Page 1: Management Guide
MANAGEMENT GUIDE SMC8028L2 TigerSwitch 10/100/1000 28-Port Gigabit Ethernet Switch...
Page 2 TigerSwitch 10/100/1000 Management Guide From SMC's Tiger line of feature-rich workgroup LAN solutions Janurary 2010 20 Mason Pub. # 149100000079A Irvine, CA 92618 E012010-MW-R01 Phone: (949) 679-8000...
Page 3 Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC.
Page 4: Warranty And Product Registration
ARRANTY AND RODUCT EGISTRATION To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.com. – 4 –...
Page 5: About This Guide
BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Page 6 BOUT UIDE – 6 –...
Page 7: Table Of Contents
ONTENTS ARRANTY AND RODUCT EGISTRATION BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features Configuration Backup and Restore Authentication Access Control Lists Port Configuration Rate Limiting Port Mirroring Port Trunking Storm Control Static Addresses IEEE 802.1D Bridge Store-and-Forward Switching Spanning Tree Algorithm...
Page 8 ONTENTS Configuration Options Required Connections Remote Connections Basic Configuration Setting Passwords Setting an IP Address Enabling SNMP Management Access Managing System Files Saving or Restoring Configuration Settings ECTION ONFIGURATION SING THE NTERFACE Connecting to the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display...
Page 9 ONTENTS Configuring SSH IGMP Snooping Configuring IGMP Snooping and Query Configuring IGMP Filtering Configuring Link Layer Discovery Protocol Configuring the MAC Address Table IEEE 802.1Q VLANs Assigning Ports to VLANs Configuring VLAN Attributes for Port Members Configuring Private VLANs Using Port Isolation Quality of Service Configuring Port-Level Queue Settings Configuring DSCP Remarking...
Page 10 ONTENTS Displaying Access Management Statistics Displaying Information About Ports Displaying Port Status On the Front Panel Displaying an Overview of Port Statistics Displaying QoS Statistics Displaying Detailed Port Statistics Displaying Information on Authentication Servers Displaying a List of Authentication Servers Displaying Statistics for Configured Authentication Servers Displaying Information on LACP Displaying an Overview of LACP Groups...
Page 11 ONTENTS ECTION OMMAND NTERFACE SING THE OMMAND NTERFACE Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Getting Help on Commands Partial Keyword Lookup Using Command History Command Line Processing CLI Command Groups YSTEM OMMANDS system configuration system reboot system restore default...
Page 12 ONTENTS ip ping ip dns ip dns_proxy ip sntp ip ipv6 autoconfig ip ipv6 setup ip ipv6 ping6 ip ipv6 sntp 11 A UTHENTICATION OMMANDS auth configuration auth timeout auth deadtime auth radius auth acct_radius auth tacacs+ auth client auth statistics 12 P OMMANDS port configuration...
Page 13 ONTENTS lacp mode lacp key lacp role lacp status lacp statistics 15 RSTP C OMMANDS rstp configuration rstp sysprio rstp age rstp delay rstp txhold rstp version rstp mode rstp cost rstp priority rstp edge rstp autoedge rstp p2p rstp status rstp statistics rstp mcheck 16 IEEE 802.1X C...
Page 14 ONTENTS igmp state igmp querier igmp fastleave igmp leave proxy igmp throttling igmp filtering igmp router igmp flooding igmp groups igmp status 18 LLDP C OMMANDS lldp configuration lldp mode lldp optional_tlv lldp interval lldp hold lldp delay lldp reinit lldp info lldp statistics lldp cdp_aware...
Page 15 ONTENTS vlan ingressfilter vlan qinq vlan add vlan delete vlan lookup 21 PVLAN C OMMANDS pvlan configuration pvlan add pvlan delete pvlan lookup pvlan isolate 22 Q OMMANDS qos configuration qos default qos tagprio qos qcl port qos qcl add qos qcl delete qos qcl lookup qos mode...
Page 16 ONTENTS acl clear 24 M IRROR OMMANDS mirror configuration mirror port mirror mode 25 C ONFIG OMMANDS config save config load 26 SNMP C OMMANDS snmp configuration snmp mode snmp version snmp read community snmp write community snmp trap mode snmp trap version snmp trap community snmp trap destination...
Page 17 ONTENTS snmp group delete snmp group lookup snmp view add snmp view delete snmp view lookup snmp access add snmp access delete snmp access lookup 27 HTTPS C OMMANDS https configuration https mode https redirect 28 SSH C OMMANDS ssh configuration ssh mode 29 UP OMMANDS...
Page 18 ONTENTS Standards Management Information Bases ROUBLESHOOTING Problems Accessing the Management Interface Using System Logs LOSSARY NDEX – 18 –...
Page 19: Figures
IGURES Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Configuration Figure 4: IP & Time Configuration Figure 5: IPv6 & Time Configuration Figure 6: System Password Figure 7: Access Management Configuration Figure 8: Port Configuration Figure 9: Authentication Configuration Figure 10: Static Trunk Configuration Figure 11: LACP Port Configuration...
Page 20 IGURES Figure 32: Access Control List Configuration Figure 33: Mirror Configuration Figure 34: SNMP System Configuration Figure 35: SNMPv3 Communities Configuration Figure 36: SNMPv3 Users Configuration Figure 37: SNMPv3 Group Configuration Figure 38: SNMPv3 View Configuration Figure 39: SNMPv3 Access Configuration Figure 40: UPnP Configuration Figure 41: DHCP Relay Configuration Figure 42: System Information...
Page 21 IGURES Figure 68: Factory Defaults Figure 69: Software Upload Figure 70: Configuration Save Figure 71: Configuration Upload – 21 –...
Page 22 IGURES – 22 –...
Page 23: Tables
ABLES Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: Recommended STA Path Cost Range Table 6: Recommended STA Path Costs Table 7: Default STA Path Costs Table 8: HTTPS System Support Table 9: QCE Modification Buttons Table 10: Mapping CoS Values to Egress Queues Table 11: QCE Modification Buttons...
Page 24 ABLES Table 32: MAC Commands Table 33: VLAN Commands Table 34: PVLAN Commands Table 35: QoS Commands Table 36: Mapping CoS Values to Egress Queues Table 37: ACL Commands Table 38: Mirror Commands Table 39: Configuration Commands Table 40: SNMP Commands Table 41: HTTPS Commands Table 42: HTTPS System Support Table 43: SSH Commands...
Page 25: Sectioni
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 27 ◆...
Page 26 | Getting Started ECTION – 26 –...
Page 27: Key Features
NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 28: Description Of Software Features
| Introduction HAPTER Description of Software Features Table 1: Key Features (Continued) Feature Description Virtual LANs Up to 256 using IEEE 802.1Q, port-based, and private VLANs Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/ UDP port, DSCP, ToS bit, VLAN tag priority, or port Qualify of Service Supports Differentiated Services (DiffServ), and DSCP remarking Multicast Filtering...
Page 29: Access Control Lists
| Introduction HAPTER Description of Software Features ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP CCESS ONTROL port number or frame type) or layer 2 frames (based on any destination ISTS MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag priority).
Page 30: Ieee 802.1D Bridge
| Introduction HAPTER Description of Software Features moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
Page 31: Virtual Lans
| Introduction HAPTER Description of Software Features The switch supports up to 256 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 32: Quality Of Service
| Introduction HAPTER Description of Software Features Differentiated Services (DiffServ) provides policy-based management UALITY OF ERVICE mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, DSCP values, or VLAN lists.
Page 33: System Defaults
| Introduction HAPTER System Defaults YSTEM EFAULTS The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter Default Console Port Connection Baud Rate 115200 bps Data bits Stop bits Parity none Local Console Timeout 0 (disabled) Authentication User Name...
Page 34 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default Spanning Tree Algorithm Status Enabled, RSTP (Defaults: RSTP standard) Edge Port Enabled Address Table Aging Time 300 seconds Virtual LANs Default VLAN PVID Acceptable Frame Type Ingress Filtering Disabled Switchport Mode (Egress Mode) Tagged frames Traffic Prioritization...
Page 35: Initial Switch Configuration
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. ONNECTING TO THE WITCH The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web- based interface.
Page 36: Required Connections
| Initial Switch Configuration HAPTER Connecting to the Switch Set the speed/duplex mode for any port ◆ Configure the bandwidth of any port by limiting input or output rates ◆ Control port access through IEEE 802.1X security or static address ◆...
Page 37: Remote Connections
| Initial Switch Configuration HAPTER Connecting to the Switch Set the data format to 8 data bits, 1 stop bit, and no parity. ■ Set flow control to none. ■ Set the emulation mode to VT100. ■ When using HyperTerminal, select Terminal keys, not Windows ■...
Page 38: Basic Configuration
| Initial Switch Configuration HAPTER Basic Configuration ASIC ONFIGURATION If this is your first time to log into the console interface, you should define ETTING ASSWORDS a new password for access to the web interface, record it, and put it in a safe place.
Page 39 | Initial Switch Configuration HAPTER Basic Configuration SSIGNING AN DDRESS Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: IP address for the switch ◆ ◆ Network mask for this network Default gateway for the network ◆...
Page 40 | Initial Switch Configuration HAPTER Basic Configuration When configuring the IPv6 address and gateway, one double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. To generate an IPv6 global unicast address for the switch, type the following command, and press <Enter>.
Page 41: Enabling Snmp Management Access
| Initial Switch Configuration HAPTER Basic Configuration >ip dhcp enable >ip dhcp DHCP Client : Enabled Active Configuration: IP Address : 192.168.0.3 IP Mask : 255.255.255.0 IP Router : 0.0.0.0 DNS Server : 0.0.0.0 SNTP Server > Response time from DHCP servers vary considerably for different network environments.
Page 42 | Initial Switch Configuration HAPTER Basic Configuration The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 or 2c clients, you must specify a community string. The switch provides a default MIB View (i.e., an SNMPv3 construct) for the default “public”...
Page 43 | Initial Switch Configuration HAPTER Basic Configuration ECEIVERS You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, enter the “snmp trap” commands shown below, and press <Enter>. “snmp trap version version” “snmp trap commuity community-string”...
Page 44 | Initial Switch Configuration HAPTER Basic Configuration SNMP V ONFIGURING CCESS FOR ERSION LIENTS To configure management access for SNMPv3 clients, you need to first create a user, assign the user to a group, create a view that defines the portions of MIB that the client can read or write, and then create an access entry with the group and view.
Page 45: Managing System Files
| Initial Switch Configuration HAPTER Managing System Files ANAGING YSTEM ILES The switch’s flash memory supports two types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded or downloaded. The types of files are: Configuration —...
Page 46 | Initial Switch Configuration HAPTER Managing System Files – 46 –...
Page 47: Ection
ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 49 ◆ "Configuring the Switch" on page 55 ◆...
Page 48 | Web Configuration ECTION – 48 –...
Page 49: Using The Web Interface
SING THE NTERFACE This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0.0.0, or more recent versions).
Page 50: Navigating The Web Browser Interface
| Using the Web Interface HAPTER Navigating the Web Browser Interface AVIGATING THE ROWSER NTERFACE To access the web-browser interface you must first enter a user name and password. By default, the user name is “admin” and there is no password. When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
Page 51: Panel Display
| Using the Web Interface HAPTER Navigating the Web Browser Interface To ensure proper screen refresh, be sure that Internet Explorer is configured so that the setting “Check for newer versions of stored pages” reads “Every visit to the page.” Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings.”...
Page 52 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Spanning Tree System Configures global bridge settings for RSTP Ports Configures individual port settings for RSTP Port Security Configures global and port settings for IEEE 802.1X HTTPS Configures secure HTTP settings Configures Secure Shell server...
Page 53 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page SNMP System Configures read-only and read/write community strings for SNMP v1/v2c, engine ID for SNMP v3, and trap parameters Communities Configures community strings Users Configures SNMP v3 users on this switch Groups...
Page 54 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Port Status Displays STA role, state, and uptime for each port Port Statistics Displays statistics for RSTP, STP and TCN protocol packets Port Security Status Displays 802.1X security state of each port, last source...
Page 55: Configuring The Switch
ONFIGURING THE WITCH This chapter describes all of the basic configuration tasks. ONFIGURING YSTEM NFORMATION You can identify the system by configuring the contact information, name, and location of the switch. ARAMETERS These parameters are displayed on the System Information page: System Contact –...
Page 56: Setting An Ip Address
| Configuring the Switch HAPTER Setting an IP Address NTERFACE To configure System Information in the web interface: Click Configuration, System, Information. Specify the contact information for the system administrator, as well as the name and location of the switch. Also indicate the local time zone by configuring the appropriate offset.
Page 57 | Configuring the Switch HAPTER Setting an IP Address You can manually configure a specific IP address, or direct the device to obtain an address from a DHCP server. Valid IPv4 addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything other than this format will not be accepted by the CLI program.
Page 58: Setting An Ipv6 Address
| Configuring the Switch HAPTER Setting an IP Address NTERFACE To configure an IP address and SNTP in the web interface: Click Configuration, System, IP & Time. Specify the IPv4 settings, and enable DNS proxy service if required. Click Save. Figure 4: IP &...
Page 59 | Configuring the Switch HAPTER Setting an IP Address SAGE UIDELINES All IPv6 addresses must be formatted according to RFC 2373 “IPv6 ◆ Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields.
Page 60 | Configuring the Switch HAPTER Setting an IP Address Router – Sets the IPv6 address of the default next hop router. ◆ An IPv6 default gateway must be defined if the management station is located in a different IPv6 segment. An IPv6 default gateway can only be successfully set when a network interface that directly connects to the gateway has been configured on the switch.
Page 61: Setting The System Password
