND NTERFACE Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Command Function Mode Page port monitor Configures a mirror session 3-145 show port Shows the configuration for a mirror port 3-146 monitor port monitor...

  • Page 333: Show Port Monitor

    IRROR OMMANDS Command Usage • You can mirror traffic from any source port to a destination port for real-time analysis. You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner.

  • Page 334: Show Port Monitor

    OMMAND NTERFACE Example The following shows mirroring configured from port 6 to port 11: Console(config)#interface ethernet 1/11 Console(config-if)#port monitor ethernet 1/6 Console(config-if)#end Console#show port monitor Port Mirroring ------------------------------------- Destination port(listen port):Eth1/1 Source port(monitored port) :Eth1/6 Mode :RX/TX Console# 3-146...

  • Page 335: Link Aggregation Commands

    GGREGATION OMMANDS Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.

  • Page 336: Channel-Group

    OMMAND NTERFACE • All ports in a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings. • All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN via the specified port-channel.

  • Page 337: Lacp

    GGREGATION OMMANDS Example The following example creates trunk 1 and then adds port 11: Console(config)#interface port-channel 1 Console(config-if)#exit Console(config)#interface ethernet 1/11 Console(config-if)#channel-group 1 Console(config-if)# lacp Use this command to enable 802.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it. Syntax lacp no lacp...
  • Page 338 OMMAND NTERFACE Example The following shows LACP enabled on ports 11 - 13. Because LACP has also been enabled on the ports at the other end of the links, the show interfaces status port-channel 1 command shows that Trunk1 has been established.

  • Page 339: Rate Limit Commands

    IMIT OMMANDS Rate Limit Commands This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network.
  • Page 340 OMMAND NTERFACE • input – Input rate. • output – Output rate. • level – Rate limit level. (Range: 1 - 30) Default Setting Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage Actual rate limit = Rate limit level * Granularity Example Console(config)#interface ethernet 1/1 Console(config-if)#rate-limit input level 10...

  • Page 341: Show Rate-Limit

    IMIT OMMANDS Command Mode Global Configuration (Ethernet, Port Channel) Command Usage Actual Rate limit = Rate limit level * Granularity Example The following sets Fast Ethernet granularity to 1 Mbps, and Gigabit Ethernet granularity to 33.3 Mbps. Console(config)#rate-limit fastethernet granularity 1000 Console(config)#rate-limit gigabitethernet granularity 33300 Console(config-if)# show rate-limit...

  • Page 342: Authentication Commands

    OMMAND NTERFACE Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local, RADIUS, or TACACS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1x. Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS+-aware devices on the...
  • Page 343 UTHENTICATION OMMANDS Command Function Mode Page TACACS+ Client tacacs-server host Specifies the TACACS+ server 3-162 tacacs-server port Specifies the TACACS+ server network 3-162 port tacacs-server key Sets the TACACS+ encryption key 3-163 show tacacs-server Shows the current TACACS+ settings 3-163 Port Authentication authentication dot1x Sets the default authentication server type GC...

  • Page 344: Authentication Login

    OMMAND NTERFACE authentication login Use this command to define the login authentication method and precedence. Use the no form to restore the default. Syntax authentication login {[local] [radius] [tacacs]} no authentication login • local - Use local password only. • radius - Use RADIUS server password only. •...

  • Page 345: Radius-Server Host

    UTHENTICATION OMMANDS • You can specify three authentication methods in a single command to indicate the authentication sequence. For example, if you enter “authentication login radius tacacs local,” the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted on the TACACS+ server.

  • Page 346: Radius-Server Port

    OMMAND NTERFACE radius-server port Use this command to set the RADIUS server network port. Use the no form to restore the default. Syntax radius-server port port_number no radius-server port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535) Default Setting 1812 Command Mode...

  • Page 347: Radius-Server Retransmit

    UTHENTICATION OMMANDS Command Mode Global Configuration Example Console(config)#radius-server key green Console(config)# radius-server retransmit Use this command to set the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server.

  • Page 348: Radius-Server Timeout

    OMMAND NTERFACE radius-server timeout Use this command to set the interval between transmitting authentication requests to the RADIUS server. Use the no form to restore the default. Syntax radius-server timeout number_of_seconds no radius-server timeout number_of_seconds - Number of seconds the switch waits for a reply before resending a request.