| Configuring the Switch HAPTER Setting the System Password ETTING THE YSTEM ASSWORD The administrator has read/write access for all parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and store it in a safe place. The administrator name “admin”...
Page 62: Figure 7: Access Management Configuration
| Configuring the Switch HAPTER Filtering IP Addresses for Management Access ARAMETERS The following parameters are displayed on the Access Management page: ◆ Mode – Enables or disables filtering of management access based on configured IP addresses. (Default: Disabled) Start IP Address – The starting address of a range. ◆...
Page 63: Configuring Port Connections
| Configuring the Switch HAPTER Configuring Port Connections ONFIGURING ONNECTIONS The Port Configuration page includes configuration options for enabling auto-negotiation or manually setting the speed and duplex mode, enabling flow control, setting the maximum frame size, specifying the response to excessive collisions, or enabling power saving mode.
Page 64: Figure 8: Port Configuration
| Configuring the Switch HAPTER Configuring Port Connections Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.
Page 65: Configuring Authentication For Management Access And 802.1X
| Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X 802.1X ONFIGURING UTHENTICATION FOR ANAGEMENT CCESS AND Use the Authentication Configuration page to specify the authentication method for controlling management access through Telnet, SSH or HTTP/ HTTPS. Access can be based on the (local) user name and password configured on the switch, or can be controlled with a RADIUS or TACACS+ remote access authentication server.
Page 66 | Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X When using RADIUS or TACACS+ logon authentication, the user name ◆ and password must be configured on the authentication server. The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client.
Page 67 | Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X IP Address – IP address or IP alias of authentication server. ◆ Port – Network (UDP) port of authentication server used for ◆ authentication messages. (Range: 1-65535; Default: 0) If the UDP port is set to 0 (zero), the switch will use 1812 for RADIUS authentication servers, 1813 for RADIUS accounting servers, or 49 for TACACS+ authentication servers.
Page 68: Figure 9: Authentication Configuration
| Configuring the Switch HAPTER Configuring Authentication for Management Access and 802.1X NTERFACE To configure authentication for management access in the web interface: Click Configuration, Authentication. Configure the authentication method for management client types, the common server timing parameters, and address, UDP port, and secret key for each required RADIUS or TACACS+ server.
Page 69: Creating Trunk Groups
| Configuring the Switch HAPTER Creating Trunk Groups REATING RUNK ROUPS You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches.
Page 70: Configuring Static Trunks
| Configuring the Switch HAPTER Creating Trunk Groups Use the Static Aggregation page to configure the aggregation mode and ONFIGURING TATIC members of each static trunk group. RUNKS SAGE UIDELINES When configuring static trunks, you may not be able to link switches of ◆...
Page 71 | Configuring the Switch HAPTER Creating Trunk Groups best for switch-to-switch trunk links where traffic through the switch is destined for many different hosts. Do not use this mode for switch-to-router trunk links where the destination MAC address is the same for all traffic. IP Address –...
Page 72: Figure 10: Static Trunk Configuration
| Configuring the Switch HAPTER Creating Trunk Groups NTERFACE To configure a static trunk: Click Configuration, Aggregation, Static. Select one or more load-balancing methods to apply to the configured trunks. Assign port members to each trunk that will be used. Click Save.
Page 73: Configuring Lacp
| Configuring the Switch HAPTER Creating Trunk Groups Use the LACP Port Configuration page to enable LACP on selected ports, LACP ONFIGURING configure the administrative key, and the protocol initiation mode. SAGE UIDELINES To avoid creating a loop in the network, be sure you enable LACP before ◆...
Page 74 | Configuring the Switch HAPTER Creating Trunk Groups Select the Specific option to manually configure a key. Use the Auto selection to automatically set the key based on the actual link speed, where 10Mb = 1, 100Mb = 2, and 1Gb = 3. Role –...
Page 75: Configuring The Spanning Tree Algorithm
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 11: LACP Port Configuration ONFIGURING THE PANNING LGORITHM The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
Page 76: Configuring Global Settings For Sta
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm This switch supports Rapid Spanning Tree Protocol (RSTP), but is backward compatible with Spanning Tree Protocol (STP). STP - STP uses a distributed algorithm to select a bridging device (STP- compliant switch, bridge or router) that serves as the root of the spanning tree network.
Page 77 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm priority, the device with the lowest MAC address will then become the root device. Note that lower numeric values indicate higher priority. (Options: 0-61440, in steps of 4096; Default: 32768) Max Age –...
Page 78: Configuring Interface Settings For Sta
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm NTERFACE To configure global settings for RSTP: Click Configuration, Spanning Tree, System. Modify the required attributes. Click Save. Figure 12: RSTP System Configuration Use the RSTP Port Configuration page to configure RSTP attributes for ONFIGURING specific interfaces, including path cost, port priority, edge port (for fast NTERFACE...
Page 79: Table 5: Recommended Sta Path Cost Range
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below. Table 5: Recommended STA Path Cost Range Port Type IEEE 802.1D-1998 IEEE 802.1w-2001...
Page 80: Figure 13: Rstp Port Configuration
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm during reconfiguration events, does not cause the spanning tree to initiate reconfiguration when the interface changes state, and also overcomes other STA-related timeout problems. However, remember that this feature should only be enabled for ports connected to an end- node device.
Page 81: Configuring 802.1X Port Authentication
| Configuring the Switch HAPTER Configuring 802.1X Port Authentication 802.1X P ONFIGURING UTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 82 | Configuring the Switch HAPTER Configuring 802.1X Port Authentication The operation of 802.1X on the switch requires the following: The switch must have an IP address assigned (see page 56). ◆ RADIUS authentication must be enabled on the switch and the IP ◆...
Page 83 | Configuring the Switch HAPTER Configuring 802.1X Port Authentication SAGE UIDELINES When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication server.
Page 84 | Configuring the Switch HAPTER Configuring 802.1X Port Authentication expires, the switch will consider the client alive, and leave it authenticated. Therefore, an age period of T will require the client to send frames more frequent than T/2 to stay authenticated. Hold Time - The time after an EAP Failure indication or RADIUS ◆...
Page 85 | Configuring the Switch HAPTER Configuring 802.1X Port Authentication Port State - The current state of the port: ◆ Disabled - 802.1X and MAC-based authentication are globally ■ disabled. (This is the default state.) Link Down - 802.1X or MAC-based authentication is enabled, but ■...
Page 86: Figure 14: Port Security Configuration
| Configuring the Switch HAPTER Configuring 802.1X Port Authentication NTERFACE To configure 802.1X Port Security: Click Configuration, Port Security. Modify the required attributes. Click Save. Figure 14: Port Security Configuration – 86 –...
Page 87: Configuring Https
| Configuring the Switch HAPTER Configuring HTTPS HTTPS ONFIGURING You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch's web interface. SAGE UIDELINES If you enable HTTPS, you must indicate this in the URL that you specify...
Page 88: Configuring Ssh
| Configuring the Switch HAPTER Configuring SSH NTERFACE To configure HTTPS: Click Configuration, HTTPS. Enable HTTPS if required and set the Automatic Redirect mode. Click Save. Figure 15: HTTPS Configuration ONFIGURING Secure Shell (SSH) provides remote management access to this switch as a secure replacement for Telnet.
Page 89: Igmp Snooping
| Configuring the Switch HAPTER IGMP Snooping ARAMETERS The following parameters are displayed on the SSH Configuration page: ◆ Mode - Allows you to enable/disable SSH service on the switch. (Default: Disabled) NTERFACE To configure SSH: Click Configuration, SSH. Enable SSH if required. Click Save.
Page 90: Configuring Igmp Snooping And Query
| Configuring the Switch HAPTER IGMP Snooping ports containing hosts requesting to join the service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 91 | Configuring the Switch HAPTER IGMP Snooping IGMP leave proxy suppresses all unnecessary IGMP leave messages so that a non-querier switch forwards an IGMP leave packet only when the last dynamic member port leaves a multicast group. The leave-proxy feature does not function when a switch is set as the querier.
Page 92 | Configuring the Switch HAPTER IGMP Snooping Fast Leave - Immediately deletes a member port of a multicast service ◆ if a leave packet is received at that port. (Default: Disabled) The switch can be configured to immediately delete a member port of a multicast service if a leave packet is received at that port and the Fast Leave function is enabled.
Page 93: Figure 17: Igmp Snooping Configuration
| Configuring the Switch HAPTER IGMP Snooping NTERFACE To configure IGMP Snooping: Click Configuration, IGMP Snooping, Basic Configuration. Adjust the IGMP settings as required. Click Save. Figure 17: IGMP Snooping Configuration – 93 –...
Page 94: Configuring Igmp Filtering
| Configuring the Switch HAPTER IGMP Snooping In certain switch applications, the administrator may want to control the IGMP ONFIGURING multicast services that are available to end users; for example, an IP/TV ILTERING service based on a specific subscription plan. The IGMP filtering feature fulfills this requirement by denying access to specified multicast services on a switch port.
Page 95: Configuring Link Layer Discovery Protocol
| Configuring the Switch HAPTER Configuring Link Layer Discovery Protocol ONFIGURING AYER ISCOVERY ROTOCOL Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device.
Page 96 | Configuring the Switch HAPTER Configuring Link Layer Discovery Protocol LLDP Interface Attributes Port – Port identifier. (Range: 1-28) ◆ Mode – Enables LLDP message transmit and receive modes for LLDP ◆ Protocol Data Units. (Options: Disabled, Enabled - TxRx, Rx only, Tx only;...
Page 97 | Configuring the Switch HAPTER Configuring Link Layer Discovery Protocol Mgmt Addr – The management address protocol packet includes the ◆ IPv4 address of the switch. If no management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement.
Page 98: Configuring The Mac Address Table
| Configuring the Switch HAPTER Configuring the MAC Address Table Figure 19: LLDP Configuration MAC A ONFIGURING THE DDRESS ABLE Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table.
Page 99 | Configuring the Switch HAPTER Configuring the MAC Address Table Disable - No addresses are learned and stored in the MAC address ◆ table. Secure - Only static MAC address entries are used, all other frames are ◆ dropped. Make sure that the link used for managing the switch is added to the Static MAC Table before changing to secure learning mode.
Page 100: Ieee 802.1Q Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs NTERFACE To configure the MAC Address Table: Click Configuration, MAC Address Table. Change the address aging time if required. Specify the way in which MAC addresses are learned on any port. Add any required static MAC addresses by clicking the Add New Static Entry button, entering the VLAN ID and MAC address, and marking the ports to which the address is to be mapped.
Page 101: Assigning Ports To Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections. VLANs can be easily organized to reflect departmental groups (such as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for multimedia applications such as videoconferencing).
Page 102: Configuring Vlan Attributes For Port Members
| Configuring the Switch HAPTER IEEE 802.1Q VLANs printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you must connect them through a router. NTERFACE To configure IEEE 802.1Q VLAN groups: Click Configuration, VLANs, VLAN Membership. Change the ports assigned to the default VLAN (VLAN 1) if required.
Page 103 | Configuring the Switch HAPTER IEEE 802.1Q VLANs If ingress filtering is enabled and a port receives frames tagged for ■ VLANs for which it is not a member, these frames will be discarded. If ingress filtering is disabled and a port receives frames tagged for ■...
Page 104: Configuring Private Vlans
| Configuring the Switch HAPTER Configuring Private VLANs NTERFACE To configure attributes for VLAN port members: Click Configuration, VLANs, Ports. Configure in the required settings for each interface. Click Save. Figure 22: VLAN Port Configuration VLAN ONFIGURING RIVATE Private VLANs provide port-based security and isolation between ports within the assigned VLAN.
Page 105: Using Port Isolation
| Configuring the Switch HAPTER Using Port Isolation ARAMETERS The following parameters are displayed on the Private VLAN Membership Configuration page: PVLAN ID - Private VLAN identifier. (Range: 1-4095) ◆ By default, all ports are configured as members of VLAN 1 and PVLAN 1.
Page 106: Quality Of Service
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure isolated ports: Click Configuration, Private VLANs, Port Isolation. Mark the ports which are to be isolated from each other. Click Save. Figure 24: Port Isolation Configuration UALITY OF ERVICE All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class.
Page 107: Configuring Port-Level Queue Settings
| Configuring the Switch HAPTER Quality of Service You can specify the default port priority for each port on the switch, a ONFIGURING Quality Control List (which sets the priority for ingress packets based on EVEL UEUE detailed criteria), the default tag assigned to egress packets, the queuing ETTINGS mode, and queue weights.
Page 108: Configuring Dscp Remarking
| Configuring the Switch HAPTER Quality of Service will be allowed to transmit up to 8 packets, after which the next lower priority queue will be serviced according to it's weighting. This prevents the head-of-line blocking that can occur with strict priority queuing. This weight determines the frequency at which each queue will be polled for service, and subsequently affects the response time for software applications assigned a specific priority value.
Page 109 | Configuring the Switch HAPTER Quality of Service ARAMETERS The following parameters are displayed on the DSCP Remarking Configuration page: Port - Port identifier. ◆ DSCP Remarking Mode - Enables or disables remarking of the DSCP ◆ bits for egress packets placed in this queue. (Default: Disabled) DSCP Queue Mapping - Maps the DSCP value assigned to egress ◆...
Page 110: Configuring Qos Control Lists
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure port-level DSCP remarking: Click Configuration, QoS, DSCP Remarking. Enable remarking on each port for which it is required. Assign DSCP values to use for each of the egress queues. Click Save.
Page 111: Table 9: Qce Modification Buttons
| Configuring the Switch HAPTER Quality of Service QCE Type - Specifies which frame field the Quality Control Entry (QCE) ◆ processes to determine the QoS class of the frame. QCE types are described later in this section. Type Value - A value which depends on the selected QCE type. Type ◆...
Page 112: Table 10: Mapping Cos Values To Egress Queues
| Configuring the Switch HAPTER Quality of Service The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following table. Table 10: Mapping CoS Values to Egress Queues Priority Queue Normal Normal Medium Medium High...
Page 113: Configuring Rate Limiting
| Configuring the Switch HAPTER Quality of Service Figure 27: QoS Control List Configuration Rate limiting controls the maximum rate for traffic transmitted or received ONFIGURING on an interface. Rate limiting can be configured on interfaces at the edge of IMITING a network to form part of the customer service package by limiting traffic into or out of the switch.
Page 114: Figure 28: Rate Limit Configuration
| Configuring the Switch HAPTER Quality of Service Policer Unit - Sets the unit of measure for the port policer. ◆ (Options: kbps, Mbps; Default: kbps) Egress Limits Shaper Enabled - Enables or disables egress rate limiting. ◆ (Default: Disabled) ◆...
Page 115: Configuring Storm Control
| Configuring the Switch HAPTER Quality of Service You can configure limits on broadcast, multicast and unknown unicast ONFIGURING TORM traffic to control traffic storms which may occur when a network device is ONTROL malfunctioning, the network is not properly configured, or application programs are not well designed or properly configured.
Page 116: Figure 29: Storm Control Configuration
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure Storm Control: Click Configuration, QoS, Storm Control. Enable storm control for unknown unicast, broadcast, or multicast traffic by marking the Status box next to the required frame type. Select the control rate as a function of 2 pps (i.e., a value with no suffix for the unit of measure) or a rate in Kpps (i.e., a value marked with the suffix “K”).
Page 117: Access Control Lists
| Configuring the Switch HAPTER Access Control Lists CCESS ONTROL ISTS An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one.
Page 118: Configuring Rate Limiters
| Configuring the Switch HAPTER Access Control Lists NTERFACE To configure ACL policies and responses for a port: Click Configuration, ACL, Ports. Assign an ACL policy configured on the ACE Configuration page, specify the responses to invoke when a matching frame is seen, including the filter mode, copying matching frames to another port, or shutting down the port.
Page 119: Configuring Access Control Lists
| Configuring the Switch HAPTER Access Control Lists NTERFACE To configure rate limits which can be applied to a port: Click Configuration, ACL, Rate Limiters. For any of the rate limiters, select the maximum ingress rate that will be supported on a port once a match has been found in an assigned ACL.
Page 120 | Configuring the Switch HAPTER Access Control Lists The maximum number of ACL rules that can be bound to a port is 10. ◆ ACLs provide frame filtering based on any of the following criteria: ◆ Any frame type (based on MAC address, VLAN ID, VLAN priority) ■...
Page 121: Table 11: Qce Modification Buttons
| Configuring the Switch HAPTER Access Control Lists The following buttons are used to edit or move the ACL entry (ACE): Table 11: QCE Modification Buttons Button Description Inserts a new ACE before the current row. Edits the ACE. Moves the ACE up the list. Moves the ACE down the list.
Page 122 | Configuring the Switch HAPTER Access Control Lists A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX). ARP: ◆ MAC Parameters SMAC Filter - The type of source MAC address. (Options: Any, MC - ■...
Page 123 | Configuring the Switch HAPTER Access Control Lists IP/Ethernet Length - Specifies whether frames can be matched ■ according to their ARP/RARP hardware address length (HLN) and protocol address length (PLN) settings. (Options: Any - any value is allowed, 0 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must not match this entry, 1 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must match this...
Page 124 | Configuring the Switch HAPTER Access Control Lists Dest. Port Filter - Specifies the UDP destination filter for this ■ rule. (Options: Any, Specific (0-65535), Range (0-65535); Default: Any) TCP Parameters Source Port Filter - Specifies the TCP source filter for this rule. ■...
Page 125 | Configuring the Switch HAPTER Access Control Lists IP Fragment - Specifies the fragment offset settings for this rule. ■ This involves the settings for the More Fragments (MF) bit and the Fragment Offset (FRAG OFFSET) field for an IPv4 frame. (Options: Any - any value is allowed, Yes - IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must match this entry, No - IPv4 frames where the MF bit is set or the FRAG OFFSET...
Page 126: Figure 32: Access Control List Configuration
| Configuring the Switch HAPTER Access Control Lists Tag Priority - Specifies the User Priority value found in the VLAN tag ◆ (3 bits as defined by IEEE 802.1p) to match for this rule. (Options: Any, Specific (1-7); Default: Any) NTERFACE To configure an Access Control List for a port or a policy: Click Configuration, ACL, Access Control List.
Page 127: Configuring Port Mirroring
| Configuring the Switch HAPTER Configuring Port Mirroring ONFIGURING IRRORING You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the Source Single port(s)
Page 128: Simple Network Management Protocol
| Configuring the Switch HAPTER Simple Network Management Protocol IMPLE ETWORK ANAGEMENT ROTOCOL Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
Page 129: Configuring Snmp System And Trap Settings
| Configuring the Switch HAPTER Simple Network Management Protocol Table 12: SNMP Security Models and Levels Model Level Community String Group Read View Write View Security noAuth public default_ro_group default_view none Community string only NoPriv noAuth private default_rw_group default_view default_view Community string only NoPriv noAuth...
Page 130 | Configuring the Switch HAPTER Simple Network Management Protocol community string is associated with SNMPv1 or SNMPv2 clients in the SNMPv3 Communities table (page 134). Write Community - The community used for read/write access to the ◆ SNMP agent. (Range: 0-255 characters, ASCII characters 33-126 only; Default: private) This parameter only applies to SNMPv1 and SNMPv2c.
Page 131 | Configuring the Switch HAPTER Simple Network Management Protocol Trap Link-up and Link-down - Issues a notification message ◆ whenever a port link is established or broken. (Default: Enabled) Trap Inform Mode - Enables or disables sending notifications as ◆ inform messages.
Page 132 | Configuring the Switch HAPTER Simple Network Management Protocol NTERFACE To configure SNMP system and trap settings: Click Configuration, SNMP, System. Then click Next. In the SNMP System Configuration table, set the Mode to Enabled to enable SNMP service on the switch, specify the SNMP version to use, change the community access strings if required, and set the engine ID if SNMP version 3 is used.
Page 133: Figure 34: Snmp System Configuration
| Configuring the Switch HAPTER Simple Network Management Protocol Figure 34: SNMP System Configuration – 133 –...
Page 134: Setting Snmpv3 Community Access Strings
| Configuring the Switch HAPTER Simple Network Management Protocol All community strings used to authorize access by SNMP v1 and v2c clients SNMP ETTING should be listed in the SNMPv3 Communities Configuration table. For OMMUNITY CCESS security reasons, you should consider removing the default strings. TRINGS ARAMETERS The following parameters are displayed on the SNMPv3 Communities...
Page 135: Configuring Snmpv3 Users
| Configuring the Switch HAPTER Simple Network Management Protocol Each SNMPv3 user is defined by a unique name and remote engine ID. ONFIGURING Users must be configured with a specific security level, and the types of SNMP SERS authentication and privacy protocols to use. Any user assigned through this page is associated with the group assigned to the USM Security Model on the SNMPv3 Groups Configuration page...
Page 136: Configuring Snmpv3 Groups
| Configuring the Switch HAPTER Simple Network Management Protocol Privacy Password - A string identifying the privacy pass phrase. ◆ (Range: 8-40 characters, ASCII characters 33-126 only) NTERFACE To configure SNMPv3 users: Click Configuration, SNMP, Users. Click Add New User to configure a user name. Enter a remote Engine ID of up to 64 hexadecimal characters Define the user name, security level, authentication and privacy settings.
Page 137: Figure 37: Snmpv3 Group Configuration
| Configuring the Switch HAPTER Simple Network Management Protocol Group Name - The name of the SNMP group. (Range: 1-32 characters, ◆ ASCII characters 33-126 only) NTERFACE To configure SNMPv3 groups: Click Configuration, SNMP, Groups. Click Add New Group to set up a new group. Select a security model.
Page 138: Configuring Snmpv3 Views
| Configuring the Switch HAPTER Simple Network Management Protocol SNMPv3 views are used to restrict user access to specified portions of the ONFIGURING MIB tree. The predefined view “default_view” includes access to the entire SNMP IEWS MIB tree. ARAMETERS The following parameters are displayed on the SNMPv3 Views Configuration page: View Name - The name of the SNMP view.
Page 139: Configuring Snmpv3 Group Access Rights
| Configuring the Switch HAPTER Simple Network Management Protocol Use the SNMP Accesses Configuration menu to assign portions of the MIB ONFIGURING tree to which each SNMPv3 group is granted access. You can assign more SNMP ROUP than one view to a group to specify access to different portions of the MIB CCESS IGHTS tree.
Page 140: Configuring Upnp
| Configuring the Switch HAPTER Configuring UPnP NTERFACE To configure SNMPv3 group access rights: Click Configuration, SNMP, Accesses. Click Add New Access to create a new entry. Specify the group name, security settings, read view, and write view. Click Save. Figure 39: SNMPv3 Access Configuration ONFIGURING Universal Plug and Play (UPnP) is a set of protocols that allows devices to...
Page 141: Figure 40: Upnp Configuration
| Configuring the Switch HAPTER Configuring UPnP If a device has a URL for presentation, then the control point can retrieve a page from this URL, load the page into a web browser, and depending on the capabilities of the page, allow a user to control the device and/or view device status.
Page 142: Configuring Dhcp Relay And Option 82 Information
| Configuring the Switch HAPTER Configuring DHCP Relay and Option 82 Information DHCP R 82 I ONFIGURING ELAY AND PTION NFORMATION The switch supports DHCP relay service for attached host devices. If a subnet does not include a DHCP server, you can relay DHCP client requests to a DHCP server on another subnet.
Page 143: Figure 41: Dhcp Relay Configuration
| Configuring the Switch HAPTER Configuring DHCP Relay and Option 82 Information Drop - Drops the packet when it receives a DHCP message that ■ already contains relay information. NTERFACE To configure DHCP Relay: Click Configuration, DHCP, Relay. Enable the DHCP relay function, specify the DHCP server’s IP address, enable Option 82 information mode, and set the policy by which to handle relay information found in client packets.
Page 144 | Configuring the Switch HAPTER Configuring DHCP Relay and Option 82 Information – 144 –...
Page 145: Monitoring The Switch
ONITORING THE WITCH This chapter describes how to monitor all of the basic functions, configure or view system logs, and how to view traffic status or the address table. ISPLAYING ASIC NFORMATION BOUT THE YSTEM You can use the Monitor/System menu to display a basic description of the switch, log messages, or statistics on traffic used in managing the switch.
Page 146: Displaying Log Messages
| Monitoring the Switch HAPTER Displaying Basic Information About the System NTERFACE To view System Information in the web interface, click Monitor, System, Information. Figure 42: System Information Use the System Log Information page to scroll through the logged system ISPLAYING and event messages.
Page 147: Figure 43: System Log Information
| Monitoring the Switch HAPTER Displaying Basic Information About the System Table Headings ID – Error ID. ◆ Level – Error level as described above. ◆ Time – The time of the system log entry. ◆ Message – The message text of the system log entry. ◆...
Page 148: Displaying Log Details
| Monitoring the Switch HAPTER Displaying Basic Information About the System Use the Detailed Log page to view the full text of specific log messages. ISPLAYING ETAILS NTERFACE To display the text of a specific log message, click Monitor, System, Detailed Log.
Page 149: Displaying Information About Ports
| Monitoring the Switch HAPTER Displaying Information About Ports Receive Packets – The number of management packets received. ◆ Allow Packets – The number of management packets accepted. ◆ Discard Packets – The number of management packets discarded. ◆ NTERFACE To display the information on management packets, click Monitor, System, Access Management Statistics.
Page 150: Displaying An Overview Of Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Port Statistics Overview page to display a summary of basic ISPLAYING AN information on the traffic crossing each port. VERVIEW OF TATISTICS ARAMETERS These parameters are displayed on the Port Statistics Overview page: ◆...
Page 151: Displaying Qos Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Use the QoS Statistics page to display the number of packets processed by ISPLAYING each service queue. TATISTICS ARAMETERS These parameters are displayed on the Queuing Counters page: ◆ Low Queue Receive/Transmit – The number of packets received and transmitted through the low-priority queue.
Page 152: Displaying Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Detailed Port Statistics page to display detailed statistics on ISPLAYING ETAILED network traffic. This information can be used to identify potential problems TATISTICS with the switch (such as a faulty port or unusually heavy loading). All values displayed have been accumulated since the last system reboot, and are shown as counts per second.
Page 153 | Monitoring the Switch HAPTER Displaying Information About Ports Rx Fragments - The total number of frames received that were ■ less than 64 octets in length (excluding framing bits, but including FCS octets) and had either an FCS or alignment error. Rx Jabber - The total number of frames received that were longer ■...