  • Page 349: Tacacs-Server Host

    UTHENTICATION OMMANDS tacacs-server host Use this command to specify the TACACS+ server. Use the no form to restore the default. Syntax tacacs-server host host_ip_address no tacacs-server host host_ip_address - IP address of a TACACS+ server. Default Setting 10.11.12.13 Command Mode Global Configuration Example Console(config)#tacacs-server host 192.168.1.25...

  • Page 350: Tacacs-Server Key

    OMMAND NTERFACE Example Console(config)#tacacs-server port 181 Console(config)# tacacs-server key Use this command to set the TACACS+ encryption key. Use the no form to restore the default. Syntax tacacs-server key key_string no tacacs-server key key_string - Encryption key used to authenticate logon access for the client.

  • Page 351: Authentication Dot1X Default

    UTHENTICATION OMMANDS Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with tacacs server: green Server port number: 49 Console authentication dot1x default Sets the default authentication server type. Use the no form to restore the default.

  • Page 352: Dot1X Max-Req

    OMMAND NTERFACE dot1x max-req Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session. Use the no form to restore the default. Syntax dot1x max-req count no dot1x max-req count –...

  • Page 353: Dot1X Re-Authenticate

    UTHENTICATION OMMANDS • force-unauthorized – Configures the port to deny access to all clients, either dot1x-aware or otherwise. Default force-authorized Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x port-control auto Console(config-if)# dot1x re-authenticate Forces re-authentication on all ports or a specific interface. Syntax dot1x re-authenticate [interface] interface...

  • Page 354: Dot1X Re-Authentication

    OMMAND NTERFACE Example Console#dot1x re-authenticate Console# dot1x re-authentication Enables periodic re-authentication globally for all ports. Use the no form to disable re-authentication. Syntax dot1x re-authentication no dot1x re-authentication Command Mode Global Configuration Example Console(config)#dot1x re-authentication Console(config)# dot1x timeout quiet-period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client.

  • Page 355: Dot1X Timeout Re-Authperiod

    UTHENTICATION OMMANDS Example Console(config)#dot1x timeout quiet-period 350 Console(config)# dot1x timeout re-authperiod Sets the time period after which a connected client must be re-authenticated. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod seconds - The number of seconds. (Range: 1-65535) Default 3600 seconds Command Mode...

  • Page 356: Dot1X Timeout Tx-Period

    OMMAND NTERFACE Command Mode Global Configuration Example Console(config)#dot1x timeout tx-period 300 Console(config)# show dot1x Use this command to show general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] interface • ethernet unit/port - unit - This is device 1.
  • Page 357 UTHENTICATION OMMANDS • 802.1X Port Summary – Displays the port access control parameters for each interface, including the following items: -Status – Administrative state for port access control. -Mode – Dot1x port control mode (page 3-165). -Authorized – Authorization status (yes or n/a - not authorized). •...
  • Page 358 OMMAND NTERFACE Example Console#show dot1x Global 802.1X Parameters reauth-enabled: yes reauth-period: quiet-period: tx-period: supp-timeout: server-timeout: 30 reauth-max: max-req: 802.1X Port Summary Port Name Status Mode Authorized disabled ForceAuthorized disabled ForceAuthorized disabled ForceAuthorized enabled Auto 802.1X Port Details 802.1X is disabled on port 1 802.1X is enabled on port 26 Max request Quiet period...
  • Page 359 CCESS ONTROL OMMANDS Access Control List Commands Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or TCP control code) or non-IP frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a specific port.
  • Page 360 OMMAND NTERFACE Command Function Page IP ACLs Configures ACLs based on IP addresses, TCP/UDP 3-173 port number, protocol type, and TCP control code MAC ACLs Configures ACLs based on hardware addresses and 3-183 Ethernet type ACL Information Displays ACLs and associated rules; shows ACLs 3-187 assigned to each port IP ACLs...

  • Page 361: Access Control List Commands

    CCESS ONTROL OMMANDS access-list ip Use this command to add an IP access list and enter configuration mode for standard or extended IP ACLs. Use the no form to remove the specified ACL. Syntax access-list ip {standard | extended} acl_name no access-list ip {standard | extended} acl_name •...