Page 154: Figure 49: Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the detailed port statistics, click Monitor, Ports, Detailed Statistics. Figure 49: Detailed Port Statistics – 154 –...
Page 155: Displaying Information On Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers ISPLAYING NFORMATION ON UTHENTICATION ERVERS Use the Monitor/Authentication pages to display information on RADIUS authentication and accounting servers, including the IP address and statistics for each server. Use the RADIUS Overview page to display a list of configured ISPLAYING A IST OF authentication and accounting servers.
Page 156: Displaying Statistics For Configured Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers NTERFACE To display a list of configured authentication and accounting servers, click Monitor, Authentication, RADIUS Overview. Figure 50: RADIUS Overview Use the RADIUS Details page to display statistics for configured ISPLAYING authentication and accounting servers.
Page 157 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Bad Authenticators - The number of RADIUS Access-Response ■ packets containing invalid authenticators or Message Authenticator attributes received from this server. Unknown Types - The number of RADIUS packets of unknown ■...
Page 158 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Round-Trip Time - The time interval (measured in milliseconds) ■ between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from the RADIUS authentication server. The granularity of this measurement is 100 ms. A value of 0 ms indicates that there hasn't been round-trip communication with the server yet.
Page 159 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Not Ready - The server is enabled, but IP communication is not ■ yet up and running. Ready - The server is enabled, IP communication is up and ■ running, and the RADIUS module is ready to accept accounting attempts.
Page 160: Figure 51: Radius Details
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers NTERFACE To display statistics for configured authentication and accounting servers, click Monitor, Authentication, RADIUS Details. Figure 51: RADIUS Details – 160 –...
Page 161: Displaying Information On Lacp
| Monitoring the Switch HAPTER Displaying Information on LACP LACP ISPLAYING NFORMATION ON Use the monitor pages for LACP to display information on LACP configuration settings, the functional status of participating ports, and statistics on LACP control packets. Use the LACP System Status page to display an overview of LACP groups. ISPLAYING AN LACP VERVIEW OF...
Page 162: Figure 53: Lacp Port Status
| Monitoring the Switch HAPTER Displaying Information on LACP No - LACP is not enabled or the port link is down. ■ Backup - The port could not join the aggregation group but will join ■ if other port leaves. Meanwhile it's LACP status is disabled. Key - Current operational value of the key for the aggregation port.
Page 163: Displaying Lacp Port Statistics
| Monitoring the Switch HAPTER Displaying Information on LACP Use the LACP Port Statistics page to display statistics on LACP control LACP ISPLAYING packets crossing on each port. TATISTICS ARAMETERS These parameters are displayed on the LACP Port Statistics page: ◆...
Page 164: Displaying Information On The Spanning Tree
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ISPLAYING NFORMATION ON THE PANNING Use the monitor pages for Spanning Tree to display information on spanning tree bridge status, the functional status of participating ports, and statistics on spanning tree protocol packets. Use the Bridge Status page to display RSTP information on the global ISPLAYING RIDGE...
Page 165 | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree designated port); or is an alternate or backup port that may provide connectivity if other bridges, bridge ports, or LANs fail or are removed. State - Displays the current state of this port within the Spanning Tree: ◆...
Page 166: Displaying Port Status For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree NTERFACE To display information on spanning tree bridge and port status, click Monitor, Spanning Tree, Bridge Status. Figure 55: Spanning Tree Bridge Status Use the Port Status page to display the RSTP functional status of ISPLAYING participating ports.
Page 167: Displaying Port Statistics For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree contradictory information. Port address table is cleared, and the port begins learning addresses. Forwarding - Port forwards packets, and continues learning ■ addresses. Uptime - The time since the bridge port was last initialized. ◆...
Page 168: Displaying Port Security Information
| Monitoring the Switch HAPTER Displaying Port Security Information NTERFACE To display information on spanning port statistics, click Monitor, Spanning Tree, Port Statistics. Figure 57: Spanning Tree Port Statistics ISPLAYING ECURITY NFORMATION Use the monitor pages for Port Security to display the IEEE 802.1X authentication state, statistics, and protocol information for each port.
Page 169: Displaying Port Security Statistics
| Monitoring the Switch HAPTER Displaying Port Security Information Last Source - The source MAC address carried in the most recently ◆ received EAPOL frame for port-based authentication, and the most recently received frame from a new client for MAC-based authentication.
Page 170 | Monitoring the Switch HAPTER Displaying Port Security Information Start - The number of EAPOL Start frames that have been received by ◆ the switch. Logoff - The number of valid EAPOL logoff frames that have been ◆ received by the switch. Invalid Type - The number of EAPOL frames that have been received ◆...
Page 171 | Monitoring the Switch HAPTER Displaying Port Security Information Transmit Backend Server Counters Responses ◆ For port-based authentication, this field counts the number of times that the switch attempts to send a supplicant's first response packet to the backend server. This indicates that the switch has attempted communication with the backend server.
Page 172: Figure 59: Port Security Statistics
| Monitoring the Switch HAPTER Displaying Port Security Information NTERFACE To display IEEE 802.1X statistics and protocol information for each port, click Monitor, Port Security, Statistics. Figure 59: Port Security Statistics – 172 –...
Page 173: Showing Igmp Snooping Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information IGMP S HOWING NOOPING NFORMATION Use the IGMP Snooping page to display IGMP querier status and snooping statistics for each VLAN, the port members of each service group, and the ports connected to an upstream multicast router/switch. ARAMETERS These parameters are displayed on the IGMP Snooping Status page: Statistics...
Page 174: Displaying Lldp Information
| Monitoring the Switch HAPTER Displaying LLDP Information NTERFACE To display information for IGMP snooping, click Monitor, IGMP Snooping. Figure 60: IGMP Snooping Status LLDP I ISPLAYING NFORMATION Use the monitor pages for LLDP to display information advertised by LLDP neighbors and statistics on LLDP control frames.
Page 175: Table 13: System Capabilities
| Monitoring the Switch HAPTER Displaying LLDP Information Chassis ID - An octet string indicating the specific identifier for the ◆ particular chassis in this system. Remote Port ID - A string that contains the specific identifier for the ◆ port from which this LLDPDU was transmitted.
Page 176: Displaying Lldp Port Statistics
| Monitoring the Switch HAPTER Displaying LLDP Information Use the LLDP Port Statistics page to display statistics on LLDP global LLDP ISPLAYING counters and control frames. TATISTICS ARAMETERS These parameters are displayed on the LLDP Port Statistics page: Global Counters Neighbor entries were last changed at - The time the LLDP ◆...
Page 177: Displaying Dhcp Relay Statistics
| Monitoring the Switch HAPTER Displaying DHCP Relay Statistics Age-Outs - Each LLDP frame contains information about how long the ◆ LLDP information is valid (age-out time). If no new LLDP frame is received within the age-out time, the LLDP information is removed, and the Age-Out counter is incremented.
Page 178 | Monitoring the Switch HAPTER Displaying DHCP Relay Statistics Receive Missing Agent Option - The number of packets that were ◆ received without agent information options. Receive Missing Circuit ID - The number of packets that were ◆ received with the Circuit ID option missing. Receive Missing Remote ID - The number of packets that were ◆...
Page 179: Displaying The Mac Address Table
| Monitoring the Switch HAPTER Displaying the MAC Address Table NTERFACE To display DHCP relay statistics, click Monitor, DHCP, Relay Statistics. Figure 63: DHCP Relay Statistics MAC A ISPLAYING THE DDRESS ABLE Use the MAC Address Table to display dynamic and static address entries associated with the CPU and each port.
Page 180: Figure 64: Mac Address Table
| Monitoring the Switch HAPTER Displaying the MAC Address Table NTERFACE To display the address table, click Monitor, MAC Address Table. Figure 64: MAC Address Table – 180 –...
Page 181: Performing Basic Diagnostics
ERFORMING ASIC IAGNOSTICS This chapter describes how to test network connectivity using Ping for IPv4 or IPv6, and how to test network cables. INGING AN DDRESS The Ping page is used to send ICMP echo request packets to another node on the network to determine if it can be reached.
Page 182: Running Cable Diagnostics
| Performing Basic Diagnostics HAPTER Running Cable Diagnostics Figure 65: ICMP Ping UNNING ABLE IAGNOSTICS The VeriPHY page is used to perform cable diagnostics for all ports or selected ports to diagnose any cable faults (short, open, etc.) and report the cable length.
Page 183: Figure 66: Veriphy Cable Diagnostics
| Performing Basic Diagnostics HAPTER Running Cable Diagnostics diagnostics results in the cable status table. Note that VeriPHY is only accurate for cables 7 - 140 meters long. Ports will be linked down while running VeriPHY. Therefore, running VeriPHY on a management port will cause the switch to stop responding until testing is completed.
Page 184 | Performing Basic Diagnostics HAPTER Running Cable Diagnostics – 184 –...
Page 185: Performing System Maintenance
ERFORMING YSTEM AINTENANCE This chapter describes how to perform basic maintenance tasks including upgrading software, restoring or saving configuration settings, and resetting the switch. ESETTING THE WITCH Use the Reset Device page to restart the switch. NTERFACE To restart the switch Click Maintenance, Reset Device.
Page 186: Restoring Factory Defaults
PGRADING IRMWARE Use the Software Upload page to upgrade the switch’s system firmware by specifying a file provided by SMC. You can download firmware files for your switch from the Support section of the SMC web site at www.smc.com. NTERFACE To upgrade firmware: Click Maintenance, Software Upload.
Page 187: Managing Configuration Files
| Performing System Maintenance HAPTER Managing Configuration Files While the firmware is being updated, Web access appears to be AUTION defunct. The front LED flashes Green/Off at a frequency of 10 Hz while the firmware update is in progress. Do not reset or power off the device at this time or the switch may fail to function afterwards.
Page 188: Restoring Configuration Settings
| Performing System Maintenance HAPTER Managing Configuration Files Use the Configuration Upload page to restore previously saved ESTORING configuration settings to the switch from a file on your local management ONFIGURATION station. ETTINGS NTERFACE To restore your current configuration settings: Click Maintenance, Configuration, Upload.
Page 189: Command Line Interface
ECTION OMMAND NTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: "Using the Command Line Interface" on page 191 ◆ "System Commands" on page 199 ◆...
Page 190 | Command Line Interface ECTION "SNMP Commands" on page 331 ◆ "HTTPS Commands" on page 353 ◆ "SSH Commands" on page 357 ◆ "UPnP Commands" on page 359 ◆ "DHCP Commands" on page 363 ◆ "Firmware Commands" on page 367 ◆...
Page 191: Using The Command Line Interface
SING THE OMMAND NTERFACE This chapter describes how to use the Command Line Interface (CLI). CCESSING THE When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet or Secure Shell connection (SSH), the switch can be managed by entering command keywords and parameters at the prompt.
Page 192: Telnet Connection
| Using the Command Line Interface HAPTER Accessing the CLI Telnet operates over the IP transport protocol. In this environment, your ELNET ONNECTION management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
Page 193: Entering Commands
| Using the Command Line Interface HAPTER Entering Commands After entering the Telnet command, the login screen displays: Username: admin Password: Login in progress... Welcome to Command Line Interface. Type 'help' or '?' to get help. Port Numbers: +-------------------------------------------------------------+ | +--+--+--+--+ +--+--+--+--+ +--+--+--+--+ +----+ +----+ | | | 1| 3| 5| 7| | 9|11|13|15| |17|19|21|23|...
Page 194: Minimum Abbreviation
| Using the Command Line Interface HAPTER Entering Commands To enter commands that require parameters, enter the required ◆ parameters after the command keyword. For example, to set a password for the administrator, enter: >system password admin The CLI will accept a minimum number of characters that uniquely identify INIMUM a command.
Page 195: Partial Keyword Lookup
| Using the Command Line Interface HAPTER Entering Commands Type '<group>' to enter command group, e.g. 'port'. Type '<group> ?' to get list of group commands, e.g. 'port ?'. Type '<command> ?' to get help on a command, e.g. 'port mode ?'. Commands may be abbreviated, e.g.
Page 196: Using Command History
| Using the Command Line Interface HAPTER Entering Commands The CLI maintains a history of commands that have been entered. You can SING OMMAND scroll back through the history of commands by pressing the up arrow key. ISTORY Any command displayed in the history list can be executed again, or first modified and then executed.
Page 197: Cli Command Groups
| Using the Command Line Interface HAPTER CLI Command Groups CLI C OMMAND ROUPS The system commands can be broken down into the functional groups shown below Table 15: Command Group Index Command Group Description Page System Configures general system settings, including descriptive information, user name and password, rebooting the system, setting the time zone, configuring the log levels to display, and filtering management access to the switch...
Page 198 | Using the Command Line Interface HAPTER CLI Command Groups Table 15: Command Group Index Command Group Description Page Firmware Upgrades firmware via a TFTP server Debug Displays debugging information for all key functions These commands are not described in this manual. Please refer to the prompt messages included in the CLI interface.
Page 199: System Commands
YSTEM OMMANDS This section describes commands used to configure information that uniquely identifies the switch, set the user name and password, reboot the system, set the time zone, configure the log levels to display, and filter management access to the switch through specified IP addresses. Table 16: System Commands Command Function...
Page 200: System Configuration
| System Commands HAPTER This command displays a brief summary of information that uniquely system identifies the switch, or a full list of all configuration settings for all ports or configuration for a specified port or port range. YNTAX system configuration [all [port-list]] all - Displays a full list of all configuration settings.
Page 201: System Restore Default
| System Commands HAPTER This command restores the original factory settings. Note that the LAN IP system restore Address, Subnet Mask and Gateway IP Address will be reset to their factory default defaults. YNTAX system restore default [keep_ip] all - Displays a full list of all configuration settings. EFAULT ETTING Restores all settings...
Page 202: System Location
| System Commands HAPTER EFAULT ETTING None OMMAND SAGE No blank spaces are permitted as part of the name string. XAMPLE System>name RD System> This command displays or sets the system location. system location YNTAX system location [location] location - String that describes the system location. (Maximum length: 255 characters) EFAULT ETTING...
Page 203: System Timezone
| System Commands HAPTER XAMPLE System>password edge System> This command displays or sets the time zone for the switch’s internal clock. system timezone YNTAX system timezone [offset] offset - Number of minutes before/after UTC. (Range: -720 minutes before to 720 minutes after) EFAULT ETTING no offset...
Page 204: System Access Configuration
| System Commands HAPTER XAMPLE System>log all Info 1970-01-01 02:22:38 +0000 Frame of 202 bytes received on port 4 Info 1970-01-01 02:22:41 +0000 Frame of 202 bytes received on port 3 Info 1970-01-01 02:23:09 +0000 Frame of 202 bytes received on port 4 Info 1970-01-01 02:23:12 +0000 Frame of 202 bytes received on port 3...
Page 205: System Access Add
| System Commands HAPTER This command adds IPv4 addresses that are allowed management access system access add to the switch through various protocols. YNTAX system access add access-id start-ip-addr end-ip-addr [web | snmp | telnet] access-id - Entry index. (Range: 1-16) start-ip-addr - The starting IPv4 address of a range.
Page 206: System Access Ipv6 Add
| System Commands HAPTER This command adds IPv6 addresses that are allowed management access system access ipv6 to the switch through various protocols. YNTAX system access ipv6 add access-id start-ip-addr end-ip-addr [web | snmp | telnet] access-id - Entry index. (Range: 1-16) start-ip-addr - The starting IPv6 address of a range.
Page 207: System Access Delete
| System Commands HAPTER This command deletes an access management entry. system access delete YNTAX system access delete access-id access-id - Entry index. (Range: 1-16) XAMPLE System/Access>delete 1 System/Access> This command displays specified access management entry. system access lookup YNTAX system access lookup access-id access-id - Entry index.
Page 208 | System Commands HAPTER XAMPLE System/Access>statistics Access Management Statistics: ----------------------------- HTTP Receive: Allow: Discard: HTTPS Receive: Allow: Discard: SNMP Receive: Allow: Discard: TELNET Receive: Allow: Discard: Receive: Allow: Discard: System/Access> – 208 –...
Page 209: Ip Commands
IP C OMMANDS This section describes commands used to configure IP settings, including IPv4 or IPv6 addresses, DHCP, DNS, DNS proxy, as well as SNTP. Table 17: IP Commands Command Function ip configuration Displays all settings for IPv4 and IPv6 and related functions ip dhcp Displays or sets the DHCP client mode ip setup...
Page 210: Ip Dhcp
| IP Commands HAPTER IPv6 Address : 192.168.2.10 IPv6 Prefix : 96 IPv6 Router : :: IPv6 VLAN ID SNTP Server IPv6 SNTP Server : :: Active Configuration: IP Address : 192.168.2.10 IP Mask : 255.255.255.0 IP Router : 0.0.0.0 DNS Server : 0.0.0.0 SNTP Server...
Page 211: Ip Setup
| IP Commands HAPTER If the IP DHCP option is enabled, the switch will start broadcasting ◆ service requests as soon as it is powered on. XAMPLE IP>dhcp enable IP>dhcp DHCP Client : Enabled Active Configuration: IP Address : 192.168.0.3 IP Mask : 255.255.255.0 IP Router...
Page 212: Ip Ping
| IP Commands HAPTER separated by periods. Anything outside this format will not be accepted by the configuration program. A gateway must be defined if the management station is located in a ◆ different IP segment. An default gateway can only be successfully set when a network ◆...
Page 213: Ip Dns
| IP Commands HAPTER Destination does not respond - If the host does not respond, a ■ “timeout” appears in ten seconds. Destination unreachable - The gateway for this destination indicates ■ that the destination is unreachable. Network or host unreachable - The gateway found no corresponding ■...
Page 214: Ip Sntp
| IP Commands HAPTER EFAULT ETTING Disabled OMMAND SAGE If enabled, the switch maintains a local database based on previous responses to DNS queries forwarded on behalf of attached clients. If the required information is not in the local database, the switch forwards the DNS query to a DNS server, stores the response in its local cache for future reference, and passes the response back to the client.
Page 215: Ip Ipv6 Setup
| IP Commands HAPTER OMMAND SAGE To connect to a larger network with multiple subnets, you must ◆ configure a global unicast address. This address can be automatically configured using this command, or it can be manually configured using ip ipv6 setup command (page 215).
Page 216: Ip Ipv6 Ping6
| IP Commands HAPTER To connect to a larger network with multiple subnets, you must ◆ configure a global unicast address. This address can be manually configured with this command, or it can be automatically configured using the ip ipv6 autoconfig command (page 214).
Page 217: Ip Ipv6 Sntp
| IP Commands HAPTER OMMAND SAGE An IPv6 address must be formatted according to RFC 2373 “IPv6 ◆ Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. ◆...
Page 218 | IP Commands HAPTER OMMAND SAGE The switch attempts to periodically update the time from the specified server. The polling interval is fixed at 15 minutes. XAMPLE IP/IPv6>sntp ::129.6.15.28 IP/IPv6> – 218 –...
Page 219: Authentication Commands
UTHENTICATION OMMANDS This section describes commands used to controls management access through RADIUS or TACACS+ authentication servers. Table 18: Authentication Commands Command Function auth configuration Displays settings for authentication servers and the authentication methods used for each access protocol auth timeout Displays or sets the time the switch waits for a reply from an authentication server before it resends the request auth deadtime...
Page 220: Auth Timeout
| Authentication Commands HAPTER RADIUS Accounting Server Configuration: ======================================= Server Mode IP Address Secret Port ------ -------- --------------- ------------------------------ ----- Disabled 1813 Disabled 1813 Disabled 1813 Disabled 1813 Disabled 1813 TACACS+ Authentication Server Configuration: ============================================ Server Mode IP Address Secret Port ------ --------...
Page 221: Auth Deadtime
| Authentication Commands HAPTER This command displays or sets the time after which the switch considers auth deadtime an authentication server to be dead if it does not reply. YNTAX auth deadtime [dead-time] dead-time - The time after which the switch considers an authentication server to be dead if it does not reply.
Page 222: Auth Acct_Radius
| Authentication Commands HAPTER OMMAND SAGE By default, management access is always checked against the ◆ authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication method and the corresponding parameters for the remote authentication protocol.
Page 223 | Authentication Commands HAPTER ip-addr - IP address or IP alias of accounting server. An IPv4 address consists of 4 numbers, 0 to 255, separated by periods. secret - Encryption key shared between the accounting server and the switch. (Maximum length: 29 characters) server-port - Network (UDP) port of accounting server used for accounting messages.
Page 224: Auth Tacacs
| Authentication Commands HAPTER This command displays or sets TACACS+ authentication server settings. auth tacacs+ YNTAX auth tacacs+ [server-index] [enable | disable] [ip-addr] [secret] [server-port] server-index - Allows you to specify up to five servers. These servers are queried in sequence until a server responds or the retransmit period expires.
Page 225: Auth Client
| Authentication Commands HAPTER XAMPLE Auth>tacacs+ 1 enable 192.168.0.39 “no problem” Auth>tacacs+ TACACS+ Authentication Server Configuration: ============================================ Server Mode IP Address Secret Port ------ -------- --------------- ------------------------------ ----- Enabled 192.168.0.39 ********** Disabled Disabled Disabled Disabled Auth> This command displays or sets the authentication methods used for each auth client management access protocol.
Page 226: Auth Statistics
| Authentication Commands HAPTER XAMPLE Auth>client telnet radius enable Auth>client Client Configuration: ===================== Client Authentication Method Local Authentication Fallback ------- ---------------------- ----------------------------- console local Disabled telnet RADIUS Enabled local Disabled local Disabled Auth> This command displays statistics for configured authentication and auth statistics accounting servers.
Page 227: Authentication Commands
| Authentication Commands HAPTER State: Disabled Round-Trip Time: 0 ms Server #2 (0.0.0.0:1813) RADIUS Accounting Statistics: Rx Responses: Tx Requests: Rx Malformed Responses: Tx Retransmissions: Rx Bad Authenticators: Tx Pending Requests: Rx Unknown Types: Tx Timeouts: Rx Packets Dropped: State: Disabled Round-Trip Time: 0 ms...
Page 228 | Authentication Commands HAPTER Rx Bad Authenticators: Tx Pending Requests: Rx Unknown Types: Tx Timeouts: Rx Packets Dropped: State: Disabled Round-Trip Time: 0 ms Auth> – 228 –...
Page 229: Port Commands
OMMANDS This section describes commands used to configure connection parameters for ports, power saving mode, and cable testing. Table 19: Port Commands Command Function port configuration Displays configuration settings port state Displays or sets administrative state to enabled or disabled port mode Displays or sets port speed and duplex mode port flow control...
Page 230 | Port Commands HAPTER Table 20: Port Configuration (Continued) Field Description Flow Control Flow control mode (Enabled or Disabled) MaxFrame Maximum frame size Power Power saving mode (Enabled or Disabled) Excessive Response to take when excessive transmit collisions are detected on a port (Discard frame or Restart backoff algorithm) Link Link status (connection speed/duplex mode or down)
Page 231: Port State
| Port Commands HAPTER This command displays the administrative state, or sets it enabled or port state disabled. YNTAX port state [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Enables the specified ports. disable - Disables the specified ports.
Page 232: Port Flow Control
| Port Commands HAPTER OMMAND SAGE The 1000BASE-T standard does not support forced mode. Auto- negotiation should always be used to establish a connection over any 1000BASE-T port or trunk. If not used, the success of the link process cannot be guaranteed when connecting to other types of switches. XAMPLE Port>mode 5 100hdx Port>mode 5...
Page 233: Port Maxframe
| Port Commands HAPTER XAMPLE Port>flow control 5 enable Port>flow control 5 Port Flow Control Rx Pause Tx Pause ---- ------------ -------- -------- Enabled Enabled Enabled Port> This command displays or sets the maximum frame size allowed for a port. port maxframe YNTAX port maxframe [port-list] [max-frame]...
Page 234: Port Excessive
| Port Commands HAPTER Enabling power saving mode can significantly reduce power used for cable lengths of 20 meters or less, and continue to ensure signal integrity. XAMPLE This example indicates that power usage for port 5 is 41% of normal. Port>power 5 enable Port>power 5 Port...
Page 235: Port Statistics
| Port Commands HAPTER This command displays port statistics. port statistics YNTAX port statistics [port-list] [clear] [statistic] port-list - A specific port or a range of ports. (Range: 1-28, or all) clear - Clears port statistics statistic - Specifies the statistics to display. packets - The number of packets received and transmitted.
Page 236: Port Veriphy
| Port Commands HAPTER Rx High: Tx High: Rx Drops: Tx Drops: Rx CRC/Alignment: Tx Late/Exc. Coll.: Rx Undersize: Rx Oversize: Rx Fragments: Rx Jabbers: Rx Filtered: Port> This command performs cable diagnostics to diagnose any cable faults port veriphy (short, open, etc.) and report the cable length.
Page 237: Port Numbers
| Port Commands HAPTER XAMPLE This example shows the cable length, operating conditions and isolates a variety of common faults that can occur on Category 5 twisted pair cabling. Port>veriphy 1-10 Starting VeriPHY, please wait Port Pair A Length Pair B Length Pair C Length...
Page 238 | Port Commands HAPTER – 238 –...
Page 239: Link Aggregation Commands
GGREGATION OMMANDS This section describes commands used to configures static port aggregation, including member assignment, and load balancing methods. Table 21: Link Aggregation Commands Command Function aggr configuration Displays configuration settings for all link aggregation groups aggr add Adds or modifies member ports for a link aggregation group aggr delete Deletes a link aggregation group aggr lookup...
Page 240: Aggr Configuration
| Link Aggregation Commands HAPTER When configuring static trunks on switches of different types, they ■ must be compatible with the Cisco EtherChannel standard. The ports at both ends of a trunk must be configured in an identical ■ manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
Page 241: Aggr Add
| Link Aggregation Commands HAPTER This command adds or modifies member ports for a link aggregation aggr add group. YNTAX aggr add port-list [aggr-id] port-list - A specific port or a range of ports. (Range: 1-28) aggr-id - Trunk identifier. If not specified, the next available aggregation ID is used.
Page 242: Aggr Lookup
| Link Aggregation Commands HAPTER This command displays information on the specified link aggregation aggr lookup group. YNTAX aggr lookup [aggr-id] aggr-id - Trunk identifier. (Range: 1-14) EFAULT ETTING Displays information for all link aggregation groups. XAMPLE Aggr>lookup 2 Aggr ID Name Type Configured Ports...
Page 243 | Link Aggregation Commands HAPTER enable - Enables the specified methods for traffic distribution. disable - Disables the specified methods for traffic distribution. EFAULT ETTING Source MAC Address IP Address TCP/UDP Port Number OMMAND SAGE When incoming data frames are forwarded through the switch to a trunk, the switch must determine to which port link in the trunk an outgoing frame should be sent.