  • Page 362: Permit, Deny (Standard Acl)

    OMMAND NTERFACE Related Commands permit, deny 3-175 ip access-group (3-179) show ip access-list (3-180) permit, deny (Standard ACL) Use this command to add a rule to a Standard IP ACL. The rule sets a filter condition for packets emanating from the specified source. Use the no form to remove a rule.

  • Page 363: Permit, Deny (Extended Acl)

    CCESS ONTROL OMMANDS Example This example configures one permit rule for the specific address 10.1.1.21 and another rule for the address range 168.92.16.x – 168.92.31.x using a bitmask. Console(config-std-acl)#permit host 10.1.1.21 Console(config-std-acl)#permit 168.92.16.0 255.255.240.0 Console(config-std-acl)# Related Commands access-list ip (3-174) permit, deny (Extended ACL) Use this command to add a rule to an Extended IP ACL.
  • Page 364 OMMAND NTERFACE no {permit | deny} {udp} {any | source bitmask | host source} {any | destination bitmask | host destination} [source-port source-port] [destination-port destination-port] • any – Any IP address (source if first field, destination if second field). • source – Source IP address. •...
  • Page 365 CCESS ONTROL OMMANDS • The control-flag bitmask is a decimal number (representing an equivalent bit mask) that is applied to the control code. Enter a decimal number, where the equivalent binary bit “1” means to match a bit and “0” means to ignore a bit. The following bits may be specified: - 1 (fin) –...

  • Page 366: Ip Access-Group

    OMMAND NTERFACE This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-flag 2 2 Console(config-ext-acl)# Related Commands access-list ip (3-174) ip access-group Use this command to bind a port to an IP ACL. Use the no form to remove the port.

  • Page 367: Show Ip Access-Group

    CCESS ONTROL OMMANDS show ip access-group Use this command to show the ports assigned to IP ACLs. Command Mode Privileged Exec Example Console#show ip access-group Interface ethernet 1/25 IP standard access-list david Console# Related Commands ip access-group (3-179) show ip access-list Use this command to display the rules for configured IP ACLs.

  • Page 368: Map Access-List Ip

    OMMAND NTERFACE map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to remove the CoS mapping.

  • Page 369: Show Map Access-List Ip

    CCESS ONTROL OMMANDS show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.) Syntax show map access-list ip [interface] interface •...

  • Page 370: Mac Acls

    OMMAND NTERFACE MAC ACLs Command Function Mode Page access-list mac Creates a MAC ACL and enters 3-183 configuration mode permit, deny Filters packets matching a specified source MAC- 3-184 and destination address and Ethernet type mac access-group Adds a port to a MAC ACL 3-185 show mac Shows port assignments for MAC ACLs...

  • Page 371: Mac Acls

    CCESS ONTROL OMMANDS • To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule. • An ACL can contain up to 32 rules. Example Console(config)#access-list mac jerry Console(config-mac-acl)# Related Commands permit, deny 3-184 mac access-group (3-185)

  • Page 372: Mac Access-Group

    OMMAND NTERFACE Default Setting None Command Mode MAC ACL Command Usage • New rules are added to the end of the list. • The ethertype option can only be used to filter Ethernet II formatted packets. • A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include the following: - 0800 - IP - 0806 - ARP...

  • Page 373: Show Mac Access-Group

    CCESS ONTROL OMMANDS Command Mode Interface Configuration (Ethernet) Command Usage • Note although this is a per-port setting, changes affect all ports. Example Console(config)#interface ethernet 1/2 Console(config-if)#mac access-group jerry in Console(config-if)# Related Commands show mac access-list (3-187) show mac access-group Use this command to show the ports assigned to MAC ACLs.

  • Page 374: Show Mac Access-List

    OMMAND NTERFACE show mac access-list Use this command to display the rules for configured MAC ACLs. Syntax show mac access-list [acl_name] acl_name – Name of the ACL. (Maximum length: 16 characters) Command Mode Privileged Exec Example Console#show mac access-list MAC access-list jerry: permit any 00-e0-29-94-34-de ethertype 0800 Console# Related Commands...