Page 244 | Link Aggregation Commands HAPTER – 244 –...
Page 245: Lacp Commands
LACP C OMMANDS This section describes commands used to configures the Link Aggregation Control Protocol. Table 22: LACP Commands Command Function lacp configuration Displays LACP configuration settings for specified ports lacp mode Displays or sets LACP mode for specified ports lacp key Displays or sets the LACP administration key for specified ports lacp role...
Page 246 | LACP Commands HAPTER The ports at both ends of a connection must be configured as trunk ■ ports. The ports at both ends of a trunk must be configured in an identical ■ manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
Page 247: Lacp Configuration
| LACP Commands HAPTER This command displays the LACP configuration settings for specified ports. lacp configuration YNTAX lacp configuration [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) XAMPLE In the following example, Key refers to the LACP administration key, and Role to the protocol initiation mode.
Page 248: Lacp Key
| LACP Commands HAPTER XAMPLE LACP>mode 4-7 enable LACP>mode 1-10 Port Mode ---- -------- Disabled Disabled Disabled Enabled Enabled Enabled Enabled Disabled Disabled Disabled LACP> This command displays or sets the LACP administration key for specified lacp key ports. YNTAX lacp key [port-list] [key] port-list - A specific port or a range of ports.
Page 249: Lacp Status
| LACP Commands HAPTER EFAULT ETTING Active XAMPLE LACP>role 11-15 passive LACP> This command displays the operational status for specified ports. lacp status YNTAX lacp status [port-list] port-list - A specific port or a range of ports. (Range: 1-28, or all) XAMPLE LACP>status 1-10 Aggr ID...
Page 250 | LACP Commands HAPTER XAMPLE This example shows the number of LACP frames received and transmitted, as well as the number of unknown or illegal LACP frames that have been discarded. LACP>statistics 4-5 Port Rx Frames Tx Frames Rx Unknown Rx Illegal ---- ----------...
Page 251: Rstp Commands
RSTP C OMMANDS This section describes commands used to configure the Rapid Spanning Tree Protocol. Table 23: RSTP Commands Command Function rstp configuration Displays RSTP configuration settings for specified interfaces rstp sysprio Displays or sets RSTP system priority rstp age Displays or sets RSTP maximum age rstp delay Displays or sets RSTP forward delay...
Page 252: Rstp Configuration
| RSTP Commands HAPTER This command displays RSTP configuration settings for specified interfaces. rstp configuration YNTAX rstp configuration [port-list] port-list - A specific port or a range of ports. (Range: 1-28, all for all ports, or 0 for all link aggregation groups) XAMPLE In the following example, Key refers to the LACP administration key, and Role to the protocol initiation mode.
Page 253: Rstp Age
| RSTP Commands HAPTER This command displays or sets RSTP maximum age. rstp age YNTAX rstp age [maximum-age] maximum-age - The maximum time a device can wait without receiving a configuration message before attempting to reconfigure. (Range: 6-40 seconds) Minimum: The higher of 6 or [2 x (Hello Time + 1)] Maximum: The lower of 40 or [2 x (Forward Delay - 1)] EFAULT ETTING...
Page 254: Rstp Txhold
| RSTP Commands HAPTER XAMPLE RSTP>delay 20 RSTP> This command displays or sets RSTP Transmit Hold Count. rstp txhold YNTAX rstp txhold [transmit-hold] transmit-hold - The number of BPDUs a bridge port can send per second. When exceeded, transmission of the next BPDU will be delayed.
Page 255: Rstp Mode
| RSTP Commands HAPTER XAMPLE RSTP>version compatible RSTP> This command displays or sets RSTP administrative mode for specified rstp mode interfaces. YNTAX rstp mode [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, all for all ports, or 0 for all link aggregation groups) enable - Enables RSTP.
Page 256: Table 24: Recommended Sta Path Cost Range
| RSTP Commands HAPTER Table 24: Recommended STA Path Cost Range Port Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet 50-600 200,000-20,000,000 Fast Ethernet 10-60 20,000-2,000,000 Gigabit Ethernet 3-10 2,000-200,000 Table 25: Recommended STA Path Costs Port Type Link Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet Half Duplex...
Page 257: Rstp Priority
| RSTP Commands HAPTER This command displays or sets RSTP priority for specified interfaces. rstp priority YNTAX rstp priority [port-list] [priority] port-list - A specific port or a range of ports. (Range: 1-28, all for all ports, or 0 for all link aggregation groups) priority - The priority for an interface.
Page 258: Rstp Autoedge
| RSTP Commands HAPTER overcomes other STA-related time-out problems. However, remember that this feature should only be enabled for ports connected to an end-node device. XAMPLE RSTP>edge 19 enable RSTP> This command displays or sets RSTP automatic edge port detection for rstp autoedge specified ports.
Page 259: Rstp P2P
| RSTP Commands HAPTER This command displays or sets RSTP point-to-point link type for specified rstp p2p ports. YNTAX rstp p2p [port-list] [enable | disable | auto] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Specifies a point-to-point connection to exactly one other bridge.
Page 260: Rstp Statistics
| RSTP Commands HAPTER RSTP>status 1 RSTP Bridge Status Bridge ID : 40960-00:01:C1:00:00:E1 Root ID : 32768-00:01:EC:F8:D8:C6 Root Port Root Cost : 200000 TC Flag : Steady TC Count : 161 TC Last 0d 01:10:47 Port Port Role State PathCost Edge Uptime ---------...
Page 261 | RSTP Commands HAPTER appropriate BPDU format to send on the selected interfaces (i.e., RSTP or STP-compatible). XAMPLE RSTP>mcheck RSTP> – 261 –...
Page 262 | RSTP Commands HAPTER – 262 –...
Page 263: Ieee 802.1X Commands
IEEE 802.1X C OMMANDS The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).
Page 264: Table 28: 802.1X Configuration
| IEEE 802.1X Commands HAPTER OMMAND SAGE The fields shown by this command are described below: Table 28: 802.1X Configuration Field Description Port Port index Admin State Administrative state (Enabled or Disabled) Port State Operational state: • Disabled - 802.1X and MAC-based authentication are globally disabled.
Page 265: Dot1X Mode
| IEEE 802.1X Commands HAPTER This command displays or sets the 802.1X mode for the switch. dot1x mode YNTAX dot1x mode [enable | disable] enable - Enables 802.1X globally for the switch. disable - Disables 802.1X globally for the switch. EFAULT ETTING Disabled...
Page 266: Dot1X Authenticate
| IEEE 802.1X Commands HAPTER OMMAND SAGE The authentication mode can only be set to Authorized for ports ◆ participating in the Spanning Tree algorithm (see page 255). When 802.1X authentication is enabled on a port, the MAC address ◆ learning function for this interface is disabled, and the addresses dynamically learned on this port are removed from the common address table.
Page 267: Dot1X Reauthentication
| IEEE 802.1X Commands HAPTER authentication mode is set to “auto” or “macbased” (using the dot1x state command described on page 265). XAMPLE Dot1x>authenticate 9 Dot1x> This command displays or sets periodic re-authentication for all ports. dot1x reauthentication YNTAX dot1x reauthentication [enable | disable] enable - Schedules reauthentication to whenever the quiet-period of the port runs out (port-based authentication).
Page 268: Dot1X Period
| IEEE 802.1X Commands HAPTER This command displays or sets the re-authentication period. dot1x period YNTAX dot1x period [reauth-period] reauth-period - The time after which a connected client must be re-authenticated. (Range: 1-3600 seconds) EFAULT ETTING 3600 seconds XAMPLE Dot1x>period 300 Dot1x>...
Page 269: Dot1X Agetime
| IEEE 802.1X Commands HAPTER EFAULT ETTING Allows all new clients. OMMAND SAGE The switch has a fixed pool of state-machines, from which all ports draw whenever a new client is seen on the port. When a given port's maximum is reached (counting both authorized and unauthorized clients), further new clients are disallowed access.
Page 270: Dot1X Holdtime
| IEEE 802.1X Commands HAPTER XAMPLE Dot1x>agetime 900 Dot1x> This command displays or sets the hold time before MAC addresses that dot1x holdtime failed authentication expire. YNTAX dot1x holdtime [hold-time] hold-time - The time after an EAP Failure indication or RADIUS timeout that a client is not allowed access.
Page 271 | IEEE 802.1X Commands HAPTER OMMAND SAGE For MAC-based ports, it shows only statistics for the backend RADIUS ◆ authentication server. For a description of the information displayed by command, see ◆ "Displaying Detailed Port Statistics" on page 152. XAMPLE Dot1x>statistics 1 Rx Access Rx Other...
Page 272 | IEEE 802.1X Commands HAPTER – 272 –...
Page 273: Igmp Commands
IGMP C OMMANDS This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 274: Table 30: Igmp Configuration
| IGMP Commands HAPTER OMMAND SAGE The fields shown by this command are described below: Table 30: IGMP Configuration Field Description Global Settings IGMP Mode Shows if IGMP snooping is enabled or disabled IGMP Leave Proxy Shows if leave messages are suppressed unless received from the last member port in the group Flooding Shows if unregistered multicast traffic is flooded into attached VLANs...
Page 275: Igmp Mode
| IGMP Commands HAPTER This command displays or sets the IGMP snooping mode for the switch. igmp mode YNTAX igmp mode [enable | disable] enable - Enables IGMP snooping globally for the switch. When IGMP snooping is enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic.
Page 276: Igmp Querier
| IGMP Commands HAPTER XAMPLE IGMP>state enable IGMP> This command displays or sets the IGMP querier mode for the specified igmp querier VLAN. YNTAX igmp querier [vlan-id] [enable | disable] vlan-id - VLAN to which the management address is assigned. (Range: 1-4095) enable - Enables the switch to serve as querier on this VLAN.
Page 277: Igmp Fastleave
| IGMP Commands HAPTER This command displays or sets IGMP fast leave for specified ports. igmp fastleave YNTAX igmp fastleave [port-list] [enable | disable] port-list - A specific port or range of ports. (Range: 1-28, or all) enable - Enables IGMP fast leave. If enabled, the switch immediately deletes a member port of a multicast service if a leave packet is received at that port.
Page 278: Igmp Leave Proxy
| IGMP Commands HAPTER This command displays or sets IGMP leave proxy for the switch. igmp leave proxy YNTAX igmp leave proxy [enable | disable] enable - Enables IGMP leave proxy. If enabled, the switch suppresses leave messages unless received from the last member port in the group.
Page 279: Igmp Filtering
| IGMP Commands HAPTER OMMAND SAGE IGMP throttling sets a maximum number of multicast groups that a port can join at the same time. When the maximum number of groups is reached on a port, any new IGMP join reports will be dropped. XAMPLE IGMP>throttling 9 5 IGMP>...
Page 280: Igmp Router
| IGMP Commands HAPTER This command displays or sets specified ports which are attached to a igmp router known IGMP router. YNTAX igmp router [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Sets the specified ports to function as a router port, which leads towards a Layer 3 multicast device or IGMP querier.
Page 281: Igmp Groups
| IGMP Commands HAPTER XAMPLE IGMP>flooding enable IGMP> This command displays active IGMP groups. igmp groups YNTAX igmp groups [vlan-id] vlan-id - VLAN identifier. (Range: 1-4095) EFAULT ETTING Displays groups for all VLANs. XAMPLE IGMP>groups Group Ports ---- --------------- ----- 239.255.255.250 IGMP>...
Page 282 | IGMP Commands HAPTER – 282 –...
Page 283: Lldp Commands
LLDP C OMMANDS Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
Page 284: Lldp Mode
| LLDP Commands HAPTER XAMPLE LLDP>configuration 1 Interval : 30 Hold Tx Delay Reinit Delay: 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness ---- -------- ---------- ----------- ------------ ----------- --------- ------------ Disabled Enabled Enabled Enabled Enabled...
Page 285: Lldp Interval
| LLDP Commands HAPTER identification of the system's hardware type, software operating system, and networking software. sys_capa - The system capabilities identifies the primary function(s) of the system and whether or not these primary functions are enabled. The information advertised by this TLV is described in IEEE 802.1AB.
Page 286: Lldp Hold
| LLDP Commands HAPTER XAMPLE LLDP>interval 60 LLDP> This command displays or sets the TTL value sent in LLDP advertisements. lldp hold YNTAX lldp hold [hold] hold - The time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below. (Range: 2-10) TTL in seconds is based on the following rule: (Transmission Interval * Transmission Hold Time) ≤...
Page 287: Lldp Reinit
| LLDP Commands HAPTER OMMAND SAGE The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission.
Page 288: Lldp Statistics
| LLDP Commands HAPTER XAMPLE LLDP>info Local port : Port 4 Chassis ID : 00-01-c1-00-00-a9 Port ID : 00-30-FC-12-34-58 Port Description : Ethernet Port on unit 1, port 2 System Name System Description System Capabilities : Bridge(+) Management Address : 192.168.2.20 (IPv4) LLDP>...
Page 289: Lldp Cdp_Aware
| LLDP Commands HAPTER This command displays or configures whether or not discovery information lldp cdp_aware from received CDP frames is added to the LLDP neighbor table. YNTAX lldp cdp_aware [port-list] [enable | disable] port-list - A specific port or range of ports. (Range: 1-28, or all) enable - Enables decoding of Cisco Discovery Protocol frames.
Page 290 | LLDP Commands HAPTER – 290 –...
Page 291: Mac Commands
MAC C OMMANDS This section describes commands used to configure the MAC address table, including learning mode, aging time, and setting static addresses. Table 32: MAC Commands Command Function mac configuration Displays MAC address table configuration for specified ports mac add Adds a static MAC address to the specified port and VLAN mac delete Deletes a MAC address entry from the specified VLAN...
Page 292: Mac Add
| MAC Commands HAPTER This command adds a static MAC address to the specified port and VLAN. mac add YNTAX mac add mac-address port-list [vlan-id] mac-address - Physical address of a device mapped to a port. port-list - A specific port or a range of ports. (Range: 1-28, all, or none) vlan-id - VLAN identifier.
Page 293: Mac Lookup
| MAC Commands HAPTER This command searches for the specified MAC address in the specified mac lookup VLAN. YNTAX mac lookup mac-address [vlan-id] mac-address - Physical address of a device mapped to a port. vlan-id - VLAN identifier. (Range: 1-4095) XAMPLE MAC>lookup 00-12-cf-94-34-dd Type...
Page 294: Mac Dump
| MAC Commands HAPTER EFAULT ETTING Auto OMMAND SAGE Make sure that the link used for managing the switch is added to the Static MAC Table before changing to secure learning mode. Otherwise the management link will be lost, and can only be restored by using another non-secure port or by connecting to the switch via the serial interface.
Page 295: Mac Statistics
| MAC Commands HAPTER This command displays statistics on the type and number of MAC mac statistics addresses associated with specified ports. YNTAX mac statistics [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) EFAULT ETTING Displays statistics for all ports.
Page 296 | MAC Commands HAPTER – 296 –...
Page 297: Vlan Commands
VLAN C OMMANDS This section describes commands used to configure standard IEEE 802.1Q VLANs port members and port attributes. Table 33: VLAN Commands Command Function vlan configuration Displays VLAN attributes for specified ports and list of ports assigned to each VLAN vlan aware Displays or sets whether or not a port processes the VLAN ID in ingress frames...
Page 298: Vlan Aware
| VLAN Commands HAPTER This command displays or sets whether or not a port processes the VLAN vlan aware ID in ingress frames. YNTAX vlan aware [enable | disable] enable - Each frame is assigned to the VLAN indicated in the VLAN tag, and the tag is removed.
Page 299: Vlan Pvid
| VLAN Commands HAPTER This command displays or sets the VLAN ID assigned to untagged frames vlan pvid received on specified ports. YNTAX vlan pvid [port-list] [vlan-id | none] port-list - A specific port or range of ports. (Range: 1-28, or all) vlan-id - VLAN identifier.
Page 300: Vlan Ingressfilter
| VLAN Commands HAPTER This command displays or sets ingress filtering for specified ports, which vlan ingressfilter when enabled, discards frames tagged for VLANs for which it is not a member. YNTAX vlan ingressfilter [port-list] [enable | disable] port-list - A specific port or range of ports. (Range: 1-28, or all) enable - If a port receives frames tagged for VLANs for which it is not a member, these frames will be discarded.
Page 301: Vlan Add
| VLAN Commands HAPTER This command adds specified ports to a VLAN. vlan add YNTAX vlan add [vlan-id] [port-list] vlan-id - VLAN identifier. (Range: 1-4095) port-list - A specific port or range of ports. (Range: 1-28, or all) EFAULT ETTING All ports are assigned to VLAN 1.
Page 302: Vlan Lookup
| VLAN Commands HAPTER This command displays port members for specified VLAN. vlan lookup YNTAX vlan lookup [vlan-id] vlan-id - VLAN identifier. (Range: 1-4095) XAMPLE VLAN>lookup 2 Ports ---- ----- VLAN> – 302 –...
Page 303: Pvlan Commands
PVLAN C OMMANDS This section describes commands used to configure private VLANs (PVLAN) and isolated ports, providing port-based security and isolation between ports within the assigned VLAN. Table 34: PVLAN Commands Command Function pvlan configuration Displays PVLAN member ports, and whether or not port isolation is enabled pvlan add Add specified ports to a PVLAN...
Page 304: Pvlan Add
| PVLAN Commands HAPTER This command add specified ports to a PVLAN. pvlan add YNTAX pvlan add pvlan-id [port-list] pvlan-id - PVLAN identifier. (Range: 1-4095) port-list - A specific port or a range of ports. (Range: 1-28, or all) EFAULT ETTING Adds all ports.
Page 305: Pvlan Lookup
| PVLAN Commands HAPTER This command displays the specified PVLANs and port members. pvlan lookup YNTAX vlan lookup [pvlan-id] pvlan-id - PVLAN identifier. (Range: 1-4095) XAMPLE PVLAN>lookup 2 PVLAN ID Ports -------- ----- 6-10 PVLAN> This command displays or sets port isolation between ports within the pvlan isolate same PVLAN.
Page 306 | PVLAN Commands HAPTER – 306 –...
Page 307: O S Commands
OMMANDS This section describes commands used to configure quality of service parameters, including the default port queue, the default tag assigned to untagged frames, input rate limiting, output shaping, queue mode, queue weight, quality control lists, storm control, DSCP remarking, and DSCP queue mapping.
Page 308: Qos Configuration
| QoS Commands HAPTER This command displays QoS configuration settings, including storm control, qos configuration default priority queue, default tag priority, quality control list, rate limiting, queuing mode and queue weights. YNTAX qos configuration [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) XAMPLE QoS>configuration 1-10 Traffic Classes: 4...
Page 309: Qos Tagprio
| QoS Commands HAPTER This command displays or sets the default tag priority (used when adding a qos tagprio tag to untagged frames) for specified ports. YNTAX qos tagprio [port-list] [tag-priority] port-list - A specific port or range of ports. (Range: 1-28, or all) tag-priority - The default priority used when adding a tag to untagged frames.
Page 310: Qos Qcl Add
| QoS Commands HAPTER XAMPLE QoS>QCL>port 9 1 QoS>QCL> This command adds or modifies a QoS control entry. qos qcl add YNTAX qos qcl add [qcl-id] [qce-id] [qce-id-next] {etype ethernet-type | vid vlan-id | port udp-tcp-port | dscp dscp | tos tos-list | tag-prio tag-priority-list} class qcl-id - A Quality Control List containing one or more classification criteria used to determine the traffic class to which a frame is...
Page 311: Qos Qcl Delete
| QoS Commands HAPTER EFAULT ETTING QCL: 1 QCE: 1 OMMAND SAGE The braces used in the syntax of this command indicate that one of the ◆ classification criteria must be specified. The class parameter must also be specified in each command. The other parameters are optional. Once a QCL is mapped to a port using the qos qcl port (see...
Page 312: Qos Qcl Lookup
| QoS Commands HAPTER This command displays the specified QoS control list or control entry. qos qcl lookup YNTAX qos qcl lookup [qcl-id] [qce-id] qcl-id - A Quality Control List containing one or more classification criteria used to determine the traffic class to which a frame is assigned.
Page 313: Qos Weight
| QoS Commands HAPTER This command displays or sets the egress queue weight for specified ports. qos weight YNTAX qos weight [port-list] [class] [weight] port-list - A specific port or range of ports. (Range: 1-28, or all) class - Output queue buffer. (Range: low/normal/medium/high or 1/2/3/4) weight - The weight assigned to the specified egress queue, and thereby to the corresponding traffic priorities.
Page 314: Qos Shaper
| QoS Commands HAPTER OMMAND SAGE Rate limiting controls the maximum rate for traffic transmitted or received on an interface. Rate limiting can be configured on interfaces at the edge of a network to form part of the customer service package by limiting traffic into or out of the switch.
Page 315: Qos Storm Unicast
| QoS Commands HAPTER This command displays or sets unknown unicast storm rate limits for the qos storm unicast switch. YNTAX qos storm unicast [enable | disable] [packet-rate] enable - Enables unknown unicast storm control. disable - Disables unknown unicast storm control. packet-rate - The threshold above which packets are dropped.
Page 316: Qos Storm Broadcast
| QoS Commands HAPTER Due to an ASIC limitation, the enforced rate limits are slightly less than ◆ the listed options. For example: 1 Kpps translates into an enforced threshold of 1002.1 pps. XAMPLE QoS>Storm>multicast enable 2k QoS>Storm> This command displays or sets broadcast storm rate limits for the switch. qos storm broadcast YNTAX...
Page 317: Qos Dscp Queue Mapping
| QoS Commands HAPTER EFAULT ETTING Disabled XAMPLE QoS>DSCP>remarking 9 enable QoS>DSCP> This command displays or sets the DSCP value used for DSCP remarking qos dscp queue for specified ports. mapping YNTAX qos dscp queue mapping [port-list] [class] [dscp] port-list - A specific port or range of ports. (Range: 1-28, or all) class - Output queue buffer.
Page 318 | QoS Commands HAPTER – 318 –...
Page 319: Acl Commands
ACL C OMMANDS This section describes commands used to configure access control lists, including policies, responses, and rate limiters. Table 37: ACL Commands Command Function acl configuration Displays ACL configuration settings, including policy, response, rate limiters, port copy, logging, and shutdown acl action Displays or sets default action for specified ports, including permit/deny, rare limiters, port copy, logging, and shutdown...
Page 320: Acl Action
| ACL Commands HAPTER ACL> This command displays or sets the default action for specified ports, acl action including permit/deny, rate limiters, port copy, logging, and shutdown. YNTAX acl action [port-list] [permit | deny] [rate-limiter] [port-copy] [logging] [shutdown] port-list - A specific port or range of ports. (Range: 1-28, or all) permit - Permits a frame if it matches a rule defined in the assigned policy (see the acl policy...
Page 321: Acl Policy
| ACL Commands HAPTER This command displays or sets the policy assigned to specified ports. acl policy YNTAX acl policy [port-list] [policy] port-list - A specific port or range of ports. (Range: 1-28, or all) policy - An ACL policy configured with the acl add command, containing one or more ACEs.
Page 322: Acl Add
| ACL Commands HAPTER This command adds or modifies an access control entry. acl add YNTAX acl add [ace-id] [ace-id-next] [switch | (port port) | (policy policy)] [vlan-id] [tag-priority] [dmac-type] [(etype [ethernet-type] [smac] [dmac]) | (arp [sip] [dip] [smac] [arp-opcode] [arp-flags]) | (ip [sip] [dip] [protocol] [ip-flags]) | (icmp [sip] [dip] [icmp-type] [icmp-code] [ip-flags]) | (udp [sip] [dip] [sport] [dport] [ip-flags]) |...
Page 323 | ACL Commands HAPTER ARP/RARP opcode set to ARP, rarp - frame must have ARP/ RARP opcode set to RARP, other - frame has unknown ARP/ RARP opcode flag; Default: any) arp-flags - One of the following ARP flags: request - Frame must have ARP Request or RARP Request opcode flag set.
Page 324 | ACL Commands HAPTER udp - One of the following UDP parameters: sip - Source IP address (a.b.c.d/n) or any. dip - Destination IP address (a.b.c.d/n) or any. sport - Source UDP port/range (0-65535) or any. dport - Destination UDP port/range (0-65535) or any. ip-flags - One of the IP flags listed under the ip parameter.
Page 325: Acl Delete
| ACL Commands HAPTER OMMAND SAGE Rules within an ACL are checked in the configured order, from top to bottom. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.
Page 326: Acl Clear
| ACL Commands HAPTER Tag Priority: Any ACL> This command clears all ACL counters displayed in the ACL lookup table acl clear (see the acl lookup command, page 325). YNTAX acl clear XAMPLE ACL>clear ACL> – 326 –...
Page 327: Mirror Commands
IRROR OMMANDS This section describes commands used to mirror data to another port for analysis without affecting the data passing through or the performance of the monitored port. Table 38: Mirror Commands Command Function mirror configuration Displays the port mirroring configuration mirror port Displays or sets the destination port to which data is mirrored mirror mode...
Page 328: Mirror Mode
| Mirror Commands HAPTER EFAULT ETTING Displays the destination mirror port. XAMPLE Mirror>port 9 Mirror> This command displays or sets the mirror mode for specified source ports. mirror mode YNTAX mirror mode [port-list] [enable | disable | rx | tx] port-list - A specific port or range of ports.
Page 329: Config Commands
ONFIG OMMANDS This section describes commands used to saves or restore configuration settings. Table 39: Configuration Commands Command Function config save Saves configuration settings to a TFTP server config load Loads configuration settings from a TFTP server This command saves the switch’s current configuration settings to a file on config save a TFTP server.
Page 330: Config Load
| Config Commands HAPTER This command loads configuration settings from a TFTP server to the config load switch. YNTAX config load tftp-server file-name [check] tftp-server - TFTP server’s IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. file-name - The name of a previously saved configuration file.
Page 331: Snmp Commands
SNMP C OMMANDS This section describes commands used to control access to this switch from management stations using the Simple Network Management Protocol (SNMP), including configuring community strings, trap managers, and basic settings for SNMPv3. SNMP Version 3 also provides strong security features that cover message integrity, authentication, and encryption;...
Page 332: Snmp Configuration
| SNMP Commands HAPTER Table 40: SNMP Commands (Continued) Command Function snmp community add Adds or modifies an SNMPv3 community entry snmp community delete Deletes an SNMPv3 community entry snmp community lookup Displays SNMPv3 community entries snmp user add Adds an SNMPv3 user entry snmp user delete Deletes an SNMPv3 user entry snmp user changekey...
Page 333: Snmp Mode
| SNMP Commands HAPTER Trap Security Engine ID Trap Security Name : None SNMPv3 Engine ID : 800007e5017f000001 SNMPv3 Communities Table: Idx Community Source IP Source Mask --- -------------------------------- --------------- --------------- public 0.0.0.0 0.0.0.0 private 0.0.0.0 0.0.0.0 192.168.2.0 255.255.255.0 Number of entries: 3 SNMPv3 Users Table: Idx Engine ID User Name Level...
Page 334: Snmp Version
| SNMP Commands HAPTER OMMAND SAGE To manage the switch through SNMP, you must first enable the protocol and configure the basic access parameters. XAMPLE SNMP>mode enable SNMP> This command displays or sets the SNMP protocol version. snmp version YNTAX snmp version [1 | 2c | 3] 1 - SNMP version 1.
Page 335: Snmp Write Community
| SNMP Commands HAPTER XAMPLE SNMP>read community tps SNMP> This command displays or sets the community string for SNMP read/write snmp write access. community YNTAX snmp write community [community] community - The community used for read/write access to the SNMP agent. (Range: 0-255 characters, ASCII characters 33-126 only) EFAULT ETTING...
Page 336: Snmp Trap Version
| SNMP Commands HAPTER XAMPLE SNMP/Trap>mode enable SNMP/Trap> This command displays or sets the SNMP trap protocol version. snmp trap version YNTAX snmp trap version [1 | 2c | 3] 1 - SNMP version 1. 2c - SNMP version 2c. 3 - SNMP version 3.
Page 337: Snmp Trap Destination
| SNMP Commands HAPTER This command displays or sets the SNMP trap destination's IPv4 address. snmp trap destination YNTAX snmp trap destination [ip-address] ip-address - IPv4 address or alias of the management station to receive notification messages. An IPv4 address consists of 4 numbers, 0 to 255, separated by periods.
Page 338: Snmp Trap Link-Up
| SNMP Commands HAPTER OMMAND SAGE When this function is enabled, the switch will issue a notification message to specified IP trap managers whenever authentication of an SNMP request fails. XAMPLE SNMP/Trap>authentication failure enable SNMP/Trap> This command displays or sets the port link-up and link-down trap mode. snmp trap link-up YNTAX snmp trap link-up [enable | disable]...
Page 339: Snmp Trap Inform Timeout
| SNMP Commands HAPTER that critical information is received by the host. However, note that informs consume more system resources because they must be kept in memory until a response is received. Informs also add to network traffic. You should consider these effects when deciding whether to issue notifications as traps or informs.
Page 340: Snmp Trap Probe Security Engine Id
| SNMP Commands HAPTER This command displays or sets the SNMP trap security engine ID probe snmp trap probe mode. security engine id YNTAX snmp trap probe security engine id [enable | disable] enable - Enable SNMP trap security engine ID probe mode, whereby the switch uses the engine ID of the SNMP trap probe in trap and inform messages.
Page 341: Snmp Trap Security Name