  • Page 375: Show Access-Group

    CCESS ONTROL OMMANDS Example Console#show access-list MAC access-list jerry: permit any 00-30-29-94-34-de ethertype 0800 IP standard access-list david: permit host 10.1.1.21 permit 168.92.0.0 0.0.15.255 IP extended access-list bob: permit 10.7.1.1 0.0.0.255 any permit tcp 192.168.1.0 0.0.0.255 any destination-port 80 permit tcp 192.168.1.0 0.0.0.255 any protocol tcp control-flag 2 2 Console# show access-group Use this command to show the port assignments of ACLs.

  • Page 376: Priority Commands

    OMMAND NTERFACE Priority Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four egress queues for each port.

  • Page 377: Switchport Priority Default

    RIORITY OMMANDS Command Function Mode Page map ip dscp Enables IP DSCP class of service mapping GC 3-200 map ip dscp Maps IP DSCP value to a class of service 3-201 show map ip port Shows the IP port map 3-202 show map ip Shows the IP precedence map...

  • Page 378: Queue Mode

    OMMAND NTERFACE • This switch provides four egress queues (traffic classes) for each port. It is configured to use Weighted Round Robin, which can be viewed with the show queue bandwidth command. Inbound frames that do not have VLAN tags are tagged with the input port’s default ingress user priority, and then placed in the appropriate priority queue at the output port.

  • Page 379: Queue Bandwidth

    RIORITY OMMANDS Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.

  • Page 380: Queue Cos-Map

    OMMAND NTERFACE Example The following example shows how to assign WRR weights of 1, 4, 16 and 24 to the CoS priority queues 0, 1, 2 and 3: Console(config)#queue bandwidth 1 4 16 24 Console(config)# Related Commands show queue bandwidth (3-195) queue cos-map Use this command to assign class of service (CoS) values to the egress queues (i.e., hardware output queues 0 - 3).
  • Page 381 RIORITY OMMANDS Default Setting This switch supports Class of Service by using four egress queues, with Weighted Round Robin queuing for each port. Eight separate priority levels are defined in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table.

  • Page 382: Show Queue Mode

    OMMAND NTERFACE Related Commands show queue cos-map (3-196) show queue mode This command shows the current queue mode. Default Setting None Command Mode Privileged Exec Example Console#show queue mode Queue mode: wrr Console# show queue bandwidth Use this command to display the weighted round-robin (WRR) bandwidth allocation for the priority queues.

  • Page 383: Show Queue Cos-Map

    RIORITY OMMANDS show queue cos-map Use this command to show the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...

  • Page 384: Map Ip Port (Interface Configuration)

    OMMAND NTERFACE Command Mode Global Configuration Command Usage The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. Example The following example shows how to enable TCP/UDP port mapping globally: Console(config)#map ip port Console(config)# map ip port (Interface Configuration) Use this command to set IP port priority (i.e., TCP/UDP port priority).

  • Page 385: Map Ip Precedence (Global Configuration)

    RIORITY OMMANDS Example The following example shows how to map HTTP traffic to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip port 80 cos 0 Console(config-if)# map ip precedence (Global Configuration) Use this command to enable IP precedence mapping (i.e., IP Type of Service).

  • Page 386: Map Ip Precedence (Interface Configuration)

    OMMAND NTERFACE map ip precedence (Interface Configuration) Use this command to set IP precedence priority (i.e., IP Type of Service priority). Use the no form to restore the default table. Syntax map ip precedence ip-precedence-value cos cos-value no map ip precedence •...

  • Page 387: Map Ip Dscp (Global Configuration)

    RIORITY OMMANDS Example The following example shows how to map IP precedence value 1 to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip precedence 1 cos 0 Console(config-if)# map ip dscp (Global Configuration) Use this command to enable IP DSCP mapping (i.e., Differentiated Services Code Point mapping).

  • Page 388: Map Ip Dscp (Interface Configuration)

    OMMAND NTERFACE map ip dscp (Interface Configuration) Use this command to set IP DSCP priority (i.e., Differentiated Services Code Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp •...

  • Page 389: Show Map Ip Port

    RIORITY OMMANDS Example The following example shows how to map IP DSCP value 1 to CoS value 0: Console(config)#interface ethernet 1/5 Console(config-if)#map ip dscp 1 cos 0 Console(config-if)# show map ip port Use this command to show the IP port priority map. Syntax show map ip port [interface] interface...

  • Page 390: Show Map Ip Precedence

    OMMAND NTERFACE show map ip precedence Use this command to show the IP precedence priority map. Syntax show map ip precedence [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...

  • Page 391: Show Map Ip Dscp

    RIORITY OMMANDS show map ip dscp Use this command to show the IP DSCP priority map. Syntax show map ip dscp [interface] interface • ethernet unit/port - unit - This is device 1. - port - Port number. • port-channel channel-id (Range: 1-6) Default Setting None Command Mode...

  • Page 392: Multicast Filtering Commands

    OMMAND NTERFACE Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.

  • Page 393: Ip Igmp Snooping

    ULTICAST ILTERING OMMANDS Command Function Mode Page show ip igmp Shows the IGMP snooping configuration PE 3-208 snooping Multicast Router Commands ip igmp snooping Adds a multicast router port 3-214 vlan mrouter show ip igmp Shows multicast router ports 3-215 snooping mrouter ip igmp snooping Use this command to enable IGMP snooping on this switch.

  • Page 394: Ip Igmp Snooping Vlan Static

    OMMAND NTERFACE ip igmp snooping vlan static Use this command to add a port to a multicast group. Use the no form to remove the port. Syntax ip igmp snooping vlan vlan-id static ip-address interface no ip igmp snooping vlan vlan-id static ip-address interface •...

  • Page 395: Ip Igmp Snooping Version

    ULTICAST ILTERING OMMANDS ip igmp snooping version Use this command to configure the IGMP snooping version. Use the no form to restore the default. Syntax ip igmp snooping version {1 | 2} no ip igmp snooping version • 1 - IGMP Version 1 •...

  • Page 396: Show Mac-Address-Table Multicast

    OMMAND NTERFACE Command Mode Privileged Exec Command Usage See “Configuring IGMP Snooping Parameters” on page 2-74 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Query count: 2 Query interval: 125 sec Query max response time: 10 sec...

  • Page 397: Ip Igmp Snooping Querier

    ULTICAST ILTERING OMMANDS Command Usage Member types displayed include IGMP or USER, depending on selected options. Example The following shows the multicast entries learned through IGMP snooping for VLAN 1: Console#show mac-address-table multicast vlan 1 igmp-snooping VLAN M'cast IP addr. Member ports Type ---- --------------- ------------ ------- 224.1.2.3 Eth1/11...

  • Page 398: Ip Igmp Snooping Query-Count

    OMMAND NTERFACE ip igmp snooping query-count Use this command to configure the query count. Use the no form to restore the default. Syntax ip igmp snooping query-count count no ip igmp snooping query-count count - The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group.

  • Page 399: Ip Igmp Snooping Query-Interval

    ULTICAST ILTERING OMMANDS ip igmp snooping query-interval Use this command to configure the query interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages.

  • Page 400: Ip Igmp Snooping Router-Port-Expire-Time

    OMMAND NTERFACE Command Usage • The switch must be using IGMPv2 for this command to take effect. • This command defines the time after a query, during which a response is expected from a multicast client. If a querier has sent a number of queries defined by the ip igmp snooping query-count, but a client has not responded, a countdown timer is started using an initial value set by this command.

  • Page 401: Ip Igmp Snooping Vlan Mrouter

    ULTICAST ILTERING OMMANDS Command Mode Global Configuration Command Usage The switch must use IGMPv2 for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds: Console(config)#ip igmp snooping query-time-out 300 Console(config)# Related Commands ip igmp snooping version (3-208) ip igmp snooping vlan mrouter Use this command to statically configure a multicast router port.

  • Page 402: Show Ip Igmp Snooping Mrouter

    OMMAND NTERFACE Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your switch, you can manually configure that interface to join all the current multicast groups.
  • Page 403 ULTICAST ILTERING OMMANDS Example The following shows the ports in VLAN 1 which are attached to multicast routers: Console#show ip igmp snooping mrouter vlan 1 VLAN M'cast Router Port Type ---- ------------------- ------- Eth 1/11 Static Console# 3-215...
  • Page 404 OMMAND NTERFACE 3-216...