| SNMP Commands HAPTER This command displays or sets the SNMP trap security name. snmp trap security name YNTAX snmp trap security name [security-name] security-name - Specifies the SNMP trap security name. SNMPv3 traps and informs use USM for authentication and privacy. A unique security name is needed when SNMPv3 traps or informs are enabled.
Page 342: Snmp Community Add
| SNMP Commands HAPTER XAMPLE SNMP>engine id 800007e5017f000005 Changing Engine ID will clear all original local users SNMP> This command adds or modifies an SNMPv3 community entry. snmp community YNTAX snmp community add community [ip-address] [address-mask] community - Specifies the community strings which allow access to the SNMP agent.
Page 343: Snmp Community Lookup
| SNMP Commands HAPTER EFAULT ETTING None XAMPLE SNMP/Community>lookup Idx Community Source IP Source Mask --- -------------------------------- --------------- --------------- public 0.0.0.0 0.0.0.0 private 0.0.0.0 0.0.0.0 r&d 192.168.2.19 255.255.255.0 192.168.2.18 255.255.255.0 Number of entries: 4 SNMP/Community>delete 4 SNMP/Community> This command displays SNMPv3 community entries. snmp community lookup YNTAX...
Page 344: Snmp User Delete
| SNMP Commands HAPTER used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host. SNMP passwords are localized using the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent.
Page 345: Snmp User Changekey
| SNMP Commands HAPTER XAMPLE SNMP/User>lookup Idx Engine ID User Name Level Auth Priv --- --------- -------------------------------- -------------- ---- ---- Remote william Auth, Priv Remote steve Auth, Priv Number of entries: 2 SNMP/User>delete 2 SNMP/User> This command changes an SNMPv3 user password. snmp user changekey YNTAX...
Page 346: Snmp Group Add
| SNMP Commands HAPTER XAMPLE SNMP/User>lookup Idx Engine ID User Name Level Auth Priv --- --------- -------------------------------- -------------- ---- ---- Remote william Auth, Priv Number of entries: 1 SNMP/User> This command adds an SNMPv3 group entry. snmp group add YNTAX snmp group add security-model security-name group-name security-model - The user security model.
Page 347: Snmp Group Delete
| SNMP Commands HAPTER This command deletes an SNMPv3 group entry. snmp group delete YNTAX snmp group delete index index - Index to SNMPv3 group table. (Range: 1-64) EFAULT ETTING None XAMPLE SNMP/Group>lookup Idx Model Security Name Group Name --- ----- -------------------------------- ------------------------------- public default_ro_group private...
Page 348: Snmp View Add
| SNMP Commands HAPTER This command adds or modifies an SNMPv3 view entry. snmp view add YNTAX snmp view add view-name [included | excluded] oid-subtree view-name - The name of the SNMP view. (Range: 1-32 characters, ASCII characters 33-126 only) included | excluded - Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view.
Page 349: Snmp View Lookup
| SNMP Commands HAPTER SNMP/View>delete 2 SNMP/View> This command displays SNMPv3 view entries. snmp view lookup YNTAX snmp view lookup [index] index - Index to SNMPv3 view table. (Range: 1-64) EFAULT ETTING Displays all entries. XAMPLE SNMP/View>lookup Idx View Name View Type OID Subtree --- -------------------------------- --------- --------------------------- default_view...
Page 350: Snmp Access Delete
| SNMP Commands HAPTER EFAULT ETTING Security model: any Security level: noAuthNoPriv OMMAND SAGE Use this command to assign portions of the MIB tree to which each SNMPv3 group is granted access. You can assign more than one view to a group to specify access to different portions of the MIB tree.
Page 351: Snmp Commands
| SNMP Commands HAPTER XAMPLE SNMP/Access>lookup Idx Group Name Model Level --- -------------------------------- ----- -------------- default_ro_group NoAuth, NoPriv default_rw_group NoAuth, NoPriv r&d Auth, Priv Number of entries: 3 SNMP/Access> – 351 –...
Page 352 | SNMP Commands HAPTER – 352 –...
Page 353: Https Commands
HTTPS C OMMANDS This section describes commands used to enables or disable HTTPS, or automatically redirect management access from HTTP connections to HTTPS. Table 41: HTTPS Commands Command Function https configuration Displays HTTPS configuration settings https mode Displays or sets HTTPS operational mode https redirect Displays or sets HTTPS redirect mode from HTTP connections This command displays HTTPS configuration settings.
Page 354: Https Redirect
| HTTPS Commands HAPTER If you enable HTTPS, you must indicate this in the URL that you specify ◆ in your browser: https://device[:port-number] When you start HTTPS, the connection is established in this way: ◆ The client authenticates the server using the server's digital ■...
Page 355 | HTTPS Commands HAPTER XAMPLE HTTPS>redirect enable HTTPS> – 355 –...
Page 356 | HTTPS Commands HAPTER – 356 –...
Page 357: Ssh Commands
SSH C OMMANDS This section describes commands used to enable or disable management access via secure shell (SSH). Table 43: SSH Commands Command Function ssh configuration Displays SSH configuration settings ssh mode Displays or sets SSH operational mode This command displays SSH configuration settings. ssh configuration YNTAX ssh configuration...
Page 358 | SSH Commands HAPTER You need to install an SSH client on the management station to access ◆ the switch for management via the SSH protocol. The switch supports both SSH Version 1.5 and 2.0 clients. SSH service on this switch only supports password authentication. The ◆...
Page 359: Up N P Commands
OMMANDS This section describes commands used to configure Universal Plug and Play (UPnP) protocol settings. Table 44: UPnP Commands Command Function upnp configuration Displays UPnP configuration settings upnp mode Displays or sets UPnP operational mode upnp ttl Displays or sets the TTL value for UPnP messages upnp advertising duration Displays or sets the advertising duration of UPnP messages This command displays UPnP configuration settings.
Page 360: Upnp Ttl
| UPnP Commands HAPTER is added to the network, the UPnP discovery protocol allows that control point to search for UPnP enabled devices on the network. Once a control point has discovered a device its next step is to learn more about the device and its capabilities by retrieving the device's description from the URL provided by the device in the discovery message.
Page 361: Upnp Advertising Duration
| UPnP Commands HAPTER This command displays or sets the advertising duration of UPnP messages. upnp advertising duration YNTAX upnp advertising duration [duration] duration - The duration, carried in Simple Service Discover Protocol (SSDP) packets, which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch.
Page 362 | UPnP Commands HAPTER – 362 –...
Page 363: Dhcp Commands
DHCP C OMMANDS This section describes commands used to configure DHCP Relay and Option 82 Information. Table 45: DHCP Commands Command Function dhcp relay configuration Displays DHCP relay configuration settings dhcp relay mode Displays or sets DHCP relay operational mode dhcp relay server Displays or sets the IP address of the DHCP relay server dhcp relay information...
Page 364: Dhcp Relay Server
| DHCP Commands HAPTER OMMAND SAGE The switch supports DHCP relay service for attached host devices. If a ◆ subnet does not include a DHCP server, you can relay DHCP client requests to a DHCP server on another subnet. When DHCP relay is enabled and the switch sees a DHCP request ◆...
Page 365: Dhcp Relay Information Policy
| DHCP Commands HAPTER EFAULT ETTING Disabled OMMAND SAGE DHCP also provides a mechanism for sending information about the ◆ switch and its DHCP clients to the DHCP server. Known as DHCP Option 82, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients.
Page 366 | DHCP Commands HAPTER EFAULT ETTING Displays DHCP statistics OMMAND SAGE For a description of the information displayed by this command, see "Displaying DHCP Relay Statistics" on page 177. XAMPLE DHCP/Relay>statistics Server Statistics: ------------------ Transmit to Server Transmit Error Receive from Server Receive Missing Agent Option : Receive Missing Circuit ID : Receive Missing Remote ID...
Page 367: Firmware Commands
You can upgrade the switch’s system firmware by specifying a file ◆ provided by SMC. You can download firmware files for your switch from the Support section of the SMC web site at www.smc.com. After the software image is uploaded, a message announces that the ◆...
Page 368: Firmware Ipv6 Load
| Firmware Commands HAPTER Master initiated software updating starting Waiting for firmware update to complete Transferred image to switch 1 All switches confirmed reception, programming Starting flash update - do not power off device! Erasing image... Programming image..Erase from 0x807e0000-0x807effff: ..
Page 369 | Firmware Commands HAPTER XAMPLE Firmware>ipv6 load 2001:DB8:2222:7272::72 SMC8028L2-0_7_smbstax_estax_34.dat Downloaded "SMC8028L2-0_7_smbstax_estax_34.dat", 1812567 bytes RedBoot> go Username: – 369 –...
Page 370 | Firmware Commands HAPTER – 370 –...
Page 371: Ection
ECTION PPENDICES This section provides additional information and includes these items: "Software Specifications" on page 373 ◆ "Troubleshooting" on page 377 ◆ – 371 –...
Page 372 | Appendices ECTION – 372 –...
Page 373: Specifications
OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, TACACS+, Port (802.1X), AAA, HTTPS, SSH, Port Security, UTHENTICATION IP Filter, DHCP Snooping 128 rules per system CCESS ONTROL ISTS 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex ONFIGURATION 100BASE-BX - 100 Mbps at full duplex (SFP) 1000BASE-BX/SX/LX/LH - 1000 Mbps at full duplex (SFP) Full Duplex: IEEE 802.3-2005 ONTROL...
Page 374: Management Features
| Software Specifications PPENDIX Management Features Supports four levels of priority LASS OF ERVICE Strict or Weighted Round Robin queueing Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS bit, VLAN tag priority, or port Layer 3/4 priority mapping: IP DSCP remarking DiffServ supports DSCP remarking, ingress traffic policing, and egress UALITY OF...
Page 375: Standards
| Software Specifications PPENDIX Standards TANDARDS IEEE 802.1AB Link Layer Discovery Protocol IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1X Port Authentication IEEE 802.3-2005 Ethernet, Fast Ethernet, Gigabit Ethernet Link Aggregation Control Protocol (LACP) IEEE 802.3ac VLAN tagging...
Page 376 | Software Specifications PPENDIX Management Information Bases IP Multicasting related MIBs IPV6-MIB (RFC 2065) IPV6-ICMP-MIB (RFC 2066) IPV6-TCP-MIB (RFC 2052) IPV6-UDP-MIB (RFC2054) MAU MIB (RFC 3636) MIB II (RFC 1213) Port Access Entity MIB (IEEE 802.1X) Port Access Entity Equipment MIB Private MIB Quality of Service MIB RADIUS Accounting Server MIB (RFC 2621)
Page 377: Problems Accessing The Management Interface
ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 47: Troubleshooting Chart Symptom Action Cannot connect using ◆ Be sure the switch is powered up. Telnet, web browser, or ◆ Check network cabling between the management station and SNMP software the switch. ◆...
Page 378: B Troubleshooting
| Troubleshooting PPENDIX Using System Logs SING YSTEM If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 379: Glossary
LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol. BOOTP i used to provide bootup information for network BOOTP devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 380 LOSSARY Differentiated Services Code Point Service. DSCP uses a six-bit tag to DSCP provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.
Page 381 LOSSARY VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. IEEE 802.1Q It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. An IEEE standard for providing quality of service (QoS) in Ethernet IEEE 802.1 networks.
Page 382 LOSSARY A process whereby this switch can pass multicast traffic along to IP M ULTICAST ILTERING participating hosts. The Type of Service (ToS) octet in the IPv4 header includes three IP P RECEDENCE precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Page 383 LOSSARY Network Time Protocol provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master- slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. Management of the network from a station not attached to the network.
Page 384 LOSSARY Simple Mail Transfer Protocol is a standard host-to-host mail transport SMTP protocol that operates over TCP, port 25. Simple Network Management Protocol. The application protocol in the SNMP Internet suite of protocols which offers network management services. allows a device to set its internal clock based on SNTP Simple Network Time Protocol periodic updates from a Network Time Protocol (NTP) server.
Page 385 LOSSARY Universal Time Coordinate. UTC is a time scale that couples Greenwich Mean Time (based solely on the Earth’s rotation rate) with highly accurate atomic time. The UTC does not have daylight saving time. Virtual LAN. A Virtual LAN is a collection of network nodes that share the VLAN same collision domain regardless of their physical location or connection point in the network.
Page 386 LOSSARY – 386 –...
Page 387: Index
NDEX downloading software UMERICS using HTTP 802.1X, port authentication using TFTP downoading software dynamic addresses, displaying acceptable frame type Access Control List See ACL edge port, STA binding to a port event logging address table aging time firmware displaying version BPDU upgrading selecting protocol based on message format...
Page 388 NDEX IPv4 address mirror port DHCP configuring dynamic configuration multicast filtering manual configuration multicast groups setting displaying IPv6 address multicast services dynamic configuration (global unicast) displaying leave proxy dynamic configuration (link-local) multicast storm, threshold EUI format multicast, filtering EUI-64 setting multicast, static router port global unicast multicast, throttling...
Page 389 NDEX system clock setting the time zone RADIUS setting with SNTP logon authentication system information settings configuring rate limits, setting displaying restarting the system system logs RSTP displaying global settings, displaying system software – interface settings downloading interface settings, displaying downloading from server settings, configuring TACACS+...
Page 390 NDEX web interface access requirements configuration buttons home page menu list panel display – 390 –...
Page 391 NDEX – 391 –...
Page 392 SMC8028L2 149100000079A R01...

This manual is also suitable for:

Tigerswitch smc8028l2

SMC Networks 8028L2 - annexe 1 Management Manual

Warranty and Product Registration

About this Guide

Contents

Figures

Tables

Sectioni

Getting Started

1 Introduction

2 Initial Switch Configuration

Ection

Web Configuration

3 Using the Web Interface

4 Configuring the Switch

5 Monitoring the Switch

6 Performing Basic Diagnostics

7 Performing System Maintenance

Using the Command Line Interface

8 Using Thecommandlineinterface

9 System Commands

10 Ip Commands

11 Authentication Commands

12 Port Commands

13 Link Aggregation Commands

Quick Links

MANAGEMENT GUIDE

Troubleshooting

Related Manuals for SMC Networks 8028L2 - annexe 1

Summary of Contents for SMC Networks 8028L2 - annexe 1