  • Page 405: Troubleshooting

    PPENDIX ROUBLESHOOTING Troubleshooting Chart Troubleshooting Chart Symptom Action Cannot connect using • Be sure to have configured the agent with a valid IP Telnet, Web browser, address, subnet mask and default gateway. or SNMP software • If you are trying to connect to the agent via the IP address for a tagged VLAN group, your management station must include the appropriate tag in its transmitted frames.
  • Page 406 ROUBLESHOOTING...
  • Page 407 PPENDIX PGRADING IRMWARE VIA ERIAL The switch contains three firmware components that can be upgraded; the diagnostics (or Boot-ROM) code, runtime operation code, and the loader code. The runtime code can be upgraded via the switch’s RS-232 serial console port, via a network connection to a TFTP server, or using SNMP management software.

  • Page 408: Upgrading Firmware Via The Serial Port

    PGRADING IRMWARE VIA THE ERIAL 4. When the switch initialization screen appears, enter firmware-download mode by pressing <Ctrl><u> immediately after power on or rebooting the switch. Screen text similar to that shown below displays: File Name S/Up Type Size Create Time --------------------------------- ---- ---- ---------- ----------- $certificate 20480...
  • Page 409 Note: The download file must be a SMC6724AL2 binary software file from SMC. 10. After the file has been downloaded, you are prompted with “Update Image File:” to specify the type of code file. Press <R> for runtime code, <D>...
  • Page 410 PGRADING IRMWARE VIA THE ERIAL For example, the following screen text shows the download procedure for a runtime code file: Select> Xmodem Receiving Start :: Image downloaded to buffer. [R]untime [D]iagnostic [L]oader (Warning: you sure what you are doing?) Update Image File:r Diagnostic Image Filename : r_20019 Updating file system.

  • Page 411: Glossary

    LOSSARY Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2 information). BOOT Protocol (BOOTP) Boot protocol is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.

  • Page 412: Gigabit Ethernet

    LOSSARY Extensible Authentication Protocol over LAN (EAPOL) EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A username and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification.
  • Page 413 LOSSARY IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value.

  • Page 414: Igmp Snooping

    LOSSARY IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. Internet Group Management Protocol (IGMP) A protocol through which hosts can register with their local router for multicast services.

  • Page 415: Multicast Switching

    LOSSARY Link Aggregation Control Protocol (LACP) Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device. Media Access Control (MAC) A portion of the networking protocol that governs access to the transmission medium, facilitating the exchange of data between network nodes. Management Information Base (MIB) An acronym for Management Information Base.

  • Page 416: Port Trunk

    LOSSARY Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links. Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN.
  • Page 417 LOSSARY Simple Network Time Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server. Updates can be requested from a specific NTP server, or can be received via broadcasts sent by NTP servers. Spanning Tree Protocol (STP) A technology that checks your network for any loops.
  • Page 418 LOSSARY Glossary-8...

  • Page 419: Index

    NDEX Numerics 802.1x default priority, ingress port 2-130 commands 3-155 default settings 1-14 configure 2-51 DHCP 2-18 default 3-164 Differentiated Code Point Service See DSCP Displaying Basic VLAN Information 2-109 dot1x default 3-164 Access Control List See ACL downloading software 2-23 DSCP, enabling 2-138 Extended IP 2-56 3-172...
  • Page 420 NDEX IEEE 802.1D 2-89 3-108 passwords IEEE 802.1w 2-89 3-108 administrator setting 2-35 IGMP, configuring 2-146 path cost 2-99 ingress filtering 2-118 method 3-112 IP address STA 3-112 BOOTP/DHCP service 2-18 path cost, method 2-96 setting 2-16 port priority IP precedence configuring 2-130 enabling 2-138 default ingress 2-130...
  • Page 421 NDEX SSH, configuring 2-43 3-50 edge port 2-100 Web interface interface settings 3-120 access requirements 2-1 link type 2-100 2-103 configuration buttons 2-4 path cost 2-99 home page 2-3 priority 2-99 menu list 2-4 startup files panel display 2-4 displaying 2-23 setting 2-23 statistics, switch 2-79 STP 2-93...
  • Page 422 NDEX Index-4...
  • Page 424 97 14 299 4466 Fax 97 14 299 4664 Thailand: 66 2 651 8733 Fax 66 2 651 8737 If you are looking for further contact information, please visit www.smc.com, www.smc-europe.com or www.smc-asia.com. 38 Tesla Model Number: SMC6724AL2 Irvine, CA 92618 Pub.Number: 150200037700A E012004-R02...

This manual is also suitable for:

6724al2gbSmc6724al2

Table of Contents